A building containing a coffee shop stands alone. It is far enough
from any other building for you to know that the wireless signal you
are picking up on the combination wrist watch, usb key and wireless
access point locator you got from a vendor is from the coffee shop.
Your super secret decoder watch tells you the network requires no
authentication and the name of the access point is generic, ie, not
'public', not 'private' or any other term or phrase that could
possibly be construed as identifiable with the coffee shop.
There is no notice on or in the building saying that the use of
wireless is for paying customers only.
In short, you know the signal is from the coffee shop (which you don't
own) but there is no notice forbidding usage.
You are parked in front of the coffee shop and want to check you
e-mail or do something equally mundane.
Q1: Do you use the wireless connection and why?
Q2: Do you advise the business owner as to the dangers of the current
configuration and why?
Welcome!
I wish I could say that this is something as noble as 'giving back' to the information security community but the simple fact is it will be a forum to discuss ethical issues in a calm, rational manner that need to be brought out into the open.
Information security (or the lack there-of) is becoming more a part of peoples lives, and affects more people each day whether they use a computer themselves or not as banking, utilities, transportaion, medical care and other critical industries are all heavily computerized.
We have all seen the effects and impact on individual people and businesses when breaches occur, and it does not take much imagination to speculate about the impact to economies when large enough attacks are realized.
Given the variety of laws around the world or lack there of, legality aside, a large 'gray space' between the 'white' of the defenders and the 'black' of the attackers exists. And because of that variety, discussions here will remove the legality of an action from the discussions. What may be a serious crime where you live, may be perfectly legal where the next blog reader lives.
When you remove the legal aspect of the issue, right and wrong in the traditional sense become a function of the individual's beliefs. Of course there are lines that should not be crossed and actions that are clearly wrong to all but the most criminal but with information security, again, eliminiting the varied legalities around the world, those are few and far between and even those become gray at some point.
This forum will look into that wide gray space and discuss what is found so that readers can make up their own mind and determine their own ethical compass.
There are a few things to keep in mind when reading from or posting to the blog:
1. There is no 'right' or 'wrong' answer. Different people may arrive at the same conclusion but by taking very different paths. The journey is just as important as the destination.
2. Some of the scenarios presented here will seem a bit unusual almost perfect. This is done intentionally as I am trying to make all the variables black and white to simplify the problem and isolate the specific ethical issue in question.
3. It was mentioned previously but it bears repeating, remove the legality of the issue from your thinking. Laws vary widely around the globe so again, to isolate the specific ethical issue at hand assume that your reasonable response would be legal.
4. Ethical issues can become emotional. Avoid being judgemental. It is our hope that you will encounter very different views from your own. Attacking people with differing views is not the way to get your point across. Clear, concice writing wins over flames every day of the week.
5. Don't assume or try to read between the lines. In the scenarios, there is no hidden information. All the information that you have in order to make your decision is presented. The 'in short' section is a straigtforward explanation of the scenario with all the detail removed.
6. During testing of several of the scenarios with friends and associates one trend became crystal clear. Thier intial answer was usually different, sometiimes significantly from their answer after thinking about it or better yet discussing it for even 15 minutes. These scenarios are designed to be thought provoking. Take some time, think about it, talk to your friends and associates, read the responses already posted and when you're sure, let us know it.
All times listed are GMT. Let's keep this as light and enjoyable as we can for a topic of this nature.
Information security (or the lack there-of) is becoming more a part of peoples lives, and affects more people each day whether they use a computer themselves or not as banking, utilities, transportaion, medical care and other critical industries are all heavily computerized.
We have all seen the effects and impact on individual people and businesses when breaches occur, and it does not take much imagination to speculate about the impact to economies when large enough attacks are realized.
Given the variety of laws around the world or lack there of, legality aside, a large 'gray space' between the 'white' of the defenders and the 'black' of the attackers exists. And because of that variety, discussions here will remove the legality of an action from the discussions. What may be a serious crime where you live, may be perfectly legal where the next blog reader lives.
