Some Very Bad Advice from Wired!

Wired is usually a decent source of information. But from time to time they get it wrong. When they do it is usually WAY wrong. This is one of those times. Bruce Schneier advises his readers –

Whenever I talk or write about my own security setup, the one thing that surprises people — and attracts the most criticism — is the fact that I run an open wireless network at home. There’s no password. There’s no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

To me, it’s basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea. But to some observers, it’s both wrong and dangerous.

I’m told that uninvited strangers may sit in their cars in front of my house, and use my network to send spam, eavesdrop on my passwords, and upload and download everything from pirated movies to child pornography. As a result, I risk all sorts of bad things happening to me, from seeing my IP address blacklisted to having the police crash through my door.

While this is technically true, I don’t think it’s much of a risk. I can count five open wireless networks in coffee shops within a mile of my house, and any potential spammer is far more likely to sit in a warm room with a cup of coffee and a scone than in a cold car outside my house. And yes, if someone did commit a crime using my network the police might visit, but what better defense is there than the fact that I have an open wireless network? If I enabled wireless security on my network and someone hacked it, I would have a far harder time proving my innocence.

Well Bruce, HR4279, aka The SAFE Act is going to change all that for you! It’s already passed the House with only 2 Nays. The Senate is drafting legislation that will be nearly identical. When this Bill hits Conference for final draft it will remain fairly well as passed by the House. This bill would criminalize the transport of pornography by wireless means. The only out being that you the WIFI transporter can finger the perp who inserted the porn. How do you do that on an open WIFI connection Bruce?

From CNet, on the HR Bill –

This is what the SAFE Act requires: Anyone providing an “electronic communication service” or “remote computing service” to the public who learns about the transmission or storage of information about certain illegal activities or an illegal image must (a) register their name, mailing address, phone number, and fax number with the National Center for Missing and Exploited Children’s “CyberTipline” and (b) “make a report” to the CyberTipline that (c) must include any information about the person or Internet address behind the suspect activity and (d) the illegal images themselves. (By the way, “electronic communications service” and “remote computing service” providers already have some reporting requirements under existing law too.)

The definition of which images qualify as illegal is expansive. It includes obvious child pornography, meaning photographs and videos of children being molested. But it also includes photographs of fully clothed minors in overly “lascivious” poses, and certain obscene visual depictions including a “drawing, cartoon, sculpture, or painting.” (Yes, that covers the subset of anime called hentai).

What you advocate in your coffee shop down the street remark is a ’security by camouflage’. Problem with that mindset is the realization that those coffee shops are either going to close up their networks or ditch them all together to avoid the hassle of having to comply with the law. Then your WIFI will be sitting their like a proud nail.

I thought one of the functions of a security expert was to be up to date with current and pending legislation. If you aren’t up to date, how can anyone depend on you to make sure those you represent are in compliance with the law? WPA is your friend Bruce.

[Update] Now even LifeHacker is playing the Open Access tune on WiFi. I expected better.