There’s currently no law in the U.S. that holds the owner of an unsecured access point liable for illegal activity on it. In Germany, however, people are now subject to a fine of 100 Euros ($130 US) if someone uses their network to download content illegally. See “German WiFi Owners Are Now Liable for What Third Party Users Download While Connected to Their Network.”
According to the article, experts in the UK don’t see such a ruling as affecting them anytime soon.
Asked whether a law such as this could ever transfer to the UK, Stuart Okin, managing director of Comsec Consulting, said: “I don’t ever see that coming over here as I don’t see how it could be policed in the UK.
“In Germany there is a different culture, and when rules come into play they are obeyed without question. In the UK I am not saying that no one will do it, but it is not advisable and realistic to work.”
That may very well be, but I call it a wrong target. The real culprit is the illegal downloader whose intent is clearly to hide his actions by stealing someone’s network identity – a crime in itself. Any time you assign illegal activity the wrong source, you end up with a legal quagmire that is certain to take years to sort out in the courts.
Moreover, I don’t think you can force an individual (not in this country at least) to learn a technology in order to use it. After all, one doesn’t have to learn the technology of the internal combustion engine in order to mow the lawn, one just has to know how to start the engine. Furthermore, we assume that the manufacturer has taken the necessary steps to make the device function properly and safely and if it doesn’t, the manufacturer is liable in most cases.
SANS News Bites Editor Stephen Northcutt extends this idea to the access point, “We all need to keep our eyes open, because if the access point itself has vulnerabilities that lead to filesharing then who is to blame. …if you meet the letter of the law, and “protect” your network and someone computes the WPA key and downloads files over your network, who gets sued and why?”
I won’t say it can’t happen here; that would be naive beyond belief. I will say that it’s a very bad idea to try force people into securing their access points. It would be much more workable if the manufacturers opted to make their equipment secure by default.
What do you think?