This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator. Part of the FM Tech advertising network.
Entire site and all contents except otherwise noted © Copyright 2001-2013 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
Ah, this brings back memories: Cast your mind way way back to 2006, when Tempe, Ariz., was on the cutting edge of municipal wireless systems. The city, which already had its own wireless ring for city backhaul, put out a tender for a firm to provide a combination of public and private services. Neoreach won the bid, and built some of the network out as it shifted through names and subsidiaries, winding up with Gobility as the ultimate owner when the network failed. (Gobility had oceans of issues unrelated to this network.)
While the network hasn't been operational even in part since 2007, the gear was left all over town. Two-thirds of the access points were owned by a leasing firm, Commonwealth Capital Corporation (CCC). If the nodes were abandoned, Tempe alleged, then Tempe would be granted ownership. CCC disagreed, because it hoped to sell the system with the nodes still in place.
CCC sued to have the nodes returned to it after ridiculous attempts were made by it to sell the network. The case ran from Feb. 2009 to March 2011, when the company dismissed its own lawsuit. Tempe, meanwhile, had sued CCC for the rent due on pole usage for the period when CCC was trying to sell the gear. Tempe prevailed in court for $1.8m and ownership of the hardware.
The money assuages the fact that the 4–5-year-old hardware is likely nearly unusable. It should be mostly Strix Systems gear, which appears to still be a going concern, even though its "news spotlight" page refers only to events in 2007. There's likely some backhaul equipment from other makers.
This is the last gear hanging that I'm aware of from the olden days of 2006–2008 that isn't in active use, such as the network in Minneapolis.
A Buffalo, NY, man gets an early morning visit (and alleged contusions) from the ICE: His left his Wi-Fi network open, and extremely poor FBI work (according to this AP report) led to a raid on his home because that's where the IP address led. While it's no crime in the US—it is in some other countries—to leave your network open for anyone to access, this isn't the first time this has happened. I've written up a few previous similar incidents that led to police or federal agents breaking down the doors for criminal acts conducted over the network at the physical address. In most cases, a neighbor is the guilty party.
You'd think the FBI would be briefing agents on this issue, so that they don't face multi-million-dollar lawsuits for faulty work that pinpoints the wrong person. The Buffalo man isn't suing, even though his attorney alleges he was thrown down the stairs by Immigration and Customs Enforcement (ICE). He says they didn't properly identify who they were after breaking down the door and brandishing weapons. (Who knows from ICE?)
Even on an open network, it's possible to track identifiers that would allow relatively easy confirmation of which machine was the case, or to stake out the area for a few nights, tracking signals and locations. Then agents could enlist the homeowner with the open network to ensure the Wi-Fi signal remained available and could be used to track at which exact moment that a perpetrator was engaged in an illegal act and then raided at the same time. (We're talking child pornography here, not file swapping.)
The AP article says that US-CERT recommends "closing" a Wi-Fi network among other security measures. This option, labeled differently on each maker's router software, disables default beaconing, and thus the network name and availability isn't broadcast. However, whenever the network is use by a party that knows the name and has associated with it (encryption or otherwise), traffic can be snooped and connection information extracted. I don't recommend closing a network as it provides no effective security, and neither does limiting an network to specific MAC addresses (the Wi-Fi adapter's unique hardware number).
US-CERT has six recommendations for best home practices on its Securing Wireless Networks page, which include these two. Closing a network is noted as "Protect Your SSID."
Really, using a nine-letter/digit WPA password is the simplest way to protect a network in a reliable and secure way no matter what other restrictions are in place.
I choose to password protect my network in part because I don't want to be indirectly responsible for anyone's actions on my network (whether in a raid or just because someone commits a nefarious act using my router), and because Comcast caps my use at 250 GB per month.
I was sick of this story months ago, but...: It's significant when a search engine that already knows everything about us apparently unintentionally learns even more. Google earlier discovered, disclosed, and had third parties audit its collection of unencrypted data broadcast publicly over Wi-Fi while taking photos for its Street View images.
One might expect this would contain password, private information, and email, and Google said today its audits revealed that it did: "It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords," wrote a senior VP on the Google blog.
My reaction? If you're not using an encrypted connection to read email and you're not protecting your Wi-Fi link, then Google accidentally snagging some of your data is the least of your worries.
