Waving from the window of the ivory tower
Apologies if this appears twice.
I wrote the paper, and appreciate the comments here (and you can count the Reg footnotes in the paper too if you like). What's particularly interesting to me is the various suggestions regarding having some sort of naming convention and/or having something as a preset (which might avoid making things worse with new legislation). I mentioned quite briefly in the full publication the path taken in California which was to legislate for warning labels. While that wasn't a solution, the idea of using the law to give the person who buys the hardware an (informed) choice as to what to do is a very attractive one, and probably more sensible than what we have at the moment.
Some quick other comments:
@Stephen Jones that's a fair point, and it's actually more than two aspects! In working on this I went through civil liability, criminal offences (subdivided into theft of services - Comms Act and unauthorised access - Computer Misuse Act), breach of contract, and also competition law for the municipal wifi stuff. In a way that's the point I'm getting at, in that there are a range of tools to regulate this but none of which really fit and that's why in particular some local police/CPS are struggling to fit square users into round laws; the idea that you can use the old ripping-off-BT-with-longdistance offence (now s 125 Comms Act) to deal with this just makes a joke of the law.
@dunncha evading liability because the 'outsider' did the bad deed has been mentioned in cases in UK, US, Germany and I think Denmark (in various contexts). Nothing definitive yet. There is the possibility of looking for intermediary protection but that is a double-edged sword as if you (as the person who runs the wifi network) are seen in the ISP category, then you may also pick up the obligation of ISPs (which are, e.g. data retention, getting more serious over time).
@Grease Monkey fair cop - the quote there (which is trimmed down from my normal verbosity) could, with hindsight, be clearer. I agree that it's unrealistic to expect wifi to be a solution, though I do think it's part of it. Some of the work by OLPC on mesh networking is interesting. But I'm thinking more along the lines of community access schemes where high-speed access is unaffordable for each user to get a separate subscription (and that can be distance-related, in that if you're in the Square Mile and can shop around multiple cable and DSL providers, that's very different to being stuck on the fringes and stuck with one provider - or satellite, eep!), and therefore extending the number of users is a goal. This can run into an odd set of problems in that if it's run unofficially there are the criminal issues and also the breach of contract stuff, and if run officially there's still the contract stuff and also the general objection to non-commercial provision of a commercial service (as in the Prague decision discussed in the paper, where they had to confine the municipal service to official Government websites only, a truly scary idea). Also, I completely agree that a lot of the potential users of open networks are doing it for convenience. But I don't think they are necessarily the evil black hats that the Computer Misuse Act was designed to deal with, even if they're not in the same shining moral category as our grannies in rural whereever.
Biting the hand that feeds IT
