Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Unsecured Wi-Fi would be outlawed by N.Y. county

From: David Farber <dave () farber net>
Date: Sun, 6 Nov 2005 12:12:21 -0500


Begin forwarded message:

From: Dewayne Hendricks <dewayne () warpspeed com>
Date: November 5, 2005 8:21:13 PM EST
To: Dewayne-Net Technology List <dewayne-net () warpspeed com>
Subject: [Dewayne-Net] re: Unsecured Wi-Fi would be outlawed by N.Y. county 
Reply-To: dewayne () warpspeed com

[Note:  This comment comes from reader Thomas Leavitt.  DLH]


From: Thomas Leavitt <thomas () thomasleavitt org>
Date: November 5, 2005 4:48:56 PM PST
To: dewayne () warpspeed com
Subject: Re: [Dewayne-Net] Unsecured Wi-Fi would be outlawed by N.Y. county 

Gah. Next, they'll make it illegal to leave your door unlocked.

We need a Constitutional amendment along the lines of "Congress shall
make no law regarding technology without having a clue."
Or perhaps a law requiring that an appropriate private sector standards 
body should vet all laws related to the Internet prior to
introduction...

With regards to this particular example of stupidity: people should be
free to implement the security measures they feel are appropriate - a
firewall may or may not be necessary (although I certainly would rather 
be running one).

Tort liability for negligent administration of confidential personal
information is the proper means of addressing the problem.
Mandating that people install a "network gateway server" equipped with a 
"firewall" is stupid, on many levels - technically, the presence of a
"firewall" means little or nothing, passage of such a law will encourage 
the that folks have taken care of potential security problems by
installing one. A firewall is useless if it isn't configured properly,
and often requires holes be punched in it for the network to be useable 
(which defeats much of the original purpose of installing one).
Furthermore, there are security models that don't put a "network gateway 
server" and a "firewall" on the same box... are companies that have
implemented such going to have to throw away thousands of dollars worth of equipment because it is in technical non-compliance? What about folks who run firewalls on individual servers without a centralized firewall? 
Or who run ZoneAlarm on their PCs? Does a Windows box running Windows
Firewall and offering Internet Connection Sharing qualify? How do you
define "firewall" anyway? Is a NAT box a "firewall"?

Further, it doesn't serve the end it is intended to: the vast majority
of security breaches and privacy protection violations occur *behind*
the firewall (or where a firewall might be).
And the idea that people would have to put up signs saying, essentially: 
"we've put a security precaution in place, but it may very well be
utterly pointless, so please be careful" is hilarious... although the
idea of having to "register" Internet connections with the government is 
NOT funny at all.

Regards,
Thomas Leavitt


Weblog at: <http://weblog.warpspeed.com>


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: