MD Bill Would Criminalize Theft of Wireless Access

Pickens writes "A bill presented by Delegate LeRoy E. Myers Jr. to the Maryland House of Delegates would criminalize purposely surfing the Internet on someone else's wireless connection. The bill would make intentional unauthorized access to another person's computer, network, database, or software a misdemeanor with a penalty up to three years imprisonment and a fine of up to $1,000. The Maryland public defender's office has submitted written testimony opposing the specific ban and penalty suggested in Myers' bill. Noting that wireless connections are becoming common in neighborhoods, the written testimony says: 'A more effective way to prevent unauthorized access would be for owners to secure their wireless networks with assistance where necessary from Internet service providers or vendors.'"

come here, sweetheart

You say "no," but your router says "yes."

Re:come here, sweetheart

You say "no," but your router says "yes."

You were modded "funny", but that's quite literally what is taking place. Nobody's "stealing" anything; your router is being asked for permission, and it's not only granting it, it's assisting by providing an IP address for you to use and telling you where you might find a good DNS server or two.

Now the owner of that router might say, "But I didn't know it was doing that on my behalf!" I suppose it's a little like coming home to find that your kid has been inviting people into your house who you'd rather not have there. But that's an issue to be settled between you and your errant kid, isn't it? Law enforcement generally isn't interested.

Since there is no groundswell of outrage from people who are providing bandwidth to their neighbors - unwittingly or not - you have to assume that the "victims" here are the ISPs: Comcast, Time-Warner and the like. That guy who checks his email or the weather using "free" wireless is, in their eyes, $50 a month in lost revenue. Not that they could possibly influence legislators in a state like Maryland, of course...

Re:come here, sweetheart

The router is not sentient. It has no ability to judge, and despite the fact that it may invite some people in does not mean it is entitled to do so or that they are entitled to enter.

People are responsible for the consequences of machinery they operate. If you operate a router that is configured to provide access to anyone who asks, you have already given your consent to the requester. It doesn't matter if you are ignorant of this, could you imagine successfully arguing that you should not be held liable for damage you did with a bulldozer because you never bothered to read it's manual and just assumed it would work?

Re:come here, sweetheart

How is this criminal? This is like a perfect example of a civil offense.

Re:come here, sweetheart

Why would you go about discounting prices for illegal immigrants before discounting for legal residents? Sorry, you're from out of state, you have have to pay more than the out of country guys -- except the ones that applied properly -- of course.

Re:come here, sweetheart

So this assumes they have the same level of wages? Because as far as I can tell, this is not usually the case.

I don't care what level of wages they have. The government can't save you. We need a public education campaign. It doesn't matter how sincere and compassionate a politician sounds, she has to get the money from somewhere. And that somewhere will either be your pocket or a printing press.

What happened to American independence? A few generations ago, people would rather live on beans and potatoes than accept money from the government. John Maynard Keynes and FDR have ruined the federal government. It happened to Rome, and it will happen to us. When people believe there is such thing as a free government lunch, we are ruined.

I don't like that word "purposely" in there...

...after all, who is to determine whether someone purposely accessed the wireless connection. I know I have been in neighbourhoods where there were many wireless connections, and while I thought I was connecting through my host's access point, it turned out to be someone else's.

So, who it going to determine whether the access was on purpose, or the more likely alternative, accidental?

Re:I don't like that word "purposely" in there...

How many people will be so intimidated by the whole process that they'll just accept whatever plea is offered?

Ditto those who don't have the several thousand dollars to hire a lawyer?

Ditto those who don't have the courage to tell the prosecutor "go fuck yourself - see you in court, numnuts - and you'd better have LOTS of proof ..."

Ditto those who don't want to "rock the boat"

Ditto those who can't afford to take time off work.

When a case goes to trial, even when you win, you usually end up losing. Its not like the other side has any "skin in the game." They still get paid, win or lose. Justice? Not for us.

Re:I don't like that word "purposely" in there...

