Slashdot Mirror
Man Arrested for Using Open Wireless Network
DaCool42 writes "In Tampa Bay, a man has been arrested for using a wide open WiFi AP. The St. Petersburg Times has the full story. 'It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft,' said Kena Lewis, spokeswoman for Bright House Networks in Orlando."
I dunno... I think a more appropriate analogy would be if one installed a huge arse window in the front of your house, then stuck a giant plasma TV in it and getting annoyed and frustrated when people stopped by and watched TV through you window.
It's not a perfect analogy, but it's much better than the 'It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft' argument.
I dont want to bang on the "the guy had it coming" drum, but Dinon admitted he KNEW how to secure his wifi but declined because most of the people in his neighborhood are "older". That suggests to me, at least on this topic, that he wasn't acting like the sharpest knife in the drawer. But still, it's more than a little unsettling to have some 40-something guy sitting outside your house using your resources. While the article doesn't say he was a perv, I wouldn't be a bit surprised if he was -- and pulling kiddie porn or somesuch.
If microsoft left xp disks at street corners unattended complete with legal cororate serial numbers would they be surprised if people were using them? Same idiocy here. Leave a network open and someone's going to get in. If you're lucky it's just for free internet.
"It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft."
No it isn't. It's not even a copyright problem. What, now I need an extra license if somebody's visiting and they want to check their mail?
It remains unclear what Smith was using the Wi-Fi for, to surf, play online video games, send e-mail to his grandmother...
Don't let that stop you from closing out the article with wild speculation though.
"I'm mainly worried about what the guy may have uploaded or downloaded, like kiddie porn," Dinon said.
Haida Manga
... I shouldn't expect to be robbed, or for someone to come in and watch my TV and drink my beer any time they like.
The cost of them watching my TV and drinking my beer might be minimal, but that's not the point. It's my TV and my beer.
This is the reason people lock their doors and close their windows. We shouldn't need to worry about people coming into our homes, but we do. These people need to learn to secure their wireless points.
I am in no way justifying what this guy did, but hopefully it will highlight something to Joe Average and get them to lock their AP's down tighter (or in most cases, lock them down at all).
On noting the open point, this guy should have at least tried to locate its owner and let them know about it, maybe even offer to help them fix the problem. Instead he took advantage for his own gain, just like any petty theft act really.
If you actually read the article you'll see that he was sitting outside someone's house in his SUV using his laptop. That is quite different from simply tacking onto your neighbor's network, he was outside the house sitting there for the sole purpose of leeching off his internet connection. While the Microsoft analogy is a bit stiff, at least read the article before you all go crazy.
I always thought stuff like this was a little weird.
It is like a radio station only allowing members to listen to their station, but broadcasting to everyone and saying if someone who isn't a member listens in, they are breaking the law. Either set up your shit so only authorized people can access it, or don't and not be permitted to have unauthorized people arrested for using it.
"you sonofabitch i didn't know!"
Ok, the headline should read "Man Arrested While Using Open Wireless Network." He was arrested because he had been sitting in front of a guys house all day in his suv on his computer. Whenever he was approached he would shut his notebook and look suspicious. After a few hours of the nonsense the police were called.
The rest of the article is standard "open wireless is for kiddie porn and a gateway to identity theft" FUD. Of course, most people just use it to download music for free, but the warnings of consequences for the owner of the network are legit. If your network is used in-appropriatly, you ARE responsible.
Turn on encryption, add a password, add mac based filtering, turn off dhcp and you are pretty much set.
There is nothing wrong with being gay. It's getting caught where the trouble lies.
Right now you're accessing network that you have no received permission to access. Guarenteed. How can I possibly know? Well heck, you're posting on Slashdot. The whole concept of the Internet is based around a default policy of openness. It is assumed that we have permission to access anything connected to the Internet and that assumption is only revoked by layering an authentication system on top. These people who buy a wireless router, connect it to their network, don't even bother to turn on the authentication system and expect it to be private are just pissing in the pool.
How we know is more important than what we know.
You could be arrested if your neighbor happens to also have a wireless network and your computer decides it likes that one better one day. That's egregious.
That's a valid excuse? What happens if someone younger moves into the neighborhood? Do you enable encryption then? What if their grandchildren come for a visit and put your system into scriptkiddy hell? Do you enable it then?
At what point does common sense outweigh laziness for this jackass?
Moof!
Why didn't this guy really confront the dude in the SUV?
First time be friendly and helpful. Hey how are you doing? do you need some help I noticed you've been out here a bit. No decent explaination, next time tell them to clear off, or you'll let the police know what his plates and description are and that he's been casing houses.
