UK Man Convicted For Wi-Fi Piggybacking
CatrionaMcM tips us to a BBC story reporting that Gregory Straszkiewicz, a UK resident, was fined £500 and sentenced to a conditional discharge for 12 months after being caught using a laptop from a car parked outside somebody else's house. '[H]e was prosecuted under the Communications Act and found guilty of dishonestly obtaining an electronic communications service.' A separate BBC story notes that two other people in England were arrested and cautioned for sharing Wi-Fi uninvited.
Just because you can do it, doesn't mean you have the right to.
I don't need no instructions to know how to rock!!!!
What about when Windows auto-connects to an open AP? Sure you would probably never get arrested for it, but its still technically illegal isnt it?
Libertarian Leaning Political Discussion Forum.
There are other countries besides yours.
His computer sent out a DHCP *REQUEST*. His computer said: "Can I have an IP address on this network? Can I have the information I need to get online from this access point?"
To which the access point replied: "Yes, you can have X.X.X.X. You can route your traffic through X.X.X.X."
He *asked* to use the network, and the network said *yes*.
First of all, punish people who break into closed networks not open ones. I have accidentally connected to an open network a time or two. Sorry, I meant to connect to the Linksys network, not the Linksys network. Secondly, if DLink and the like would default to a more secure configuration out of the box instead of pandering to the wanabe power users, this problem would be largely eliminated. The computer industry seems to want to make computers so easy anyone can do it. They can't. Take your car to a mechanic, take your clothes to a tailor, take your securely configured router that you can't figure out to me.
liqbase
I love this example, because there is a legal difference in many jurisdictions between locked and unlocked doors.
If you defeat a lock and enter a building, that is breaking and entering. But if the door is unlocked the most you can be convicted of (providing you haven't damaged or stolen anything) is trespassing.
The law should really make the same distinction about networks.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It's no different than seeing an unlocked door.
Yes, it is very much different from seeing an unlocked door. That's why intelligent people don't resort to analogies to discuss simple concepts like communication over radiowaves. The established standard has means of negotiation that allow people to use a shared resource without prior agreements. Using the standard is vital to many interesting and legitimate uses of the shared resource. You're advocating a restriction on useful applications to give technological nitwits the illusion of safety, while in reality their baseless assumption of being protected only causes them to be more vulnerable because they see no need to secure their networks. There is not even one good reason for punishing the use of open access points by anyone.
Technically, the structure of the internet is built on a 'Default allow' schema. Essentially, if you don't say 'no' then I can. I don't have to get permission to use your web server, your anonymous FTP server, or route over your backbone. If you choose to, you can of course block all of those, but you have to choose to disallow me access.
Add to that the facts that public 'hot spots' are more & more common & XP will sometimes jump from one network to another without asking and you have a recipee for legal chaos when incompetents leave their AP's open.
Do it all the time - I don't actually remember the last time a business had someone out front asking me to come in.
Such as an SSID advertisement?
Do you think he would have gotten a 500 pound fine and 12 months probation if he had hacked into a secure network? I think the court probably used it's judgment in assessing the sentence and indeed recognized that the crime was more "trespassing" and less "breaking and entering."
The article doesn't say it was, in fact it notes the details are extremely sketchy.
Furthermore, if I drop my wallet, does everyone here just assume that I don't want it anymore and you are therefore free to take it?
I had at one time a public access point, it was identified as "Free basic web access, be nice" or something and was run through a linux box wich filtered and limited access quite a bit AND logged everything. I did it mostly out of curiousity. Just what would people access through a connection provided by someone they didn't know?
The answer was suprisingly mundane. Mostly email and light browsing. The location was in Amsterdam in an apartment near the "kalvertoren" a few years ago. For the non-dutch this is in the heart of amsterdam, yes within walking distance of the red-light district. This is holland, everything is in walking distance.
HOWEVER I have also found in more recent years that if you leave an AP open for general use, some people WILL not automatically limit themselves to minimum use. Cue the by now old trick of simply filtering a specific users access to replace all their image requests with tubgirl (if you think goatse is bad, google for it).
Still simply securing your network ain't always enough. At least some wifi security can be easily bypassed. At what point do we say "this is secured enough, you are now commiting a crime".
Personally I think it is bad sign if a bike stolen from an open garden gets a response from the police that you should have a 1 meter high fence, that is locked and the bike should have secured to something. Perhaps some people like to live in a world were everything has to be secured, I prefer to just lock up those that cannot understand the difference between something you own and something someone else owns. Either way, it seems we need an awfull lot of locks in this world.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
You can only charge someone for trespassing after you tell them to leave... Same should of course apply for wifi.
If you wear a sticker that says "Hi, my name is John", then you can't complain if I talk to you and ask you to give me a ride. If you then answer "yes, get in the car", you can't complain if I do get in the car and tell you that I would like to go to the next McDonald's. If you then drive me there, you can't complain that I hitched a ride from you and didn't pay you. An open router is a very friendly piece of hardware. It tells people that it's there, it hands out IP addresses and it routes strangers' packets and all you have to do is ask for the favor.
You may see it as so. But the law disagrees. In fact the law (in this instance) is consistent with locks on doors, etc... Absence of a lock is not indicative of permission to enter. This makes sense because, lacking signs, there is no way to tell the difference between a WAP you are encouraged to enter, and one where the owner forgot to lock his door.