Sounds like you need to take 2 minutes and put on a WEP key. I for one believe in sharing my connection (with the proper safety precautions in place of course). The problem with this law is that it assumes that if you access an OPEN network, you are nreaking a law. A law that makes more sense is one that states if you actively seek to break into an ENCRYPTED network, you are commiting a crime. Which is, as I understand, the way the law is already written. I don't think the guy who wrote this bill really has much of a technical background. More likely he is trying to make a name for himself by introducing new technical legislation, which is all the rage right now. It's an unfortunate state of current events. Most technical legislation is introduced by people who are either acting on behalf of lobbyists, or news blurbs on CNN/Fox. There are only a handful of lawmakers that have demonstrated that they have even a remote clue what they are talking about. It bothers me that these people are left to decide the fate of things they have no real grasp of.
I try to write letters to my elected officials any time something like this comes up for a vote. I've even made some phone calls when it's either highly technical or highly important.

Re:I don't like that word "purposely" in there...

The problem here is that there is an ambiguity of intent. SOME people (and it doesn't even have to be a large number) keep their wireless connection open on purpose. To assume that it is automatically an unwelcome act to enter an unsecured network is flawed logic. As is to assume that either AP owners or laptop users are all ignorant or devious.
    While not the easiest solution to implement, the most logical solution would be to simply require AP manufacturers to default routers to a closed network. Either using a default WEP/WPA/Etc. key, or with a mandatory setup upon installation (a la the runonce screen you get in IE the first time you open it). This takes the ambiguity out of the equation and allows all users who do not want their networks open to lock them down, even in the face of computer illiteracy. Then, if a network is open, it is set that way by choice, and conversely, if a user logs on to a closed network without authorization, there is a clear intent to trespass.

abra-ca-de-ridiculous!

Yeah, and I suppose that sitting in someone else's light, or perhaps walking on their lawn should be criminalized too?

Yes, we pay for the internet, but if you don't secure your network, and the pedestrian use doesn't impair your surfing experience... no harm, no foul. At least, thats what I think - but I'm still not running the world *sigh*

Stupid rednecks!

It's funny, because, the most pre-eminent security guy in the USA, Bruce Schneir, who wrote THE book on cryptography, actually leaves his home WAP open so that people can squat on it. He thinks that if we all had our own open WAPS, we could all sorta squat on each other's wans, be much more effective as a society overall. Really, what this law is is an attempt to criminalize a culture of sharing.

Re:Stupid rednecks!

>> Yeah, its a big conspiracy d00d!

Are you sure that it isn't? Ask yourself, why did the Maryland government feel a need to address this issue at all? Because they had been flooded by emails from constituents who were furious over their stolen bandwidth? Or because telcos/cablecos/ISPs realized how easy wireless makes it to share a connection with your neighbor? I can't say for sure either way, but I know which of the two groups has more pull with most politicians.

Yeesh

Given how silently Windows is able to connect to a wireless network, I don't see how this law would last. Computer novices with brand new laptops will just turn them on and start surfing the net without having a clue about what an ISP is, how the internet work, or even how they are connecting to the internet. They know there is this thing called the "internet" and that when they click on the big blue "e", they are accessing the internet. Where do you draw the line between the innocent bystander and the criminal?

i agree with the public defender

The public defender is absolutely right. If you don't want other people surfing on your connection, it takes seriously five seconds to click a checkbox and enter a password on your router. If you leave your router open to all connections, that should legally mean that you desire to share your connection with others, since that is what will inevitably occur with such a setup. Leaving your router open like this is akin to bringing a box of donuts to work and leaving it open on the lunchroom tables.

Sounds reasonable

While they're at it, they should criminalize unauthorized looking at hotties, although accidental looking is fine. It is an important issue, because if too many people crowd around to look at the hottie it will not be able to move.

Proportional punishment to the crime

Stealing someone's internet bandwidth (their porn came down slower than usual!) is now worth up to three years in the slammer? I always thought wardriving was a silly little crime like jaywalking, not something on the order of grand theft auto. Why is the punishment so steep in that bill?

what about my network?

My SSID is broadcasted as "FreeInternet" It is firewalled from my real network and unless it gets in the way of my gaming, I have no problem with whoever using my broadband. I have a "click here" to accept that you are not going to do anything illegal (via DNS intercept), mac addresses are logged, and most known methods of p2p are blocked... but if you need to check your google groups and you are near my house, why the heck would I care if you do so? It took like 2 hours to set that up. So would it still be illegal to knowingly use my "FreeInternet" network?