Everyday people never seem to take the initiative.
um... you might want to read this:
t l18/ptI/ch119/sec2511.html
http://www.washingtonwatchdog.org/documents/usc/t
specifically the part about electronic communications "made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public"
main(0)
Seems to me, instead of doors locked or unlocked, a better analogy might be whether open land is fenced/posted or not.
It's like this: even if you don't lock your door, you still have a right to be mad when you walk inside and find someone eating the cookies in your kitchen. On the other hand, if you don't build a fence, you can't get mad when the neighbor walks his dog and it pees on your grass.
It's the same thing with Wifi: you have every right to be pissed off if someone tries to get stuff off of your computer, even if you're dumbass fault that they were able to. On the other hand, if someone is using your bandwidth, it might be sort of annoying to you, but unless you take steps to put a stop to it, it's your fault they're doing it.
The fact is, for most broadband connections, unless the person is file sharing or using VOIP, it's no skin off your nose that they're doing it. If for some reason, it bothers you to be neighborly, the onus is on you to secure your stuff.
Then just knock on the door (if you're the building manager) and demand to see the computer - if the MAC matches, it's over.
I'm sorry but a personal computer is personal property and unless you have a warrant you have no right to look at someone's computer or even demand such a thing. Also a person would be in the right if they replied to such a request with a "Go Fuck Yourself". If you are so worried about people leeching off your WiFi just turn on the encryption. It's a lot easier then busting down doors and acting like a jerk.
The best education consists in immunizing people against systematic attempts at education. - Paul Feyerabend
The difference between WiFi and the car/house analogy is that a WiFi hotspot broadcasts its information, inviting connections. There is no "breaking in" involved. If there was a house that had a sign in front saying "Open House Today" with the door open, you are welcome to enter legally, as it's an open house. Haven't people ever been to these in neighborhoods before? This is equivalent to an open WiFi access point.
It is about the fact that the guy was a fucking creep.
Seriously- if he REALLY thought what he was doing was OK, why did he act all cagy and close the laptop/drive away every time the homeowner saw him?
WiFi or not, this guy was acting strange in front of someone's home in such a way that I think it would probably freak most people out. The cops used the WiFi excuse just to bust the guy and I say jolly good show on them. I would feel very diferently if the guy simply said to the homeowner who he was and the fact that he was surfing on his net connection, but he didn't.
I don't think the open doors analogy is fit.
What you are getting is not a property, is a service.
When using network sockets, there are well documented protocols being used.
So the client computer is basically saying to the server, or wireless router: can I connect?
and the server replies: sure, go ahead
It would be the same thing if a bartender gave drinks for free because he wasn't trained in asking for money in exchange.
Would the customers be liable of theft if they took advantage of this?
It's even more than that. The wireless router received a standard, "can I have legitimate credentials on this network?" request in the form of a DHCP lease request. The wireless router replied with valid credentials for that network. The user did not make any malformed requests, did not use any information that he should not have rightfully posessed, and in no way forced his way into the network.
He also properly followed FCC rules regarding the use of wireless equipment.
If the owner of a wireless transceiver, a radio if you will, doesn't want to let that device communicate then they bear the burden of making it not communicate. If they leave it in a mode that allows any public access over frequencies that belong to the public-at-large then they bear the responsibility.
I'd like to see the ARRL and the FCC get involved in this, even though the odds are against this guy having any official licensing from the FCC.
Do not look into laser with remaining eye.
My take is that it _is_ why "normal" people don't have the same attitude to security (whether it's wireless routers or windows bugs) as nerds have. Real World has worked on completely different principles so far.
The fact is, even if you locked your door or built a chainlink fence, they're just marking a boundary, not being an unbreakable barrier. Whether you lock it or not, your real defense isn't the door, it's the law. The door is really just a marker that says "my property starts here, if you're caught here, we'll throw your sorry ass in jail." No more.
"I can do it" _never_ equalled "then I'm allowed to do it" in the real world. Anyone can buy/make a lockpick for a lot less money than it takes to buy a laptop and a wireless LAN card, and wiggle your lock open in less time than it takes to war-drive around the neighbourhood and configure your networking to use the neighbour's router. But that was never construed as "then it's your fault for not having an unbreakable lock, and the thief is perfectly within his rights to be on your property and walking away with your TV" in the real world.
And, frankly, I see no reason why we shouldn't apply that RL model to computers. My property starts here, I don't give a damn about how l33t some kid thinks he is, they're just not supposed to be on it. Period.
