Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Wireless Networking Hardware

Safe and Insecure? 508

JoeCotellese writes "Can making your network insecure actually improve your security? That's the question asked in this story running in Salon. The author makes the case that by 'making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.'"
This discussion has been archived. No new comments can be posted.

Safe and Insecure?

Comments Filter:
  • by k4_pacific ( 736911 ) <k4_pacific@yahoo . c om> on Tuesday May 18, 2004 @04:54PM (#9189534) Homepage Journal
    Bacon grease cures heart disease!

    • by Total_Wimp ( 564548 ) on Tuesday May 18, 2004 @05:11PM (#9189775)
      Nope, this is the genuine artical. This guy is so dead on it's not even funny. How do you think Comcast avoides being put out of business if someone should use their connection to download illegal materials? Answer: "your honor, we're just the pipe. We let others actualy use it. We have no idea what goes on in that pipe that we rent out."

      This guy is behaving just like Comcast. He's the pipe and he doesn't know what goes on in that pipe. Unless the Judge were to determine that the pipe owner is responsible (and Comcast will certainly help him fight _that_ kind of fight) then he's ok.

      BTW, he also said he turned off logging. In many, many cases, there is no law that says you have to log, but there is a law that says you can't destroy evidence you alread poses. If you don't have a log in the first place, you have nothing to turn over to the feds and you have no evidence to destroy. I think that's a big step closer to true freedom.

      TW
      • by Archfeld ( 6757 ) * <treboreel@live.com> on Tuesday May 18, 2004 @05:29PM (#9189968) Journal
        BUMP...the above about logging is SO TRUE...

        First note to anyone setting up commercial installations is ONLY KEEP WHAT YOU ABSOLUTELY NEED, actively /dev/null everything else. Records have a way of getting outed in court, refer to Netscape/M$/MCI cases.

        I helped set up local public library systems and we ensured that no personal information was kept regarding book history, or check out history beyond the confirmation of return. We do track how many times and for what duration a book is out, but not who had it beyond the most current user, assuming the book is in fact out, if it is checked-in there is no user associated data kept. If the FBI under the guise of keeping us free from terrorism wants to know, we can tell them that the anarchist's cookbook gets LOTS of out time, and who currently has it but not what that person had prior or any sort of user history for a particiular subject, just the bare data that is required to maintain a good inventory of books and cut loose the dead weight that doesn't get used...
        • by ManxStef ( 469602 ) on Tuesday May 18, 2004 @08:06PM (#9191471) Homepage

          Both parent posts are pretty much right, but you should *definitely check that you're complying with the law* regarding what you must keep.

          I'd recommend reading this paper over at SecurityFocus as it covers a pretty similar remit: Destructive Influence [securityfocus.com] By Scott Granneman

          Basically what he says is that if you have a thoroughly designed and well implemented data destruction policy (that complies with local laws) it can be somewhat favorable should something bad, like a lawsuit, come your way.

      • by ericspinder ( 146776 ) on Tuesday May 18, 2004 @05:29PM (#9189971) Journal
        I think that we just found our second winner for (sure lets call it) the Spinder Award [slashdot.org] ("a person who makes a good effort at removing themselves from the Internet). I am sure that some Comcast tech is trying to track him down as I type. Can you say Terms Of Service, (I knew you could).
        • by cybermancer ( 99420 ) on Tuesday May 18, 2004 @06:39PM (#9190757) Homepage
          Long ago I ran a BBS (a bulletin board system is a computer with an open modem where people could dial in an send e-mail, exchange files, play games, chat, etc. This is what geeks did before the Internet was available.) In running my BBS I did some research into the common carrier law. This is the law that protects the phone company (at the time) and ISP's today from the actions of their subscribers. In essence, if you don't monitor the activity on your system / network (e.g. Don't listen in on calls), then you are not liable for the actions of those on the network.

          If you are providing wireless network access for your neighborhood, houseguests, or even patrons in your restaurant, then you are a carrier and protected. Just in case you were not sure, IANAL.

          So the question really is if you are in violation of your Terms of Service or not. My experience has been that most cable Internet providers restrict your usage to you and your household - no operating servers (e-mail, web, etc.) This is because of the shared bandwidth nature (bus topology) of the connection. If you are consuming mass quantities, then your neighbor's connection slows down. Same is true of most satellite systems. I am sure there are some satellite and cable ISP's that offer guaranteed bandwidth, so obviously they are the exception to my comments.

          xDSL on the other hand is guaranteed bandwidth (star topology). In essence you have a dedicated pipe between you and the central office. Granted if you could consume all the bandwidth at the CO then you would slow everyone else down, which is why they throttle you and have a really fat pipe there. Now xDSL typically allows servers and other activities that could result in greater bandwidth consumption because you cannot degrade the performance of your neighbors connection.

