Slashdot Mirror
Man Arrested for Using Open Wireless Network
DaCool42 writes "In Tampa Bay, a man has been arrested for using a wide open WiFi AP. The St. Petersburg Times has the full story. 'It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft,' said Kena Lewis, spokeswoman for Bright House Networks in Orlando."
Also, the poor guy admitted to using the connection too (unauthorized access to a computer network, which is a third degree felony according to the article). Now, if he would have just asked for a lawyer and then shut up, he probably would have gotten off with just a warning.
Slashdot = ((Technology + Politics) / Trolls) % Grammar Nazis
I dunno... I think a more appropriate analogy would be if one installed a huge arse window in the front of your house, then stuck a giant plasma TV in it and getting annoyed and frustrated when people stopped by and watched TV through you window.
It's not a perfect analogy, but it's much better than the 'It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft' argument.
I dont want to bang on the "the guy had it coming" drum, but Dinon admitted he KNEW how to secure his wifi but declined because most of the people in his neighborhood are "older". That suggests to me, at least on this topic, that he wasn't acting like the sharpest knife in the drawer. But still, it's more than a little unsettling to have some 40-something guy sitting outside your house using your resources. While the article doesn't say he was a perv, I wouldn't be a bit surprised if he was -- and pulling kiddie porn or somesuch.
How was the guy supposed to know that he didn't intend for the AP to be open to everyone.
AP makers should force, once the device is connected for the first time, for it to go to a config page which outlines all the security settings (WEP, etc.)..... maybe then some people will start to understand security.
There's no place like localhost
If microsoft left xp disks at street corners unattended complete with legal cororate serial numbers would they be surprised if people were using them? Same idiocy here. Leave a network open and someone's going to get in. If you're lucky it's just for free internet.
...but the actual facts are more compelling. It seemas though the person using the unsecured wifi was engaged in less than legal activity. If the owner is lucky it was just spam - but it could well have been credit card fraud or even (gasp!) child porn.
The moral of this story? Don't switch wi-fi on unless you *really* know what you're doing.
-EvilMagnus
"It's no different if I went out and bought a Microsoft program and started sharing it with everyone in my apartment. It's theft."
No it isn't. It's not even a copyright problem. What, now I need an extra license if somebody's visiting and they want to check their mail?
It remains unclear what Smith was using the Wi-Fi for, to surf, play online video games, send e-mail to his grandmother...
Don't let that stop you from closing out the article with wild speculation though.
"I'm mainly worried about what the guy may have uploaded or downloaded, like kiddie porn," Dinon said.
Haida Manga
... I shouldn't expect to be robbed, or for someone to come in and watch my TV and drink my beer any time they like.
The cost of them watching my TV and drinking my beer might be minimal, but that's not the point. It's my TV and my beer.
This is the reason people lock their doors and close their windows. We shouldn't need to worry about people coming into our homes, but we do. These people need to learn to secure their wireless points.
I am in no way justifying what this guy did, but hopefully it will highlight something to Joe Average and get them to lock their AP's down tighter (or in most cases, lock them down at all).
On noting the open point, this guy should have at least tried to locate its owner and let them know about it, maybe even offer to help them fix the problem. Instead he took advantage for his own gain, just like any petty theft act really.
If you actually read the article you'll see that he was sitting outside someone's house in his SUV using his laptop. That is quite different from simply tacking onto your neighbor's network, he was outside the house sitting there for the sole purpose of leeching off his internet connection. While the Microsoft analogy is a bit stiff, at least read the article before you all go crazy.
and i supose if you go and drink water from a public fountatin i should be arrested too for the fact the water is open to the public and not locked down. Sounds like they dont want to take fault for not fencing up a public oasis in the middle of no where because you know if it isnt yours its owned already by some one else more powerful and richer then you. Also what if the wifi is a public wifi by choice for the people to use? is it still stealing then?
"to be like god we make our own dolls to play with, but what does that make us, but dolls for god to play with?" Ikari,
I always thought stuff like this was a little weird.
It is like a radio station only allowing members to listen to their station, but broadcasting to everyone and saying if someone who isn't a member listens in, they are breaking the law. Either set up your shit so only authorized people can access it, or don't and not be permitted to have unauthorized people arrested for using it.
"you sonofabitch i didn't know!"
He could have kept his mouth shut... blamed his "connection" on Windows XP's "auto connect" feature for WiFi devices and sued Microsoft for incured losses..... I'm resisting the urge to say .... Profit!!!
My mother never saw the irony in calling me a son-of-a-bitch.
Ok, the headline should read "Man Arrested While Using Open Wireless Network." He was arrested because he had been sitting in front of a guys house all day in his suv on his computer. Whenever he was approached he would shut his notebook and look suspicious. After a few hours of the nonsense the police were called.
The rest of the article is standard "open wireless is for kiddie porn and a gateway to identity theft" FUD. Of course, most people just use it to download music for free, but the warnings of consequences for the owner of the network are legit. If your network is used in-appropriatly, you ARE responsible.
Turn on encryption, add a password, add mac based filtering, turn off dhcp and you are pretty much set.
There is nothing wrong with being gay. It's getting caught where the trouble lies.
why is this under hardware?, shouldnt it be under yro or something?
That is completely flawed. This would be like someone drinking from the neighbors sprinklers shooting over the fence.
I dont want to bang on the "the guy had it coming" drum, but Dinon admitted he KNEW how to secure his wifi but declined because most of the people in his neighborhood are "older".
In most countries it is illegal to leave the keys in your car. Partly to not give kids and others an opportunity to hurt themselves or others.
The homeowner KNOWINGLY left his router unsecured. Then he calls the cops on a guy who was using it. What kind of assclown takes that step first? Go to your fucking router admin page, switch to encrypted wireless, and watch the guy outside drive away.
Even though it was an unsecured network, he was still stealing network bandwidth & accessing something he shouldn't be, its fair that he was caught & should be punished for it.
