BF2S Forums German High Court: It's YOUR fault

Shahter wrote:

FEOS wrote:

So now you're implying I have no first-hand experience? With what? Using a private person's open wireless network without permission?

I guess you're right. I don't have experience with that.

how do you know that? because you only access networks with ssid's like "starbucks" and the likes? what if those weren't ment to be used without permission?

There are signs that tell you which ssid to use.

Shahter wrote:

FEOS wrote:

Shahter wrote:

as i already said numerous times: the owner of a wireless network is not being held responsible for any illegal act performed by those who illegally used their network. they are only being punished for leaving the fucking door open.

And they are being punished for that only because an illegal act was performed after someone walked in that door--even though leaving the door open is not illegal. So they ARE being punished for someone else's illegal act. Otherwise, having an open network would have to be illegal in and of itself, not just when someone else does something illegal with it.

as i said, for those who have no specific education and skills it should be illegal to have an open wireless network. what they've done in germany is half a measure ment to reduce the possibility of this hole in their legislation being abused for the time being.

It's not like driving a car or something, ffs. It's a communication device. It's not like operating an open wireless network is endangering anyone.

Shahter wrote:

FEOS wrote:

Shahter wrote:

FEOS wrote:

Yes, there are. They are called privacy laws.

which, in the absence of proper regulations enforcement, simply don't work.

Fixed. There's the problem. Enforce existing privacy laws, piling on punishment for violating the private users' privacy by using their network resources to perform the illegal act, in addition to any punishment for the illegal act performed. Don't punish the private user.

well, unfortunately in this case there's no practical ways of enforcing these laws without introducing some restrictions, and you of all people should know it if you really are as well tained a professional as you claim to be.

Sure there are practical ways of enforcing them. As stated, you pile on the punishment when punishing for the other crime, since this is all triggered by the other crime to begin with.

Shahter wrote:

FEOS wrote:

Shahter wrote:

FEOS wrote:

The highlighted statement would imply that you, my friend, are a sociopath. Have fun with that.

you can label me however you wish, it doesn't change the fact that it's not my fault that there's no proper laws regulating this matter. when there are - like the one you suggested about placing it upon wap manufactureres to enforce the use of passwords and encryption in all acces points, or, for example, mandatory registration and monitoring (by isp's and law enforcement institutions) of all open wireless networks run by private citizens and education/certification in the use of said networks for those citizens - then you'll have a point.

They have the ability to trace the origin of the activity to a given wireless network.

and what would they find there? a mac address of a wireless card used to establish the connection - nothing to go by.

Then they have nothing to punish people with today and this law is unenforceable today. But that is clearly not the case, as they can and do do that...hence the law and cases associated with it.

Shahter wrote:

FEOS wrote:

Why not just do what I stated above? They know that the criminal then used someone else's network without authorization, so they can pile on privacy law violations on top of the other crimes. There is no need to penalize the user who was victimized by the criminal in the first place.

oh, go ahead and devise a way to get the evidence required. get back to me when you are done and we'll discuss this further.

Germany clearly has figured out a way to do that. And if ISPs are required to turn over data to the authorities, there is enough data embedded in the traffic they log to do what is required.

Shahter wrote:

FEOS wrote:

Shahter wrote:

in a perfect world - yes. but on this planet it is just as reasonable to assume that if you leave your wireless network unsecured there's very high probability of it being used by criminals.

So punish the victims? Makes perfect sense.

no, punish the careless. makes perfect sence to me.

Nobody was being careless. But someone was being intentionally criminal. Why not just punish them and be done with it?

I suppose you think victims of identity theft should be fined for being "careless" as well?

Shahter wrote:

FEOS wrote:

Shahter wrote:

re-read it. it clearly says that every private network should be password protected, but the fine only applies in case an illegal action is performed with the use of said network, which, tbh, makes this law just about as useless as if there wasn't any law of the kind still. however, the move to have something like this in place is definitely right, imo, and, as i said, if they are any good at what they do they'll develop it further.

There is nothing right about it. The punishment should fall on the criminal--the one who committed the crime. Not the person upon whom a crime was committed. Throw on another charge of "illicit use of private resources" or something, up the jail time, ensure that everyone knows that they will face increased jail time for using someone else's WAP without permission if they get busted for doing something else illegal. They're already enforcing the other laws, this would be like making sure someone has proof of insurance or is wearing their seatbelt in their car. If you get stopped for speeding and don't have those, you get extra citations for that.

i see your point and i already agreed with you on a number of issues. however, i still stand by my opinion that, untill a better technical and legal ways of regulating this have been found, making it mandatory for every private citizen running a wireless network to implement simple measures of network security already available to them with just about any equipment they might be using is absolutely reasonable.

