Slashdot Mirror

← Back to Stories (view on slashdot.org)

Could That Be The Wireless Police Knocking?

Posted by ryuzaki0 on from the as-if-from-thin-air dept.

netbuzz writes "Should private-property owners be required to practice safe wireless? Are the wireless police about to come a-knockin' on the front door of your castle? Network World reports on a condo complex in Arizona that will monitor your wireless signal for security. Is this the way all condos and apartment complexes should go?" From the article: "'We just kind of kicked it around the table and everybody said that's a helluva good idea, (mandatory encryption) ought to go in the declarations,' says Welch. However, a lawyer warned that wireless technology could quickly overrun any specific covenants they put to paper, 'so we decided that instead of recording (declarations) at the county that we would leave it up to the hotel manager to put it in their rules and regulations.' Why bother at all? 'We just don't want to see anybody hurt with their wireless system,' says Welch. 'If someone (unauthorized) were accessing it and an owner's information, there could be damage and a potential lawsuit.'"

30 of 322 comments (clear)

  1. paper tiger laws by adam · · Score: 5, Insightful

    FTFA: "We just don't want to see anybody hurt with their wireless system," says Welch. "If someone (unauthorized) were accessing it and an owner's information, there could be damage and a potential lawsuit."

    absolutely ridiculous. maybe they should start digging through our trash to make sure we've properly shredded our monthly bank statements too.

    Furthermore, this rule would be a total paper tiger, as far as enforcement goes, since wep [which i do believe is the most common security protocol in use for wifi today] is widely known NOT to be secure. It will be ironic when the first whitehat captures a few days worth of packets from outside that guy's home and then published the unencrypted contents of his web traffic.

    --
    I am Jack's complete lack of surprise.
    1. Re:paper tiger laws by Lord+Kano · · Score: 3, Funny

      'If someone (unauthorized) were accessing it and an owner's information, there could be damage and a potential lawsuit.'

      I imagine the defense's case going something like this...

      Lawyer "Mr. Doe, you set up your own independent wireless network on my client's premises, correct?"

      Idiot "Yes."

      Lawyer "Mr. Doe, you left the SSID or 'name' of the network at the default value and didn't add any encryption or security?"

      Idiot "Yes."

      Lawyer "What could my client have done to protect you from your own actions?"

      Idiot "They could have made me sign an agreement to not leave a wireless network unsecured."

      Lawyer "So, my client is responsible for this because they didn't force you to use safety measures. Is Ford responsible for your ticket because they didn't force you to wear a seatbelt and drive under the posted speed limit?"

      Idiot "HEY! Thanks for the idea, I'll sue them next...Uh...What?"

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
    2. Re:paper tiger laws by gnasher719 · · Score: 5, Insightful

      '' Lawyer "Mr. Doe, you left the SSID or 'name' of the network at the default value and didn't add any encryption or security?" ''

      Some manufacturers of wireless equipment are just clueless and make it unnecessarily hard for people to do the right thing.

      On my wireless router, there is a setup page with an html interface where all kinds of things can be changed. The problem is, it never tells you what these things are that you could change, and why you should change them, and what you could change them. One of the things to change was called "SSID" and the preset value was the name of the manufacturer.

      Now how am I supposed to know what "SSID" means? If you apply logical thinking, since it is set to the name of the manufacturer, it is probably meant to be the name of the manufacturer. So the logical assumption would be that it is used to identify the make of the router, like a processor having an ID of "IntelInside" or "AMDSomething" so you know who made it, and the only reason to change it would be to pretend to be a router made by some other manufacturer.

      If these idiots had set the preset field to "NameOfThisNetwork" or "TypeInNameOfTheNetworkHere" then it would have been much more obvious what SSID is for. One line change in the source code for the router software, and I guess 30 percent fewer people leaving the default name because they don't have a clue what SSID is supposed to mean.