          So to sum up, it would seem that this strategy would work to defray suits from MPAA, RIAA, etc., and if you were running xDSL it may even be allowed under your TOS. But, your TOS probably says you are responsible for anything that goes over your pipe. This means you are responsible to your ISP, not to anyone else. So if your ISP says "Hey, you can't do that!" then they might pull your plug. It would seem to me that loosing your ISP and having to switch to one of the competitors would be much less of a inconvenience then being sued by RIAA, MPAA, SCO, etc.

          Bottom line, if you think there is a chance that incriminating traffic might take place on your connection (by you or someone else) then you may improve your odds of claiming it wasn't you by adopting this strategy. But when you are trying to download game patches or some other large download, and it is taking a lot longer then you expected, remember that is the price you pay for freedom in this country.

          What you need is a router that provides bandwidth priority to some connections and not others (I forget the term), and also that partitions the public portion of your personal network off from the private portion. And instead of claiming ignorance, claim you are a nice guy who just wants to help out your neighbors, houseguests or restaurant patrons.

          This is in no way an endorsment or advocation for any of the actions outlined in this comment, the comments of others, or the original news post. It is just an observation.

          • What you need is a router that provides bandwidth priority to some connections and not others

            You mean QOS? about qos [dslreports.com]
          • Your Use of Bus and Star Topologies is misleading on how newer broadband connections work.. xDSL is not dedicated to the CO.. Its only dedicated to the nearest concentrator which may or may not be over capasity.. by the time it hits the CO your looking at atleast a 1000-10000+% under supply of upstream bandwidth reguardless of your broadband medium... any salesperson mentioning the word dedicated when he is talking about broadband should be shot... Its the internet and by its nature is a shared medium. its
      • by Cramer ( 69040 ) on Tuesday May 18, 2004 @05:30PM (#9189979) Homepage
        Comcast is protected by "Common Carrier" provisions -- "the law". You and I are not. As you would be acting with wreckless disreguard, the courts could very well hold you legally responsible for what goes on by way of your intentionally unsecured wireless network. And Comcast and all the others under the common carrier umbrella won't give a single damn. (In fact, most would simply terminate your account for various TOS violations.)

        In a civilized society, you are responsible for your actions.
        • by leerpm ( 570963 )
          As you would be acting with wreckless disreguard, the courts could very well hold you legally responsible for what goes on by way of your intentionally unsecured wireless network.

          Do you have any case law references to backup this statement?
          • by TwP ( 149780 ) on Tuesday May 18, 2004 @05:37PM (#9190053) Homepage
            Do you have any case law references to backup this statement?

            You're new here . . .
          • by interiot ( 50685 )
            Yeah, see "contributory negligence [acm.org]".
          • by computersareevil ( 244846 ) on Tuesday May 18, 2004 @06:15PM (#9190487)
            I think you're wrong. This is no different than leaving your front door unlocked. If someone enters you house without your permission and shoots somebody from inside it, you can not be held liable for "wreckless disregard".

            In the USA you should be free to assume that somebody will not break the law. Assuming people will break the law is very, very dangerous, and has cost us many of our freedoms through "preemptive legislation" like license plates, inummerable searches without probable cause (travel lately?), and handgun registration.

        • OK, but what about somebody who was genuinely ignorant of encryption? Some Joe Schmoe who just went to Best Buy, bought a wireless router, subscribed to some broadband service, turned it on and never thought about it again? How can you tell the difference between intentionally and unintentionally unsecured networks?
          • How can you tell the difference between intentionally and unintentionally unsecured networks?

            Well the fact that he wrote this article might be a clue...
        • by Jim McCoy ( 3961 ) on Tuesday May 18, 2004 @10:27PM (#9192344) Homepage
          It is not acting in reckless disregard, the legal term you are looking for is "attractive nuisance."

          For an example, lets say you have a swimming pool. You put up a fence keep the gate locked. You post signs saying "danger, no lifeguard." You chase away all the neighbor hood kids when they come around, but one climbs in late at night and drowns. You are at fault.

          The author of this article has shown himself to be a sophisticated technical consumer. Someone who knows what they are doing. By choosing _not_ to protect access to his line he is acting in a negligent manner and his open AP could be considered an attractive nuisance.
      • by techno-vampire ( 666512 ) on Tuesday May 18, 2004 @05:35PM (#9190025) Homepage
        This guy is behaving just like Comcast. He's the pipe and he doesn't know what goes on in that pipe. Unless the Judge were to determine that the pipe owner is responsible (and Comcast will certainly help him fight _that_ kind of fight) then he's ok.

        Wrong. Comcast is a business, and their business is transmitting information. That makes them a common carrier. The twitiot who wrote the article isn't in that business, and his TOS says that he can't use it that way. That means that he isn't a common carrier, can't use their protections and that if it gets to court, Comcast will not only not help him, they'll be doing everything they can to help the other side.

        • What does it take to get common carrier status? I sure ain't no lawyer (ISANL) but I'd have a hard time believing that the size of your "customer" base makes a difference.

          If he's responsible for the conduct of the people using his traffic then every free community wireless access service should be very afraid. Yet they appear to be thriving.

