Slashdot Mirror
Jailtime For Leeching Wireless?
jginspace writes "A 17-year-old from Singapore is is facing three years' jailtime for accessing his neighbor's wireless network.
His neighbor complained and now the unfortunate Tan Jia Luo is facing charges under the computer misuse act and is scheduled to appear in court on Wednesday."
Putting aside the fact that running an unsecured network should also be a punishable offence in this day and age, the kid was still in the wrong. Just because you can break into a network does not give you the right to do so. The question is whether or not he did it on purpose or if it was just another stupid Windows box attaching to the nearest open wireless access point (I've lost count of the number of times I've accidentally attached to my neighbour's WAP [1] ... telling Windows not too is like pulling teeth).
I just hope the conviction isn't too harsh. A fine would be more appropriate than jail time.
[1] And yes, I have told him to fix it. Even did the neighbourly thing and secured his network for for him. The following day he removed my configuration because "he didn't like entering a password". He'll learn the hard way eventually.
To all of you that say he wasn't doing anything malicious: how do you know? And are you using your definition of malicious or the owner of the WAP? If my connection was open(it's not) and someone wanted to check their email, I wouldn't mind. Someone else might. However, probably everyone would mind if someone slammed their connection with torrent traffic 24/7. It might be all "legal" traffic, but it would still be damnned annoying, and malicious in my book.
The only real solution I see to this is to secure ALL wireless networks out of the box. It would keep windows from auto-attaching, and would make anyone logging into one liable if someone complained. The argument "well I didn't know I wasn't supposed to be there" goes right out the window. Then, if you decide to unlock your network, everyone knows that you meant to, and not that you're some fool that said "I want a wireless network! yay!" without knowing what that really means.
False. Yes, most consumer ISP service agreements forbid this. There are significant exceptions. And almost any ISP that has any non-consumer operations will sell you a connection that you can share if you're willing to give them enough money. I have a "legal" open wireless network, with the permission of my ISP, and so do lots of other people. There is no reason my users should assume my network isn't legitimate.
If you leave a network wide open, you are doing the only thing you can to invite people to use it. Absent information to the contrary, there's no reason it should be forbidden to assume the good faith of such an invitation. If your ISP service agreement doesn't permit you to share the bandwidth, then you need to close down the network, or somehow put people on notice that they can't use it. Only you, not the users, are in the wrong if you don't.
Home locks are pickable so that police and locksmiths can open them. Your home is accessible by law.
That said, radio devices are not homes, WEP is not a lock, and accessing a device which sole purpose by design is sharing access is not invading private property. Metaphors are not real. Radio is not "yours", ideas are not "yours". Such semantic confusion -- intentional confusion -- leads to things like 17 year old kids going to prison for a crime that only exists in the the minds of hornswoggled. The thing to look out for in the years ahead is the first execution of a person for "stealing" a metaphor. Probably going to happen a lot sooner than even I believe it will.
That being said....with open wireless access points? Jail time? I mean, c'mon!! AS I posted on the story about 5-10 yrs. in prison for Dos attackers....let the sentence reflect the severity of the crime!!
Violent offenders can and do get off for less than 3 years!!!
If someone leaves an AP on and open...I think that is pretty much a free invite to join in...
And if not...well, for sure it isn't worth imprisoning someone 3 years!!
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Uh, an open AP is literally an invitation. Nobody is hacking your wirez, you are actually broadcasting the availability of a service. Another great example of getting pissed off at someone else because you didn't read the damn manual. It's a FIVE PAGE BOOKLET. It HAS PICTURES. They literally DREW A PICTURE FOR YOU.
Literalism isn't a form of humor, it's you being irritating.
So, I assume that you call the operator of every Web server and get permission before you connect to it, right?
No. You don't. You don't because setting up a Web server, and not doing anything to restrict access to it, implicitly authorizes people to use it, at least in any "normal" way.
You also don't look around for an "OK to drink" sign before you use a public drinking fountain. Not even when that fountain is on private property. Also, by the way, you don't go around inquiring whether the drinking fountain operator has an agreement with the water company that permits her to give away the water. You just drink the damned water.
We're talking about what norms should be established in a relatively new case. I claim that the norms should be consistent (meaning that the same norms that apply to T-Mobile should apply to me), that they should be practical (meaning that there's a reasonable way to have an open network and an reasonable way to have a closed one), and that they should comport with the way the installed technology behaves (meaning that, since the default configuration of practically every computer is to connect with any available open network, that behavior should be expected).
