Man Arrested for Using Open Wireless Network

DaCool42 writes "In Tampa Bay, a man has been arrested for using a wide open WiFi AP. The St. Petersburg Times has the full story. 'It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft,' said Kena Lewis, spokeswoman for Bright House Networks in Orlando."

A poor analogy

[Jhon]

I dunno... I think a more appropriate analogy would be if one installed a huge arse window in the front of your house, then stuck a giant plasma TV in it and getting annoyed and frustrated when people stopped by and watched TV through you window.

It's not a perfect analogy, but it's much better than the 'It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft' argument.

I dont want to bang on the "the guy had it coming" drum, but Dinon admitted he KNEW how to secure his wifi but declined because most of the people in his neighborhood are "older". That suggests to me, at least on this topic, that he wasn't acting like the sharpest knife in the drawer. But still, it's more than a little unsettling to have some 40-something guy sitting outside your house using your resources. While the article doesn't say he was a perv, I wouldn't be a bit surprised if he was -- and pulling kiddie porn or somesuch.

Should charge the idiots who leave in unencrypted

[Anonymous Coward]

If microsoft left xp disks at street corners unattended complete with legal cororate serial numbers would they be surprised if people were using them? Same idiocy here. Leave a network open and someone's going to get in. If you're lucky it's just for free internet.

Well, the quote's naff...

[EvilMagnus]

...but the actual facts are more compelling. It seemas though the person using the unsecured wifi was engaged in less than legal activity. If the owner is lucky it was just spam - but it could well have been credit card fraud or even (gasp!) child porn.

The moral of this story? Don't switch wi-fi on unless you *really* know what you're doing.

WTF?

[LearnToSpell]

"It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft."

No it isn't. It's not even a copyright problem. What, now I need an extra license if somebody's visiting and they want to check their mail?

It remains unclear what Smith was using the Wi-Fi for, to surf, play online video games, send e-mail to his grandmother...

Don't let that stop you from closing out the article with wild speculation though.

"I'm mainly worried about what the guy may have uploaded or downloaded, like kiddie porn," Dinon said.

If I leave my back door open...

[EvilCabbage]

... I shouldn't expect to be robbed, or for someone to come in and watch my TV and drink my beer any time they like.
The cost of them watching my TV and drinking my beer might be minimal, but that's not the point. It's my TV and my beer.

This is the reason people lock their doors and close their windows. We shouldn't need to worry about people coming into our homes, but we do. These people need to learn to secure their wireless points.

I am in no way justifying what this guy did, but hopefully it will highlight something to Joe Average and get them to lock their AP's down tighter (or in most cases, lock them down at all).
On noting the open point, this guy should have at least tried to locate its owner and let them know about it, maybe even offer to help them fix the problem. Instead he took advantage for his own gain, just like any petty theft act really.

RTFA

[swtaarrs]

If you actually read the article you'll see that he was sitting outside someone's house in his SUV using his laptop. That is quite different from simply tacking onto your neighbor's network, he was outside the house sitting there for the sole purpose of leeching off his internet connection. While the Microsoft analogy is a bit stiff, at least read the article before you all go crazy.

Erm..

[mar1no]

I always thought stuff like this was a little weird.

It is like a radio station only allowing members to listen to their station, but broadcasting to everyone and saying if someone who isn't a member listens in, they are breaking the law. Either set up your shit so only authorized people can access it, or don't and not be permitted to have unauthorized people arrested for using it.

Re:A poor analogy

[ne0nex]

no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft'

or better yet, continuing to use her flawed analogy:

It's like buying a Microsoft program, and leaving the open box, with the jewel case and installation media on the sidewalk in front of your house then bitching when someone walks by and installs it.

Re:A poor analogy

[MightyMartian]

It's not brain surgery to secure a WiFi connection. If this guy intentionally transmitted and received radio packets, then perhaps he should be prosecuted by his ISP.

It is theft

[Freaky Spook]

Even though it was an unsecured network, he was still stealing network bandwidth & accessing something he shouldn't be, its fair that he was caught & should be punished for it.

Just because a user isn't smart enough to use an encryption doesn't mean its ok to rip them off & steal from them.

there is a huge problem with Security though, the WiFi routers work as soon as you plug them in and the documentation doesn't stress enough how important it is to secure your network, terms like WEP & WPA-PSK scare the user & confuse them. I think the router manufactuers or the salesmen need to make their customers more aware of securing their networks and show them how easy it is to do.

I wonder how long before we see a suit where a customer sues a manufacturer for not making security clear & easy enough to set up when they purchased & installed a router.

Not quite

[secondsun]

Ok, the headline should read "Man Arrested While Using Open Wireless Network." He was arrested because he had been sitting in front of a guys house all day in his suv on his computer. Whenever he was approached he would shut his notebook and look suspicious. After a few hours of the nonsense the police were called.

The rest of the article is standard "open wireless is for kiddie porn and a gateway to identity theft" FUD. Of course, most people just use it to download music for free, but the warnings of consequences for the owner of the network are legit. If your network is used in-appropriatly, you ARE responsible.

Turn on encryption, add a password, add mac based filtering, turn off dhcp and you are pretty much set.

hardware

[jazzman251]

why is this under hardware?, shouldnt it be under yro or something?

Re:question...

[mboverload]

That is completely flawed. This would be like someone drinking from the neighbors sprinklers shooting over the fence.

Re:WTF?

[st0rmshad0w]

Sure you are giving permission, if your network hands out an address to anyone who comes along you have basically given them permission to use it.

Look at it this way, if you leave your porch light on, is it illegal for someone to use it to read by if they are out on the public street?

Re:Open doors

[QuantumG]

Right now you're accessing network that you have no received permission to access. Guarenteed. How can I possibly know? Well heck, you're posting on Slashdot. The whole concept of the Internet is based around a default policy of openness. It is assumed that we have permission to access anything connected to the Internet and that assumption is only revoked by layering an authentication system on top. These people who buy a wireless router, connect it to their network, don't even bother to turn on the authentication system and expect it to be private are just pissing in the pool.

Entrapment

[Solder Fumes]

The homeowner KNOWINGLY left his router unsecured. Then he calls the cops on a guy who was using it. What kind of assclown takes that step first? Go to your fucking router admin page, switch to encrypted wireless, and watch the guy outside drive away.

Re:If I leave my back door open...

[Mr2001]

But if you leave your TV facing the front window, and you don't close the blinds, you shouldn't be surprised when people on the sidewalk look through your window and watch the TV you're paying for.

An open wireless network is hardly a "back door" - it advertises its existence to the world, and it blankets an entire area. Walking in through a back door means targeting a specific house and looking for a way in, but it may not even be possible for the average person to figure out which house is hosting a particular wireless network.

Re:Yeah...

[pmazer]

You could be arrested if your neighbor happens to also have a wireless network and your computer decides it likes that one better one day. That's egregious.

Re:A poor analogy

[teksno]

well i actually think a approtite analogy would be if i set up a web server for a page that only i wanted to view. say some pictures of your girlfriend naked...now unless i protect that site with some sort of authentication, whats to stop you from entering the url and seeing the pictures i took of your girlfriend...

nothing.

same sort of deal IMO...

or what if you play you stero so loud that you neighbors can hear... are you going to call the cops saying that your neighbors stole your sound waves by listening to the music you were playing at a db level loud engough to bring martins here and have them go war of the worlds on the earth... no...

Re:A poor analogy

[jamesh]

Or worse still, he could have been spamming!!!

The person being arrested should be the one with the open access point. The owner could be committing all sorts of illegal acts and can then claim 'But my access point is open. It could have been anyone. Prove it was me!'

How can he be arrested for using a resource which was advertised publically? The guy was broadcasting his ssid with no security on it, which sounds like an invitation to me

Just goes to show...

[serverroomguy]

wire is the future of networking. Wireless is just a fad.

Re:A poor analogy

[HardCase]

I think a more appropriate analogy...

How about not using any analogy at all - this isn't exactly rocket science. Don't screw it up by suggesting another bad analogy to explain a simple situation.

Let's look at some facts....

[ZosX]

You guys need to calm down a bit and get rid of the immediate kneejerk reactions, though I do admit that the summary is a bit misleading.

I agree that a felony is a bit stiff for such a victimless crime, but for what it is worth, this guy was asking to be arrested. He sat out in front of the house in his SUV for nearly a whole morning before the police were called. If you are going to use someone's wireless AP, at least be a bit more covert about it. There are so many unsecured APs out there that you could easily exploit and never really be noticed. Go downtown, go to a park with business nearby. Sit somewhere where nobody would think twice about your presence there. I'm sorry, but sitting in front of someone's house for 5 hours and then even more stupidly admitting what you were doing is just asking to be thrown in jail.

This guy deserves everything that he gets. This isn't just a case of someone sitting somewhere and flipping open their notebook and noticing a connection. I do not have wireless at my house for a lot of reasons (asides from the fact that wired ethernet is an awful lot faster), but when I am sitting on my porch, I do admit that I sometimes use the neighbors AP. For my lightweight web browsing, I don't really think that I am interfering with their network or in any way damaging their equipment, thus creating a totally victimless crime. I never even bothered to look to see if they have open shares, but I digress. Also, unless you specifically know of a public access point any network you connect to is technically illegal trespass.

