Techdirt. Stories filed under "wifi"

Whatever You Think Of The Google WiFi Settlement, It's Bad That It Requires Google To Attack Open WiFi

Mike Masnick — Wed, 27 Mar 2013 10:14:49 PDT

We're still a bit confused about why so many people freaked out a few years back when Google's Street View cars gobbled up some open WiFi data -- since anyone can do that on an open WiFi network. Various investigations did show that Google was a bit disorganized and had some poor controls in place, which perhaps meant that it should have caught the data collection sooner. So, if you think Google should be punished for that kind of thing, then the recent settlement with a group of state attorneys general perhaps made you happy.

That said, EFF is pointing out why the settlement is stupid -- not for Google, but for open WiFi and security. First, these technologically clueless attorneys general are requiring Google to create videos and ads promoting WiFi encryption... with a focus on old and bad standards like WEP, which is like saying you should be locking your front door with a cheap chain lock. It's a "lock," but one that could be broken by pretty much anyone in seconds.

Even worse, though, is that the settlement requires Google to push the message that the only way to protect yourself is to lock up your WiFi. But that's ridiculous. Open WiFi, by itself, is not a bad thing. Yes, unencrypted data could be exposed, but the better answer is to encrypt your data, such as by using a VPN. As EFF notes, end-to-end encryption is always going to make more sense than just encrypting your access point and hoping that keeps people out. And, yet, much of the settlement focuses on having Google push people to lock up their WiFi.

The solution to public surveillance problems should not involve discouraging people from providing public resources like open wireless, since this cuts against the general interest and takes away a common good. As we've explained elsewhere, wireless encryption provides few benefits compared to the much stronger end-to-end encryption, a technology that can thrive alongside environments with open wireless access. The settlement could have gone so much farther by educating people how to run open wireless networks safely and securely—for example, through open guest networks.
It is apparent that too little thought and analysis went into this settlement document, and, as a result, the requirements do the public a huge disservice by hurting the Open Wireless Movement.

Of course, this is the kind of thing you get when you let grandstanding politicians tell companies how they need to act concerning technology they don't understand.

Permalink | Comments | Email This Story

Canadian Schools Ban WiFi Based On Bad Science

Mike Masnick — Wed, 6 Feb 2013 03:33:00 PST

A decade ago, we first wrote about some freaked out, clueless parents suing a school district for wanting to install a WiFi network. The parents believed -- based on absolutely no evidence whatsoever -- that WiFi networks emitted "harmful" electro-magnetic radiation. Since then, we've heard of many such stories of people fearing the health impacts of WiFi, despite a near total lack of evidence of any harm at all. Studies have found that an entire year sitting next to a WiFi access point gives you the equivalent radiation of 20 minutes on a mobile phone. And yet, every few years, we hear about parents or politicians freaking out about the issue and trying to get WiFi banned in schools.

Amazingly, they've succeeded in some places, including 12 elementary and middle schools up in Canada, which are now being called out by a group called "Bad Science Watch" for making decisions based on absolutely and totally bogus science. You can read the full report here, in which they call out "anti-WiFi activists" who are "spreading misinformation." It seems they ought to call out schools as well. You would think that places of learning would investigate the actual science.

These claims are not substantiated by the scientific literature and have little acceptance from medical professionals and the scientific community. This activism therefore amounts to nothing more than fear-mongering by misguided special interest groups who are attempting to have these networks removed.

Nevertheless, the media has been all too willing to fan the flames of controversy and has contributed to a growing false uncertainty over the safety of WiFi. As a result many school boards, libraries, and town councils across Canada have been called on by concerned citizens to limit or remove WiFi networks.

Permalink | Comments | Email This Story

EFF Reminds Us That Open WiFi Isn't A Bad Thing... And Should Actually Be Encouraged

Mike Masnick — Fri, 2 Nov 2012 07:17:04 PDT

We've had plenty of stories concerning open WiFi, and there seems to be a general opinion among some that open WiFi is "a bad thing." Some have even tried (and failed) to argue that having an open WiFi network makes you negligent. In some areas, law enforcement has even gone around telling people to lock up their WiFi. Those who argue against open WiFi are generally conflating different issues. It is true that if you use an open WiFi network without securing yourself you do open up yourself to snooping from others. Similarly, if others are using your open WiFi, it it could lead to at least an investigation if your access point is used for nefarious purposes. But combining those to claim that open WiFi itself is bad or illegal is a mistake. It is entirely possible to secure your own activities, and to set up an open WiFi network in a reasonable manner that minimizes any such threat.

The EFF and others have been trying to remind people that there are also tremendous benefits to open WiFi in increasing connectivity for everyone. As part of this, they've launched the Open Wireless Movement encouraging people to purposely leave their WiFi networks open (and to take appropriate security precautions). They're pointing out that especially in times of crisis, such open networks can be tremendously useful.

The Open Wireless Movement envisions a world where people readily have access to open wireless Internet connections—a world where sharing one's network in a way that ensures security yet preserves quality is the norm. Much of this vision is attainable now. In fact, many people have routers that already feature "guest networking" capabilities. To make this even easier, we are working with a coalition of volunteer engineers to build technologies that would make it simple for Internet subscribers to portion off their wireless networks for guests and the public while maintaining security, protecting privacy, and preserving quality of access. And we're working with advocates to help change the way people and businesses think about Internet service.

We're also teaching the world about the many benefits of open wireless in order to help society move away from closed networks and to a world in which open access is the default. We are working to debunk myths (and confront truths) about open wireless while creating technologies and legal precedent to ensure it is safe, private, and legal to open your network.

Hopefully we can finally get past the myth that open WiFi is automatically bad and get people moving towards a better understanding of how to use the internet safely while still offering up open access in a reasonable manner.

Permalink | Comments | Email This Story

Cisco, Motorola, Netgear Team Up To Expose Wifi Patent Bully

Mike Masnick — Tue, 9 Oct 2012 12:35:01 PDT

Last year, we wrote about a crazy patent troll, named Innovatio, who had sued a ton of restaurants and hotels, claiming that anyone who used WiFi was violating its patents. It was even claiming that individuals who use WiFi at home infringed too -- but that it wouldn't go after them "at this time." Instead, it preferred to focus on shaking down tons of small businesses, offering to settle for $2,500 to $3,000 -- which is cheaper than hiring a lawyer to fight it, no matter how bogus. We noted at the time that Motorola and Cisco had gone to court to try to get a declaratory judgment to protect its customers.

