[LINK] Stalinist Engineering
Roger Clarke
Roger.Clarke at xamax.com.au
Sat Apr 28 10:58:53 AEST 2007
Roger Clarke wrote to the privacy list (and bcc'd Richard):
>
> Does Wimax have a centralised tracking and service denial capability?
>
>> Date: Sat, 28 Apr 2007 09:30:44 +1000
>> From: Richard Chirgwin <rchirgwin at ozemail.com.au>
>> ... the WiMax Forum has
>> incorporated hardware client authentication into the standard;
>> essentially, if the standard were implemented by service providers, then
>> the WiMax modem would not connect until it's been cleared by a root
>> server (in the US, operated by Verisign). I would presume that
>> interception was in peoples' minds in putting forward this odious standard.
Roger continued:
> We've been worried about embedment of identification,
>authentication and censorship in the routers. But this is down at
>the deepest level, i.e. 'Big Brother Inside' every device - and it
>even adds a lace of 'national sovereignty' overtones over the top of
>the civil liberties issues.
>
> Does anyone have any knowledge of progress with this, or of any
>other similar features in other wireless protocols?
Richard replied:
Roger,
We could start with Verisign's press release:
http://www.verisign.com.au/press/2006/20060713.shtml
Moving onto the promotional information:
http://www.verisign.com/static/038471.pdf
And the data sheets:
http://www.verisign.co.uk/static/036860.pdf
Note; there is a little obfuscation going on in the promotion of this stuff:
"The WiMAX Forum requires that all WiMAX-compliant devices are authenticated."
Actually, the standard requirement is that all devices support
authentication, and that all devices carry the certificate. If a
service provider doesn't turn on the authentication, the device
doesn't suddenly break the standard.
There are many things wrong with this stuff, some of it privacy
related (which I will leave to others), some of it technical.
The technical problems are twofold:
1) You cannot communicate until after the device authentication; and
2) The implementation seems to be monolithic.
(1) is a bad thing. It means that a "layer 1" service (connectivity)
is wholly dependent on an application-layer service. If the
application is missing, or cannot be contacted, or responding too
slowly, then you cannot communicate. If you made telephony dependent
on this, then it means a 000 call depends on the availability of an
application that is outside the user's control and, in Verisign's
preferred implementation, also outside the service provider's control.
Furthermore, the proposed model means an Australian user's ability to
communicate depends on their machine exchanging tokens with an
American company -- which is not subject to Australian laws, and
which is not bound by the service provider's contract with its users.
And furthermore, ignoring the adequacy or otherwise of Australian
protections for users, interception of certificate authentication
requests is subject to the laws that govern Verisign, not the laws
that govern the local service provider.
(2) Means if something goes wrong at Verisign, I can't communicate.
That's a decision of unprecedented stupidity; it's beyond culpable.
Did you mean not to post this to Link? In any case, feel free to post
this e-mail to both Link and the privacy list...
RC
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list