No. You do forget that we are discussing radio technology. The AP actually broadcasts an invitation beacon for wifi client devices to join the network. It is like having someone put up a big pile of things on a table, stand by it shouting "Here take some" and then calling cops if you do.
If you still have doubts, ponder this educational question: How can you tell a difference between a "public" open AP and one opened by mistake, while trying to browse the web from your laptop on a park bench downtown?
A: Unless the ESSID is "SEKRIT!" or "DONT_YOU_DARE!" you can't.
QED.
I wonder how long before we see a suit where a customer sues a manufacturer for not making security clear & easy enough to set up when they purchased & installed a router.
This is in fact a much wiser course of action. The wireless gear should come with maximum security on by default and require multiple prompts to lower the protection level. But blaming the "nefarious" "hacker" is far more sexy and easier for brain-dead prosecutors then going against a large multinational.
Then if the gear is left wide open, no idiot can claim "I didn't mean to do this, honest!". Otherwise (and from the vague statements of the "victim" in this case a likely scenario) it is simply an entrapment, vigilante excercise, a.k.a leaving a wallet on a sidewalk and then shooting anyone who tries to pick it up for "attempted roberry".
That is, piggybacking off someone else's wireless in the building. I told them it was not a good idea due to security and legal concerns, among other things, exactly like the article says.
How do you know what's coming over that Internet line you're piggybacking on? Okay, so it's not going to your MAC address based on your initiated connections, but how do you know what kind of worm or virus is running on that guy's machine - and what it's scanning for in terms of local connections? It's just dumb to piggyback unless you have a really secure setup, and if you know that much, why don't you have your own wireless?
It's also possible to find out who is piggybacking once it is noticed because all you need is a laptop with NetStumbler and walk around until you get a signal from a laptop and capture the MAC address. Then just knock on the door (if you're the building manager) and demand to see the computer - if the MAC matches, it's over. This is bad news for people who are in buildings that charge for wireless access. Fortunately for them, most of the management and other tenants probably aren't that knowledgeable.
As for this guy in the article, he was obviously stupid to hang out right in front of the victim's house, and then CONTINUE to hang around even once the victim had spotted him. Guy must have been desperate for that connection for some reason, which probably means it was something illegal he couldn't afford to be seen doing at the local Starbucks.
On the other side, I can't understand what the victim meant by not having security because other residents "were older". Was he sharing with the other residents in his neighborhood? If so, then wasn't HE screwing the service provider? Did I miss something here? If it's stealing to share an open wireless access point without someone's knowledge, then it's stealing to share one WITH someone's knowledge. I don't think the terms of use of most commercial providers allow for sharing access to anyone except perhaps ones immediate family at one location (unless of course it is a building-wide access point that is paid for by the building - which doesn't apply in this case because Dinon's is a residential home.)
So it seems like this guy got arrested for accessing an individual's network while the individual involved was sharing it with his neighbors probably in violation of his Terms of Use contract.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
You could be arrested if your neighbor happens to also have a wireless network and your computer decides it likes that one better one day. That's egregious.
wire is the future of networking. Wireless is just a fad.
You guys need to calm down a bit and get rid of the immediate kneejerk reactions, though I do admit that the summary is a bit misleading.
I agree that a felony is a bit stiff for such a victimless crime, but for what it is worth, this guy was asking to be arrested. He sat out in front of the house in his SUV for nearly a whole morning before the police were called. If you are going to use someone's wireless AP, at least be a bit more covert about it. There are so many unsecured APs out there that you could easily exploit and never really be noticed. Go downtown, go to a park with business nearby. Sit somewhere where nobody would think twice about your presence there. I'm sorry, but sitting in front of someone's house for 5 hours and then even more stupidly admitting what you were doing is just asking to be thrown in jail.
This guy deserves everything that he gets. This isn't just a case of someone sitting somewhere and flipping open their notebook and noticing a connection. I do not have wireless at my house for a lot of reasons (asides from the fact that wired ethernet is an awful lot faster), but when I am sitting on my porch, I do admit that I sometimes use the neighbors AP. For my lightweight web browsing, I don't really think that I am interfering with their network or in any way damaging their equipment, thus creating a totally victimless crime. I never even bothered to look to see if they have open shares, but I digress. Also, unless you specifically know of a public access point any network you connect to is technically illegal trespass.
What I find amusing is that I can trespass on someone's property and I get a misdemeanor and when I do the same thing virtually, I'm looking at years in pound-me-in-the-ass federal buttlovin prison. I'm a good looking, somewhat effeminate male as well, so I doubt I would do very well with my future cellmate Bubba. The laws definately need to be rewritten quite a bit, and unfortunately with all the identity and data theft these days, I just see them potentially becoming worse and more draconian.
I will say that this guy is a total douche bag. Anyone that thinks it is ok to just sit in front of someone's house for hours without having a specific purpose is just asking to be stopped and harassed by the cops. If someone sat in front of my house for more than an hour, I'd be calling the cops too, regardless of why they were there. I don't agree with the statements that people have made that wireless access points should be required by law to be secure. Do we really need to waste tax payer money on attempting to enforce more unenforceable laws?
If anyone should get upset, it should be the broadband provider, but I honestly don't think that even they could consider putting forth theft of service charges against people who run these networks, good samaritan or stupid joe blow. Maybe when cable services start becoming wireless or more broadband oriented, but that is a whole different story and a wholly different topic for right now.
Moral of the story is this: It is not against the law until you get caught and when you do, don't openly admit that you broke the law and get yourself a decent lawyer when the felonies start to roll over your head.
I hope they just give this guy community service or something, but that is me.
zosxavius photography
If someone has a wide open WiFi network, how is one supposed to know it's not being kept open as a private public service? If you leave a desirable good out in the open, with no signs of ownership or desire to be kept private, I don't see a problem. If you want to keep your WiFi network private, encrypt it and turn off broadcasting. This is like a radio station or the police arresting you for receiving a clear over the air signal.
Slashdot: Playing Favorites Since 1997
Possibly becuase they left the cookie jar sitting in the middle of a public street?