What I find amusing is that I can trespass on someone's property and I get a misdemeanor and when I do the same thing virtually, I'm looking at years in pound-me-in-the-ass federal buttlovin prison. I'm a good looking, somewhat effeminate male as well, so I doubt I would do very well with my future cellmate Bubba. The laws definately need to be rewritten quite a bit, and unfortunately with all the identity and data theft these days, I just see them potentially becoming worse and more draconian.

I will say that this guy is a total douche bag. Anyone that thinks it is ok to just sit in front of someone's house for hours without having a specific purpose is just asking to be stopped and harassed by the cops. If someone sat in front of my house for more than an hour, I'd be calling the cops too, regardless of why they were there. I don't agree with the statements that people have made that wireless access points should be required by law to be secure. Do we really need to waste tax payer money on attempting to enforce more unenforceable laws?

If anyone should get upset, it should be the broadband provider, but I honestly don't think that even they could consider putting forth theft of service charges against people who run these networks, good samaritan or stupid joe blow. Maybe when cable services start becoming wireless or more broadband oriented, but that is a whole different story and a wholly different topic for right now.

Moral of the story is this: It is not against the law until you get caught and when you do, don't openly admit that you broke the law and get yourself a decent lawyer when the felonies start to roll over your head.

I hope they just give this guy community service or something, but that is me.

Common Law Says Otherwise

[MSTCrow5429]

If someone has a wide open WiFi network, how is one supposed to know it's not being kept open as a private public service? If you leave a desirable good out in the open, with no signs of ownership or desire to be kept private, I don't see a problem. If you want to keep your WiFi network private, encrypt it and turn off broadcasting. This is like a radio station or the police arresting you for receiving a clear over the air signal.

Re:Yeah...

[Professional Slacker]

Possibly becuase they left the cookie jar sitting in the middle of a public street?

Re:It is theft

[MonkeyBoy]

I think the most telling part of the article was the following line:

Dinon knew what to do. "But I never did it because my neighbors are older."

So this guy buys an access point, knows how to enable security, but doesn't because he thinks his neighbors don't know what they're doing.

That's a valid excuse? What happens if someone younger moves into the neighborhood? Do you enable encryption then? What if their grandchildren come for a visit and put your system into scriptkiddy hell? Do you enable it then?

At what point does common sense outweigh laziness for this jackass?

Bigger issue - people are cowards

[st0rmshad0w]

Why didn't this guy really confront the dude in the SUV?

First time be friendly and helpful. Hey how are you doing? do you need some help I noticed you've been out here a bit. No decent explaination, next time tell them to clear off, or you'll let the police know what his plates and description are and that he's been casing houses.

Everyday people never seem to take the initiative.

doing strong wireless encryption AIN'T that easy

[iritant]

The reporter in the article seems to think that people can easily protect themselves on wireless networks, and we all know that just isn't true for several reasons:

- Depending on the card you buy PCs sometimes have trouble converting ASCII to bits in the same way. I have this problem with, say my NETGEAR and my Mac.

- WEP sucks and we all know it, so 15 minutes of a determined script kiddie's time and that's the ball game.

- WPA isn't yet available everywhere, and even it is supposed to be an interim standard to 802.11i.

In short, you can only avoid nuisance freeloading with WEP and it's a pain to use if you have multiple PCs. Especially if you're not the sort that reads /..

Re:Open doors

[Sancho]

Only partially.

You have an agreement with your ISP that allows you to access their network. They, in turn, have agreements with their upstream providers to allow their customers access, and so forth. You only start getting into "non-authorized" access when you start talking about the end-points. But the traffic-passing request itself seems to be fairly locked down and, in general, considered NOT to be "open".

If you want to test this, tap into your ISP's line and start browsing from it. See how long before they notice you and send in the police. Why should wireless be any different just because you don't have to physically gain access to the line?

On the other hand, there's a concept of broadcasting--namely that anything you can receive from a broadcast is fair game for you to listen to. Does the same apply to sending? Who knows. It all remains to be tested.

Hold your outrage - another analogy

[Skippy_kangaroo]

Given all the bad analogies floating around on this thread (the Microsoft one in the article has to take the cake though) I thought I'd add my own.

What this guy did was like walking into your house when you leave the door unlocked and drinking the milk in your fridge. That is both illegal and creepy.

We do not yet live in a society where failure to lock your doors is the same as an invitation for everyone to come in and do whatever they will. The attitude that just because someone doesn't secure their Wi-Fi network it is an open invitation to wardrivers to use your network is fundamentally mixed up.

Re:Open doors

[boisepunk]

um... you might want to read this:

http://www.washingtonwatchdog.org/documents/usc/tt l18/ptI/ch119/sec2511.html [washingtonwatchdog.org]

specifically the part about electronic communications "made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public"

Re:Bigger issue - people are cowards

[davmoo]

I have some mod points this week, and I was all set to mod a few comments in this thread. Then I saw this post, and decided I'd rather reply in the thread than mod.

The reason the guy didn't confront the other dude in the SUV is simple...people very often get shot/stabbed and killed for doing so. It happens on a regular basis in the US. There are a lot of mean and nasty motherfuckers roaming here.

I am not a small man. I'm 6 foot tall and weigh 300 pounds. But if I saw a guy I didn't know sitting in front of my house late at night doing something possibly naughty, my first instinct would also be to call The Law. The only way I would walk up to that vehicle myself would be with loaded shotgun in hand.

The man who called the law was not a coward. He was very very smart.

I would tend to agree.

[jd]

This is one of those cultural things, and Florida is a strange culture. :) Actually, I'm semi-serious here, as the UK doesn't recognize trespass in general - you have to demonstrate an intent to keep someone out, you can't just assume they should know as if by magic. (Unless it's Paul Daniels.)

So, if you've an open field with no fences, no signs, no barriers of any kind whatsoever and no indication that it is private property, then it is generally assumed to be reasonable if you take a shortcut over it, and too bad if you complain.

I would prefer it if things like wireless networks were treated in this regard, for the simple reason that any Joe Schmuck who wanted to abuse the situation could park an open wireless network right next to a genuinely public wifi point. Anyone too close to the dividing line would fall in the wrong network and be open to getting their asses sued to oblivion and back. It would be a simple enough way of Getting Rich Quick and - in some States - possibly even legal, for all that it is blatant entrapment.

In this specific case, it seems likely it was obvious enough that the WIFI point wasn't public, but even there, can you be 100% sure of that? What if there was a public WIFI point the next house along? Can these folk prove, conclusively, that there was an intent to steal? Probably not. Well, technically all they need to do is show beyond reasonable doubt, but it's not 100% certain they can even really do that.

Like I said, it would be good if the law cut to the chase and demanded actual proof that there was an effort to mark boundaries. In this case, a simple WAP password, a non-obvious ID and a no-broadcast setting would be ample. If there's no password, a "public" ID and a broadcast signal, then there may be a legit defence of entrapment, as there would be nothing to differentiate that from any cafe WIFI access point within range.

However, Florida (and most of the South - I know, I lived there for several years) is not necessarily going to go for a "common sense" answer. They are much more likely to rule for the home owner, even if the owner etched ruddy great warchalk markings all over the house.

I'm not even going to get into some of the "home invasion" laws, which this case may well qualify as, except to say that laptop owners in the South should stock up on bullet-proof armour for their cars.

If I leave my couch on the street...

[Shihar]

The analogy is a stupid one. I have a wireless laptop. When ever I turn it on, it automatically connects to the WiFi of the guy upstairs. In fact, I generally have four wide open connections blasting through my apartment at any one moment. In order for me to not connect to his connection, I need to go through and disconnect from his network each time I boot up. His connection is wide open. It would be one thing if I had to hack into his network and steal a password, but if you are blasting a signal without even the most basic of encryption, it is safe to assume that you don't care who uses it. Hell, it doesn't have to be some super secret Slashdot elite encryption. Putting even the most basic of passwords up would be more then enough to signal that you are not leaving the connection open for the use of others.

If the guy using the connection did something destructive with the connection, I could understand the fuss. If he was just browsing the web over a wide open connection, I fail to see the issue.

The much better analogy is if you had the ability to broadcast over a short distance with radio waves and the guy down stairs picked up your radio. Is he supposed to assume that the crap you are spewing into the spectrum is private? Keep your damn broadcasting in your own house or put the most basic encryption up. If you have a WiFi network, signal your intentions or don't be surprised when people misunderstand them. If you can plug in your wireless router, you have more then enough technical expertise to figure out how to set up a password. In fact, most instruction manuals have you set up a password as part of the installation.

This is not a case of 'leaving the door open'. This is a case of blasting your WiFi network into public space without even the most basic attempts to defend it and having people pick it up. People won't come into your house to sit on your couch, but they might sit on your couch if you leave it outside on the sidewalk.

Re:I Had A Client Doing This

[Anonymous Coward]

How, exactly, is being on someone's LAN, behind a router with often less than five other PCs, less safe than, say, connecting to the internet?

I don't buy the "it's for your own good!" argument.