          TW
          • Assuming you were in the United States, you would go to your state public utilities commission, or equivalant, and file for a Certificate of Public Information, Convenience or Necessity

            There are specific requirements that vary from state to state

      • If you don't have a log in the first place, you have nothing to turn over to the feds

        Well, not necessarily. If there were some kind of lawsuit, and the Feds (or RIAA, or whoever) made a demand along these lines in discovery, I doubt you could get rid of them simply by saying, "Nope, I don't keep logs. Take my word for it." They'd probably petition the court to order you to turn your computer over to them so that they can check for themselves (as if you couldn't destroy such logs). The side with the mo
      • by TRACK-YOUR-POSITION ( 553878 ) on Tuesday May 18, 2004 @07:32PM (#9191227)
        I'm surprised I haven't seen anyone here make the explicit connection to Freenet--which an unsecured wireless connection is just a poorman's version of. Both work on plausible deniability--I had no idea was stealing this mp3--or sending your freenet client encrypted child porn.

        Many of the arguments people are applying to this guy could also apply to freenet--that running an unsecured wireless point or a freenet node could both be construed as facilitating a crime. In both cases, it's letting someone else use your bandwidth resources.

  • by danielrm26 ( 567852 ) * on Tuesday May 18, 2004 @04:54PM (#9189535) Homepage
    "Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear. Now, anyone with a wireless card and a sniffer who happens by can use my connection to access the Internet. And with DHCP logging turned off, there's really no way to know who's using it."

    I'd have read the whole thing, but I was morally repelled by the salon.com ad policy. Anyway, this concept seems to be some perverted cousin of "security by obscurity" -- only this has less to do with protecting your security and more to do with having a way out when someone comes knocking on your door.

    Unfortunately, I think this only applies when you *don't do it on purpose*. From my point of view, if you design a network solely for the purpose of relieving yourself of responsibility for what traverses your network, you are pretty much screwed once you get to court. This reeks of the "I accidentally did it on purpose" defense, and isn't likely to fly with any judge that has even a portion of a clue.
    • The parent is totally correct on this one, I'm afraid. Doing it deliberately in order to facilitate others to do illegal things is not going to save you in court. ISP's don't even get away with allowing this sort of stuff unwillingly (i.e. DMCA). Besides, you're ignoring the fact that they will terminate first and ask questions later, basically making you need to prove that it wasn't you who did it, instead of the other way around. Unless you pay them $1000 monthly, you are not worth it to them to figur
      • Doing it deliberately in order to facilitate others to do illegal things is not going to save you in court.

        He isn't doing it deliberately to facilitate illegal things. For that to be true, he would have to have some prior knowledge that illegal activities were to take place and have taken actions to facilitate them. Instead, he took actions such that if someone were to take illegal actions, he would have less responsibility. He is neither condoning nor encouraging illegal activities, not is he aware o
    • Just plain silly. (Score:5, Insightful)

      by turnstyle ( 588788 ) on Tuesday May 18, 2004 @05:00PM (#9189634) Homepage
      First, the premise that security is no more than avoiding lawsuits for copyright infringement.

      Second, forgetting that your name is still on the bill for that ISP, and that in all likely hood (see your ISP TOS) that makes you liable for what happens over your line.

    • by pbox ( 146337 ) on Tuesday May 18, 2004 @05:02PM (#9189662) Homepage Journal
      Disagreed.

      It is a fact after you do open your net up there is no way for them to proove that you commited the illegal acts. The fact that you did this opening up by stupidity or on purpose does not change that fact.

      They can maybe get you on intent, as it might be argued that you opened up so you can do illegal acts, but that is far fetched.

      • Yes it does change the fact, if you did it on purpose then you can be found to have been negligent and dealt with accordingly (in a court of law, discontinuation of services or whatever.)

        Doing something on purpose is worlds different to stupidity when it comes to recriminations. Look at murder vs manslaughter. Intent vs stupidity.
        • Negligent of what?

          Is it against the law for him to share his internet connection?

          Is he required to be "his brother's keeper" and monitor everyone that uses it?

          IMHO, the only issue is between him and his provider and the TOS... if it is OK with the provider, that is all that matters.

          You are not required to keep your neighbor from breaking the law.

          Now... if this keeps some "big brother" from being able to accurately determine who is doing what... well... I say bravo. Added benefit.
      • by bladernr ( 683269 ) on Tuesday May 18, 2004 @05:14PM (#9189818)
        It is a fact after you do open your net up there is no way for them to proove that you commited the illegal acts.

        You may be forgetting all the civil and criminal facilitation laws. The article describes a deliberate attempt to allow unlawful activity and to obscure its source (disabling of all filtering). You may not be able to prove you did the activity, but proving who facilitated it is a snap.

        Consider night clubs that "look the other way" on illegal drugs. They get slapped with a criminal facilitation charge.

