Crispin Cowan wrote: > I would argue that if the AUP prohibits anonymous sharing, then the > person doing the stealing is the ISP customer who deployed a > non-encrypted WLAN, contrary to the AUP, and not the casual passer-by, > who has no way of knowing what AUP is in effect. Just because you are ignorant of the law does not indemnify you in court. Therefore, just because you are not aware of the AUP(s) in effect, does not indemnify the customer owning the AP or Jane Netstumbler that's using the AP from across the street. End users can potentially be operating under several AUPs at any given time. For example, if I start an ISP and buy circuits from several Network Service Providers, e.g. ELI, UUnet (MCI), and AboveNet, then my customers will be responsible for adhering to my AUP plus anything I may have forgotten to write in to my policy that's covered in my upstream providers' AUPs. Most NSPs will not have clauses regarding sharing of service since they are in the business of selling to ISPs and orgs most likely to be purchasing bandwidth suitable for sharing in some manner. Here are snippets from Comcast's AUP (http://www.comcast.net/terms/use.jsp) which is more germaine since Comcast is primarily a provider to individual and SOHO clients. I know that they also offer some business and home networking services -- including leasing wireless APs -- so I'd be curious to find any variant AUPs on their site... "*Prohibited Uses and Activities* Prohibited uses include, but are not limited to, using the Service, Customer Equipment, or the Comcast Equipment to: (iii) access any other person's computer or computer system, software, or data without their knowledge and consent; breach the security of another user; or attempt to circumvent the user authentication or security of any host, network, or account. This includes, but is not limited to, accessing data not intended for you, logging into or making use of a server or account you are not expressly authorized to access, or probing the security of other hosts, networks, or accounts; (ix) resell the Service or otherwise make available to anyone outside the Premises the ability to use the Service (i.e. wi-fi, or other methods of networking), in whole or in part, directly or indirectly, or on a bundled or unbundled basis. The Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider or for any business enterprise or purpose, or as an end-point on a non-Comcast local area network or wide area network; (x) connect multiple computers behind the cable modem to set up a LAN (Local Area Network) that in any manner would result in a violation of the terms of this Policy or an applicable Service plan; (xiv) run programs, equipment, or servers from the Premises that provide network content or any other services to anyone outside of your Premises LAN (Local Area Network), also commonly referred to as public services or servers. Examples of prohibited services and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers; (xx) connect the Comcast Equipment to any computer outside of your Premises; (xxiii) violate the rules, regulations, or policies applicable to any network, server, computer database, or Web site that you access. *Security* You are responsible for any misuse of the Service, even if the misuse was committed by a friend, family member, or guest with access to your Service account. Therefore, you must take steps to ensure that others do not use your account to gain unauthorized access to the Service by, for example, strictly maintaining the confidentiality of your Service login and password." Most clueful ISPs will have a clause or several clauses like the above that could be extended to the insecure wireless AP scenario we're discussing. I think the only grey area might be in the event that an ISP (or their upstream NSP) does not have a specific policy in regards to unauthorized access or sharing -- which is highly unlikely. In that case, however, you're likely to find an upstream policy that's binding under an unauthorized access clause or something broader in scope. -Gary
This archive was generated by hypermail 2.1.3 : Tue Sep 28 2004 - 04:42:33 PDT