      Now that is just one minor point. But consider that there are about hundred settings, and ninetyfive of them will stop the router from working properly if I change them, so how is an end user who is not a computer expert supposed to get this right?

    3. Re:paper tiger laws by penix1 · · Score: 3, Insightful

      "Now that is just one minor point. But consider that there are about hundred settings, and ninetyfive of them will stop the router from working properly if I change them, so how is an end user who is not a computer expert supposed to get this right?"

      Just like any other field where you are clueless....You hire an expert. I wouldn't consider doing heart surgery on my brother who had a heart attack for the same reason.

      B.

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
    4. Re:paper tiger laws by walt-sjc · · Score: 3, Insightful

      Or you call support. People are unwilling to read manuals, but perfectly happy to sit on support hold for 30 minutes. An "expert" is not needed for home setups (which is what TFA is about.)

    5. Re:paper tiger laws by Fred_A · · Score: 3, Insightful

      I agree, couldn't each AP setup "wizard" just randomly generate a key during setup ?

      Step 1 : Type the name of your network here __________

      Step 2 : This is the generated WPA key of your network write it down and enter it in the gadgets you want to talk to this AP, alternatively enter your own key

      If you lose/forget the key, press the reset key on the AP and rerun the wizard.

      There is a moderate risk in this if the random number generator creates predictable keys.

      It's always seemed to me like a very simple way to solve the problem yet I've never seen a setup routine go that way.

      --

      May contain traces of nut.
      Made from the freshest electrons.
  2. oh thank you nanny state by kaufmanmoore · · Score: 5, Insightful

    i will never have to learn from my mistakes ever again.

  3. Rediculous... by Xserv · · Score: 5, Insightful

    This is a waste of time and money. People should secure their own networks. If you don't know how then you pay someone to do it for you. If you can't afford it, then how are you able to afford a wireless network. Period.

    Why should any government, company or anyone else worry about someone else's network connection security -- unless they're being paid by that party to do so. And in the case of a government (city/state/local/federal) being responsible; don't make ME pay for it.

    Xserv

    --
    "I love lamp."
  4. should I... by Anonymous Coward · · Score: 4, Insightful

    get blamed when someone breaks into my house if I leave the door unlocked?

    Or should I be blamed when Windows automatically connects me to open APs?

    And...If we are going to go that far?

    Why not get these people in trouble for using WEP to begin with?

    Safe wireless? WEP is like using a condom that's been poked with holes.

  5. no thanks by eliot1785 · · Score: 3, Interesting

    Could it be that maybe, just maybe, somebody wants to actually SHARE? Sacrilege, I know.

    Overall, I am worried that people these days consistently seem to say "I'm not in favor of too much regulation, but this specific piece seems pretty good."

    Uh huh. You know the slippery slope has started to apply when people say that about such inane proposals as this one.

  6. Why single out wireless protection? by ewireless · · Score: 5, Insightful

    This seems silly. If you want to protect your own private property or not, that's your own business. They don't require you to lock your apartment door when you leave. They don't require you to lock your car door when you park in your parking space. How is this any different?

    1. Re:Why single out wireless protection? by MichaelSmith · · Score: 4, Interesting
      They don't require you to lock your car door when you park in your parking space. How is this any different?

      It was on dumblaws.com (I can't find the link now) and its true that here in Victoria, Australia it is illegal to leave your car unattended with the keys in the ignition. I have an friend with OCD who loves to point that out to people.

      Its stupid but it keeps the stupid people happy and gives them something to talk about.

      --
      http://michaelsmith.id.au
    2. Re:Why single out wireless protection? by ewireless · · Score: 3, Interesting

      I'm actually OK with making it illegal to leave your keys in the car ignition because kids could get ahold of it too easily and hurt others. In the extreme, it's probably illegal to leave a loaded gun in your driveway for similar reasons. But I don't see how wireless protection falls into this category. This sounds purely like they're just trying to make you lock the door to your network when it's your own business whether you want to share or not. Of course, if it's against the law or contract to share your wireless connection with your neighbors (something that is true with some DSL contracts), then I can see how an apartment complex might want to try to keep their tenant community from stealing shared service and this whole thing might actually make some sense.

