Wi-Fi Piggybacking Widespread

BaCa sent in this article about stealing network access that opens, "Sophos has revealed new research into the use of other people's Wi-Fi networks to piggyback onto the internet without payment. The research shows that 54 percent of computer users have admitted breaking the law, by using someone else's wireless internet access without permission." Of course, online polls being what they are, the results are hardly a plank for a full investigation, but a good share of the answerers did 'fess up to it as well.

Re:I agree its wrong

[Eyah....TIMMY]

Here it is for California:
http://www.internetlibrary.com/statuteitem.cfm?Num=12/ [internetlibrary.com]

"Access" means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network.

(7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.

Re:Stealing? Or Sharing?

[Luke the Obscure]

We set our SSID to "Open WIFI" so everyone knows we're sharing on purpose with the hopes that guests will do the same.

It is illegal in the UK

[cyriustek]

Here are a few occasions instructing that using a wireless connection without payment, or without permission is illegal:

"Two people have been arrested in the UK for using another person's wireless internet access without permission. Neither was charged but both were cautioned for dishonestly obtaining electronic communications services with intent to avoid payment." http://www.out-law.com/page-7969 [out-law.com]

Another according to BBC NEWS where he was arrested for "Dishonestly obtaining free internet access is an offence under the Communications Act 2003 and a potential breach of the Computer Misuse Act." http://news.bbc.co.uk/2/hi/uk_news/england/london/6958429.stm [bbc.co.uk]

Re:Is this really breaking the law?

[BrianRoach]

Your analogy is a tad bit flawed.

If someone's car is parked on the street (public property), not locked, with the keys in the ignition ... do you have the right to take it or use it? Of course not. You'd be arrested for grand theft auto, even though the person did not take any steps to secure the vehicle .

An unsecured WAP is much like the above car, you're still using something that doesn't belong to you without permission. You aren't paying for the internet connection, you didn't buy the WAP.

- Roach

Re:I agree its wrong

[yelvington]

It's not necessarily wrong. Sophos is assuming, without reason, that an open access point isn't intended to be used. I would argue the opposite. Open access means "use me."

Earlier this week at the Columbus, Ohio, airport, I appreciated not having to click through pages of legal disclaimers, threats, et cetera, to get to the Internet on the unsecured wifi access point that I found when sitting an airport waiting area. I was able to connect and quickly grab my email without having to mess around with a web browser.

Am I a criminal for using the open wifi connection? Or was I merely using a publicly accessible wifi connection? The latter, judging from the posters all over the airport urging me to use the service.

I had the same experience at the Columbia, South Carolina, airport. Free access, fast connections, no legal clickthrough junk. (Cheers to both airports for not trying to nick me for $8 an hour.)

An open, unsecured wifi access point should be considered an invitation to public use. And inviting free public use should never be outlawed.

Re:Is this really breaking the law?

[debest]

An unsecured WAP is much like the above car, you're still using something that doesn't belong to you without permission. You aren't paying for the internet connection, you didn't buy the WAP.

I disagree. An unsecured WAP (with SSID broadcast enabled) is actually advertising that it is open for use. If you ask for permission to connect, its DHCP server grants you permission to do so. Hey, the WAP's owner configured it that way, why should we second-guess intent? Hell, most people's laptops don't even ask their user: they just connect automatically to the strongest signal they can find. Who's responsible then?

To extend your car example,

An unsecured WAP is much like above car, except that the car has a sign on it stating that the car is available for anyone to drive, anytime they wish. True, you didn't pay, but permission is granted to take it anyway.

