Home page logo
/

basics logo Security Basics mailing list archives

RE: Home wireless free hotspot
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 19 Apr 2010 14:04:35 -0700

  MY objection is to anyone who equates "qualifies as an ISP in the eyes of
the law" with "Scott Free".

  About a year ago, the FCC officially noticed the existence of VOIP, and
responded by ruling that anyone offering "public Internet access" must
comply with CALEA (Communications Assistance to Law Enforcement Act), which
mandates that phone companies have facilities in place allowing them to
efficiently cooperate with wiretap orders.  In the IP space, nobody seems to
be sure what that requires or costs,
  The popular alternative amongst those who DON'T consider themselves ISPs
has been to configure their network services to support a defense of "Our
service isn't public, it's PRIVATE"; the FCC made an exception for libraries
but NOT for educational institutions or, so far as I can see, Joe Consumer's
unprotected wireless router.
  It's possible that some court could rule that some Terms of Service
provisions qualify a network as private, but probably only when measures are
taken to enforce those provisions.  Are you still sure you want to be an
ISP?

David Gillett, CISSP, CCNP


-----Original Message-----
From: Boyd, Chad [mailto:CBoyd () madden com]
Sent: Friday, April 16, 2010 14:12
To: wheeler90 () comcast net; JayZee
Cc: martinez85 () att blackberry net; jlightfoot () gmail com;
listbounce () securityfocus com; security-basics () securityfocus com
Subject: RE: Home wireless free hotspot

I don't know about the rest of you, but this back and forth has made me
laugh several times today. On one hand, you have Jay presenting some very
compelling arguments, while on the other you have Reginald who believes that
just because he has a wireless router and a "Terms of Use" scrawled on the
back of a napkin, that he somehow qualifies as an ISP in the eyes of the
law.

In a situation like this, you can't think about this from your perspective.
You have to think about it from the perspective of the ISP and the police.

When the police are informed of illegal activity, they subpoena the ISP for
records so that they can track down the offender. If someone is on YOUR
network doing something illegal, then in the eyes of the police, YOU are the
offender. YOU will be the one that has to go sit in a cell while they hash
it out.

Sure, after sitting a cell for a few hours they may let you out. That is, if
you can prove through some type of logging or similar evidence that the
illegal activity did not happen from your home, but from someone else
connected to your network. This is probably after they have confiscated all
of the computers in your house though.

Herein lies the real pain though: You have a few certs next to your sig, so
you obviously know how to Google on how to secure a network. If this were to
go to court, how would you defend against your ISP charging that you had no
authorization from them to provide sub-services and moreover that you
allowed the illegal activity?

What you have to remember is that an ISP falls under certain regulations.
With that, they are also allowed certain protections. You are NOT and ISP.
You are an END USER.
Make no mistake. I have a secondary wireless network open to a few people in
my building. I fully understand though that they are on my network and if
they do something that sets off any red flags, those red flags will be next
to MY name, not theirs.

I understand that your lawyer friend told you that you were good-to-go with
this. My recommendation to you would be to get a second opinion (preferably
from someone that doesn't accept payments in beer).

/rant


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]