Confessions of a Wi-Fi Thief

Michelle Shildkret from Time wrote in to tell us about a story about "the ethics of stealing Wi-Fi. Many of us been guilty of the same crime at one point or another — according to the article, 53% of us at least. But how guilty do we really feel? As it is officially a crime to steal wi-fi (Title 18, Part 1, Chapter 47 of the United States Code, which covers anybody who 'intentionally accesses a computer without authorization or exceeds authorized access')."

Not a thief

[xtracto (837672)]

"intentionally accesses a computer without authorization or exceeds authorized access")."

Then, I have never stolen WiFi. I have never accessed without authorization; as I have never cracked a WEP or WPA password scheme.

Everytime I use an available wireless network, I instruct my computer to ask for permission to connect to the router and enter to the wireless network. And most of the time the router gives me such permit and assigns my router an IP. When it does not happen, then I assume the owner has instructed the router to give permission to specific machines (as in, machines with a specific MAC adddress) and hence I do not use such networks.

Seriously, someone must create an interface in which a person is able to send the commands manually to the router (like the AT commants in a modem) to ask for connection permission (i.e., DHCP protocol). That way, when you are in court, you could use that program along the court's wifi to show them how you are indeed asking for permission and the software is granting you the permission.

Re:Not a thief

[Rinisari (521266)]

Exactly the defense that anyone would should use. If the plaintiff says, "Well, I didn't explicitly grant you permission to use my network," then you can fire back, "You did when your router gave me explicit permission by assigning me an IP address and giving me a gateway by which I could access the Internet. Essentially, I asked if I could use the network, and, acting on your behalf since you set it up, it said I could when it gave me the information required to use the network."

Re:Not a thief

[e03179 (578506)]

You did when your router gave me explicit permission by assigning me an IP address...

I am not a Wi-Fi hacker, but I'm pretty sure that humans don't get assigned IP addresses.

Re:Not a thief

[Bandman (86149)]

I'm also pretty sure laptops don't get criminal trials

Re:Not a thief

[TheSpatulaOfLove (966301)]

I'm also pretty sure laptops don't get criminal trials

Laptops may not, but printers are subject to civil lawsuits - Right, RIAA?

Re:Not a thief

[Illbay (700081)]

Not true. Haven't you heard? The U.S. Supreme Court has now granted full U.S. Constitutional protections to laptops. Even if they're being detained at Gitmo.

Re:Not a thief

[Joe the Lesser (533425)]

And in California you can marry them!

Re:Not a thief

[CogDissident (951207)]

Sure they do, mr 57.85.0.6

Re:You forgot to add...

[rodney dill (631059)]

Sorry I'm not at 127.0.0.1 right now, please leave a message... (beep)

Re:Not a thief

[Jeppe Salvesen (101622)]

I believe it is a lesser crime to enter without breaking in.

Now, if you use an open network, you only use bandwidth temporarily. If you leave the network, the bandwidth will still be there. So it's more like entering an unlocked house to take a sip from the faucet. The only crime committed is that you didn't pay for bottled water.

Re:Not a thief

[by Anonymous Coward]

I liken using somebody's unsecured wireless network to listening to a neighbor's music that they play loud enough for me to hear. I didn't ask my neighbor to send wifi signals into my home.

Re:Not a thief

[McDutchie (151611)]

So it's more like entering an unlocked house to take a sip from the faucet. The only crime committed is that you didn't pay for bottled water.

Except that you didn't enter any house. Your neighbour is transmitting their open-access signal into your own house for you to use. Your analogy is therefore broken.

Re:Not a thief

[eebra82 (907996)]

I hate the house analogy when used in these debates. What if someone sets up a WiFi zone that covers dozens of apartments? Are you basically saying that there is a house - that you may or may not enter - in my apartment? This is where that analogy fails, because a house is still property. My apartment is, however, my property and what's in it is rightfully mine.