        Up to the point of turning off the logging, you could argue ignorance (by default, most wireless routers ARE wide open, except they log things). As soon as you intentionally create a launch-pad for illegal activities, you are hardpressed in court to prove to a reasonable jury a legitamite purpose (notice I said reasonable, as in reasonable doubt, not "shadow of a doubt," the standard some believe you must achieve but, in fact, don't need to).

      • > It is a fact after you do open your net up there is no way for them to proove that you commited the illegal acts.

        Correct. If the illegal act is the downloading of MP3z through a P2P network, that's not so bad, because the DMCA practically requires that Comcast act as an intermediary between RIAA/MPAA and you. Furthermore, because the aggreived parties, namely RIAA/MPAA, are private organizations, they can't really make your life all that miserable.

        If, however, the illegal act involves the

    • I agree. It'd be like if a gun owner left his rifles sitting out on his front lawn, then claimed innocence when people were shot with them.
      • Wrong. It'd be like if a gun owner signed a contract with the gun company saying that anything that happened with said guns is their fault and then left them on the front lawn for all to enjoy.
    • by jmorris42 ( 1458 ) *
      > From my point of view, if you design a network solely for the purpose
      > of relieving yourself of responsibility for what traverses your network,
      > you are pretty much screwed once you get to court.

      I dunno about that part. Isn't exactly what the telcos do? They intentionally make zero effort to control the traffic passing across their network, lest they lose common carrier status and become legally liable for everything that happens inside their zone of control.

      The questionable part is turning o
      • by Have Blue ( 616 ) on Tuesday May 18, 2004 @05:23PM (#9189915) Homepage
        Being a telco means complying with various other regulations which you don't, among which is cooperating with law enforcement when legally requested. You can't deny responsibility for the content that passes through your network and deny law enforcement's right to pass through your network on the trail of criminals as well. There are also laws against obstructing investigations and harboring criminals (which is essentially what you are doing).
    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Tuesday May 18, 2004 @05:22PM (#9189892)
      Comment removed based on user account deletion
  • by jb523 ( 220004 ) <jd...junk1+slashdot@@@kurutta...net> on Tuesday May 18, 2004 @04:55PM (#9189536) Homepage
    That's not improving your security. That's improving your privacy (via anonymity) at the expense of your security.
    • by incast ( 121639 ) * on Tuesday May 18, 2004 @05:02PM (#9189655)
      the author acknowledges this (and even uses similar words: "I'm willing to trade a little security for privacy.") in the article. the poster made the bad implication, not the original author.

      good eye though!!
    • Not even your own privacy... you are offering to protect the privacy of strangers if you set up a default-settings no-encryption WiFi.

      You're still tracable... you're just not bothering to keep the identity of your guests. The investigation will just go cold at you... never a good place to be.
  • That is so retarded (Score:5, Informative)

    by Anonymous Coward on Tuesday May 18, 2004 @04:55PM (#9189541)
    Or am I the only one who has terms and conditions which say that I am responsible for everything that passes over my connection?

    Wishing something doesn't make it so.
    • by pla ( 258480 )
      Or am I the only one who has terms and conditions which say that I am responsible for everything that passes over my connection?

      No, most of us have similar terms with our ISP.

      However, so far in this discussion, people seem to have completely failed to realize that we deal with two distinct layers of accountability. The AUP only apply to the ISP's dealing with us, it doesn't extend beyond the continuation of them providing a service in exchange for us paying a set fee.

      So, at the ISP level, your AUP ap
  • by LostCluster ( 625375 ) * on Tuesday May 18, 2004 @04:55PM (#9189549)
    Somebody forgot to read the TOS of their ISP... because absolutely ever ISP out there has something to this effect in thier TOS: As the person who pays the bill, you're responsible for keeping the Internet connection you're buying to yourself and people who you trust with it. The reason why they're warning you to do that is because if you allow your connection to fall into "enemy hands", the usage that goes over your wire will be

    By choosing to run the "notoriously vulnerable technology", as the author admited in his confession letter, he admitted that he knowingly chose a piece of technology that could be exploited yielding his internet equipment making a request on behalf of somebody unknown. That's nice... you just gave that unknown person the gift of a liability shield at your expense.

    As I just posted last thread, [slashdot.org] annonymity these days is really achieved by somebody else who had the chance to know who you are intentionally failing notice or promising not to tell. The thing is, that other person is taking on the liablity for what you do.

    How nice of you to pay his MPAA/RIAA verdict bill for him, you'll be a hero to copyright pirates everwhere. I'm sure they'll be excited to learn there's still people dumb enough to fall for this trick still out there.
  • Are you kidding me? (Score:5, Interesting)

    by Sgs-Cruz ( 526085 ) on Tuesday May 18, 2004 @04:56PM (#9189557) Homepage Journal
    You also have no idea what kind of FTP server your computer has become, what kind of child porn people are downloading, how much spam you're forwarding. This doesn't seem like a very good idea to me.
  • by Anonymous Coward on Tuesday May 18, 2004 @04:57PM (#9189579)
    Sounds like a Zen master was smoking some weed and found a network administrator manual to read to pass the time while his friend ran down to the 7-11 for munchies.
  • Since it will only be a short time before everyone stops accepting email traffic from your server, you can be sure that no spammer or hacker will want to take control of it. Makes sense. Kind of like cutting off your hand to be sure nobody steals your rings.

