back to article EU ends anonymity and rules open Wi-Fi hotspots need passwords

Result, guys. Result. A campaign by Digital Rights activists to preserve open Wi-Fi hotspots has resulted in Europe’s highest court deciding the exact opposite. The ECJ has advised that open Wi-Fi hotspots should probably be operated password-protected – and hotspot owners should require users to reveal their identities. The …

  1. Preston Munchensonton
    Thumb Up

    Meh

    That Brexit is looking better every day...

    1. adnim Silver badge
      Big Brother

      Re: Meh

      Until uk.gov decides that it is a good idea.

      They were pretty picky and choosy which European laws were adhered to pre-Brexit. I can still see them picking an choosing.

      The difficultly in bypassing this depends on what kind of ID is required to be presented to reveal ones identity... Someone else's birth certificate? Another's Credit card? or would a valid passport be required?

      1. Anonymous Coward
        Anonymous Coward

        Re: Meh

        They were pretty picky and choosy which European laws were adhered to pre-Brexit. I can still see them picking an choosing.

        Oddly enough it's the eurosceptic countries like the UK and Denmark that have implemented the largest number of EU directives in national law, although often after complaining and protesting. It's the countries like France who are really picky, but cleverly so, by loudly welcoming a new directive and then ignoring it or implementing something which looks a bit like it but is actually much more beneficial to them. It's a game, where it does not pay to be hoenst & upfront. There is a reason why the French describe sportsmanship as "tres fairplay", the language seems to lack an appropriate French equivalent...

        1. LDS Silver badge

          Re: Meh

          Nothing compared to countries like Italy that vote to approve them, then "forget" to implement them), and then pay fees (with taxpayers money) for not doing so...

          But are you Britons sure someone like Ms. May isn't interested in ensuring every WiFi access is controlled? She didn't look like someone who puts personal freedoms before everything else.... wasn't she one of the backers of the snooper's chart?

          1. Blotto Bronze badge

            Re: Meh

            IPv6 will take care of identity of the user's machine on unsecured wifi hotspots.

            https://en.wikipedia.org/wiki/IPv6_address#Modified_EUI-64

            1. Preston Munchensonton
              FAIL

              Re: Meh

              IPv6 will take care of identity of the user's machine on unsecured wifi hotspots.

              https://en.wikipedia.org/wiki/IPv6_address#Modified_EUI-64

              Great! An unspoofable method of...oh wait. #fail

        2. Kubla Cant Silver badge

          Re: Meh

          Oddly enough it's the eurosceptic countries like the UK and Denmark that have implemented the largest number of EU directives in national law

          That's why they're Eurosceptic.

          In the EU, the Germans like plenty of rules, the more unreasonable the better. The Club Med countries don't care whether you have a lot of rules or not, because they ignore them.

      2. big_D Silver badge

        Re: Meh

        In Germany, you could put in an NFC reader and read the customer's Perso (Perosnalausweis or national identity card). The governments are trying to push the use of the modern NFC enabled ID cards in Europe, so I can see them saying this is a good idea...

      3. Suricou Raven

        Re: Meh

        A small business is not capable of managing identity verification for transient customers affordably. The usual solution is to just contract the role to a company that specialises in running public hotpots and can do just that.

        1. Phil O'Sophical Silver badge

          Re: Meh

          specialises in running public hotpots

          A Lancashire version of Plusnet, perhaps?

          1. Frumious Bandersnatch Silver badge

            Re: Meh

            specialises in running public hotpots

            Did someone say pubic hotspots?

    2. JimmyPage Silver badge
      Mushroom

      Re: Meh

      Hmmmm

      As I recall, the UK courts have already tried a few times to use unsecured WiFi as a "must like paedoes or be a paedo, " smear.

      The EU was probably taking it's lead from the UK.

    3. MrXavia

      Re: Meh

      If only we had a party in power that respected the people of this country, then Brexit would look great...

      Right now we have a Toff who doesn't understand the problems of the nation...

      1. Derezed

        Re: Meh

        By "Toff" do you mean someone who has an education? Did you not hear that David Cameron (a "Toff") has not only relinquished control of the Country to someone else, he has actually stepped down as an MP? A quick glance at May's Wikipedia page identifies her as the daughter of a clergyman...hardly a Toff...but don't let the facts get in the way of your spit flecked anti educated individual bile!

        1. Bernard M. Orwell Silver badge

          Re: Meh

          "daughter of a clergyman"

          yeah, and Thatcher was the daughter of a grocery store owner.... beware of the wolves in sheeps clothing.

        2. Anonymous Coward
          Anonymous Coward

          Re: Meh

          To many people, she's a 'toff' because she went to a Grammar School.

          Oh wait... Didn't Jeremy Corbyn do the same?

          Never mind, she's still a Toff and good old JC a man of the people.

          ergo, all Tories are Toffs.

          1. Bernard M. Orwell Silver badge

            Re: Meh

            " all Tories are Toffs."

            Anyone of the working classes who votes tory is a bloody idiot. If you don't own your own business, sit on the board of a company, hold a directorship or a landed title of some kind, then the tories are not going to help you in any way; quite the opposite.

          2. Anonymous Coward
            Anonymous Coward

            Re: Meh

            >To many people, she's a 'toff' because she went to a Grammar School.

            Actually she went to Wheatley Park Comprehensive School - she claims a Grammar School education as it was one when she started - ironically she failed the 11+ so had to go to a private school to be trained up to pass the 13+ for a late transfer (socially mobility and all that).

    4. Anonymous Coward
      Anonymous Coward

      Re: Meh

      "That Brexit is looking better every day...

      Well, there is definitely some irony to be found here. Because I know city councils who are busy to experiment with providing free Wi-Fi for the entire city and all its guests. Guess Europe now put a stop to that ;)

    5. Andrew 60
      FAIL

      Re: Meh

      Because Theresa May is a well known champion of civil liberties and internet freedoms

      1. Derezed

        Re: Meh

        Whatever she is, she isn't a "toff". I didn't say anything else about her credentials, but the recent fad of calling anyone who doesn't stand behind Comrade Korbyn a "toff" or some kind of establishment shill of Israel is really, really grating.

        1. FlamingDeath Bronze badge

          Re: Meh

          There is a point in success, when you start associating with those same circles.

          http://mixmag.net/read/the-prodigys-keith-flint-fox-hunting-news

          So yeah, she is a toff, anybody who supports the Cons™ is either a toff, or a wannabe toff "Hyacinth Bucket" type

      2. John Smith 19 Gold badge
        Unhappy

        "because Theresa May is a well known champion of civil liberties "

        Sarcasm is difficult to pull off on the Web.

        1. Olius

          Re: "because Theresa May is a well known champion of civil liberties "

          "Sarcasm is difficult to pull off on the Web."

          So are double-entendres.

          1. Anonymous Coward
            Anonymous Coward

            Re: "because Theresa May is a well known champion of civil liberties "

            So are double-entendres.

            A woman walked into a cocktail bar and ordered a double entendre. The barman gave her one.

    6. John Brown (no body) Silver badge

      Re: Meh

      "That Brexit is looking better every day..."

      Rubbish. Finding a WiFi hotspot in the UK that isn't password protected is hard enough as it is and it's NOTHING to do with the EU or any ECJ court rulings. It's greedy bastards who can't see that offering a free service that costs them next to nothing to offer might actually attract paying customers in to spend money. No siree, they see it as a "cost" and so have to "monetise" it so get BT or someone to provide the service and require details before letting you use it then MITM everything you do on it.