This is harsh, of course. The majority of users worldwide don't know how to secure their systems and data, nor should they. Operating systems developers, equipment makers, and ISPs have significantly improved basic encryption capabilities so that it's much easier and more likely a user with no special knowledge, after following setup steps, will have a secure link in place.
Take the simple matter of adding an email account to a mail client. In the olden days (say, 2007 and earlier), mail programs asked you to punch in details and connected only to servers and in methods you checked. A few systems and programs offered wizards to set up IMAP and SSL/TLS and authenticated SMTP and so forth, but ISPs were loathe to give everyone security service—too costly from an infrastructure standpoint.
That's changed. When I use nearly any program, host, or hardware to initiate some kind of connection, I am urged and sometimes hectored to use security, and often automagically taken into a secure realm. The iOS that powers the iPhone and iPad asks for email host details first, and then, invisibly, runs through a number of tests to see if it can establish one of several methods of SSL/TLS setups. If it can, it does. If not, it reverts to plain text, but also lets you modify the setup later.
Encryption is increasingly becoming the default. Google's "accident" should drive more people into figuring out how to solve their lack of security retroactively.
Bloomberg reports Skyhook Wireless has sued Google over two separate matters: It's no surprise to me that Skyhook might maintain it has patents that Google was violating for deriving location from Wi-Fi signals. Skyhook goes way back, when Google wasn't even showing ads on its search results, and Skyhook was still developing its initial database. The suit reportedly alleges four patents were violated.
However, the other charge in the suit is more surprising. Skyhook says that Google threatened Android handset makers Motorola and Samsung in a way that I didn't think was even possible.
Android is an "open" operating system in name only. Sure, you can get the source code and mess around with it, but there are no mainstream generic Android phones that work on any carrier, and no carrier-sold phones are simple to crack open and do what you will.
"Open" refers to a carrier's ability to modify the phone's software to its will, not the consumer or developers'. In fact, many Android phones come with garbageware installed on the phones' home screen, with no way to remove it.
Skyhook alleges that Google's Android chief, Andy Rubin, specifically pressured Motorola by stating that with Skyhook's technology on board, Motorola phones would be in violation of "Android licensing terms." Strange, for an open system. Samsung apparently also was pressured to remove Skyhook's software.
Update: I've read the lawsuit about Google interfering with business partners, and the specific issue at stake for Motorola and (ostensibly) Samsung was the use of the "Android Compatible" brand and program; without this certification, a vendor can't participate in the Android Marketplace, among other things.
Apple recently removed Skyhook Wireless technology from new versions of its iOS operating system, and is gathering location information itself. But no threats were alleged.
As I predicted, Google won't be sucking down Wi-Fi signals in its future Street View efforts in some countries: After the debacle of Google first saying it wasn't collecting data from Wi-Fi networks, only scanning for readily available public information, and then discovering and admitting it had stored information, the company is taking a different tack.
It's restarting Street View photography in Ireland, Norway, South Africa, and Sweden, but vehicles won't have Wi-Fi hardware on board, and the software has been vetted by a third-party to ensure there's no component that might have collected Wi-Fi data still installed (even though removing the hardware might be seen as enough).
I thought that the likely outcome for Google for its missteps was likely a very tiny amount of money in the forms of fines or voluntary settlement figures, but no criminal charges nor more than a technical slap on the rest--so long as Google agreed to stop scanning Wi-Fi signals, even if it promised to stop collecting data.
By being seemingly forced to exit the Wi-Fi positioning business, Skyhook Wireless reaps the biggest rewards, in that it will be the only worldwide provider of such information.
However, Google also uses the Android platform to collect Wi-Fi positioning information--something also employed by Skyhook Wireless, as News.com reported a few weeks ago. Every time a mobile devices sends a snapshot of the Wi-Fi environment to a Google or Skyhook server for lookup, that information further refines location data for subsequent users.
But mobile-submitted data isn't enough. For one thing, most of this data isn't tagged with reliable GPS coordinates when sent to the server--the intent of sending to the server is to obtain latitude and longitude in the first place. Skyhook and, formerly Google, drives with precision GPS receives and high-gain antennas to seed and re-seed their databases.
