Wifi 2011

John William Nelson (website, papers, Lex Technologiae blog) is an American attorney and was, in 2008-9, a postgraduate student and associate tutor at the UEA Law School. Since returning to the US, he has continued to write about law and technology, and most recently, his Lex Technologiae blog turns to a subject very close to my heart, that of open wifi. I last wrote in detail about this in a 2009 paper in SCRIPTed, but if anything, the issue has become more prominent since as a result of legislative and judicial developments. John’s post (read it here) is triggered by a short piece in Wired, but he goes further and argues that the problem is the lack of a clear interpretation of the US legislation (the CFAA) and the use of a wifi-related charge in place of or to add to other criminal charges; this makes it harder to test the hard cases. If you’re interested in the Australian situation, there’s a lovely paper by Carter and Makin available here.

Meanwhile, one of the big issues in the UK was the treatment of small-scale wireless networks under the Digital Economy Act (i.e. whether running an access point made you an ISP) – which, of course, isn’t about the wifi user but the wifi provider, but does have an impact on the availability and viability of open wifi. That hasn’t been resolved yet by any means, despite some intriguing (and inconclusive) comments in Ofcom’s 2010 consultation on its initial obligations code). Continuing the theme of different measures affecting the wireless world, the last fortnight has seen good coverage of a battle (read the for and against as reproduced by Ars Technica) in North Carolina on that old favourite, municipal wifi. I’m not sure ‘wifi law’ is any clearer than it was two years ago, and indeed the popularity of smartphones (aka portable wifi detecting and joining devices!) and that always-mentioned cloud thing cannot but make the questions more significant.


Wireless networks detected?

I’ve followed (from a distance) the debate on the copyright-related provisions of the Digital Economy Bill. I find the House of Lords debate on such causes unnecessary stress, although I’m somewhat doubtful about the legislation ever finding its way onto the statute book, given the approaching general election and the length that the HL stage is taking (note that this legislation started there, so has yet to even trouble the elected house. However, I’ve been jolted into action by the frankly bizarre response of the Bill’s proposers to the initial criticism regarding the impact of the Bill on wireless/wifi networks. The Open Rights Group sets out the earlier stages of this sub-issue and the most recent developments here, and Lilian Edwards (who has been following it) has already analysed these questions very well indeed. The document referred to in this post is Factsheet B2, available here in .doc.

Now I have a bit of prior interest in this area, and it’s only fair to point it out. I wrote an overview of a bundle of legal issues, published in 2009 here. At the time, I was a little concerned (and mentioned in passing) about this issue of responsibility for the actions of others using the network. It formed part of the broader theme (which was amplified in contemporary press coverage) that wireless networks play an important social role in providing access to underserved groups and thinking about Internet use as something beyond a way in which ISPs make money. I suggested that there might be some conflict between defining the admin of a wireless network as a customer of an ISP (subscriber) or as the operator of another provider (public electronic communications network). There are advantages and disadvantages either way. The Bill, though, seems to take this doubt, refuse to answer it, and throw in some previously-unknown restrictions that I would now argue are a serious threat to the development of open networks that I did not then anticipate. This is not to suggest that I had any great insight – quite the opposite, I feel as if my crystal ball needs an upgrade. That said, on with business.

The current state of play is that the Government is not prepared to consider exemptions. The argument is a rather ignorant one that an exemption e.g. for libraries would lead to abuse of the exemption and even fake institutions taking advantage of it.

We have considered the extent to which an exemption might be provided in the legislation. We cannot give blanket exemptions for any such establishment. This would send entirely the wrong signal and could lead to “fake” organisations being set up, claiming an exemption and becoming a hub for copyright infringement. Similarly existing establishments might simply ignore the issue of copyright infringement (or treat as “too difficult”) and allow users to infringe copyright with effective immunity.

This is a little surprising, given the range of existing special provisions and exemptions in the law for libraries; the Copyright, Designs & Patents Act 1988 contains stacks of them. Presumably on the Government’s new view they should all be repealed forthwith. Great.

Furthermore, it’s also being suggested that operators of open wifi be required to put in place untested, burdensome and potentially pointless restrictions such as peer-to-peer blocking, commercial filtering software, and terms and conditions for users. Registration is also suggested – just like pay-as-you-go mobiles, the intention to have a complete record of users is clear. This is putting in place restrictions that are not currently required under UK law. Filtering software is not a legal requirement in this jurisdiction nor should it be. Effectively requiring it for cafes, universities and libraries – at the very time that we are suggesting that the future is based around Internet delivery of everything from video news to Government services – is absurd. Surely a system like this will lead to an environment where there are fewer open networks and those that remain being crippled. The presumption in the new proposals is that the best network is a closed network – indeed, one idea is that admins be sent instructions on how to secure the network. I am, as I mentioned above, already associated with the anti-closed network view, but I accept that there are complex arguments here. That said, this is something that should be considered in full, rather than as a subset of a subset of a copyright debate. If wireless networks are to be controlled, this should not be achieved through the nod and wink approach of allowing open networks but forcing those who provide them to change the essence of Internet access through the threat of liability for supposed copyright infringement. Given that the Government refuses to say what the status of the wifi admin is, it’s far too early to decide what their responsibilities are, especially when the net result of those responsibilities is a dystopian vision of the version of the Web used in primary schools. I’ll leave the final word to the document, which appears confused as to whether it is a legal proposal, a statement of fear, or a sales pitch for software:

