Wi-Fi Piggybacking Widespread 459
BaCa sent in this article about stealing network access that opens, "Sophos has revealed new research into the use of other people's Wi-Fi networks to piggyback onto the internet without payment. The research shows that 54 percent of computer users have admitted breaking the law, by using someone else's wireless internet access without permission." Of course, online polls being what they are, the results are hardly a plank for a full investigation, but a good share of the answerers did 'fess up to it as well.
Stealing? Or Sharing? (Score:4, Insightful)
Encryption (Score:5, Insightful)
If you can't be bothered to set up even 40-bit WEP, then you have nothing to complain about. Hell, there are five signals that I can see from my house! Your RF is in my space! I should charge rent.
Is this really breaking the law? (Score:5, Insightful)
So, to summarize: I feel like cracking someone's WEP key to get on their net is pretty damn illegal. But I don't think hopping onto an open net is unsecured. In fact, the fact that it's open may be interpreted as a sign that the owner intends to allow open access!
--
Educational microcontroller kits for the digital generation. [nerdkits.com]
Classic scenario - visiting the parents (Score:5, Insightful)
I think it should be legal unless you're cracking someone's WEP or WPA to get in.
I just read that news article with permission. (Score:5, Insightful)
How is putting up an unsecured Wi-Fi connection any different than putting up an unsecured website?
oh, and here's one just for you people who like "it's like entering my house" analogies...
Re:I agree its wrong (Score:5, Insightful)
Re:I agree its wrong (Score:4, Insightful)
By that definition, my operating system is in violation of the law whenever it scans for an available network and presents it to me for connection.
Re:I agree its wrong (Score:5, Insightful)
So every time you want to visit a web site, you write a letter or call up the webmaster to ask for permission?
If by setting up a Web server I'm tacitly permitting inbound traffic, then surely setting up an unprotected wifi access point is the same, as far as the law is concerned?
(I'm not saying Wifi piggybacking is or should be legal, just pointing out that the law you mention as it is is quite vague and open to interpretation.)
Re:I agree its wrong (Score:5, Insightful)
I would say that the beacon and authentication process would communicate that permission is granted:
Access Point Hey everyone, I'm open for business!
My Adapter Can I have permission to join your network?
Access Point Sure! Here's an IP!
Re:I agree its wrong (Score:5, Insightful)
So, the access point tells the area that it's broadcasting, and the client sends an association request, and the access point associates with the client. Assuming that that association was gained by the client in a non-malicious manner (no MAC spoofing, no WEP cracking, etc,) it sounds a lot like the system was configured to give any client permission automatically.
I'm swinging my arms... (Score:4, Insightful)
And, I do think someone needs to introduce RFC 2131 (DHCP) into evidence. An open router responds to a polite request with a positive acknowledgment. It is possible to configure the box not to give that acknowledgment, probably via an encryption key, but also by MAC filters or turning off DHCP. Introduce the owner's manual while you're at it.
Re:I agree its wrong (Score:2, Insightful)
Only if you name your access point "FREE WIFI", or by some other means convey that it is free, since a website is implied to be public by default, and an access point is implied to be private by default, even if there isn't a password.
This is not the same thing as piracy. Stealing WiFi REALLY IS stealing, because you are depriving somebody of the bandwidth they are paying for when you use it without permission. That you think anything unknowingly left unprotected is fair to steal illustrates your lax morals. Would you steal somebody's car if they left it unprotected without knowing it? Well then why would you steal somebody's wifi if they left it unprotected without knowing it?
Re:those poor bastards . . . (Score:2, Insightful)
I guess the real motivation for this being illegal in the UK is to try to reduce the possibility of anyone getting truly anonymous net access. After all, they might be TERRORISTS! Or PAEDOPHILES! Or inconvenient protestors who disagree with the government and are going to do something about it...
Re:I agree its wrong (Score:3, Insightful)
Re:I agree its wrong (Score:4, Insightful)
Re:I agree its wrong (Score:2, Insightful)
Your neighbor has an old-style cordless phone. You find a handset for that type phone at a garage sale, and start using THEIR phone line that THEY paid for, to make your own calls.
It starts out just doing it in the middle of the night, you know so nobody will notice. Then one day they pick up the line while you're on it. Do you LAUGH HYSTERICALLY and explain to them how you are entitled to use their utility?
Probably not. Because you know it's wrong, and illegal, so you hang up really quick. All other analogies people will make, are attempts to RATIONALIZE what they are doing and make it okay when they know it is not. There is a vast difference between picking up radio signals like with a scanner, and ACTIVELY sending them into someone else's network so you can make us of the utility that they paid for and you didn't.
Re:Sharing = Crime (Score:3, Insightful)
Re:It is illegal in the UK (Score:4, Insightful)
(a) dishonestly obtains an electronic communications service...