Meanwhile, in Australia, the country's privacy commissioner has found Google broke the law in sucking down data, even though such data was being publicly disseminated. The Sydney Morning Herald quotes commissioner Karen Curtis saying, "Any collection of personal information would have breached the Australian Privacy Act."
But I fear this sends the wrong message. Curtis says, "Australians should reasonably expect that private communications remain private." Not quite. If you're sending information unencrypted when the facility to protect that information is readily (and freely) available in the hardware you purchased, then you are sending private information in a public fashion, and shouldn't enjoy any expectation of privacy. Setting the bar that publicly broadcast information ensures privacy protections seems a bit rich.
Nevertheless, Google has apologized to Australians. Expect more apologies to be forthcoming.
I was unaware it was illegal there: I haven't seen anything but machine translation of the original article, but TechDirt provides the detail that the normally open and sane Finns criminalized open Wi-Fi networks after a theft of money that had barely anything to do with open Wi-Fi and everything to do with normal insider embezzlement.
The Justice Ministry is working on a change in rules to allow open Wi-Fi networks without penalty, as there's been little enforcement, and it's just an ugly law.
Does that mean public Wi-Fi without a WEP or WPA key has been unavailable in Finland all this time?
The class-action suit by two Northwest US residents relies on assertion of privacy of publicly broadcast information: This isn't going to fly. The suit states, "As data streams flow across the wireless network, the sniffer secretly captures each packet (or discreet package) of information, then decrypts / decodes and analyzes its content according to the appropriate specifications."
First, it's not secret. You're broadcasting data in an unlicensed band. You have no reasonable expectation of privacy over openly broadcast data. Perhaps secret means unknown to the transmitter; in which case, the transmitter shouldn't be using an unencrypted broadcast network standards.
Second, and related to the first, Google says (and governments will now confirm) that it was sniffing only open networks, which means it only received data that wasn't locked behind a form of Wi-Fi encryption.
I suspect the attorneys are using this language to make it sounds as though normal decoding of data from an open network is breaking the packets, when, in fact, simple operation of a Wi-Fi adapter allows this data to be received.
The suit also states, "To view data secretly captured by a wireless sniffer in readable or viewable form, after being captured and stored on digital media, it must then be decoded using crypto-analysis or similar programming or technology. Because the data "as captured" by the wireless sniffer is typically not readable by the public absent sophisticated decoding or processing, it is reasonably considered and understood to be private, protected information by users and operators of home- based WiFi systems."
This is patently inaccurate.
Then we come to this. One of the plaintiffs apparently is engaged in risky data behavior:
"In connection with her work and home life, [Vicki] Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless internet connection ("wireless data"). A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations."
In which case, Van Valin was probably in violation of the terms of her employment and data handling if she had an unsecured, "open" Wi-Fi network. It is more likely, and would be found in discovery if the case goes to court, that Van Valin was either engaged in activity unlikely to be protected by an expectation of privacy, or, in fact, was using a VPN or other methods of encryption required by her employer, thus rendering the captured "open" packets unreadable by Google.
I'm sure there are 1,000 Wi-Fi experts that Google could call upon for this case for testimony to explain the clear difference.
Since 2006, most routers have included software that explains the risks of unsecured networks and makes it easy to secure networks. Further, the FCC's Part 15 rules don't impose any expectations of privacy, and various state laws about network sniffing typically require some effort being made to break into a network in order to claim a violation.
This is an opportunistic lawsuit that I suspect will not reach class-action status, nor will Google settle to dispose of.
Google says it's inadvertently been recording packets from unsecured Wi-Fi networks while sniffing for publicly available information: Remember how Google said its scans of Wi-Fi networks while carrying out Street View photography were innocuous? Remember how I defended the practice, and said nothing in what Google was doing was different or more personally invasive than Skyhook Wireless or others? Oops.
Google now reveals that it's discovered code written in 2006 as the basis of its Wi-Fi scanning system in Street View contains a portion that samples data on networks that aren't secured, presumably as a tool for statistical analysis of what people are doing. That's a no-no in 2006 and today, and may result in fines and consent agreements.
Google might have caused themselves lasting harm. I can believe this was unintentional; the company is, frankly, sloppy about managing its projects. The firm said it has 600 GB of such data, mostly fragmentary as the Street View vehicles are in constant motion. Given the petabytes of Street View imagery, that's also plausible that it didn't notice the 600 GB of other data collected over years.
