December 26, 2024

Archives for 2002

Wireless LANs, Security, and Intrusions

News.com has an article about drive-by spam. The idea is that a spammer will find a building with a wireless LAN. The spammer will then connect to that LAN, without permission, from outside the building, and use the building’s email server to send a big load of spam email.

This is abusive behavior. The spammer is exploiting the wireless network owner, who ends up paying for the email, and who might get blamed for spamming. (The network owner can prevent this by tightening up the security of their email system, but this is not cost-free, and it doesn’t excuse the drive-by spammer’s actions.)

The problem here is that wireless nets do not respect property lines, walls, or other physical boundaries. If you’re running a wireless network, it is almost certainly open to people outside your site. This is a security risk for you – drive-by spamming is only one of the ways an outsider could exploit the availability of your network. (And even if you turn on the “secure mode” of your wireless network, you’re probably not safe against a sophisitcated adversary.)

It seems reasonable to adopt the ethical principle that you should not use somebody else’s wireless net without permission. (And if you do use it, you should use it only to access the greater Internet, and not to use their internal servers.)

Now suppose you’re in a public place. You pop your wireless card into your laptop, and it finds a connection. What should you do? How do you know whether you have permission?

The answer is that you don’t know. Maybe the wireless net is open because of an oversight, or because its owner wasn’t able to close it. But maybe it’s open on purpose. Some sites use their wireless nets to provide complimentary service to their customers or to the public. Sharing your network feed is a neighborly thing to do, so an open wireless net might be an invitation rather than a mistake.

How can you tell the difference? Unfortunately, the technology doesn’t help. You just shove your network card into your laptop, and it either does or doesn’t find a connection. There’s nothing in the technology that helps you figure out whether the network’s owner objects to your using it. There might not even be an easy way to find out who the network owner is.

What we need is some kind of social norm to help us out. If “everybody knows” that a network configured one way is meant to be open to the public, and one configured otherwise is not, then the boundaries will be clear. Until then, we’ll just have to do our best to behave reasonably and treat others’ wireless nets with the same respect we should normally afford to others’ property.

Situations like this often invite legislation and legal line-drawing. That seems like a mistake here, as any new law would likely be farther from the “right” answer than the eventual social norm will be. So far I haven’t seen any proposed legislation regulating use of others’ wireless nets, but I wouldn’t be surprised to see some.

China Blocks Altavista

The Great Firewall of China is now blocking Altavista too.

Dornseif: Technological Definitions in the Law

Maximillian Dornseif offers some comments following up on my previous posts about Source vs. Object Code, and definitions in the Berman-Coble bill. A brief excerpt:

The court system and legal doctrine is built all arround definitions. While defining things like cruelty, carelessness and such stuff is a well understood problem for lawmakers and courts, technical circumstances seem to be a major problem.

By way of example he quotes a 124-word definition of “railway” from a German law.

He considers several explanations for this phenomenon (lawyers’ technophobia, techies’ lawphobia, technological change outracing the legal process, etc.) and finds them all valid, but not sufficient to explain the size and scope of the problem.

The Other Digital Divide

Long and well-written articleby Drew Clark and Bara Vaida in the National Journal’s Tech Daily, about the history of the current Hollywood vs. Silicon Valley battle over copy protection. If you’re still coming up to speed on this issue, the article is a great scene-setter. Even if you know the issue well, you still might learn a thing or two.

My favorite telling detail:

Valenti warned that the Hollings approach “might be what had to happen.”

No, the tech executives said, a process to resolve differences between the two industries was already in place: the technical working group formed in 1996. But Valenti wanted a CEO-level dialogue, not another meeting of the engineers.

Dilbert fans will recognize this as a classic Pointy-Haired Boss tactic: “We can’t solve this engineering problem. Maybe if we kick the engineers out of the room we can solve it faster.”

"Peer to Peer" in the Berman-Coble Bill

Yesterday’s defense of the Berman-Coble bill resurrected the argument that the bill only hurts the bad guys, because it authorizes hacking only of peer to peer file trading networks. And we all know that “Decentralized P2P networks were designed specifically (and ingeniously) to thwart suits for copyright infringement by ensuring there is no central service to sue.”

Let’s look at the bill’s definition:

‘peer to peer file trading network’ means two or more computers which are connected by computer software that–
(A) is primarily designed to – (i) enable the connected computers to transmit files or data to other connected computers; (ii) enable the connected computers to request the transmission of files or data from other connected computers; and (iii) enable the designation of files or data on the connected computers as available for transmission; and
(B) does not permanently route all file or data inquiries or searches through a designated, central computer located in the United States;

The definition clearly includes non-controversial technologies, such as the Web itself, that were not designed with copyright infringement in mind.

This is not just an easily-fixed bug in the bill’s definition. Instead, it reflects the fact that the Internet’s design philosophy is based on a peer to peer model in which anyone can send anything to anybody. The big-central-server design of a system like Napster is the historical exception; peer to peer is the rule.

I don’t see an easy way to rewrite the definition to draw a clear technical line between “bad” peer to peer technologies and “good” ones.