So it's "illegal" if it's "dishonest". How is it "dishonest" to connect to an open wifi point? No misrepresentations are made. Your PC/laptop requests access and it is granted. No hacking, cracking or dishonesty is involved. No dishonesty, no illegality, it seems to me.
Permission settings as indication of intent. (Score:3, Insightful)
For decades much of the computer using community has taken the settings of things like file permissions as not just a technical access control, but an expression of intent.
For instance:
- If a file's permission is read-group or read-world and it is sitting in a directory that is also group or world accessible, anyone might chose to examine it at any time, without notice to, or explicit permission from, the owner.
- If it (or the containing directories) is not read-enabled, users with adequate system permission or knowledge of system internals may be ABLE to read it. But (if they behaved ethically) they would normally NOT do so unless the had either explicitly obtained permission from the file owner or were performing the access as something necessary to their job function - in which case they'd read it as little as possible.
Tools (such as mail readers) were normally designed to set the permissions of files they created in accordance with the likely wishes of the users.
IMHO continuing that logic makes perfect sense.
A significant number of people deliberately make their access points available to any non-disruptive transient user, as a community service. This is often done by leaving them at their default settings. Meanwhile, access points have a fine mechanism for putting up a "no trespassing" sign: WEP encryption. It's very weak and can be trivially broken. But turning it on makes it clear that the AP's owner did not intend for the AP to be used without explicit permission, and breaking the encryption makes it clear that a user intended to disregard the owner's wishes. So it's like the latch on a screen door: Trivially bypassed - but clearly expressing intent.
Granted most APs are shipped with WEP turned off, so a lot of users leave them open out of ignorance rather than as an expression of intent. But IMHO the user of an open AP can plausibly deny any intent to trespass on the AP and that the user had failed to post the property as private.
So it seems to me that the appropriate stand for the legal system to take is that the WEP setting and key distribution practices of an AP's owner are an expression of the owner's intent.
Re:I agree its wrong (Score:3, Insightful)
Communication between machines is not communication with their owners.
The permission you need is from the subscriber who signs the monthly checks to Verizon. The judge doesn't have to say that as a matter of law a residential "access point" is meant to be public simply because it is not secured.
It's the judge's business to ask the inconvenient questions:
Why were you parked in a neighborhood where you had no acquaintances, no obvious reason for being there? Why were you using a directional antenna, the Pringles can? The legit public access point generally isn't in the basement playroom of a private home.
Re:I agree its wrong (Score:5, Insightful)
So, if my network is intentionally left easily accessible, why do you say that "linksys", "NETGEAR", or "default" network isn't there because that's how they wanted it? Because the essid is factory default? I had a Netgear wireless router once. Nice piece of equipment, IMHO, but overpriced. I routed it through the Linux box I had handling that sort of thing at the time and left the access point itself unsecured (except the admin password, obviously). Basically the same setup as now, but less complex. I left it that way so that my neighbors could get online through me.
Am I the exception to the rule?
If you don't want someone accessing your network, fine. Enable encryption. I'll stay off of it. Most other people will, too.
Re:I agree its wrong (Score:4, Insightful)
Ah, so you personally asked all owners/shareholders of SourceForge, Inc. if you could access this website and post comments on it...
Re:I agree its wrong (Score:3, Insightful)
Re:I agree its wrong (Score:4, Insightful)
Re:I agree its wrong (Score:5, Insightful)
Actually, I thought the purpose of the SSID was to serve as the service set identifier to differentiate between networks. The SSID is also broadcast on an encrypted network, and anyone would agree that an encrypted network is not exactly saying "hey, I'm here, connect to me"
Re:Is this really breaking the law? (Score:4, Insightful)
You do not take possession of a wifi AP. It stays exactly where it is, still available for use by the owner - or anybody else.
Re:I agree its wrong (Score:5, Insightful)
Now, on the other hand, if I crack a WEP key, I am clearly crossing a black and white line. Cracking WEP, although trivial, requires effort on my part. If my neighbor puts up a sign on his front door reading "GOLD INSIDE." and buys a really flimsy lock, it's still clearly crossing a line for me to help myself to said booty.
Re:I agree its wrong (Score:4, Insightful)
Re:I agree its wrong (Score:3, Insightful)
Re:I agree its wrong (Score:1, Insightful)
Trespass??
At any given time I have up to 27 different wi-fi signals traversing my front room. If I walk through to the back of the house I have perhaps 15 others. Who's trespassing?
If I sit on a bench in the street and use your wi-fi, how can I be trespassing in a public street?
Re:I agree its wrong (Score:3, Insightful)
Re:I agree its wrong (Score:4, Insightful)
It's not unreasonable. My cordless phone didn't require a password, and I'd be pretty upset to find my neighbor using it.