Street View was taken off the road briefly, and the company has said it won't be scanning for Wi-Fi temporarily as it assesses what's happened. I wouldn't be surprised if the firm is pressured into agreeing to not gather Wi-Fi info at all in the future by various countries, or possibly worldwide. That's good news for Skyhook Wireless, as it would be the only worldwide purveyor of such information.
I don't feel too foolish about my previous posts, because I was discussing the publicly available information that Wi-Fi networks announce from access points. The privacy concerns raised have to do with how such information could be associated with private information (Google searches, email, and other elements). I have to say that Google's accident makes that kind of association far more reasonable to raise, intentional or not.
Update: The German privacy commissioner has responded angrily.
Protect your Wi-Fi network in Germany, or pay the piper (in German): The piper, in this case, being music industry or other rightsholders. Germany's Bundesgerichsthof, the highest appeals court for civil and criminal matters, ruled in a case stretching back to 2006 about a song downloaded from an open Wi-Fi access point by a third party--not the owner of the access point, who had left the location unprotected.
The court said that actual and punitive damages weren't warranted in such a case, but that a kind of statutorily defined penalty of €100 did apply. (The term is Abmahnung, which seems to be a sort of compulsory penalty that doesn't require a court case to be levied.)
Update: A commenter who knows more than I do (that's why we like comments) explains that the fee is a "civil pre-trial settlement to avoid a costly civil trial if the facts are clear."
The court said, "Private individuals can be held responsible for default judgment, but not for claims of damages, when an unauthorized third party makes use of an insufficiently protected wireless LAN access point for copyright infringement."
The decision is welcome in Germany, because it removes a lot of worry about unlimited fees (such as have been levied only directly against filesharers in the US), and the fees that can be collected are small enough that the various copyright holders may not pursue them.
Nonetheless, the precedent now allows these fees to be collected, and that does change the equation.
Germans thus warned ought to enable any kind of encryption. The linked article notes that even WEP, though it's easily broken, would qualify because then the third party would have to break into the network (a fairly severe crime in Germany since 2007), making the access point's owner not liable.
The head of Electronic Frontiers Australia is making ridiculous statements about Wi-Fi positioning: Google is being excoriated now in Australia for failing to disclose that it is scanning public Wi-Fi network signals while driving for Street View image captures and mapping. The electronic privacy advocacy group EFA's vice-chair Geordie Guy is way off base in his technical statements about this matter.
As a refugee from Google Buzz and someone who deleted his Facebook account permanently (or so I hope) several weeks ago, I have no truck with the notion that corporations gathering and collating information about me will use it appropriately. Buzz was proof of that. Buzz was a betrayal of Gmail users.
But there's a sky-is-falling attitude here about Wi-Fi signal scanning that needs to be fought back against, because it's simply wrong. There is no sensible way for Google to associate specific Wi-Fi networks with specific queries or individuals because the Wi-Fi network scan simply doesn't contain information that's sent out as part of a query to Google. (I'd be terrified if it did, however.)
As I wrote on 23 April 2010, Google--like Skyhook Wireless, which is mentioned in this Australian article--only scans publicly available passively scannable data.
EFA's Guy says, Google is "collecting data that could enable it to physically map that information to a physical street and presumably a physical house." I categorically reject that. The Wi-Fi network name and BSSID (the unique MAC address assigned to a Wi-Fi access point) aren't associated with data that's sent over a browser. Google can't determine the gateway IP address or a public IP address from a Wi-Fi router signal, nor do browser queries contain that information.
If you're using Google's extensions for geolocation--which is part of the latest release of its Chrome browser--Google could conceivably take the Wi-Fi information your browser provides as part of geolocation data and associate it with queries...but it's already doing that. If you let Google look up your location, well, they have your location now, don't they?
Guy goes on to ask technically inaccurate questions that weaken his valid privacy concerns. "Google talks about wireless routers at home but what about the printers, computers, mobile phones and other devices that might be sending out wireless information?" Those devices don't send out beaconing information. On unsecured networks, you could sniff that data, which is likely illegal to do in most developed nations, including the United States, Europe, and Australia. I don't suspect Google is pulling that information down. On secured networks, that information isn't actually available even to sniffers.
