Unsecured wifi might be contributory negligence

Igor Mozolevsky mozolevsky at gmail.com
Sat Feb 18 18:48:04 GMT 2012

On 18 February 2012 17:31, Roland Perry <lists at internetpolicyagency.com> wrote:

> It doesn't transfer via class actin suits, because we don't do those. What
> might happen is that (because it's also hitting mainstream now) we could get
> laws which introduce expectations on the behaviour of domestic Internet
> subscribers along the same lines as were eventually introduced for car
> drivers.

You are assuming that there is a sufficiently large portion of
domestic users who would know what that means. What about all those
people to whom "the Internet" is nothing more than the "Internet
Explorer" window? I am getting more and more convinced that comparing
this situation to driving cars is not helpful at all---the latter
requires a competence test and the government regulates who may or may
not drive, whereas the former clearly does not; unless you are
advocating that you need to pass some competence test and obtain a
licence to have Internet connection...

Of course we have not touched upon why imposition of such laws should
be the case---if you accept that connectivity to the Internet is
ubiquitous then would you not be imposing a positive obligation to a
small class (IP rights holders) on the population as a whole (cf. car
drivers being a distinct class of population)?

> You've forgotten the situation of leaving the keys in the car. Whether the
> owner notices it's gone or not is a separate layer in the debate.

So you are saying that if you were to leave your keys in the car and
someone else were to steal that car and run someone over, you should
be held liable at least in some part? Besides, vehicular owners always
have "cannot be in two places at once" defence, which clearly will not
work in case of an open wifi box...

> If they are hijacking your *open* router, the solution is to apply some kind
> of (any kind will do for now) security. It shows willing, if nothing else.

Yes, but again, you are ducking the "who is responsible" issue---all
the parties (domestic users, ISPs, manufacturers, and IP rights
holders) have competing, and quite often, mutually exclusive

> By making it clear that operators of open domestic wifi points are
> responsible for bad things which happen as a result.
> Remembering also that the primary objective here probably isn't to make
> domestic wifi points secure from "masked men", or responsible for
> identifying those masked men, but to neutralise the excuse of the operator
> that "It wasn't me, it was a masked man wot dunnit".

How is that going to work though? If you make that a criminal
liability, presumably, all the defendant would have to do is to assert
the "not me" defence and it would be for the Crown to disprove it. If
the statute would impose "duty of care" to the IP rights owners, we
will most likely end up with the situation where ISPs would be liable
and not the domestic users. How is this dramatically different?

Also, you are forgetting what the ECJ said in Scarlet: the rights of
IP rights holders are not absolute and must be balanced against
everything else. One would argue that imposing liability "at large" is
simply disproportionate.

Igor M.

More information about the ukcrypto mailing list