by Mike Masnick
Mon, Jun 14th 2010 6:14pm
from the finally dept
The Helsinki branch of financing firm GE Money apparently was scammed recently. Here's how it worked: (1) the company's own head of data security (2) stole banking software from the company after which he (3) took confidential users passwords for its bank accounts. He then (4) stole money from GE Money's accounts by transferring it to a (5) secret account he had set up months earlier. Oh yeah, he did this last bit (6) via an open WiFi connection.All those other things? No big deal. The problem here, according to many in Finland, was the open WiFi, the use of which was later outlawed (apparently via case law) (Updated to clarify that it was the use of open WiFi that was made illegal, not setting up open WiFi).
Thankfully, it looks like regulators there have now realized this was a total overreaction. Slashdot points us to the news that the Finish Justice Ministry is preparing to legalize the use of open WiFi (Google translation from the original Finnish) after realizing that open WiFi is both widely used and incredibly useful.
Finally, a side note, because this has come up before from commenters who think that I'm being inconsistent: supporting open WiFi does not mean that you support individuals not protecting themselves when using the open WiFi. In past threads, it was suggested that supporting open WiFi while pointing out how silly it is for people to complain about their own poor security habits was in disagreement. It is entirely reasonable and consistent to support open WiFi (at the access point level) while suggesting that individuals (at the user level) encrypt their own data. In fact, that's quite a useful situation: more open WiFi, but security at the user level, is really a situation that works best for everyone.
by Mike Masnick
Thu, Jun 10th 2010 8:02pm
from the oh-come-on dept
Google is going to end up getting in trouble around the globe for this. There's little doubt of that. Google haters are using this opportunity to attack the company. But the more you actually look at what the company did, the less troubling it is. If someone really did have "criminal intent" to snarf data on open WiFi networks (and there certainly are some folks who do have such criminal intent) they would have done a hell of a lot more than they actually did. Driving around, collecting little snippets of information is about the worst way to get anything useful off of a WiFi network like that. Again, Google never should have done this, but attacking Google for this, without recognizing that there are actual criminals who do much worse on open WiFi networks all the time is pretty bizarre. It's just an excuse to attack Google.
by Mike Masnick
Wed, Jun 9th 2010 8:10pm
from the evidence? dept
The real issue, though, is that it will be nearly impossible (if not impossible) for anyone in any of these lawsuits to first show that any of their specific data was recorded by Google, and secondly, that any harm came to them because of it. And, as we've noted multiple times, the courts seem to want to (a) see actual privacy being breached, rather than theoretical privacy being breached and (b) see actually harm come to the plaintiffs from those breaches. Without either of those things, it's hard to see these lawsuits getting very far.
As Goldman notes, not at all sarcastically:
It's remarkable that these lawyers were able to conclude to their satisfaction that their named plaintiffs in fact had their payload data captured in the process--presumably by confirming that payload data was actually being transmitted at the precise time the cars drove by. I'm not sure how I would research this issue sufficient to satisfy my Rule 11 obligation, but these attorneys surely didn't just assume Google captured their clients' payload data...did they?
by Mike Masnick
Wed, Jun 2nd 2010 5:54am
from the no-wifi-without-paying-up dept
JohnForDummies was the first of a few of you to alert us to CSIRO's latest set of lawsuits against American tech companies, this time focusing on ISPs. Verizon Wireless, AT&T and T-Mobile have all been sued, even though none actually make WiFi equipment. However, since they all have WiFi-enabled devices (some of which were almost certainly made by the tech companies who already paid up) CSIRO claims they need to pay up again. Apparently patent exhaustion is not a concept CSIRO considers valid.
Oddly, the article in The Age about this lawsuit seems to side almost entirely with CSIRO, quoting people who insist that companies have "no choice but to pay up" and that CSIRO has the right to demand licenses from the "entire industry." It also quotes someone who falsely claims that the only reason companies would agree to settle is if they knew they were going to lose. That's not even close to true. Lots of companies settle patent disputes because it's often cheaper to do so. And, even if they think they can win, oftentimes their shareholders don't like the uncertainty and push for a faster settlement.