  • by mungtor ( 306258 ) on Tuesday May 18, 2004 @04:57PM (#9189590)
    I never know who might get shot or when! And the police would never find out if it was me doing the shooting!!

    This is brilliant. I'm in total awe.
  • Doubtful (Score:5, Insightful)

    by linuxtelephony ( 141049 ) on Tuesday May 18, 2004 @04:58PM (#9189602) Homepage
    It is doubtful you could qualify as a type of common carrier. If anything, you may increase your odds of being liable because you may be held responsible for what others do on your connection.

    It would be interesting to see how this would play out. The closest analogy I can think of would be automobiles. If you allowed someone else to use your car, you may be held liable for damages they cause while they are driving it. As far a criminal activity, you may be targetted if your car is identified as taking part in a crime, though you have a pretty good chance of being found innocent if you can prove you weren't driving the car.

    Not perfect, but close. The idea sounds good though.
  • First: great link! I get to see some awesome 30 second PBS commercial.

    Second: stupid f'en idea
    In a word, privacy. By making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.

    But since you're liable for everything that goes through your connection, you're fucked if something really bad does happen from your IP. That whole article sounds like it was written by some 14 year old. God... the logic employed in that article is truly amazing!
  • I'm kind of wondering about the security through obscurity idea. Maybe run Redhat 5.2 or Open BSD 3.0, you know something that isn't being tracked on Bugtraq anymore.
  • The author makes the case that by 'making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.'

    Yeah, but the author does so fully aware of the potential consequences, thereby not really being an ignorant victim.

    Put another way: If you open your house to all who come, including fugitives, are you going to

  • A better way (Score:4, Insightful)

    by m0rph3us0 ( 549631 ) on Tuesday May 18, 2004 @04:59PM (#9189621)
    Is to run a public AP. /. does the same thing, they refuse to log so that the logs cannot be used to incriminate people. A public AP turns you into a transport provider instead of a liable agent. No one is going to go after the library for what offenses are caused there because they merely provide transit. Yeah your ISP will stil disconnect you but you will stay out of jail.
  • Open != Insecure (Score:3, Informative)

    by Raindance ( 680694 ) * <`johnsonmx' `at' `gmail.com'> on Tuesday May 18, 2004 @04:59PM (#9189623) Homepage Journal
    Salon is talking about networks open by design, not insecure networks.

    There's a huge difference in implimentation, and also when speaking of liability and your situation in the eyes of the law.

    I'm not a lawyer, so I'll hold off from saying more.

    RD
  • too bad (Score:4, Funny)

    by SQLz ( 564901 ) on Tuesday May 18, 2004 @04:59PM (#9189628) Homepage Journal
    Too bad that has nothing to do with security or insecurity...more like stupidity.
  • Get a life (Score:5, Interesting)

    by Richard_at_work ( 517087 ) * on Tuesday May 18, 2004 @05:00PM (#9189636)

    I'm not deliberately opening my network to hackers and miscreants bent on downloading copyrighted material. I'm simply choosing not to secure it. That's no different from the millions of people who haven't installed anti-virus software and the millions more who don't keep theirs up to date.

    But he IS deliberately opening his network to these people:

    Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear.

    If he didnt have them enabled in the first place, then I might have agreed with his statement, but this is nothing like the "millions of people who havent installed anti-virus software", or the "millions more who don't keep theirs up to date". Those people dont intentionally install said protection and then disable it.

    And more important, my ISP has no way to be certain if it's me.

    And how is this going to matter? The ISP is renting YOU the connection, so its arguably your own responsability for the traffic passing through it. Your landlord might have something to say if you left your front door open to all who might be passing, and drug dealers take up residence. Id love to see his line rentals terms and conditions, they will amost certainly forbid what this guy is doing (intentionally sharing his connection with third parties).

    If it ever comes down to a lawsuit, who can be certain that I was the offender? And can the victim of hacking be held responsible for the hacker's crimes?

    Theres no hacking (cracking) going on here, the networks wide open. And there are such laws as accessory to a crime, which if you are doing this wilfully, then Id almost certainly say you were.

    I hope this guy took legal advice about this, and about his stance regarding correspondance with Comcast in the future, because from where I can see, he may be on the shakiest legal ground. This article is pretty lame imho.

    • Re:Get a life (Score:5, Interesting)

      by bigHairyDog ( 686475 ) * on Tuesday May 18, 2004 @05:33PM (#9190009)

      The ISP is renting YOU the connection, so its arguably your own responsability for the traffic passing through it

      You're missing the point. We're geeks. We can see how its your responsibility, but the rest of the world doesn't see it like that, and the courts are part of the rest of the world fellow.