Well, it seems that the effort to stop these lawsuits has been taken to the next level. Cisco, Motorola and Netgear have now filed an amended complaint which rips Innovatio apart, and doesn't just seek a declaratory judgment of non-infringement, but outlines a parade of lawbreaking by Innovatio, arguing that it's actually involved in racketeering and conspiracy among other things. The full filing, embedded below, is fascinating. The filing reveals some background about Innovatio, which apparently is connected to Noel Whitley, who had been VP of Intellectual Property at Broadcom... but then left to create Innovatio, which just so happens to have acquired most of its patents from... Broadcom. Among the parade of insanity charged against Innovatio:

Motorola, Cisco and Netgear all have licensed the patents in question, meaning that users of that equipment are covered by those patents under the concept of patent exhaustion (basically, if you buy a licensed product, it's licensed). Innovatio conveniently doesn't mention this to the people it sends threat letters to.
The patents in question are part of commitments to IEEE that they'll only be licensed on RAND terms, but the threat letters demand way more than would be considered "reasonable."
Incredibly, Innovatio includes some expired patents in the list of patents it has threatened people over. That's a massive no-no. Once a patent is expired you can't demand a license for it. At all.
Innovatio apparently tells the people it threatens that it'll be cheaper to just settle, rather than to even investigate the claims that it's making -- and has told people that the manufacturers in question aren't defending their customers, which is proven false by the lawsuit, which, again, was filed soon after Innovatio popped up on the scene.
In an attempt to appear more legit, Innovatio claims that the patents in question have "generated in excess of $1 billion in settlements and license fees" to scare small businesses into complying. It leaves out that it appears to be basing this number on the famous broad patent fight settlement between Qualcomm and Broadcom, which was a wide-ranging cross licensing program, that has nothing to do with Innovatio or its specific patents.

There's a lot more in there, but if the allegations by the vendors are accurate, Innovatio's actions are really questionable. Even if people agree that the patents in question are legit, the fact that the vendors have already licensed them makes these actions quite incredible. The lawsuit claims that Innovatio has sent threat letters to an astounding 8,000+ businesses, mostly way too small to be able to understand the details of what's happening.

Defendants prey upon end users that are not involved in the development or supply of the accused technologies, demanding exorbitant licensing amounts that breach numerous obligations on the patents and greatly exceed any notion of reasonableness. In furtherance of their plan, Defendants threaten protracted negotiations with onerous burdens on end users, and offer supposed “discounts” for promptly paying Innovatio without engaging in such negotiations, while making it clear that Innovatio will initiate costly litigation with anyone that does not acquiesce (something it cannot realistically do given the 8000-plus letters sent throughout the U.S.). Under these circumstances, Innovatio circumvents its obligations and illegally obtains and seeks to obtain licensing fees to which it is not entitled, at great detriment to the Plaintiffs in this action, their customers, and the public generally.

Oh yeah, as for that whole "expired patent" thing? That seems especially egregious:

To date, at least ten of the Innovatio Patents have expired, yet those patents continue to be highlighted in Defendants’ threat letters in furtherance of their licensing campaign. Yet Innovatio states to its licensing targets that “Innovatio proposes granting [the licensing target] an upfront, paid-up license for its use under all of 31 of the issued Innovatio Patents,” when those targets have no liability on and therefore no need of such a license to expired patents. For example, on May 9, 2012, almost one year after the ‘771 patent expired and almost six months after the ‘311 patent expired, Innovatio sent a demand letter to [redacted] .... Innovatio did not provide notice of these or its other patents to [redacted] before expiration. Notwithstanding the expiration of these patents and other patents, Innovatio’s May 9, 2012 demand letter stated “[t]he operation and use of any [WLANs that use the IEEE 802.11 communication protocols] by [redacted] constitutes infringement of at least the following Innovatio Patents: . . . U.S. Patent No. 5,940,771 . . . [and] U.S. Patent No. 6,374,311.” .... Yet circumstances here including a failure to comply with 35 U.S.C. §287, confirms that Innovatio cannot assert infringement or recover damages on at least these expired patent claims. On information and belief, Innovatio never disclosed that these patents had expired, or that its remedies were limited, and the purpose behind inclusion of these patents is to inflate the size of Innovatio’s portfolio, instill fear, increase fees and costs to investigate, and force its targets to capitulate promptly to Innovatio’s unlawful demands.

The filing also includes standard claims of non-infringement and invalidity of the patents in question, but the highlighting of these other behaviors by Innovatio are really quite stunning. Even in cases of extreme patent trolling it's pretty rare to see such egregious behavior. Every so often we see RICO claims being used to counter trollish behavior, but they rarely work. However, the details in this case suggest that if a RICO charge is going to stick, this seems like a reasonable case for it to happen.

Permalink | Comments | Email This Story

Russia Wants To Ban Children From Using WiFi

Mike Masnick — Tue, 9 Oct 2012 07:23:53 PDT

Ah, Russia. Officials in the Federal Mass Media Inspection Service (?!?) are considering a plan to ban children from using WiFi -- and would enforce the ban by holding the hotspot owners liable if anyone under 18 got on their networks. Seriously.

The Communications and Press Ministry has proposed banning children from using Wi-Fi networks in public, potentially making cafes, restaurants and other locations providing the service responsible for enforcing the law.

Why? For the children, of course! They claim it's related to Russia's new internet censorship law, which they're afraid will be circumvented by kids at the local coffee shop or restaurant. Not surprisingly, various places that offer WiFi are not happy about this, pointing out that they have no way of making sure that teens don't get on their WiFi. That doesn't seem likely to stop moralizing bureaucrats (with a healthy appreciation for the ability to censor) from moving forward with this plan.

Permalink | Comments | Email This Story

Copyright Trolls Still Arguing That Open WiFi Is 'Negligent'

Mike Masnick — Mon, 1 Oct 2012 07:18:30 PDT

We've written a few times now about the argument used by some copyright trolls that leaving WiFi open is negligence. This has become a common claim in cases where an accused defendant claims they did not do any unauthorized file sharing of the work(s) in question, but that since their WiFi is open, it could have been just about anyone who accessed the network. The trolls are trying to wipe out this defense by arguing anyone who leaves their WiFi open is "negligent." So far, however, the courts have completely and thoroughly rejected this argument multiple times. It's basically dead.

But, apparently, that doesn't stop some from still trotting it out. The CopyrightClerk site has the news of a recently filed lawsuit by Daniel Ruggiero, which has a number of claims -- with the final one being the same old negligence theory.

Defendant had a duty to secure his Internet connection. Defendant breached that duty by failing to secure his Internet connection.

Reasonable Internet users take steps to secure their Internet access accounts preventing the use of such accounts for an illegal purpose. Defendant’s failure to secure his Internet access account, thereby allowing for its illegal use, constitutes a breach of the ordinary care that a reasonable Internet account holder would do under like circumstances.

Of course, there is absolutely nothing that supports those two statements, and the previous courts looking at such claims have already made that clear. Those rulings may not be precedential on this court (eastern district, Pennsylvania), but judges often are interested in how others have ruled on similar issues. One hopes that the defendant in this case, Andrew Burdziak, will make sure whoever represents him makes the judge aware of those other rulings.

Permalink | Comments | Email This Story

First HADOPI Victim Convicted, Not For His Own Infringement, But Because His Wife Downloaded Songs

Glyn Moody — Thu, 13 Sep 2012 08:16:00 PDT

Well, here's a nice contrast: just when a judge in the US has ruled that users there have no obligation to lock down their wifi connections, a court in France decides the exact opposite. What makes the story even more significant is that the individual concerned is the first person to be convicted under France's 3-strikes law, generally known as HADOPI.

Not all of the facts of the case have been released, but we do know that he received and apparently ignored the statutory three warnings from HADOPI, and then was summoned to court, where things started to get interesting. As TorrentFreak reports:

the man told the court today that he is incapable of downloading and did not commit the infringements. Supporting his claims he brought into court the person actually responsible for the file-sharing.