The WiFi, if not secured, is simply private space because there is no sign that prohibits trespassing. Why the hell should I be a criminal if someone penetrates my apartment with WiFi signals that are not secured by password?

By breaking through the encryption, you're obviously doing something criminal. But that's something entirely different, too..

Re:If you really want to pick up this analogy and

[Orange Crush (934731)]

maybe the problem is just that there's no easy way to differentiate between a deliberately open router and a purposefully left open one...

Indeed. I think there may be no way at all to differentiate between a router left open deliberately and one left open purposefully.

Re:Not a thief

[xtracto (837672)]

If you leave the network, the bandwidth will still be there.

That could presumably be false if whoever is paying for the service pays for a limit GB/month allowance

Re:Not a thief

[evilandi (2800)]

I believe it is a lesser crime to enter without breaking in.

Correct. Burglary is the act of breaking AND entering AND committing theft (logical AND; all three must happen). Theft is the intention to permanently deprive someone of physical property. Since accessing open WiFi does not involve depriving someone of physical property (neither permanent nor temporary), it is neither theft nor burglary.

Fraud covers many crimes such as obtaining goods or services through deception. Since there was no deception, there was no fraud.

A door does not reply with a message granting me access; the fact that it is open, closed, locked, unlocked, slightly ajar or otherwise is legally irrelevant - the important thing with burglary is that you had to break something to gain entry and then take something without permission, with no intention of giving it back.

An open WiFi router does specifically reply with a message granting me permission. The fact that it uses a particular protocol or particular encryption is legally irrelevent - the important thing is that it replied back with a message specifically granting me permission. Users are authorised.

(Declaration of interest: I run a deliberately open WiFi hotspot [framptoncottages.com] - albeit heavily firewalled and bandwidth-throttled. )

Re:Not a thief

[Fast Thick Pants (1081517)]

Suppose you bought a used car lot, but not to sell the cars, just to have a nice inventory onhand for your friends and family who live nearby. You want to make it easy and convenient, so you get all the cars rekeyed so the same key will operate them all. You want to announce this service and distribute the keys, but it's too much trouble to look up each person's mailing address. So you get 1000 copies of the key made and bulk-mail them to everyone in the zip code, addressed to "Occupant", with an invitation that says "Feel free to borrow one of my cars!"

Naturally, you assume that only the friends and family you intended will use the cars. Imagine your surprise when you see strangers borrowing the cars!

Is this bad? Well, it's not doing anyone any harm... as long as you have enough cars left over for your friends and family too... as long as the strangers don't run over pedestrians with your cars and get the cops on your ass... as long as the local car rental company doesn't find out and come break your kees for stealing their business... Hmm, all in all, maybe it'd be safer to give the keys out only to selected individuals!

Re:Not a thief

[Fast Thick Pants (1081517)]

Wait wait, better -- you bulk mail out the invitation to "Occupant", but it doesn't include the key. Instead of getting the cars rekeyed, you just have a giant rack of keys, and you hire a guy, Vito Linksysio, to hand out the keys as needed. Now, you *could* give Vito pictures of people who are allowed to borrow the cars, but that's too much trouble. You *could* tell him that people have to know a password to get a car, but that's too much trouble. So you just tell him to hand a key to whoever shows up.

And even though you've mailed the invitation to the entire zip code, you're still shocked, shocked to find that strangers are borrowing the cars. How forward of them!

Re:Not a thief

[SeekerDarksteel (896422)]

An unsecure wireless network is NOT an invitation, and negotiating a network connection does not equate implied permission to use the network.

Did you check your email this morning? If so, did you call up Google or Yahoo or your ISP or whoever provides it and ask them if you had permission to connect to their server?

Did you call the person hosting TFA before clicking on the link asking if you had permission to access their server?

