Unsecured wifi might be contributory negligence

Roland Perry lists at internetpolicyagency.com
Sat Feb 18 15:47:27 GMT 2012

In article 
<CADWvR2g8Ee=xOBqL45AzARvjF-B=w+aTyAdryj+UV0TttmJn9Q at mail.gmail.com>, 
Igor Mozolevsky <mozolevsky at gmail.com> writes
>On 18 February 2012 15:19, Roland Perry <lists at internetpolicyagency.com> wrote:
>>> Is there anything of the sort wrt "securing" the wifi routers?
>> Not yet, but policy is being formed in this area. Currently the USA is
>> leading, but the UK often follows. Pardon me for bringing this to the list's
>> attention.
>From a cursory reading of the article you pointed to, there doesn't
>seem to be a codified obligation to keep your wifi secure State-side,
>hence the obscure civil "test" lawsuit (although the article doesn't
>actually provide a link to the court paperwork that was filed, which
>would undoubtedly benefit this discussion).

You need to think about the American legal system as privatised 
regulation, through the lens of class action suits - or big corporates 
suing many individuals, which is much the same ides.

>If you are going down the road of forcing wifi routers to be secure,
>then who is "responsible": the end user who "owns" the ISP connection,
>the ISP who provides the router and goes out of their way to keep the
>users from tinkering with the settings to minimise support costs, or
>the router manufacturer? You can't force WPA2 on everyone (assuming
>WPA2 is deemed "secure"), people still use computers with wifi cards
>that are only capable of WEP, should those users be forced to junk
>their laptops and upgrade or invest in more equipment? What happens if
>that "security" is compromised? The landscape is entirely different
>from the car examples discussed previously.

I thought we'd got past the issue of "whose fault if the security is 
weak". What this is about, in the first instance, is *no* security. And 
that's something maybe the user might reasonably be responsible for.

Although if enough get successfully sued, and they claim it was really 
the ISP or router manufacturer's fault, that's a class action in the 
making so eventually the "most guilty party" gets identified and cleans 
up their act. [All of this in USA of course].
Roland Perry

More information about the ukcrypto mailing list