I think access points should come with a password out of the box.
Re:I agree its wrong (Score:4, Insightful)
I know this is a stretch, and I know some people are averse now new and untested ideas, but - you could try *talking* to your children about what they are and aren't allowed to do.
Why get your knickers in such a twist about "unsavory websites" anyway? If they're old enough to be allowed the responsibility of using the Internet unsupervised, they're old enough to make their own decisions about what's suitable and what's not, and whether or not it breaks their rules.
I guarantee you, whatever you call an "unsavory website", your teenagers will already have seen something worse. And laughed at it.
Re:I agree its wrong (Score:2, Insightful)
Obligatory car analogy: If my car explodes and kills someone, it's the car's fault, not mine (unless I rigged it to blow up).
Re:I agree its wrong (Score:5, Insightful)
(For example there are lots of charter only buses, and some private buses with fixed stops and routes on the roads near my location, and there are lots of School buses, and a public transport community bus system that paints its vehicles with many different designs and colors. There's no law that says people should not hail a bus until they are absolutely certain it's not a private chartered vehicle, or anything remotely like that, and no one is looking at how many buses of what kinds are public or private, and what subtypes there are, when it comes to passing new laws. If the ratio of chartered lines to school buses changed, I don't think anyone would say we needed to change the existing laws vis-a-vis buses.).
Most laws are built on reasonableness tests and the like, not some percentage test. Telling people they should assume any WAP not explicitly marked public is private is no different from telling them they should assume anything not explicitly marked public domain is still copyrighted, or should assume any road without a clear sign is a private drive. That pesky "Innocent unless proven guilty" principle includes not shortcutting the law by claiming that someone had criminal intent just because they didn't assume automatically that something was private unless clearly marked otherwise. Instead the law should have to prove the person didn't have a reasonable expectation that something was being made public. That's mostly well established law - hanging your wash out on a clothesline isn't making the wash legally takeable by the public, putting in a sidewalk that better supports access to an adjacent location is explicitly giving someone permission to walk that way (unless it's marked otherwise). Instead of whole new laws, WAP issues are best resolved by a body of precedents that follow existing examples. The courts can decide just how much or little the WAP owner has to do to have it considered private.
We frequently tell private owners they should put up the signs or shut up (i.e. If you want parking in front of your business to be used for your business only, post it or don't complain, if you don't want your buried cable dug up, then mark it, etc.). We used to make copyright holders put explicit notices on works rather than make everyone else assume they existed unless proved to have expired. Let a person cross your land enough times without complaint, and you don't have to give them explicit permission to have established an easement. The law has many cases where not doing something to stop access counts as granting access. A legal decision that not changing the WAP defaults is in line with giving permission is justifiable on similar grounds. It's not necessarily the right call, but people who are arguing that the courts can't, or should never do that don't know common law very well (Or they know it very well indeed, but hope the general public never learns).
Re:More US Arrests for "Illegally" using Open APs (Score:3, Insightful)
In addition to that, your typical mail client will check for new messages every 10 minutes. Windows will automatically download updates. Many manufacturers pre-install software that also automatically downloads additional software updates. These things all generate traffic.
Regardless, the crime people are being charged with is unauthorized computer access. The amount of traffic they generate is irrelevant. The law is interpreted as meaning that it's illegal to access the network device, regardless of the AP being configured to broadcast that it's open and offering IP address leases to machines that it sees trying to connect.
How is your average user supposed to know that the internet access they are given automatically is illegal?
How do you distinguish between APs that are open but illegal to use from APs that are intentionally left open for the public to use?
It's Not Stealing (Score:3, Insightful)
It isn't stealing. For music, it is copying without permission. that is wrong, but it isn't worse than murder, as US federal law currently maintains, and it isn't 'Piracy'. Piracy is a crime that involves murder, theft and the destruction of property, with rape and enslavement frequently thrown in. None of that happens on line. It isn't even physically possible.
For net access, there are less drastic means to fix things. I run a home network that is open. I know that at least one neighbor has used it for their access. For the occasional email or light browsing, that's not a problem. I pay for the connection so that my family can use the net. As long as we are not inconvenienced, we are not harmed. My ISP has contracted with us to provide a certain level of data throughput, so they aren't out. We can't exceed our contract amount anyway. Where there is no harm, there is no reason for a stupid law.
If I were running a business this would be different. Then, I wouldn't be running it wide open. Where someone has to break in, it should be illegal, but any open network connection should be able to be used.
Can anyone show me where I'm wrong?
P.S. I did have one incident where somebody was downloading something big, and we had seriously degraded performance on our home wifi. I solved it by unplugging the wifi for 15 minutes. Never happened again. Simple solutions are the best.
Re:I agree its wrong (Score:2, Insightful)