There's nothing reasonable about it, from a civil liberties perspective. It's perfectly reasonable from a technical perspective, I agree. However, that is not the crux of the argument. At issue here is the reach of the government and the propriety of punishing someone for someone else's criminal act when the former had no part in or knowledge of the latter's action.

Shahter wrote:

FEOS wrote:

Shahter wrote:

how do you know that? because you only access networks with ssid's like "starbucks" and the likes? what if those weren't ment to be used without permission?

There are signs that tell you which ssid to use.

and if there are multiple networks broadcasting the same ssid?

Then clearly someone has set up an ad-hoc network in an attempt to get you to join their network. Normally with less-than-honest intent. I'd go elsewhere.

Shahter wrote:

FEOS wrote:

It's not like operating an open wireless network is endangering anyone.

it does, and i already gave examples.

No. It doesn't. Operating the network doesn't endanger anyone. It is what someone purposefully does, specific actions as results of choices they make after specifically choosing to join that particular network and no other that endanger not people but equities.

Shahter wrote:

FEOS wrote:

Sure there are practical ways of enforcing them. As stated, you pile on the punishment when punishing for the other crime, since this is all triggered by the other crime to begin with.

according to the OP, the fine part does trigger, yes, but it's clearly stated that everybody should password protect their networks regardless. i already said that, imo, it's pointless that way, but at least they are trying to put this shit in order.

So it's not enforceable unless another crime occurs. As stated.

Shahter wrote:

FEOS wrote:

Then they have nothing to punish people with today and this law is unenforceable today. But that is clearly not the case, as they can and do that...hence the law and cases associated with it.

FEOS wrote:

Germany clearly has figured out a way to do that. And if ISPs are required to turn over data to the authorities, there is enough data embedded in the traffic they log to do what is required.

first: find me where exactly it's said in the OP that they were able to make this particular case based on the info that was left when the criminal illegally used an open wireless network.

OP linked article wrote:

The ruling came after a musician, who the court did not identify, sued an Internet user whose wireless connection was used to illegally download a song which was subsequently offered on an online file sharing network.

But the user could prove that he was on vacation while the song was downloaded via his wireless connection. Still, the court ruled he was responsible to a degree for failing to protect his connection from abuse by third parties.

In this particular case, they went after the poor schmuck whose network was used--not the person who actually broke the law.

Shahter wrote:

and second: you know as well as i do that there's nothing in isp logs that could've helped them to track the criminal in this case if he wasn't a complete idiot to repeatedly use the same wap/same mac-address. trace it back to the particular subnet - yes, find the list of ip-addresses/ports accessed - sure, get the mac-address of the wireless interface used - of course, but... that's about it.

And of course they wouldn't be able to track the criminal down unless they used some sort of account-based interaction that was then traceable back to them. There are multiple ways to get hold of someone other than just their "signal externals".

Shahter wrote:

FEOS wrote:

Shahter wrote:

no, punish the careless. makes perfect sence to me.

Nobody was being careless. But someone was being intentionally criminal. Why not just punish them and be done with it?

as i said, when there's a practical way - get back to me.

So the practical way is punish someone who hasn't broken any laws? Makes perfect sence [sic] to me.

Shahter wrote:

FEOS wrote:

I suppose you think victims of identity theft should be fined for being "careless" as well?

depends.

Depends? On what?!

That's fucking ludicrous. Someone has their identity stolen--which takes a positive criminal act by another person to happen, regardless of the level of carelessness by the victim--and you think they should be fined in ANY circumstance?! There is NO circumstance. NONE. Where that makes any sense whatsoever.

Shahter wrote:

FEOS wrote:

There's nothing reasonable about it, from a civil liberties perspective. It's perfectly reasonable from a technical perspective, I agree. However, that is not the crux of the argument. At issue here is the reach of the government and the propriety of punishing someone for someone else's criminal act when the former had no part in or knowledge of the latter's action.

everything should be taken into account when looking at this problem, and, as i said, since there's no strict and clear legislation in place, common sence should be the first to apply. but you are trying to reduce this to just "civil liberties" issue , which, tbh, is just absurd.

There's nothing absurd about it. Civil liberties ARE a common sense issue. Common sense tells you NOT to punish the victim of a crime for the criminal's misdeeds simply because you feel the victim isn't smart.

Shahter wrote:

FEOS wrote:

Shahter wrote:

FEOS wrote:

There are signs that tell you which ssid to use.

and if there are multiple networks broadcasting the same ssid?

Then clearly someone has set up an ad-hoc network in an attempt to get you to join their network. Normally with less-than-honest intent. I'd go elsewhere.

bingo! but you are at starbucks, drinking your morning coffee and looking to check your e-mail. what do you do?