Re:A poor analogy

[QuantumG]

Dude, no-one makes logical arguments. It's the final recourse of the educated to baffle the ignorant masses. Of course, Slashdot is supposedly populated by nothing but educated people, so there's no excuse for us to act like the simpletons that make up the majority of society. You choose your axioms based on common ground between yourself and those you are trying to convince. Pretty much every division in politics boils down to disagreement in two axioms:

1. The good of the many outweighs the good of the few.
   
2. The ends justify the means.
   

As such there's always 4 camps. Those who accept both of these axioms, those who accept the first but not the second, those who accept the second but not the first and those that accept neither. People can be swayed to tolerate an axiom they don't accept but hardly ever do they change their acceptance of these axioms.

Open Lands

[blase]

Seems to me, instead of doors locked or unlocked, a better analogy might be whether open land is fenced/posted or not.

Re:Open doors

[earthbound kid]

It's like this: even if you don't lock your door, you still have a right to be mad when you walk inside and find someone eating the cookies in your kitchen. On the other hand, if you don't build a fence, you can't get mad when the neighbor walks his dog and it pees on your grass.

It's the same thing with Wifi: you have every right to be pissed off if someone tries to get stuff off of your computer, even if you're dumbass fault that they were able to. On the other hand, if someone is using your bandwidth, it might be sort of annoying to you, but unless you take steps to put a stop to it, it's your fault they're doing it.

The fact is, for most broadband connections, unless the person is file sharing or using VOIP, it's no skin off your nose that they're doing it. If for some reason, it bothers you to be neighborly, the onus is on you to secure your stuff.

Re:Entrapment

[gdulli]

Do you know what "entrapment" means? No, you don't.

Re:Water, water everywhere but not a drop to drink

[Alsee]

Read The Fine Article, the owner of the wifi did in fact deliberately leave the point open. If you come across unrestricted wireless access the basic assumption is - or should be - that it is exactly what it was intended to be. That there is absolutely nothing wrong in using it.

If you don't want to offer open access, fine, don't. But if I *do* want to offer an open access point then there is no reason people should be in fear of going to prison when my access point reaches out and greets their notebook.

-

Re:I Had A Client Doing This

[Stalyn]

Then just knock on the door (if you're the building manager) and demand to see the computer - if the MAC matches, it's over.

I'm sorry but a personal computer is personal property and unless you have a warrant you have no right to look at someone's computer or even demand such a thing. Also a person would be in the right if they replied to such a request with a "Go Fuck Yourself". If you are so worried about people leeching off your WiFi just turn on the encryption. It's a lot easier then busting down doors and acting like a jerk.

Re:Open doors

[TheoMurpse]

The difference between WiFi and the car/house analogy is that a WiFi hotspot broadcasts its information, inviting connections. There is no "breaking in" involved. If there was a house that had a sign in front saying "Open House Today" with the door open, you are welcome to enter legally, as it's an open house. Haven't people ever been to these in neighborhoods before? This is equivalent to an open WiFi access point.

Re:A poor analogy

[TheoMurpse]

emotional bullshit argument favoured by mothers and republicans of all eras

I don't think it's only Republicans making the "think of the children" arguments.

This Story Isn't About WiFi...

[aluminumcube]

It is about the fact that the guy was a fucking creep.

Seriously- if he REALLY thought what he was doing was OK, why did he act all cagy and close the laptop/drive away every time the homeowner saw him?

WiFi or not, this guy was acting strange in front of someone's home in such a way that I think it would probably freak most people out. The cops used the WiFi excuse just to bust the guy and I say jolly good show on them. I would feel very diferently if the guy simply said to the homeowner who he was and the fact that he was surfing on his net connection, but he didn't.

Re:A poor analogy

[fingerfucker]

Anyone hanging around my place ould be confronted within 20 minute. I'll offer help if they need it but I'll darn sure they know that someone has seen them and made a note of their presence. They stay there longer than what seems appropriate without a good reason, they can explaing themselves to the local constabulary.

It is none of your fucking business to decide how long is "appropriate" and what a "good reason" is for a person standing in a public place to be there.

If you believe a crime is being committed, feel free to notify an officer of the law and step back.

Unless you can cite specific criminal laws that would exist in your area that prohibit movement of persons in public areas, kindly please shut the fuck up.

Re:Open doors

[mnbjhguyt]

I don't think the open doors analogy is fit.
What you are getting is not a property, is a service.

When using network sockets, there are well documented protocols being used.

So the client computer is basically saying to the server, or wireless router: can I connect?
and the server replies: sure, go ahead

It would be the same thing if a bartender gave drinks for free because he wasn't trained in asking for money in exchange.
Would the customers be liable of theft if they took advantage of this?

Re:But really.....

[Anonymous Coward]

I'd call the cops too if someone were in front of my house on a laptop all damn day.

Call all you want, but he was on public property and was not breaking the law by being there.

Hell, a good lawyer could win this no sweat. Open AP, public property, no crime.

Re:Open doors

[TWX]

"...It is your private property and you never expect anyone who wasn't welcome to break those boundries, but we have welcomed the Internet with it's complete opposite point of view..."

"The difference here is it's wireless. It uses *PUBLIC* airspace/radio frequencies. That's the same line of reasoning the Supreme Court used with regards to the creation of the FCC."

It's even more than that. The wireless router received a standard, "can I have legitimate credentials on this network?" request in the form of a DHCP lease request. The wireless router replied with valid credentials for that network. The user did not make any malformed requests, did not use any information that he should not have rightfully posessed, and in no way forced his way into the network.

He also properly followed FCC rules regarding the use of wireless equipment.

If the owner of a wireless transceiver, a radio if you will, doesn't want to let that device communicate then they bear the burden of making it not communicate. If they leave it in a mode that allows any public access over frequencies that belong to the public-at-large then they bear the responsibility.

I'd like to see the ARRL and the FCC get involved in this, even though the odds are against this guy having any official licensing from the FCC.

Serious moron alert.

[stuartkahler]

Say I leave my sprinkler turned on to water the area around the city sidewalk in front of my house. Some neighborhood kids start playing on the sidewalk, in the water. I move the sprinkler to another section covering the sidewalk and the kids follow. Is it something they should be punished for, or should I move the sprinkler off the sidewalk, or just shut up and get on with my life?

I'll buy loitering, no problem. Felony computer network trespassing? No way. If the guy had issues with someone using his AP, he should have turned it off. Or simply told the persont o quit leeching his broadband. Either way, I bet the offending guy would have driven off right away.

Re:Entrapment

[Alsee]

The owner of this access point DELIBERATELY left it open for other people to be able to use it. An access point that reached out, broadcasting a CONNECTION INVITATION to every computer that came within range.

It takes someone with a Very Special mind to see how that is obviously identical to breaking into someone's home when the power goes out.

-

Exactly

[Moraelin]

My take is that it _is_ why "normal" people don't have the same attitude to security (whether it's wireless routers or windows bugs) as nerds have. Real World has worked on completely different principles so far.

The fact is, even if you locked your door or built a chainlink fence, they're just marking a boundary, not being an unbreakable barrier. Whether you lock it or not, your real defense isn't the door, it's the law. The door is really just a marker that says "my property starts here, if you're caught here, we'll throw your sorry ass in jail." No more.

"I can do it" _never_ equalled "then I'm allowed to do it" in the real world. Anyone can buy/make a lockpick for a lot less money than it takes to buy a laptop and a wireless LAN card, and wiggle your lock open in less time than it takes to war-drive around the neighbourhood and configure your networking to use the neighbour's router. But that was never construed as "then it's your fault for not having an unbreakable lock, and the thief is perfectly within his rights to be on your property and walking away with your TV" in the real world.

And, frankly, I see no reason why we shouldn't apply that RL model to computers. My property starts here, I don't give a damn about how l33t some kid thinks he is, they're just not supposed to be on it. Period.

Placing the onus of securing their property on the victims, and the even more idiotic assumption that if it wasn't 100% physically impossible to get on it, then everyone's _invited_ in, is not how the real world ever worked.

Re:Open doors

[kwerle]

But when the apple tree hangs over your yard, nobody would sue you for making apple pie from the apples above your yard.

Well, nobody reasonable.

If the WiFi is broadcasting into my home, you'd better believe I'm gonna use it.

But if the apple tree is netted, or the neighbor comes over and says "hey, those apples are mine - please let me come over and gather them up", we're talking about something altogether different.

Likewise if the WiFi is secured.

I.e., theft

[Moraelin]

So this guy in your story basically goes through the first door that happens to be open. It doesn't look like a shop, it doesn't have a price list, it doesn't have a shopkeeper, and generally there's _nothing_ whatsoever that would imply that it's a shop. Could just be someone's home, or it could be that some people were having a party there later and had brought the food in advance. Yet he just assumes that he's allowed to help himself to whatever is there.

Seems to me like a very clear-cut case of theft, by real life standards.

Now let's bring it a little closer to the war-driving example. Let's say your guy _knew_ it wasn't a shop, and had _no_ plans whatsoever to pay for that sandwich. In fact the only reason he was there in the first place, instead of at the real sandwich shop next door, is that he actually _planned_ to get a meal without paying. The mentality all along was "hey, cool, I know this house next door is unlocked, so I'll just go make myself a free sandwich there. It would be stupid of me to pay for something when I can 'share' someone else's food for free instead."