Guy also says the EFA is unaware of similar efforts. He apparently wasn't previously aware of Skyhook Wireless, which has been driving all Australia for a few years, along with a good hunk of the rest of the world. Guy excuses this by stating that Skyhook doesn't have cached search information against which to correlate scans, but I've already explained why that's not a valid concern in the form stated.
He goes on (this guy doesn't stop) to explain incorrectly what a MAC address is: "A MAC address on a home wireless connection or any other piece of electronics that uses Wi-Fi is a serial number, it's unique." Sure, but since when does a serial number get you anything about a product or a device?
Guy says, speciously, "If Google rang you up...and asked you to read out a serial number of your mobile phone, what would you say? I'd tell them its none of their business. If I saw them on the street with binoculars trying to read it, I'd close the curtains."
Right. And the strawman here? The Wi-Fi router address that's being publicly broadcast is like the street number on your house, not the serial number on your mobile phone.
A more sensible response is in the article from Australia's privacy commissioner. And might I say, bravo, Oz, for having such a commissioner. "From a privacy perspective, our preliminary inquiries have indicated that the information about Wi-Fi data that Google is collecting would not be considered personal information under the Privacy Act," said Karen Curtis. Right.
If you don't want your Wi-Fi router's public data that doesn't identify you personally scanned, don't use Wi-Fi or set your network to "closed," which prevents the kind of passive scanning from being performed by Google et al. If you use Wi-Fi, it uses public unlicensed airwaves, and the notion that some data might be leaked is just part of the rules of the game.
You're not obliged to use Wi-Fi, Guy.
Google's global privacy counsel provides a detailed explanation about what data Street View gathers, including Wi-Fi signal information: As I wrote about last week, Germany's data privacy commissioner raised an alarm at Google scanning and recording data about Wi-Fi networks as it drives around snapping Street View pictures. The commissioner is off base in stating that publicly identifiable information is being grabbed, but perhaps it's better that a privacy czar errs on the side of the public at times.
Google's corporate counterpart to that commissioner, Peter Fleischer, penned a blog entry in which he explains in excruciating detail precisely what data is being collected in what fashion.
He writes, in response to the ersatz question, "Is it, as the German DPA states, illegal to collect WiFi network information?":
We do not believe it is illegal--this is all publicly broadcast information which is accessible to anyone with a WiFi-enabled device. Companies like Skyhook have been collecting this data cross Europe for longer than Google, as well as organizations like the German Fraunhofer Institute."
He does not note that Wi-Fi intentionally publicly broadcasts technical information for adapters to use to join the networks. Network users who don't want this information broadcast can disable beaconing (making it a "closed" network), or stop using Wi-Fi, or--to reduce range--even drop signal strength on many routers, or, in the 5 GHz band in some countries, choose a lower-numbered channel that uses far less signal strength than higher-numbered channels.
A UK law under consideration and much reviled by privacy advocates would make independent Wi-Fi hotspots legally indefensible: The Digital Economy Bill is a particularly odious piece of legislation that attempts to enforce copyright by requiring ISPs to keep records and disconnect customers who engage in such acts.
This puts the government in the business of taking people off the Internet by enforcing actions for what would otherwise be civil violations, previously needing to be proved in court. Now, something approximating an assertion and a few letters could cause an ISP that doesn't respond appropriately to face huge fines and other troubles. A similar law in France was initially struck down as unconstitutional, but was modified lightly before being approved.
The reason for these laws is to keep media industries from engaging in publicity-adverse lawsuits against individuals, such as those the RIAA (Recording Industry Association of America) led against college students, children, and dead people before sputtering out and moving to this approach.
The not-quite-unintentional consequence of the UK law would, according to advice provided by an arm of the government, put undue burden on hotspots, libraries, and academic institutions. The law requires that most parties be either subscribers (end users) or ISPs; ISPs primarily provide access, and subscribers use it, although there are some fine points. In either case, copyright holders can notify ISPs of violations who are required to notify subscribers. After a small number of violations, the subscriber can be disconnected from any Internet service for some period of time.
If someone downloads an allegedly pirated video over a library, university, or hotspot could force that institution off line if it failed to meet specific notification terms; it's unclear how a hotspot could restrict a banned user without imposing high bars for access, whether free or fee. Larger operations could have login and credit-card verification requirements--used mostly as a way to block people instead of allow them.