See above.

Shahter wrote:

FEOS wrote:

Shahter wrote:

FEOS wrote:

It's not like operating an open wireless network is endangering anyone.

it does, and i already gave examples.

No. It doesn't. Operating the network doesn't endanger anyone. It is what someone purposefully does, specific actions as results of choices they make after specifically choosing to join that particular network and no other that endanger not people but equities.

maybe a "criminal" connected to the "private" network by mistake? maybe he has a trojan program he doesnt't know about which tries to connect to any wireless network available and mail itself around or ddos-attack some internet resource or other? there are a lot of ways to do harm using an internet connection.

And there have been cases where the "criminal" has been able to prove their innocence by showing their computer was co-opted by malware without their knowledge. There was a kiddie porn case here in the US where that occurred where a guy's computer had been owned and was being used as a porn server--he had no idea until he was arrested and his computer was seized. He was able to prove that and the charges were dismissed.

And even then, that doesn't show that operating the network is endangering anyone. You are missing the key phraseology here.

Why is the burden not on the musician to better protect his intellectual property? If it can be so easily stolen, shouldn't it be better protected?

Shahter wrote:

FEOS wrote:

Shahter wrote:

FEOS wrote:

Sure there are practical ways of enforcing them. As stated, you pile on the punishment when punishing for the other crime, since this is all triggered by the other crime to begin with.

according to the OP, the fine part does trigger, yes, but it's clearly stated that everybody should password protect their networks regardless. i already said that, imo, it's pointless that way, but at least they are trying to put this shit in order.

So it's not enforceable unless another crime occurs. As stated.

and it should be kept that way?

Rather than punishing someone for a crime they didn't commit? Yes.

Shahter wrote:

FEOS wrote:

Shahter wrote:

FEOS wrote:

Then they have nothing to punish people with today and this law is unenforceable today. But that is clearly not the case, as they can and do that...hence the law and cases associated with it.

FEOS wrote:

Germany clearly has figured out a way to do that. And if ISPs are required to turn over data to the authorities, there is enough data embedded in the traffic they log to do what is required.

first: find me where exactly it's said in the OP that they were able to make this particular case based on the info that was left when the criminal illegally used an open wireless network.

OP linked article wrote:

The ruling came after a musician, who the court did not identify, sued an Internet user whose wireless connection was used to illegally download a song which was subsequently offered on an online file sharing network.

But the user could prove that he was on vacation while the song was downloaded via his wireless connection. Still, the court ruled he was responsible to a degree for failing to protect his connection from abuse by third parties.

In this particular case, they went after the poor schmuck whose network was used--not the person who actually broke the law.

so what? had he protected his wireless connection there wouldn't have been a problem even if the connection was hacked and then used to commit an illegal act. here we go again: punished for carelessness, not for others' poor choices.

No. He was punished because the other person committed a crime. He would not have been punished otherwise. What part of that do you not understand?

The other person actually committed THREE crimes: 1) illegally using another person's internet connection; 2) illegally appropriated the musician's music; 3) illegally shared said music. Yet there is no culpability on the musician's part for not better protecting his intellectual property? No culpability on the part of the P2P provider for enabling illegal activity? Those arguments make as much sense--logically--as yours does regarding forcing private citizens to put passwords on their WAPs or face fines if someone commits a crime using them without their knowledge.

Shahter wrote:

FEOS wrote:

Shahter wrote:

and second: you know as well as i do that there's nothing in isp logs that could've helped them to track the criminal in this case if he wasn't a complete idiot to repeatedly use the same wap/same mac-address. trace it back to the particular subnet - yes, find the list of ip-addresses/ports accessed - sure, get the mac-address of the wireless interface used - of course, but... that's about it.

And of course they wouldn't be able to track the criminal down unless they used some sort of account-based interaction that was then traceable back to them. There are multiple ways to get hold of someone other than just their "signal externals".

first, see the highlighted text. and second, before they could use the methods you described to get the evidence required to make a case, they'd need to identify whom to target with this stuff first.

One need not be an idiot to get caught. One need only attract the attention of the right law enforcement agencies.

Shahter wrote:

FEOS wrote:

Shahter wrote:

FEOS wrote:

Nobody was being careless. But someone was being intentionally criminal. Why not just punish them and be done with it?

as i said, when there's a practical way - get back to me.

So the practical way is punish someone who hasn't broken any laws? Makes perfect sence [sic] to me.

yes, by enacting a law to regulate this issue. then they'd be breaking the law by running an unprotected wireless network. goodie.

Or--crazy thought here--just punish the person who actually committed the crime.