      This whole fantasy of "free" WiFi, your device hopping from one provider to the next as you walk down the street is pure marketing myth. I rarely use WiFi out and about because it pisses me off have to keep signing in everywhere I go.

      No, I never enter real details, no I never remember what details I used where and no, it's getting harder and harder to register as micky.mouse@disney.com because thats usually already a registered user.

    7. NeilPost

      ECHR will overrule this

      I think you will find this ruling is in breach of the European Convention on Human Rights, which the EU is signed up, though seem to for some bizzare reason not ratified yet after a number of years.

      And all you Brexit idiots seem blithly in total ignorance that this the ECHR comes from the Council of Europe which

      - The UK was a founder member of

      - We are not leaving

      - The ECHR and it's Human Rights impact on UK Law will not change 1 IOTA with the UK's Brexit from the EU, should that ever happen.

  2. Benny

    Erm

    So no password is bad, having a password printed on a sign that has to be typed in is good?

    And that will stop people being naughty?

    1. Eddy Ito Silver badge

      Re: Erm

      Don't be silly, that means next time the likes of Sony get their pound of flesh from the shop owner for failing to provide due care if he doesn't cough up the names of the folk who used his wifi.

      1. martinusher Silver badge

        Re: Erm

        >the shop owner for failing to provide due care if he doesn't cough up the names of the folk who used his wifi.

        Just record all the MAC addresses of devices that access the hotspot and hand the list to whoever demands it. You've done your bit, let Sony et al sort out who to heavy from that lot. (But, of course, its possible to set any MAC address into an interface.....so expect those who don't want to be identified to not be identified.)

        There should be a law prohibiting anyone who's not technically qualified from making laws about the behavior of technology because they always screw it up. They're a bit like marketing people but with even less understanding of what they're talking about.

        1. Anonymous Coward
          Anonymous Coward

          Re: Erm

          WOT?! You mean there's no central MAC address database so we can find out who the pirates are! Oi! Something needs to be done! You! Legislator! Think of the chitlins!

    2. DaLo

      Re: Erm

      I think the ruling would expect that the password is not available until you have handed over some form of identity document to allow you access. However if 500 people know the password how would you then know who the infringer was?

      A further ruling would have to state that every user would need to be uniquely identified and logged on your system for a period of time (12 months?) making it as onerous on you as it is for an ISP in the snooper's charter proposals.

      This ruling is entirely flawed and shows, unsurprisingly, a complete lack of knowledge of the technology and does, effectively kill off hotspots for pretty much everyone unless an e-mail address is accepted as proof of identity and a voucher code system is used on the wifi hotspot.

      1. Named coward

        Re: Erm

        The ruling is partially positive for Germany, where this case started, and where businesses are liable for whatever is downloaded or uploaded from their WiFi - which effectively makes running an open WiFi a very risky business.

      2. Novex

        Re: Erm

        effectively kill off hotspots for pretty much everyone unless an e-mail address is accepted as proof of identity and a voucher code system is used on the wifi hotspot

        Either a voucher, or a deposit paid by credit/debit card which could then be refunded. Certainly it would mean securing wifi with individual user accounts of some kind. How many consumer routers (which I imagine are what most coffee shops and the like have) are set up with that kind of system?

    3. 2+2=5 Silver badge

      Re: Erm

      > So no password is bad, having a password printed on a sign that has to be typed in is good?

      > And that will stop people being naughty?

      You misunderstand the ruling. He can't just post the password on a sign - he has to somehow validate the identity of each user before giving them the password.

      They then give the password to someone else (perhaps by accidentally leaving it on a slip of paper on the table when they leave) making a complete mockery of the ruling. Add to this the the fact that the password will be "fu50ny" and it all starts to be a bit silly.

      1. MiguelC Silver badge

        Re: Erm @ 2+2=5

        A bit silly it may be, but under this ruling the business will still be responsible for the behaviour of its users if it cannot identify who was the culprit of some specific naughtiness being investigated

        1. Named coward

          Re: Erm @ 2+2=5

          The ruling is self-contradicting. In one place it says that monitoring information has to be excluded as an option since that breaks some other EU law. The it says that it should require a password...so make a password, and have people show you their ID to give them the password. This, according to the judgement, "may dissuade the users of that connection from infringing copyright or related rights". But you still won't be able to pinpoint who did what and according to the ruling you are then not liable.

      2. big_D Silver badge

        Re: Erm - 2+2=5

        Not exactly, there are two stages or passwords that can be used.

        Using a known password for the hotspot to enable encryption is a good thing. This password can even be displayed on the counter, so that customers can gain access to the internal network.

        The second stage, which is more controversial, and is probably what the courts want, is to have a proxy or gateway that requires users to be registered, before they get from the internal network out onto the Internet. These systems are available and cost money. In Germany the likes of Deutsche Telekom and the other large telcos generally run them and customers of the Telco can often use the hotspots "for free", because it is included in their monthly mobile or landline contracts.

      3. yowl00

        Re: Erm

        Indeed, and if they have WP (ok, not many people included here), and they have the option turned on, then all their social network friends get the password automatically.

    4. LDS Silver badge

      Re: Erm

      Have you ever heard of captive portals and other tools to create user/password on the fly and have them removed automatically after a while? Heck, even my AP has one embedded...

    5. big_D Silver badge

      Re: Erm

      Having a WPA2 password / passphrase makes it secure at least and cannot be eavesdropped by others in the vicinity. It doesn't matter if the password is printed for all to see, once the traffic is encrypted, it make it a lot more secure.

      Having to use a logon-page on top of that, so that you can access the Internet through the router is another matter.

  3. Anonymous Coward
    Anonymous Coward

    The EU

    Employs a lot of legal folk, someone has to create the work you know.

    --

    By the requirement for "identities" does that mean that I can't now have a general staff/guest WiFi with the password available to all, that I need to see proof of ID before allowing users to connect?

    "Can I use your WiFi?",

    "Let me see your papers!"

    (no prizes for the accent I slipped into on the second bit)

    1. John Hawkins

      Re: The EU

      Pretty sure it won't be German; having worked there for a couple of years I know just how paranoid they are about such things. With their history (GESTAPO, STASI) I don't blame them.

      My pick would be the voice of Mr MacKay in Porridge for those words.

      1. Wiltshire

        Re: The EU

        Mr MacKay? Too good to resist!

        WiFi guard : "Don't let me catch you abusing that WiFi password I've just given you"

        Guest : "I won't "

        WiFi guard : "Won't what?"

        Guest : "Let you catch me"

    2. Kane Silver badge

      Re: The EU

      "Let me see your papers!"

      "These are not your papers! Guards! Guards!"

      1. Sir Runcible Spoon Silver badge
        Joke

        Re: The EU

        "These aren't the papers you're looking f...damn, no no, I mean they ARE the papers you're looking for!"

    3. big_D Silver badge

      Re: The EU

      Essentially yes, although you will need a two stage system. You can keep the SSID WPA2 password as is and freely available, but you will need to put in some additional gateway / proxy system that then asks for additional identification or a special "ticket" number to allow them to gain access to the Internet.

