Wi-Fi Piggybacking Widespread

BaCa sent in this article about stealing network access that opens, "Sophos has revealed new research into the use of other people's Wi-Fi networks to piggyback onto the internet without payment. The research shows that 54 percent of computer users have admitted breaking the law, by using someone else's wireless internet access without permission." Of course, online polls being what they are, the results are hardly a plank for a full investigation, but a good share of the answerers did 'fess up to it as well.

I agree its wrong

[Lord Byron II]

but how is it illegal?

Re:

[Suddenly_Dead]

Since the law said it was, and judges set up precedence backing up that interpretation of the law.

Re:I agree its wrong

[Eyah....TIMMY]

Here it is for California:
http://www.internetlibrary.com/statuteitem.cfm?Num=12/ [internetlibrary.com]

"Access" means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network.

(7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.

Re:I agree its wrong

[konohitowa]

"Access" means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network. (7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.

By that definition, my operating system is in violation of the law whenever it scans for an available network and presents it to me for connection.

Re:I agree its wrong

[Shakrai]

By that definition, my operating system is in violation of the law whenever it scans for an available network and presents it to me for connection.

New York's definition is a lot better. Of course, I can't pull it up right now, because section of the Assembly site with our laws seems to be down, but it basically requires that you have to bypass a "password or code system" in order to commit the crime of "unauthorized use of a computer".

That's actually quite logical. Connecting to an open wi-fi network is not a crime in New York State. Bypassing someones WEP key in order to use his wi-fi however, is.

Re:I agree its wrong

[a_nonamiss]

Connecting to an open wi-fi network is not a crime in New York State. Bypassing someones WEP key in order to use his wi-fi however, is.

I'd say that pretty much nails it right on the head. I feel very strongly that if my neighbor sets up an open access point called "netgear" and broadcasting it into my house, they're telling me that they don't care if I use it. In fact, maybe I don't want every person in my household to have unrestricted Internet access. If they're not securing their access point, my children could browse unsavory websites, and aside from taking their computers away from them, I couldn't do a thing about it. (legally) Now, I am a good neighbor, and I've made more than one household in my neighborhood aware that they were offering up free bandwidth to anyone who happened by, and I've even offered up my expertise free of charge to help them secure said access point.

Now, on the other hand, if I crack a WEP key, I am clearly crossing a black and white line. Cracking WEP, although trivial, requires effort on my part. If my neighbor puts up a sign on his front door reading "GOLD INSIDE." and buys a really flimsy lock, it's still clearly crossing a line for me to help myself to said booty.

Re:I agree its wrong

[djradon]

Some people might choose to purposefully share their wi-fi. I'd do it if I could easily limit the bandwidth of unreckognized guests and guarantee theu were was isolated from my network. Wouldn't it be cool if everyone in the world could donate a little chunk of their internet pipe to the public? Isn't that what the OLPC is going to do?

Re:

[Shakrai]

I'd do it if I could easily limit the bandwidth of unreckognized guests and guarantee theu were was isolated from my network

There are ways to isolate [netfilter.org] them and limit [luxik.cdi.cz] their bandwidth. Whether or not you'd call them "easy" is up to you.

Re:

[tha_mink]

Is there a WRT firmware somewhere that has that stuff already set up?

Yep. dd-wrt [dd-wrt.com] can do it with some of their QoS stuff. I use it for hotspot throttling. Also to do some porn filtering. (NSFW is NSF[public_hotspot] too.)

Re:I agree its wrong

[Gordonjcp]

If they're not securing their access point, my children could browse unsavory websites, and aside from taking their computers away from them, I couldn't do a thing about it. (legally)

I know this is a stretch, and I know some people are averse now new and untested ideas, but - you could try *talking* to your children about what they are and aren't allowed to do.

Why get your knickers in such a twist about "unsavory websites" anyway? If they're old enough to be allowed the responsibility of using the Internet unsupervised, they're old enough to make their own decisions about what's suitable and what's not, and whether or not it breaks their rules.

I guarantee you, whatever you call an "unsavory website", your teenagers will already have seen something worse. And laughed at it.

Re:I agree its wrong

[Shakrai]

The Assembly webpage came back up. It's a little vaguer then I recalled but I still think you are safe:

156.05 Unauthorized use of a computer.
A person is guilty of unauthorized use of a computer when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization.
Unauthorized use of a computer is a class A misdemeanor.

Then from the definations:

8. "Without authorization" means to use or to access a computer, computer service or computer network without the permission of the owner or lessor or someone licensed or privileged by the owner or lessor where such person knew that his or her use or access was without permission or after actual notice to such person that such use or access was without permission.

Proof that such person used or accessed a computer, computer service or computer network through the knowing use of a set of instructions, code or computer program that bypasses, defrauds or otherwise circumvents a security measure installed or used with the user's authorization on the computer, computer service or computer network shall be presumptive evidence that such person used or accessed such computer, computer service or computer network without authorization.

Based on that I would assume that you are ok connecting to an open wi-fi network without encryption. There's also this:

156.50 Offenses involving computers; defenses.
In any prosecution:
1. under section 156.05 or 156.10 of this article, it shall be a defense that the defendant had reasonable grounds to believe that he had authorization to use the computer;

One could probably make the argument that an open wi-fi network implies authorization to use the network. I doubt you could pull this off if you were using the wi-fi network to download kiddie porn, but given that many operating systems will connect automatically to such networks, you could probably use it as a defense if all you did was check your e-mail and surf a few webpages.

In fact, the kiddie porn example would bump the offense up to a felony:

156.10 Computer trespass.
A person is guilty of computer trespass when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization and:
1. he or she does so with an intent to commit or attempt to commit or further the commission of any felony; or
2. he or she thereby knowingly gains access to computer material.
Computer trespass is a class E felony.

So, in summary, you are PROBABLY safe using an open wi-fi network for ligit purposes, as it's unlikely that the police or prosecutor would bother charging you with a misdemeanor over using your neighbors connection to check your e-mail. You definitely aren't safe if the owner asks you to stop, has encryption in place or if you do something stupid (like try to access his c$ share) or illegal.