Or we could follow your train of thought and enact laws to punish: the private WAP user, the musician (he's clearly at fault for not better protecting his music), and the P2P provider. Let's go ahead and punish the ISP, as well. They probably could've done something to prevent it from happening, too. And the telecom company that provided the infrastucture that everything was riding on. They could've implemented something to prevent it.

Shahter wrote:

FEOS wrote:

Shahter wrote:

depends.

Depends? On what?!

That's fucking ludicrous. Someone has their identity stolen--which takes a positive criminal act by another person to happen, regardless of the level of carelessness by the victim--and you think they should be fined in ANY circumstance?! There is NO circumstance. NONE. Where that makes any sense whatsoever.

you have acces to some restricted information, imagine what would happen if you, like some of the dumbfucks i see every day at work, write your login and password on a sticker and place it on your monitor - "not to forget" . imagine vital data is then stolen using your credentials - are you not to be held accountable then?
if you don't exercise proper care when working with restricted info, if you use 12345 for passwords, if you leave your corporate credit card info on porno-sites - yes, you sould be held accountable if shit happens as a result of your irresponsible behavior.

There is a difference between signing agreements that say "you must follow this standard of behavior or these consequences will occur" and this case.

Shahter wrote:

FEOS wrote:

Common sense tells you NOT to punish the victim of a crime for the criminal's misdeeds simply because you feel the victim isn't smart.

this is NOT the case. nobody's being punished for no criminal act, only for their own irresponcible behavior.

Wrong again. The proximate cause for the punishment is not the individual's own actions, but the criminal's actions. There would be no punishment absent the criminal's actions. Therefore, the other person is being punished for the criminal's actions, not the criminal themself.

Dilbert_X wrote:

The individual facilitated, knowingly or negligently, the crime - so they receive a sanction.

If I own a plot of land and someone trespasses in order to commit a crime, have I facilitated it?

Dilbert_X wrote:

The individual facilitated, knowingly or negligently, the crime - so they receive a sanction.

Negligence implies some foreseeable wrong being done.

Legal Dictionary

Main Entry: neg·li·gence
Pronunciation: 'ne-gli-j&ns
Function: noun
: failure to exercise the degree of care expected of a person of ordinary prudence in like circumstances in protecting others from a foreseeable and unreasonable risk of harm in a particular situation

Someone should foresee another person using their wireless connection to commit a crime? It then becomes their fault? Wrong. That person did not facilitate another person's active, willing choice to commit a crime. That is utter, certifiable, bullshit.

Dilbert_X wrote:

If I leave my house unlocked, my car unlocked, my tools unlocked etc its foreseable that a crime or at least an accident could occur - which would be much less likely if I took basic precautions.

Extending it to wifi is a stretch but thats what the germans have democratically decided to do.

They have not democratically decided to do anything. Their Supreme Court (or its equivalent) has decided to do it.

Dilbert_X wrote:

The article was pretty short on detail, I guess the court simply interpreted existing law.
Courts don't make up new laws.

Actually, that's exactly what they did.

German Court wrote:

Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation

That's new, not an interpretation of existing law. No law currently exists obligating private users to secure their wireless connection for any reason.

Dilbert_X wrote:

Pretty sure european courts can't create new laws or fines, thats reserved for the govt.

Have you read the article linked in the OP? Or the part of the article I quoted in the OP? There is a fine associated with it. That is associated with the court's ruling. And the last time I checked, courts were part of the government...

The court issued the fine, not some other government office:
SOURCE

Infosecurity(UK) wrote:

However, the court ruled that he was still partially responsible for failing to secure his wireless LAN and, as such, was handed down a fine of 100 euros.

Courts hand out fines all the time. Totally within their purview.

Dilbert_X wrote:

There'll be some law saying people can be sued/fined if their negligence/lack of action causes someone else a loss. This would just be an interpretation wrt new technology.

As of May 12 the full judgement hadn't been published, so we'll see I guess.

I can't find a legal analysis of the ruling anywhere. Doesn't change the wrongness of it from a civil liberties/common sense perspective. I get the technical side of it. I understand it's a simple thing to do and the fine is minimal. It's the principle of punishing someone for another's misdeeds that I take issue with. That is something that should be abhorred in a free society.

Dilbert_X wrote:

Courts do indeed issue fines, they don't write new laws though.

If I leave my car running and some kid jumps in and mows down a bunch of people I would expect to get fined for leaving my car running.
Its not complicated.

I wouldn't. You leaving your car running was not the proximate cause of that incident. You were not negligent.

Now, had you left the car running, put the kid behind the wheel, and said "have fun with that" and walked off...different story. Negligence and proximate cause.

It is actually more complicated than you think. Proximate cause has to be shown. With the prevalence of wireless networks, one would think proximate cause would be a difficult burden of proof, as the offender could just as easily have chosen another network.