Wireless connections are harder to secure. It is straightforward to limit use to only authorised users – via a password or by registering the PCs that can access. Access might also be limited to particular times of the day. Preventing authorised users from miss-using a connection is more difficult. One option is to route all traffic via a proxy server which does not support or allow (eg) use of file-sharing technologies. Another is to place similar restrictions on the router.
The “Get Safe Online” website (http://www.getsafeonline.org/) – supported by HMG and Ofcom – lists three companies who provide filters and software which can block or filter content and who can also block the use of P2P programmes: Cybersitter, Net Nanny, and Cyberpatrol.
It also provides a link through to other sites such as GetNetWise.org which lists and evaluates a wider range of products including BSafe, Safe Eyes, ChildSafe and Cybersentinel.
These products typically cost in the region of US$40 (about £30) and allow the user to block the most popular P2P applications such as: Bit Torrent, eMule, Gnutella, Kazaa, Morpheus, and Limewire.

SCRIPTed 2009: Internet internet

Three presentations in this parallel session.

The first was my own, “Law in the Last Mile: Three Stories of Wireless Internet Access”. I will make the paper available shortly. I write about the legal restrictions and risks associated with the sharing of Internet access through wifi, the objections to municipal or community wifi systems, and touch on the ‘white spaces’ Internet access proposals. The bulk of the paper deals with the first, looking at what I argue is the inappropriate use of criminal sanctions against users of open wireless access points and the tools that discourage users from sharing. I believe photos were taken of the special interactive element, which I’ll leave as a surprise for the time being.

The second presentation was given by Anniina Huttunen on behalf of a research group at Helsinki, “Cooling-Off the Over-Heated Discussion of Consumer Digital Rights Discourse by Extending the Cooling-Off Period to Digital Services”. They take as a starting point the problem that there is a high level of protection for physical goods, but almost non-existent for digital services. Consumers are more empowered than ever, and the Facebook user revolt is an example of this, but what is the position of online purchases of software? There is the familiar cooling-off period in EU law – no penalties and no reason needed – for situations like doorstep, time sharing and distance selling. The case study is on software sold as downloaded data. Referring to the revision of the consumer acquis: 34th recital, data files downloaded during cooling-off period not to be included, unfair to allow cooling-off when service enjoyed in full or part. At the moment, many providers have a return policy (well hidden), and also ‘lite versions’ available, or restrictions on return (i.e. download for a second time). The pros of allowing cooling-off are allowing testing of technical and contextual compatibility; no unreasonable cost (physical return) and no wear and tear (so no need to re-sell the product at a lower price), but the cons are the expense for the developer, the design consequences, and seeming to make unauthorised use easier.

The final presentation was Scott Boone’s, ‘Why Study Virtual Worlds‘? It was a report on his own efforts but also evangelical – so that we can consider the advantages. There’s some cynicism – ‘this generation’s D&D’, also critiques that it’s just a fad/hype. But VW give us a means to study possible futures. Borrowing from the discipline of Future Studies, look at simulation gaming (formerly operational gaming). Do things that we can’t do with a real world in terms of understanding scenarios. VWs have a unique set of features and practices, and indeed more focused than the Internet taken as a whole. Already in use are 3D as user interface; what sorts of benefits do we get? and the ‘future of money’ (note disappearance of fiscal currency and privatisation of money). The focus of the paper was then on five potential outcomes of studying virtual worlds: (A) fully realised third paradigm of computing: (1) mainframe/client, (2) personal computing, (3) ubiquitous/pervasive : entirely computer-mediated ‘universe’?; (B) widespread distribution of property without relinquishment of control – do we have emerging issues here – cars on the cellphone model, control separated from use; (C) (nearly) perfect DRM for media distribution – see what the market does; (D) software designed for universal connectivity; this will be a different authorisation, practice etc. Look at business models, EULAs etc (E) augmented reality (though how do we do this without putting in all the variables?) In questions, Boone clarified that his focus was on studying virtual worlds as they currently exist, rather than creating simulations in future virtual worlds (though this too is interesting).

This is the last of my blog updates on the SCRIPTed conference at the University of Edinburgh. Remember, the full list of papers is available here. I will return to the themes of the conference (including the keynote by Prof. Bartha Knoppers) in a later post, and hope that you have enjoyed these fairly rambling updates. There will be one final session that, unfortunately I will miss most of for travel reasons, featuring Lilian Edwards, Andres Guadamuz and TJ McIntyre, which I’m sure will be excellent.