Re:I agree its wrong

[doshell]

"Access" means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network.

(7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.

So every time you want to visit a web site, you write a letter or call up the webmaster to ask for permission?

If by setting up a Web server I'm tacitly permitting inbound traffic, then surely setting up an unprotected wifi access point is the same, as far as the law is concerned?

(I'm not saying Wifi piggybacking is or should be legal, just pointing out that the law you mention as it is is quite vague and open to interpretation.)

Re:

[Eyah....TIMMY]

It sure is. That's why you need a judge to interpret it. I mean when you setup a site on the internet with no auth, you would think it's fair game. So you *could* be against the law but there really needs to be a court case on it.
The Patriot acts make teh law even more vague and give authorities even more power what they define as illegal.

Re:

[DJCacophony]

If by setting up a Web server I'm tacitly permitting inbound traffic, then surely setting up an unprotected wifi access point is the same

Only if you name your access point "FREE WIFI", or by some other means convey that it is free, since a website is implied to be public by default, and an access point is implied to be private by default, even if there isn't a password.

This is not the same thing as piracy. Stealing WiFi REALLY IS stealing, because you are depriving somebody of the bandwidth they are

Re:I agree its wrong

[phoenix_rizzen]

Why would putting a server up on port 80 be considered public anymore than putting up a wireless access point? I don't see how having a web server is "implied public". Just because I put it there doesn't mean I want everyone to access it. That's a poor example to use.

Re:I agree its wrong

[Oligonicella]

At best you are disingenuous. A web page is put up on the internet for the specific function of being viewed. It is analogous to posting a flier on a public bulliten board. A wifi can be set up by third party techs in a house for family use. It is reasonable to expect others to not trespass.

Re:I agree its wrong

[Artifakt]

I'm not sure if a WAP is analogous to a webserver, but I don't see how either can be considered private by default. There are certainly public web pages, and there are certainly public wireless access points (i.e. the ones offered at Starbucks, Krystal, various hotels and others are intended to be publicly accessed, at least by their customers. Sometimes whole communities have set up public WAPs). Then there's WAPs that a completely innocently minded person might well assume are public, (i.e. the cases where a person parked outside the local library has accessed its wireless net, and knows that the library provides public terminals, so assumes this is part of the same service). The ratio of public to private WAPs favors private, but the law isn't based on some "is the majority private or public" test in most other cases.
      (For example there are lots of charter only buses, and some private buses with fixed stops and routes on the roads near my location, and there are lots of School buses, and a public transport community bus system that paints its vehicles with many different designs and colors. There's no law that says people should not hail a bus until they are absolutely certain it's not a private chartered vehicle, or anything remotely like that, and no one is looking at how many buses of what kinds are public or private, and what subtypes there are, when it comes to passing new laws. If the ratio of chartered lines to school buses changed, I don't think anyone would say we needed to change the existing laws vis-a-vis buses.).
      Most laws are built on reasonableness tests and the like, not some percentage test. Telling people they should assume any WAP not explicitly marked public is private is no different from telling them they should assume anything not explicitly marked public domain is still copyrighted, or should assume any road without a clear sign is a private drive. That pesky "Innocent unless proven guilty" principle includes not shortcutting the law by claiming that someone had criminal intent just because they didn't assume automatically that something was private unless clearly marked otherwise. Instead the law should have to prove the person didn't have a reasonable expectation that something was being made public. That's mostly well established law - hanging your wash out on a clothesline isn't making the wash legally takeable by the public, putting in a sidewalk that better supports access to an adjacent location is explicitly giving someone permission to walk that way (unless it's marked otherwise). Instead of whole new laws, WAP issues are best resolved by a body of precedents that follow existing examples. The courts can decide just how much or little the WAP owner has to do to have it considered private.
      We frequently tell private owners they should put up the signs or shut up (i.e. If you want parking in front of your business to be used for your business only, post it or don't complain, if you don't want your buried cable dug up, then mark it, etc.). We used to make copyright holders put explicit notices on works rather than make everyone else assume they existed unless proved to have expired. Let a person cross your land enough times without complaint, and you don't have to give them explicit permission to have established an easement. The law has many cases where not doing something to stop access counts as granting access. A legal decision that not changing the WAP defaults is in line with giving permission is justifiable on similar grounds. It's not necessarily the right call, but people who are arguing that the courts can't, or should never do that don't know common law very well (Or they know it very well indeed, but hope the general public never learns).

     

Re:

[ricree]

Just like an unsecured wifi network.

Re:

[goldsend]

The problem is the legality in most states is very murky. While one resident in Minneapolis won a civil lawsuit with the argument that the radio signal was in his house and unsecure so he could therefore use as he wish(this prompted an immediate rewrite of laws in Minnesota), another man in Florida was arrested because he was sitting in the passenger seat of a car in front of a residence with a laptop illuminating his face. The article clearly states that it is illegal but the whole question is really a gra

Re:I agree its wrong

[dwater]

> Anybody who operates an access point with it being unsecured is acting foolishly, nobody disputes that.

You're kidding right?

Many businesses (MacDonalds and Starbucks, for example) operate open and free access points, and I like to have mine open and free too so my neighbours can access it if they so like. Heck, in some places, the ISP is encouraging consumers to have open access points (British Telecom, IIRC)!

If I were charged in such a way that it costs me more, and that bothers me, then I'll stop people using it. It's exactly the same as if I were running a web server (especially if it were at home).

Many of these open and free access points are simply 'Linksys' or something. How is anyone to know the difference what the intention of the owner is, or even where the owner is, let alone what their billing is like?

IMO, this issue is all about 'the norm'. Is it reasonable to expect an open access point to be used by anyone? Where I am living, it most certainly is.

Perhaps there should be a law to have Wifi routers labelled with a warning that anyone can access it unless they secure it. Then it's clear who's at fault (which, IMO, is the owner's fault for being ignorant).

Re:I agree its wrong

[dwater]

and I like to have mine open and free too so my neighbours can access it if they so like.