      In court, if the defendent said "I just bought this wireless thing from wallmart and now they're telling me that its my fault someone drove by my house and used it for bad things" then the judge/jury would go with them. If the prosecution then said "but purchasing that wireless router gave them a responsibility to learn how to generate and distribute WEP keys" they would be laughed off stage

      No, what really screws him is that he WENT AND TOLD THE WHOLE WORLD ABOUT IT! in a Salon article. There goes his alibi...

  • Even if this were somehow excusable, do you really want anyone and everyone running free on your network? The longer you leave your node sitting out there, the greater the chance someone else is going to use it for something illegal. If you got caught pirating movies, you would have to convince not only your own ISP, but also the MPAA, that you weren't at fault. Hope you have a good lawyer...
  • by Dolohov ( 114209 ) on Tuesday May 18, 2004 @05:01PM (#9189650)
    and people wander in and out. So, it's not my fault that there are 12-year olds drinking 40s on the front porch. No way is it my fault someone's selling crack in the living room, or that someone drowned in the pool.

    Ultimately, if you knowingly leave your computer open to mask your own poor behavior, you won't get off, you'll just get busted for all of it, and then get busted for knowingly providing a venue for this.
    • if you think computer users SHOULD be held accountable, then why arn't those grandma's and ma & pop computers running windows 98 that have been used as a inbetween for the launching of spam and viruses?

      Computer users can't be held responsible for the security and actions of their own computer... Esspecially if Microsoft has no responsibility for Windows' security.
    • by radish ( 98371 ) on Tuesday May 18, 2004 @05:16PM (#9189836) Homepage
      I leave my car unlocked. Someone steals it and runs down a child at 100mph in a 30 zone. Is it my fault? Sure I may (morally) share some degree of responsibility, but I don't think there's any legal issue. The person who should be punished is the person who committed the crimes (theft, speeding and dangerous driving) not the person who neglected to lock the door (not a crime).

      So, it's not my fault that there are 12-year olds drinking 40s on the front porch. No way is it my fault someone's selling crack in the living room, or that someone drowned in the pool.


      I'm sure it depends on the jurisdiction, but in the UK (whose legal system I am most familiar with), I don't have any responsibility for others' actions. Provided I didn't supply the alcohol, or encourage the drinking, I think I'd be OK on the first point. (The actual act of a 12 year old drinking isn't illegal in the UK, just supply).

      The crack dealer is more of a problem - as I have an obligation to report illegal activity to the police. However, there have been news reports recently of cases where dealers have broken in and taken over peoples' houses in rough areas of London, and started using them to deal from while the rightful owners are too scared to object. I don't think there was ever any risk of the victims (i.e. houseowners) being charged with anything. So provided I have an excuse for not reporting it (I was threatened, or more likely in the wireless network case, I didn't know it was happening) I think I'd have a defence.

      As for the dead person in the pool - it depends how they died. Sure I'd be investigated, but if no-one can prove I was directly responsible (i.e. I pushed them) or grossly negligent (i.e. had a very deep pool with high edges so no-one could climb out) I think I'd be fine. Look at the recent case of the TV guy who had a party after which someone was found dead in the pool. It was all very suspect (indications of violence and drugs being involved), but no-one could prove there was deliberate foul play so no charges. There's no crime of "owning a pool in which someone drowned".
  • Snow Shovelling (Score:4, Insightful)

    by nightsweat ( 604367 ) on Tuesday May 18, 2004 @05:02PM (#9189661)
    This might hold up if he were called on it. Where I live you're better off not shovelling your walk in winter rather than shovelling it imperfectly. If you let people trip and fall because you didn't shovel it's a natural condition and not on your property (the city ows the sidewalk). If you do shovel and an icy patch develops, you're liable because you created the dagerous conditions.

    I shovel and salt to try to make it safer and damn the liability.
  • by Anonymous Coward
    It work until a really malicious guy secure up your wireless access point, just before you get busted...

  • How cowardly! (Score:5, Interesting)

    by maximino ( 767005 ) on Tuesday May 18, 2004 @05:03PM (#9189679)
    Lord knows I hate the RIAA/MPAA as much as the next guy, but this is just stupid. Let's read between the lines here. The only reason that the author of this piece would be worrying about that letter from Comcast is if he's intending to download some copyrighted material himself, in which case he ought to be a man about it and fight The Man in court if it comes down to it and he believes it's within his rights to do. He's intending to lie, in other words.

    Not only does he not have the courage to stand up for himself, he's causing trouble for the rest of us. People can use his connection to send out those penis-enlarging e-mails to the rest of us. And as mentioned above, the FBI isn't likely to be amused by his defense if he becomes the hub for a child-porn ring.

    "Security through apathy". Yeah, right.

  • by LostCluster ( 625375 ) * on Tuesday May 18, 2004 @05:03PM (#9189683)
    The concept of "stealthing" network ports is due for a retirement party. It was great as a young kid, but it aged at Internet time speed. Now it's overdue for a retirement party.