  4. gv

    Users required to reveal identities

    Does that mean that you'd have to show your passport to some teen barista before you can use the wifi in the coffee shop?

    1. calmeilles

      Re: Users required to reveal identities

      That's so they can write your name on the cup. Wifi access will require much more.

      1. Dan 55 Silver badge
        Alert

        Re: Users required to reveal identities

        Scanning passports/driving licences, linking MAC address to scanned ID, recording log-on/log-off times, as it's an ISP that would mean making this data available to be searched under the latest Snooper's Charter...

    2. Anonymous Coward
      Anonymous Coward

      Re: Users required to reveal identities

      it also means that you have to prove your identity before Postman Pat will give you the password that allows you to receive letters. After all, one communications provider is the same as another, unless the law is stupid.

      oh, hang on ...

      1. Sir Runcible Spoon Silver badge
        Big Brother

        Re: Users required to reveal identities

        This could all be easily resolved with the assignment of an individual code for each person, something hard to fudge, like a tattoo or something.

        1. Anonymous Coward
          Anonymous Coward

          Re: Users required to reveal identities

          and on "receiving his mark" he might get access to channel 6 on 2.4GHz and 66 on 5.8GHz

          1. FlamingDeath Bronze badge

            Re: Users required to reveal identities

            "and on "receiving his mark" he might get access to channel 6 on 2.4GHz and 66 on 5.8GHz"

            It's funny you should quip about that, when you consider the 6 * English alphabet Gematria, computer = 666

            Many others also of notable intrigue, you should look into this.

            I found this subject so interesting, and not coincidental in any way, I decided to make my own calculator in php.

            http://flamingdeath.co.uk/apps.php

            1. This post has been deleted by its author

        2. NeilPost

          Re: Users required to reveal identities

          What like a serial number tattoo, say machine readable in these modern times. ??

          I think the Nazi's tried that,in the days beforre lasers and barcodes.

      2. Kubla Cant Silver badge

        Re: Users required to reveal identities

        you have to prove your identity before Postman Pat will give you the password that allows you to receive letters

        In future, you will require a password to post a letter.

        1. TRT Silver badge

          Re: Users required to reveal identities

          Excuse me, ve are looking for ze nu clee ar wessels.

          "Have you any identification?"

  5. Anonymous Coward
    Megaphone

    Must be fun...

    Being able to make up rules and tell people what they should do while you have absolutely no idea what you're talking about. Cynical? Yessir, but that's honestly my impression about these political 'geniuses'.

    Why I say that? Because I can turn this around. When a machine interacts with a wifi hotspot it'll send out its MAC address (you know: you can limit wifi access based on that as well, works quite effectively). Therefor I can argue that the identity got revealed, in the form of a MAC address. Which is, by theoretical definition anyway, a unique identifier.

    I know what you're thinking: that is not really an identification because I don't know who the person is. Welcome to the phenomenon of: "the letter of the law". They clearly said:

    "it is necessary to require users to reveal their identity to be prevented from acting anonymously before obtaining the required password."

    And the definition of identity is left out. So when looking this up on the Innernets (Oxford dictionary):

    "Identity - The characteristics determining who or what a person or thing is.

    Note: or thing? And as said: a MAC address is supposed to be unique, ergo, I have established the identity (of the machine aka the thing, which is still operated by the user), so they're free to use the open Wi-Fi.

    1. Anonymous Coward
      Anonymous Coward

      Re: Must be fun...

      "Why I say that? Because I can turn this around. When a machine interacts with a wifi hotspot it'll send out its MAC address (you know: you can limit wifi access based on that as well, works quite effectively). Therefor I can argue that the identity got revealed, in the form of a MAC address. Which is, by theoretical definition anyway, a unique identifier."

      But two things come to mind: MAC spoofing (two devices using the same MAC since some devices allow you to change the MAC) and a Man in the Middle (between you and the hotspot, again messing up the MAC uniqueness).

    2. FrogsAndChips Bronze badge

      Re: Must be fun...

      except that they say "require users to reveal their identity", not "require users to reveal the identity of their machine".

      1. Phil O'Sophical Silver badge

        Re: Must be fun...

        But it's the machine that is making the connection. I don't know about the rest of you, but I have no built-in wifi hardware.

        1. Arthur the cat Silver badge

          Re: Must be fun...

          I don't know about the rest of you, but I have no built-in wifi hardware.

          Old joke from the 80s/90s: I used to have an internal modem but it made me walk funny.

      2. Arthur the cat Silver badge

        Re: Must be fun...

        except that they say "require users to reveal their identity", not "require users to reveal the identity of their machine".

        The British being a nation of piss takers, how long until some activist goes to court for the right to change his name to a MAC address. "Henceforth I wish to be legally known as 10:c3:de:ad:be:ef."

        Imagine the database fun with that and little Bobby Drop Tables.

    3. HailAJ
      Coat

      Re: Must be fun...

      The problem with your comment is you used the Oxford English dictionary.

      The Courts all use Blacks Law Dictionary, where for example "Driver" means someone who is being paid to operated the vehicle in course of work, so when you operate your vehicle to go and buy chips your not technically a "driver".

      Why however we have a dictionary with English words in which have had their meanings changed is beyond my pay-grade.

      1. Dave 126 Silver badge

        Re: Must be fun...

        That's an interesting observation, HailAJ. However, it is a US publication. As far as the UK is concerned (if my 30 seconds of Googling are to believed), legal definitions are taken from a variety of sources, including the Oxford English Dictionary, Stroud's Judicial Dictionary of Words and Phrases (provides details of where words have been judicially defined by the court), and Words and Phrases Legally Defined (provides details of where words have been defined within legislation).

        - https://www.whatdotheyknow.com/request/dictionary

        I remember reading that Private Eye, who having used for years the phrase 'tired and emotional' as a euphemism for drunkenness, lost a libel case. The effective outcome is that 'tired and emotional' now means 'drunk'.

      2. BlartVersenwaldIII
        Headmaster

        Re: Must be fun...

        > Why however we have a dictionary with English words in which have had their meanings changed is beyond my pay-grade.

        Laws based in a large part on precedent need as concrete a definition of words as possible in regards to the context of the law, just in case someone needs to invoke precedent set in R v Joe Bloggs from 1843 whereupon a sanguinolent cabotin was convicted for pizzling a gay jollux.

        (Blacks is the US legal dictionary though isn't it? I think Oxford do a "proper" legal dictionary but IANAL)

        For similar reasons, judges will often ask "what is this <completely obvious $thing that everyone knows what it is> when it's at home?", to the frequent amusement of the press who can get a cheap "out of touch judge!" story. This is so that there can be a) no doubt in the mind of the jury and b) that an explanation of $thing is made part of the court records for possible future reference. For instance, will people know what a facebook is in 100 years time?

  6. Wolfclaw Silver badge

    Just stick a big notice on the wall with login details and a warning not to pirate content, should satisfy even the dumbest court !

    1. Scott Broukell

      Sorry but the above post is far too sensible - sensible post over here!

      You could also clearly advise users that in the event of a copyright infringement being determined, they will most likely be identified by cctv and/or other means.

      (No, no, no, getting far too sensible now!)

  7. frank 3

    They have made their ruling, now let them enforce it

    Wandering round this lunchtime, I passed abotu 40 open hotspots, many of which provided as free wifi by the great city of Manchester.

    So yeah. That's gunna work.