I named my access point the same as my phone number just so people would now who to call if there was a problem. One woman called me to angrily ask me why my phone number was on her desktop - in a very accusing kind of way, like I'd been {cr,h}acking her system or something.

So, you're saying I could then have had her arrested for stealing my bandwidth? Rediculous.

Re:

[Lehk228]

broadcasting the SSID is offering access. the purpose of the SSID is to say "hey i'm here, connect to me"

Re:I agree its wrong

[Shakrai]

broadcasting the SSID is offering access. the purpose of the SSID is to say "hey i'm here, connect to me"

Actually, I thought the purpose of the SSID was to serve as the service set identifier to differentiate between networks. The SSID is also broadcast on an encrypted network, and anyone would agree that an encrypted network is not exactly saying "hey, I'm here, connect to me"

Re:I agree its wrong

[Lehk228]

sure it is, it's then refusing to let you on if you don't authenticate, just like a club with a bouncer.

Re:I agree its wrong

[jcuervo]

Only if you name your access point "FREE WIFI", or by some other means convey that it is free, since a website is implied to be public by default, and an access point is implied to be private by default, even if there isn't a password.

Uhm. My public network is not named "FREE WIFI". It's a Linux box with a Prism2 card doing HostAP, and it's free to anyone in range. In the interests of brevity, suffice it to say that I've put a lot of work into it.

So, if my network is intentionally left easily accessible, why do you say that "linksys", "NETGEAR", or "default" network isn't there because that's how they wanted it? Because the essid is factory default? I had a Netgear wireless router once. Nice piece of equipment, IMHO, but overpriced. I routed it through the Linux box I had handling that sort of thing at the time and left the access point itself unsecured (except the admin password, obviously). Basically the same setup as now, but less complex. I left it that way so that my neighbors could get online through me.

Am I the exception to the rule?

Stealing WiFi REALLY IS stealing, because you are depriving somebody of the bandwidth they are paying for when you use it without permission

I'm sharing it. Willingly. Right now. Know why I didn't include traffic shaping in either of my descriptions of my current or previous setups? Because I never needed to. Besides that, if I'm just doing the usual browsing, it's not like it takes up a lot of bandwidth. Slashdot? Oh no. A couple of seconds where the connection drops below 153k/s. I'd be more worried about sbcglobal going down for a few hours again. One of the outages lasted so long, I wrote a system to gnuplot how often and how long my connection went down.

That you think anything unknowingly left unprotected is fair to steal illustrates your lax morals. Would you steal somebody's car if they left it unprotected without knowing it? Well then why would you steal somebody's wifi if they left it unprotected without knowing it?

That you equate "open wireless" with "anything" illustrates your warped version of reality, and that you equate stealing wireless with stealing a car indicates that you, sir, with all due respect, are a complete idiot.

If you don't want someone accessing your network, fine. Enable encryption. I'll stay off of it. Most other people will, too.

Re:

[tunapez]

When the LEOs knock on your door and take all your electronics b/c a squatter ran stolen credit cards on your network, then you may rethink your altruism. Sure you'll probably be cleared if the MAC's not a clone of yours, but that's after a long, long investigation. I've seen it happen twice in the last 2 years, not pretty. I suggest encrypting, filtering and sharing the hex key w/ the neighbors. But then, some crank will probably get in and do it anyways...nm.

Re:I agree its wrong

[penix1]

You may not be in violation of a law but in most cases you are in violation of you ISP contract. Go back and re-read what is says about securing wireless as well as the definition of a "home network". In my case (Verizon) it says:

3.2 We will provide you with or, if available in your area for your chosen Service, you will choose, a User ID and/or Verizon User Name (collectively, "User ID") and password for each account purchased to enable you to access the Service. You agree to protect your User ID and to pay for all activity associated with it.

  3.3 You agree that you are responsible for all use on your account, including any secondary accounts or sub-accounts registered to your primary account. You understand this means that you accept full liability and responsibility for the actions of anyone who uses the Service via your account, or any secondary accounts, with or without your permission. You also agree to use the Service only within the United States.

  3.4 The Service is a consumer service and is not designed or intended to be used by any business or for any business or commercial purpose.

and:

3.7.1 You may not resell the Broadband Service, use it for high volume purposes, or exceed the bandwidth usage limitations that Verizon may establish from time to time for the Service.

  3.7.2 You may connect multiple computers/devices within a single home to your Broadband modem and/or router to access the Service, but only through a single Broadband account and a single IP address obtained from Verizon.

Even if your contract doesn't have that clause (something I doubt) YOU are still responsible for it in the event it is used for something illegal. It is a bad idea to open your wireless for this reason alone.

Re:

[Oligonicella]

Welcome to the 21st century, where it's considered a felony(by cops and judges) to turn on a standard wifi enabled computer running Windows.

Shoddy attempt at spin, there. In each of your links, the perp was purposely sitting outside a hub and creating traffic, knowing he was siphoning bandwidth and money. An automatic detection is not the same as traffic.

Re:

[Grakun]

In each of your links, the perp was purposely sitting outside a hub and creating traffic, knowing he was siphoning bandwidth and money.

That's spin as well. Most ISPs don't charge by the amount of data transferred. Someone checking their email on a lunch break, such as the case in Michigan, is not going to incur any extra charges from the ISP. Nor are they going to cause any noticeable performance loss on the network.

An automatic detection is not the same as traffic.

Windows doesn't just detect the networks. It automatically connects to any available one. When it connects it does generate traffic. It also communicates with the Access Point, which is the crime people are being charged with

Re:I agree its wrong

[tkw954]

Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.

I would say that the beacon and authentication process would communicate that permission is granted:

Access Point Hey everyone, I'm open for business!

My Adapter Can I have permission to join your network?

Access Point Sure! Here's an IP!

Re:

[SmurfButcher Bob]

I'm waiting for an access point to recruit my laptop... so I can sue the balls off of its owner for "illegally accessing" MY local network (127.0.0.1).

Permission settings as indication of intent.

