[AusNOG] Wifi Security and Interception

[Anand Kumria]

Hi Bevan,

I've sat idly by and watched you dig yourself into a few holes, but
this is getting a bit tiresome.

On Wed, Jun 9, 2010 at 12:44 AM, Bevan Slattery
<Bevan.Slattery at staff.pipenetworks.com> wrote:
> Chris,
>
>> Due to these "new" technologies that are only really finding
>> their feet in law now, there's a lot about the way that the
>> old communications networks were treated that just plain
>> needs to be thrown out the window.
>> For example, the one I'm hearing most commonly in discussion
>> off-list about this issue is the old parallel that listening
>> to unencrypted wifi is the same for it being okay to just
>> walk into someone's home if the front door was unlocked.
>>
>> IMO that's not a correct analogy, because you still have to
>> -go into- someone's house.
>
> I agree that the analogy is not correct, but I disagree that the law is fundamentally incorrect, or that interception of unprotected Wifi payload shouldn't be illegal.
>
> People develop laws based upon some pretty basic principles.  The simple principle regarding interception is >that you unless you are the intended recipient of the communication and unless you receive the >communication in error then you should not inject yourself in the communication path and 'intentionally listen >in and record'.

Sitting by and recording radio transmissions is not injecting yourself
into the communication path.

The correct analogy to use for WiFi is publicaly broadcast PayTV. Some
senders encrypt the signal, and require the recipients to have
a-priori arrangement to listen in. Other do not.

You keep trying to say that senders who do not encrypt the signal have
some expectation of privacy.

They do not.

>
> Now, the issue being discussed here is that an unprotected Wifi network is ripe for the 'hacking'.  Much like a >house with the front door open and a "I'm on holidays sign" out the front.  However, to gain access to that
>network, access the payload information and download the said payload requires a DELIBERATE ACT to >intercept and record that information.  Much like a person who enters the home and takes property is still

Wrong.

You are using a bad analogy and falling into a trap.

No deliberate act is taking place.

This is like a radio station sending a transmission. Or a TV station
performing backhaul of a TV programme across a satellite link. Or a
government sending a man to the moon, and then complaining because you
had the temerity to tune in and listen to the broadcast.

If a radio station, which broadcasts to everyone, has a transmission
they do not want to me to listen into they have a number of options
from: not transmitting, encrypting the transmission, or transmitting
anyway and hoping I do not hear.

[snip - incorrect and wrong analogy ]

>
> It's tech-elitist or naïve

In your opinion.

Yet every bank believes you ought to be able to secure your system and
keep it virus free and up to date.

I believe banks have done better customer analysis than you have.

> I'm sorry.  But society operates on a basis that generally people operate within the law and that is a >baseline/minimum level of protecion.

You are aware of how laws are formed, aren't you?

They are not just dreamt up in some politicans office. They are, apart
from some notable examples (mainly involving technology, alas),
codifications of existing societal practice.

[snip - another bad and wrong analogy ]

> So here's where I'll leave it.

Please. Your bad analogies are like leaky screwdrivers.

They continue to distort, contort and corrupt your argument.

Anand