Re:what about my network?

So what your saying is if the child molester outside looks at the kiddie porn in his car and he gets traced. Your fucked. All you have is a mac address, all the District attorney will say is you threw the computer out. There are things worse then p2p.

Re:what about my network?

Why does stuff like this get modded up? If someone downloads illegal material over your link, so what? The parent has already said that they block most p2p programs so the chance of this happening is pretty low. Besides, unless I'm wrong (IANAL) posession of said material is what is against the law. Does AT&T get charged with a crime when someone downloads illegal material over their network?

This Is Rapidly Becoming Less And Less Of An Issue

Here in Toronto, Bell is already sending out wireless dsl routers with 128 bit WPA-PSK pre-configured, and the key printed on the base of the router. Hopefully, that'll soon be the norm everywhere.

Once everyone is using WPA, this is a non-issue. Even if an exploit is discovered that makes cracking WPA trivial, breaking encryption on someone else's network is clearly illegal, and it will be safe to assume that any unencrypted network is intended for public access.

I, for one, will not mourn the passing of a thousand light/water/keyhole/car-left-with-keys-in-ignition/radio/tv-through-window analogies.

I'm glad someone gets it

At least the public defender's office mentioned understands something of the nature of the thing. Unsecured WiFI APs are the "VCR flashing 12:00" for the 21st century, and the other half of the equation is how any WiFi interface will by default connect to the first AP it can do so with regardless of who ows it. Also how are they planning on differentiating between businesses and individuals that purposefully leave their APs open for customers or neighbors to use at will, are they planning to make them criminals as well? Stupid.

The Locked Door Test

We need an equivalent of the locked door test for this. IIRC, criminal responsibility for intrusion changes based on whether or not the door is closed, and whether or not it is locked.

In other words, if the door is open, it's reasonable to expect that perhaps the general public was invited in.
If the door is closed, but not locked, it's still possible that the general public is invited in, they're just trying to keep the heat in or the flies out.
If the door is closed and locked, clearly the general public is not invited in.

As for the "default router settings are open" argument, that's kind of like saying "newly installed doors are unlocked." As for the "flashing 12:00:00" argument, if you aren't competent to lock your front door, there's a problem. Manufacturers of wireless equipment need to do a better job of explaining this. They need a BIG RED PAGE when you open the box, explaining how to do the basic security, and how if you don't, you could have legal problems because you're responsible for ALL access through that wireless connection. As far as I can see, the directions are very little past, "insert the Windows driver disk."

By the way, so the instructions tell you as a minimum key to use your name, address, and phone number, and the street address for the SSID. Ain't much of a lock, is it? But it's is still most definitely a lock, and it takes deliberate action to open. No default-configured computer from anywhere will automatically crack even a trivial key and automatically make a connection.

Everyone with an iPhone would be a criminal

iPhones automagically associate with open wifi access points. This would make everyone with an iPhone a criminal. How do you know which access points are intended for open use and which are not? Around here, many restaurants specifically offer free wifi to attract customers!

Re:Unsecured networks get connected to by default

You mean like DHCP?

Look, it's really simple. If you don't want other people using your wireless network, don't disable the encryption. Notice I said "don't disable". Most access points these days are shipping with encryption on by default, so the trend is moving towards the point where we'll be able to automatically assume that every unencrypted point was intentionally set that way. In ten years, the proposed law will be completely unnecessary and will just be a broken relic of days gone by.

Laws like this annoy the heck out of me, as they are caused by technological neanderthals trying to come up with ways to appear that they are doing something useful, all while creating a body of unnecessary laws that bog down the legal system. In any case, I can say right now that I won't be traveling to Maryland if this happens. Life's too short to put up with getting arrested for sitting in your car outside a hotel checking your email for a couple of minutes. The law is a blatant abuse of power, and ultimately, the FCC needs to put a stop to this by creating policy that trumps it. Unencrypted Wi-Fi should be considered free for public use, period, at least until the owner explicitly asks you to stop.