    I'll just type my passport number into this unsecured network to verify my identity shall I?

    What could possibly go wrong :D

    1. JimmyPage Silver badge
      Pirate

      Re: They have made their ruling, now let them enforce it

      I passed about 40 open hotspots

      are you *sure* they are "open" ?

      Default setup in UK is to have hotspot as open, but then to request some sort of identification before proceeding. Usually in the form of an email address (so it's pretty obvious it's not security, but user-monetisation driving the scheme).

      Also, I would strongly advise people to be *very* wary of "open" hotspots. I suspect more than a few have been setup with the express intention of sniffing all traffic.

      I can't prove it, but I have encountered quite a few alleged "BT Openzone" and "BT FON" hotspots which allow me to connect, but were never able to actually get to the internet.

      1. Mr_Pitiful

        Re: They have made their ruling, now let them enforce it

        I agree, mostly all you need is an email address to access the network

        Poor old bill.gates.at.microsoft.com, must get a lot of junk email!! ;)

        I found out by accident years ago that you don't need to verify the email address

        Now I just tell everyone to use the above, when in hotels etc etc

        1. Anonymous Coward
          Anonymous Coward

          Re: They have made their ruling, now let them enforce it

          From now on use an @europa.eu email.

          I generally use an @example.com address, because there's an infinite variety and I know it's not annoying anyone.

  8. Clive Galway
    FAIL

    Utterly unworkable

    If you require a passport or whatever for user #1 to use the WiFi, what is stopping user #2 from getting the WiFi password from user #1? One-time passwords etc? Well that is unfair on the smaller shops that cannot afford to pay for the kit that would support such a solution.

    1. Anonymous Coward
      Anonymous Coward

      Re: Utterly unworkable

      yes .. a beneficial side effect as far as the media companies are concerned. It's a similar thing to blocking content on the mere suspicion of a VPN or proxy, blaming users is far easier than fixing a licensing system that is no longer fit for purpose

      1. Anonymous Coward
        Anonymous Coward

        Re: Utterly unworkable

        "blaming users is far easier than fixing a licensing system that is no longer fit for purpose"

        Because any other method is just flat dead on the vine. Given the alternatives, one that's not fit for purpose is the least worst option. Or would you rather go back to the old days when art was only affordable by the rich and artists worked strictly on commission?

    2. HardyEsterhuizen

      Re: Utterly unworkable

      The problem with passport numbers, AFAIK, is there is no universal register of passport numbers for verification, or even a global standard for their format. So you could pretty much enter a random string of characters with no way to validate. Of course, they could require the establishment to check the passport but seasoned travelers tend to not carry their passports. A lot of hotspots, etc have systems that require you to verify your email address or receive a code on an SMS to your phone for access in the vague hope that this identifies you, but this is ridiculously easy to circumvent with a temp email address or burner phone.

  9. Jon Massey
    FAIL

    Those who use FAILboat memes

    Should check their layout first

  10. Anonymous Coward
    Anonymous Coward

    Meanwhile, in blighty ....

    Exposure to less technical fora would reveal that the Great British Public already think it's "the law" to secure WiFi, and that you can somehow be prosecuted for not doing so.

    Sometimes it's no necessary to pass laws, if the public effectively do it for you.

    I'll tell you something for nothing. After a particularly brain-dead "discussion" on Mumsnet about how you *have* to secure WiFi, I really would not want to be found with an open WiFi spot by the average Mumsnetter. As a previous commentard highlighted, it's the equivalent of being in possession of a raincoat with bags of sweets in the pockets.

  11. Dwarf Silver badge

    So many holes, it could be cheese.

    So, if each person must be identifiable, then where is the authentication realm to authenticate against and what do you do once they have authenticated - presumably you would need a full firewall log of everything they touched - so you can refer to it later when the claim comes in.?

    Which in turn needs time sync and a bunch of storage, etc, etc, etc.

    Would we have to run a set of ID's we trust, or is some pan-European authentication platform being formed to support this - given the mobility of people around the world.

    My next bets are :

    1. Someone hosting a WiFi hot spot with authentication will end up in trouble for discrimination, by not allowing the one-legged gender neutral slightly off-colour (pick a skin tone) person access.

    I'm left wondering how this fits into other things we know, such as :

    1. The European rights to privacy

    2. The UK principles that the "Internet is a right" (like gas and electric).

    3. The calls in Italy recently when the earth quake hit - to open up Wireless hot spots to help the rescue efforts.

    Like most rules, this doesn't seem very well thought through.

    1. Frank Fisher

      Re: So many holes, it could be cheese.

      "Would we have to run a set of ID's we trust, or is some pan-European authentication platform being formed to support this - given the mobility of people around the world."

      Exactly what the Commission proposed way back when. Using state-mandated offline ID to log in with online, everywhere, as soon as you go online. No internet access other than through an EU-approved membership system.

      Still think they're the good guys?

      1. Soruk
        WTF?

        Re: So many holes, it could be cheese.

        When I was in Paris in 2014, it was very hard to find free WiFi of any description, McDonald's was about all there was.

        Insanely, it was easier to find working, usable free WiFi in, of all places, the People's Republic of China.

        1. CRConrad

          When I was in Paris in 2015...

          ...it felt as if free WiFi was everywhere. OK, exaggeration -- not every bar / café / restaurant, but one out of every two or three.

  12. Voland's right hand Silver badge

    Let's step back for a second

    When China introduced this as a regulatory requirement a decade ago all Eu and USA politicos joined a howler monkey chorus despising the undemocratic nature of the Chinese approach and how it violates human rights and yadda yadda yadda yadda. Same as the same politicos and media doing a howler monkey impersonation when one of Putin's first moves became installing official taps backed by a legislative mandate into all SPs which fed something (nobody till this day knows what) to FSB. Hoooooooooowl.

    So, what are we doing now? We are quietly over time adopting what Putin and the Chinese are doing. The sole difference between us and them is that we are doing it clandestinely, while they are doing it above board. No comment which is more "democratic".

    So, let's step back for a minute. There are two ways to look at this.

    1. The anonymity of the Internet is an essential freedom.

    2. The Internet natural development route is over time to stop being anonymous and the identity of each and every user and device to be known.

    Realistically, we are already very close to 2 anyway. The sole caveat is that a few chosen ones like Google and its dear 3 letter associates have your identity (unless you are in a country where you have to identify yourself to use the Internet). Personally, I would love to go back to 1 - it has some essential values for whistle-blowers, emerging democracies, etc. However, the more realistic option is to actually go to a strictly controlled, regulated and legislated version of 2 which is no longer a monopoly of Google and the No Such Agency. And no howlers please.

    By the way - as far as the shop owner asking for your identity - it takes half an hour to integrate chilli-spot into either FaceBook or Google or other large 3rd party auth (f.e. in Germany - T-systems). They do not need to take your passport, what the ruling obliges them to do is to ensure you have authenticated somehow in a way which ties you up to a traceable identity. That is technically trivial.

    1. Anonymous Coward
      Anonymous Coward

      Re: Let's step back for a second

      "By the way - as far as the shop owner asking for your identity - it takes half an hour to integrate chilli-spot into either FaceBook or Google or other large 3rd party auth (f.e. in Germany - T-systems). They do not need to take your passport, what the ruling obliges them to do is to ensure you have authenticated somehow in a way which ties you up to a traceable identity. That is technically trivial."

