Safe and Insecure?
JoeCotellese writes "Can making your network insecure actually improve your security? That's the question asked in this story running in Salon. The author makes the case that by 'making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.'"
"Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear. Now, anyone with a wireless card and a sniffer who happens by can use my connection to access the Internet. And with DHCP logging turned off, there's really no way to know who's using it."
I'd have read the whole thing, but I was morally repelled by the salon.com ad policy. Anyway, this concept seems to be some perverted cousin of "security by obscurity" -- only this has less to do with protecting your security and more to do with having a way out when someone comes knocking on your door.
Unfortunately, I think this only applies when you *don't do it on purpose*. From my point of view, if you design a network solely for the purpose of relieving yourself of responsibility for what traverses your network, you are pretty much screwed once you get to court. This reeks of the "I accidentally did it on purpose" defense, and isn't likely to fly with any judge that has even a portion of a clue.
dmiessler.com -- grep understanding knowledge
That's not improving your security. That's improving your privacy (via anonymity) at the expense of your security.
Somebody forgot to read the TOS of their ISP... because absolutely ever ISP out there has something to this effect in thier TOS: As the person who pays the bill, you're responsible for keeping the Internet connection you're buying to yourself and people who you trust with it. The reason why they're warning you to do that is because if you allow your connection to fall into "enemy hands", the usage that goes over your wire will be
By choosing to run the "notoriously vulnerable technology", as the author admited in his confession letter, he admitted that he knowingly chose a piece of technology that could be exploited yielding his internet equipment making a request on behalf of somebody unknown. That's nice... you just gave that unknown person the gift of a liability shield at your expense.
As I just posted last thread, annonymity these days is really achieved by somebody else who had the chance to know who you are intentionally failing notice or promising not to tell. The thing is, that other person is taking on the liablity for what you do.
How nice of you to pay his MPAA/RIAA verdict bill for him, you'll be a hero to copyright pirates everwhere. I'm sure they'll be excited to learn there's still people dumb enough to fall for this trick still out there.
It is doubtful you could qualify as a type of common carrier. If anything, you may increase your odds of being liable because you may be held responsible for what others do on your connection.
It would be interesting to see how this would play out. The closest analogy I can think of would be automobiles. If you allowed someone else to use your car, you may be held liable for damages they cause while they are driving it. As far a criminal activity, you may be targetted if your car is identified as taking part in a crime, though you have a pretty good chance of being found innocent if you can prove you weren't driving the car.
Not perfect, but close. The idea sounds good though.
. 62,400 repetitions make one truth -- Brave New World, Aldous Huxley
Nope, this is the genuine artical. This guy is so dead on it's not even funny. How do you think Comcast avoides being put out of business if someone should use their connection to download illegal materials? Answer: "your honor, we're just the pipe. We let others actualy use it. We have no idea what goes on in that pipe that we rent out."
This guy is behaving just like Comcast. He's the pipe and he doesn't know what goes on in that pipe. Unless the Judge were to determine that the pipe owner is responsible (and Comcast will certainly help him fight _that_ kind of fight) then he's ok.
BTW, he also said he turned off logging. In many, many cases, there is no law that says you have to log, but there is a law that says you can't destroy evidence you alread poses. If you don't have a log in the first place, you have nothing to turn over to the feds and you have no evidence to destroy. I think that's a big step closer to true freedom.
TW
Unfortunately, I think this only applies when you *don't do it on purpose*. From my point of view, if you design a network solely for the purpose of relieving yourself of responsibility for what traverses your network, you are pretty much screwed once you get to court.
The prosecution must prove that you committed a crime, not that you tried to make their job difficult. They can't convict you for something just because you tried to obsfuscate your actions or gain plausible deniability.
As the article title says, "safe and insecure." The author has decreased the risk he faces from lawsuits launched by the RIAA, MPAA, BSA, SPA, etc., in exchange for reduced network security.
Where he is in grave danger is from his ISP, which could cancel his account in a moment should they get a DMCA complaint, spam complaint, hacking complaint, DoS complaint, or virus complaint tied to his IP address. The courts have to give him due process. His ISP does not.
I think you're wrong. This is no different than leaving your front door unlocked. If someone enters you house without your permission and shoots somebody from inside it, you can not be held liable for "wreckless disregard".
In the USA you should be free to assume that somebody will not break the law. Assuming people will break the law is very, very dangerous, and has cost us many of our freedoms through "preemptive legislation" like license plates, inummerable searches without probable cause (travel lately?), and handgun registration.
In most jurisdictions (in the U.S., at least), you would be held legally liable for failing to properly store your firearm,
It was properly stored; it was in my private residence where nobody is allowed to go! You again are telling me I MUST ASSUME that somebody is going to break the law and I'm responsible for THEIR illegal actions. How can that be? That's very dangerous!
[gestapo voice] YOU ARE NOT ALLOWED TO HAVE THAT [insert anything] BECAUSE SOMEBODY *MIGHT* TAKE IT FROM YOU AND USE IT TO COMMIT A CRIME! [/gestapo voice] The abuses of that logic are endless! Where do they stop?
If you buy something dangerous like a gun, you should be expected to take precautions to prevent its misuse...
I also own a 10" über-sharp Wüsthof kitchen knife, which is "dangerous". If somebody takes it from my house and kills the President, should I go to jail? Do I have to lock up all my forks too? Where does it stop?
If you're so irresponsible as to neglect to install a fence to prevent trespassing neighborhood kids from falling in, then as far as I'm concerned, you have no business building a pool in the first place. Most municipal laws agree on this point as well.
What about the parents? Aren't THEY irresponsible for not preventing their kid from trespassing? Again, you are telling me I'm responsible for the consequences of SOMEBODY ELSE's illegal actions! That's not right!
(But I'll grant you I'd be nuts not to put a fence around a pool, but because it's the right thing to do, not because I'm responsible for the illegal actions of others.)