Gary Driggs wrote: > Crispin Cowan wrote: > >> I would argue that if the AUP prohibits anonymous sharing, then the >> person doing the stealing is the ISP customer who deployed a >> non-encrypted WLAN, contrary to the AUP, and not the casual >> passer-by, who has no way of knowing what AUP is in effect. > > Just because you are ignorant of the law does not indemnify you in > court. Therefore, just because you are not aware of the AUP(s) in > effect, does not indemnify the customer owning the AP or Jane > Netstumbler that's using the AP from across the street. Ignorance of the law is different from ignorance of the facts. Trespass is not trespass unless "no trespassing" signs are clearly posted, because one can be fully aware of the laws of trespassing, but have no chance of detecting passage from state land to private property while wandering through the woods, unless signs are posted. So if you consider your WAP to be private property, keep out, IMHO it is incumbent upon you to do something to make that explicit. If your ISPs AUP says "no sharing", then they just imposed that responsibility on you (the WAP owner). > End users can potentially be operating under several AUPs at any given > time. For example, if I start an ISP and buy circuits from several > Network Service Providers, e.g. ELI, UUnet (MCI), and AboveNet, then > my customers will be responsible for adhering to my AUP plus anything > I may have forgotten to write in to my policy that's covered in my > upstream providers' AUPs. No they won't. They have no way of knowing what AUPs upstream providers have. Your little ISP is responsible for conforming to your upstream providers. Your best way to do that is to copy the pertinent passages from your upstream provider's AUPs into the ones you give your customers, but you don't get to just pass the buck like that. > (iii) access any other person's computer or computer system, software, > or data without their knowledge and consent; breach the security of > another user; or attempt to circumvent the user authentication or > security of any host, network, or account. This includes, but is not > limited to, accessing data not intended for you, logging into or > making use of a server or account you are not expressly authorized to > access, or probing the security of other hosts, networks, or accounts; No hacking other people's computers via Comcast. Standard, but irrelevant in this case. > (ix) resell the Service or otherwise make available to anyone outside > the Premises the ability to use the Service (i.e. wi-fi, or other > methods of networking), in whole or in part, directly or indirectly, > or on a bundled or unbundled basis. The Service is for personal and > non-commercial use only and you agree not to use the Service for > operation as an Internet service provider or for any business > enterprise or purpose, or as an end-point on a non-Comcast local area > network or wide area network; So Comcast prohibits wifi sharing. That still does not address the point of who is responsible for what. I argue that since the Comcast customer is the one who knowingly signed this agreement, the Comcast customer is the one in violation if they leave the WAP open. > (x) connect multiple computers behind the cable modem to set up a LAN > (Local Area Network) that in any manner would result in a violation of > the terms of this Policy or an applicable Service plan; But here Comcast *explicitly* says it is the customer's fault. > *Security* > You are responsible for any misuse of the Service, even if the misuse > was committed by a friend, family member, or guest with access to your > Service account. Therefore, you must take steps to ensure that others > do not use your account to gain unauthorized access to the Service by, > for example, strictly maintaining the confidentiality of your Service > login and password." Again, Comcast makes it clear: if the customer hooks up a commercial WAP and leaves the default wide-open settings in place and a war driver happens by, Comcast has explicitly made it the customer's fault, not the war driver's. > Most clueful ISPs will have a clause or several clauses like the above > that could be extended to the insecure wireless AP scenario we're > discussing. I think the only grey area might be in the event that an > ISP (or their upstream NSP) does not have a specific policy in regards > to unauthorized access or sharing -- which is highly unlikely. In that > case, however, you're likely to find an upstream policy that's binding > under an unauthorized access clause or something broader in scope. Other ISPs such as Easystreet and Spiretech have explicit language in their AUP that says (approximately) "sharing ok as long as you don't charge for it." Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
This archive was generated by hypermail 2.1.3 : Tue Sep 28 2004 - 06:28:14 PDT