      Provided you have the HARDWARE to do do. I know for a fact many places slapdash a solution just to attract customers, and more than a few have been caught using consumer-level equipment. TEN-YEAR-OLD consumer-level equipment at that.

      As for the Internet itself, it's like with the wild west. In the end, people don't want anarchy even if it means ultimately and end to anonymity. The benefits of attestation tend to outweigh the drawbacks, as most levels of business require a level of trust that at least goes as far as exchanging verifiable identities (the First Contact problem) or you can't get anything done. Society requires trust to work.

      1. Tom Womack

        Re: Let's step back for a second

        So you have to stop offering really crappy free WiFi. Where's the issue? If your free WiFi is not making your coffee shop a fiver a day in custom, why are you bothering? When almost everyone in the coffee shop will be accessing your wifi using a mobile device which can happily switch to 3G, providing a service worse than 3G is a waste of time.

        1. Charles 9 Silver badge

          Re: Let's step back for a second

          A fiver, maybe, but what if it's FIFTY instead? Or more? IOW, it may be crappy, but it still more than pays for itself.

      2. CanadianMacFan

        Re: Let's step back for a second

        Please let's kill this idea right here. Facebook has spread far enough and I don't want to have to get an account on there just so that I can start using Wi-Fi at coffee shops. Having them track me wherever I go on the Web isn't worth getting a bit of free access with my coffee.

        Besides, there's nothing that enforces a Facebook account to be your real identity. They only check it out if they receive complaints.

    2. Dwarf Silver badge

      Re: Let's step back for a second

      But authentication means nothing unless you do something with it afterwards - i.e. the logging I mentioned previously.

      If you just say "I authenticated to Facebook and Google" - then you have whats known as "a bunch of users", you still don't know who the person is, since neither realm is made up of 100% genuine people and saying "it was one of them" is as good as the current free WiFi situation where the answer is "someone who came within range of the AP"

      Authenticating on its own does nothing and the current ruling is fairly pointless because of that.

      1. Sir Runcible Spoon Silver badge

        Re: Let's step back for a second

        So, did the courts actually say that the owner of the hotspot had to actually record the details that someone identified themselves with?

        1. Named coward

          Re: Let's step back for a second

          No. The German court from where this originated actually asked if this would be a solution, but this ruling actually rejected such a proposal since it violates some other EU directive

    3. DropBear Silver badge

      Re: Let's step back for a second

      "They do not need to take your passport, what the ruling obliges them to do is to ensure you have authenticated somehow in a way which ties you up to a traceable identity. That is technically trivial."

      Wait, what? How exactly is any of that supposed to identify me "traceably"? First off, I have no Facebook account. I do have a Google account but all they have is my phone number. Which is a prepaid card, even if "they" could persuade Google to divulge it to them. And do please consider this is Eastern Europe I'm talking about, not the "how many Stingrays did you say you need?" USofA. Then again, I might decide to log in with a Google account that has not even that much on me. I hope you don't delude yourself thinking email accounts are "traceable". Our McDonalds tries to do something like that using a captive portal nagging you to "register" before you log in - which is not something I'd ever bother to do, they can shove their wifi where the sun don't shine.

      You could ask me for my home ISP login credentials - which free wifi hotspots sprinkled around my town, run by my ISP already do - except I never log into any of those specifically because of that. It's none of their business what I do when I'm not at home (or even when I _am_ at home, but that's a different rant). Finally, if you seriously think I'd ever consider whipping out ANY sort of official document in a bar or restaurant to use their wifi... hahahahaha, think again.

      Right now everyone is just printing their passwords (if they have one at all) on their menus here, and that won't change any time soon regardless of what gets ruled where. The only relevant piece of kit you'll find anywhere is the first bog standard off-the-shelf commercial router whoever they sent to go get some hardware could get their hands on. Yes, local authorities could push the issue if they wanted. Emphasis on "if they wanted". Specifically, on "_IF_". Do tell, what's in it for them? Yes, you got it, that's exactly how many shits they give.

  13. Tromos

    Mr. Junkyard has just announced plans for all public spaces in Europe to be equipped with free wi-fi. That's going to work really well in conjunction with this ruling.

    1. Destroy All Monsters Silver badge

      Unlike first-order classical logic, politics makes no pretense at being consistent. A decision of the ECJ has also scant to do with infrastructure rollout planning.

    2. Velv Silver badge
      Big Brother

      Just because it's free, as in no charge, doesn't mean it's free, as in anonymous.

      All your data is ours...

    3. Frank Fisher

      Don't you get it?

      "The kids" will happily sign away their kidneys for free wifi. If the Eu gives it to them, everywhere, with a tiny little privacy catch.... kaboom, that becomes the new normal. There is an expectation of continual surveillance, an expectation of continual censorship. Our youth already love Big Brother.

  14. Anonymous Coward
    Anonymous Coward

    Wait, is that breathless reporting, bitching about a ruling that says people should be responsible for their actions?

    Wow.

    And Andrew siding with Pirates just because his hatred of the EU is bigger than his love for the respect of copyrights?

    Just. Wow.

  15. Mycho Silver badge

    That's not how I read it.

    The ruling says that it is practical to get an injunction requiring a business to put a password on their hotspot and/or require ID to use it. It doesn't seem to be an order for all companies to do that, just ones with enough infringers to be worth pursuing by big media.

  16. MJI Silver badge

    Still trying to think what you can pirate from Sony?

    A TV? : Nope, easier to buy one. Obtaining one is actual knicking one.

    A games console? : But how to download? Nah.

    A video recorder? : undownloadable but can be worth an absolute fortune. Those Hi8 and SuperBeta decks fetch a lot of money.

    A game? : but it won't install on a Playstation, need a proper disc or PSN download.

    No still stuck!

  17. MJI Silver badge

    Even EU supporters hate these sort of rules.

    You know that most non EU Exit supporters were in it for the easy travel and the open market.

    This joins the poison list along with

    TTIP

    Junckers

    EU Army

    Junckers

    That evil idiot from Luxembourg

    1. Destroy All Monsters Silver badge

      Re: Even EU supporters hate these sort of rules.

      It's "Juncker" not "Junckers" you dark fart.

      Also, I don't see how he is particularly evil.

      1. Richard 12 Silver badge

        Re: Even EU supporters hate these sort of rules.

        No he isn't evil.

        He's just a fool. A fool with high aspirations and a wonderful view of the world, that sadly doesn't match reality.

        1. Kubla Cant Silver badge

          Re: Even EU supporters hate these sort of rules.

          He's just a fool.

          No, he isn't a fool. He just acts like a fool because he's pissed all the time. Brandy for breakfast, apparently.

      2. MJI Silver badge

        Re: Even EU supporters hate these sort of rules.

        Personally I have no time for him, he hates the UK and acts like a dick.

        Plenty of people in Europe are less arseholy than him.

  18. Tom_

    'password'

    Just set the password to 'password' and don't tell it to anyone. If it gradually becomes a thing that open hotspots use the word 'password' as the password then nobdoy will have to do any identity checks and nobody will be prevented from using previously open hotspots.

    The ECJ will eventually have to make it a law that you can't set your wifi network's password to 'password', at which point everyone can move across to 'password1' and carry on.

  19. Destroy All Monsters Silver badge
    Paris Hilton

    Can anyone explain AOs conclusion?