That person turned out to be his wife (actually, soon to be ex-wife), who admitted that she had downloaded some Rihanna songs. But as Guillaume Champeau of Numerama pointed out to TorrentFreak, ironically this did not get him off the hook -- on the contrary: "By saying he knew she was downloading infringing content, but didn’t prevent her from doing so, he self-incriminated."
That's because under the HADOPI law, it is the owner of the Internet connection who is held responsible for any infringement committed with it, so it's the husband, not the (ex-)wife who has ended up being fined 150 euros (about $200) for negligence. That's admittedly less than the 300 euros ($400), with 150 euros suspended, that the French prosecution wanted, and far less than the maximum possible 1,500 euros ($2000) fine. But it's still a stiff price to pay for something he didn't do.

Indeed, he seems to have taken the judgment hard: Guillaume Champeau points out that HADOPI's first victim has now said that he intends to cancel his Internet subscription completely (original story in French). It's hard to see how this kind of result is going to help the growth of digital music in France, and the whole episode is a neat encapsulation of all that is wrong with HADOPI's approach.

Moreover, this case must reinforce the view that HADOPI is a colossal waste of money. In two years of existence, HADOPI has sent out 1.15 million first warnings, 102,854 second notices, and 340 "third strikes". And yet all French government has to show for the 12 million euros it costs to run HADOPI each year is the conviction of one innocent man.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Permalink | Comments | Email This Story

Yet Another Court Says You're Not 'Negligent' If Someone Uses Your Open WiFi To Infringe

Mike Masnick — Thu, 13 Sep 2012 05:01:34 PDT

Some of the folks filing mass copyright infringement lawsuits have tried to claim that merely having an open WiFi connection on which someone else infringes on copyright-covered works is a form of negligence. Basically, they're suing based solely on limited information -- an IP address -- and when those pursued point out that they have an open WiFi, the lawyers insist that this, alone, is a form of negligence. However, the courts aren't buying it. In July, we wrote about a district court in New York rejecting this argument quickly, noting that the position was "untenable."

And now a California district court has ruled similarly, completely rejecting the negligence theory on three different points. First up, there is no negligence because negligence requires a relationship and a duty to protect, but no such relationship exists between the copyright holder, AF Holdings, and the defendant in the case:

AF Holdings has not articulated any basis for imposing on Hatfield a legal duty to prevent the infringement of AF Holdings’ copyrighted works, and the court is aware of none. Hatfield is not alleged to have any special relationship with AF Holdings that would give rise to a duty to protect AF Holdings’ copyrights, and is also not alleged to have engaged in any misfeasance by which he created a risk of peril.

The allegations in the complaint are general assertions that in failing to take action to “secure” access to his Internet connection, Hatfield failed to protect AF Holdings from harm. Thus, the complaint plainly alleges that Hatfield’s supposed liability is based on his failure to take particular actions, and not on the taking of any affirmative actions. This allegation of non-feasance cannot support a claim of negligence in the absence of facts showing the existence of a special relationship.

Even ignoring that, the court is skeptical. Noting that even if there was a negligence claim it would be unavailable in this case, because of copyright "pre-emption" (basically, federal copyright law wipes out any state statutes that seek to do the same work).

AF Holdings is seeking to protect its “exclusive rights” from “copying and sharing.” Simply recharacterizing the claim as one of “negligence” does not add a legally cognizable additional element.... Thus, because AF Holdings alleges that Hatfield’s action or inaction constituted interference with its “exclusive rights in the copyrighted work,” the negligence claim is preempted by § 301 of the Copyright Act.

And then the court goes even further, and says that even if the first two theories don't kill the negligence claim, there's also Section 230 of the CDA, which we've discussed for years. While the Section 230 safe harbors (protecting a service provider from liability concerning the actions of their users) technically does not apply to intellectual property issues, the negligence claim is not an IP law issue, and thus gets wiped out thanks to Section 230 immunity.

Basically, the idea that you're negligent if you leave your WiFi open and someone else uses it to infringe seems dead in the water.

Permalink | Comments | Email This Story

Judge Says Sniffing Unencrypted WiFi Networks Is Not Wiretapping

Mike Masnick — Mon, 10 Sep 2012 07:15:21 PDT

There's been a lot of discussion over the past few years concerning whether or not intercepting data on an open WiFi network is a form of "wiretapping." This has been a central issue in one of the legal challenges to Google's Street View cars collecting data from open WiFi networks. I've long argued that on such an open network, it shouldn't be wiretapping because it's wide open and available for anyone to see. Yes, that may be a security concern, but it's one that an individual user can deal with. It certainly shouldn't be illegal for someone to sniff that data. If you're broadcasting something free and clear and I then read it... how is that wiretapping? Unfortunately, last year a judge in a case related to Google's Street View capturing came to the opposite conclusion, but in a convoluted way where the court declared that WiFi is not a radio communication (even though it is).

However, in a totally unrelated case, a judge has now come to the exact opposite conclusion again, and noted that sniffing open WiFi is legal. The case is one that we've already talked about, though in a very different context. A patent troll called Innovatio IP has sued a bunch of businesses (hotels, coffee shops, restaurants) that offer WiFi to users, claiming that anyone using WiFi infringes, though it says "at this stage" it won't go after individual users, only businesses. In trying to win its patent lawsuit, it wanted to use evidence from packet sniffing on some open networks, and asked the court to say that this is legal. And the judge has now said it is. First, unlike in the Google case, the judge has no problem recognizing that WiFi is electronic communication using radio waves. Then it points out that open WiFi quite clearly fits under the stated exception to the wiretapping laws, which is that they do not apply to "a system that is configured so that such electronic communication is readily accessible to the general public." The judge then pushes back on the ruling in the Google case, noting that the judge there claimed that the data on an open WiFi network was only available via "sophisticated technology." This judge isn't buying it:

... upon examination, the proposition that Wi-Fi communications are accessible only with sophisticated technology breaks down. As mentioned above, Innovatio is intercepting Wi-Fi communications with a Riverbed AirPcap Nx packet capture adapter, which is available to the public for purchase for $698.00. See Riverbed Technology Product Catalog, http://www.cacetech.com/products/catalog/ (last visited Aug. 21, 2012). A more basic packet capture adapter is available for only $198.00. Id. The software necessary to analyze the data that the packet capture adapters collect is available for down load for free. See Wireshark Frequently Asked Questions, http://www.wireshark.org/faq.html#sec1 (last visited Aug. 21, 2012) ("Wireshark is a network protocol analyzer. . . . It is freely available as open source. . . ."). With a packet capture adapter and the software, along with a basic laptop computer, any member of the general public within range of an unencrypted Wi-Fi network can begin intercepting communications sent on that network. Many Wi-Fi networks provided by commercial establishments (such as coffee shops and restaurants) are unencrypted, and open to such interference from anyone with the right equipment. In light of the ease of "sniffing" Wi-Fi networks, the court concludes that the communications sent on an unencrypted Wi-Fi network are readily available to the general public.

