[LINK] Stalinist Engineering

Roger Clarke Roger.Clarke at xamax.com.au
Sat Apr 28 10:58:53 AEST 2007


Roger Clarke wrote to the privacy list (and bcc'd Richard):
>
>  Does Wimax have a centralised tracking and service denial capability?
>
>>  Date: Sat, 28 Apr 2007 09:30:44 +1000
>>  From: Richard Chirgwin <rchirgwin at ozemail.com.au>
>>   ...  the WiMax Forum has
>>  incorporated hardware client authentication into the standard;
>>  essentially, if the standard were implemented by service providers, then
>>  the WiMax modem would not connect until it's been cleared by a root
>>  server (in the US, operated by Verisign). I would presume that
>>  interception was in peoples' minds in putting forward this odious standard.

Roger continued:
>  We've been worried about embedment of identification, 
>authentication and censorship in the routers.  But this is down at 
>the deepest level, i.e. 'Big Brother Inside' every device - and it 
>even adds a lace of 'national sovereignty' overtones over the top of 
>the civil liberties issues.
>
>  Does anyone have any knowledge of progress with this, or of any 
>other similar features in other wireless protocols?


Richard replied:

Roger,

We could start with Verisign's press release:
http://www.verisign.com.au/press/2006/20060713.shtml

Moving onto the promotional information:
http://www.verisign.com/static/038471.pdf

And the data sheets:
http://www.verisign.co.uk/static/036860.pdf

Note; there is a little obfuscation going on in the promotion of this stuff:
"The WiMAX Forum requires that all WiMAX-compliant devices are authenticated."

Actually, the standard requirement is that all devices support 
authentication, and that all devices carry the certificate. If a 
service provider doesn't turn on the authentication, the device 
doesn't suddenly break the standard.

There are many things wrong with this stuff, some of it privacy 
related (which I will leave to others), some of it technical.

The technical problems are twofold:
1) You cannot communicate until after the device authentication; and
2) The implementation seems to be monolithic.

(1) is a bad thing. It means that a "layer 1" service (connectivity) 
is wholly dependent on an application-layer service. If the 
application is missing, or cannot be contacted, or responding too 
slowly, then you cannot communicate. If you made telephony dependent 
on this, then it means a 000 call depends on the availability of an 
application that is outside the user's control and, in Verisign's 
preferred implementation, also outside the service provider's control.

Furthermore, the proposed model means an Australian user's ability to 
communicate depends on their machine exchanging tokens with an 
American company -- which is not subject to Australian laws, and 
which is not bound by the service provider's contract with its users.

And furthermore, ignoring the adequacy or otherwise of Australian 
protections for users, interception of certificate authentication 
requests is subject to the laws that govern Verisign, not the laws 
that govern the local service provider.

(2) Means if something goes wrong at Verisign, I can't communicate. 
That's a decision of unprecedented stupidity; it's beyond culpable.

Did you mean not to post this to Link? In any case, feel free to post 
this e-mail to both Link and the privacy list...

RC


-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW



More information about the Link mailing list