I think by RL standards you have a _very_ clear-cut case of pre-meditated theft.

Re:Open doors

[noidentity]

It is completely opposite way of thought than how American's have previously thought about property. For example how many of you grew up and left doors unlocked to your house or car all the time. I for one never locked my car doors at home nor the front door to my house. It is your private property and you never expect anyone who wasn't welcome to break those boundries, but we have welcomed the Internet with it's complete opposite point of view.

Internet protocols are made to allow software to automatically get resources it needs. Right now if my machine can access countless resources without any sort of authorization. WiFi is made in the same way, where the OS can automatically use the best WiFi signal available at any given moment without the user having to baby-sit it.

Access to internet resources is very different from physical property where every act is intentional, thus trespass can't be done unintentionally (well, except maybe berserk Segways and robot-driven vehicles). What you seem to be proposing is a permission-based Internet, where even a website visit requires contacting the author first to get permission.

Re:Open doors

[hazem]

It's more like sitting on the sidewalk outside someone's house at night. Their porch light is on and you're reading a book by that light.

One could say you're using the light they paid for without their permission. On the other hand, they're letting the light spill out into public land.

Re:Open doors

[Romancer]

My point was actually to bring attention to the software and hardware venders that make the actual network devices by default, wide open, and in the case of wifi sometimes, automatically set to break the law.

If stores sold guns that shot at people automatically out of the box people would blame the gun makers. But if Wifi equipment automatically connects to open networks people blame the owner.

Re:A poor analogy

[IgnoramusMaximus]

It is none of YOUR fucking business to be hanging out in front of my house late at night for no good reason.

Depending on the area you live in, there could be a very large number of perfectly good reasons to do so. In many urban areas, on a street with 4 story condos back to back, you can't even tell whose house the person is standing near to. Yours? The dude's upstairs? Across the street? One window over? Etc.

Even in a sparsely populated (i.e. USA style urban sprawl) area there could be many legitimate reasons, such as your house having characteristics of a local landmark (or being near covenient cross-roads), which people use to meet each other by when without a vehicle. Which could easily result in someone standing there for 30 minutes at 6am, waiting for his idiot carpool buddy who overslept. And so on.

Your attitude is typical though of many people who are violently and pathologically territorial and consider not only their house, the lawn in front of it but 200 meters of public road in any direction "their Gawd given property, dammit!". You know, the kind who has a semi-automatic rifle collection, 360 degree security cameras on the roof, barbed wire fence and four pit-bulls with spiked collars for pets (and more often then not a meth lab in the basement).

Re:Yeah...

[Alsee]

However this is Case 4: You have a cookie jar on the sidewalk in front of your house, and every time someone comes within range it is programmed to automatically reach out, tap them on the shoulder, and offer them a cookie.

Are they guilty of theft? Here's an excellent legal review. [imakenews.com] According to federal law the answer appears to be a constistant NO, and according to my state's laws the answer is explicitly NO. If this guy was actually arrested on an "access" basis, and if that arrest is actually held up in court on an "access" basis, then there is something very very wrong with Florida state law.

-

Please repeat after me

[gotr00t]

ifconfig eth1 hw ether (whatever you want your MAC address to be)

MAC addresses are not foolproof, as they can be changed with a single command. Besides the fact that the building manager has no right to barge into your private residence and check your computer for a mere suspicion of using someone else's unsecured network, the whole thing with the MAC address just falls apart.

There is no practical way to figure out who is using an unsecured network. It is the responsibilty of the AP's owner to secure their router, and if they fail to do so, it's their own damn fault if other people mooch off their bandwidth.

Re:Open doors

[Seumas]

But you're comparing the physical with the "etherial" (for lack of a better word) here.

If you're broadcasting wifi access onto my property, why shouldn't I be free to use it? Especially if you haven't bothered to protect it in any way?

I've done nothing wrong if you're blasting your radio and I can listen to it from my front yard or if I can overhear a loud conversation you're having. You can't force me to "give you your water back" if your water sprinkler throws over into my yard all day long.

Re:Open doors

[Velox_SwiftFox]

If the WiFi is broadcasting into my home, it is reducing my ability to use the bandwidth myself, secured or not.

And if the neighbor says "hey, those apples are mine - please let me come over and gather them up", my response would be "Okay. Don't forget to rake up the leaves that fall on my side this autumn too then".

Re:Exactly

[cp.tar]

But I would like to think that if I buy a wireless router, I can take it out of the box, plug it in, and not do anything else and it will work. If it broadcasts to the world, that is something the manufacturer did wrong, setting it as default that way. The other end of the spectrum is the people who will get a router with restricted access, and not be able to configure it to work with their computers. What do you do? Does owning a wireless router require someone to read a 100 page manual. How many people read the manual that comes with their car, that tells them what grade of oil to use? Most people say fuck it, and just have the oil change place put in the 10w40, regardless of what is best for their car.

Well, there you have it.

The manual is there for you so that you can read it; the fact most people do not is no excuse. Ignorantia manualis neminem excusat ;)

Fact is, if you leave your network wide open, as some do for the sake of their customers (at least mostly), you have nothing to sue anyone over.
As in an unmarked property, you might ask the offender to get lost, he can then say 'sorry, I haven't seen any signs or boundaries' and that can only be it.

Wide open network is exactly that - wide open. To the public. Which is something some companies want.
Others may want a more secure network, which is also fine.
Neither can be assumed to be 'wrong' in any way; both uses are legitimate and common.
If you, however, do not use the device properly, you and you alone are responsible for any damages resulting in it. Check the warranty; each and every one says that. I know, I've translated quite a few.

Besides, a company can be assumed to have a systems administrator; it can then also be assumed that if their network is wide open, it is intentionally so.

I wonder whether this guy's lawyer will think of entrapment:
1. Open your network wide.
2. Wait for people to start logging in on your wide open network.
3. Catch them.
4. Sue them.
5. ???
6. Profit!

Sounds like entrapment to me, although not only AINAL, but am also not inside any Anglo-American legal system.

The article implies: suspicious behaviour

[Jerry Smith]

"ST. PETERSBURG - Richard Dinon saw the laptop's muted glow through the rear window of the SUV parked outside his home. He walked closer and noticed a man inside. Then the man noticed Dinon and snapped his computer shut. Maybe it's census work, the 28-year-old veterinarian told his girlfriend. An hour later, Dinon left to drive her home. The Chevy Blazer was still there, the man furtively hunched over his computer. Dinon returned at 11 p.m. and the men repeated their strange dance." IMO the laptopper DID know he was doing something wrong. It's not that the laptopper had a machine at home, which he used for a wireless stroll around: he was in his car and remained there for HOURS. I'm interested in the follow-up.

It might be theft but...

[X-Phile]

what irritates the crap out of me is that this is like someone leaving their bike at the end of their driveway on a busy suburban street over night. It's going to get stolen. Not due to someone wanting to steal it, but because of the owners negligence and complete lack of common sense.

My $0.02 CDN

Re:Exactly

[Anonymous Coward]

I just thought this would be the perfect time to point out that the quickstart guide that comes with Linksys WRT series wireless routers has pictures and clear simple instructions. It is pamphlet size, and only 2 pages, and includes instructions on changing the SSID, turning off broadcast, and enabling WEP.

As far as I am concerned, there is nothing wrong with using someone elses network as a gateway to the Internet as long as they leave their stuff open.

To put it simply, if you enable WEP, even though it can easily be broken, you are saying "I don't want you here." If you don't, and you leave all default settings (including admin login/pass), you are saying "I don't give a shit about security, I won't notice you as long as you are polite, please come in and share my bandwidth." Anything else is just silly.

The reason this is so different is that, unlike every analogy used here, WiFi isn't restricted by property lines or any sorts of boundaries other than the range it can transmit through objects at whatever power level it has been set at. This means it throws itself at public and private property that are not under the control of the person who owns the access point.

Put simply, finding access points is like using a scanner. Connecting to them is like picking up the radio and talking to the trucker you just heard on the scanner (remember, public airwaves).

Re:A poor analogy

[RobinH]

I am not sure about calling the police but if some random person was hanging out in front of my house for hours for no apparent reason, I'd be a bit peeved and freaked out.

And if I knew he was leeching off my wireless internet and wanted him to go away, I might use WEP and MAC filtering to lock the wireless AP, or just deny his MAC access to the AP. If he continued to use it after I do a little to lock it down, then he's stepping over the line and breaking the law. That's my opinion.

If he had an AP setup that was open to public access, it's like putting a sign up at the end of your driveway that says "free parking", then calling the police when someone parks there and having them charged with trespassing.

The AP automatically accepts incoming requests and gives out network access. That IS the same as a sign saying, "use me".

Re:A poor analogy

[fiddlesticks]

That, my friend, is because you don't live in a city

If I got peeved or called the cops when 'some random person was hanging out in front of my house for hours for no apparent reason' I'd go nuts, and the cops would think I was nuts

Bullshit

[Moraelin]

"The fact is, for most broadband connections, unless the person is file sharing or using VOIP, it's no skin off your nose that they're doing it."