Of course not. That's preposterous. Because the nature of a computer network is DEFAULT ALLOW. If it were not, the internet as we know it today would be impossible. Quite literally, the fact that I _can_ connect to a webserver makes it okay. The fact that I _can_ connect to an SMTP or POP3 server implies I have permission. And the fact that a wireless router grants my laptop an IP address is literally the router saying "Feel free to use me however you want."

Just because people don't realize this fact doesn't make it any less the case. Otherwise, I could set up a webserver, buy a domain, then sue anyone who connects to my webserver for accessing my computer without my permission. I pay per GB of bandwidth the server uses, how dare you connect to _my_ webserver and use _my_ bandwidth.

Re:Not a thief

[phoenix.bam! (642635)]

Bad analogy. I ring your doorbell and a ticket drops from the mail slot that says "You're free to enter the house and watch some tv."

Re:Not a thief

[Just Some Guy (3352)]

Bad analogy. I ring your doorbell and a ticket drops from the mail slot that says "You're free to enter the house and watch some tv."

That was even worse. More accurate analogy: you have a loudspeaker shouting "HI! COME IN!" to all passersby. I ring your doorbell, and a key to the house and a nametag pops out of the mail slot.

Don't want me in your house? Don't advertise free admission then give me a key and a nametag.

Re:Not a thief

[DriedClexler (814907)]

*sigh*

Three things are certain in life:

1. Death
2. Taxes
3. Increasingly complicated analogy wars in discussions of wi-fi freeriding

Re:Not a thief

[Just Some Guy (3352)]

There is a door, in that if you don't have an IP on that WAP for whatever reason, then it's not going to pass traffic with you. Once you associate with it and get a DHCP lease, that door's wide open.

Even better analogy

[GameboyRMH (1153867)]

You ring the doorbell, a ticket drops from the mail slot that says "You're free to enter the house and watch some TV", and the door swings open for you, and a lighted path to the TV illuminates on the floor. Valuable objects may be in plain view, but messing with them in any way wouldn't be ethical, since they are clearly personal, whereas access to the TV isn't.

Re:Not a thief

[gurps_npc (621217)]

1. The door does not act in your example, the router DOES act. A more accurate analogy would be: I asked your door to open for me AND IT DID OPEN. Not impossible, as many businnssess have doors that automatically open. 2. You had people STEAL things instead of simply enter the house and watch TV. We are describing someone enter the wifi connection and use it to connect to the internet, NOT take other things. Stop trying to ADD real crimes that we are NOT discussing. God, is it THAT hard to pay attention to our points or do you just ignore people that disagree with you and make up vile lies?

Re:Not a thief

[profplump (309017)]

Entering an unlocked, unposted house is not a crime, at least not in my jurisdiction. If you enter a locked house, you're breaking and entering. If you enter a house posted with no trespassing signs, or enter a house and refuse to leave after being instructed to do so by a legal resident or their agent, you are trespassing. If you simply enter a house, stand around inside, and leave when asked without breaking anything, you have committed no crime.

Re:Not a thief

[palegray.net (1195047)]

Then, I have never stolen WiFi. I have never accessed without authorization; as I have never cracked a WEP or WPA password scheme.

That's the key to the whole debate. I've had a WiFi router at my home and various offices for years. If I enable features designed to limit access (MAC address checking, WEP/WPA encryption, etc) and someone tries to spoof and/or brute force their way into my network, that's theft of service and unauthorized access. If my router is set up for wide open access, I'm granting permission for anyone to use it.

In general, laws are designed to work like this: that which is not expressly forbidden is permitted. We're talking about radio waves here; before anyone starts up with some dumb analogy to parked cars and leaving the keys in them, consider this: when you use a resource I have made freely available, you're not denying me access to it. Someone might make the argument that excessive use of my resource would degrade its usefulness to the primary (owning) party, but that's easily remedied using simple protection schemes (either block access entirely, or throttle access to unauthenticated clients). I've done exactly this in numerous cases, using various router packages.

