Security Basics mailing list archives
RE: Usefulness AUP on an Anonymous Wireless Network.
From: "Jerry Gamblin" <Jerry.Gamblin () house mo gov>
Date: Mon, 23 Oct 2006 12:18:13 -0500
Here is a story from the front page of Digg that goes along with this discussion: http://arstechnica.com/news.ars/post/20061022-8046.html This Coffee shop offered $1 internet access but didn't collect any user information and was shut off because someone sent spam through their connection. Say someone wanted to take legal action against the coffee shop for the spam what is the coffee shops defense? Do they get a "get out of jail" free card because it was an unknown person or would they be liable because it happened on their network? Their ISP has made the business judgment that they were liable and shut off their access. What happens if it was Kiddieporn and not spam? Thanks, Jerry Gamblin -----Original Message----- From: Scott Ramsdell [mailto:Scott.Ramsdell () cellnet com] Sent: Monday, October 23, 2006 10:22 AM To: gillettdavid () fhda edu; Jerry Gamblin; security-basics () securityfocus com Subject: RE: Usefulness AUP on an Anonymous Wireless Network. Good point David. So, is this an opportunity for an insurance company to write a new type of policy? One specifically to protect me against the misuse of my open or improperly secured wireless network? Is an unsecured/improperly secured wireless network an "attractive nuisance" like a swimming pool, which legally (in my region) requires a fence and locking gate to keep the kiddies out (pun intended)? Is anyone aware yet of a network owner who was held liable for the perp in the street surfing nefariously? I know we are testing the legality of the freeloading surfer in some cases already, but has the legal responsibility of the network owner been tested, aside from those who intentionally allow public access as in the original post? If I don't intend for someone to be on my network, but they are, and commit a crime, would my responsibility be any greater if I had consented to the access, but not the crime? -Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of David Gillett Sent: Friday, October 20, 2006 6:42 PM To: Scott Ramsdell; 'Jerry Gamblin'; security-basics () securityfocus com Subject: RE: Usefulness AUP on an Anonymous Wireless Network. I can't think why you would. ISPs like to get *PAID*, and as a result tend to enter into an enforceable contract with their users, to which the AUP is attached. In the anonymous (therefore free) context specified, you've no such hook to hang any legal restrictions (and indemnification) on. David Gillett
-----Original Message----- From: Scott Ramsdell [mailto:Scott.Ramsdell () cellnet com] Sent: Friday, October 20, 2006 8:10 AM To: gillettdavid () fhda edu; Jerry Gamblin; security-basics () securityfocus com Subject: RE: Usefulness AUP on an Anonymous Wireless Network. I'm not a lawyer either, but I would expect you'd enjoy the same protection ISP's do. -Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of David Gillett Sent: Thursday, October 19, 2006 3:14 PM To: 'Jerry Gamblin'; security-basics () securityfocus com Subject: RE: Usefulness AUP on an Anonymous Wireless Network. My expectation (IANAL...) is that if you can't prove that the user saw and agreed to the AUP, you can't enforce it in court (if it comes to that). And that would include being able to pass liability on from you to them, so unless you trust them to make life-or-death decisions about your network, I'd want some slightly stronger mechanism. Dave Gillett-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jerry Gamblin Sent: Thursday, October 19, 2006 7:17 AM To: security-basics () securityfocus com Subject: Usefulness AUP on an Anonymous Wireless Network. I was having a discussion with a professor in one of my law classes and he didn't have an answer so I thought I would ask it here. Here is the hypothetical situation: You have a public wireless network that doesn't have anauthenticationmechanism that you allow the general public to use. Inorder to limityour liability you use a click through AUP but you don'task for anyinformation that can be used in tracking the user should they do something illegal on your network (example: download a movie off bittorrent). Does the click through AUP mitigate your liability or is it just a false feeling of security? Thanks, Jerry W. Gamblin Information Systems Missouri House of Representatives 201 West Capitol Avenue Jefferson City, MO 65101 -------------------------------------------------------------- ------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA hasdesignated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus -------------------------------------------------------------- --------------------------------------------------------------------------- ---------- --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus -------------------------------------------------------------- ---------- ---
------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Usefulness AUP on an Anonymous Wireless Network. Jerry Gamblin (Oct 19)
- RE: Usefulness AUP on an Anonymous Wireless Network. David Gillett (Oct 19)
- Re: Usefulness AUP on an Anonymous Wireless Network. Saqib Ali (Oct 20)
- <Possible follow-ups>
- RE: Usefulness AUP on an Anonymous Wireless Network. Craig Wright (Oct 20)
- RE: Usefulness AUP on an Anonymous Wireless Network. Scott Ramsdell (Oct 20)
- RE: Usefulness AUP on an Anonymous Wireless Network. David Gillett (Oct 23)
- RE: Usefulness AUP on an Anonymous Wireless Network. Scott Ramsdell (Oct 23)
- RE: Usefulness AUP on an Anonymous Wireless Network. Jerry Gamblin (Oct 23)
- RE: Usefulness AUP on an Anonymous Wireless Network. David Gillett (Oct 19)