% fortune -ae paul murphy

That's a QED - on "odd internet risks"

Back on February 12th of this year I had this bit in my blog for the day -dedicated the proposition that bad guys can abuse your internet access for their own purposes:

To illustrate one of the worst but less obvious risks (while cheerfully grinding a personal axe against wireless services) let me suggest that one of the accounts identified as of interest belongs to a typical suburban family whose make-up, history, PCs, and behavior all pass the police sniff test - but who use a wireless router to connect their PCs to each other and the internet.

Thus while police are making life miserable for a few hundred or more other account holders judged of possible interest - exposing to their families, for example, the existence and nature of their personal porn viewing habits - account monitoring brings the focus back to that suburban family; and, from them, to someone living four blocks away who does fit the profile - and has a seventh floor apartment with a balcony featuring a direct line of sight connection to the family's home.

Neither his current PC nor the old one they find in his closet has any porn on it - and his internet use via his own account is limited.

To the police this is a dog that doesn't bark: he's single, early thirties, doesn't have many friends, and seems quite smug about letting them search his PC.. and eventually (since the story needs a happy ending) they discover his hidden laptop and blah blah blah.

But here's the unhappy moral in the story: most home wireless users don't know who else is using their accounts and therefore don't know what risks the unknown usage may be exposing them to.

And just now I was reading a Mark Steyn opinion piece about procedural abuses at the Canadian Human Rights Commission and stumbled over this bit:

Even in an ersatz legal system with a 100 per cent conviction rate, and none of the traditional demarcation lines between plaintiff, prosecutor, judge and jury, plus a serial plaintiff who is a former employee of the prosecutor, and no due process or otherwise objective procedures, even with the deck stacked overwhelmingly in its favor, the Canadian Human Rights Commission felt its "case" against Marc Lemire was a little weak. So they resorted to entrapment, telecommunications fraud, and identity theft. And at no point in their fun 'n' games did anyone think, "Whoa, I wonder if this is in compliance with our procedures." Why would you? How can you be in breach of your procedures when there are no procedures? You can do whatever you like to whomsoever you like.

So, in order to goad their target into saying something just a teensy-weensy bit offensive, both the chief investigator, Dean Steacy, and the "complainant," Richard Warman, began logging on to Mr. Lemire's site under their respective aliases. I say "respective aliases" but at one point Mr. Warman was logging on to Internet "hate sites" under Mr. Steacy's secret identity, "jadewarr." He'd misplaced some "hate message" or other, and so strolled over to the commission and was allowed to use the government's computers, passwords and covert hate-site membership ("jadewarr") until he'd found what he was looking for. Richard Warman is supposed to be a private citizen who has filed a "complaint," yet he's allowed full access to the state's investigation. If Mr. Warman got mugged, would he be permitted to wander into the Ottawa police forensics lab and fiddle around with hair and fibre samples from the scene? Dean Steacy denied in court that there was any collusion between the CHRC and their lone plaintiff, and one can see his point: who needs to "collude" when Mr. Warman enjoys open access to the system?

Does every Canadian citizen have the right to monkey around the CHRC computers on complaints they've got an interest in? If so, I'll be in at 10 a.m. next Thursday to poke around the files relating to the Maclean's case. If I need to bring two pieces of picture ID, do let me know.

When Mr. Steacy began posting messages on hate sites as "jadewarr," he was sufficiently Internet savvy not to leave any ISP information that could be traced back to the CHRC. He didn't want Marc Lemire looking at his server logs and noticing any unusual interest from anything ending in "gc.ca." So Mr. Steacy disconnected himself from the office Internet, and looked around for alternative wireless connections. He found one belonging to a young lady whose apartment is a block away from CHRC headquarters in Ottawa. Without obtaining a warrant, he connected to her server, and in effect used her as his cover for his "jadewarr" postings. Last week, a representative from Bell Canada named the lady in open court, since when her name has been reported in the newspapers. Let's say in 10 years' time, this woman applies for a job in, oh, Sarnia or Moose Jaw or Des Moines, and her prospective employer decides to Google her name, and what comes up is all very complicated and hard to follow but she seems to have something to do with some white supremacist investigation back in 2008.

Since Mr. Steyn has apparently been charged by the same organization for something in his book: America Alone I don't know whether he exaggerates the kangaroo court aspects of this, but other sources publish the lady's name and generally support his view of the facts (if not their interpretation) here.

So, bottom line? I think I can write "QED" on the Feb 12th column - and keep on repeating my warnings about internet risks until everybody gets tired of hearing them.

Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.