Het ligt voor de hand om je internetverbinding te delen, ook met onbekenden. Op vakantie hoef je je geen zorgen te maken over de kosten van mobiel internet en met een Tor-node help je iedereen die anoniem(er) wil internetten. Maar omdat jij mogelijk verantwoordelijk wordt gehouden voor het verkeer van anderen, kleven er ook wat risico’s aan je goedgeefsheid. Onze stagiair Huw Roberts onderzocht hoe beleidsmakers die risico’s zouden kunnen beperken.
Het onderzoek ‘Shared internet connections within the reseidential sphere: achieving a safer and clearer implementation‘ (pdf) van Huw Roberts in zijn eigen woorden:
After two months of research at Bits of Freedom my time is coming to an end, and with it my internship report. At the beginning of my time here I aimed to examine the risks surrounding sharing a residential internet connections, and possible recommendations for policy makers for alleviating these. I believe that this is an important topic to investigate because of the empowering effects universal internet access and privacy enhancing tools have on the autonomy of the individual. Whilst this paper touched upon some of the benefits of connection sharing, a more comprehensive list can be found at the websites of the Tor Project and OpenWireless.org. This blog post will act as a summary of the main points within the paper.
As a whole, my research revealed how much of a complex and multifaceted problem residential connection sharing is. The recommendations offered within this paper mirror this fact, with both legal and technical proposals forwarded. Similarly, in order to mitigate many of the problems, an approach involving a number of stakeholders would be advisable. With this said, the main focus within this paper is on legislators, due to the fact that greater legislative clarity is largely a prerequisite for the success of other reforms. The drawbacks of a broad framework, such as offered in this paper is that in parts the analysis and argumentation can be diluted. For this reason it is hoped that future papers will emerge which tackle legal or technical problems individually, whilst respecting the fact that a rounded response is necessary.
Risks of sharing a residential internet connections
One of the major risks highlighted came from third party traffic and the broad range of consequences which could stem from it. The most likely of these was a termination of a contract with the internet access provider. This can be accounted to the fact that most acceptable usage policies are not tolerant of connection sharing, or place liability on the person sharing their connection. Even if an internet access provider is found who is accepting of this, issues arise from confusion over whether the traffic originates from the primary user, or a guest. A result of this is the possibility of civil lawsuits which could arise from either confusion or the desire to enact a preventative injunction. Whilst the Attorney General’s opinion for the McFadden v. Sony case seems to signal that there will be an increase in clarity, issues surrounding preventative injunctions and national interpretation are still likely to linger. (For more information on McFadden v. Sony see this blog on EDRi’s website.). Finally, the possibility of law enforcement issues are still present, a particularly salient factor for those sharing their connection in the form of a Tor exit node. If traffic coming from a third party is illicit and is not distinguished from private traffic then police raids or the seizure of servers is possible. These examples emphasise how on different levels third party traffic can lead to repercussions for those sharing their internet connection.
The technical risks presented by sharing a router were also pointed out. These risks tended to focus on the access people can gain to personal data from inherent weaknesses in encryption and protection. Eavesdropping applications such as Firesheep (now discontinued) or Fing offer amateur hackers the chance to perform basic session hijacking and port sniffing attacks. These sorts of attacks leave unencrypted data vulnerable and could result in some personal details being revealed. More complex attacks which can circumvent higher levels of encryption such as ARP spoofing are also possible and allow damaging personal details such as banking information to be accessed. Alongside eavesdropping, access to files is often also possible because of weak firewall protections on personal networks. This can leave shared files and devices both visible and accessible to those with malicious intent if sufficient protections are not put in place. These weak protections leave scope for malware infection which could spread on to multiple machines connected to the network. When these technical weaknesses are combined with the legal risks previously mentioned, it leaves numerous inherent risks present for those wishing to share their internet connection.
Recommendations for policy makers
In order to establish legal protections specific legislation within the Digital Single Market initiatives could be beneficial. Greater clarity of the mere-conduit clause present within the 2000 e-Commerce Directive could affirm safe harbour provisions for those wishing to share their internet connection. By this it is meant that as passive intermediaries they do no face liability as they are only trafficking the data. Alongside this, it was suggested that a Good Samaritan Clause should be put in place to protect any who wish to share their connection from liability for measures which prevent undesirable content. This could include filtering certain traffic, blocking ports, or monitoring for malware. If these provisions were to be combined with an internet access provider who contractually allows connection sharing, then from a theoretical legal perspective the risks would be minimal (or non-existent) for the person sharing their connection.
In order to materialise this theoretical risk alleviation, an improvement in the technological features which are (commercially) available would be necessary. Various different features could help mitigate both legal confusion and also the technical risks which connection sharing creates. The most important of these is splitting router traffic by default through having two separate IP addresses. This would allow for a clear dichotomy between private and public traffic – lessening both confusion with third party traffic and malicious attacks towards private networks. This feature could act as a base from which various other features could be used to help clarify the split, and also offer technical protection. For example, the split in traffic could be further clarified through a list of public connections which is accessible to those who were effected by the shared connection. This transparency of purpose could also be maximised by a reverse DNS stating that the router is a shared connection. If this were to be implemented then it should become obvious to civil parties and law enforcement (amongst others) as to what the purpose of the connection is. This would facilitate a more constructive and collaborative approach. Finally, through offering further features such as client isolation, MAC address blocking, URL filtering and bandwidth controls the amount of malicious behaviour could be decreased. Whilst these features would not prevent skilled hackers, they offer far higher defences than currently possible and would also empower (technical) users in deciding what levels of defence they want.
Summary: many of risks can be mitigated by policy makers
The risks currently surrounding shared internet connection are extensive. Whilst this is the case, many of the issues highlighted transcend just shared internet connection, with intermediary liability still uncertain, and many commercially used open connections insecure. Thus, mitigating the risks presented by connection sharing would not only offer its intrinsic benefits, but could also offer solutions for problems in other areas. In order for success to be achieved in offering a clearer and better implementation for connection sharing, both technical and legal solutions are necessary. This paper offered a number of examples of how these could be approached, with the most important of these the affirmation of mere-conduit safe harbours for those sharing their connection, and an IP address split by default. If these suggestions were to be implemented then a significant step would be taken towards stronger protections.
Due to the broad nature of this paper, many questions were raised alongside the recommendations given. The most important of these relates to liability if mere-conduit safe harbours were codified in Digital Single Market legislation. As such, a follow up paper specifically examining the liability issues presented by connection sharing is important. Such a paper could examine in closer detail precedents which have been established with intermediary liability, and more importantly the burdens which are placed on internet access providers. This would be beneficial as it could affirm the worth of a mere-conduit clause, and clarify whether a codification of these safe harbours would lead to any burdens which are currently placed on internet access providers.