Here's a sad, but interesting article: Man charged with wireless trespassing [cnn.com] from July of 2005. To quote a section:

Wireless networks are becoming more prevalent with the spread of broadband Internet access, and many consumers are not aware of how to configure their networks to avoid unauthorized access.

This man was charged with a felony because the owner of the connection failed to educate himself on how to use a point and click interface to secure a home wireless router. Was he up to no good? Maybe, but we don't know for sure, and it's beside the point. If someone were to use my connection for criminal activities, it becomes my problem to prove it was the third party's actions, and not my own that led to the violation of law. He's "innocent until proven guilty" the same as I am. This is why companies (at least ones that aren't interested in getting sued) track their network access and provide authentication schemes.

Broadcast = Permission

[Toe, The (545098)]

Indeed. I don't know how the law is interpreted, but I cannot imagine how anyone who broadcasts an unencrypted radio signal can complain if someone else picks up that signal. It would be like a TV station claiming that you are stealing their content because you tuned into their channel.

You could say that a wifi router is different from TV because the activity is two-way: but the wifi router chooses to respond to me. If the owner of the router never bothered to tell their router not to respond to me, then is it my fault that it does? Am I guilty if my computer merely pings their router because it created a response on that router? They are the one who initiated the communication by broadcasting hello packets.

Re:Broadcast = Permission

[Just Some Guy (3352)]

Am I guilty if my computer merely pings their router because it created a response on that router? They are the one who initiated the communication by broadcasting hello packets.

Complicating matters is that certain popular OSes (XP, I'm looking at you) tend to auto-connect to the strongest signal available, no matter how nicely you ask them to stop doing that. If you're closer to your next-door neighbor's WAP than your own, and Windows decides to use his without asking your permission or even telling you, then can you really be considered guilty of anything? And doesn't that mean that the world's largest OS vendor considers "default allow" to be the correct interpretation of WAP etiquette?

As little as I'm a fan of MS, I think "that's the way Windows does it automatically" would be a pretty good defense against criminal intent, even if a jury disagreed with the legality of the actions themselves.

Re:Not a thief

[Animaether (411575)]

"as I have never cracked a WEP or WPA password scheme"
Have you ever spoofed a MAC address?
Have you ever connected to an access point that did not broadcast its SSID?
Have you ever connected to an access point that says "private", "stay out", or otherwise?

If 'yes' to any of the above; I don't know about the U.S. law, but in The Netherlands you would still be guilty of "computerhuisvredebreuk"; meaning so much as tresspassing on a computer network

Then again, a great many people seem to think that even WEP encryption is an open invite to use the system, given the easy of cracking it.

Re:Not a thief

[palegray.net (1195047)]

I've never done any of the things you describe, because I consider them to be highly unethical. In my mind, connecting to an unadvertised resource fails the ethics test because there's no way anyone could reasonably imply that consent was given.

Those who crack networks by breaking WEP, spoofing keys, or other measures should be held legally accountable. People who merely access an open, advertised resource shouldn't be at risk of going to prison.

California law

[BasharTeg (71923)]

Just for everyone's entertainment, the california statute that applies is:

California Penal Code Section 502(c)(3) and 502(c)(7).

And for all of the idiots stating that the "router" gave them permission, give me a break. The router isn't a legal entity, and only works in the way you interact with it. Just like the door knob.

I twisted the doorknob (initiated association with the accesspoint), and the doorknob gave me permission to enter by retracting the latch (allowing me to associate and giving me a DHCP lease). The owner of the door could have configured the door differently, by engaging the lock mechanism (using WEP or WPA), so since he didn't I'm free to enter and watch his HBO (use his broadband internet access). I'm not "stealing" from him, because it's not like he has less HBO (internet) now that I've viewed some of his HBO (internet).