Placing the onus of securing their property on the victims, and the even more idiotic assumption that if it wasn't 100% physically impossible to get on it, then everyone's _invited_ in, is not how the real world ever worked.
A polar bear is a cartesian bear after a coordinate transform.
So this guy in your story basically goes through the first door that happens to be open. It doesn't look like a shop, it doesn't have a price list, it doesn't have a shopkeeper, and generally there's _nothing_ whatsoever that would imply that it's a shop. Could just be someone's home, or it could be that some people were having a party there later and had brought the food in advance. Yet he just assumes that he's allowed to help himself to whatever is there.
Seems to me like a very clear-cut case of theft, by real life standards.
Now let's bring it a little closer to the war-driving example. Let's say your guy _knew_ it wasn't a shop, and had _no_ plans whatsoever to pay for that sandwich. In fact the only reason he was there in the first place, instead of at the real sandwich shop next door, is that he actually _planned_ to get a meal without paying. The mentality all along was "hey, cool, I know this house next door is unlocked, so I'll just go make myself a free sandwich there. It would be stupid of me to pay for something when I can 'share' someone else's food for free instead."
I think by RL standards you have a _very_ clear-cut case of pre-meditated theft.
A polar bear is a cartesian bear after a coordinate transform.
It's more like sitting on the sidewalk outside someone's house at night. Their porch light is on and you're reading a book by that light.
One could say you're using the light they paid for without their permission. On the other hand, they're letting the light spill out into public land.
But you're comparing the physical with the "etherial" (for lack of a better word) here.
If you're broadcasting wifi access onto my property, why shouldn't I be free to use it? Especially if you haven't bothered to protect it in any way?
I've done nothing wrong if you're blasting your radio and I can listen to it from my front yard or if I can overhear a loud conversation you're having. You can't force me to "give you your water back" if your water sprinkler throws over into my yard all day long.
If the WiFi is broadcasting into my home, it is reducing my ability to use the bandwidth myself, secured or not.
And if the neighbor says "hey, those apples are mine - please let me come over and gather them up", my response would be "Okay. Don't forget to rake up the leaves that fall on my side this autumn too then".
what irritates the crap out of me is that this is like someone leaving their bike at the end of their driveway on a busy suburban street over night. It's going to get stolen. Not due to someone wanting to steal it, but because of the owners negligence and complete lack of common sense.
My $0.02 CDN
"Well you're not Fiona Apple, and if you're not Fionna Apple, I don't give a rat's ass."
I know in my last apartment that from my sofa I could see three separate unprotected networks *AND* my protected one.
:) ) does using these networks constitute a crime? Isn't it incumbent upon the owner of said network to secure it? If I leave a set of tools on my front step and it disappears, then I see my neighbor with it, just how mad can I be for having left it out for anyone to walk off with?
Oftentimes (the way the nic drivers for my card worked) would cause my system to prefer the stronger signal, so I would waft onto one of the other networks. I was only free from the other nets when I logged into each one as admin (they were broadcasting the name "linksys" and had left the original admin accounts untouched) and add my MAC address to the deny list.
So, the question then becomes, when I was using their networks, was it because I was intruding onto their network, or because their network was intruding into my home?
I mean, at what point (other than logging into their WAP as "admin"
#!/Jerald
A WiFi hotspot does not invite unauthorized connections by virtue of broadcasting its existance. With Wifi using radio spectrum, it's a necessary part of its operation that requires that it transmit its existance so that authorized nodes can connect to it. The best one can argue is that if the hotspot is unsecured - eg the WAP accepts connections without authentication - then we have an "unlocked door". However, as most, if not all, WAPs are sold in a default configuration where they are unlocked and broadcasting an SSID, it's a stretch to argue that the owner of the WAP has deliberately opened their network to all.
Let's stop being nerds with bad analogies and look at the real world. WAPs are consumer equipment. Most WAPs are bought with the intent that their owners use them to connect their own laptops, etc, wirelessly to their Internet connection. Most owners aren't even allowed to run open networks by their ISPs, and are well aware of the fact.
Perhaps what we need here is a way for those opting in to running open networks to flag the fact, rather than have everyone guess at intentions based upon something that has nothing to do with anything. eg Slashdotters think "This AP is open! That must mean I'm allowed to connect!"; actual owner thinks "This AP is cheap and easy to set up. I just plug it in and I can go anywhere in the house with my laptop and browse the net!"
You are not alone. This is not normal. None of this is normal.
Following up on my own post...
I was just thinking - this could be viewed from another angle as well. Imagine the owner of a new drive-in theatre, but he sets up no privacy fence along the back of his lot, which is exposed to a little cafe with outside seating. Lots of people come to the cafe each evening, and watch the show from there.