A Free Market requires informed intelligent consumers, such people are rare, we're in trouble.
That's a valid excuse? What happens if someone younger moves into the neighborhood? Do you enable encryption then? What if their grandchildren come for a visit and put your system into scriptkiddy hell? Do you enable it then?
At what point does common sense outweigh laziness for this jackass?
Moof!
Why didn't this guy really confront the dude in the SUV?
First time be friendly and helpful. Hey how are you doing? do you need some help I noticed you've been out here a bit. No decent explaination, next time tell them to clear off, or you'll let the police know what his plates and description are and that he's been casing houses.
Everyday people never seem to take the initiative.
The reporter in the article seems to think that people can easily protect themselves on wireless networks, and we all know that just isn't true for several reasons:
/..
- Depending on the card you buy PCs sometimes have trouble converting ASCII to bits in the same way. I have this problem with, say my NETGEAR and my Mac.
- WEP sucks and we all know it, so 15 minutes of a determined script kiddie's time and that's the ball game.
- WPA isn't yet available everywhere, and even it is supposed to be an interim standard to 802.11i.
In short, you can only avoid nuisance freeloading with WEP and it's a pain to use if you have multiple PCs. Especially if you're not the sort that reads
This seems to be similar to "attractive nuisance" violations: If a homeowner sets up a trampoline in his front yard he must also put a fence around it. Otherwise, he cannot complain about trespassers when all the neighborhood kids start jumping on it. Furthermore, without the fence the homeowner can (and has been successfully) be sued for negligence when one of those kids breaks his neck.
That one speaks for itself.
They make it sound like he just used Lowe's to get internet access. Lowe's was sending credit card number, expiration date, cardholder name, billing address, and cvv2 number in the same unencrypted packet.
It's been called the "Man In The Middle" attack since long before wi-fi ever existed. Where the hell did "evil twin" come from? Are they just making shit up?
He makes it sound like there's only one program on the web that can crack WEP. There are several, because there are several independent flaws in WEP, and most implementations are susceptible to multiple different attacks.
GAH!
As far as I know, not even the BSA has attempted to assert that failure to abide by terms of service, in the absence of additional laws, constitutes a criminal act. At least this is a quote.
What's really appalling is the confidence with which they maul both reality and language. It's one thing to be light on details, or present them as uncertain or controversial. It's quite another to present them as a straightforward list of facts to acquaint those otherwise ignorant. They do quote Mike Godwin, but they use misuse his quote to make it sound like he's talking about something else, so they've squandered what slight authority they could have had.
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
So, if you've an open field with no fences, no signs, no barriers of any kind whatsoever and no indication that it is private property, then it is generally assumed to be reasonable if you take a shortcut over it, and too bad if you complain.
I would prefer it if things like wireless networks were treated in this regard, for the simple reason that any Joe Schmuck who wanted to abuse the situation could park an open wireless network right next to a genuinely public wifi point. Anyone too close to the dividing line would fall in the wrong network and be open to getting their asses sued to oblivion and back. It would be a simple enough way of Getting Rich Quick and - in some States - possibly even legal, for all that it is blatant entrapment.
In this specific case, it seems likely it was obvious enough that the WIFI point wasn't public, but even there, can you be 100% sure of that? What if there was a public WIFI point the next house along? Can these folk prove, conclusively, that there was an intent to steal? Probably not. Well, technically all they need to do is show beyond reasonable doubt, but it's not 100% certain they can even really do that.
Like I said, it would be good if the law cut to the chase and demanded actual proof that there was an effort to mark boundaries. In this case, a simple WAP password, a non-obvious ID and a no-broadcast setting would be ample. If there's no password, a "public" ID and a broadcast signal, then there may be a legit defence of entrapment, as there would be nothing to differentiate that from any cafe WIFI access point within range.
However, Florida (and most of the South - I know, I lived there for several years) is not necessarily going to go for a "common sense" answer. They are much more likely to rule for the home owner, even if the owner etched ruddy great warchalk markings all over the house.
I'm not even going to get into some of the "home invasion" laws, which this case may well qualify as, except to say that laptop owners in the South should stock up on bullet-proof armour for their cars.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The analogy is a stupid one. I have a wireless laptop. When ever I turn it on, it automatically connects to the WiFi of the guy upstairs. In fact, I generally have four wide open connections blasting through my apartment at any one moment. In order for me to not connect to his connection, I need to go through and disconnect from his network each time I boot up. His connection is wide open. It would be one thing if I had to hack into his network and steal a password, but if you are blasting a signal without even the most basic of encryption, it is safe to assume that you don't care who uses it. Hell, it doesn't have to be some super secret Slashdot elite encryption. Putting even the most basic of passwords up would be more then enough to signal that you are not leaving the connection open for the use of others.
If the guy using the connection did something destructive with the connection, I could understand the fuss. If he was just browsing the web over a wide open connection, I fail to see the issue.
The much better analogy is if you had the ability to broadcast over a short distance with radio waves and the guy down stairs picked up your radio. Is he supposed to assume that the crap you are spewing into the spectrum is private? Keep your damn broadcasting in your own house or put the most basic encryption up. If you have a WiFi network, signal your intentions or don't be surprised when people misunderstand them. If you can plug in your wireless router, you have more then enough technical expertise to figure out how to set up a password. In fact, most instruction manuals have you set up a password as part of the installation.
This is not a case of 'leaving the door open'. This is a case of blasting your WiFi network into public space without even the most basic attempts to defend it and having people pick it up. People won't come into your house to sit on your couch, but they might sit on your couch if you leave it outside on the sidewalk.
Seems to me, instead of doors locked or unlocked, a better analogy might be whether open land is fenced/posted or not.
So, say my apartment/house gets bombarded with the neighbors wifi? Whose property is it? I mean, surely its his radio signal, but its passing through my property. This is akin to running a telephone line through my house. I realize this is somewhat ridiculous, but seriously, your rights stop when they impede mine.