    The text cited just says that IF the network is password secured, then potentially enforcement of the rights of rightsholders may occur, but in that case, the identity of the people using said password must be ascertained first.

    None of this is bound to happen to open hotspots soon, and anyway national laws have to be passed first (well, France may already have a law against this, as in France today there is only one thing that is still allowed: paying taxes)

    1. Richard 12 Silver badge

      Re: Can anyone explain AOs conclusion?

      Napoleonic law starts from the principle that everything is forbidden.

      So you're not far wrong.

      1. DropBear Silver badge

        Re: Can anyone explain AOs conclusion?

        "Napoleonic law starts from the principle that everything is forbidden."

        Huh? What is this "Napoleonic" nonsense? Isn't every single country in the world operated on the principle "everything is forbidden, we just choose to not enforce any of it against you unless you show up on our radar and piss us off"...?

        1. MJI Silver badge

          Re: Can anyone explain AOs conclusion?

          Or here everything is allowed until someone bans it

          1. Nino Farino

            Re: Can anyone explain AOs conclusion?

            In theory,

            - Continental system - (Europe - supposedly) - All rights are granted, and then taken away. - God to citizen system.

            - UK and USA system - No rights (start as nothing, not even an object, and then rights are assigned) - Slave to citizen system. That's why they need the bill of rights. Without it they do not legally exist. Oddly, money doesn't seem to legally exist either (not corporeal, not immaterial).

      2. MJI Silver badge

        Re: Can anyone explain AOs conclusion?

        Napoleon lost though didn't he?

  20. Anonymous Coward
    Anonymous Coward

    I read this as

    ISP are liable by default if they cannot give up the ID of who is alleged to have committed civil/criminal action via their network. Further, duty of care is now much more the ISP responsibility to prove

    To me the obvious outcome is that those people who want anonymous internet access will just war drive or use stolen credentials instead resulting in all wifi/hosting/VPN etc becoming a legal liability.

    Brexit wont make a difference as the UK will be one of the first EU states to implement this, given the local track record of assuming that the music/movie industry is being abused by all UK population and compensating them in advance.

  21. Velv Silver badge
    Big Brother

    What we need is some form of National Identity card that can be used to centrally identify and authenticate us a citizens so we don't need to provide the same details over and over again.

    Then a central store could be made of everything we do, you know, as a backup, just in case we make a mistake, or lose it and need to go back, or like investigate who's been doing bad things.

    And we can sell the details to some exclusive partners so they can help us in the future.

    </sarcasm>

  22. abedarts

    As silly as

    This is like holding a cafe responsible for someones wrong doing because they used the cafe's power socket to charge the laptop they used in the planning, or sat under the cafe's electric light so they could see what they were doing, or used the water in the toilets to wash the hands that wrote the plans.

    WiFi is just a utility like electricity, gas or water.

  23. Anonymous Coward
    Anonymous Coward

    Fuck all to do with Pirates

    but EVERYTHING to do with some multimeganationalglobalmegahypercorp getting sand in their collective tampons and having a fucking hissy fit. So now we ALL have to suffer.

    Dear Sony, GFY (again).

  24. Dave Stevenson
    FAIL

    Identifying the user

    Am I missing something here?

    If the connection after the hotspot is via NAT, then how can "big media" identify the user from the internet side? Or are hotspot providers going to have to go for the full ICR logging that the Snooper's Charter is imposing so that they can identify which of their users (who have proved their identity) it was that downloaded the dubious content?

    Just setting a password and making users identify themselves to the hotspot operator seems insufficient.

    Totally barking.

  25. big_D Silver badge

    Password makes sense

    It makes sense to require every hotspot to have a WPA2 password, just for security purposes. That way your traffic can't be so easily snooped upon, because it is encrypted. Even a simple password, such as the name of the SSID or the establishment's name would do.

  26. Charles Smith

    No coffee

    As an old fogey with failing eyesight, but not on a pension, the UK Government has lifted my driving licence. My passport has expired, so I'm a bit "off the Grid". So if I want to have a coffee in the local Starbucks and browse my droid tablet will I be thrown out onto the pavement (sidewalk)?

  27. Anonymous Coward
    Anonymous Coward

    Wow - even the ECJ ..

    .. is incapable of distinguishing between anonymity and accountability.

    I observed a while back that the ECJ seems to be changing to a model that ensures they keep busy. This is a classic, because such a policy conflicts directly with the right to privacy. Not quite sure where this will lead, but I suspect this story isn't quite over yet as it encourages data grabbing from everyone near a "free" WiFi access point, where the word "free" was just being challenged because of the enforced demand for personal details.

    Honestly, the lobbyists must have spent a fortune on dinner for this result, enough for alcohol to last in the relevant bloodstreams until the verdict. It must have been a rough couple of nights.

  28. Suricou Raven

    Don't blame Pirates.

    If it hadn't been copyright, it would have been child abuse. If it hadn't been that, it would have been terrorism.

    1. A Ghost
      Joke

      Re: Don't blame Pirates.

      All too true. It's game over for the internet. Totalitarianism is here. It's only cognitive dissonance that is stopping people from seeing it. The horrible truth, is, well, too horrible. It will be illegal to not have an internet connection in a little while. It will be illegal to use a VPN for personal use in a few years time (if that). You know how it goes.

      The internet has turned into a fucking fascist nightmare. It's wild west time allright, but not for the common man, for the law makers and law breakers, the spies, the top five companies that run the net (google et al). They just don't give a flying fuck. In bed with the politicians who are pissing themselves with fear over the threat the internet provides to their authority. They are putting the internet genie back into the bottle. Game over. It's already lost.

      They do it bit by bit, like the proverbial frog boiling. Already services are stopping working on Tor, bit by bit, like the proverbial frog, boiling. Tor is already compromised. But most websites just block it when they detect an exit node (or wtf), even then, the crippling you get by blocking javascript et al makes it essentially useless.

      There is no anonymity, there is no privacy. Game over.

      Totalitarianism is here, today. Already I see most of you too afraid to comment on articles in this very esteemed organ. I get it. You don't want to get your name on the list. You're afraid. I do understand.

      I know that quite a few of you care about this, but you don't say anything about it, due to fear. The fascists have already won. Call them totalitarians, fascists, or whatever - same thing. Authoritarianism gone mad. They are already stepping on your faces, and you just say: Do it to Julia, do it to Julia!

      I'm going to stop making political comments as well. I don't see why I should martyr myself for other's freedom, when they won't stand up and be counted. You didn't love your freedom enough. Now it's been taken away from you. Game over.

      Voland's Right Hand wrote:

      --------------------------

      So, let's step back for a minute. There are two ways to look at this.

      1. The anonymity of the Internet is an essential freedom.

      2. The Internet natural development route is over time to stop being anonymous and the identity of each and every user and device to be known.

      Realistically, we are already very close to 2 anyway.

      -----------------------------------------------------

      You are very right, in fact more right than you realise. Did I mention the war has been lost? Game over.

      We aren't 'very close' at all. It's finished, there is nothing left to discuss. It both amazes and sickens me at the same time when we get these articles in el Reg, and they only get a dozen weak and lame comments. Time after time, because you are scared. That means they have already won. They have put the fear of god into you. They have divided and conquered you.