The drive-in owner gets pissed because people are obtaining a free service (entertainment) from him without his permission. It's possible to assume a dim bulb might not realize this is going to be a problem. There are privacy measures he can take (set up a fence) and should reasonably assume are required to insure his privacy. (you don't change into your swimsuit while standing by your pool in your back yard unless you have a privacy fence) In this respect you can say that a person's privacy is their own responsibility, and if they take no actions to enforce their privacy and it is violated, that it is their own fault.
Based on this argument, if I were hauled into court over accessing an open access point, the most important piece of evidence I would present would be the WAP's owner's manual. I would highlight the places in the booklet that described the security and privacy features available to the consumer, and highlight the places where it stated what the default behavior of the unit was. I believe this would be an adequate defense. If the consumer chooses to be ignorant about his property that is capable of interacting with the public, then they accept this interaction. Otherwise if they've read the manual and not used these privacy features, they have knowingly accepted the risk of having their privacy violated.
I work for the Department of Redundancy Department.
It is more like running a splitter and a cable and stealing your neighbors cable TV.
This is a close comparison, but ignores the fact that you need to physically trespass in order to accomplish it.
Or running an extension cord to a backyard outlet and stealing power.
Again, requires physical access, but also costs the neighbour money in a higher electrical bill, so it's not the same thing.
Or perhaps a cordless phone.
Even assuming that you don't use long distance, you're depriving the owner of the service, since he can't use the phone while you do.
Some other situations might be:
Running a movie or pay per view on your big screen tv which is visible from the street. Is someone walking by who happens to see the movie stealing from you? If you set up a viewing area in your front lawn and allow people to watch it from the street, are they guilty of CI, or are you?
If you play music in your house loud enough to be heard from the street, is someone who hears it doing anything wrong? What if, instead of casually hearing it, they sit on the curb in front of your house?
The critical fact here is that the wardriver is in a public area. By broadcasting your wi-fi signal into that public area, and not blocking public access (tacitly giving permission, thusly,) I think that it can be argued that you're providing a public service.
If a satellite company beams an unencrypted signal onto my property, I believe that I'm within my rights to watch it. If they encrypt said signal, on the other hand, I do not believe that I have the right to break it.
Same thing applies here, I think. If you take no measures to ensure the security of your network, once it leaves your property, it's fair game. Because the measures required are fairly insignificant, the burden should be on the wi-fi owner to lock things down, rather than on the wi-fi user to ensure that he's not impinging on someone's network.
The analogy is false, though, because you're broadcasting your property... All of your analogies imply clear boundary conditions, such as property edges, doors, using someone else's computer, etc. But if you put up an unsecured wireless network which you setup of sufficient strength to permeate your neighbor's property, the boundaries are very different.
If you have a wireless stereo system, which broadcasts to your speakers, and your neighbor picks it up, it's not "stealing" your music if they listen. If you want to share photos with your family and you put up an unsecured internet site, it's not stealing if non-family members visit and download your photos.
The fact of the matter is you've setup a broadcasting network through a section of your neighborhood. Congratulations, you're now a broadcaster. All operating systems will automatically connect with your network (...maybe not BSD). If you had a problem with this, you can very simply turn on WEP.
Which is how the internet works. Everything is assumed public until you put on the slightest bit of security. That's the convention. If you visit a website and they don't authenticate, it's assumed public. If someone sends you a link to a streaming movie and it doesn't ask for a password, it's assumed public. By practical definitions, it is public. We're not talking about bolting on an iron-clad Novell authentication system, we're talking about changing one preference in your network configuration settings.
You bought a piece of land next to a public field, and you didn't put up a fence or any demarkations. People will wander into and out of the field as if it were part of the commons. There is no practical way to ask whose field / network it is, nor any reason to see to ask. By not marking it as private, you have used the conventional method of marking it as public.
Would someone make their network public? Lots of people do it intentionally. In my apartment, I generally see no fewer than 10 or so wireless networks. Of those, half or so are unsecured. There's usually one or two that has the default router name (Linksys, etc). But most have changed their name to something else, which means that the people involved knew enough to go through the setup process and decided to leave their network open to everyone. Why? Mostly it's a desire to share and be neighborly. Oddly enough, the ISP up the street does the same thing. Lots of the businesses have open wireless access in an attempt to get people to come in with their laptops and drink coffee while doing work.