    See, stealthing is the idea of simply not answering the door when somebody unwanted knocks on it, instead of answering "I'm here but I'm not letting you in." which is what happens when a port is "closed" instead.

    It was a great idea when port scanners didn't expect it. The idea being if the first request for a connect never gets a negative reply, the scanner will assume there's no computer at that IP and move onto the next possible victim. It worked against the port scanning threats of the time.

    However, today's worms aren't so nice. TCP, by its nature, attempts to retry when a connection request is ignored, figuring the packets got lost in the Internet cloud somewhere. However, if you send the "I don't accept that kind of traffic!" message, the attacking server hears that, and that sends the attacker on to its next potential victim with no further waste of your incoming bandwidth.

    "Stealth" is the new "Closed". Yeah, it's one of those fashion things where what's cool to do is just what everybody else isn't doing at the moment. So, keep watching, eventually it'll flip back.
  • by SuperBanana ( 662181 ) on Tuesday May 18, 2004 @05:04PM (#9189694)
    by 'making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me

    OK, now let's make a substitution:

    "by making my gun available to any and all who happen upon it, I have no way to be certain who will be shot by other people using my gun. And more important, the police have no way to be certain if it's me."

  • Yes indeedy (Score:3, Funny)

    by nizo ( 81281 ) on Tuesday May 18, 2004 @05:05PM (#9189701) Homepage Journal
    Can making your network insecure actually improve your security?

    Yes, in the same way that lighting yourself on fire will (eventually) make you impervious to flames! The fact that you will be a smoking pile of ashes would be a drawback however.

  • that's unaccountability. IMO, it's also irresponsibility.
  • It seems to be when I signed my contract for my internet, or by reading the TOS .. I'm seeing that *I am responsible for all that is done on my account*.. hrmm might want to turn WEP back on :)
  • Like WEP is secure? (Score:3, Interesting)

    by mikeophile ( 647318 ) on Tuesday May 18, 2004 @05:06PM (#9189716)
    And MAC addresses can be spoofed.

    Open or closed, your wireless access point has plausible deniability.

    Keeping the connection open just makes it much more convienent to access for the vast majority of people who are doing nothing illegal.

  • by h4x0r-3l337 ( 219532 ) on Tuesday May 18, 2004 @05:07PM (#9189726)
    The author seems confused:

    Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear

    and then a few paragraphs later:

    Don't get me wrong. I'm not deliberately opening my network to hackers and miscreants bent on downloading copyrighted material. I'm simply choosing not to secure it.

    Clearly, the author contradicts himself when he first describes exactly how he went about disabling all those security features, and then later stating that he is not deliberately opening his network.

  • Ah, Jon Katz, bathtub philosopher- we had almost forgotten about you.

  • A pyrrhic victory (Score:2, Insightful)

    by Graftweed ( 742763 )
    This has got to be the most screwed up article I've read in a long time... I mean, where to begin?

    Are people so desperate when it comes to computer security these days they're willing to commit suicide like this? His problem in the first place was with his ISP, so why not switch to a different one instead of applying his brand of twisted logic?

    Seems like a pyrrhic victory if you ask me. He may be safe from lawsuits from his ISP, which he should have stopped using in the first place, but all the while his
  • by agentZ ( 210674 ) on Tuesday May 18, 2004 @05:10PM (#9189758)
    This is a problem for Comcast, not us.

    $ wget -O - http://www.salon.com/tech/feature/2004/05/18/safe_ and_insecure/index.html | sendmail abuse@comcast.net
  • Just that the RIAA doesn't have the rite to issue a search warrent for your computer, only police/FBI, and in this case, it would probably be the FBI, but they are so overworked as it is with terrorism, etc., they do not have the manpower/time needed to execute search warrents on EVERYONE that the RIAA wants to sue (which appears to be anyone who is on any P2P network, weather they are using it legally or not).

    Now I won't hold my breath that search warrents will never be issued, but in the normal civil ca

  • by e.m.rainey ( 91553 ) <erik AT rainey DOT name> on Tuesday May 18, 2004 @05:22PM (#9189900) Homepage
    "...my ISP has no way to be certain if it's me.'"

    But they will have no problem holding you accountable by the terms of usage agreement.
    End of discussion.
  • by Animats ( 122034 ) on Tuesday May 18, 2004 @05:23PM (#9189903) Homepage
    Long, long ago, anyone could log into Stallman's account at MIT via the Internet. He didn't have a password. That was intentional. Anyone on the net could look at and copy his files. Even make changes, although you didn't do that without a really good reason. That was how free software worked in 1981.

    So that's where this all came from.

  • That is not Security (Score:3, Interesting)

    by Nom du Keyboard ( 633989 ) on Tuesday May 18, 2004 @05:28PM (#9189963)
    by 'making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded

    That has nothing to do with security, and may remove some protections you otherwise might have to keep people from breaking into your own computers.