A big part of what a lot of people are missing is, even if you had a point regarding associating with his wireless network because it is open (which you don't), that only gives you authorization to access his LAN. You still have no right to use his paid broadband internet services. You don't have that right, because you aren't paying the ISP, and because the owner of the access point doesn't have the right to share or transfer his right to use his internet service with all of his neighbors, just like I don't have the right to share my HBO programming with all of my neighbors. It's called theft of service. Even if you claim the right to access the wireless owner's network, you certainly do not have permission to access the ISP's network. And even if I run coax down my lawn, and put a coax jack at the end of my property so that people on the sidewalk can screw into it and watch HBO, that doesn't mean I have any right to share my HBO or that you have any right to leech service that you're not paying for.

Using someone else's wifi is a crime, because you're not just accessing their network, you're accessing their ISP's network without permission. Giving away your wifi by intentionally hosting open access points is very likely a breach of your contract with your ISP.

Re:Not a thief - depends

[by Anonymous Coward]

It depends from country to country:

• In Singapore you can be arrested for using an open access point because it is not clear that it was set up for you to use.
  
• In Germany you can be arrested for having an open access point because it is clear that you have set it up for others to use.
  

Ahh.. the logic of law.

Re:Not a thief

[Just Some Guy (3352)]

Does the law already consider an open, unencrypted network as implicitly giving permission, or is it written to say that if the person who owns that open, unencrypted network has not given permission then it's illegal?

How does the law answer the same question about websites?

Re:Not a thief

[bryce1012 (822567)]

An excellent point, and it makes me wonder... Could that judge with all the "porn" on his "website" file criminal charges against whomever dug that stuff up? After all, I'm pretty sure he didn't explicity grant them permission.

Re:Not a thief

[Alex Belits (437)]

This is US -- we don't have real laws that get updated with precise description of what is and isn't a crime. "The law" is whatever the last time judge decided after hearing a shouting match between two attorneys.

Re:Not a thief

[Bandman (86149)]

If the access point is broadcasting a signal which says that it isn't open I don't use it, even if it's using an insecure system such as WEP which might reasonably be treated as an invitation to hack.

This is apparently some definition of the term "reasonably" of which I was previously unaware.

This can be argued, but...

[idiot900 (166952)]

As it is officially a crime to steal wi-fi (Title 18, Part 1, Chapter 47 of the United States Code, which covers anybody who "intentionally accesses a computer without authorization or exceeds authorized access")."

Would this apply to an access point which advertises its SSID and doesn't demand credentials from users? I would argue that it authorizes everyone to use it. To draw an analogy, it isn't just leaving your front door unlocked, it's leaving it unlocked and putting up a sign that says "Please come in!". So I don't see how accessing an open access point is a officially a crime.

But then again, I'm not a lawyer.

Authorization

[Hatta (162192)]

Title 18, Part 1, Chapter 47 of the United States Code, which covers anybody who "intentionally accesses a computer without authorization or exceeds authorized access"

Open routers have a policy of allowing authorization by default. As such, using an open router is not illegal under this act. If you have to crack anything, then it is illegal. But a simple open router is no different than an open anonymous FTP site, web server, irc server, etc.

How Guilty?

[stewbacca (1033764)]

How guilty do I feel when my computer/phone/whatever connects to a wide-open wifi signal without even prompting me to do anything? How about, "not at all"?

Not At All?

[D Ninja (825055)]

But how guilty do we really feel?

About as guilty as I feel when I drive above the speed limit.

I can neither confirm nor deny...

[Ngarrang (1023425)]

...that I may or may not be using yours or someone else's unsecured wi-fi access point, Definitely maybe not, to post this response.

Blame Windows

[sunderland56 (621843)]

Windows is, by default, configured to automatically connect to new networks. Which means, it is configured to silently break the law, without your knowledge. The 53% of people who admit to stealing WiFi is probably really higher - many people don't know where thier bits are coming from.

The power went off in my house the other day - and nobody noticed. The four or five laptops in use all silently switched over to a neighbour's network. I can't see that being considered a crime.