Danny O'Brien of the Electronic Frontier Foundation previously raised this concern on 2 December 2009 in a post to the EFF's site: "The repeated demand by the entertainment industry that intermediaries should police their networks has been expanded by the bill to include the subscribers on the edge of the network. If you're not an ISP, but other people use your network to get their net access — if you run an open Wi-Fi spot, for instance, like the British Library — you'll now be vulnerable to being terminated or constrained by the actions of those users."
None of these efforts, of course, deters privacy. As Cory Doctorow, a UK resident and editor of BoingBoing, wrote about this issue:
"The Digital Economy Bill is being sold to us on the grounds that copyright infringement harms the British economy because of the importance of our entertainment industry. But while the measures in the DEB won't stop copyright infringement (copying isn't going to slow down -- as computers and the technology they enable gets cheaper and more widely distributed, copying will continue to speed up, just as it has done since the dawn of the computer industry), they will harm British business and British families, by making the Internet generally less useful and more difficult and more expensive for honest people to use."
In the US, we don't have such a law underway--as far as I'm aware--but media firms have struck deals with some ISPs (and some ISPs have refused) to engage in the same sort of behavior without government involvement.
A pub in the UK that's part of The Cloud's network has been hit with £8,000 illegal download fine: ZDNet UK reports on some fragmentary information that a UK pub was hit with a fine in a civil case this last summer of £8,000 due to copyrighted material that was pirated over the pub's Wi-Fi network. The pieces don't entirely add up: it was a civil, not a criminal prosecution; UK law, like the US, seemingly should be exempt as a provider of service; and we don't know which pub nor what content. If the pub itself were downloading movies and making them available, then the fine would make some sort of sense.
Coshocton County, Ohio, shutters a hotzone because of a movie download: The local paper reports that Sony Pictures notified OneCommunity, which operates the county's one-block hotzone, that a movie was downloaded "illegally." The article doesn't provide enough details to know whether this was via BitTorrent, a pirate movie site, or other means. It's possible it was a perfectly legal download that Sony doesn't like, too, such as a transfer of a movie for personal use or a legal movie download that was mischaracterized.
In any case, it doesn't seem that Sony nor the MPAA (which is mentioned in the article but didn't apparently contact the county at all) asked for the network to be shut down. Further, there's no legal basis on which to close down a network because of illegal use. The common-carrier and other ISP laws protect such operations, even though if Sony had filed suit the ISP might have had to produce certain logs and other connection records.
My friend Cory Doctorow over at BoingBoing went with the knee-jerk headline: "MPAA Shuts Down Entire Town's Muni WiFi over a Single Download," when it wasn't a whole town, the MPAA wasn't apparently involved, and the shutdown was by the county, which didn't have to do so. The MPAA told MediaPost that it "didn't ask for the network to be shuttered."
What's likely here is that the county overreacted, and decided to limit any potential liability immediately, even though no sanctions or actions were apparently threatened by Sony (or the MPAA). In similar cases, private and governmental bodies have simply said, "Whatever" or turned to groups like the EFF for support.
Update: The network was brought back up on Friday. Sony received a number of complaints about its actions, despite not actually having asked the county to turn its network off. Sony reportedly emailed the county, and must have said it wouldn't pursue any action, which led to the county turning the network back on.
Australian tech agency CSIRO cuts deals with all firms it sued, that sued it: An Australian IT publications reports that the long-running patent lawsuits among government tech agency CSIRO, which had a broad patent covering some aspects of the OFDM part of Wi-Fi since 802.11g, have been settled. All the firms involved in litigation have cut licensing deals with CSIRO, the article says, although terms were not revealed.
CSIRO sued and won various judgments against Buffalo Technology, a Japanese-owned firm with worldwide sales, when Buffalo wouldn't agree to pay royalty fees. The case has bounced around a bit, with Buffalo's Wi-Fi products enjoined from the U.S. market for years, then allowed again after Buffalo won part of an appeal. It got rather complicated.
In the end, this apparent settlement with 14 firms, some of which CSIRO had sued and others had preemptively sued CSIRO, doesn't mean too much for anyone. There were certainly issues as to whether CSIRO would be able to survive a full-on patent reexamination, as it was clear that some aspects of its patent could have been open to challenge, but there was no way to know whether any parts of the patent would have been struck down, nor whether those would have affected its overall ability to assert rights.