    You are looking for lawsuit immunity, which is very different than security. How well that might work is going to depend on when somebody is actually willing to go toe-to-toe against the **AA in court. So far it hasn't happened. They blackmail -- you pay. I don't expect if you just say, "Hey, I had an open Internet connection. Could have been anybody," is going to have them reply, "Oh, sorry, we're dropping our suit immediately." Their case might be weak in court since it would be very hard for them to prove it was actually you unless they served a search warrent against you, siezed your computers, and did forensic analysis on your hard drives and any CD/DVD - R/RW's they got along the way, but that's only after you get to court against their deep-pockets.

    Besides, if you do open your connection intentionally, you are probably in violation of the terms of your ISP.

    Your argument is essentially the same as any Freenet user has -- and that has yet to be tested as well.

  • Moron (Score:3, Informative)

    by jeremyp ( 130771 ) on Tuesday May 18, 2004 @05:52PM (#9190235) Homepage Journal
    I put up with the advert - actually I made some coffee while it was on.

    The guy says that he's done this so that if his ISP ever accuses him of downloading illegal stuff, he can say "my connection was not secure; it could have been anybody". The fact is, he's posted an article on a publicly available site which tells everybody that he is doing this deliberately. "Well", says the ISP, "you are too stupid to have an internet connection". Snip go the scissors on his line. If this is not in their terms of service, I'm sure they can withdraw it with just a little financial compensation e.g. refund a couple of months of fees. But basically, they will not want anybody who exhibits such deliberate antisocial behaviour as a customer. (Antisocial because, for instance, a spammer could use his connection to send spam).

    He's doing this so he can tell the ISP that it's not his fault if they detect somebody from his IP downloading illegal stuff. He has neglected the fact that if his connection was secure, nobody would be able to download illegal stuff from his IP... ... except him.

    hmmmmmmm.....

  • by Kjella ( 173770 ) on Tuesday May 18, 2004 @06:14PM (#9190481) Homepage
    ...contract (civil) law and criminal law? Your ISP will cut you off in about .02 secs flat if you violate your ToS, and if someone else has had access to it, you have. No and, ifs or buts. Unless your ISP would like to argue that you deliberately or grossly negligently (people are so computer illiterate, it doesn't even exit) broke the terms, they have no case.

    You rented a car, the car got stolen? You don't get sued for violating the contract saying you couldn't turn it over to anyone else (you might have to pay for the car/insurance, but that's in their contract, not a violation of it).

    Criminal law is a different matter. You either have to commit, be an accessory to or facilitator of the crime. Normally you could have trouble by being grossly neglient, like having an unsecured well, but again: People are so computer illiterate it won't fly.

    To qualify as an accessory or facilitator of, you'd have to either actively contribute or actively avoid knowing about it. Here's the clue-by-four: Electronic communication is invisible. People have tons of spyware, viruses, open relays and so on. Open wireless is just one more type.

    The ignorance defence works. Where I think it'll fall down is if you try to use it as a cover for committing crimes yourself. For anyone to care about your claim that wardrivers/aliens/gremlins did it, they'd have to actually look at your setup.

    And if they got to that point, they'd probably recover more than enough information from your hard drive to take you down hook, line and sinker. Unless you do religious encryption, wiping and so on, in which case they'll slam your ass for details because "he probably deserves a lot more".

    So if they're going after you based on IP address alone and you want to bluff (note: Falsifying evidence, perjury are serious crimes), install an open wireless afterwards. If you're doing something bad enough the FBI raids your ass and examines your computer, it won't do you any good anyway.

    What have you gained by opening it up now? As far as I can tell, nothing more than the good chance your ISP will cut you off, or the FBI raid your ass based on what someone else has been doing. I'd rather take my chances as a casual pirate than a casual pirate whose wireless network was used to release kiddie porn or the latest windows worm, all things considered...

    Kjella
  • by N3wsByt3 ( 758224 ) on Wednesday May 19, 2004 @03:56AM (#9193517) Journal
    Actually, the defence brought by the author is exactly the same as is done with Freenet (see a recent /. article about Freenet&paypal). Only, Freenet does it much, much safer.

    Strange, I don't see many replies here crying faul and shouting that it is 'supporting childporn'. What? Keeping no log will provide a safehaven for all those myriads of baby-rapists out there, no?

    Ah well...maybe one should forbid that too, then. And wile we're at it, all 'hot spots' should be forbidden too.

    Shows how absurd those arguments were.

    And furthermore, those people that claim that ISPs, as a carrier, have protections while we have not, don't know what they are talking about. If you use your puter/server as a carrier, then, by definition, you fall under the same protections (at least where I live). There is nothing in the law that says end-users can't have carrier-protection when they act as a carrier, but companies can.

    You could still be violating your TOS, however, that is true. Though, it should be noted that some ISPs allow it, and in any case, a TOS-violation isn't that big a deal within a free market-economy where ISPs battle for marketshare.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...