Let's suppose for a second that I sit at home in my bathtub wearing a tinfoil hat and that i don't feel comfortable with your radio waves passing through my house, is it within my rights to try and stop you?
if so, is it within my rights to use your internet?
The parent makes a good point. I'm not as certain about the state laws that may apply, but in any case, it's hard to argue that open WAP's are not configured to be available to the general public. It's not really a case of accessing a network without permission; it's a case of requesting permission to access the network and being granted that permission by the AP. The ability of the AP to grant that permission is, after all, entirely under the control of the user.
Ok lets just say for arguments sake that he wanders with his laptop to the opposite side of his house, far away from his own wireless access point. The computer sees the other access point has a stronger signal and latches on to it during a break in communication with his own access point. He is unaware of the change and continues with his business. Are the default settings for wireless access communication illegal? What would stop someone from plugging in a wireless access point boosting the signal strength and calling the police any time someone accidentally connects? I live in an apartment complex with about 7 other visible access points. I occasionally get bored and plug in a spare access point with no internet connection attached to see who accidentally locks on to me and loses their internet access.
It is about the fact that the guy was a fucking creep.
Seriously- if he REALLY thought what he was doing was OK, why did he act all cagy and close the laptop/drive away every time the homeowner saw him?
WiFi or not, this guy was acting strange in front of someone's home in such a way that I think it would probably freak most people out. The cops used the WiFi excuse just to bust the guy and I say jolly good show on them. I would feel very diferently if the guy simply said to the homeowner who he was and the fact that he was surfing on his net connection, but he didn't.
Exactly - I can see it now Man arrested for using Microsoft Software See /. articles on how your Win machine will instantly become part of an intergalactic Beowulf cluster of anal probe gizmotrons on powerup.
Sent from my ASR33 using ASCII
Say I leave my sprinkler turned on to water the area around the city sidewalk in front of my house. Some neighborhood kids start playing on the sidewalk, in the water. I move the sprinkler to another section covering the sidewalk and the kids follow. Is it something they should be punished for, or should I move the sprinkler off the sidewalk, or just shut up and get on with my life?
I'll buy loitering, no problem. Felony computer network trespassing? No way. If the guy had issues with someone using his AP, he should have turned it off. Or simply told the persont o quit leeching his broadband. Either way, I bet the offending guy would have driven off right away.
My take is that it _is_ why "normal" people don't have the same attitude to security (whether it's wireless routers or windows bugs) as nerds have. Real World has worked on completely different principles so far.
The fact is, even if you locked your door or built a chainlink fence, they're just marking a boundary, not being an unbreakable barrier. Whether you lock it or not, your real defense isn't the door, it's the law. The door is really just a marker that says "my property starts here, if you're caught here, we'll throw your sorry ass in jail." No more.
"I can do it" _never_ equalled "then I'm allowed to do it" in the real world. Anyone can buy/make a lockpick for a lot less money than it takes to buy a laptop and a wireless LAN card, and wiggle your lock open in less time than it takes to war-drive around the neighbourhood and configure your networking to use the neighbour's router. But that was never construed as "then it's your fault for not having an unbreakable lock, and the thief is perfectly within his rights to be on your property and walking away with your TV" in the real world.
And, frankly, I see no reason why we shouldn't apply that RL model to computers. My property starts here, I don't give a damn about how l33t some kid thinks he is, they're just not supposed to be on it. Period.
Placing the onus of securing their property on the victims, and the even more idiotic assumption that if it wasn't 100% physically impossible to get on it, then everyone's _invited_ in, is not how the real world ever worked.
A polar bear is a cartesian bear after a coordinate transform.
So this guy in your story basically goes through the first door that happens to be open. It doesn't look like a shop, it doesn't have a price list, it doesn't have a shopkeeper, and generally there's _nothing_ whatsoever that would imply that it's a shop. Could just be someone's home, or it could be that some people were having a party there later and had brought the food in advance. Yet he just assumes that he's allowed to help himself to whatever is there.
Seems to me like a very clear-cut case of theft, by real life standards.
Now let's bring it a little closer to the war-driving example. Let's say your guy _knew_ it wasn't a shop, and had _no_ plans whatsoever to pay for that sandwich. In fact the only reason he was there in the first place, instead of at the real sandwich shop next door, is that he actually _planned_ to get a meal without paying. The mentality all along was "hey, cool, I know this house next door is unlocked, so I'll just go make myself a free sandwich there. It would be stupid of me to pay for something when I can 'share' someone else's food for free instead."
I think by RL standards you have a _very_ clear-cut case of pre-meditated theft.
A polar bear is a cartesian bear after a coordinate transform.
However this is Case 4: You have a cookie jar on the sidewalk in front of your house, and every time someone comes within range it is programmed to automatically reach out, tap them on the shoulder, and offer them a cookie.
Are they guilty of theft? Here's an excellent legal review. According to federal law the answer appears to be a constistant NO, and according to my state's laws the answer is explicitly NO. If this guy was actually arrested on an "access" basis, and if that arrest is actually held up in court on an "access" basis, then there is something very very wrong with Florida state law.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
MAC addresses are not foolproof, as they can be changed with a single command. Besides the fact that the building manager has no right to barge into your private residence and check your computer for a mere suspicion of using someone else's unsecured network, the whole thing with the MAC address just falls apart.
There is no practical way to figure out who is using an unsecured network. It is the responsibilty of the AP's owner to secure their router, and if they fail to do so, it's their own damn fault if other people mooch off their bandwidth.
"ST. PETERSBURG - Richard Dinon saw the laptop's muted glow through the rear window of the SUV parked outside his home. He walked closer and noticed a man inside. Then the man noticed Dinon and snapped his computer shut. Maybe it's census work, the 28-year-old veterinarian told his girlfriend. An hour later, Dinon left to drive her home. The Chevy Blazer was still there, the man furtively hunched over his computer. Dinon returned at 11 p.m. and the men repeated their strange dance." IMO the laptopper DID know he was doing something wrong. It's not that the laptopper had a machine at home, which he used for a wireless stroll around: he was in his car and remained there for HOURS. I'm interested in the follow-up.