The people who want closed networks already have methods available to them. It's trivial to mark a network as not being available-- don't beacon the SSID, or turn on MAC filtering, or turn on authentication or encryption. Those are simple, reasonable ways of marking the network as closed, and they work within the technological framework. Asking me to talk to every user or post a sign goes outside the technological framework and is an unreasonable burden.
I agree . If someone doesn't wont you to use their wireless , there are many ways to prevent it .
It's even possible to use their wireless unintentionally . if the signal is strong enough , your computer may decide to use that one . So you can go to jail because your computer screwed you over .
Slipping shoelaces ?
Perhaps the culture in Singapore is such that gum chewing is considered immoral, if everyone agrees that (a) when chewing gum, it's all too tempting to spit it on the sidewalk instead of finding a trash can, and if everyone also agrees (b) the best way to prevent people from chewing gum is to enforce strict punishments against it. Simply banning spitting on sidewalks wouldn't be considered an adequate solution because of (a) above. Now I understand Singapore's no democracy, but from what I've seen this is a completely reasonable assessment of mainstream Singaporean culture.
In short, it's a mistake to force Western notions of freedom and morality on a culture that already has its own conceptions of both.
And now, a PSA from David Lynch.
though Mr Cheo said software tools are available for download that can track who is using a network and what they are doing on it.
Yeah, it's called your router's software.
My old 802.11b wireless router died a few years back. I didn't have a laptop at the time, but my girlfriend did. It was literally 6 months before we noticed that her laptop wasn't connecting to our router, but rather a unsecured wireless router in the building. It was just automatically connecting to what's available.
This is not "stealing" network access, or "breaking in" to your house. This is a device, available for everyone nearby, which is constantly broadcasting packets saying quite literally "Hey, I'm here! Does anyone want to connect to me?" Your computer then says "Hey, I'm a laptop. This is my network card identification. Can I get on your network?" The router then says "Sure, hop on. I'll route your packets."
This is not someone coming to your house and attaching alligator clips to your phone line. This is YOUR router, working in YOUR stead, behaving exactly as YOU have configured it to. This is like a secretary whom you've told to let anyone into your building. If you can't be bothered to train the secretary in the simplest of fashions (and putting a password on a network isn't exactly rocket science), you shouldn't envoke the police when you find they have let random people into the building.
If you can't spend the ten fucking minutes to put a password on your network, you shouldn't waste the judicial system's time when people access it.
The ______ Agenda
I have an ISP that allows me to share my service. I want to make it available to those around me.
How do I tell people it's free and available, without them connecting to me first?
I run a web site. I want customers to access it. How can I let people know it's free and open, without them connecting to me first (and potentially "tresspassing" in the process).
The answer to both is simple, and should be handled similarly to how physical property is handled. A front door is an invitation to tresspass, long enough to state your business (it has to be so, or you could never visit anyone). Trespass is when you extend your stay once you have been told to leave. With computer systems on publically accessible networks (internet), or publically accessable airways (wifi), the only sensible solution is to have a password or other authentication on things which shouldn't be public. When you get a big "Access Denied" message, it should be a hint that what you are accessing is considered private.
Do you really want to live in a world where you need prior written permission to visit a neighbor, visit slashdot, or use the wifi at starbucks?
Yes. An unsecured wireles access point is constantly sending out an invitation to every device nearby. It's broadcasting "Hey, I'm here, connect to me!" to every device nearby.
So yes, leaving a wireless access point unsecured means it's constantly and actively inviting everyone to connect to it. It's not just sitting there waiting for connections (like a HTTP server, for example), it's like a spammer sending e-mails with connection instructions to everyone nearby.
This is not an opinion. This is how the Wi-Fi protocol works. Leaving an access point unsecured means it's constantly sending invitations to connect to every device nearby. Maybe that's not what the owner meant, but it's what his actions (or inaction) amount to anyway. And I, for one, am starting to get a bit tired on having to walk on eggshells because some morons can't be bothered to RTFM.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
If someone leaves an AP on and open...I think that is pretty much a free invite to join in...