While the court admits that many users probably don't know their unencrypted data is subject to sniffing, that does not play into the analysis. The law doesn't say whether or not the user's perception matters. It only matters if the communications are "readily available to the general public," which they are. Legal expert (especially on privacy issues) Orin Kerr disagrees with this ruling, claiming that the intent of whoever configures the network is what matters, but I'm not sure I buy that claim either. He compares it to early cordless phones that easily "leaked" data, noting that no one designed those systems to do that, and the same is likely true in most cases with open WiFi. But that's pretty different. The case of unencrypted data on an open wireless network isn't some sort of accidental leakage, it's the basic nature of any open network.

Either way, I get the feeling this is not the last we'll be hearing of these kinds of cases. Though, if you're really worried about your data on open WiFi networks, there's an easy way to deal with it: encrypt your data.

Permalink | Comments | Email This Story

If You Go To The Olympics, You Can Bring Your iPhone Or Android Phone... But You Better Not Tether

Mike Masnick — Wed, 25 Jul 2012 13:36:40 PDT

Among the latest bizarre limitations that the Olympics puts on people is a ban on any sort of private WiFi network via your mobile connection. That is, you're not allowed to tether your phone, turn it into a WiFi hotspot or use a device like a MiFi to create the same effect:

A first for any Olympic Games is the ban on personal or private wireless access points and 3G hubs, which are not allowed at London Olympics events and venues.

iPhones, iPads, and Android phones and tablets are permitted inside venues, but must not be used as wireless access points to connect multiple devices.

It's possible (or perhaps likely) that this is done to help local mobile operators from having their networks overburdened, but, really, you'd think that the mobile operators would be out in droves with those "cells on wheels" (COW) vehicles that provide significantly more cellular power at high traffic events. Still, I'm curious as to how anyone enforces such a ban. It's pretty easy to hide a MiFi. And turning your phone into a hotspot and slipping it back into a pocket would make it almost impossible to detect. The whole ban just seems pointless.

Permalink | Comments | Email This Story

Court Says Negligence Claim For Allowing Downloading On Your WiFi Is 'Untenable'

Mike Masnick — Wed, 11 Jul 2012 08:14:00 PDT

A few weeks back, we wrote about a lawsuit involving porn company Liberty Media, once again trying to make a negligence claim against the operator of a WiFi network, because someone else had downloaded infringing content on that network (and, in this case, apparently the owner of the network was aware of this). As we noted, the EFF was troubled by this line of reasoning and filed an amicus brief arguing that the negligence theory would set a dangerous precedent. The court has now ruled and rejected the negligence theory as "untenable."

The right that Liberty seeks to vindicate by its state law negligence claim – the imposition of liability on one who knowingly contributes to a direct infringement by another – already is protected by the Copyright Act under the doctrine of contributory infringement.

Liberty nevertheless argues that its negligence claim asserted here is not preempted because, as the Court understands the argument, the negligence claim rests on infringement by others whereas the Copyright Act provides a remedy only against a direct infringer. In light of the preceding discussion and the doctrine of contributory infringement – which Liberty’s memorandum ignores entirely – that position is untenable.

The court dismissed the entire complaint, but more on a technicality (the work named does not match the registered copyright). But it certainly appears from this ruling that the negligence claim (and others like it) are dead issues. Someone could, conceivably be sued for contributory infringement for how they run the network (if they actively participate), but negligence? Nope.

Permalink | Comments | Email This Story

Once More, With Feeling: Having Open WiFi Does Not Make You 'Negligent' Under The Law

Mike Masnick — Mon, 18 Jun 2012 09:15:00 PDT

Over a year ago, we wrote about an attempt by a porn company, Liberty Media, to sue a bunch of people it accused of infringing on its copyright. The case had many similarities to copyright trolling lawsuits, but there was one claim in particular that we found quite troubling: the idea that not securing your WiFi was a form of negligence. The lawyer representing Liberty, Marc Randazza, is someone I know and like, and who I normally find on the good side of lots of cases (and, in fact, I've sent people his way when they've been looking for good lawyers). When news came out that someone had "settled" with the company and the vast majority of the amount the person agreed to pay was for that "negligence," we found it quite problematic and told Randazza we were planning to write about it. In response, he sent a long email to both me and Torrentfreak -- which they published as a guest opinion -- defending why an open WiFi qualifies as negligence. I wrote back a response as to why I thought he was completely wrong on this one.

And, now, a court may be deciding the same thing. The EFF has filed an amicus brief in what I believe is a related case arguing that this theory of negligence is ridiculous (Update: Randazza informs me that he's not counsel on this particular case and says that the negligence claim here is quite different and, contrary to the EFF's claim has nothing to do with open WiFi. Instead, the negligence theory put forth focused more on the fact that the guy being sued was aware of infringement on his WiFi and still allowed the user to use it -- more on that below). Here's just a snippet from the lawsuit:

LMH’s theory of liability cannot withstand even passing scrutiny. No matter how artfully pled, LMH’s claim sounds in, and is preempted by, copyright law. And as decades of copyright jurisprudence and legislation make clear, that body of law does not recognize a cause of action based on mere negligence. Accordingly, no court has ever found, or could ever find, that anyone has violated copyright law simply because another user of his or her Internet connection did so.

And that is a good thing. Every day cafes, airports, libraries, laundromats, schools and individuals operate “open” Wi-Fi routers, sharing their connection with neighbors and passers-by at no charge. Sometimes people use those connections for bad acts. Most of the time they don’t, and the world gets a valuable public service of simple, ubiquitous Internet access.

Creating a duty under tort law to prevent others from infringing copyright would drastically inhibit this activity, to the detriment of the general public and clear federal copyright and telecommunications policies promoting convenient, universal access to the Internet. Thus, manufacturing a new copyright cause of action based on negligence – which, make no mistake, is precisely what LMH asks the Court to do – would “stand as an obstacle to the accomplishment and execution of the full purposes and objectives of Congress.”

It would be nice to have a clear statement from the court on this matter, clarifying that merely having open WiFi -- as thousands upon thousands of individuals and businesses do -- is not a sign of "negligence" that automatically makes you liable for any infringement done on those networks.

Update: As I put in the update above, there is some argument over whether or not the case is even about open WiFi, but I think that the EFF's point still stands and fits the facts of the case. Even if we're talking about a situation in which a WiFi network owner knew someone was infringing on their WiFi, it is still a huge stretch to argue negligence on their behalf for allowing the usage of the network to continue, and that negligence claim could carry over to the question of open WiFi. As the EFF notes in its filing, using negligence as a theory related to copyright creates an entirely new theory of copyright liability not seen in the statute and with a significantly lower bar than existing theories of secondary liability in copyright. Thus, expanding negligence to cover liability in a copyright claim could have a massive impact beyond just the individuals in this case.