Of course, there are tradeoffs involved all around. Your wireless network is fucking up my other wireless equipment and using the available spectrum in my house. My wireless phones and other devices are using the same unlicensed spectrum, but are now competing with your bloody web surfing to be heard. I accept that you're going to have a wireless network, because those things are useful. And if you decide not to secure it and make it public, it's on me (and all of the other users) to be good citizens and not saturate your upstream by sharing on P2P apps all the time, or queueing up weeks worth of downloads. If you do decide to secure your network, it's neighborly of us to respect those boundaries and not packet hack it, despite WEP's inherent vulnerabilities. It's also neighborly to broadcast your SSID and channel, because in high density areas the difficulties involved in keeping people's networks from stepping on eachother is far greater than the minimal security provided by not broadcasting your SSID.
You marked your network as public, and now you're complaining that it's not private. Fine. Flip the fucking switch so that we know that it's private.
The ______ Agenda
This is a flawed, or at least incomplete analogy. Let's further suppose that your water is used in a sprinkler which has a pattern that reaches a public sidewalk. If, on a hot summer day, I walk down the sidewalk and choose to stand within the coverage area, I am perfectly within my rights to do so.
The point is that if you want to secure your resources from being utilized when they impinge on public spaces, YOU are responsible for doing so. It is hardly the city's responsibility to move the public sidewalk whenever you water your lawn, or to mandate use of umbrellas when passing your house, or any other contrived solution.
An unsecured wireless network that intrudes on airspace beyond the owner's property is no less available to the public than is water from a sprinkler that wets public sidewalks. If you don't want others to use it, take steps to limit availability.
The ISP defense that it's like sharing one copy of MS Office is pretty poor, as the bandwidth is fixed; it's more like sharing a video, which seems to me to be entirely legal AFAICT.
Wikileaks, no DNS
"And if you leave your front door unlocked you are granting access to anyone who wants to enter. NOT!"
This is more like leaving your front door wide open and handing out floor plans to people passing by on the street, any reasonable person would assume that you wanted them to go inside.. and I think that is all that needs to be proven in court... what a reasonable person would be expected to think...
That's a terrible metaphor. You know how I first discovered what turned into war driving? My friend and I were at an OS X demo. When it was over we went out to his car, he opened his powerbook to make some notes, and "OMG, what's this?? I'm online??" It was a complete ACCIDENT. If my Grandmother can accidentally stumble onto her neighbor's "illegally shared" internet then there is something seriously wrong.
It's not like walking into somebody's house, it's more like opening your bedroom window so you can listen to your neighbor's XM radio. You're not paying for that XM... you're stealing by listening to it without your neighbor knowing. Sure, you can't change the channel just like you can't reconfigure their router settings, but you ARE leeching.... whatever. It's absurd. It's asinine. It's not stealing if people are offering it, let alone broadcasting it out with an SSID beacon, and it shouldnt' be illegal if Apple and Microsoft are setting us up for these "illegal" activities by making their OS auto-connect to open networks. Am I the only one who's found himself accidentally using his neighbors signal instead of his own? It's not stealing if I go to my friends house to watch DVD's he rented or bought. It's not stealing when I flip through the channels on his TV even when he's not home. I do agree that saturating your neighbor's pipe is out of line, and using it without their knowledge might be a bit shady, but illegal? That's ridiculous. If they don't want you on their net then they should turn on WEP. If the internet companies don't want you sharing your pipe then they should charge by megabyte.
Two things in the transaction could be percieved as "permission". Firstly, the access point is (presumably) periodically advertising itself to the world, inviting any nearby computers to connect. Some computers will do this automatically without prompting, as mine did when I turned it on in my new office the other day and it discovered the access point in the office next door. Secondly, once the computer had associated with the access point it sent a DHCP request onto the network. Think of this as walking up to someone's open door and yelling "Can I come in?". The DHCP server then responded "Sure, you can come in and sit in this seat!" (you can use this IP address). This is also often done unattended by a computer once it has completed the previous step.
Not only, then, is the wireless network sending out periodical invitations to everyone, but when they respond it is helping them to get connected. This guy might be able to claim "hacking" if neither of these were true, but I think in this case it's clear to me that the owner of the wireless network has the liability for sharing his Internet connection in breach of his ISP contract.
As a side note, I was taught in school that in the UK you can legally access any system which doesn't make attempts to stop you. Of course, if you then go ahead and break it or cause disruption you can be charged with damage to property and other such crimes, but just "seeing what's out there" and making use of what you find is legal, assuming what I was taught in school was correct. If this wasn't true, it would be illegal to connect to amazon.com on port 80 without prior permission; the fact that it isn't restricted implies permission to use it. If it required a password and I brute-forced the password to gain access, I would be breaking the law.