      And it will be you, good little techie boys and girls you are, that implement the future stamping on the face of humanity, coz let's face it, you've done fuck all so far. But I understand, you are afraid. There are laws against thinking the wrong way. Words are being banned. You may realise (and I know you do) that when you ban words, you ban thought. You of all people know that. You can be put in jail for offending someone. They have crushed your freedoms bit by bit, and you can't face up to the sheer blatant inhumanity of what they are doing. I understand. You're afraid. Game over.

      There's an essay that is over ten years old now, by John Walker of Autodesk fame (not to mention fourmilab.ch) - in fact it's sub-titled "How big brother and big media can put the Internet genie back in the bottle."

      https://www.fourmilab.ch/documents/digital-imprimatur/

      It's a long essay, and not really totally understandable by non-techies. Most of you here will have no problem with it, at least getting the gist of it anyway.

      Read it and weep. It's 13 years old now. Everything he predicted has come to pass (just about). Unique identifiers on chips, licenses needed like a driving license, draconial laws to punish dissenters. It's fucking soviet russia and the stazi all rolled in to one, but on steroids. I'm a pseudo intellectual and not well read, but even I know what time it is and what's up. The genie is not coming back out of the bottle now.

      Game over. You just didn't love your freedom enough.

      And all done in the name of 'hate speech', paedophiles etc. Pure bollox, and you know it is. They have the power to close the paedos down if they want, but they allow them to exist, because it pushes their agenda forward. They don't care about little kids getting fucked up the arse, because it's just collateral damage to them. It's YOU they fear, it's YOU they are attacking. And it is YOU that are conveniently turning a blind eye, because, well, the horror...

      They are ramping it up - the whole shebang. Because they have to act fast while you are beaten down, because you are. They know they can get away with it, because you let them. Because you are afraid. I understand. I'm only posting this, because I want to die. I am ready to take my own life at any moment. The end can't come quick enough for me. But don't worry all the security services reading this, I won't martyr myself. I'm going to shut up and be a good little boy, with all the rest of them, there will be no further dissent from me. I'm no rabble rouser. You probably even appreciate the psychological impact it will have on the weak and the silent. You've put them in their place, they are afraid, and pretty soon it's going to be time to start slapping them around a bit. And you'll get away with it - it might even be fun!

      Paedophiles my arsehole, it's the general population that must be stopped. And this is how they do it - this is how they put the internet genie back in the bottle. Read that 13 year old essay by John Walker. It will make your blood run cold.

      What we are dealing with here, is not the MILITARY/INDUSTRIAL complex. It is the MILITARY/INDUSTRIAL/MEDIA/ENTERTAINMENT complex. Or MIME for short.

      This is what all this is about. The media are as complicit in all of this as the paedophiles. At least the paedos are honest about what they do. And as for the entertainment (music) industry, well, you didn't realise something was up, when music died over ten years ago? Crushed. Only for cookie-cutter inanities like fucking Adele, being used as tools of the establisment to demoralise the population via mediocrity, useful idiots they are.

      Anyway, never mind all that, those cunts on mumsnet have a lot to answer for. But eh, muh kiddie-fiddlers.

      Hopefully I've not offended anyone. Though I feel seriously fucking offended every minute of every day, just being alive and breathing in the air on this seriously fucked up planet. And I know I'm not the only one.

      Have a good day.

      1. Anonymous Coward
        Anonymous Coward

        Re: Don't blame Pirates.

        I am with you on most if not all of that, saw it as the internet honeymoon being over, ranted about it years ago but of course people don't want to look at the bigger picture, will try to get a mob against anyone who uses reality or the "truth", remind me what is the opposite of truth, lies isn't it? so these days you can be derided for being a "truther" because that word has connotations, fuck em speak the truth regardless of the hashtab.

        In case no other bugger says it, don't off-yourself too soon buddy, there is dark stuff creeping and those who seek to benefit from oppression but there is also higher meaning, and energy at work if we are open to it. Sometimes in this field we might have to step out of the technology forest to feel the light.

        Thanks for the post, bit of fuck yeah moment.

        1. A Ghost
          Happy

          Re: Don't blame Pirates.

          Thanks for the support. Means a lot.

          Like Colonel Kurtz - I go too far sometimes, I'd be the first to admit it!

          The horror...

          :-)

      2. Anonymous Coward
        Anonymous Coward

        Re: Don't blame Pirates.

        sorry but you seem to be mentally unstable and you need to find help soon because you said it yourself your suicidal

        I dont think its game over for the internet, the internet will be free for years to come and many are still fighting for it

        anyway this could be a joke but you should talk to someone before its to late

  29. Ralph Online
    Linux

    Nicely written - inflammatory and humorous - article, but I am not convinced El Reg has its facts quite straight.

    An article on IP Watch (OK, probably batting for the Sony-side of this argument) gives a more complete view. http://www.ip-watch.org/2016/09/15/wifi-providers-can-be-forced-to-require-passwords-on-rightsholder-request-ecj-rules/

    To me this says that a rights holder can ask for an injunction on someone operating an open Wifi hotspot to secure their internet connection by means of a password.

    So Mr Sony et al, are you going to order all open wifi hotspot operators to secure their internet connections? Really? One-by-one! Nah.. so most of the little guys will carry on BAU. At least I hope so!

    As for the bigger hotspot operators - eg BT, Sky/The Cloud, or Virgin Media/Arqiva Wifi are already authenticating users.

  30. ThePhantom

    When we were just in India, we found that there are no open hotspots and to get the password you need to supply your (local) registered mobile number. Sounds like this will become the standard in EU.

  31. andrewj

    I'm confused my the exaggerated title. The ECJ does not make policy or law, so how has this changed anything unless individual countries actually start passing laws to require this?

  32. Anonymous Coward
    Anonymous Coward

    And yet another article in two days

    Where you can tell who wrote it by the language used in the first sentence...

    Which will be censored by the author who doesn't like being shown up as a bullying editor.

    Same old, same old.

  33. Version 1.0 Silver badge

    WPA - There, that's fixed it.

    Yes your honor, we had a password in place and never gave it to anyone.

    Oh, WPA can be broken in 10 seconds, I'm sorry I didn't know that - but we followed all the rules.

    I guess we must have been hacked - not our fault.

  34. Colin Tree

    decisions decisions

    internet freedom <-or-> bomb under your butt

    it was heavy handed surveillance until the bombs started going off

    now they have to make the best use of the information gathered

    track down the real terrorist networks

    and stop the bombs

    1. Kiwi Silver badge

      Re: decisions decisions

      internet freedom <-or-> bomb under your butt

      Monitoring the net won't stop "terrorists". Hell, most of them live in areas where the place is so devastated that electrical anything is pretty much impossible let alone electronic coms (we are still calling people fighting in their own land to defend their land and way of life from the US "terrorists" right?) .

      If the net was to be totally monitored, al encryption not only banned but actively blocked, all users activity logged and all users registered including with iris scanners, then either simple codes would be used to pass on basic messages or other means of communication could be used that aren't electronic and thus aren't open to monitoring.

      And a "lone wolf" with a truck is beyond all attempts to monitor.

  35. Anonymous Coward
    Anonymous Coward

    Krystalball

    1. Does this Euro Parliament thingie have WiFi?

    2. TV ads for "I can't believe it's not Proper ID"

    opening soon in a country near you, ID that would not fool a copper or a border guard, but would probably get past a barista.