Permalink | Comments | Email This Story

Details Of Google Wi-Spy Investigation Show Disorganization And Bad Controls, Rather Than Malicious Spying

Mike Masnick — Tue, 1 May 2012 11:04:00 PDT

It's been nearly two years since Google revealed that it had been collecting (but not using) some data from unencrypted WiFi networks as it drove around with Google's StreetView vehicles. While the data collection was associated with its efforts to use WiFi networks to help determine location info, it was stupid and looked bad. However, as we've explained repeatedly, the real issue there was simply people not protecting themselves by using encryption on WiFi. The simple fact here is that anyone on those networks could collect the same info easily. In recent weeks, the news came out that not only did the FCC clear Google of breaking the law with the activity, but so did the DOJ. Add that to the FTC investigation that found nothing wrong with the activity, and that's now three federal agencies that have said collecting such data didn't break any laws. The FCC did fine Google $25,000 for not being particularly cooperative -- which does reflect poorly on Google. But the simple fact of the matter is that what Google did in collecting this data isn't illegal. If you don't just kneejerk into "Google's evil" mode and want to understand why, Mike Elgan recently did a nice explainer.

That said, over the weekend, Google released the full FCC report redacting just names -- and even the name of the key engineer has since been revealed. The FCC had released a report that redacted a lot more info. The report reveals a lot more of the background here, and it's giving new ammo to critics, who are insisting that it shows a much more evil situation than had come out before. Specifically, it shows that Marius Milner -- working on Google's famed "20% time" -- came up with the code, and shared the details with some others, including one who debugged the code, and a supervisor. Milner, among other things, helped create NetStumbler, a tool that plenty of folks have used to monitor WiFi networks.

Some are trying to claim that this shows the effort was planned and not an "accident." Though, in actuality, the details still suggest nothing nefarious at all. It was still just this engineer coding it up, rather than some big plan. And yes, he shared the fact with a few others, but none of them seem to have paid much attention or done anything. In fact, while it was suggested to some that such data might be useful, that idea was dropped when people told the engineer that it wouldn't. There still doesn't appear to be a single shred of evidence that Google ever touched this data or did anything with it. Furthermore, the whole reason that three federal agencies all closed their investigation without charging Google with anything is because -- as many people pointed out from the beginning -- nothing illegal was done. Broadcasting your internet connection over an open WiFi network means that anyone can collect that data. That's not illegal. It may be silly for individuals to do that, but the responsibility is on them.

Also, pretty much every mainstream press report on this whole thing totally ignores that Google could not get access to any encrypted data -- meaning that most email, financial transactions, etc were always protected anyway. Instead, lots of reports talk about "emails and passwords," but that's only true if people used insecure sites in the first place -- and, again, they would be just as vulnerable to anyone who wanted to capture that content.

In the end, it's no surprise that Google haters will try to make more of this than is really there -- they have to grasp at whatever straws they can find. However, about the only thing this really seems to show is that Google had ridiculously poor process and controls concerning putting code into live projects. That allowed this code to get in there, without anyone really thinking through the consequences. Google has more or less admitted that these weak controls were a problem in the past and things are better these days. Of course, you can also understand why Google would have loose controls in the first place, seeking to encourage people to be creative (the reason for the 20% time concept in the first place). The problem, of course, is that if you have someone with nefarious intent -- or just tremendous naivete -- bad stuff can occur. In this case, it seems being naive was the key issue, rather than anything nefarious, and with three federal agencies all coming to the same conclusion that no laws were broken, it's pretty bizarre to see people still freaking out about this. It's fine not to trust Google. But that distrust shouldn't lead to simply making up crimes that don't exist.

Permalink | Comments | Email This Story

Australian Police To Go Wardriving, Telling People To Lock Up Their WiFi

Mike Masnick — Fri, 23 Mar 2012 14:32:00 PDT

Last fall, we wrote about some plans by the police in Austin, Texas to go wardriving to find open WiFi networks and pressure people into locking up those networks. After a bunch of people got upset about this, noting that open WiFi isn't a crime, the police backed down. However, it appears other police don't have any such qualms. As pointed out by Slashdot, police in Queensland, Australia are doing a similar wardriving campaign. The official announcement of the program greatly exaggerates the risk here:

Detective Superintendent Brian Hay said police have identified a large number of homes and businesses within the greater Brisbane area with wireless connections that are not secure or have limited protection. These people may as well put their bank account details, passwords and personal details on a billboard on the side of the highway.

Except that's really not necessarily true. Banks and most sites that require passwords have long known to make use of SSL encryption. It's not perfect, but it's not posting your password on a billboard on the side of the highway by a long shot.

“Unprotected or unsecured wireless networks are easy to infiltrate and hack. Criminals can then either take over the connection and commit fraud online or steal the personal details of the owner. This is definitely the next step in identity fraud.”

That could be true in some cases, but it's not absolutely true, and plenty of people can be perfectly safe using open WiFi with a few common sense precautions. It's sad that the police would exaggerate like this.

Permalink | Comments | Email This Story

Why You Should Regret LightSquared's Setbacks

Derek Kerton — Mon, 20 Feb 2012 20:01:00 PST

LightSquared is a new wireless carrier that has been trying to launch a wholesale 4G network across the USA. Funded by private equity firm Harbinger Capital, it sought to re-purpose satellite communication frequencies to build a nationwide cellular-satellite hybrid network, and then re-sell the network capacity to other brands. In January 2011, the FCC, eager to foster new competitors in the mobile space, gave LightSquared the green light to launch using their spectrum with one provision - that their network equipment NOT interfere with GPS signals and devices. Well, over a year has come and gone, and despite incredible effort and wrangling, the independent testing keeps indicating that LightSquared's terrestrial towers are not compatible with GPS device use. As such, the FCC has basically rescinded LightSquared's request to launch service on their 1.5GHz L-Band spectrum.

Note that, while LightSquared DID knock out GPS devices, it was not LightSquared that transmitted on the GPS frequencies, but rather the GPS devices that sloppily "listen" to the adjacent LightSquared frequencies. The GPS chipsets were generally cheaply made with inadequate filtering. That said, who is at fault is irrelevant: it remains LightSquared's problem to solve if they want to launch their network. A long history of spectrum policy states that new entrants must not mess up the existing radio devices.

What we've lost here is the chance to have a truly innovative wireless carrier which would have stimulated competition, energized the vendor community, and provided a white-label network for MVNOs. LightSquared had, in fact, signed up dozens of partners who would offer LTE wireless services as cellular companies, CE makers, and store brands like Best Buy, for example, who could sell connectivity in a bundle with laptops. Maisie Ramsay over at Wireless Week explains how a vast community of over 30 technology vendors have also lost a valuable path to market.

What strikes me, as someone who works with wireless carriers (LightSquared included), is that we may lose one of the scrappiest players out there. And markets thrive when a scrappy player stirs up the pot. Hutchison Whampoa stirred up the UK markets when it launched 3G in 2003, Free is currently doing the same in France. In the USA, we have regional players like Metro PCS, but nothing at the national level. My role at the Telecom Council of Silicon Valley is right where innovators meet with the telcos, and it was gratifying to see the tornado of new ideas, vendors, and possibilities that came about with a new network. Without legacy systems nor legacy thinking, lots of great ideas are free to emerge.