    3. Re:Why single out wireless protection? by Tim+C · · Score: 4, Insightful

      So if I move into one of these blocks and am friends with my neighbour and want to collaborate on a project the 'management will come and shut us down?

      No, they'll tell you to enable encryption, which you'll do, and you'll agree on a shared secret, and all will be well and you'll realise that the sky isn't falling after all. That's assuming that they have the right to impose such conditions in the first place; that'll depend on your local tenancy laws.

      --
      It's official. Most of you are morons.
    4. Re:Why single out wireless protection? by ivan256 · · Score: 4, Insightful

      And if I want random strangers passing by to be able to connect?

      What about systems that show you a gateway page unencrypted to help you gain encrypted access? Whould those be illegal?

      How about you go to hell and stop telling me how to live my life. I love how people are all about civil liberties until it comes to something that they like, and then it's OK to force people to behave that way.

      Here's another way for you to think about this: These rules are being put into place because the appartment complex is probably getting kickbacks from the local cable or DSL provider and they want to make sure they collect the maximum possible number of subscription fees. These rules are solely in place to protect the profits of the local monopoly. Congratulations on being a big business shill.

    5. Re:Why single out wireless protection? by ivan256 · · Score: 3, Informative

      If the ISPs were behind it, they'd simply mandate it in their TOS, and everyone would be caught by it

      Regulation without enforcement is useless, and the ISPs can't enforce this. A landlord with a $14 keychain can.

      It's the same reason why apartment complexs have and enforce policies against sharing cable. It's already against the cable company's rules, but the cable companies are powerless to stop it, or even tell that it's happening. That is why they either pay the complex for (illegal) sattelite dish restrictions and cable sharing restrictions. If they don't pay kickbacks, they threaten not to service the complex unless the restrictions are in place.

      If you think tenancy laws matter one bit here, you've probably never lived in a very large complex. You talk about picking your battles... Lashing out against your argument is nothing. Try fighting every little breach of regulation by your landlord (or more likely: property manager). They know exactly how far they can go so that it isn't worth your time or money to take them to court, and they really push the limit.

      Congratulations on being a typical over-reacting ad hominem throwing slashbot.

      I feel my comment was appropriate in the context of the thread. If you chose to take it personally that's your problem. To a third party reading this story I think it accomplishes exactly what I intended.

  7. Ludicrous by z_gringo · · Score: 4, Insightful

    That is just nuts!

    I run mine wide open because that is they way I want it. I secure my machine of course, but if someone is within range and wants to use my connection, I don't have a problem with that. Hell, my SID is actually "WideOpen".

    I used my neighbor's DSL for over a year, but I eventually got my own. There is no reason every house on a block should purchase their own Internet connection, and wireless network. Apartment buildings are in an even better situation. All that money that people are spending on individual connections could purchase a lot higher speed connection for everyone and still save money.

    --
    -- -- Warning. Do not stare directly at the sun.
  8. ridiculous by thdexter · · Score: 3, Insightful

    I know several people who leave theirs open for neighbors and friends to use without encumberance. It's a nice gesture, one in which a private good becomes a public good via goodwill. Even with bittorrent running I'm not using all of my bandwidth at all times.

    Besides this, do we mandate that folks lock their car and house doors? Are there laws against leaving a key under the rug, on the door frame, or below your car door?

    --
    I'm on a road shaped like a figure eight; I'm going nowhere but I'm guaranteed to be late.
  9. FCC by Detritus · · Score: 3, Insightful

    I'd argue that their rules are preempted by the FCC's regulations on spectrum use. The FCC usually takes a dim view of people who trespass on their turf.