CSIRO reportedly was never asking for much. As a government agency designed to commercialize and promote national inventions, the scuttlebutt was that they wanted at most a few bucks per qualifying device. The settlement likely involves firms paying something for equipment already sold and agreeing on a fee schedule for future sales.
CSIRO reinvests proceeds of commercialization into research, so in many ways this is a win for everyone (except shareholders of firms in the settlement who will have an extremely diluted "loss") as Australia is on the cutting edge of many interesting technologies funded by this agency. A talk with one researcher about photonic terabit switching blew my mind recently.
With billions of Wi-Fi devices to be sold in the coming few years and likely hundreds of millions, if not over a billion, in the market, CSIRO will see a huge winfall even at extremely modest rates for built-in Wi-Fi adapters, where costs are so low it's likely the agency would get tens of cents instead of dollars.
For consumers, we'll see almost no effect. With products price to end in $9 or $9.95 or $9.99, there's little wiggle room to add a buck or two. More likely, manufacturers will simply absorb the cost and reduce their margin slightly, looking for cost savings elsewhere.
Australian tech agency CSIRO settles with HP, continues case: CSIRO says that HP has settled on confidential terms over the agency's claims to have a patent that covers some of the fundamental parts of how 802.11a, g, and n Wi-Fi works. CSIRO continues to engage, as the article notes, "Microsoft, Dell, Toshiba, Intel, Nintendo, Netgear, Belkin, D-Link, Asus, Buffalo Technology, 3com, Accton and SMC." Cisco and its Linksys division aren't in the list because Cisco agreed to patent terms when it acquired an Australian network authentication firm a few years ago.
The patent may or may not be found valid. I have trouble with how it was revised to include frequencies not mentioned in the original filing that weren't in common use when the filing was first made. A patent review hasn't yet occurred. If upheld, CSIRO will collect what it has frequently described as a small royalty on all devices containing Wi-Fi.
The article misstates the current state of the Buffalo/CSIRO lawsuit by missing a fine detail. CSIRO claimed to have come out in top last September in an appeals court decision, but both parties got something out of it. In December, Buffalo was allowed to start selling gear again, even as the case was sent back to lower court to deal with a small issue. Now, it's still possible Buffalo will have to pay damages, back royalties, and future royalties, but it's actively selling gear at the moment. CSIRO says it won something in appeals because of this possibility.
Buffalo Technology has had an injunction lifted in its ongoing patent litigation with Australia's CSIRO technology agency: Buffalo was unable to sell Wi-Fi equipment in the U.S. since a permanent injunction was put in place in June 2007 following their 2006 loss in a lawsuit. CSIRO has a patent that they argue covers aspects of OFDM in 802.11a/g. CSIRO sued Buffalo after the Japanese equipment maker declined to pay royalties.
The injunction prevented Buffalo from selling gear that it offers in Japan and elsewhere in the world during the huge expansion of Draft N sales. This likely caused tens of millions of dollars of lost revenue, if not more. Buffalo was formerly mentioned in a single breath with D-Link, Linksys, and NetGear. (Linksys, as a division of Cisco, already pays CSIRO license fees: Cisco agreed to honor CSIRO's patent assertion because of a purchase of an Australian firm a few years ago.)
Buffalo can now sell Wi-Fi gear in the U.S. due to winning a narrow appeal in October that sent the case back to a lower court to resolve an issue. The company could still be liable for damages and other fees if the lower court finds for CSIRO and higher courts agree.
Orthogonal Frequency Division Multiplexing allows a single Wi-Fi channel to be subdivided into a smaller number of channels, improving performance in reflective environments and adding robustness against interference. It's also used in WiMax, LTE, and other standards. This could mean CSIRO would pursue makers of other technology eventually as well.
CSIRO has never given any sign of asking for predatory royalty rates, but several firms have countersued, including Intel, Dell, and Microsoft. Those cases are still in litigation, as far as I can tell.
A few days ago, I wrote that CSIRO had come out on top in an appeal by Buffalo of a district court decision: CSIRO, the Australian technology agent, has a broad patent that appears to cover aspects of OFDM, a technique for improving throughput in multi-path (reflective) signal environments. OFDM is used in 802.11a, g, and n, as well as in WiMax, and other wireless technologies. CSIRO has Cisco signed as a licensee, as Cisco bought an Australian firm a few years ago (this covers Linksys as well), but other makers are fighting. Buffalo lost a district court decision and has an injunction preventing the import of Wi-Fi gear, which has likely cost them tens of millions of dollars. They're a leading seller in their founding country of Japan.