[Ungrounded Lightning]

I would say that the beacon and authentication process would communicate that permission is granted:

For decades much of the computer using community has taken the settings of things like file permissions as not just a technical access control, but an expression of intent.

For instance:

- If a file's permission is read-group or read-world and it is sitting in a directory that is also group or world accessible, anyone might chose to examine it at any time, without notice to, or explicit permission from,

Re:

[westlake]

I would say that the beacon and authentication process would communicate that permission is granted

Communication between machines is not communication with their owners.

The permission you need is from the subscriber who signs the monthly checks to Verizon. The judge doesn't have to say that as a matter of law a residential "access point" is meant to be public simply because it is not secured.

It's the judge's business to ask the inconvenient questions:

Why were you parked in a neighborhood where you had n

Re:I agree its wrong

[asdfghjklqwertyuiop]

Communication between machines is not communication with their owners.

Ah, so you personally asked all owners/shareholders of SourceForge, Inc. if you could access this website and post comments on it...

Re:

[kimvette]

No. Broadcasting the SSID and requiring no authentication is akin to putting a bicycle out in your front yard with a sign saying "FREE BICYCLE, COME TAKE IT."

Re:I agree its wrong

[nxtw]

Thing is, though, 802.11a/b/g/n clients usually "associate" with an access point. This is after the client receives a "beacon" from the access point, basically advertising its existence.

So, the access point tells the area that it's broadcasting, and the client sends an association request, and the access point associates with the client. Assuming that that association was gained by the client in a non-malicious manner (no MAC spoofing, no WEP cracking, etc,) it sounds a lot like the system was configured to give any client permission automatically.

Re:

[prockcore]

because an SSID is an identifier.. my street number is on the side of my house.. it's not an invitation to come on in.

Re:

[Eyah....TIMMY]

I don't really a agree with the law but it's the law! I mean if you leave you car door open with the keys in the ignition, people might get into it. Duh. Yeah it's illegal but what was done to protect it?
The worse I saw was in the Patriot act, the EFF pointed out any access to a network that's not yours and which causes more than $5000 worth of damages (including hiring someone to investigate your access) was illegal.

Re:I agree its wrong

[betterunixthanunix]

I don't agree that it is necessarily wrong, as long as it doesn't disrupt the service of the person who owns the Internet connection. What harm is done by me piggybacking on a neighbor's wifi connection at 2AM while they sleep, to check some email? As long as I don't mask crimes by it or interrupt the neighbor's ability to use their equipment, I fail to see what harm is done, and therefore, what is wrong with it.

Re:

[QuantumG]

Don't make me make a car analogy.

I actually agree with you.. mind you, I also believe squatting laws in the UK are awesome [insomnia.org].

Re:I agree its wrong

[dwillden]

The survey site and article are targeted at folks in the UK, where the legality of using an open wi-fi spot isn't as open as here in the US. Here, the FCC has said that if there is no attempt to lock it down, it's free game. There the rules are different. Thus the article is able to claim the act is illegal.

Re:

[Beryllium Sphere(tm)]

>Here, the FCC has said that if there is no attempt to lock it down, it's free game.

I hadn't heard about this: do you have a reference I can point to if anyone asks?

It is illegal in the UK

[cyriustek]

Here are a few occasions instructing that using a wireless connection without payment, or without permission is illegal:

"Two people have been arrested in the UK for using another person's wireless internet access without permission. Neither was charged but both were cautioned for dishonestly obtaining electronic communications services with intent to avoid payment." http://www.out-law.com/page-7969 [out-law.com]

Another according to BBC NEWS where he was arrested for "Dishonestly obtaining free internet access is an offen

Re:

[1u3hr]

Here are a few occasions instructing that using a wireless connection without payment, or without permission is illegal

These don't prove the illegality of anything. Both cases are of peopel charged. No mention of any convictions. And even if they were convicted, were they plea bargains in which case the law is never tested? The few cases I've heard of seem to be really "loitering" that was being punished, the cops or prosecutors added in the "unauthorised access" charge to beef up the charges.

Re:It is illegal in the UK

[1u3hr]

(1) A person who-
(a) dishonestly obtains an electronic communications service...

So it's "illegal" if it's "dishonest". How is it "dishonest" to connect to an open wifi point? No misrepresentations are made. Your PC/laptop requests access and it is granted. No hacking, cracking or dishonesty is involved. No dishonesty, no illegality, it seems to me.

Re:

[yelvington]

It's not necessarily wrong. Sophos is assuming, without reason, that an open access point isn't intended to be used. I would argue the opposite. Open access means "use me."

Earlier this week at the Columbus, Ohio, airport, I appreciated not having to click through pages of legal disclaimers, threats, et cetera, to get to the Internet on the unsecured wifi access point that I found when sitting an airport waiting area. I was able to connect and quickly grab my email without having to mess around with a web br

Re:

[DJCacophony]

While I was away, my parents decided to get WiFi, without telling me until I returned. I looked at the configuration and they did not put a password on it. When I asked them about this, they said they didn't know about adding a password. Did they intend to make their internet available to everybody? NO. They just didn't know to protect it. An access point is open by default, so by your logic, all new access points are free to use until they're passworded, even if their owner doesn't know to add a passw

Re:I agree its wrong

[diamondmagic]

Does anyone who buys a wireless access point seriously believe that they are the only ones who will be able to access it? The only way to tell if an access point is open or not depends on if it is broadcasting and if it is encrypted (the name, maybe, but I can imagine that being disputed in court too). The problem with default settings needs to lie with the manufacturers, and not the people who are setting them up or looking for public access points on the go.

Re:I agree its wrong

[prockcore]

Does anyone who buys a wireless access point seriously believe that they are the only ones who will be able to access it?

It's not unreasonable. My cordless phone didn't require a password, and I'd be pretty upset to find my neighbor using it.

I think access points should come with a password out of the box.

Re:

[jamar0303]

Ignorance of the law has never been a defense in criminal cases. Why should it be a defense here? If they don't want to share and don't want to bother to learn how to set WEP, they can go for an Ethernet router.