Bullshit. By that reasoning, you shouldn't mind it if I:

- come over and dump my garbage into your bin (hey, you probably didn't use all that space in it anyway), or

- build a billboard on your front lawn (why do you care about a few dollars less property value if you aren't selling it right now?), or

- bring a cow to graze on your front lawn (you didn't really need that grass, right?), or

- come into your house and use your fridge to cool down a can of Pepsi (you weren't using all the space in it anyway) and/or

- use your computer to check my email (you weren't using it at the time anyway, so wtf should you care about it?), and for that matter

- hop into your car at night and drive to a movie, because I'm too cheap to use a taxi (I'll put it back in the garage in the morning, so why would you have a problem with that?)

The fact is, that's not how private property works. What's mine is mine, what's yours is yours. Unless you have an explicit permission to use someone else's property, stay the f-word off it.

"If for some reason, it bothers you to be neighborly"

So if I don't let you trespass and use my property, I'm somehow not neighbourly. Funny how "neighbourly" and "sharing" get to be used to defend theft. (Well, at least we seem to be over the brainfucked "potlatch" and "culture of sharing" euphemisms for stealing. Now those were getting annoying a few years back.)

Get this, "neighbour":

- "sharing" refers to sharing what's _yours_. You can give away, or grant use of, things _you_ own. There is no such thing as neighbourly sharing someone _else's_ property or resources without their consent.

- "neighbourly" or "community" are two-way streets, give-and-take affairs, not an excuse to be a freeloading leech. It's "neighbourly" or "community" if we _both_ do something for each other, or at least theoretically acknowledging that possibility. Unilateral relationships in which you get all the benefits, and I only get to pay the ISP bill for your downloads, isn't neighbourly, it's just me supporting a freeloading parasite. You'll excuse me if I'm less than thrilled by that kind of "neighbourly" relationship.

- And again, it implies consentual stuff. Letting a neighbour use my lawnmower or my internet connection when they _asked_, is one thing. That's neighbourly. Seeing the neighbour just go into my garage and taking the lawnmower without asking, is a tad beyond the line of what "neighbourly" or "community" means. That's when it's time to get un-neighbourly and call the cops.

(Doubly so if it's not even a neighbour, but some unknown bum who thought he's oh-so-smart by coming over to "share" someone else's property.)

Re:Open doors

[Questy]

I know in my last apartment that from my sofa I could see three separate unprotected networks *AND* my protected one.

Oftentimes (the way the nic drivers for my card worked) would cause my system to prefer the stronger signal, so I would waft onto one of the other networks. I was only free from the other nets when I logged into each one as admin (they were broadcasting the name "linksys" and had left the original admin accounts untouched) and add my MAC address to the deny list.

So, the question then becomes, when I was using their networks, was it because I was intruding onto their network, or because their network was intruding into my home?

I mean, at what point (other than logging into their WAP as "admin" :) ) does using these networks constitute a crime? Isn't it incumbent upon the owner of said network to secure it? If I leave a set of tools on my front step and it disappears, then I see my neighbor with it, just how mad can I be for having left it out for anyone to walk off with?

Comment removed

[account_deleted]

Comment removed based on user account deletion

ch1ld pr0n

[St. Arbirix]

Don't people ever reach other conclusions first? They *always* throw that in there when someone gets in trouble and the internet is involved. All this coverage makes child porn sound like the greatest vice since prostitution.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Open doors

[Opie812]

If I leave a set of tools on my front step and it disappears, then I see my neighbor with it, just how mad can I be for having left it out for anyone to walk off with?

Not an entirely accurate analogy. How about, if you take your tools and put them in your neighbours house just how made can you be for him using them.

My Wi-Fi Connection is Open - I hope it is used

[Anonymous Coward]

I have broadband and Wi-Fi, I have no WEP or WPA and I expect it to be used - I hope it is used - I hope others will do the same.
I hope to be running a meshing Wi-Fi node soon but I think that the assumption that people don't want you using their connection is wrong. MANY people believe in having open Wi-Fi.
Now to get access someone has to ask for it using DHCP and I have to respond GIVING them an IP address.
Now if someone IP spoofs, or cracks WEP or try to hack my LAN then they are breaching my privacy.
This judgement is clearly wrong from a technical point of view as there was a request for access(DHCP) and IP address response.
There should be no assumption that a Wi-Fi node is not for public use as there is are lots of people who offer this service to be good citizens.

http://www.locustworld.com/ [locustworld.com] Link to Citywide Wifi Meshing Project Hub

A friend of mine was called to his neighbours to fix his Broadband, when he arrived he found it was not wired to the guys laptop, nor did the MODEM have Wi-Fi, but it use to work set up just this way, the neighbour protested. Turns out he was unwittingly using his neighbours broadband.

Seriously though this sort of misguided ruling could cause real problems for those who advocate a free Wireless Infrastructure, of overlapping nodes, essentially an Internet - not controlled by Teleco's but by individuals

Of course that may be exactly why this sort of ruling is made, to keep packet flow under regulation.
Those in power feered FIDO-Net, Dialup was too mobile, Broadband is nicely locked down to a physical address.
Don't let freedom fall, American people.

My letter to the journalist

[Anonymous Coward]

Dear Mr. Leary,
as a software developer and computer enthusiast I found your article "Wi-Fi cloaks a new breed of intruder" of two days ago mildly disturbing.

Although I do not agree with the practice of 'Wardriving' in general, and the arrestee of the article in particular, I believe this is a rather more complex issue than presented.

WiFi is a computer network standard designed for a wide range of applications and uses, and as such requires some setting-up before a network administrator should turn on the WiFi. Many small businesses, such as cafés and the like offer free Internet access for their customers, and for them the standard allows one to run the access point without restrictions.

There is, if you will, a process whereby the computer that wishes to use the access point asks "is it ok for me to log on?", and the access point can accept or deny the connection.

The network owner that the article mentioned explicitly states he had left the access point wide open for anyone to use, citing a concern for his elderly neighbours. Unfortunately so, as the standard also accepts a simple way of specifying that only computers that have been invited should be allowed on. This process, in my own experience, typically takes one or two minutes at the access point, and the same amount of time on each computer to be connected. In fact, it can hardly even be called an inconvenience.

I know that when it comes to consumer electronics, abstract standards are hardly what anyone wishes to deal with. Yet if one does a single search on Google, one will find myriad simple guides on how to do exactly what one needs to secure the access point.

The reason why I bother to write all this, is that there is a larger, more elusive topic at stake here, which is somewhat hard to express. The following questions may clarify a bit:
1. Should I sympathize with someone who buys a piece of equipment that does exactly what it promises and consciously misconfigures it?
2. Should I blame someone who uses a piece of equipment that is designed to communicate and cooperate with other equipment if:
- that other equipment is misconfigured
- by their mutual standard promises more than the owner wanted
- the owner of the misconfigured equipment knows about the misconfiguration, but just cannot be bothered.
3. Finally, how will anyone dare using the wireless networks in parks and the like?

Having people hang out outside of your house using your wireless network can easily be avoided by ensuring one sets the equipment up to indicate which of the standard's behaviors one wants to use. Calling the man who used the network a 'hacker' is not just inaccurate - it is flat out wrong. By that standard, even my mother would qualify as a hacker when she uses the wifi network I've set up for my parents - she's just using it the way it was designed to be used.

The article doesn't mention what exactly the man was surfing for. Perhaps he was just a traveller (with bad judgment) in urgent need of an access point? Perhaps he was a bogeyman surfing for child pornography. If he were, that would be its own crime, but from the article I can't really tell that he's done anything outside of being creepy.

What I can tell, though, is that a man may become convicted of a third degree felony simply for using standardized equipment to interact with a network negligently set up for anyone to use. And for being creepy. Is that fair?

Re:Open doors

[stry_cat]

It's even more than that. The wireless router received a standard, "can I have legitimate credentials on this network?" request in the form of a DHCP lease request.

I hope this guy uses this argument and the jury/judge can understand it as this is the key. You can't access a network without being given permission and that permission is usually giving by some automated process.

Re:Open doors

[galego]

His shouts of "Helloooo, anyone here?" go unanswered. Finally, he peeks around the establishment looking for any sign of vendor life. None. His stomach of course couldn't care less of this odd situation, and continues to complain with increasing annoyance. ...

So ... you're suggesting that this fellow approached the people who had the wireless network (knocked on the door, sent them an email, ???) and requested the use of it, but got no response? Is that why he snapped the laptop shut when he was spotted sitting there using it?

Thirty minutes later, his appetite is well appeased, but still .. the "shop" remains without "keeper." Once more he searches for some sign of till or other monetary receptacle, finding absolutely nothing. Time pressing, he finally gives up and leaves; perhaps he'll come back tomorrow and discover the truth to the great Agatha Cristie Lunchtime Mystery Special.

In this case then ... if the person is so altruistic and concerned with not stealing the food ... they could not be faulted if they left a note expressing gratitude for the food and some sort of payment ... maybe even an iou. (I would suggest contact info., but the conspiracists would say that the contact info. would just be used to screw the hungry fellow by the 'authorities'... no?)

Also, the comparison of hunger vs. the 'need' for using the internet don't quite compare on a basic human needs level IMO. Granted, the 'net is a daily/regular part of my life, but food still outranks it in terms of 'needs'.