The Age article also provides some more background on the patents in question, highlighting that they're based on mathematical equations created in a 1977 paper. As JohnForDummies points out, mathematical equations are not supposed to be patentable...
by Mike Masnick
Thu, May 20th 2010 8:57am
from the blame-game dept
That said, given the irrational fear over Google collecting any sort of information in some governments, this particular bit of news has quickly snowballed into investigations across Europe and calls for the FTC to get involved in the US. While one hopes that any investigation will quickly realize that this is not as big a deal as it's being made out to be, my guess is that, at least in Europe, regulators will come down hard on Google.
However, going to an even more ridiculous level, the class action lawyers are jumping into the game. Eric Goldman points us to a hastily filed class action lawsuit filed against Google over this issue. Basically, it looks like the lawyers found two people who kept open WiFi networks, and they're now suing Google, claiming that its Street View operations "harmed" them. For the life of me, I can't see how that argument makes any sense at all. Here's the filing:
My favorite part, frankly, is that one of the two people involved in bringing the lawsuit, Vicki Van Valin, effectively admits that she failed to secure confidential information as per her own employment requirements. Yes, this is in her own lawsuit filing:
Van Valin works in the high technology field, and works from her home over her internet-connect computer a substantial amount of time. In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless connection ("wireless data"). A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations.Ok. So your company has non-disclosure and security regulations... and you access that data unencrypted over an unencrypted WiFi connection... and then want to blame someone else for it? How's that work now? Basically, this woman appears to be admitting that she has violated her own company's rules in a lawsuit she's filed on her behalf. Wow.
While there's nothing illegal about setting up an open WiFi network -- and, in fact, it's often a very sensible thing to do -- if you're using an open WiFi network, it is your responsibility to recognize that it is open and any unencrypted data you send over that network can be seen by anyone else on the same access point.
This is clearly nothing more than a money grab by some people, and hopefully the courts toss it out quickly, though I imagine there will be more lawsuits like this one.
from the questions... dept
by Mike Masnick
Wed, May 12th 2010 1:30pm
from the open-wifi-is-illegal? dept
Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data.This is backwards in so many ways. First, open WiFi is quite useful, and requiring a password can be a huge pain, limiting all sorts of individuals and organizations who have perfectly good reasons for offering free and open WiFi. Second, fining the WiFi hotspot owner for actions of users of the service is highly troubling from a third party liability standpoint. The operator of the WiFi hotspot should not be responsible for the actions of users, and it's troubling that the German court would find otherwise. This is an unfortunate ruling no matter how you look at it.
Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files, the Karlsruhe-based court said in its verdict.
"Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation," the court said.
from the questions-answered dept
As Derek noted, the Skype app for Verizon followed a series of several other moves that call into question Skype's actual commitment to open networks, and that combined with US operators' historical positions against openness, it was natural to assume that the app shut off WiFi on Android devices because of some nefarious purpose. But Verizon has explained itself, saying the app behaves this way because of a combination of technology and legality. In short, Verizon lawyers felt like voice calls made through Skype needed to be treated like standard voice calls from a legal perspective. This means conforming to 911 regulations, as well as the CALEA act, which opens networks to wiretapping by law enforcement. Verizon contends that CALEA dictates that call-signaling info travel over its data network, rather than unknown (and possibly unsecure) WiFi. This is where the technology comes in: apparently it's impossible for the Skype app on Android to choose to use the Verizon data network if the device is connected to WiFi. So therefore it has to completely shut off the WiFi connection to be sure its data travels over the mobile network. On BlackBerry devices, this isn't the case, so the app doesn't force users to shut off their WiFi.
Given mobile operators' past penchant for closing off their networks, it's forgivable that somebody would assume one had nefarious purposes for blocking WiFi access to Skype. That may not be the case in this narrow instance -- but many of Derek's other questions about Skype's much-touted commitment to openness remain unanswered.
by Mike Masnick
Fri, Mar 5th 2010 1:39am