Re:

[somersault]

It's hardly even 'wrong' if someone sets up their network openly. In fact I'd say if there is blame anywhere these days it's on the part of the person making their network open - somehow Windows decided to piggyback onto one of my neighbour's newly setup and unsecured wifi network. My internet access was really slow so I decided to reconnect the router, went to my bookmark for checking the internet connection status, wondered why the admin password had been reset to 'password', then realised that I was actu

Re:

[mrbluze]

I think it is high time that people came out of the closet and admitted to all that backdooring.. err.. 'piggy-backing'. Then we can all accept that it's normal and get on with life.

Re:

[JackHoffman]

The key difference is that the possibility of an openly accessible network is designed into the wireless network standard, and that option is in widespread use. The same standard also includes means to keep unwanted users out, an option which is also in widespread use (which means that laymen can do it, because at least 2/3 of all wireless networks are encrypted and there aren't that many computer professionals. Also, you'd be surprised how legal it is in many places to eavesdrop on unencrypted communicatio

54 percent??!?

[thermopile]

Oh, come on .. I can't believe it's not more like 90 or 95 percent. In fact, I'm typing this while "borrowing" my neighbor's linksys network. The admi-- $$%110113944 NO CARRIER

Re:54 percent??!?

[RuBLed]

You mean like her? Mrs. Roberts [xkcd.com]

Re:

[jamesh]

I'm borrowing my neighbor's wireless network right now A VPN? How cute! too. Seems to be working just And stop trying to SSH! fine. Hmmm... I smell cookies...

Stealing? Or Sharing?

[r_jensen11]

What about people who keep their access points open and connect to other people's access points when they're away? I'd imagine that if somebody purposefully leaves their AP open that it wouldn't be stealing. The trouble is knowing if somebody intentionally has an unsecured WAP or if the person just never knew/bothered to secure it.

Re:Stealing? Or Sharing?

[Joe Tie.]

Seriously. I leave mine open. If I see someone abusing the privilege I'll kick them off, but if someone wants to check google maps real quick then I'm happy to have been of help. There's been a large number of situations in my own past where an open network was of immense help, and I like the idea of being able to return the favor in some sense. I really hate the idea that the default way we're supposed to approach anyone is under the assumption that they're both too stupid to secure their connections, and too selfish to want anything but that.

Re:Stealing? Or Sharing?

[jc42]

I leave mine open. If I see someone abusing the privilege I'll kick them off, but if someone wants to check google maps real quick then I'm happy to have been of help. There's been a large number of situations in my own past where an open network was of immense help, and I like the idea of being able to return the favor in some sense.

Hey, who let a socially responsible person post to this discussion? Didn't we ban such people from slashdot? ;-)

As a few others have pointed out, the wifi spectrum was intentionally made open for everyone to use. The intent was a Public Good: a wireless network capability that was available to anyone (or at least anyone with standards-compliant equipment).

But it seems we have a lot of people here who are profoundly anti-open-communication, and think that people who caught communicating openly should be punished. This strikes me as a rather perverse misinterpretation of what the wifi spectrum was all about. In the US, it's also against the whole idea of the First Amendment.

We should be arguing: If you don't believe in using the wifi spectrum for free, open communication, then you shouldn't be using it. Pay for a license to use your own block of restricted spectrum. Go away and don't bother those of us who want a small chunk of spectrum to remain a Public Good.

We also need more people complaining that they want their AP open, and they object to official harassment of people using the wifi spectrum as it was designed to be used. Would that get the message across? Or would the officials just start harassing those of us running open APs?

Re:

[Luke the Obscure]

We set our SSID to "Open WIFI" so everyone knows we're sharing on purpose with the hopes that guests will do the same.

Encryption

[chill]

Considering many systems are configured to latch on to the strongest unprotected wifi signal they see, I've piggy-backed several times without intent.

If you can't be bothered to set up even 40-bit WEP, then you have nothing to complain about. Hell, there are five signals that I can see from my house! Your RF is in my space! I should charge rent.

Re:Encryption

[jamesh]

I was helping out someone over the phone at a client's remote office. He'd just come back from overseas and could connect to the wireless network and access the internet but couldn't connect to any of the internal systems. After checking all the obvious things I established a remote control session to his laptop and started looking around. The IP address of the wireless interface was nothing like what it should have been. I then connected to the Access point he was using and found that it was set up nothing like it should have been and DHCP was enabled. Aha! I thought. The Access point has been reset to factory defaults. I threw a new config at it and rebooted it, but things still weren't working right.

Eventually, I figured out that while he was away, someone in a neighboring office must have set up an access point with the same SSID (NETGEAR - so the chances of it happening were pretty high!) and his laptop decided to connect to that instead. And i'd just reconfigured it with a fairly high level of security. Oops.

Oh well... maybe next time their neighbor will put security on their access point!

Re:

[Oriumpor]

Does that mean if people connect to a honeypot WAP, get their credentials sniffed, personal information compromised and their system exploited the owner of the honeypot could sue them too?

I'm in the wrong business...

Re:

[WallaceAndGromit]

Well, if you find you've connected to someone else's access point, and are worried that the cops may throw you in the poky as a hacker for using someone else's bandwidth, you could always do yourself a favor to make sure you don't violate the law again in the future... Log into the access point (http://192.168.1.1, likely login:admin, likely password:password), turn off Broadcast SSID, enable encryption, change the key to some obscure number by just hacking at the keyboard while your eyes are closed, save

Is this really breaking the law?

[compumike]

The article asserts that logging onto someone's AP without their permission is "breaking the law", but is that really clear? Do I have to explicitly ask for permission before I walk into a restaurant? Of course not -- there's a reasonable expectation that there are no barriers to my entry, so I'm allowed (even invited) in. But, while I think physical analogies to computer situations can be very misleading, in the real world entry becomes illegal when you've had to defeat some protection mechanism (a lock) to get in.