Per Federal Law, Piggybacking IS legal

[Anonymous Coward]

Per Federal Law, Piggybacking IS legal
US law clearly states that accessing unencrypted wireless is legal.
But first, I want to address a lie that was started by Alex Leary, a reporter for the St Petersburg Times. I have been following this story since it appeared. A "Benjamin Smith" was never arrested by the St. Petersburg Police for unauthorized access to a computer network, never charged with a third-degree felony, never booked by the Pinellas County Sherff's Office, and never scheduled for a pretrial hearing. There was no follow up to the story because there was no trial. Alex Leary made the whole story up.
Do not spread urban legends. Especially about the law. When you are told that something is against the law, ask which specific law? When you are told someone was arrested, ask for the booking number? Went to trial, docket number. When someone cannot answer these questions, do not believe them.
Accessing unencrypted wireless is VERY legal.
According to Title 18 (Crimes and criminal
procedure) of the United States Code, Part I
(Crimes), Chapter 119 (Wire and electronic
communications interception and interception of oral
communications) from
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm [usdoj.gov] :
2511. (2)(g) It shall not be unlawful under this
chapter
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm [usdoj.gov]
or Chapter 121
http://www.usdoj.gov/criminal/cybercrime/ECPA2701_2712.htm [usdoj.gov]
of this title for any person --
(i) to intercept or access an electronic
communication made through an electronic
communication system that is configured so that such
electronic communication is readily accessible to
the general public;
2510. Definitions
(16) "readily accessible to the general public"
means, with respect to a radio communication, that
such communication is not --
(A) scrambled or encrypted ;
(B) transmitted using modulation techniques whose
essential parameters have been withheld from the
public with the intention of preserving the privacy
of such communication;
(C) carried on a subcarrier or other signal
subsidiary to a radio transmission;
(D) transmitted over a communication system provided
by a common carrier, unless the communication is a
tone only paging system communication; or
(E) transmitted on frequencies allocated under part
25
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr25_04.html [gpo.gov],
subpart D
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.401.htm [gpo.gov] ,
E
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.501.htm [gpo.gov] ,
or F
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.600.htm [gpo.gov]
of part 74
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr74_04.html [gpo.gov] ,
or part 94 http://wireless.fcc.gov/rules.html [fcc.gov] of the
Rules of the Federal Communications Commission
http://wireless.fcc.gov/rules.html [fcc.gov] , unless, in the
case of a communication transmitted on a frequency
allocated under part 74
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr74_04.html [gpo.gov]
that is not exclusively allocated to broadcast
auxiliary services, the communication is a two-way
voice communication by radio; [The unlicensed
spectrum used by Wi-Fi
http: [wikipedia.org]

Re:I agree its wrong

[penix1]

You may not be in violation of a law but in most cases you are in violation of you ISP contract. Go back and re-read what is says about securing wireless as well as the definition of a "home network". In my case (Verizon) it says:

3.2 We will provide you with or, if available in your area for your chosen Service, you will choose, a User ID and/or Verizon User Name (collectively, "User ID") and password for each account purchased to enable you to access the Service. You agree to protect your User ID and to pay for all activity associated with it.

  3.3 You agree that you are responsible for all use on your account, including any secondary accounts or sub-accounts registered to your primary account. You understand this means that you accept full liability and responsibility for the actions of anyone who uses the Service via your account, or any secondary accounts, with or without your permission. You also agree to use the Service only within the United States.

  3.4 The Service is a consumer service and is not designed or intended to be used by any business or for any business or commercial purpose.

and:

3.7.1 You may not resell the Broadband Service, use it for high volume purposes, or exceed the bandwidth usage limitations that Verizon may establish from time to time for the Service.

  3.7.2 You may connect multiple computers/devices within a single home to your Broadband modem and/or router to access the Service, but only through a single Broadband account and a single IP address obtained from Verizon.

Even if your contract doesn't have that clause (something I doubt) YOU are still responsible for it in the event it is used for something illegal. It is a bad idea to open your wireless for this reason alone.

Re:More US Arrests for "Illegally" using Open APs

[Oligonicella]

Welcome to the 21st century, where it's considered a felony(by cops and judges) to turn on a standard wifi enabled computer running Windows.

Shoddy attempt at spin, there. In each of your links, the perp was purposely sitting outside a hub and creating traffic, knowing he was siphoning bandwidth and money. An automatic detection is not the same as traffic.

Re:I agree its wrong

[Shakrai]

By that definition, my operating system is in violation of the law whenever it scans for an available network and presents it to me for connection.

New York's definition is a lot better. Of course, I can't pull it up right now, because section of the Assembly site with our laws seems to be down, but it basically requires that you have to bypass a "password or code system" in order to commit the crime of "unauthorized use of a computer".