    --
    Mea navis aericumbens anguillis abundat
  10. Here is what you should think about by zoomshorts · · Score: 3, Insightful

    Suppose a known sex offender began moving child porn over YOUR wireless network.

    I would love to see you explain that away as an "oops, I forgot to turn encryption and
    authentification on" to the police following the pervert. They will FIRST get you for
    aiding and abetting the crime.

    This stuff, security, only makes sense in today's world.

    1. Re:Here is what you should think about by karmatic · · Score: 3, Informative

      There's a reason the law requires "beyond a reasonable doubt" for criminal cases. Let's examine a "worst case" scenario:

      So, the cops find child porn online - what happens? They contact the ISP, perhaps get a warrant for the DHCP logs.
      The logs show it was your IP. This gives them... probable cause for a search warrant. You get a nice visit from the friendly police squad, and they take your PC(s) as evidence.
      Upon looking through your PC, they find *gasp* all kinds of porn, just no kiddie porn. Guess what, they have no case. They either drop it (likely, especially if you can demonstrate you had an open AP), or you get to rely on a judge or jury to drop it for them.

      Eventually, justice prevails (possibly after a couple appeals and a lot of money), you get your stuff back, and you aren't convicted of anything.

      Does it suck? Sure. That doesn't change the fact that you are an idiot, and "aiding and abetting" requires, among other things, mens rea (criminal intent). In other words, they have to demonstrate that you intended to violate the law. (There are civil issues, but we're talking criminal here).

      It may be _unpleasant_ when someone uses your connection for something illegal; however, that doesn't automatically mean you are liable. In fact, courts tend to be hesitant to assign liability to ISPs that do not knowingly facilitate crimes. Imagine if Cox/Comcast were responsible for every illegal action performed by their users online. It would be "death by lawyers" for the internet.

    2. Re:Here is what you should think about by Mantrid42 · · Score: 3, Insightful

      Oh no! I better never do anything nice for anyone because of the tiny, tiny chance that someone might possibly maybe do something bad with it one day!!

  11. Won't anybody think of the users? by raju1kabir · · Score: 4, Interesting

    My first reaction was "Good Lord, how stupid can people get?" - I mean, does this mean that if you set up a wireless network in accordance with their regulations, and it still gets abused (through WEP weaknesses or whatever), they have implicitly invited you to sue them?

    But then I thought back to ohhh, yesterday, when I was wrapping up a work trip to Thailand. When I arrived I had bought a SIM card at a dusty little family shop and the cashier who installed it into my phone signed me up for a bunch of promo offers including the loathsome Calling Melody (which I never figured out how to disable) and 50 free hours of GPRS (pretty good considering the card cost me US$7.50).

    My hotels had free wifi so I didn't end up using that much of the GPRS time. Yesterday, at the airport, I figured I might as well use some more of it up, so I popped open the trusty iBook and turned on internet sharing with SSID name "Free Internet!"

    Within 15 minutes I had 5 or 6 people on it (must have been painfully slow for them). I was too tired to do anything useful, but just for the heck of it I started up ethereal to see to what ends my largesse was being used. It was remarkable how trusting (or probably ignorant) people were - as well as how many unencrypted port-80 webmail servers and office intranets there are out there.

    So maybe the real value of the rule in TFA is to protect the users from themselves, rather than protecting the AP owners. When you connect to an unknown AP you never really know what could be going on with your traffic unless you encrypt and authenticate it.

    --
    "Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
  12. I didn't expect... by SEWilco · · Score: 3, Funny

    "Nobody expects the Wireless Police!"

  13. Not a law, it's a condo rule. by Tetravus · · Score: 4, Insightful

    There is a difference between laws and condominium covenants you know...

    So, the owners decided to implement access point security and pool their resources to provide monitoring (I guess, the article isn't too clear on enforcement methodology). Why isn't the /. crowd applauding end users for not only caring about their networks but actually taking pro-active steps to prevent break ins? Sure, it's not a perfect solution, but it's certainly better than the status-quo and it keeps over zealous government types from being able to create actual laws to enforce this behavior ("Look, we've already got encryption. No need to legislate it.").

