He, Cringely - A Case Of Subscriber Identity?

Thanks to his spanking new RSS feed, I spotted Cringely's proposed Wi-Fi "business model" early on. I also spotted a number of glaring errors in his "WhyFi" approach as soon as work allowed me to get back to it and read it properly.

My first thought was - nobody gives away free equipment, period. But even worse, nobody gives permission to set it up. Also glaringly obvious is the fact that bandwidth costs money up and down the value chain, so the concept that first-tier ISPs would tolerate "widespread cheating" and connection sharing is amazing - especially considering the kinds of acceptable use policy clauses US ISPs are constantly trying to enforce.

I would rant on and on about the business flaws, but Glenn Fleishmann already did an excellent job. As Glenn pretty much points out, Cringely does not seem to grok what an aggregator/broker like iPass really is (let alone what it does and how it makes money). Oh well. Go read Glenn's article - it's a bit too focused on the US (which, as usual, has the bigger and noisier Wi-Fi scene), but it dismantles Cringely's sketchy vision pretty thoroughly.

But getting back to basics, there are far too many security flaws in the whole concept. Mind you, there were some interesting aspects - like most pundits, Cringely almost got something right. For instance, the "magic" firmware he envisions is (disregarding a few things that are blatantly impossible to do, period) pretty much what NoCat might have become if they hadn't adopted a ludicrously complex gateway-authenticator approach.

The Sputnik guys are closer, but as usual, most tech folk approaching Wi-Fi security (being almost entirely focused on IP and the US) forget that there is an already tried-and-true technology that is currently handling millions of mobile subscribers and performing authentication, authorization and accounting.

No, it's not RADIUS - but RADIUS or Diameter can be tied in to it fairly easily. It's the SIM card, and there is one in any GSM or WCDMA phone anywhere.

And better still, it works, and has done so demonstrably over the last decade or so (or the last couple of centuries if you happen to be living on Internet time and think last week's technology isn't worth buying anymore...). In fact, I would venture that most of our Wi-Fi security problems would pretty much be solved if wannabee Wi-Fi security engineers (who seem to originate mostly from the TCP/IP side of things) would care to ditch their prejudices and check out the EAP-SIM work that has been going on for a while.

But then, as a magazine article I read a few years ago stated, 90% of American mobile phone users didn't have the faintest clue as to what a SIM card was - and given that engineers are pretty much like normal people (although a bit paler and often more myopic), I guess we'll just have to educate them, or throw them a hint or two.

They'll catch on, I hope, after they figure out 802.11i isn't going to solve all their problems...

And I suppose Cringely (who, I grant, might have a clue as to what a SIM card is but simply failed to see the connection) is entitled to being just as clueless where it relates to turning Wi-Fi into a real business, too.