For now, with LightSquared's options dwindling, we may have to have to look elsewhere for new competition and open creativity. The WiFi space is fairly promising, as the spread of hotspots continues to soar, and new versions (802.11ac) promise greater range and throughput. Chipsets are cheap, and billions of WiFi devices have been produced. Republic Wireless exemplifies the possibilities of leveraging WiFi in mobile phones to the limit. Lots of people are hoping that the "white spaces" frequencies in between TV channels will be offered up to a WiFi variant, which will mean low-frequency spectrum that penetrates walls and buildings much better than today's WiFi. I like what the US carriers have done with the (globally) early launch of LTE, but there's no doubt that with increased competition we'd have a more dynamic market.

Permalink | Comments | Email This Story

What's The Most Expensive WiFi You've Seen?

Mike Masnick — Tue, 25 Oct 2011 19:33:00 PDT

I do a fair bit of traveling and, while I try to avoid it, there are times when I really have no choice but to pay up for WiFi (and why is it always the expensive hotels that charge more for it, while the cheap hotels offer free WiFi?). At times, the prices seem really crazy, but Parker sends over a screenshot of the cost of WiFi that he discovered at Toronto's International Centre, which seemed a bit extreme: $6.95 for just 30 minutes. Or $99 for a full day. You could get the two day package for a bargain at $159. I'm not sure I want to know what the difference between "Ultra-Lite Wireless" (the prices you see here) and "Extreme Wireless" might be, but it seems doubly ridiculous to think that $99 per day only gets you "ultra-lite" wireless. Anyway, I don't think I've seen prices like that before, but I'm curious if anyone has any stories that can top that?

Permalink | Comments | Email This Story

Everything Old Is New Again: 7 Years Ago Someone Else Tried To Sue WiFi Hotspot Operators Too

Mike Masnick — Tue, 4 Oct 2011 15:13:32 PDT

We recently wrote about a new patent troll called Innovatio, which was suing a bunch of coffee shops, restaurants, supermarkets and hotels, claiming that by offering WiFi hotspots, they were infringing on its patents. Glenn Fleishman reminded us of a very similar story from seven years ago, when Acacia (one of the biggest patent trolling operations out there), got some patents and went after various hotspot providers, similarly asking them to pay (relatively) small amounts ($1,000/year) to "license" the patents in question. The patents in question are different from the patents being used by Innovatio. However, if you think these two companies are the only ones to hold patents that cover some aspect of WiFi, think again. While, as far as I know, Acacia eventually gave up on this strategy, if Innovatio continues, just watch various patent holders come out of the woodwork. Operating a WiFi hotspot may mean getting hit up weekly to pay off the next round of patent trolls.

Permalink | Comments | Email This Story

Patent Troll Says Anyone Using WiFi Infringes; Won't Sue Individuals 'At This Stage'

Mike Masnick — Mon, 3 Oct 2011 11:28:18 PDT

Just as some in the copyright trolling business are lowering their settlement fees, but making it up in volume, it appears there's a similar effort under way on the patent trolling side of the world. The Patent Examiner blog has the incredible story of Innovatio IP, a patent troll that recently acquired a portfolio of patents that its lawyers (what, you think there are any employees?) appear to believe cover pretty much any WiFi implementation. They've been suing coffee shops, grocery stores, restaurants and hotels first -- including Caribou Coffee, Cosi, Panera Bread Co, certain Marriotts, Best Westerns, Comfort Inns and more.

There are various interesting things in the article worth commenting on. First is the smaller settlements/making it up in volume technique. While its initial lawsuits against coffee shops and restaurants did focus on the central corporations, with the hotels, Innovatio appears to be focusing on individual franchisees. Yes, the small businesses who own individual hotels and probably have no idea how to deal with a patent infringement lawsuit -- all because they dared to offer WiFi somewhere in their hotels. To make it "easy" of course, Innovatio's lawyers will let them settle for between $2,300 and $5,000. In almost every case, that's going to be cheaper than hiring a lawyer to just get started dealing with this -- which I'm sure is exactly what Innovatio intends.

The company is represented by the infamous law firm of Niro, Haller & Niro, which is the firm that originally inspired the term "patent troll." The lawyer representing the company, Matthew McAndrews, seems to imply that the company believes the patents cover everyone who has a home WiFi setup, but they don't plan to go after such folks right now, for "strategic" reasons:

"Innovatio has made a strategic and business judgment at this stage that it doesn’t intend to pursue [lawsuits on the basis of] residential use of WiFi," McAndrews said during a phone conversation last week.

And while that certainly could change, you may be relieved (or probably not) to learn that McAndrews does not "perceive" such a "strategic" decision will change. However, later in the article, he seems to indicate otherwise:

Ultimately, he said, Innovatio’s "plan is to license this portfolio to the fullest extent possible. That would include anyone who's wireless networking."

And then there's this:

"We want you to continue to use this technology, we just want our client to get his due share,” McAndrews said. “This is not a seat-of-the-pants, fly-by-night shakedown."

I guess he means this is a well-planned, well-financed shakedown that's going to stick around for a while. Lovely.

At least there is some firepower arguing against Innovatio. After its first round of lawsuits, Motorola and Cisco went to court, asking for a declaratory judgment that its WiFi products do not infringe... and that Innovatio's patents are invalid. Hopefully that comes to pass or WiFi may get a hell of a lot more expensive.

Permalink | Comments | Email This Story

Austin Police Planned... Then Postponed Wardriving Plans In An Attempt To Shutdown Open WiFi

Mike Masnick — Mon, 26 Sep 2011 02:26:30 PDT

Jonathan Rumion alerted us to a plan by the Austin, Texas police department to conduct a massive war drive around the city, looking for open WiFi networks, with the plan to try to find the owners, and tell them to lock up their WiFi networks. We've heard of similar campaigns in the past. Rumion was reasonably concerned about this effort -- and whether it was because of him asking questions, or other reasons, it looks like the Austin police have postponed this effort for the time being.

Either way, it raises lots of questions. Having an open WiFi network is not against the law, so should the police really be going around telling people to lock up their WiFi? It's also not at all clear how they're figuring out who actually owns the open WiFi networks. Rumion was also concerned about what the police might do with the data they collect, though I don't think that should be an issue -- that data is public. Still, it does seem like a questionable effort against something that remains perfectly legal.

Permalink | Comments | Email This Story

No, Having Open WiFi Does Not Make You 'Negligent' And Liable For $10,000

Mike Masnick — Fri, 19 Aug 2011 11:48:20 PDT

That Anonymous Coward was the first of a few of you to send over the news that one of the "John Does" sued by Corbin Fisher/Liberty Media has settled. Corbin Fisher is a porn company that has followed the footsteps of others down the mass infringement lawsuits path that many of us note feels a lot more like a shakedown process than a reasonable use of copyright law. Even more troubling, in our view, is that one of the theories presented by the company is that anyone who has an open WiFi network, and uses that as an explanation for what happened, is guilty of negligence. Given the vast number of good reasons to leave a WiFi network open, we found this quite troubling.

