[OpenWireless Tech] Sooth the nervous? Or enable the brave?

Porcelain Mouse porcelain_mouse at q.com
Fri Nov 9 10:07:30 PST 2012 

All,


[Long post, so I moved the conclusion up to the top.  Read on below if you 
want the lead-in.]
 	Thanks!  I've actually enjoyed following this thread and thinking 
about this again.  I'm just asking the community what can we do to 
mitigate this risk (of Law Enforcement mistakes) or transfer it to someone 
else (who can deal with it, obviously)?  If I'm keeping score correctly, 
we have:

Mitigate:
   VPN

Transfer:
   Work with ISPs on ToS, build relationships
   EFF...does something, but what?

> PS: If a subset of this group wants to try to solve the Nervous Nellie
> problem (by technical and/or legal and/or public relations work), I
> hope they will continue working on that (elsewhere).  That effort
> wouldn't derail this effort, and if ultimately successful, could
> contribute a lot.

This is a great idea too.  Perhaps this mail-list doesn't want to work on 
this aspect of open wireless, which is fine.  Is that the consensus?  I'm 
interested in working on it, so if there is a splinter group, please 
announce.

--
PMouse

[epilogue begins here]

On Wednesday, 7 November 2012, John Gilmore wrote:
>>                ... the real probability of something happening like 
>> that is remote, but the problem is that you don't have to convince me. 
>> You have to convince all the other people out there. And just blowing 
>> them off or ignoring them isn't actually solving that problem.
>
> I think we should focus first on solving the technical and user 
> interface issues faced by people who do want to share their Internet 
> access with the public, and who aren't scared to do so.

I don't think anyone is arguing the likelihood for Law Enforcement 
mistakes is large.  And, speaking to the group and not to John, directly, 
I wouldn't describe these people as scared.  They know and understand the 
cost of LE errors, so they are applying the IT SEC standard for risk 
analysis.  I think we're just arguing about the cost.

I'm glad someone invoked Schneier's name, because it was actually his post 
many years ago that convinced me to run an open wireless network.  But, 
now that I know what actually happens, at least in Seattle, when LE makes 
a mistake, I have to reevaluate.

Full disclosure, I think describing these incidents as LE mistakes is the 
most accurate; I certain LE really can do better at avoiding them.  But, 
this is little comfort to the wrongly suspected; the damage is done. 
Plus, it's almost hard to stay mad at the police when they are trying to 
catch a heinous criminal, right?!

Besides, in case I was being too circumspect before, no one of typical 
means is going to lawyer-up unless they are charged with the crime. 
Imagine, your whole week is ruined, to put it very lightly, and when it's 
finally over, you just wish it had never happened.  Yes, that's fear, but 
for good reason: some accusations are harmful even after they are proven 
wrong.

Sure, lets be bold and fearless!  That's what I thought too when I first 
considered this possibility way back when.  But, don't count on LE to see 
it your way.  In Seattle, at least here is their attitude: 1) You're a 
hippie and/or a fool who lets people steal from them; 2) You are using the 
open wireless *as a cover* in case LE investigates you because it is 
actually a plausible defense for some cases.  Yes, an on duty SPD officer 
told me both of these in person (although I'm paraphrasing, of course).

The EFF could really help here, I agree.  And that would also be a great 
answer to my concerns.  Perhaps the EFF could just explain how they would 
react in such situations.  Something more than, "call us, we'll see what 
we can do."  For example, has the EFF dealt with this before?  What 
happened?  Is the EFF prepared to make a stand on this issue in court now 
that it's encouraging this effort?

At the very least, network operators take responsibility for what happens 
on their networks and I assume everyone here is a good network admin. 
Your options are mitigate, transfer, or *truly* accept the risk.  Are your 
going to accept responsibility for this crime if it happens?  *That's* 
accepting the risk, not just accepting that I will happen to someone else.

> (This project can also negotiate with ISPs on terms, once we have
> something that their users would like to deploy...)

Obviously, terms of service are an important aspect of this effort. 
Working with ISPs to shape ToS so many more people can open their 
endpoints would be major progress.  And, this ought to help to avoid LE 
errors, too, so I think that is excellent.

More information about the Tech mailing list