|
|
|
|
|
|
by wongarsu
2372 days ago
|
|
|
I think this might be a misquote. DNF is a registered association/charity which is providing network services for universities and research facilities (originally German, but spreading across Europe and beyond). They are the ISP of most German Universities, and more relevant to the topic they operate Eduroam, a wifi where any student or staff member can access their internet using their login credentials (username/password login via WPA 2 Enterprise). It's really handy because even if you are at another university you can still access the wifi, and any misuse (==people getting sued for torrenting) is easy to track. As such it stands to reason that they set rules for how credentials used to authenticate to their wifi are handled. And basically always those are the credentials for your university account. tl;dr: almost certainly not a law, but rules most Universities have to abide to if they want to keep their ISP and wifi. |
|
|
Did not make much sense otherwise for just email or even for active user accounts (as in unix logins), because if you have tens of thousands of them your security model surely cannot rely on the assumption that none of them are bad actors.
"Just like a phone SIM" is also where it definitely enters the realm of legal requirements. Certainly debatable, but there can't be much precedent and then it's the usual struggle between a perhaps careless group appealing to common sense and a maximum correctness camp that wants to go by the book, in its most pessimistic interpretation. When under a malware attack like that, even the slightest trace of neglect on the technical side can punish you hard. It's no surprise that the required mindset of extreme prudence carries over to the legal side. I still don't believe that the ID check would be the only correct way to handle this (e.g. snail mail still goes a long way in terms of checking legal boxes), but they surely are not in the mood for taking risks right now.