What I find most interesting is that an open accesspoint is actually broadcasting invitations - if accepting an invitation is considered illegal, how is accessing a web server legal? I mean, a web server doesn't broadcast it's presence so you have to actively try and connect.
How can I tell the difference between an accesspoint that is intentionally open and one that has been set up by an idiot? Should I assume that everyone's an idiot? The next time I want to go to the pub, am I to assume that the building I'm about to enter isn't really a pub and the "Bar" sign hanging outside the door was put there accidentally?
When you associate with an open network, it's not as if you're going down the road trying doors to see if they're open - you're actually getting invitations broadcast to you and many devices will connect without asking - are you responsible for your computer connecting to a random access point without asking you first?
http://blog.nexusuk.org
Can't you get a jail sentence there for littering a cigarette bud, or something of that or similar "severeness"?
If things continue as they are in US, this may come here too.
Ever seen a new law or regulation coming out recently which gives more freedom or is sensible instead of making things tighter?
This whole mechanism and attitude of people pulling the strings goes towards more control and punishment. Totally senseless and idiotic!
Yes, the "justice" systems of the world are crooked.
3 years for joining a WiFi network that was wide open to the world, and NOT doing any harm (this guy)?
6 or more years for breaking into networks but NOT causing harm, and reporting the vulnerabilities (mitnick)?
280+ years for not evading taxes, but structuring withdrawls to avoid dealing with complicated invasive paperwork (Kent Hovind), and using an IRS-appointed jury and disallowing the defense's evidence?
20+ years for dealing cocaine (one of my idiotic cousins)?
MURDER someone in cold blood, sometimes get out in 5 months (many assholes)?
Molest 40+ kids in Virginia causing irreparable mental anguish, get nothing but home arrest and possibly six months' probation (some fucking pervert in Vermont)?
There is no justice in this world.
If you can't bother to tell people that this is private (the moral equivalent of installing a fence with a gate), then yes, you are inviting everyone to use your router. I don't care to hear anyone bitching that it's too technical, either. A subliterate moron could figure this stuff out.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
The neighbor knew how to check if someone is using his wireless network, but doesn't know how to secure it? An open wireless network is an invitation for anyone to use it.
Internet access through a wireless network that is probably connected to a ADSL modem has fixed costs. The guy really didn't lose anything. So he just doesn't want anyone else to benefit from something he has paid for.
The charged teenager is 17 years old. The neighbor could have told his parents what he was doing and they could have told him to stop or take away his computer...
Sounds like the neighbor wanted someone to use his network, so he could sue them.
Ahh but here's the nuance. Linksys routers ship with an ESSID of 'Linksys' so when I go to my grandparents' place I attach to their router named 'Linksys' it automatically gets added to my favorites list. I then go to a client's place where I whip out my laptop and begin taking notes of our meeting. Assuming in this setting that there were an open AP named 'Linksys' and there were no other suitable APs Windows would automatically associate. It doesn't do any checking around ok this is Linksys@12:23:34:45:56 so I shouldn't connect because its not the same Linksys that I was talking to last time when it was added to the favorites.
IANAL but I do realize there is a difference of intent in these cases but intent is very difficult to establish and the courts have not been very forgiving WRT people who's networks have downloaded naughty things pr0n, music, videos their conculsion has been lately that if you are the one that owns the account unless you can come up with a better suspect you are guilty. The result is that people have become very protective of their wifi. Personally I use WPA which while not perfect gives me some feeling of security and if I were to find a chronic abuser would give me cause to have him/her arrested as it would be clear that they did not accidently associate.
In many jurisdictions, there is a "reasonable person" test that would probably apply here. Businesses don't have locked doors, and it's not trespassing for you to enter them without explicit permission. But the fact that there's a business name above the front door, and their front door is unlocked, is usually enough for one to assume that permission is implied.
A wireless access point that is *announcing* itself as being open could be considered implied permission to use it. Note that the access point doesn't just have a sign on it that says "open". It is actively beaconing its "openness" to solicit users. This is all defined as part of the 802.11 "contract" between computer systems, and just because some owners don't understand what they're doing when they set up an 802.11 access point doesn't mean it's unreasonable for others to assume they do.
Of course, when the owner of the access point tells someone to stop using it, that implied permission no longer exists, just like a business owner can tell someone to leave their store. You've been asked not to use it, so any continued use is legally actionable (though it still may not be illegal, depending on the laws in your area).