So, to summarize: I feel like cracking someone's WEP key to get on their net is pretty damn illegal. But I don't think hopping onto an open net is unsecured. In fact, the fact that it's open may be interpreted as a sign that the owner intends to allow open access!

--
Educational microcontroller kits for the digital generation. [nerdkits.com]

Re:

[BrianRoach]

Your analogy is a tad bit flawed.

If someone's car is parked on the street (public property), not locked, with the keys in the ignition ... do you have the right to take it or use it? Of course not. You'd be arrested for grand theft auto, even though the person did not take any steps to secure the vehicle .

An unsecured WAP is much like the above car, you're still using something that doesn't belong to you without permission. You aren't paying for the internet connection, you didn't buy the WAP.

- Roach

Re:

[debest]

An unsecured WAP is much like the above car, you're still using something that doesn't belong to you without permission. You aren't paying for the internet connection, you didn't buy the WAP.

I disagree. An unsecured WAP (with SSID broadcast enabled) is actually advertising that it is open for use. If you ask for permission to connect, its DHCP server grants you permission to do so. Hey, the WAP's owner configured it that way, why should we second-guess intent? Hell, most people's laptops don't even ask

Re:Is this really breaking the law?

[Bartab]

This whole analogy to a car has to stop. It's not even close.

You do not take possession of a wifi AP. It stays exactly where it is, still available for use by the owner - or anybody else.

Re:

[fred fleenblat]

now imagine if a city has 5,000 unlocked cars (with keys in the ignition) that have a cost to their owners of about $1/day. And the cars don't just sit there passively, if one is within 500 feet of you it pops on your OWN LIST OF YOUR OWN CARS helpfully asking if you'd like to use it. And if you do use it, the actual owner of the car can still use it too plus he can kick you out any time if he wants. and in fairness you might have a car that you let everyone else use too.

this isn't theft, it's the first

Re:

[Bartab]

When their WAP provides you an IP address, you have express permission.

MP3s are a gateway item

[Anonymous Coward]

You start by just stealing that one song. Then another, then another. Pretty soon your stealing movies, games, operating systems. Now you move up to what's known as speedballing - stealing songs using someone elses wifi. You try to hide your addiction by using proxies, but you can't hide from your own thoughts. Sooner or later, you'll be stealing large chunks of the internet. And one day - one day - you'll be found dead in alley clutching your hacked iPhone and box of sim chips. The police probably won't even investigate your death.

Re:

[Freaky Spook]

The police probably won't even investigate your death.

Maybe not, but I'm sure the RIAA would be interesting in suing your family.

Dear Grieving Parent,

Please accept our condolences for the unfortunate death of your son. Attached to this letter

is a fine for breach of copyright of that songs he illegally pirated over the course of his short tragic life

we hope you will pay this fee promptly otherwise we will be forced to take further action, either in court

or procuring your next born child.

Once a

Classic scenario - visiting the parents

[PhantomHarlock]

When you have an ornery parent...that REFUSES to get broadband...even if he's paying MORE for dialup through earthlink...you get desperate when you're visiting. Especially when two or three neighbors are running unsecured WiFi.

I think it should be legal unless you're cracking someone's WEP or WPA to get in.

Re:

[FirstNoel]

amen to that...

Re:

[forkazoo]

When you have an ornery parent...that REFUSES to get broadband...even if he's paying MORE for dialup through earthlink...you get desperate when you're visiting. Especially when two or three neighbors are running unsecured WiFi.

I think it should be legal unless you're cracking someone's WEP or WPA to get in.

I basically agree, but I do think that the threshold for doing something wrong is a bit before cracking an encryption key. IMHO, changing a MAC to get around MAC filtering, or logging onto an AP named "P

I don't see why this is a problem

[mcsqueak]

I fail to understand why this is illegal. I know that there is the argument that "you wouldn't go into their house if it the door was open and steal something!". Well no, I wouldn't. However, this being a technology issue (and a fairly recent one at that) I think it needs to be held to a different standard.

If you fail to secure your network that tells me you don't care if people access it, and I think you should be allowed to share your access if you feel like it. I'm no computer genius... I couldn't get

Re:

[FLEB]

Basically, it boils down to the fact that some people know how to use the law better than they know how to fill in the "password" box... and there are enough frightened, unknowledgable, and indifferent people to back them up. It might not be right, it might even be destructive, but unfortunately, it's the law in an increasing number of places. The people have spoken, and the people don't know how to configure their router.

Not Wireless

[Sporkinum]

I have a wireless router that has the wireless turned off. My old router died and it was cheaper to buy a wireless one than a wired only one. They do come up open to the world by default. You have to actively lock it down. I would think that if they are open by default and that is how 90% leave them, there really should be no legal grounds for prosecution other than the judge's own technological ignorance.

I just read that news article with permission.

[Vellmont]

Did I break the law? I didn't call up someone at net-security.org and specifically ask them if I can read their article.

How is putting up an unsecured Wi-Fi connection any different than putting up an unsecured website?

• The WPA actually ADVERTISES the fact that it exists.
• When you connect to the network, most networks will have DHCP happily gives out all the information, even giving you an IP address automatically to any computer that asks.
• Many people actually put up an unsecured AP with the INTENTION of giving out access. (And thus this becomes common expectation)
• Many client computers will automatically connect to unsecured Wi-Fi APs
• The technology exists to easily put a password on the Wi-Fi connection to prevent anyone from connecting to it

oh, and here's one just for you people who like "it's like entering my house" analogies...

• The wireless signals often times go right into MY house. i.e. I don't have to be one someone else's property to connect to an AP

Re:

[Lumpy]

Here in Michigan they will throw you in PRISON for a FELONY for using a wifi connection without explicit permission. The corrupt police of Sparta Michigan even did so this past summer after he spent a week going through the law books in order to find something to slap on the dangerous man checking his email in front of the coffee shop.

In order to keep it quiet they simply made the man pay a $500.00 fine and 30 days community service but he still has a FELONY conviction on his record for checking his email.

How else would I ...

[BrianRoach]

Download MP3s from P2P networks without worrying about being sued by the RIAA?