  14. Are you all criminals? by Tim+Browse · · Score: 3, Funny

    I don't get all this obsession with wifi security and encryption. I mean, why do we, as the average citizens, need encryption?

    I mean, if we haven't done anything wrong, then we have nothing to hide, surely?

    The only people who would want wifi encryption are criminals, because they have something they don't want the authorities to see.

  15. The real reason... by Joce640k · · Score: 4, Insightful

    The real reason is "plausible deniability".

    If you have an open connection then you can't be found guilty in court of any cybercrimes comitted via your Internet connection. The thought police can't bear the thought of that.

    --
    No sig today...
  16. Some Perspective by Fnord666 · · Score: 5, Insightful
    Let's get some perspective on this please. Despite the gratuitous use of the word "police" in the posting headline, this has nothing to do with the police or the law. No one is trying to pass any laws. This is one condo association setting up the covenants under which purchasers of the condos must live. This isn't any different than a restriction that condo owners can't put a fence in their front yards.

    According to the article

    "Bryan Welch is sales manager and designated broker for Canoa Ranch and he takes credit for first broaching the wireless security mandate with the developers of the project, which will provide each condo unit/hotel room with wired broadband, telephony and cable TV service."
    In summary, the condo developers are providing the broadband connection and want to make sure that the condo owners secure their endpoints. Open access points have some risks that the developers are apparently not willing to accept. As a goodwill gesture they could retain a local networking firm to help owners set up their wireless networks properly though.
    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  17. Experts by Presence1 · · Score: 4, Insightful



    "I wouldn't consider doing heart surgery on my brother who had a heart attack"

    This is not heart surgery, it is a consumer product. It performs commonly used functions in a standard way, within standard capabilities. One should not need to hire an expert for common consumer grade functions (even when there is an incredible amount of technology 'under the covers').

    In the early days of automobiles, it was necessary to hire a driver because driving was complicated and dangerous -- you could break your arm if you got it wrong starting it, and you had to manage spark advance and several other long-since-automated controls in addition to the throttle, brake and clutch. Now, hardly anyone even knows what is under the hood.

    In early networking, there were many protocols, and IP addresses were set by hand. It is now approaching the point where it is a plug-and-play product, and this is GOOD.

    Progress is not only making the previously impossible, possible -- progress is also making the previously difficult, easy.

    Technologists who understand this will have more and happier customers. Technologists who don't are almost as bad as Luddites in holding back technology.

    The GP post is absolutely right -- the top-level UI should hide functions that are not commonly changed, and make clear what should be changed ("YourNetworkNameHere" is a GREAT idea). Uncommon, expert level functions should be available, but only via deeper UI levels.

  18. Re:this is absolutely necessary by repvik · · Score: 3, Insightful
    1. Unprotected wireless access points are one of the main ways illegal porn, illegal software and various other data gets uploaded to the internet
    Please say you're kidding. Cite any reliable source for this.

    2. it is one of the ways terrorists can communicate safely without any chance of being tracked
    Kind of true. But they can also do this with encryption, public payphones, prepaid cellphones, wireless networks with WEP-encryption, etc, etc.

    3. unprotected wireless access is an open invitation to hackers to steal important personal information (including financial info)
    Having sensitive personal info on your PC has always been an "invitation" for someone to steal it. Ever heard of malware? If you can't take care of your sensitive data, shame on you.
    In this day and age, having unprotected wireless access is akin to having your home telephone line available to public. Imagine your surprise when police knocks on your door and tells you your home phone was used to call a remote cell phone to trigger a bomb and you please ignorance saying well it is available to everyone.
    Again, you've gotta be braindead. Ever heard of "payphones"? Does it make the phone company liable?