All those moments will be lost in time, like tears in rain. Time to die.
Dunedin's network, however, will be protected by the AES encryption standard, used by the Department of Defense. Passwords will be required, and each computer will have to be authenticated by the network. There also will be firewalls. "I'm confident to say our subscribers are at zero risk for that kind of fraud," Guerin said. (emphasis mine)
There's a word I once learned for that. It's "You are a muppet". OK, that's 3 words, but it's a lot shorter than "blithering incompetents shouldn't be allowed in positions of technical authority, especially not when paid by public money." Alas.
Cole's Law: Thinly sliced cabbage
Not long afterwards, he's turned into a pig and trapped in that land until his daughter can free him and her mother from the sorceress Yubaba...
Xenu loves you!
what irritates the crap out of me is that this is like someone leaving their bike at the end of their driveway on a busy suburban street over night. It's going to get stolen. Not due to someone wanting to steal it, but because of the owners negligence and complete lack of common sense.
My $0.02 CDN
"Well you're not Fiona Apple, and if you're not Fionna Apple, I don't give a rat's ass."
Don't people ever reach other conclusions first? They *always* throw that in there when someone gets in trouble and the internet is involved. All this coverage makes child porn sound like the greatest vice since prostitution.
Direct away from face when opening.
Your post reminded me of a good Dvorak commentary that came out about a year or so ago. -- Usurper_ii
http://www.pcmag.com/article2/0,1759,1565274,00.as p
By John C. Dvorak
To drive around looking for connections to open wireless access points is called wardriving. In Canada, people who are caught doing this can be arrested for stealing bandwidth. The legality of this practice in the U.S., however, is a bit hazy, and there are many mitigating factors. One is that several organizations deliberately leave access points unencrypted so that people can use them as necessary. Also, many computers with built-in wireless simply grab the first signal they detect. Then there's the trespassing issue: The wardriver isn't trespassing on the router, the router is trespassing on the wardriver's airspace.
Free Access
This issue was brought home to me recently when one of my laptops told me it was ready to install new Windows XP upgrades, even though the laptop was not on a network and my wireless access point was off-line. I discovered that a neighbor's wireless router, named "default," had provided the access. Using my Toshiba's View Wireless Connections option, I saw five nearby networks that I could grab, three of which were unencrypted. Obviously there's plenty of free access around for harried travelers. It seems to me that being able to download your e-mail at an open connection is a good thing.
Look into the legality of this, though, and you hear vague comments like "The FBI doesn't know how legal it is" or "It may be illegal, because you're using someone else's connection or you're spying on their network." This issue will create ridiculous legal problems, which is bad news for both consumers and law enforcement, unless a sensible, national policy can be developed.
Personal and Corporate Responsibility
Let me jump in and propose a simple, logical public policy. Law enforcement doesn't need to get involved whenever some guy in a doughnut shop poaches a nearby Wi-Fi connection to check his e-mail, thinking he's on the shop's network. This shouldn't be a crime, even if he's intentionally poaching. We must put the burden of responsibility on the broadcaster, not the end user. It has to be made clear that people sending open connections all over town should be responsible for them.
Here's what I propose: Once a wireless signal leaves private property, it becomes public domain. If the person transmitting the signal wants it protected, then encryption is up to him or her. If someone beams an Internet connection into my home and I happen to lock onto the signal, he is trespassing on me, not the other way around. Public policy must reflect this logic. Keep it out of my house if you don't want me using it. Keep it out of my car. Keep it away from me in public places.
The Public Interest
This policy makes sense because it lets anyone who wants to provide open access do so without hassle or fear. Groups in San Francisco and Seattle are openly promoting free 802.11 connectivity. Many coffee shops, restaurants, and community groups now provide free wireless access, and directories of these hot spots are easy to find online.
This ubiquity of access is to be encouraged as in the public interest. But it can't happen if the law doesn't make the person transmitting the 802.11 signal responsible, instead of blaming any roaming users who are simply grabbing open connections. If this means that a corporate network is wide open to hackers, because the company doesn't bother encrypting the signal it broadcasts all over town, then so be it.
We must not follow the Canadian model that views using unprotected 802.11 connections as bandwidth theft. My computer grabs wireless signals impinging on my house more often than it grabs my own 802.11 connection. It just does. Agencies shouldn't be required to sort this out; it would be a law enforcement nightmare. In fact, it's
Ron Paul
Yes its not very good. However if he had WEP enabled, knowing it could be relatively easily broken it still is the overt act to discriminate between someone who only wants to use an open AP and someone whos willing to crack their way in.
And if this SUV guy had cracked through the weak WEP protection he wouldn't have any leg at all to stand on in the I was just using an open AP argument.
WEP should be used like a No Tresspass sign - it doesn't stop anyone who wants to enter from entering anywhere - but it does inform them they are not welcome to enter the property and are violating the law if they enter.
-------- This space intentionally left blank --------
When I moved into a new apartment in Naples, FL, I was shocked to find 3 wireless networks in my range that were wide open. It was nice because I unpacked all of my things and was on the net that night courtesy of my sharing neighbors, while I waited for the cable guy to come the following afternoon.
So what I don't get is, why don't wireless companies just ship their routers pre-setup with encryption. Then, they could just include the key much like software ships with a license number you enter when you install it. If people can handle software installation, this really doesn't seem to be any different. The router companies could even offer a more marketable interface to make it look much like it does when you enter a CD Key from software so people don't even realize what they're doing. Seems like a really easy fix to me.
Finance tutorials and more! Understandfinance
The analogy is false, though, because you're broadcasting your property... All of your analogies imply clear boundary conditions, such as property edges, doors, using someone else's computer, etc. But if you put up an unsecured wireless network which you setup of sufficient strength to permeate your neighbor's property, the boundaries are very different.
If you have a wireless stereo system, which broadcasts to your speakers, and your neighbor picks it up, it's not "stealing" your music if they listen. If you want to share photos with your family and you put up an unsecured internet site, it's not stealing if non-family members visit and download your photos.
