Wireless, Security, and Liability

by on March 20, 2006 · 24 comments

The Houston Chronicle’s TechBlog has a post this morning accusing me of taking security issues to lightly in my wireless piggybacking op-ed:

Reading Lee’s bio at the Technology Liberation Front, where he is a contributor, you can tell that he knows better. He’s a former systems administrator and savvy in the ways of Mac, Unix and Perl. I think his skimming over the security issue is disingenuous.

If he’s been paying attention, he knows that illegal music and movie sharing is rampant, and that the recording and film industries are coming after those who do it frequently. He also knows that these trade associations’ lawyers hunt down their prey via IP address, and that a “friendly neighbor” with a thirst for illegal music and movies can bring unwanted legal attention to the owner of an open WiFi network.

And that’s just the most minor of crimes that can be committed over a WiFi network. Granted, the chance that a kiddie porn addict or someone trying to hack the Pentagon will use your open bandwidth is slim–but do you even want to take that chance?

This is an interesting point, and is actually a different security issue than the one I had in mind when I pooh-poohed the security risks of open WiFi. I had in mind the worry that someone would log into your wireless network and hack into your computer or eavesdrop on your network traffic.

But what he’s talking about isn’t really a security issue at all, it’s a liability issue. And it is a real risk. If somebody does something bad with your Internet connection–shares copyrighted songs, trades child pornography, or sends a death threat to the president–there’s a chance you could get sued, or even arrested.

However, the odds of that happening is pretty small. And if it does happen, you’re not likely to be convicted. It is, after all, a case of mistaken identity–it’s not a crime to have someone use your network for lawbreaking without your consent. It’s likely that if you get a call from the RIAA or the FBI about illegal activity on your network, they’ll be willing to let you off the hook if you help them catch the culprit.

The other possible argument is that by leaving your network open, you’re making it easier for people to get away with doing illegal things. But there are millions of networks connected to the Internet. You’re never going to close all of them. So closing your network will simply caues criminals to move on to the next one.

Update: Mike at TechDirt chimes in to say that opening up your WiFi network qualifies you as an ISP under the Communications Decency Act, under which you’re not liable if someone does something illegal via your network.

  • http://www.blindmindseye.com MikeT

    Tim,

    Since the average router doesn’t keep any logs, you’re going to be hard-pressed to prove that it wasn’t you. I have to disagree with you on this one. It’s like leaving your house open so that a stranger can come in and sleep on your living room sofa. They might be honest, but they very well might rob you blind. The fact is, the average person cannot prove that it wasn’t them, and the RIAA has been known to go after people who claimed ignorance.

  • http://www.blindmindseye.com MikeT

    Tim,

    Since the average router doesn’t keep any logs, you’re going to be hard-pressed to prove that it wasn’t you. I have to disagree with you on this one. It’s like leaving your house open so that a stranger can come in and sleep on your living room sofa. They might be honest, but they very well might rob you blind. The fact is, the average person cannot prove that it wasn’t them, and the RIAA has been known to go after people who claimed ignorance.

  • Tor

    There’s a simple technical solution to the liability problem: route all traffic from your neighbors through TOR (http://tor.eff.org/). Liability approaches 0.

  • Tor

    There’s a simple technical solution to the liability problem: route all traffic from your neighbors through TOR (http://tor.eff.org/). Liability approaches 0.

  • http://www.mobiletracker.net Jon Gales

    MikeT, the way the US legal system works the burden of proof is on the accuser. It’s up to me to prove that it was you. If anyone within a 250ft radius of an area could have done something and you have no more information, you simply can’t go after whoever owns the property at the center of the circle.

  • http://www.mobiletracker.net Jon Gales

    MikeT, the way the US legal system works the burden of proof is on the accuser. It’s up to me to prove that it was you. If anyone within a 250ft radius of an area could have done something and you have no more information, you simply can’t go after whoever owns the property at the center of the circle.

  • http://www.technosailor.com Aaron Brazell

    …And if the FCC thinks that you’re an ISP, you better cough up the $230 application fee.
    http://wireless.fcc.gov/feesforms/feeguide/serv

  • http://www.technosailor.com Aaron Brazell

    …And if the FCC thinks that you’re an ISP, you better cough up the $230 application fee.
    http://wireless.fcc.gov/feesforms/feeguide/services/broadband.pdf

  • http://www.blindmindseye.com MikeT

    Jon,

    I know all about innocent until proven guilty, but the activity from your router is probably going to look like you did it, until you can bring in enough evidence to prove that it didn’t have to be you who did the dirty deed. It’s about saving a lot of stress.

  • http://www.blindmindseye.com MikeT

    Jon,

    I know all about innocent until proven guilty, but the activity from your router is probably going to look like you did it, until you can bring in enough evidence to prove that it didn’t have to be you who did the dirty deed. It’s about saving a lot of stress.

  • http://www.freedom-to-tinker.com Ed Felten

    In a civil suit, the standard of proof is preponderance of the evidence. If it is known for certain that some bad act was committed via your WiFi, a plaintiff only has to prove that it is more likely than not that you were the person who did it. They can brush off your argument that it might have been an outsider by saying, “Maybe, but probably not.”

  • http://www.freedom-to-tinker.com Ed Felten

    In a civil suit, the standard of proof is preponderance of the evidence. If it is known for certain that some bad act was committed via your WiFi, a plaintiff only has to prove that it is more likely than not that you were the person who did it. They can brush off your argument that it might have been an outsider by saying, “Maybe, but probably not.”

  • skeptical

    Tim, in your op-ed piece you say the problem can be solved easily by WiFi network owners simply restricting access by strangers with a password. Should people be allowed to hack through those passwords or not?

  • skeptical

    Tim, in your op-ed piece you say the problem can be solved easily by WiFi network owners simply restricting access by strangers with a password. Should people be allowed to hack through those passwords or not?

  • http://www.techliberation.com/ Tim

    Skeptical: of course not.

  • http://www.techliberation.com/ Tim

    Skeptical: of course not.

  • skeptical

    OK, but as practical matter, it is possible for people to hack through password security like those protecting WiFi networks, right? How should we keep them from doing it?

  • skeptical

    OK, but as practical matter, it is possible for people to hack through password security like those protecting WiFi networks, right? How should we keep them from doing it?

  • Deron s

    If people looked ahead when building or renovating their facilities, homes etc they could cost effectively secure signals from leaving or entering the structure. So for future reference the legal issue would no longer exist. Open networks, encryption simply create opportunity good and bad.

  • Deron s

    If people looked ahead when building or renovating their facilities, homes etc they could cost effectively secure signals from leaving or entering the structure. So for future reference the legal issue would no longer exist. Open networks, encryption simply create opportunity good and bad.

  • http://bvf67.iespana.es VovkaBobSS
  • http://bvf67.iespana.es VovkaBobSS
  • http://www.abc-acupuncture.com/baxqorav tramadol

    81e31de21f46 Very good tramadol tramadol

  • http://www.abc-acupuncture.com/baxqorav tramadol

    81e31de21f46 Very good tramadol tramadol

Previous post:

Next post: