Slashdot Mirror
Open Wi-Fi May Become Illegal In India
chromoZ writes with word that because of the serial blasts in Indian cities (and terrorist outfits claiming responsibility via email, often sent via Cyber Cafes and open Wi-Fi spots), sharing unsecured wireless access may get much tougher in India: "The Telecom Regulatory Authority of India (TRAI) after studying open Wifi networks is coming up with a set of guidelines and recommendations to secure them. 'All ISPs may be instructed to ensure that their subscribers using wireless devices must use effective authentication mechanisms and permit access to internet to only authorised persons using wireless devices.' An open Wi-Fi could be as much as illegal in India after this."
What about proxies or tunnels then?
DNA -- National Dyslexic Association
How are the terrorists gonna claim responsibility after this???
Free, as in your money being freed from the confines of your account.
Wont they use the mail box down the street?.
Simple solution: authorize everyone with WiFi capability to access your network. The authentication is very strong, as anyone without WiFi capability will absolutely not be allowed to connect.
to stop the attacks in the first place. Lots of other ways to claim responsibility for attacks. As usual, it just makes the common man a criminal...
Since when does disobeying "guidelines and recommendations" mean you are breaking the law?
Just set the ESSID to "You are authorized," then everyone using it is authorized.
"Knowledge is the only instrument of production that is not subject to diminishing returns" -Journal of Political Econom
This seems like an in-line move with the recent article about the international group working towards eliminating anonymity on the internet. How is this going to make things more secure? If I want to set off a bomb, I'm going to set off a bomb, with or without an open wireless router. Given the stated problem, this seems like an asinine response.
Quiz: True or False -- On a scale of 1 to 10, what is your middle name?
With every new communications medium there comes the perceived peril that bad people can use it anonymously. In all cases thus far, the little-villains had many options and simply chose the most convenient and the big villains use this as an excuse for laws that give them give them greater control.
The terrorists could have as easily cut words out of the newspaper and pasted them onto a sheet of paper and mailed it. Anonymous message delivery is not new. Hopefully the people of India will catch this nonsense before it goes too far. There is a non-trivial portion of the people in that country who cannot easily just "buy an account" at the local cybercafe, but greatly benefit by keeping in touch with their extended families for free.
I recently toured Skandinavia. In every reasonably big city
(that means "more than 15 houses" over there), you can nearly
be sure to find some open access point. Of course, some of
those are cluess users using lousy default configs - but quite
a lot are deliberately open, with SSIDs like "welcome_to_stockholm".
One even ran a guestbook on the AP's port 80, accessible only :-)
from the inside. Lots and lots of grateful people from all over
the world had left a message before mine
That's the kind of culture I would like to see encouraged in
other places as well, not this "OMG terrorists" bullshit being
used as an excuse for more and more control in way too many
parts of the world.
And just how are the ISPs supposed to be able to accomplish this? Are they going to have people wardriving all around India, sniffing out open wifi, then seeing if it traces back to one of their customers? Or is a strongly worded email sufficient?
When our name is on the back of your car, we're behind you all the way!
Even if this nonsense did anything at all to combat terrorism, which it doesn't, the idea of an personally identifiable internet connection is a pipe dream, not to mention that it's ethically preposterous. One of the greatest strengths about the internet is how easy it is to remain anonymous and that's a feature, not a bug.
...the doorsteps of all newspapers should be equipped with anonymous letter eradication devices. Like lasers? Strapped to shark's heads?
They may bomb Indians, but they'll damn well retain the ability to be completely ignorant of it! Except for the explosion, that's pretty loud and hurty, not really something you can ignore.
Of all the countries I've traveled, India is far and away the biggest pain in the ass to get hold of a simple prepaid SIM to stick in your cellphone. Even a little hole-in-the-wall shop wants you to fill out a detailed form, provide identification to be photocopied, provide a valid address while staying in India ... all because they don't want terrorists to be able to use throwaway phones for planning and coordination of attacks.
I'm not at all surprised to see this mindset being extended into other wireless communications
One thing to keep in mind - while America received their "wake up call" in September 2001, there are other nations like India that have been battling terrorism on home soil for several decades. It's worth paying close attention to what these other nations are doing today, if you want clues to what America might be doing tomorrow.
If libertarians are so opposed to effective government, why don't they all move to Somalia?
You know, only outlaws will open wi-fi. Seriously, terrorists will use cracking techniques to open "closed" wi-fi networks. From what I understand, wi-fi security is weak and easily cracked anyway.
The current Indian government is the most ineffective and clueless one. The emails are sent after the bombs have gone off, after the victims are dead or injured. The damage is done. The terrorist will find another way of sending their message. Shutting down Open Wi-fi will achieve nothing!
where did my sig go? where's my sig at?
Traceroute tells me that it's 26 hops from me to the first computer in India I tried, and that looks like it's getting dangerously close to their default 30 hop max. Now, I don't know enough about network protocols to be sure of the best way to prune that route back if it grows to 27 hops, but I bet this new idea of singling out the guy running router number 26 and arresting him should work just fine. Clearly India's regulators know almost as much as I do about the Internets!
These knee-jerk reactions to anything terrorist related are going to continue to cost society dearly as a whole. Each time there is some attack the politicians leap forward with all kinds of measures to restrict our freedoms, instead of tackling the core issues.
We need to wake up and stop punishing our own communities for the actions of others.
For anyone wondering about the background to this move, you could start with the Wikipedia article"
AccountKiller
This is doing nothing to combat terrorism.
Sounds like the telecoms just want more people to go home and pay for badwith.
beyond this sounding odd from a US-perspective (even though this isn't a US thing), would this even be enforceable? I mean can you really force someone to not be able to just hid their SSID or mac filter or something?
I do understand that it would set a legal precedent over there, etc...but still.
Yeah exactly what I was thinking.
If they really want to catch terrorists, perhaps the government should secretly sponsor many free open wifi spots - fast access, no blocking etc.
And then log the traffic, mac addresses and rough physical locations (you can do triangulation to figure where the users are).
And also plant cameras in the vicinity.
So when the bombers log on to brag about it, there is a higher chance of the cops being able to pick them up for "investigation".
It's even great that they use email - you could automate stuff on receipt of the email.
Expensive? Yes. Effective? I don't know, but probably more effective than trying to discourage open wifi.
Good pint, cultural homogeneity may or may not be necessary but it is certainly not sufficient.
With the drink, it's "authenticate the age".
With wifi, is it "authenticate they are not a terrorist"?
Hell .. we will see this kind of policies from ISPs really soon once people start using the excuse "But my WAP was open and I don't know if someone used it for this criminal act." The *iaa will start sending their dogs down the path of forcing ISPs and their lapdogs in congress to make sure that we know exactly WHO is on WHAT IP address at all times so all actions can be accountable.
Think I am being crazy? Just wait and see.
In India going in the wrong direction in a "One Way" street is illegal. http://www.youtube.com/watch?v=kPcIjkkoEXA&NR=1
If I own the "wireless device" can't I "authorise" EVERYONE and ANYONE who accesses it to "use" it?
Even if they ban Open WiFi,(which was alluded to in the article...) you could still throw up a splash page that welcomes them to your network and gives a username and password if they want to continue.
A number of hotels I have stayed at recently do this, the network is "closed" but all you do is open a web browser and click to agree to the TOS. Then you are good to go.
I like microcars
However, my question remained as to whether you can truly control whether someone can provide open access or not.
Have a police officer wardrive, and if he can associate to an AP without establishing intent, the owner of the house where the AP has the strongest signal doesn't enjoy the safe harbor protection.
"Of course, some of
those are cluess users using lousy default configs - but quite
a lot are deliberately open, with SSIDs like "welcome_to_stockholm"."
I wonder. In Scandinavia is everyone as liberal with their physical property as their virtual?
I guess no one can see the consequences of granting strangers complete access to virtual property as they can with physical.
I can certainly see why Slashdot's up in arms. Who wants to give up something free?
All of this assumes that terrorists can be tracked by monitoring on-line activity. Yes, they may now be using anonymous Internet access. But terrorist cells are small and can effectively organize by communicating face to face.
This is a symptom of lazy cops. Its easier to set up a system to comb through e-mail and IMs than it is to do community policing and gt to know who the troublemakers are.
Have gnu, will travel.
Pick up cellphone.
Remove SIM card.
Power on.
Dial 112.
Claim responsibility.
In other news:
'All stores may be instructed to ensure that their customers buyng pencils and/or paper must use effective authentication mechanisms and permit writing to only authorised persons using such devices.'
I'm the first one to mooch free WiFi if available. I love the idea of sharing WiFi ala Meraki etc.
I also don't see anything odd about the Indian Govt.'s decision. Remember the crazy shoe bomber that got gazillions of air travelers take their shoes off in the US?
This particular response might not seem to achieve anything; but from a country that has been blighted by terrorism for decades before 9/11/01, (and oh, a country with notoriously easy-going enforcement), any response to the attacks is at least a sign of life in the administration.
Do you know how diverse and unorganised India is? Technology that connects people will also make terrorists job easier. And its not a once in a decade or millennium business, I call my friends in Bangalore asking were they OK, and they ask me the next day was I OK ( one month ago, and Im not talking about delhi blasts or jaipur blasts)!!
The government has too many troubles tracking explosives, naxalites, terrorists, riots, strikes and all that, the least Indians can do is give it a break. And if people know you well in your neighborhood, you dont need any of that stuff. I havent given this guy in ahmedabad my photo or anything, just told him Im studying at so and so place, and he trusts me.
Nobody is giving up liberties here, the government is trying to catch the unwanted(surplus) liberty from people who can afford it.
I know it is too easy to comment from far away, but a bit of research and contextual familiarity, your opinion might be considered. Or else you are just a westerner warming the chair and giving his opinion.
http://monkeynesianeconomics.blogspot.com/
Either they have a different definition of "effective authentication", or they're essentially banning WiFi.
Like a lot of laws that are drawn up to "stop the bad guys", this will do nothing to stop them and cause internet cops to run around looking for open wifi and causing the innocent newbies to do more work and call technical support more often. Let's be real. The bad guys will get on any way they like and using false names if they must. The good guys will be forced to do more and stop offering for free what they want. Isn't this in line with the "open wifi for everyone"? What happened to that vision?
jsut athnoer menagiensls ltitle psrhae for you to dcoede. Why do we wtsae our tmie dnoig tihs?
This is exactly correct. Centering everything on "cultural homogeneity" is ludicrous when there are so many other characteristics of the societies that play a much more obvious and direct role here. Particularly when you look at the history of truly culturally homogenous cultures over time.
A much saner approach would simply to require ISPs to include in their terms of service and service contract a statement that says in signing up for service the account holder is responsible for all actions taken through use of the account.
I think you will likely find language like that already present in some, but not all service agreements today. It hasn't been enforced heavily, but it would eliminate a lot of silliness that exists today. You sign up for the account, you are responsible. Period.
Yes, this means that if you have an open WiFi service for your neighbors you take the heat for their downloading child porn, sending threatening letters to the President and so on. Unfortunately, from a law enforcement perspective there are few alternatives other than a camera that takes pictures every time the keyboard is used. And that isn't even a 100% solution, no matter how invasive it might seem.
The problem today is that for the most part, unless you brag, your exploits on the Internet cannot be tracked back to you. Sure, they have an IP address. But there is no connection between an IP address and a person. There isn't even a solid connection between an IP address and a computer. This means the Internet is a law-free zone today for people clever enough to contain their glee at describing their exploits in their personal crime blog.
Just like in the Wild West days, commerce eventually forced the elimination of widespread crime without law enforcement. Commerce and crime are pretty much polar opposites and if you are going to have one you cannot have the other - at least not in large quantities. The fact that I can steal your money, make purchases in your name, "borrow" anything digital that I want and never be held accountable is a problem. One solution is to simply enforce that the account holder is responsible for traffic on their account - certainly until proven otherwise.
There are plenty of examples of this type of accountability today.
Err, the USSR wasn't very religious, either. But maybe that's because they were purging (killing) religious people and other 'undesirables'.
Simple explanations that reinforce your worldview may be attractive, but that doesn't make them correct.
A few months ago it became illegal to offer free access wifi in cafes, users had to obtain scratch cards and verify them the first time through the mobile phone. This way supposedly the government could link traffic to identities. Then the scratch card became for money instead of free, only one company is offering this service which makes one wonder if security was the only motive. What these fuckers don't get is that a person with ill intentions can still bypass all these stupid systems.
India, more than any other country is a complex cauldron.
I say that because USA happens to be the melting pot of all the cultures in the world, but it had its founding fathers enshrine, freedom in its constitution - little would you realize how pertinent it would be in these days - well, most of the elite and techies certainly have- but still, its scary to see mccin with 50% of popular votes and a dumb blonde like palin can shore up hope for many! imagine a situation where the constitution were a bit like Indian one AND you had someone like george bush!
so, now imagine a george bush in every state, ruling once every 10 years for a 3-4 year term. thats how it is in india. corrupt, collusion with business, the underworld in some cases. add to it poverty. add to it the complex cauldron of super sensitive religious politics. add to it a country ruled by a single family (the gandhi family) with the worst sycophancy. add to it a hostile nation which USA provided arms and looked other ways when they created militant camps that are now destroying much of the nations around the world. add to it a socialist economic polciy borrowed from russia to nowhere. further add to it a motley crue of friends - we had such friends like arafat, russia, gaddafi, saddam.. damn, we dont need enemies when we have such friends! we have freedom of speech, but you'd need a LOT of courage, and a bit of support from the third estate or the fourth - mostly fourth to come forth with any accusations of any major kind. there have been a few people who tried to pull the plug on some really corrupt politicos or businessmen, but have simply disappeared. the only people who can dare take on the politicos are those from the opposition camp.
corruption's just an aspect. infrastructure remains woefully inadequate thanx to the socialist reforms of the nehruvian ideologies. got pwned by china in the 60s, and we had expensive wars with pakistan. so the india people managed to live happily under all these situation. then we come to the current day when around 2 decades back - we were penniless, and the owed external agencies an arm, leg and everything else too - enter the age of super rich and comeuppance of middle class. all through - law and order remained as is, not too bad, and nowhere near good, and yet very fragile!