And so we're extremely worried about this particular settlement, which you can see embedded below. The full payout by the Doe is $10,401, but the breakdown is as follows:

$200 for innocent infringement
$200 for contributory infringement
$1 to pay off the conspiracy charge... while not admitting to any conspiracy (another theory presented is that in using BitTorrent, you enter into a "conspiracy" -- a claim we won't debate this time around, but may revisit another time)
$10,000 for the negligence of having an open router

While we have issues with a lot of this, it's that last part that is super troubling. While this is not a legal ruling, just the fact that it's in a settlement will allow Corbin Fisher and others to wave the document around, warning others that if they want to claim that their WiFi was open -- a potentially legitimate defense -- they now risk a massive fine for so-called "negligence." This is insulting, dangerous and ridiculous. There are all sorts of legitimate reasons to leave your WiFi network open and almost none of them amount to "negligence," by any stretch of the imagination.

As I've mentioned in the past, I'm also surprised by the fact that the lawyer representing Corbin Fisher/Liberty Media in this case is Marc Randazza, who has done some fantastic work in the past and present to defend free speech rights -- including taking on a variety of defendants against copyright troll Righthaven, despite its efforts bearing some striking similarities to what Corbin Fisher is doing here. In fact, Randazza has been at the forefront of many of the recent victories against Righthaven, and the various attempts to force Righthaven to pay up for its abuse of the court system to shake people down.

I like and respect Randazza and have sent a few interesting cases his way when people I know have needed legal help concerning attacks on their free speech rights. He's also helped us at times when we've been threatened with bogus lawsuits. But I still have trouble understanding his position on these Corbin Fisher cases, which strike me as being the same, or in some cases, worse than some of these other efforts. Given that, I emailed Marc, telling him I was going to write a post about this settlement and the fact that I think it's a horrible and dangerous result, that will be used to harass people who have open WiFi networks for perfectly legitimate reasons, and asking if he had any comment. He wrote back a lengthy response, which he also sent to TorrentFreak, who posted it as an article.

This is one time where I think Randazza is 100% wrong, and is actually doing significant harm to causes he claims to support. Thankfully, the folks at the EFF (who list Randazza as a lawyer to talk to if you're hit up for money by copyright trolls) have stepped up to debunk the legal basis of Randazza's argument, which is effectively based on a famous case on negligence involving tugboat radios. The EFF points out that such negligence claims for a service provider are clearly barred by Section 230:

Perhaps hoping to avoid this limitation, the essay suggests that operators can be held liable under a general tort theory of negligence (meaning, it's not a copyright claim, just a general injury claim). But that approach immediately crashes against another legal wall. Section 230 of the Communications Decency Act offers broad immunity from tort claims (including negligence) to providers of “interactive computer services” for claims arising from the activities of their users. The statute’s broad definition of interactive computer service includes “specifically a service or system that provides access to the Internet.” (emphasis added).

What I find even more troubling about Randazza's argument and especially this settlement is how it will be used (whether by Randazza or others) to falsely imply that having an open WiFi network -- which is perfectly legal -- is not a defense when sued. In fact, the really nefarious part of this is that not only does it imply you can't use that defense, it implies additional liability for mentioning this very legal use of WiFi as a part of your defense. Anything that effectively takes away a legal defense against a questionable legal claim, and implies that you may actually be hurting yourself just for bringing it up, is immensely troubling.

Randazza claims that negligence claims are really a way of saying "you should have seen this coming." But that's ridiculous. It implies that anyone leaving open WiFi must assume that people will use that open WiFi for illegal activity. That's a huge leap. There are security reasons as to why you might want to secure your own WiFi... but there are also alternative ways to secure your home surfing and home network, while still leaving an open WiFi network. Randazza's statements suggest that's not possible and that anyone opening up their home WiFi should know that it's likely to be used for illegal activity.

Like the EFF, I'm also troubled by the way that Randazza seems to ignore the basic concepts of properly applying liability. We have safe harbors in the DMCA and the CDA for a very specific reason: to have people properly apply liability to the actual actors, and not the third party service providers and intermediaries. We have a long tradition in US law, even outside of those explicit safe harbors, that liability should be applied to the actual actors, rather than 3rd party service providers. Randazza talks about how leaving your WiFi open leaves you open to having your house raided by police if someone uses your router to transmit child porn. But just because the police might raid your house improperly, that does not suddenly make it negligent to have an open router. Instead, it should raise questions about the investigation and the decision to raid the house.

In fact, we keep seeing that even when someone uses open WiFi to commit a crime, while law enforcement may investigate, they're still looking for the person who actually did the crime. The fact that Randazza ignores this and basically says that because you might get raided, it's negligence, is really troubling.

Furthermore, Randazza stretches liability to ridiculous levels with some guilt by association:

The kind of person who would steal your car is probably the kind of person who would commit other crimes (or just do something stupid). So if you leave your keys in your car, and someone takes it and drives it into someone’s fence, you’re at least partially responsible for the damage. If the car thief runs off, who should pay for the damage? The fence owner or you? It would seem that between those two parties, you would be more responsible than the fence owner. You wouldn’t say that the fence owner should have built a better fence, would you?

That’s what negligence is: It is the law saying “You really should have seen that coming.” When you do something careless, and that carelessness costs someone else money, you pay the ”carelessness tax” – Negligence.

And the kind of person who would steal wifi is more likely to steal something else, isn’t he? So if you invite wifi theft by leaving your home network open, you’re more likely than not also inviting more.

But that's incredibly misleading (beyond the false use of "stealing"). First of all, those who have open WiFi should not have "seen it coming," because there are lots of perfectly legitimate reasons to offer and use open WiFi. Nothing about doing so should make you liable for what people do on the network, and that's exactly what the law says. Leaving your network open is not "inviting theft." That's simply misleading.

Finally, there are tremendous benefits to the public for there to be more open WiFi available. Getting settlements like this and implying that having open WiFi is negligence and potentially costly, serves to hurt such connectivity and holds back perfectly legal and reasonable options for many people to connect to the internet. While Randazza believes there are ethical issues here, I tend to side with two different NYTimes ethicists, who both came down in favor of open WiFi being perfectly ethical. In many ways, it's beyond ethical, in that it's altruistic, providing the community around you with something useful. Efforts to suggest potential legal liability for such actions strikes me as really nasty and an affront to the belief that helping others connect to the internet is a good thing.

At the end of his response, Randazza notes that he respects the perspective of people who "don't like the negligence claim," and suggests that it's the law we're disagreeing with, rather than his application of it. But I disagree entirely. As the EFF noted, there is no case law that says an open WiFi is negligence, and Randazza's position here seems like a pretty big stretch of the law, especially in light of Section 230 safe harbors. Randazza told me over email that he completely understands and appreciates that folks like myself disagree with him on this, but I think he should revisit his overall approach here. He also mentions that he makes clear to his clients that he will not represent them if he believes it will harm the First Amendment, something (as mentioned earlier) he's famous for helping to protect. But I'd argue he fails on First Amendment grounds in bringing (and defending) these negligence claims.

Trying to get around the proper application of liability and blaming third parties for actions they did not commit, while pushing to shut down a channel of communication, seems very much an attack on basic First Amendment principles. It's an attempt to use legal pressure to stop a form of speech. Yes, some of that speech may be infringement, but the vast majority of speech via open WiFi is not infringement or child porn as Randazza suggests. So, as a staunch First Amendment defender, I hope that he will reconsider his position in bringing such a negligence claim -- and, I hope that he will reject the further use of this highly questionable settlement.