The fact of the matter is you've setup a broadcasting network through a section of your neighborhood. Congratulations, you're now a broadcaster. All operating systems will automatically connect with your network (...maybe not BSD). If you had a problem with this, you can very simply turn on WEP.
Which is how the internet works. Everything is assumed public until you put on the slightest bit of security. That's the convention. If you visit a website and they don't authenticate, it's assumed public. If someone sends you a link to a streaming movie and it doesn't ask for a password, it's assumed public. By practical definitions, it is public. We're not talking about bolting on an iron-clad Novell authentication system, we're talking about changing one preference in your network configuration settings.
You bought a piece of land next to a public field, and you didn't put up a fence or any demarkations. People will wander into and out of the field as if it were part of the commons. There is no practical way to ask whose field / network it is, nor any reason to see to ask. By not marking it as private, you have used the conventional method of marking it as public.
Would someone make their network public? Lots of people do it intentionally. In my apartment, I generally see no fewer than 10 or so wireless networks. Of those, half or so are unsecured. There's usually one or two that has the default router name (Linksys, etc). But most have changed their name to something else, which means that the people involved knew enough to go through the setup process and decided to leave their network open to everyone. Why? Mostly it's a desire to share and be neighborly. Oddly enough, the ISP up the street does the same thing. Lots of the businesses have open wireless access in an attempt to get people to come in with their laptops and drink coffee while doing work.
Of course, there are tradeoffs involved all around. Your wireless network is fucking up my other wireless equipment and using the available spectrum in my house. My wireless phones and other devices are using the same unlicensed spectrum, but are now competing with your bloody web surfing to be heard. I accept that you're going to have a wireless network, because those things are useful. And if you decide not to secure it and make it public, it's on me (and all of the other users) to be good citizens and not saturate your upstream by sharing on P2P apps all the time, or queueing up weeks worth of downloads. If you do decide to secure your network, it's neighborly of us to respect those boundaries and not packet hack it, despite WEP's inherent vulnerabilities. It's also neighborly to broadcast your SSID and channel, because in high density areas the difficulties involved in keeping people's networks from stepping on eachother is far greater than the minimal security provided by not broadcasting your SSID.
You marked your network as public, and now you're complaining that it's not private. Fine. Flip the fucking switch so that we know that it's private.
The ______ Agenda
Does anybody else find "wardriving" a puerile expression? It's interesting to see the St. Petersberg Times article pick up on the expression with a little frisson of excitement - though it gives the term's heritage. I can feel the ripples of an expression being criminalised (a comparative example in the UK is watching "asylum seeker" being re-interpreted), and hence the associated activity being criminalised as well...
So what kind of argument does yours fall into? I mean your whole post, not your example. It seems to be something like: make the other person feel stupid. What is that, analogy? emotional appeal? It certainly doesn't seem like logic, or at least not plain, simple, dry Spock logic there's a lot of implied elitism in that message.
;-) ) In general, I'm awfully leary of supposedly purely logical arguments being used in defense of or to attack purely moral stances. I mean--logically, why are you even bothering to continue to exist in a chaotic, senseless, godless universe anyway? What purely *logical* reason is there for you to even exist? May as well just end it all now since, ultimately nothing you ever do will really matter one way or the other...
I tend to strongly prefer the logic-style of argument. However, in a debate, I'm likely to go with whatever approach (emotional appeal, analogy, etc) seems most likely to produce the desired result--that is so long as I don't have to twist the facts into a pretzle to get there. (I'm not meaning to imply that you did that--I'm just saying that lying or over-manipulation of the facts is something I try to avoid.)
As much as I love logical arguments ("love"? "logic"?), I think they have more than their fair of weaknesses. (And I'm only going to get around to listing one of them before I go horribly far off topic.
I state, without actual proof, that humans are fundamentally irrational, emotional, social hairless primates. Therefore, logic will not always be the best way to sway any given hairless primate to your way of thinking. Sometimes emotional appeal will work. Sometimes a big mallet, or the threat of a big mallet to the cranium will do the trick. I personally don't like the mallet to the skull method because it offends my sensibilities (also I feel I'm more likely to be on the receiving end than the dealing end). So it goes. But speaking from a purely logical standpoint, is there anything faulty with the mallet-to-the-skull method?
Sorry I got off topic--just my primate brain wandering again like it does.
Furry cows moo and decompress.
From what I understand, it's not uncommon in crowded apartment complexes for people using wireless cards to have rotten connections because of all the radio noise from their neighbors using wireless.
In some cases, the only way to use their wireless is to shut off their AP and use a neighbor's instead.
First, I agree with the Metered v. Unmetered argument put forth by another replier. Second, sure go ahead, if you can. When I lived in dorms and apartments, I specifically never used a cordless phone (though I did have a cell phone, but that's worlds harder to fake a call from), just because I knew the broadcast area extended beyond the bounds of my dwelling, and I didn't want people listening in unrestricted, much less placing unauthorized calls. Now at my house, I have a consumer-grade cordless phone that I know does not reach the boundaries of my yard, while still being available where I usually am. Thus, you'd have to be trespassing on my property, which would show willful intent to steal bandwidth/airtime.
--- What
The whole tone of this article is dead wrong. The reporter is just taking what he's handfed by the cops. Take this for example:
In another Florida case, a man in an apartment complex used a neighbor's Wi-Fi to access bank information and pay for pornography sites.
So, wait.....which part of this is wrong? So the guy is into porn? Jesus, have him shot! Note that it doesn't say he was accessing other people's banking information. The whole story just implies misconduct by making the guy who got arrested out to be some peeping-tom type hanging out in the yard and acting suspicious, and making everybody else who has hung out on a wifi network (me and probably 70% of the rest of us here included of course) lumped in as a bad guy because this is obviously some kind of foul play. Never mind the fact that they are broadcasting access to their fucking network on our public airwaves!
Given a choice between free speech and free beer, most people will take the beer.