It appears that's inaccurate. While extremely technical in only a way that a court decision about patents can be, Buffalo won the appeal on a very narrow argument about the obviousness of the combination of two IEEE papers related to the CSIRO patent. Another issue, about how the original patent application covered 10 GHz and higher but was amended to covers the entire range of radio frequencies, appears to be set aside. Buffalo issued a press release.
Starbucks informed me that it, AT&T, and T-Mobile have signed a memorandum of understanding about the free Wi-Fi kerfuffle: T-Mobile filed a lawsuit a few days ago against Starbucks stating it wasn't involved in discussions about its network carrying free loyalty-awarded Wi-Fi via AT&T's authentication system. Now the three companies are apparently making nice.
The statement from Starbucks reads: "T-Mobile, AT&T and Starbucks have entered into a memorandum of understanding to resolve their disputes and are committed to providing a high quality WiFi experience for customers, including Starbucks Rewards Customers, at Starbucks locations nationwide."
My interpretation is Starbucks said, oops, our bad, and they're figuring out the dollars and cents. Sometimes companies move too rapidly. T-Mobile is a quasi-jilted suitor, although they get something out of AT&T transition, too, so they're not likely to cut any slack.
Reuters confirms that AT&T confirms the statement. I separately confirmed with T-Mobile that the statement is accurate as well.
It's the end of the cycle, folks: The first shall be last and the last shall, apparently, be first to sue. The Philadelphia Wi-Fi network will be shuttered under plans by EarthLink that they announced via press release today.
The company plans to pull all its gear from the poles starting 12-June-2008. The company's press release said it offered to give the network at no cost to an unnamed non-profit, as well as to the city, but claimed that "unresolved issues" led to the effort falling apart. EarthLink offered cash and more equipment, as well, in undisclosed quantities. Wireless Philadelphia, the non-profit in charge of managing the network provider and administering digital divide programs, was apparently not the non-profit mentioned.
EarthLink filed a lawsuit to allow it to remove its Wi-Fi nodes and cap its liability at $1m. That's a pretty hostile move, given that the city would have been the more likely party to feel aggrieved and file suit against EarthLink for failing to live up to the terms of their agreement.
EarthLink's claims of offering the network to "a non-profit" or the city for free skirts the issue that EarthLink may have certain liabilities for electrical power and other fees that haven't yet been paid; Wireless Philadelphia had agreed to pick up or defer certain charges as part of the deal that brought the network provider in. But without a completed network, and the contract therefore perhaps susceptible to being declared in default in court, it's unlikely that this will play out nicely.
And I'll say bluntly: If someone offered you $17m of outdated equipment on a network that never worked to specification that wasn't completed, and that already had known high annual costs, and which a private firm gave up as a bad job that they couldn't turn a dime on--would you take that deal? No. EarthLink will ultimately have to pay much more than $1m, I predict, and I suspect some of the settlement will leave gear in selected neighborhoods behind for more modest networking purposes. It's not going to be as easy as releasing a press release, although I haven't read the contract's provisions for this set of circumstances, and I'm not a lawyer.
The failure in Philadelphia, and EarthLink's exiting the entire muni-Fi business, represents the end of a bad model in which a company agreed to assume all risk and costs associated with building a public access network. When the assumptions were that networks would be cheaper and easier to build in 2005, and that citizens in many larger cities had few affordable broadband options, it made some sense to build a network on spec.
Three years into this, however, it's clear that that capital investment is 2 to 3 times higher than what was anticipated to reach a level of service quality that people will expect; that, when presented with potential competition, DSL and cable operators will slash prices and offer cheap 1-year or "lifetime" rates with long-term contracts; and that wireless broadband delivered via Wi-Fi isn't the best of ideas for indoor service.
Minneapolis may wind up being the only large city, if the network quality and subscriber rates play out, that has a public access network that works and produces a return.
Update: Wireless Philadelphia released a statement from its chief, Greg Goldman, that WP is still hoping to work out a resolution. They "remain optimistic."