Er ... wait, I mean ...

- Roach

considerate ISP's

[snarkh]

Furthermore, if you've hopped onto your next door neighbours' wireless broadband connection to illegally download movies and music from the net, chances are that you are also slowing down their internet access and impacting on their download limit. For this reason, most ISPs put a clause in their contracts ordering users not to share access with neighbours - but it's very hard for them to enforce this.

So ISP's are trying to protect me from sharing my access with my neigbours and thus getting a slow internet

Sharing = Crime

[sqrt(2)]

I intentionally leave my AP open so that anyone can use it if they wish. I don't see how this could be illegal for them if the owner of the access point, and the person paying for the bandwidth doesn't care if people use it. There's never more than one or two people on, I've never noticed my speed decrease because of it.

Re:

[Shados]

Note: The following is not how things -are-, nor is it how -I- think, its just something to think about.

If you leave your wifi open, then obviously, people can do whatever with it. Now, obviously there's the (probably low) chance of people using it for something very, very wrong.

Now from there, if one needs to track who did the very very wrong thing (I'm not talking RIAA jokes here, but something serious under a warrant from a court), two things can happen: It was your router, you deliberately (as opposed t

Re:

[Lehk228]

the gain of widespread free wifi is much greater than the harm of aononymous criminals. a pedophile cannot hurt a child with only an internet connection, a terrorist can't blow up a bus with only an internet connection, however only an internet connection can make the difference between finding your hotel and spending the night sleeping in your car cause you got lost. a free access point can keep you entertained, it can let you send an important email after a power surge toasts your modem, or GET an impor

To the tune of "Alice's Restaurant"...

[MostAwesomeDude]

You can have anything you wish, on "linksys" wireless.
You can have anything you wish, on "linksys" wireless.
Associate, it's on channel six;
Fire up your browser and grab some bits.
An' you can have anything you wish, on "linksys" wireless,
On "linksys" wireless!

I'm swinging my arms...

[Average]

Look. 2.4ISM is an unlicensed band. Under 200mW, I have rights to transmit anything I want to. Period. If your router interprets it as a part of an HTTP request, that's not my fault. The "I'm swinging my arms, and if you walk into them it's your fault" theory.

And, I do think someone needs to introduce RFC 2131 (DHCP) into evidence. An open router responds to a polite request with a positive acknowledgment. It is possible to configure the box not to give that acknowledgment, probably via an encryption key, but also by MAC filters or turning off DHCP. Introduce the owner's manual while you're at it.

What the law SHOULD say

[jonwil]

If someone steals my TV set, thats theft. However, the law says that I have to choose to press charges against the thief.

The same should be true with open WiFi. Unless the owner of the WiFi router or device chooses to press charges, the police should not be able to charge them (i.e. what happened in the UK)

WiFi is nothing

[roystgnr]

I hear that 100% of computer users have used someone else's HTTP server without permission!

I Leave My Connection Open Out of Kindness

[samuel4242]

I leave my connection open to share it with friends and neighbors who need a quick connection. It's easy to watch the flashing lights on the box next to my desk and there's never been a real problem. No one has abused it. No spammer has parked in front of my house and let loose a gazillion offers to fix the manhood of the nation. Really. It's been fine. It's like offering people a glass of water. It's like letting a traveling salesman turn around in my driveway. Some day, I hope that a contractor at my hous

I love being the access point

[svunt]

I have plenty of bandwidth, and my neighbours are hardly networking gurus, so I get a lot more value out of them than they get out of me. Trading a few gig a month of bandwidth for all the dirty viewing habits of three apartments full of people and the ability to dump horse porn on their desktops at will. Good deal if you ask me. Plus it keeps the music industry from pinpointing the source of all the Britney albums I upload.

How-to

[thatskinnyguy]

Step 1: Find a neighbor who is cool and possibly technologically challenged and see if he would be cool if you used some of his bandwidth for a while. Promise free computer services if he is a tough nut to crack.
Step 2: Get a wireless router supported by DD-WRT [dd-wrt.com].
Step 3: Download the haxor'd firmware from DD-WRT and configure your supported device as a wireless bridge.
Step 4: Enjoy the internets! Step 5: To show your appreciation to your neighbor, get him a supported router and do the same thing with it so

I leave my connection open...

[Newer Guy]

I leave my connection open and my SSID reads "Use but dont abuse". At any given time, there are 10 MAC addresses in my DHCP log (I have 4 devices total). From what I can tell, NO ONE abuses the connection. One person (my elderly neighbor) uses it to email her kids and grandkids. What's wrong with that? I always have the bandwidth I need, and will continue to leave it open. By the way, only one other AP in this area is open. It's SSID is: Linksys.

One other closed AP has the SSID: "Free Ride Is Over".

I live in a community. Leaving my AP open benefits others within my community without adversely affecting me.

Whose fault is this?

[SleepyHappyDoc]

A major ISP in my country includes a wireless access point with their DSL gear. Everyone has one, whether they use the wireless or not. The problem is, the access point defaults to broadcasting a completely unencrypted signal. Most people that have their internet connection plugged in physically don't ever bother to look at the 'Wireless' settings on their box (the ISP isn't kind enough to inform anyone of their poor choice of defaults), so they have no idea that their connection is wide open. It's easy

Per Federal Law, Piggybacking IS legal

[Anonymous Coward]