Caveat: This article is merely the results of my research, so please keep in mind that I am not a lawyer and am not qualified or licensed to disburse legal advice. Corrections to this information are welcomed and desired.
My research would indicate that accessing an open (that is unencrypted) 802.11b/802.11g wireless network is not a federal crime. However, individual states may have enacted their own laws.
According to Title 18 (Crimes and criminal procedure) of the United States Code, Part I (Crimes), Chapter 119 (Wire and electronic communications interception and interception of oral communications) from usdoj.gov:
I do not believe that Title 18 (Crimes and criminal procedure) of the United States Code, Part I (Crimes), Chapter 47 (Fraud and false statements) Section 1030 (Fraud and related activity in connection with computers) from usdoj.gov applies:
Whether or not this would apply would depend on the definition of the term "protected computer". An open netwo
Actually, it is. It's more like you have a window open into your apartment and the guy across the street watches your Pay-per-view off your TV just by looking out his window and into yours.
You won't find any judge or jury willing to convict the guy across the street for stealing PPV content. It'd be REASONABLE to assume if your window is open you're aware of the risk of someone looking in.
By the same token, with the status of today's networking and the news about open WiFi points, the onus is on the network operator to take reasonable steps to secure access. If the man had to decrypt a WEP key or guess a passphrase to get access to the WiFi AP, I'd say he indeed was stealing and should be prosecuted. Since all he did was take advantage of a publically available (by all rights) network, this case is rather baseless.
I think most people here are using the wrong type of analogy for this case. The "theft" wasn't performed by any form of trespassing - so analogies of "borrowing" someones car because they didn't lock it is absurd. The AP is broadcasting information that is coming onto my property - I didn't go into his house to use it. There is no correct analogy for this - but the best may be with trees. If my neighbor has a tree that is growing on the boundary of our properties, and the trunk is on his side of the property - the tree is legally his. HOWEVER - I am legally allowed to trim the tree back to the boundary between our properties - even if it is HIS tree. But what about the fruit that falls from his tree onto MY property? This is where the law gets fuzzy (and why we will probably never have a good answer for the issue with open AP's). According to long-standing law doctrine - the fruit belongs to the owner of the tree - as well as any limbs, leaves, or anything else that falls from his tree. Therefore, if you ask your neighbor to remove any of these annoyances that happen to be landing on your property and he does not remove them - he can be held liable for any damages or costs to remove any such items. Sure, you can take any fruit from his tree that falls on your property (or is on a limb growing on your property) is he is okay with that - but if he decides he has a problem with that and he has evidence of you taking the fruit - he will win in court every time. The same could be said for your open AP - even if you are just "borrowing" his bandwidth without his knowledge and he finds out - you can bet your ass you are still stealing and can be held liable. The bottom line - even if he is broadcasting into YOUR house, it's still not your's for the taking. Try asking your neighbor is he has a problem with you using his open AP next time.
The ISP defense that it's like sharing one copy of MS Office is pretty poor, as the bandwidth is fixed; it's more like sharing a video, which seems to me to be entirely legal AFAICT.
Wikileaks, no DNS
No... I don't think that simply because someone else uses your unsecure, open wi-fi network, the mere fact that they temporarily "limited your bandwidth" constitutes "stealing" on their part.
Most consumer broadband services don't guarantee you a specific amount of bandwidth to begin with! They tell you "rates of up to X" speed. In the case of DSL service, Customer A who is lucky enough to live a few houses down from the central office probably gets as much as 2 or 3x the bandwidth for his money as Customer B who is about 12,000 feet from the same central office.
The only thing that makes sense here, in my opinion, is charging someone if they actually do something criminal while borrowing your open network. (EG. If some guy in a van keeps pulling up close to your house and is obviously using your wi-fi network, and the next month you get questioned about downloading child porn - then it's time to report him and have him arrested.)
Short of that, if you don't want other people connecting to your wi-fi network, secure the thing! Otherwise, people really have no way to know if you're purposely offering free Internet access to those around you, or you're just clueless or too lazy to lock it down properly.
(That's where your unlocked door analogy falls flat, too. It's understood that a home belongs to a specific owner, and you're NOT allowed to just walk in, uninvited - especially if the door is closed and you have to turn the knob just to enter. You probably aren't sitting on that person's physical property at all when your laptop picks up their open wi-fi network.)
I don't think comcast had WAP's in mind when they wrote this part of thier policy, but it's directly applicable...
You are responsible for any misuse of the Service, even if the misuse was committed by a friend, family member, or guest with access to your Service account. Therefore, you must take steps to ensure that others do not use your account to gain unauthorized access to the Service by, for example, strictly maintaining the confidentiality of your Service login and password. In all cases, you are solely responsible for the security of any device you choose to connect to the Service, including any data stored or shared on that device. http://www.comcast.net/terms/use.jsp
For 802.11B, the channels overlap... 1,6, and 10 can be used at the same time without stepping on each other (and various combinations of one low and one high channel.) Apartments, condo's, and often, townhouses are packed too closely for many resident's deploying an AP. If I turn on an AP, I'll flood between 10 and 14 apartments with the RF -- at standard power levels... at full "legal" power, half the complex can see it.
Why did you guys have to call this "war driving"? That was a bad choice.
That's a terrible metaphor. You know how I first discovered what turned into war driving? My friend and I were at an OS X demo. When it was over we went out to his car, he opened his powerbook to make some notes, and "OMG, what's this?? I'm online??" It was a complete ACCIDENT. If my Grandmother can accidentally stumble onto her neighbor's "illegally shared" internet then there is something seriously wrong.