Re:Open doors

[BackInIraq]

I mean, at what point (other than logging into their WAP as "admin" :) ) does using these networks constitute a crime? Isn't it incumbent upon the owner of said network to secure it? If I leave a set of tools on my front step and it disappears, then I see my neighbor with it, just how mad can I be for having left it out for anyone to walk off with?

Oh, you're being a little conservative there. The signal from a wireless access point likely goes much farther than one's front porch. This would be more like you had left a set of tools out in the street and saw him using them. Or even better, since your bandwidth isn't so much "stolen" in that it is a totally renewable resource, it would be more like he borrowed them (from the street), used them, and put them back...you found out only later.

Seriously, you don't secure your WAP, people are going to use it. Unless they're using it as a way to anonymously send kiddie porn, it isn't hurting you. If you don't like it, secure your WAP.

Re:Open doors

[v1]

Following up on my own post...

I was just thinking - this could be viewed from another angle as well. Imagine the owner of a new drive-in theatre, but he sets up no privacy fence along the back of his lot, which is exposed to a little cafe with outside seating. Lots of people come to the cafe each evening, and watch the show from there.

The drive-in owner gets pissed because people are obtaining a free service (entertainment) from him without his permission. It's possible to assume a dim bulb might not realize this is going to be a problem. There are privacy measures he can take (set up a fence) and should reasonably assume are required to insure his privacy. (you don't change into your swimsuit while standing by your pool in your back yard unless you have a privacy fence) In this respect you can say that a person's privacy is their own responsibility, and if they take no actions to enforce their privacy and it is violated, that it is their own fault.

Based on this argument, if I were hauled into court over accessing an open access point, the most important piece of evidence I would present would be the WAP's owner's manual. I would highlight the places in the booklet that described the security and privacy features available to the consumer, and highlight the places where it stated what the default behavior of the unit was. I believe this would be an adequate defense. If the consumer chooses to be ignorant about his property that is capable of interacting with the public, then they accept this interaction. Otherwise if they've read the manual and not used these privacy features, they have knowingly accepted the risk of having their privacy violated.

Re:Open doors

[adjensen]

It is more like running a splitter and a cable and stealing your neighbors cable TV.

This is a close comparison, but ignores the fact that you need to physically trespass in order to accomplish it.

Or running an extension cord to a backyard outlet and stealing power.

Again, requires physical access, but also costs the neighbour money in a higher electrical bill, so it's not the same thing.

Or perhaps a cordless phone.

Even assuming that you don't use long distance, you're depriving the owner of the service, since he can't use the phone while you do.

Some other situations might be:

Running a movie or pay per view on your big screen tv which is visible from the street. Is someone walking by who happens to see the movie stealing from you? If you set up a viewing area in your front lawn and allow people to watch it from the street, are they guilty of CI, or are you?

If you play music in your house loud enough to be heard from the street, is someone who hears it doing anything wrong? What if, instead of casually hearing it, they sit on the curb in front of your house?

The critical fact here is that the wardriver is in a public area. By broadcasting your wi-fi signal into that public area, and not blocking public access (tacitly giving permission, thusly,) I think that it can be argued that you're providing a public service.

If a satellite company beams an unencrypted signal onto my property, I believe that I'm within my rights to watch it. If they encrypt said signal, on the other hand, I do not believe that I have the right to break it.

Same thing applies here, I think. If you take no measures to ensure the security of your network, once it leaves your property, it's fair game. Because the measures required are fairly insignificant, the burden should be on the wi-fi owner to lock things down, rather than on the wi-fi user to ensure that he's not impinging on someone's network.

Re:This Story Isn't About WiFi...

[aluminumcube]

The guy got arrested for being stupid.

The fact that he was creepy is precisely what brought him to the attention of local law enforcement. Rights, precedent and slippery slopes aside if you act like a creep while you are in clear violation of a law, you are gonna get hooked up with a set of handcuffs pretty rapidly. The local beat cop who arrested this guy probably doesn't know his WEP from his WAP, and he doesn't need to- that is exactly why we have courts and lawyers. The cop's job is to find, stop, detain and document what he reasonably assumes to be illegal activity and I think what he came across in this situation is pretty open and shut.

I say he was stupid because acting a bit more openly would have, I am 99% sure, prevented the whole thing from happening. He could have politely engaged the homeowner in conversation. He could have fessed up to using the homeowner's network. He could have simply driven away without ever returning. In the end, he decided to continue to act like a fucking stalker sicko and, need I remind you, a good portion of this country is in the midst of a manhunt for a little boy who's family was killed, who was kidnapped and raped along with his sister and who was probably executed himself all by a creepy, stalking sex offender. Yea, I want the local police to be a little bit jumpy about people stalking my home from the street- the constitution is not a suicide pact.

You've marked it as public

[cgenman]

The analogy is false, though, because you're broadcasting your property... All of your analogies imply clear boundary conditions, such as property edges, doors, using someone else's computer, etc. But if you put up an unsecured wireless network which you setup of sufficient strength to permeate your neighbor's property, the boundaries are very different.

If you have a wireless stereo system, which broadcasts to your speakers, and your neighbor picks it up, it's not "stealing" your music if they listen. If you want to share photos with your family and you put up an unsecured internet site, it's not stealing if non-family members visit and download your photos.

The fact of the matter is you've setup a broadcasting network through a section of your neighborhood. Congratulations, you're now a broadcaster. All operating systems will automatically connect with your network (...maybe not BSD). If you had a problem with this, you can very simply turn on WEP.

Which is how the internet works. Everything is assumed public until you put on the slightest bit of security. That's the convention. If you visit a website and they don't authenticate, it's assumed public. If someone sends you a link to a streaming movie and it doesn't ask for a password, it's assumed public. By practical definitions, it is public. We're not talking about bolting on an iron-clad Novell authentication system, we're talking about changing one preference in your network configuration settings.

You bought a piece of land next to a public field, and you didn't put up a fence or any demarkations. People will wander into and out of the field as if it were part of the commons. There is no practical way to ask whose field / network it is, nor any reason to see to ask. By not marking it as private, you have used the conventional method of marking it as public.

Would someone make their network public? Lots of people do it intentionally. In my apartment, I generally see no fewer than 10 or so wireless networks. Of those, half or so are unsecured. There's usually one or two that has the default router name (Linksys, etc). But most have changed their name to something else, which means that the people involved knew enough to go through the setup process and decided to leave their network open to everyone. Why? Mostly it's a desire to share and be neighborly. Oddly enough, the ISP up the street does the same thing. Lots of the businesses have open wireless access in an attempt to get people to come in with their laptops and drink coffee while doing work.

Of course, there are tradeoffs involved all around. Your wireless network is fucking up my other wireless equipment and using the available spectrum in my house. My wireless phones and other devices are using the same unlicensed spectrum, but are now competing with your bloody web surfing to be heard. I accept that you're going to have a wireless network, because those things are useful. And if you decide not to secure it and make it public, it's on me (and all of the other users) to be good citizens and not saturate your upstream by sharing on P2P apps all the time, or queueing up weeks worth of downloads. If you do decide to secure your network, it's neighborly of us to respect those boundaries and not packet hack it, despite WEP's inherent vulnerabilities. It's also neighborly to broadcast your SSID and channel, because in high density areas the difficulties involved in keeping people's networks from stepping on eachother is far greater than the minimal security provided by not broadcasting your SSID.

You marked your network as public, and now you're complaining that it's not private. Fine. Flip the fucking switch so that we know that it's private.

Re:Open doors

[dubiousx99]

You are a little mis informed. Police departments have set freqs and licenses granted by the FCC. Mall cleaning crews are likely to be using open airways as defined by the FCC. Open airways are free to transmit on (within certain guidelines, i.e. power level, bandwith) without a license. WIFI falls into this free airspace or the license is granted to the WIFI manufacturer not sure which, hence you don't need a license to check your email.

Re:Open doors

[Uncle Kadigan]

Let's look at another example, this time with a slightly more plentiful resource than the small space in my trash bin. How about water? I have a water hose on the outside of my property. If I caught someone using it, I could have them arrested, despite my lack of a fence, surveillance, or a posted sign that says that no one is allowed to use the water.

This is a flawed, or at least incomplete analogy. Let's further suppose that your water is used in a sprinkler which has a pattern that reaches a public sidewalk. If, on a hot summer day, I walk down the sidewalk and choose to stand within the coverage area, I am perfectly within my rights to do so.

The point is that if you want to secure your resources from being utilized when they impinge on public spaces, YOU are responsible for doing so. It is hardly the city's responsibility to move the public sidewalk whenever you water your lawn, or to mandate use of umbrellas when passing your house, or any other contrived solution.

An unsecured wireless network that intrudes on airspace beyond the owner's property is no less available to the public than is water from a sprinkler that wets public sidewalks. If you don't want others to use it, take steps to limit availability.

argue-by-insult or a boot to the head?

[MegaFur]

So what kind of argument does yours fall into? I mean your whole post, not your example. It seems to be something like: make the other person feel stupid. What is that, analogy? emotional appeal? It certainly doesn't seem like logic, or at least not plain, simple, dry Spock logic there's a lot of implied elitism in that message.

