Throwing open the gates to protect your privacy.

We’ve all heard the term “plausible deniability” before, usually used in reference to some political official not being told something important so he can deny any knowledge of it should it become public. It was made popular during the Iran-Contra scandal and has been fodder for both real-life and cinematic purposes ever since, but most of us have probably never considered how we might make use of it.

Micah Joel over at has, though. Specifically in regards to protecting himself from the threat of lawsuits from the RIAA and MPAA related to file sharing. Seems Micah recently shut off his wireless router’s WEP encryption, disabled its MAC address filtering and made sure the SSID was being broadcast. In other words, he opened his wireless router up to anyone who happens by with a wireless device and a desire to make use of it. All for the sole purpose of providing himself with a form of plausible deniability should he ever be slapped with a lawsuit. Technology | Safe and insecure

In mid-April, Comcast sent letters to some of its subscribers claiming that their IP addresses had been used to download copyrighted movies. Since Comcast is not likely to improve customer satisfaction and retention with this strategy, it’s probable the letter was a result of pressure from the Motion Picture Association of America or one of its members. And to Comcast’s credit, it stopped short of direct accusation; instead it gives users an out. Says the letter, “If you believe in good faith that the allegedly infringing works have been removed or blocked by mistake or misidentification, then you may send a counter notification to Comcast.”

That’s good enough for me. I’ve already composed my reply in case I receive one of these letters someday. “Dear Comcast, I am so sorry. I had no idea that copyrighted works were being downloaded via my IP address; I have a wireless router at home and it’s possible that someone may have been using my connection at the time. I will do my best to secure this notoriously vulnerable technology, but I can make no guarantee that hackers will not exploit my network in the future.”

If it ever comes down to a lawsuit, who can be certain that I was the offender? And can the victim of hacking be held responsible for the hacker’s crimes? If that were the case, we’d all be liable for the Blaster worm’s denial of service attacks against Microsoft last year.

The man has a point. I can recall reading about one man avoiding prosecution for child porn by claiming the files on his computer were the result of a virus so it’s not like this isn’t an untested strategy. There are already plenty of people leaving their wireless unsecured simply because they think they should share their connection as a public service to their neighbors, but this is the first time someone has suggested doing so as a means of protecting yourself from lawsuits.

I’m not sure I’ll be unsecuring my connection anytime soon, but it will be interesting to see what happens if it ever gets tested in an actual case.

9 thoughts on “Throwing open the gates to protect your privacy.

  1. Perhaps, but that opens up a whole new can of legal worms if it does. Should I be able to sue you if you don’t bother to install an anti-virus program on your PC and it affects my ability to connect to websites because your machine has been zombified?

  2. …and speaking of negligence, should we be able to sue Microsoft for leaving a zillion ports flapping in the wind for every script-kiddie to exploit?

  3. Dude, not to embarrass you, but your “ports” are “flappin’ in the wind” so to speak. Might wanna batten down the hatches. Maybe plug your porthole.

    How the hell did I go off on using nautical euphemisms?

  4. Dude, not to embarrass you, but your “ports” are “flappin’ in the wind”…

    Thanks for checking - pretty hard to embarass a guy who looks like me.  I’ve been wondering if my firewall was working correctly for a while and now I know.  Off to the electronics store…

  5. If you’re wondering about your portholes go check out the free tests at I use them often.

  6. There’s a lot of hype and misinterpretation going around as the result of these Comcast letters.  I received one myself, and though the wording was vague in a few places, the basics of it are thus:

    1.  Comcast has been notified by the RIAA/MPAA/whoever that you were distributing file X, and that under the terms of the DMCA you must remove the file.  Period, that’s it.  No explicit threat from either Comcast or the RIAA/MPAA/whoever, just a heads up that you should clean up your act… the RIAA/MPAA/whoever send out thousands of letters every day, just going on eMule, searching for something they have the rights to, and writing down all IPs that are offering it in whole or part.

    2.  If the file is no longer there, or if you remove it upon the receipt of the letter, the problem goes away.  (Rack up a few of these notices, however, and you are tempting fate… Comcast will probably dump you just to get clear of the shitstorm the RIAA/MPAA/whoever will throw at you).  There is NO NEED whatsoever to write a letter to Comcast or the RIAA/MPAA/whoever in this case, in fact doing so will just invite further scrutiny, which, face it, most of us don’t want

    3.  If, however, you believe they are mistaken about the file you are hosting, and you believe you have the right to host that file free from legal threats, you can challenge the DMCA claim by writing the RIAA/MPAA/whoever people and CC:ing Comcast.

    The ONLY time you need to write a letter to anyone is if you are being threatened with legal action for hosting a file that the RIAA/MPAA/whoever folks have no claim over.  Writing to deny knowledge of the file or to cop out regarding your open access point is almost an admission of guilt… it’s like when you were a kid, and your mom found out you ate the cookies, and you saw the look on her face and blurted out “I didn’t take the money”, and now she’s got *two* things on you.

    If you get one of these letters, read it carefully and then do NOTHING.  Do not write back, do not hurrily open your AP, just make sure that specific file is not being hosted, then ignore the letter.  If you get 3 or 4 of these letters, I’d be looking for a new hobby, finding an anonymizer that works with your P2P client, or switching over to a different system that has strong encryption and doesn’t explicitly tell the other users what your IP address is (MUTE comes to mind).

  7. If I am not wrong the virus case, it is a decision by the lower courts and that if such a ‘trojan horse’ defence was ever raised in issues that relate to music or movie, the appeal would most likely go all the way up. And they are less likely to find the lower court’s decision persuasive.

    Furthermore, that virus porn case would be a criminal case thus the burden of proof is beyond reasonable doubt but for civil cases such as copyright the burden of proof is that of probabilities which is lower burden.

    It would seem that the defence the person is trying to raise is somewhat similar to a ‘common carrier’ type defence. That is telecommunication providers cannot be liable for information transmitted through them as long as they took reasonable steps to prevent it. What is reasonable is often up for debate and one defence often raised is that of it imposing an onerous burden on the service providers. However, in this case where a person specifically went out of the way to create a situation that allows for his system to be used as a conduit, it would be harder to raise the defence. Furthermore, this going out of the way to change your system seems to contradict the main idea behind the virus porn case which is that the person did absolutely nothing and had no knowledge of what is going on. There is also a possible claim that the person is ‘wilfully blind’ and thus knowledge may be imputed to the person.

    Of course add to the fact that the person knowingly did so and explicitly published his intent, it is unlikely such a ‘defence’ would be afforded. Opps, that goes for you too Les.

  8. Not saying the virus porn couldn’t happen, but it seems that whenever a kiddie porn case is prosecuted, the evidence usually includes more than just some pics found on the suspect’s computer.  I remember reading about some kiddie porn bust where one of the defendants claimed that he never intentionally d/l’d kiddie porn.  Had me wondering how it happened until I read the part about his bust stemmed from his credit card number being used on a kiddie site and the cops found hundreds of kiddie porn pics on his system. 

    It seems for his defense to be viable, he’d have to show that he had no antivirus, firewall, or anti-spyware apps. 

    Makes me wonder if a virus writer is going to pick up on the idea of spamming kiddie porn. 

    If somebody stole your CC number, they could make kid porn purchases and wait for the feds to come visit you.  Even if they figured out your innocence, if it wasn’t handled VERY quietly, it could give people around you the wrong impression, especially if they showed up at your job.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.