It's not like walking into somebody's house, it's more like opening your bedroom window so you can listen to your neighbor's XM radio. You're not paying for that XM... you're stealing by listening to it without your neighbor knowing. Sure, you can't change the channel just like you can't reconfigure their router settings, but you ARE leeching.... whatever. It's absurd. It's asinine. It's not stealing if people are offering it, let alone broadcasting it out with an SSID beacon, and it shouldnt' be illegal if Apple and Microsoft are setting us up for these "illegal" activities by making their OS auto-connect to open networks. Am I the only one who's found himself accidentally using his neighbors signal instead of his own? It's not stealing if I go to my friends house to watch DVD's he rented or bought. It's not stealing when I flip through the channels on his TV even when he's not home. I do agree that saturating your neighbor's pipe is out of line, and using it without their knowledge might be a bit shady, but illegal? That's ridiculous. If they don't want you on their net then they should turn on WEP. If the internet companies don't want you sharing your pipe then they should charge by megabyte.
Okay, so if a grown man was on the sidewalk dancing in the water from a lawn sprinkler, it'd be kinda creepy, but would it be theft? Is he stealing "your" water that isn't even being used for the purpose of watering your lawn?
If the only notable impact of "borrowing" your network is slower response time, then why should it be a crime if someone happens to be on the network but isn't causing any problems?
I can't wait for the day when "bandwidth" is no longer a limiting factor - then the only thing that should be illegal on an open network is unauthorized access of someone else's computer. If I just happen to be sitting on a park bench outside your apartment and need to check my email, what's the problem, as long as I don't go near your sensitive data?
Did I say overlords? I meant protectors.
Two things in the transaction could be percieved as "permission". Firstly, the access point is (presumably) periodically advertising itself to the world, inviting any nearby computers to connect. Some computers will do this automatically without prompting, as mine did when I turned it on in my new office the other day and it discovered the access point in the office next door. Secondly, once the computer had associated with the access point it sent a DHCP request onto the network. Think of this as walking up to someone's open door and yelling "Can I come in?". The DHCP server then responded "Sure, you can come in and sit in this seat!" (you can use this IP address). This is also often done unattended by a computer once it has completed the previous step.
Not only, then, is the wireless network sending out periodical invitations to everyone, but when they respond it is helping them to get connected. This guy might be able to claim "hacking" if neither of these were true, but I think in this case it's clear to me that the owner of the wireless network has the liability for sharing his Internet connection in breach of his ISP contract.
As a side note, I was taught in school that in the UK you can legally access any system which doesn't make attempts to stop you. Of course, if you then go ahead and break it or cause disruption you can be charged with damage to property and other such crimes, but just "seeing what's out there" and making use of what you find is legal, assuming what I was taught in school was correct. If this wasn't true, it would be illegal to connect to amazon.com on port 80 without prior permission; the fact that it isn't restricted implies permission to use it. If it required a password and I brute-forced the password to gain access, I would be breaking the law.
Aside from all the comparisons, accurate and otherwise, that are being drawn to the situation, there is a legal precident that can be applied here. It's an oldie, but a goodie.
Expectation of Privacy.
Ok, IANAL, but here's the rough version as I understand it; if you have a conversation on the phone, it's private, and can't be recorded, etc. If you're on a speaker phone, in a public place, there's no expectation of privacy, so you can record whatever you want, use it as evidence later, etc.
So, if you have your unsecured wireless device hanging out there in public, there's no expectation of it remaining private. Which makes "listening in" or hopping on the system, perfectly legal.
It's silly, and quite obviously so, that this guy got charged. Then again, it's the florida government. They can't even count properly. </cheap shot>
--Not to be worried, Pitr fix.
Um... in case you didn't read the article, they did state cases where people use compromised wireless network to send death threat, order sex toys. The child porn part is from the victim's own worry.
"I'm mainly worried about what the guy may have uploaded or downloaded, like kiddie porn," Dinon said. "But I'll probably never know."
In US, you can easily buy enough major firearms to wipe out your neighbourhood but a few little fireworks are banned.
Well, if your computer sends out a DHCP request for an IP address and a server replies and hands you an address, then you affectively Asked for access and it was Granted. End of argument...
Oh well, what the hell...
That's assuming you're running XP SP 1 with patches applied or are running XP SP 2. Luckily everybody patches their system once a week, keeping up on all the latest trends in MS's implementations of various functionality. Luckily they're all that computer savvy and trust MS that much. Seriously, they do.
However, what about people who configured Zeroconfig so that it would connect to untrusted networks automatically (because they're sick of Mom calling them up asking for tech support or something)? And what about everybody who has the default Linksys SSID in their trusted network list? And what about people who are using 2k or ME? And what about people who use their 3rd party wifi card's management software? And what about people who are using Mac OS? And what about...
The point is that SSID broadcasting, automatic client association and DHCP work together to provide seamless networking capability. That's how it WiFi was designed. Two years about I spent countless hours making sure that whenever people plugged in one of my companies wireless cards it would automatically join the network which had the strongest signal. Now somebody wants to say that's illegal? Bullshit. That is ridiculous. If they want to bust you with roaming onto somebody's wireless network they'd have to prove that your intentions were heinous. The act itself is not wrong.
It's not a matter of one person trespassing on the service of another person, but rather of the recording of phone conversations, which bears on the whole "hey, you became a broadcaster of your own free will" thing. In the days of analog cordless phones it used to be common that cordless phones could be heard faintly on neighbors' handsets or baby monitors, or with radio scanners.
Now, consider that anyone having conversations of an even vaguely secretive nature - that is, conversations they wouldn't want public - would be a fool to use such a cordless phone. However, people did, and sometimes their neighbors recorded the conversations, and the whole situation wound up in court. The case is McKamey v. Roach. The court found exactly the standard being advocated here - that there was no expectation of privacy when speaking over an open-air medium. In other words, your neighbors are completely free to record your conversations when they're conducted over analog broadcast signals. The courts have already ruled on this: if you become a broadcaster, you give up the right to refuse people to receive your signal, even if you became a broadcaster by buying a piece of consumer electronic equipment.
The obvious extension to sniffing unencrypted wireless packets is left as an exercise for the reader.
1,6, and 10 can be used at the same time without stepping on each other
You mean 1, 6, and 11. Channels 6 and 10 technically step on each other.
Although you can also use 1, 5, 8, and 11 together, without interference getting high enough to cause any noticable delays.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.