Wireless security should not be blamed for piracy
The website DigitalWrong.org certainly has one thing right: the name they have chosen accurately describes the extent of their digital knowledge. They posted this blog complaining about record companies “blackmailing” users for digital piracy by asking them to settle for £500 or face court.
Digital Wrong insists that these users are “innocent” despite the fact that the Internet Protocol (IP) address evidence collected by the record companies have been logged and matched to the user by the broadband provider. But on what basis can Digital Wrong claim innocence in the face of overwhelming forensic evidence? It was the neighbor’s kid!
Digital Wrong wrote: “Say, for example, that you get a letter accusing you of violating copyright and demanding that you stop. You know that you haven’t been, and you think that it was probably the tech-savvy kid from next-door breaking into your wireless. What can you do? On most consumer-grade equipment: nothing. The wireless routers that have been distributed by ISPs do not support strong enough encryption to keep him out, nor do they keep detailed enough logs to vindicate yourself.”
As someone who designed IT security systems for most of the last decade and as a Certified Information Systems Security Professional (CISSP), I can attest that this claim that wireless networks are impossible to secure is absolutely wrong. Every business and consumer router sold since 2004 has supported security standards that have never been broken when used correctly, and I have been teaching wireless security best practices for years. It is absolutely possible to keep outsiders out and it is easy to do.
For consumers, the only thing they need to do to ensure an practically unbreakable wireless security system on their home router is pick WPA security with Pre-Shared Key (PSK) authentication using a random 12 character key such as J3sh1NrcZpw2 and TKIP or AES encryption. There is not a single security researcher in the entire world that has come forward to claim that they could break this kind of security setup within the next thousand years using modern cracking hardware and techniques.
Now it is possible for consumers to leave the security system off or deploy it incorrectly, but that kind of defense/excuse makes it impossible to enforce copyright laws. Furthermore, these enforcement practices start off with multiple warnings with no fines and then graduate to 500 pound settlements which are the kinder, gentler, and reasonable type of response to piracy. It isn’t as if users are being slapped with these fine/settlements without warning and they have plenty of time to change their behavior or strengthen their security settings.
There are some who believe that there shouldn’t be any copyright protection for digital content, and I suspect Digital Wrong is among such people, but that goes against the established laws of every industrialized nation. We live in free nations where individuals and groups can work together to change the law and if Digital Wrong feel that copyright should be abolished, then let them join the “Pirate Party” which openly advocates the decriminalization of piracy and the destruction of all intellectual property rights. But Digital Wrong is taking underhanded tactics by making up security facts to circumvent the law, and that’s just wrong.
You’re mixing up two issues – whether a trained professional can prevent future use of your wireless system vs. whether an untrained amateur can determine whether anyone used their wireless in the past and prove it to a court. Yes, with 99% of the equipment out there, a trained professional can enable at least WEP protection (I’m not sure what fraction of deployed equipment only has WEP, and you can argue about whether the neighbor’s kid using WEP crackers counts here.) But what fraction of wireless ports turn logging on by default, or keep logs forever, or can be have the logs read by a non-technical amateur who’s not willing to spend over L500 hiring experts to defend themselves? I’m guessing that’s fairly low, though probably non-zero. And what fraction of people leave their wireless access open for guests, even though some ISPs have tried to scare them away with hype about drive-by terrorist copyright-violating illegal-porn-downloaders?
Furthermore, your later blogs have caught up with the fact that at least in the US, the RIAA/MPAA aren’t starting out with kinder gentler warnings or stopping at $1000 payoffs – they’re much more aggressive than that.
@Bill Stewart,
Did you even read my specific criticism and the quoted text? Digital Wrong was NOT claiming that it was too hard for an end user to secure their networks or not; they were claiming that it was impossible to do because the hardware doesn’t support it.
Furthermore, you don’t need to be a “trained professional” to implement WEP. More importantly, WEP is useless. Furthermore, logging is irrelevant here if you lock your network down.
It’s interesting that you’ve chosen to ignore all of this and that you’ve chosen to ignore my two sentences teaching people how to implement good WPA security. It sounds more like a case of you not wanting to know how to implement good security because it’s a good cover for piracy.
As for sharing your network with the whole neighborhood, that’s effectively the same thing as going to the buffet, buying one all you can eat meal for $10, and then bringing in 20 of your neighbors and friends to eat. It doesn’t fly economically.
George is absolutely right and Bill, you are 100% wrong. WPA or WPA2 encryption is easy to setup on any wireless router purchased in the last few years. The quickstart step by step guide that is included in most packages will walk through the process for setting up a security wireless network for anyone who is capable of reading and following directions. If a home user is unable or unwilling to properly secure their perimeter, there are numerous companies with personnel willing to come onsite to the home and properly setting up the device for a reasonable fee (similar to what a plumber or dish washer repair person might charge).
Incidentally, if you read the terms of your Internet contract, it is likely that you are required by contract to prevent non-household members from sharing your Internet connection (wording is different by ISP, but you can’t run a free public access service with on most home connections). So, not only are you protecting yourself from illicit use, you are also making sure that you are honoring your contractual obligations and protecting your good name.
Eric Svetcov, CISSP, CISA, CISM, CIPP, CHS (and a few others…)
Co-Chair ABISCF
Leave your response!
Twitter Feed
About Us
Digital Society is a digital think tank that believes culture and commerce are inseparable, that the digital economy flourishes when people are free and rights are secure, and that free markets free people.
Digital Society is an independent 501(c)3 non-profit organization, funded by donations from Jon Henke and from Arts+Labs. We advocate for a pro-culture, pro-commerce digital society through research, analysis and debate on emerging technology issues.
Reply Comments
Transparency and interactivity are trademarks of the Internet era, and we aim to foster them here at Digital Society. It is inevitable that some people will disagree with the technology policy positions we take. We want to have that constructive debate.
The Reply Comments feature gives our critics a chance to respond to our viewpoints and the Digital Society audience convenient access to competing arguments. Any time we directly challenge the views of an individual or a group on this site, the party in question may substantively respond in a guest post.
Please contact executive director Jon Henke by e-mail.
Subscribe
Recent Posts