That's actually quite logical. Connecting to an open wi-fi network is not a crime in New York State. Bypassing someones WEP key in order to use his wi-fi however, is.

Re:I agree its wrong

[timpaton]

I don't agree that it is necessarily wrong, as long as it doesn't disrupt the service of the person who owns the Internet connection. What harm is done by me piggybacking on a neighbor's wifi connection at 2AM while they sleep, to check some email?

I understand that most DSL/cable contracts in North America are "unlimited" - unlike Australia where contracts are limited, and either throttled or fined if a monthly transfer limit is exceeded.

In any case, the bandwidth you are "borrowing" is payed for, somewhere in the supply chain, by somebody. And you can be pretty sure the bigger players aren't going to make up the difference out of their own pockets.

The cost of a North American "unlimited" contract is set by the provider dividing his upstream bandwidth costs, operating costs and margin between his customers. If you and your neighbour are sharing a connection - by agreement or stealth - the provider has one less customer to pass his costs on to. Spreading costs over fewer customers, each customer must pay more. Contract prices will go up.

It's like any other service. You might want to connect your plumbing to your neighbour's water supply [1], downstream of the meter. That way you can split the water usage charge, and only pay for one connection charge instead of two. Better yet, you might be on an unlimited water plan, where you pay a flat fee for connection, and use as much water as you like - after all, the cost of water is trivial compared to the cost of the connective infrastructure. In this case, you might not even tell your neighbour that you're tee-ing in to his plumbing, because it's not going to cost him a cent extra. As long as the pipe from the water main in the street to the meter is big enough, it's not going to dusrupt anybody's water supply.

But the water company isn't going to be terribly happy about it, because you have two houses paying one house-share of the cost of bringing the water to the meter. You're not contributing to the upkeep of the water mains.

Likewise, by sharing broadband over wireless, you're not contributing to the installation and upkeep of upstream infrastructure.

/tp

[1] one series of tubes as an analogy for another...

Re:I agree its wrong

[Shakrai]

The Assembly webpage came back up. It's a little vaguer then I recalled but I still think you are safe:

156.05 Unauthorized use of a computer.
A person is guilty of unauthorized use of a computer when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization.
Unauthorized use of a computer is a class A misdemeanor.

Then from the definations:

8. "Without authorization" means to use or to access a computer, computer service or computer network without the permission of the owner or lessor or someone licensed or privileged by the owner or lessor where such person knew that his or her use or access was without permission or after actual notice to such person that such use or access was without permission.

Proof that such person used or accessed a computer, computer service or computer network through the knowing use of a set of instructions, code or computer program that bypasses, defrauds or otherwise circumvents a security measure installed or used with the user's authorization on the computer, computer service or computer network shall be presumptive evidence that such person used or accessed such computer, computer service or computer network without authorization.

Based on that I would assume that you are ok connecting to an open wi-fi network without encryption. There's also this:

156.50 Offenses involving computers; defenses.
In any prosecution:
1. under section 156.05 or 156.10 of this article, it shall be a defense that the defendant had reasonable grounds to believe that he had authorization to use the computer;

One could probably make the argument that an open wi-fi network implies authorization to use the network. I doubt you could pull this off if you were using the wi-fi network to download kiddie porn, but given that many operating systems will connect automatically to such networks, you could probably use it as a defense if all you did was check your e-mail and surf a few webpages.

In fact, the kiddie porn example would bump the offense up to a felony:

156.10 Computer trespass.
A person is guilty of computer trespass when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization and:
1. he or she does so with an intent to commit or attempt to commit or further the commission of any felony; or
2. he or she thereby knowingly gains access to computer material.
Computer trespass is a class E felony.

So, in summary, you are PROBABLY safe using an open wi-fi network for ligit purposes, as it's unlikely that the police or prosecutor would bother charging you with a misdemeanor over using your neighbors connection to check your e-mail. You definitely aren't safe if the owner asks you to stop, has encryption in place or if you do something stupid (like try to access his c$ share) or illegal.