When you remove the legal aspect of the issue, right and wrong in the traditional sense become a function of the individual's beliefs. Of course there are lines that should not be crossed and actions that are clearly wrong to all but the most criminal but with information security, again, eliminiting the varied legalities around the world, those are few and far between and even those become gray at some point.
This forum will look into that wide gray space and discuss what is found so that readers can make up their own mind and determine their own ethical compass.
There are a few things to keep in mind when reading from or posting to the blog:
1. There is no 'right' or 'wrong' answer. Different people may arrive at the same conclusion but by taking very different paths. The journey is just as important as the destination.
2. Some of the scenarios presented here will seem a bit unusual almost perfect. This is done intentionally as I am trying to make all the variables black and white to simplify the problem and isolate the specific ethical issue in question.
3. It was mentioned previously but it bears repeating, remove the legality of the issue from your thinking. Laws vary widely around the globe so again, to isolate the specific ethical issue at hand assume that your reasonable response would be legal.
4. Ethical issues can become emotional. Avoid being judgemental. It is our hope that you will encounter very different views from your own. Attacking people with differing views is not the way to get your point across. Clear, concice writing wins over flames every day of the week.
5. Don't assume or try to read between the lines. In the scenarios, there is no hidden information. All the information that you have in order to make your decision is presented. The 'in short' section is a straigtforward explanation of the scenario with all the detail removed.
6. During testing of several of the scenarios with friends and associates one trend became crystal clear. Thier intial answer was usually different, sometiimes significantly from their answer after thinking about it or better yet discussing it for even 15 minutes. These scenarios are designed to be thought provoking. Take some time, think about it, talk to your friends and associates, read the responses already posted and when you're sure, let us know it.
All times listed are GMT. Let's keep this as light and enjoyable as we can for a topic of this nature.
Sunday, July 15, 2007
Coffee shop wireless
Subscribe to:
Post Comments (Atom)
4 comments:
A law abiding citizen certainly does not because regardless of the situation, state laws would govern the legality of accessing it. Many states would consider such usage illegal and there have been recent news articles about people getting in trouble for doing so.
The fact that there is no sign in or out of the building mentioning wireless access suggests it isn't intended for the public at all, so connecting to it would be akin to connect to a corporate wireless network knowing it belonged to BigCo Inc.
A law abiding citizen?
Taking the law out of it as referenced above, yes, I do connect.
There is no sign, no banner no indication anywhere that access isn't allowed.
I don't even think given the information available it can be suggested that the wireless is not intended for the public. If the SSID was 'private' or 'coffee' or something that in some way showed to to be just for the patrons that would be different.
That said, (after I check my e-mail) I probably take some time to talk to the business owner and if the intent is not for the wireless to be freely available to non-patrons, I'd give him / her a business card and offer my servives to help lock it down.
If my neighbor puts his shiny new big screen TV out on the lawn and facing the sidewalk, I'd be pretty surprised if he got at mad at me for watching it from across the street (as long as I wasn't on his property). If I have to peek through the living room curtains to get a glimpse, though, it's a different story.
The question is whether accessing an open wireless network is more like watching a TV on the neighbor's front lawn, or peeking through the curtains into his living room.
The way I answer the question is by trying to figure out the owner's intent. If there's a clear indication that the network is open to the public (the network is identified as "public" or "free" or "connect here!"), then it's clearly all right to access it.
But absent such an indication, I'd err on the side of not accessing. Most people don't know that much about wireless networking compared to your average tech-savvy individual (especially someone inclined to walk around with a wireless network finder on his/her keychain, I might add!). It's arguable that any business owner who would offer such a service to their customers has a duty to protect his/her own interests. But failure to protect one's interests (whether through laziness or ignorance) doesn't necessarily mean that I can ethically take advantage of that failure. Ethically speaking, I would argue that by virtue of my better-than-average knowledge about the subject, I have a larger-than-average responsibility to avoid taking advantage of that knowledge.
As for whether to inform the business owner? I'm not sure there's an ethical duty there, but I would err on the side of informing the business owner. Again, extra knowledge means extra responsibility.
I would:
A) Use the wireless
B) Warchalk the location so that others could use it also
C) Not tell the owner
D) Buy coffee across the street
Post a Comment