I tend to strongly prefer the logic-style of argument. However, in a debate, I'm likely to go with whatever approach (emotional appeal, analogy, etc) seems most likely to produce the desired result--that is so long as I don't have to twist the facts into a pretzle to get there. (I'm not meaning to imply that you did that--I'm just saying that lying or over-manipulation of the facts is something I try to avoid.)

As much as I love logical arguments ("love"? "logic"?), I think they have more than their fair of weaknesses. (And I'm only going to get around to listing one of them before I go horribly far off topic. ;-) ) In general, I'm awfully leary of supposedly purely logical arguments being used in defense of or to attack purely moral stances. I mean--logically, why are you even bothering to continue to exist in a chaotic, senseless, godless universe anyway? What purely *logical* reason is there for you to even exist? May as well just end it all now since, ultimately nothing you ever do will really matter one way or the other...

I state, without actual proof, that humans are fundamentally irrational, emotional, social hairless primates. Therefore, logic will not always be the best way to sway any given hairless primate to your way of thinking. Sometimes emotional appeal will work. Sometimes a big mallet, or the threat of a big mallet to the cranium will do the trick. I personally don't like the mallet to the skull method because it offends my sensibilities (also I feel I'm more likely to be on the receiving end than the dealing end). So it goes. But speaking from a purely logical standpoint, is there anything faulty with the mallet-to-the-skull method?

Sorry I got off topic--just my primate brain wandering again like it does.

Re:Open doors

[m50d]

They don't connect to your internet service. They connect to your router and send it packets. The packets have headers like "please send this to 212.159.61.65 if you can".

The router will normally forward them, and forward the replies back to you. But only if it's been set to, and it's your router, it's up to you how it does it. I've seen wireless routers that will not route packets onto the internet, only the internal network they are connected to. If that was what you wanted, you could have set it like that. If your access point allows me to connect without any shenanigans on my part, it is perfectly reasonable of me to send it well formed packets according to the standards for networking. If the router chooses to forward them, I think that implies that was the intended behaviour.

What a bunch of assholes.

[jusdisgi]

The whole tone of this article is dead wrong. The reporter is just taking what he's handfed by the cops. Take this for example:

In another Florida case, a man in an apartment complex used a neighbor's Wi-Fi to access bank information and pay for pornography sites.

So, wait.....which part of this is wrong? So the guy is into porn? Jesus, have him shot! Note that it doesn't say he was accessing other people's banking information. The whole story just implies misconduct by making the guy who got arrested out to be some peeping-tom type hanging out in the yard and acting suspicious, and making everybody else who has hung out on a wifi network (me and probably 70% of the rest of us here included of course) lumped in as a bad guy because this is obviously some kind of foul play. Never mind the fact that they are broadcasting access to their fucking network on our public airwaves!

Re:Open doors

[YomikoReadman]

If the wireless network in question was secure, I could agree with what you're saying. However, it was not, and as such it took no real work on part of the person using the access point. Putting in a splitter to steal cable, or electric or water takes actual effort, whereas in this case, anyone with a PC and a WiFi card could utilize the open access point.

Ultimately, the fact that it was an open wireless connection is anything but moot, and is the heart of the issue at hand. While actually cracking WiFi is something that should be dealt with as a computer crime, accusing someone of 'hacking' an open WiFi connection who may or may not have any idea of what they are doing is ridiculous. To me, this is just another case of people pushing off personal responsibility onto others, and has gotten absolutely ridiculous. The fact that the mass media paints issues in such a light as to make victims of fools is also quite absurd.

Something else I noticed all throughout the article was the complete, total ignorance that both the author and the individual whose network was utilized demonstrated. The author painted the image of morons who are too stupid to take basic measures to secure their network as being innocent victims of brutal, vicious attacks by horrible, horrible hackers that wish to use the network in total anonymity. They convieniently left out the fact that all routers I've ever seen keep access logs of MAC address that receive IPs.

Ultimately, I see this as yet another piece of crap journalism, with nothing but far ranging accusations with little to no facts to back up any of the statements made.

Re:Open doors

[wealthychef]

I suggest we let them know that if you broadcast an SSID into the public airwaves and then grant DHCP leases across it you are authorizing access to your network.

And if you leave your front door unlocked you are granting access to anyone who wants to enter. NOT!

Come one folks, just because you easily CAN do something doesn't mean it's ethical or right. I think that if you use somebody's network, it limits their own bandwidth, doesn't it? If not, then I'd agree it should not be illegal. But if so, then you are stealing from them.

I wonder if any of the people who don't have any qualms about using up their neighbor's bandwidth to play Halo turn around and complain about spammers using some of their bandwidth and resources to transmit spam.

I know I'm going to get flamed/modded down, but somebody has to say this.

Legality

[Morosoph]

The ISP defense that it's like sharing one copy of MS Office is pretty poor, as the bandwidth is fixed; it's more like sharing a video, which seems to me to be entirely legal AFAICT.

More like keys.

[Anonymous Coward]

If you really want to compare it, it's more like handing out keys to strangers on the sidewalk, and saying "you can use this to enter my house."

Re:A poor analogy

[IgnoramusMaximus]

If you take a typical suburban developement, and someone is hanging around for many hours, then yes they should either be confronted or law enforcement should be called.

As I just described to the poster above, there are possible legitmate reasons, a "public" AP hub run by one of your neighbours being one of them.

And no, "confronting" someone or calling cops is tantamount to crime pre-emption as opposed to crime prevention, a very, very serious difference. The proper course of action in crime prevention is to make it known to the individuals in the car that they are being watched. Either by flashing your camera flash through the window and waving or some similiar non-confrontational measure conducted from a safe distance, followed by setting the house alarm system and going back to sleep. Crime prevention seeks to reduce crime by making crooks jittery and doubtful of a possibility of a successful heist. Crime pre-emption on the other hand is the twin of vigilantism and usually leads to a crime being commited (harrasment and unwarranted prosecution for starters) by the vigilantes themselves.

In your example, the "confrontation" could easily turn ugly if the person in the car took his rights seriously and tempers flaired or to you simply getting shot, were he really a criminal. Calling cops on him exposes you to civil lawsuits from him and ties up the cops who could have been doing something more useful, not to mention waking up the whole street (wanting to be a "hero" of the street is a non-trivial motivation to a vigilante).

RE: legality of using open wi-fi

[King_TJ]

No... I don't think that simply because someone else uses your unsecure, open wi-fi network, the mere fact that they temporarily "limited your bandwidth" constitutes "stealing" on their part.

Most consumer broadband services don't guarantee you a specific amount of bandwidth to begin with! They tell you "rates of up to X" speed. In the case of DSL service, Customer A who is lucky enough to live a few houses down from the central office probably gets as much as 2 or 3x the bandwidth for his money as Customer B who is about 12,000 feet from the same central office.

The only thing that makes sense here, in my opinion, is charging someone if they actually do something criminal while borrowing your open network. (EG. If some guy in a van keeps pulling up close to your house and is obviously using your wi-fi network, and the next month you get questioned about downloading child porn - then it's time to report him and have him arrested.)

Short of that, if you don't want other people connecting to your wi-fi network, secure the thing! Otherwise, people really have no way to know if you're purposely offering free Internet access to those around you, or you're just clueless or too lazy to lock it down properly.

(That's where your unlocked door analogy falls flat, too. It's understood that a home belongs to a specific owner, and you're NOT allowed to just walk in, uninvited - especially if the door is closed and you have to turn the knob just to enter. You probably aren't sitting on that person's physical property at all when your laptop picks up their open wi-fi network.)

ugh

[Tom7]

Why did you guys have to call this "war driving"? That was a bad choice.

Re:Open doors

[Telastyn]

No, but if someone buys a TV, puts it on their sidewalk, and turns it on, they shouldn't be suprised if a few bums come and watch it.

Sure, I have gripes against spammers using my bandwidth, but I have absolutely no sympathy for people complaining that spammers are abusing their open relay.

Re:This Story Isn't About WiFi...

[elemental23]

The fact that he was creepy is precisely what brought him to the attention of local law enforcement. Rights, precedent and slippery slopes aside if you act like a creep while you are in clear violation of a law, you are gonna get hooked up with a set of handcuffs pretty rapidly.

The very fact that we're debating this illustrates that he isn't in "clear violation of the law". It's debatable whether he was in violation of any law at all. If the computer trespass charge sticks, it will only be after both sides hash it out in court, and even then there will be debate on whether what he did actually constitutes trespass. This is the very opposite of "clear".

Now, I'm not a lawyer, but in my opinion, he didn't break any law at all. The huge number of public, open wireless networks around the world demonstrate that this is a common practice and that upon finding one and being issued an IP address for it, it's reasonable to assume you are allowed to use it. If the owner of the AP didn't want the network to be public, the burden is on him to secure it (and possibly the AP manufacturers for not a) securing them be default, and b) educating their customers).

Looking suspicious might be reason to get the police out there, but that alone doesn't constitute probable cause for arrest, not to mention a trumped up charge like this.

Re:Open doors

[Some_Llama]

"And if you leave your front door unlocked you are granting access to anyone who wants to enter. NOT!"

This is more like leaving your front door wide open and handing out floor plans to people passing by on the street, any reasonable person would assume that you wanted them to go inside.. and I think that is all that needs to be proven in court... what a reasonable person would be expected to think...

Re:Open doors

[Anonymous Coward]

If you knock on the door and someone GRANTS YOU ACCESS (let's you in) then what?

I am tired of the "open front door" comment everyone that doesn't understand how DHCP works tries to use for an excuse for being too stupid to lock down their wireless.

DHCP - you ask for a IP and it gives you one and also gives you a valid DNS and gateway address and then you are on. How's that for GRANTING ACCESS?

I know people who set their SSID and then expect people to use it, and say they don't care since they don't use all the bandwidth that they are paying for.

Ridiculous...

[lullabud]

That's a terrible metaphor. You know how I first discovered what turned into war driving? My friend and I were at an OS X demo. When it was over we went out to his car, he opened his powerbook to make some notes, and "OMG, what's this?? I'm online??" It was a complete ACCIDENT. If my Grandmother can accidentally stumble onto her neighbor's "illegally shared" internet then there is something seriously wrong.

It's not like walking into somebody's house, it's more like opening your bedroom window so you can listen to your neighbor's XM radio. You're not paying for that XM... you're stealing by listening to it without your neighbor knowing. Sure, you can't change the channel just like you can't reconfigure their router settings, but you ARE leeching.... whatever. It's absurd. It's asinine. It's not stealing if people are offering it, let alone broadcasting it out with an SSID beacon, and it shouldnt' be illegal if Apple and Microsoft are setting us up for these "illegal" activities by making their OS auto-connect to open networks. Am I the only one who's found himself accidentally using his neighbors signal instead of his own? It's not stealing if I go to my friends house to watch DVD's he rented or bought. It's not stealing when I flip through the channels on his TV even when he's not home. I do agree that saturating your neighbor's pipe is out of line, and using it without their knowledge might be a bit shady, but illegal? That's ridiculous. If they don't want you on their net then they should turn on WEP. If the internet companies don't want you sharing your pipe then they should charge by megabyte.

Re:More like keys.

[Nurgled]

Two things in the transaction could be percieved as "permission". Firstly, the access point is (presumably) periodically advertising itself to the world, inviting any nearby computers to connect. Some computers will do this automatically without prompting, as mine did when I turned it on in my new office the other day and it discovered the access point in the office next door. Secondly, once the computer had associated with the access point it sent a DHCP request onto the network. Think of this as walking up to someone's open door and yelling "Can I come in?". The DHCP server then responded "Sure, you can come in and sit in this seat!" (you can use this IP address). This is also often done unattended by a computer once it has completed the previous step.

Not only, then, is the wireless network sending out periodical invitations to everyone, but when they respond it is helping them to get connected. This guy might be able to claim "hacking" if neither of these were true, but I think in this case it's clear to me that the owner of the wireless network has the liability for sharing his Internet connection in breach of his ISP contract.

As a side note, I was taught in school that in the UK you can legally access any system which doesn't make attempts to stop you. Of course, if you then go ahead and break it or cause disruption you can be charged with damage to property and other such crimes, but just "seeing what's out there" and making use of what you find is legal, assuming what I was taught in school was correct. If this wasn't true, it would be illegal to connect to amazon.com on port 80 without prior permission; the fact that it isn't restricted implies permission to use it. If it required a password and I brute-forced the password to gain access, I would be breaking the law.

Re:Open doors

[jusdisgi]

Please specify whether you are a lawyer or not next time. You have to.

Actually, I don't have to.

We depend on the law advice on slashdot; you know that.

Sorry to hear that. Very naive of you. Even if someone tells you that he/she is a lawyer, and gives you advice on slashdot, it is no substitute for hiring one.

If you preface your statement with IANAL, I know you're some idiot with as much knowledge of the law as the packing material I just threw away.

Then you don't "know" much.

If you instead qualify your statement with IAAL, I'll listen to your legal advice, quietly cuss you out for being a snake with no morals, and go about my day (hopefully more informed though).

Just digging the hole deeper. Not only are you apparently completely unaware that there are non-lawyers with a great deal of legal knowledge, you also believe that all lawyers are "snakes with no morals." Please fuck off.

Thank you.

Godwin...

[Anonymous Coward]

Yeah, it's the rape victim's fault for dressing like that, she had it coming! An open door is *not* an invitation, no matter how much you might want what's inside.

Is this where I insert a reference to the Nazis/Hitler?

Re: Open doors

[bezuwork's friend]

This is more like leaving your front door wide open and handing out floor plans to people passing by on the street, any reasonable person would assume that you wanted them to go inside.

I think, to take it further, it would be if the developer in your city left the front door open with a sign out front having the floor plan. Or even a lock on the door and the code on the sign.

Of course, everyone moving in will take the sign down and shut and lock the door. Who wouldn't? That's cause everyone knows how. The difference with the wifi is that not everyone knows how, and there are likely alot who don't even realize there's a problem with leeching.

If the owner knows how to secure his network, then his not securing it could arguably be an invitation. But if he doesn't know how to secure it, then his not securing it can not be considered an invitation.

Re:Open doors

[syukton]

I don't think it's anything like that to be quite honest, and I think the technical analogies are way off. For example, those arguing that the WAP "invited access" might just as well argue that an unlocked door "invites access" ("But, your honour! The door handle turned when my hand made a request to enter, responding by opening the door. I was clearly invited in")

Not really. Turning the handle is like testing the security of the system. If it is locked, you could be said to be attemping to force entry by turning the handle once or more. Approaching a door that you have no previous knowledge of the security of and attempting to open that door is completely different from, say, a door on a porta-potty that says "VACANT" or "OCCUPIED" and therefore notifies you of the publicity of access/entry BEFORE you even try to access/enter it. A WAP functions like such a door: you know whether it's locked or unlocked before you ever attempt to utilize it.

A WiFi hotspot does not invite unauthorized connections by virtue of broadcasting its existance.

You're right, it doesn't. However, an open WiFi hotspot does invite all connections by virtue of broadcasting its existence--whether explicitly or implicitly authorized, or not. It's like the porta-potty that says "VACANT" -- Would you, at some kind of festival, stare at the long rows of VACANT porta-potties and not make use of one to relieve yourself, because they lack signs that explicitly say either "FOR PUBLIC USE" or "NOT FOR PUBLIC USE"? It's kind of assumed that vacant porta-potties are used for relieving yourself unless otherwise indicated. (out-of-order signs, "employees only" signs, etc)

With Wifi using radio spectrum, it's a necessary part of its operation that requires that it transmit its existance so that authorized nodes can connect to it.

With radio stations using radio spectrum, it's a necessary part of their operation that requires that they transmit their existence so that anyone can connect to it. Radio being probably the most common and familiar form of wireless information communication (and oldest, too), the nature of implied openness and not needing to be a "member" of some club or organization is implied when receiving a radio broadcast. Speaking of radio broadcasts, any "sensitive" radio broadcasts (military, for example) are scrambled or use some kind of spread-spectrum technology to make them impossible for the public to intercept. But radio as a technology has long been considered to be public tunable for receiving purposes. Discounting that a wifi hotspot functions bidirectionally (upload/download) and a radio transmission tower functions unidirectionally (download), I think it is explicitly implied that any unencrypted wireless broadcast is usable by any member of the public. Given the "predominantly downloading" nature of an internet connection (you do way more downloading than uploading, generally), the wifi hotspot can be seen as similar to a radio transmission tower, thusly.

However, as most, if not all, WAPs are sold in a default configuration where they are unlocked and broadcasting an SSID, it's a stretch to argue that the owner of the WAP has deliberately opened their network to all.

Yes, that's a stretch. However it isn't a stretch to say that the manual describes how to secure the system. It also isn't a stretch to say that the onus is on the user to secure their device, and by not doing so and broadcasting the signal on a public unregulated frequency, they are implicitly allowing access to the WAP. By their INACTION, they have LEFT IT OPEN, but they did not OPEN IT. It's not their actions which are at fault here, but their inaction. They did not deliberately open it, but rather they deliberately chose to let it remain open.

Let's stop being nerds with bad analogies and look at the real world.

DHCP == Request for Permission

[HermanAB]

Well, if your computer sends out a DHCP request for an IP address and a server replies and hands you an address, then you affectively Asked for access and it was Granted. End of argument...

Ease of Interoperability

[lullabud]

That's assuming you're running XP SP 1 with patches applied or are running XP SP 2. Luckily everybody patches their system once a week, keeping up on all the latest trends in MS's implementations of various functionality. Luckily they're all that computer savvy and trust MS that much. Seriously, they do.

However, what about people who configured Zeroconfig so that it would connect to untrusted networks automatically (because they're sick of Mom calling them up asking for tech support or something)? And what about everybody who has the default Linksys SSID in their trusted network list? And what about people who are using 2k or ME? And what about people who use their 3rd party wifi card's management software? And what about people who are using Mac OS? And what about...

The point is that SSID broadcasting, automatic client association and DHCP work together to provide seamless networking capability. That's how it WiFi was designed. Two years about I spent countless hours making sure that whenever people plugged in one of my companies wireless cards it would automatically join the network which had the strongest signal. Now somebody wants to say that's illegal? Bullshit. That is ridiculous. If they want to bust you with roaming onto somebody's wireless network they'd have to prove that your intentions were heinous. The act itself is not wrong.