we've had 2 major parties squabbling and carving vote banks/ pools in the cauldron of 24 languages, hundreds of castes and plenty of politics - in literally a permutation and combination those numbers. you've gotta see it to believe it for yourself. its crazy as hell, but its our country alright, and we dont seem to mind it, since we live here :) all the while complaining!
now there, with all the crazy complexity, throw in an element of jihadis to all of this crazy situation! there is all the tug of war between different states, different cultures, languages, political outfits, all impacting local and national parties. there's got to be no other country with this crazy myriad directions its pulled in everyday situation.
when i read about the politics in the USA, and how obama and hillary had a close race, and now mccain with all the bush legacy is still in contention - i can smile- USA the nation at the top of the heap, is remarkably close to India - there's a hell a lot of similarities, and a hell a lot of differences. as far as people are concerned - the mindset - we're pretty much in the same boat!
In Britain they detect whether there are working televisions in the neighborhood that had not paid their television licence, by driving around with TV detector vans, and about thirty years ago it was alleged in a surprising documentary that the government had developed a cat detector van for a similar purpose.
I was referring to the part where they say: "ll ISPs may be instructed to ensure that their subscribers using wireless devices must use effective authentication mechanisms" I figured that they were worried about tracking what people do on the internet, but this could be bypassed somewhat by tunneling through other computers or using proxies.
DNA -- National Dyslexic Association
TRAI website has shutdown due excessive traffic.
Heroes die once, cowards live longer.
Openness of ideas hits another hurdle.
Fail.
In Italy it's illegal to share your Internet connection with Anyone, even your neighbours, since 3-4 years, thanks to Mr Berlusconi and an Anti-Terror law by Mr Pisanu.
this responsibility should NOT fall on to the service provider for the customers owned equipment if the customer FAILS to secure their network properly it should fall on the burden of them and not the service provider a provider cannot reliably ensure that someone does not have an unsecured wireless access point connected to their network
who use the essid 'linksys' on an open network.
If you don't want to know who dunnit, don't read the email! Spoiler alert!
Every American Citizen over the age of 16 be armed and dangerous with the government providing both the training and a standard format firearm (eg: 9mm or .45 ACP) based upon personal preferences. Throw out two thirds of the damn laws and make dueling legal with full rules and regulations/public referees to oversee such events. Hell even charge a damn fee for the privilege of dueling so that it's almost self supporting.
Now if we were to implement this simple change to our legal system, we could easily reduce the level of policing now required, criminal prosecution and jail costs by at least one half since most of the crooks would already be dead while ensuring that people are a whole lot more polite once again.
Mod me up/Mod me down: I wont frown as I've no crown
Isn't it illegal in most jurisdictions to provide third party access to wireless communications without a telco license? (not that I think it should be). It's just that many people are providing access by accident :-) Man, you used to have to study morse code just to even be allowed to say hello on CB radio.
You have never been to india.
Stringent laws that prevent a cop from sampling anything without a warrant.
Just a few months ago a huge telco spying scandal resulted in ouster of a few ministers and a few top cops.
The Telco blew the whistle that it was approached by these jokers to spy on a few political opponents, without warrants.
The press had a field day tearing into cops.
TV hosts were joking that cops were trying to overhear talks between you and your GF.
Plus the Left parties threatened to bring the government down and impeach a few,
The Indian PATRIOT Act equivalent was repealed because of human rights violations. Only that act allowed warrantless spying.
With that gone, the cops have to get a court order for spying on anything. And courts here are known for their deliberate refusals. For fun.
I don't know whether to be happy or sad.
"Doing what i can, with what i have." ~ Burt Gummer
Half of India has moved to, or is planning to move to, Southwestern Canada. We have decent (though expensive) internet connectivity here, they could post their attack shit from here where we have at least one open wifi point per block.
which I will loose once a terrorist uses my open wifi to send a terror email.
Take the case of an American citizen Ken Haywood who literally high tailed it out of India with just his family and a few personal possessions when the police discovered that his ISP connection was used to send a terror email related to the recent bomb blasts here. It was later determined that his open wifi connection was used for this purpose. But he suffered nonetheless, he was questioned, had to undergo a lie detector test etc... He got away lightly because he was an American.
Indian citizens would be immediately arrested for the same mistake.
I believe in sharing and freedom of speech. However, when my own freedom is threatened because of an insecure network, I am not going to wait for the government to pass a law to start using WPA2.
People who dont understand this have not experienced Indian police stations.
Indian police raided the Mumbai home of an American expatriate after someone used his open wireless network to send an email that took responsibility for a bomb blast that killed at least 42 people. http://www.channelregister.co.uk/2008/08/01/terrorist_email/