Does the law really say this?

[feenberg (201582)]

Here is a link to the actual law:
http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html

In addition to "intention" there seems also to be a requirement for damage or fraud, or revealing atomic secrets. I don't think it is obvious that using a wi-fi router based on a DHCP reply is improper under the law, although the syntax of the law is complex. Walking up the front walk of a home to ring the doorbell isn't necessarily trespassing, even without permission.

tsoat

[Tsoat (1221796)]

Encrypt your signal or expect people to use it. It's that simple folks

I don't get it

[leoboiko (462141)]

I don't see what's the drama with open access. I leave my AP open on purpose, with an essid starting with "free_" to reinforce the idea, and a simple QOS setup to give me priority over my neighbors. I can't even notice when they're using the net, and I counted more than 10 different MAC addresses so far. More people using the net == good. It's not like I need all my bandwidth 24/7...

in b4 "but pedophiles will get you jailed, think of the children!!" -- I'm no more responsible for that than the hot dog vendor in the corner would be if ninja terrorists employed his hot dogs as lethal weapons.

My Ungrounded Lightning

[Doc Ruby (173196)]

When I use WiFi signals that are in the air somewhere that I've got a right to be myself, like in my own home or office, I feel the same way about using it as I do when I use an electrical ground wire. Or reading a newspaper in the incident light.

If those electrons or photons are trespassing in my private property, whoever sent them there is fortunate that I don't take countermeasures, in court or with a lethal focusing reflector.

Re:no theft here

[KingArthur10 (679328)]

Routers/Access Points are computing devices more sophisticated than the computers of the early 80s.

Re:no theft here

[sm62704 (957197)]

Your subject is correct, the summarry is wrong.

steal [reference.com]
      Audio Help /stil/ Pronunciation Key - Show Spelled Pronunciation[steel] Pronunciation Key - Show IPA Pronunciation, verb, stole, stolen, stealing, noun
-verb (used with object)
1. to take (the property of another or others) without permission or right, esp. secretly or by force: A pickpocket stole his watch.
2. to appropriate (ideas, credit, words, etc.) without right or acknowledgment.
3. to take, get, or win insidiously, surreptitiously, subtly, or by chance: He stole my girlfriend.
4. to move, bring, convey, or put secretly or quietly; smuggle (usually fol. by away, from, in, into, etc.): They stole the bicycle into the bedroom to surprise the child.
5. Baseball. (of a base runner) to gain (a base) without the help of a walk or batted ball, as by running to it during the delivery of a pitch.
6. Games. to gain (a point, advantage, etc.) by strategy, chance, or luck.
7. to gain or seize more than one's share of attention in, as by giving a superior performance: The comedian stole the show.
-verb (used without object)
8. to commit or practice theft.
9. to move, go, or come secretly, quietly, or unobserved: She stole out of the house at midnight.
10. to pass, happen, etc., imperceptibly, gently, or gradually: The years steal by.
11. Baseball. (of a base runner) to advance a base without the help of a walk or batted ball.
-noun
12. Informal. an act of stealing; theft.
13. Informal. the thing stolen; booty.
14. Informal. something acquired at a cost far below its real value; bargain: This dress is a steal at $40.
15. Baseball. the act of advancing a base by stealing.
--Idiom16. steal someone's thunder, to appropriate or use another's idea, plan, words, etc.

Accessing a hotspot without authorization may be a crime, but so is smoking pot. Is smoking marijuana "thieft"?

You are correct, TFS is wrong. If I steal your truck you don't have access to your truck. If I hide in its bed and ride downtown with you without your knowledge, it may be wrong and it may be illegal but I didn't steal anything.

Re:no theft here

[nanop (155318)]

We'll today'll be the last time I heat my burrito in the microwave in "Executives Only" lounge, lest I be charged under Title 18, Part 1, Chapter 47...