Permalink | Comments | Email This Story

Once Again, Basic Detective Work Tracks Down Criminal Activity Done On Open WiFi

Mike Masnick — Thu, 18 Aug 2011 19:00:00 PDT

One of the things we hear over and over again about the evils of "open WiFi" is that it allows criminals do horrible things on a network with no way to track them down. We've always pointed out how ridiculous this is. Just because someone does something on a network, it doesn't mean they don't necessarily leave other clues that can be uncovered through basic detective work. And, time and time and time and time and time again, we see stories of basic detective work being used to catch criminals on open WiFi networks.

Here's yet another example. In a case involving a disgruntled former IT worker logging into his former employer's computer systems and pretty much deleting everything important (including "the company’s e-mail and BlackBerry servers, as well as its order-tracking system and financial-management software"). These sorts of things happen every so often, and the responsible party almost always gets caught.

In this case, Jason Cornish used an open WiFi network at a McDonalds to do his dirty work. But there was enough evidence to link the crime to Cornish (beyond basic motives). For example, investigators discovered that he had made a purchase of some food at that McDonalds about five minutes before the deletion began. Honestly, it looks like he wasn't particularly careful in a variety of things that he did -- but that's kind of the point. The fear about how open WiFi will be regularly abused and there will be "no way" to track down those responsible is a huge exaggeration. Perhaps there are some users who are careful enough not to leave a trail, but those sorts of people will figure out a way to do what they want with or without open WiFi. The fear of untraceable hackers on open WiFi is way overblown.

Permalink | Comments | Email This Story

China Monitors WiFi, US Takes Notes?

Chris Rhodes — Wed, 27 Jul 2011 14:08:04 PDT

In a move that perhaps surprises no one, China is now requiring all providers of free WiFi to install expensive monitoring software that tracks their users, or face heavy fines. According to the officials in the Dongcheng Public Security Bureau, the rules are in place to catch people who "conduct blackmail, traffic goods, gamble, propagate damaging information and spread computer viruses." And I'm sure if they just happen to catch a political dissident here and there, well, that would just be a fortuitous turn of events.

I think even the least cynical among us can see what the real aim is here. What concerns me, however, is how the US will respond.

If history is any indication, US officials will denounce this as a restriction on free speech, while at the same time making sure to vigorously support such restrictions at home. They'll probably decry the new Chinese efforts as privacy invasive while doing their best to make ISPs retain data on customers for law enforcement use. No doubt they will have strong words to say about internet censorship around the globe while they craft bills to take down websites with little or no due process. In fact, the very notion of open WiFi itself has been under siege for quite some time. Operating an open connection can already get your internet disconnected, or have your house raided by a swat team. With all that hypocrisy in mind, the next step for the US with regard to open WiFi seems pretty clear.

Lest you think I am engaging in hyperbole, perhaps an exercise is in order. All we need to do is to adjust the stated goals of the Chinese to match current US culture and politics:

1. "Blackmail" is not a hot button issue here, so they might want to claim the needed data retention policies are to stop child porn instead. That always sells well.
2. "Traffic Goods" sounds an awful lot like trading in counterfeit goods. And of course we know that selling fake medicine is just like copyright infringement.
3. "Gambling" is easy enough. We already seize poker sites. We even set up our own fake payment sites so we can steal money from gamblers too!
4. "Propagate damaging information?" What could be more damaging than wikileaks, which we're trying desperately to charge with something (anything!).
5. "Spread computer viruses" fits nicely into the current cybercrime fear-mongering.

Can anyone honestly say that they can't see a US politician standing up tomorrow to announce that we need to start monitoring our own open WiFi connections to stop "child pornography, copyright infringement, online gambling, disclosure of national secrets, and cybercrime?" That's practically the holy grail of political grandstanding, and what politician is going to speak out against that?

Permalink | Comments | Email This Story

Copyright Troll John Steele Insists That 70-Year Old Is Responsible For Porn Downloads... Even If Someone Else Used WiFi

Mike Masnick — Tue, 19 Jul 2011 16:06:06 PDT

A bunch of folks have been sending in the story of a 70-year-old grandmother sued for downloading porn by bumbling copyright troll lawyer John Steele, whose claim to fame seems to be his ability to lose cases, as judges keep slamming his attempts to sue lots of people in what's clearly a shakedown situation.

And while it's entirely possible that a 70-year-old would download porn (who says they don't like porn?), in this case, the woman seems suitably confused about what's going on that it seems unlikely. At best, it sounds like she has an open WiFi, which someone else may have used. But, Steele is falsely claiming this doesn't matter:

The letter from Steele suggests that someone else using an unsecured wireless network isn't a viable legal defense for the account holder, noting that downloaders of child pornography have employed this excuse to no avail....

[....]

In an interview, he said anyone who fails to secure their Wi-Fi is as responsible for the subsequent crimes or tragedies as a parent who leaves a loaded gun within reach of a 3-year old.

This is simply untrue. In fact, generally speaking, US law and courts recognize that "service providers" don't have liability for third party usage of their networks. There are some conditions and exceptions, but to make a blanket claim like Steele did is simply false. Given his track record with these lawsuits and the attempts to pressure people into settling, it's no surprise that he'd mislead like that, but hopefully it just leads up to yet another court smacking him down.

Permalink | Comments | Email This Story

Judge Agrees That Perhaps It Would Be Best For Someone Else To Review His Claim That WiFi Isn't A Radio Communication

Mike Masnick — Tue, 19 Jul 2011 04:09:07 PDT

We were pretty surprised a few weeks back when a judge claimed that Google could be subject to wiretapping charges for collecting snippets of data during the Street View data collection might be illegal wiretapping, because he didn't consider open WiFi to be radio communications. Under the law, open and unencrypted radio communications are not subject to wiretapping rules, because, well, they're open. Claiming that open WiFi isn't a radio communication made most techies' jaws drop... and Google quickly suggested that the judge let them get a second opinion on that point, before going through with a full trial.

Thankfully, the judge has agreed, recognizing that perhaps he didn't answer that initial question correctly.

Thus, in light of the novelty of the issues presented, the court finds that its June 29 order involves a controlling question of law as to which there is a credible basis for a difference of opinion, and also finds that certification of the June 29 order for appeal would materially advance the litigation

In other words... let's make sure I got that part right before we do anything else. That's good. I'm happy to see that Judge James Ware at least recognizes that people may disagree with his contention that WiFi is not a radio communication and will allow that point to be explored further.

Permalink | Comments | Email This Story

Microsoft Opens Its WiFi Data Collection Source Code; Why Doesn't Google Do The Same?

Mike Masnick — Mon, 11 Jul 2011 19:03:00 PDT

Google's been facing a lot of difficulty lately due to its ridiculously dumb implementation of its WiFi access point data collection software. Lots of companies use such software to try to create a location map that can be used in the absence of GPS. Both Microsoft and Apple have similar projects, and yet it's really only Google that's gotten in trouble for theirs, mainly for the way it collected data. Now comes the news that Microsoft is releasing the source code of their WiFi data collection software, which only serves to raise more questions about why Apple and Google haven't done the same.

Permalink | Comments | Email This Story