    It strikes me that 99.99% of public WiFi hotspot users are doing the normal things. A measure which royally arses up their usage is not a proper balance between their rights and the rights of property owners whose property rights those users are not infringing.

  36. Andrew Jones 2

    If all that is required is to add a password to the hotspot - as in the WPA2 password, and presuming that it will never be changed after it's been added, then there are a good 20 apps where after connecting to a password secured network, the password is then sent off to a server so that anyone else running the app no-longer needs the password to connect. Google "WiMan" for an example.

  37. Nattrash

    @ECJ

    # ip link set dev interface address XX:XX:XX:XX:XX:XX

    FTFY

  38. Frank Fisher

    Fits the pattern

    The EU has been aiming to eliminate online anonymity since the early 90s - they'll be reviving that old French plan to get everyone logging in using a state-approved offline biometric.

    Just one more reason why Brexit must mean real Brexit, and fast.

  39. David Roberts Silver badge
    Pirate

    Wahey, doom and gloom ahoy!

    I love a good old snark along with most commentards but isn't this whole thing trivial?

    (1) Having no password on the WiFi absolves the provider from all responsibilty for user actions.

    (2) However the provider can now be sued and forced to put a password on the Wifi.

    This then removes the protection from (1) and opens the door for further litigation.

    Or have they (as is so often the case) tried to be clever and added in another little feature or two to make the second round of litigation that bit easier and managed to include all current closed Wifi services (that is, ones which already have passwords) in their new vision of closing down pirates?

    Thus moving a very focused decision aimed at people deliberately punting "anonymous" Wifi services to deliberately circumvent current legislation and sweeping up not only poorly configured old home routers but all public WiFi services?

    Well, yes, I wouldn't be at all surprised.

  40. Anonymous Coward
    Anonymous Coward

    Patent pending (16/09/16)

    "Method of ensuring total unbreakable security on wireless networks"

    Essentially this is a way to distribute a one time pad to an array of machines in a way that cannot be broken at least in principle.

    It does however require access to the machine but only in the form of a burned DVD+RW containing the pad which is then overwritten in the host machine while being consumed.

    Substitute memory card for DVD+RW or for that matter a file on external device, the effect is still the same and it is also possible to distribute the pad using a screen with a one use key that unlocks the network for an encrypted download via wideband TKSP, etc.

    324 bit AES is still unbreakable and typing in the key by hand from a paper receipt is a minor but necessary annoyance.

  41. David Gale

    TADAG.com

    ...and still no credible long term strategy to protect citizens?

    Roll on www.TADAG.com

  42. BitDr
    Black Helicopters

    ISP != "Internet Service Provider"?

    The words behind "ISP" have been, at least around here, used as an acronym for the "Internet Service Provider", not "Information Service Provider".

    Changing the words behind "ISP" broadens the scope.

    Just saying.

    1. A Ghost
      Trollface

      Re: ISP != "Internet Service Provider"?

      Internet Sensoring Pricks?

      It's late. I've run out of glue.

      It's fucking murder finding a carpet laying shop around here in the middle of the night.

      And I live in Axminster!

      Never mind the horror! It's the fucking irony I can't deal with.

      [plausible deniability, your honour - I was out of my mind at the time, suffering severe Thixofix withdrawal]

  43. John H Woods Silver badge

    Does anyone who cares ...

    ... use public wifi without a VPN? I certainly would not. So how is this going to help catch anybody who is determined to do something wrong? It is already in the interests of public wifi providers not to allow a few users to suck all the bandwidth --- all you've got to do is ensure no-one gets more than about 2Mb/s. So how big, really, is the threat of wholesale copyright theft at public wifi hotspots?

    1. A Ghost
      Black Helicopters

      Re: Does anyone who cares ...

      Of course, the tech savvy know to use VPN when in public wifi land such as at airports. I'm not even tech savvy and I know that.

      I upvoted you, even though it seems you did not read and digest my earlier rant/post.

      It's all about the MIME - Military-Industrial-Media-Entertainment complex.

      None can exist without the other now. Lady Gaga and Adele are as complicit in the killing of innocent children, as Thorn EMI (great label-Harvest-Harvest Moon-Dark Side of the Moon - Well an eclipse actually, but I digress). Whoah, the synchronicity...

      There was an eclipse of the Harvest Moon tonight, and Pink Floyd recorded Dark Side of the Moon on the EMI imprint - sub-label 'Harvest'. Why do I bother?

      :-)

      It's all about demoralisation of a population via psychological operations. There are books written on it. It's not made up. It's real. And Adele, and Lady Fucking Gaga are the enemy!

      Not even joking or being ironic.

      It's not about copyright theft, it's about control.

      Have you noticed all the big torrent sites getting shut down? The ones left, riddled with malware. They are putting the internet genie back in the bottle (a la the John Walker essay).

      It's all about restoring the Consumer/Producer paradigm (or vice versa) like back when the BBC could rattle off any old shit and cause micro-revolutions in populations via divide/conquer.

      Read the essay by John Walker - The Digital Imprimatur - it is on Fourmilab.ch - and any hacker worth his salt, or even worth his weight (swidt?) will already know it.

      They are putting the internet genie back in the bottle. The whole MIME paradigm (Military-Industrial-Media-Entertainment complex) is just a smoke screen, within a smoke screen within muh kiddie-fiddlers, via muh copyright infringers, via, muh terrorists.

      They are the fucking terrorists! And to say that is treason!

      Pretty sure most of you could have figured all this out for yourselves, if you could only face The Horror!

      Cognitive dissonance is a bitch alright. One that will come back to bite you on the arse, when Adele and Lady Fucking Gaga are herding you into the cattle train on the one-way railway, to go for a little 'clean-up' for being the dirty dissenter you are.

      Hell, I'll probably be manning the fucking ticket turn-style if the powers that be have a sense of humour about it all. If not, I'll be fighting for air like the rest of you beaten fuckers....

      We really didn't love our freedoms enough. Did we?

      Film at 11, but fuck all on.

      Night night.

      1. chris121254
        Black Helicopters

        Re: Does anyone who cares ...

        they will never be able to put the the internet genie back in the bottle, they can try but they will fail (there failing already)

        1. Charles 9 Silver badge

          Re: Does anyone who cares ...

          Oh? Where's the successor to KAT then?

  44. A Ghost
    Facepalm

    Yes, their are!

  45. Nino Farino

    Non-Tech Legals redefining Technology - LOL

    Did the court define what passwords or keys are? Oddly, Shannon never did.

    "password" is a viable password. If a unique is required "2016password" would suffice.

    This problem can only be solved technologically, not legally.

    In addition, legally speaking, since today's standard cryptographic systems are "juvenile" at best, with WiFi systems being trivial to breach, it is not too difficult to prove that it is impossible to secure one's own WiFi without changing the password every minute. This is the flawed judicial reasoning behind the decision. Technically, the providers of security products should be held legally liable, since they provided the security systems. Surely users cannot be responsible for faulty products.

    In criminal cases, the onus of proof of liability falls on the prosecution, in civil cases on the plaintiff. Beware of future legislation where the onus of proof (disproof) will be legally preassigned to the defendant. This is to protect crap security and security corporations.

    In other words, your legal rights are getting screwed to protect profits. But have no fear, a literal cryptographic shit-storm is about to hit the fan.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019