Per Federal Law, Piggybacking IS legal
US law clearly states that accessing unencrypted wireless is legal.
But first, I want to address a lie that was started by Alex Leary, a reporter for the St Petersburg Times. I have been following this story since it appeared. A "Benjamin Smith" was never arrested by the St. Petersburg Police for unauthorized access to a computer network, never charged with a third-degree felony, never booked by the Pinellas County Sherff's Office, and never scheduled for a pretrial hearing. There was no follow up to the story because there was no trial. Alex Leary made the whole story up.
Do not spread urban legends. Especially about the law. When you are told that something is against the law, ask which specific law? When you are told someone was arrested, ask for the booking number? Went to trial, docket number. When someone cannot answer these questions, do not believe them.
Accessing unencrypted wireless is VERY legal.
According to Title 18 (Crimes and criminal
procedure) of the United States Code, Part I
(Crimes), Chapter 119 (Wire and electronic
communications interception and interception of oral
communications) from
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm [usdoj.gov] :
2511. (2)(g) It shall not be unlawful under this
chapter
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm [usdoj.gov]
or Chapter 121
http://www.usdoj.gov/criminal/cybercrime/ECPA2701_2712.htm [usdoj.gov]
of this title for any person --
(i) to intercept or access an electronic
communication made through an electronic
communication system that is configured so that such
electronic communication is readily accessible to
the general public;
2510. Definitions
(16) "readily accessible to the general public"
means, with respect to a radio communication, that
such communication is not --
(A) scrambled or encrypted ;
(B) transmitted using modulation techniques whose
essential parameters have been withheld from the
public with the intention of preserving the privacy
of such communication;
(C) carried on a subcarrier or other signal
subsidiary to a radio transmission;
(D) transmitted over a communication system provided
by a common carrier, unless the communication is a
tone only paging system communication; or
(E) transmitted on frequencies allocated under part
25
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr25_04.html [gpo.gov],
subpart D
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.401.htm [gpo.gov] ,
E
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.501.htm [gpo.gov] ,
or F
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.600.htm [gpo.gov]
of part 74
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr74_04.html [gpo.gov] ,
or part 94 http://wireless.fcc.gov/rules.html [fcc.gov] of the
Rules of the Federal Communications Commission
http://wireless.fcc.gov/rules.html [fcc.gov] , unless, in the
case of a communication transmitted on a frequency
allocated under part 74
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr74_04.html [gpo.gov]
that is not exclusively allocated to broadcast
auxiliary services, the communication is a two-way
voice communication by radio; [The unlicensed
spectrum used by Wi-Fi
http: [wikipedia.org]

Wifi Sharing

[photomonkey]

In 2004, I was covering the Presidential debate and Kerry rally following it in Phoenix.

The press facilities at the debate were adequate, but sucked nine kinds of ass at the Kerry rally.

As per company policy, I FTP'd my photos in following the event only to find out that most of them were received as corrupted.

So I drove around with my laptop on the passenger seat looking for an open wireless point. I drove past a house with every light on, and an open access point. Since the light was on, I decided to ring the doorbell to let the homeowner know who was camped out in front of their driveway with a laptop.

The guy came to the door and said the wireless was 'obviously' open for all to use, since he didn't lock it down. He told me I was welcome to come in and sit in the house while I worked, provided that he and his wife could look over my shoulder at the pictures.

I accidently reconfigured my neighbor's router

[MichaelCrawford]

My landlady said I could use her wireless (she lived upstairs from me) but both she and a neighbor, who I never identified, had unsecured wireless, with both networks being named "linksys". They also used two different ISPs.

My MacBook Pro's Airport card connected to each network more or less at random. When I connected to her's, it worked OK, but when I connected to her neighbor's, it didn't work at all. Sometimes the Airport would switch networks in the middle of my use of the Internet, which really got to be a drag.

So I finally convinced her to let me rename and secure her access point. This went very well, and I was able to set up both my Mac and her WinXP laptop to use the newly secured net.

Except that I made a crucial mistake: I performed the re-configuration wirelessly. I didn't do it by plugging an ethernet cable into her access point.

Imagine my dismay when I realized I had reconfigured her neighbor's access point, and not her's!

I sat in my room quaking with fear, awaiting the heavy bootheels of the Royal Canadian Mounted Police kicking down my door so they could haul me in for being a cyberterrorist.

I never heard any complaints though, and eventually my neighbor's network was renamed to "linksys" and was again unsecured. My guess is that LinkSys tech support explained how to do a hard reset.

My question for my Slashdot friends is this: who is the Rocket Scientist at LinkSys who decided to support wireless reconfiguration of their routers?

It's Not Stealing

[YetAnotherBob]

As long as we continue calling net access via unprotected gateways, music file downloading, etc 'STEALING' we are not going to be able to deal with the problems that are real.

It isn't stealing. For music, it is copying without permission. that is wrong, but it isn't worse than murder, as US federal law currently maintains, and it isn't 'Piracy'. Piracy is a crime that involves murder, theft and the destruction of property, with rape and enslavement frequently thrown in. None of that happens on line. It isn't even physically possible.

For net access, there are less drastic means to fix things. I run a home network that is open. I know that at least one neighbor has used it for their access. For the occasional email or light browsing, that's not a problem. I pay for the connection so that my family can use the net. As long as we are not inconvenienced, we are not harmed. My ISP has contracted with us to provide a certain level of data throughput, so they aren't out. We can't exceed our contract amount anyway. Where there is no harm, there is no reason for a stupid law.

If I were running a business this would be different. Then, I wouldn't be running it wide open. Where someone has to break in, it should be illegal, but any open network connection should be able to be used.

Can anyone show me where I'm wrong?

P.S. I did have one incident where somebody was downloading something big, and we had seriously degraded performance on our home wifi. I solved it by unplugging the wifi for 15 minutes. Never happened again. Simple solutions are the best.

WHY is is still illegal?

[mnemotronic]

If 54% of adults admitted that they regularly used marijuana, or cheated on their taxes, or ran stop signs, you can bet your rusty router rules that the laws (or the "leadership") would be changed - in a hurry. Maybe the laws wouldn't be revoked ("yea, running stop signs is bad..."), but at least relaxed ("...just a warning").

Re:

[monsterlemon]

Yep, in the same way that giving a hitchhiker a ride is depriving a bus company of revenue. Or helping your neighbour install Linux is depriving both MS and your local PC repair shop of revenue. Let's just make "helping people" or "being a good neighbour" illegal in general, shall we?

I guess the real motivation for this being illegal in the UK is to try to reduce the possibility of anyone getting truly anonymous net access. After all, they might be TERRORISTS! Or PAEDOPHILES! Or inconvenient protestors who