You miss the point: the technical protocol-level details are completely irrelevant. If there's no specific advertisment (be it on a signpost, or a SSID name indicating that's it's public, or something else), then there's no invitation.
Just because the default configuration of routers broadcasts the SSID doesn't make it a free-for-all. Similarly, just because a Bluetooth phone is set to 'visible' doesn't mean 'connect to me and do what the hell you like': at a protocol level it means 'you can connect to me', but at a human level there's no such implication made purely by the presence of the packets.
Similarly, just because an operating system finds the packets and produces a UI in response to them doesn't mean there's an invitation either, it just means that the packets have been spotted by the operating system and it's acting in a pre-programmed manner in response to them. Ultimately, you're still given a choice as to whether to connect, and moreso a choice whether to actually use the network or not. The fact that you can doesn't mean you should.
This whole line of reasoning has always struck me as a rather disingenuous argument, because proponents of the "Well, the SSID was broadcast and there was no key required, so obviously it's free for anyone to use" theory never offer any criteria for exactly how much the owner of a wireless access point needs to do before random clients can "assume" it's not intended for public use.
There are lots of analogies being thrown around already, I'm sure, so let's just dispense with those for the time being and get down to brass tacks.
My neighbor's access point is a crappy linksys wrouter that he got several years ago. He uses WEP but I can crack that quicker than he can type in the key. Does the fact that he is using a known-to-be-weak encryption scheme mean that I have the right to be on? My other neighbor does not advertise his SSID, but I can get on his AP just the same simply by grabbing enough packets out of the air. Does that mean that I have the right to use the service he's paying for?
Simple deduction tells me that I should not assume that, simply because I can access a resource, the owner does not mind if I access the resource. You cannot validly assume that the average home user of 802.11 technology knows enough to secure it.
Frankly, at this point, I do not care whether or not people want to lay blame for this at the feet of the vendors or of the end users. The simple fact is that unless you have an explicit reason to believe that you are meant to access someone's wireless, you should not; and to access it anyway is unethical.
Oh, sure. I agree with you 100%. But this only means at most that you're free to observe someone's traffic. I do not see anywhere in your argument provisions for communicating back to the AP, negotiating a connection, leasing an IP, and coming to Slashdot.
As has been noted elsewhere, you are assuming "laziness" or incompetence on the part of the "sysadmin" where mere ignorance performs as well. Which explanation do you suppose Occam would select?
As I have said on slashdot before: COMPUTERS ARE NOT APPLIANCES!
Just because I can get in a a car and drive it doesn't mean I should.
If you do not possess the knowledge to properly set up a wireless network, then by no means should you be doing it.
The law should be simple: if you set it up, w/ SSID broadcast turned off, encryption enabled, or both, then you should be allowed to sue for unauthorized access. If neither, then it should be assumed it is a public service
The lack of technical knowledge of the 'victim' DOES NOT MATTER. They failed to follow the directions that came with the router. They failed to learn about the tech they were about to use. They get burnt.
If I install a dishwasher myself, but fail to read the directions, and it floods my house, Is it the water's fault, or mine?
ERROR: SIG NOT FOUND (A)bort, (R)etry, (F)ail?:
This whole line of reasoning has always struck me as a rather disingenuous argument, because proponents of the "Well, the SSID was broadcast and there was no key required, so obviously it's free for anyone to use" theory never offer any criteria for exactly how much the owner of a wireless access point needs to do before random clients can "assume" it's not intended for public use.
I see your point and I do understand where you are coming from on this, but the problem is a bit sticky.
For instance, where I live, and probably where most people live these days, pretty much every business around from the local hamburger joint to the local bar, etc advertises free wifi. Many if not most of them simply set up an AP with a broadcast SSID and have done. The people who work there may not even know what the SSID is, but they expect you to just search and find it, which you can. In several places there is overlap between these APs from businesses and similarly configured APs from regular folk. Sometimes the SSID is obvious, like $RESTAURANT, but sometimes it's just the default Linksys SSID or whatever. There are services that help these folks set up their networks and require some kind of authentication over ssl to actually get out to the net, etc, or will just set up the system for you in some other way, but those cost money, and, like I said, many small businesses find it simpler to just fire up an AP out of the box and hook it up.
I have also noted that since encryption adds significant overhead to wifi connections, making them in many cases many times slower than without, people will open the network for that reason alone. The 11mbps connections were especially nasty that way.
Then you have your neighbour problem. Sure it's not anything like the situation with getting connected to an open wifi connection run by a business, but even so there are people who deliberately set their wifi networks as open networks that broadcast their SSID specifically because they want people to be able to use them. There are even clubs that work together to convince people to set their networks up this way, and set their own up this way, specifically so people can use them.
Given all that and the permissive nature of these networks, a culture is brewing such that people do not see connecting to open networks as wrong, and often do not care that people connect to theirs. In my experience, this is actually more the rule than the exception, even with non-technical users.
Now we come to your point. For instance the person who just got wifi and has no idea other people can connect to it, etc, who barely struggled through the instructions and has no idea how to monitor the connection. This is the guy I am sure your worry most about. It's not their fault they did not secure their network, per se, and it is not fair in any case for people to just use their stuff because the "door is open" and the "keys are in it" or whatever analogy you like today. But at the same time it's hard to draw the line between legitemately using an open network and using one that was not supposed to be open. Sometimes, in fact, it's the proverbial "clueless user" who ends up on the wrong network thinking he is on his own. It's even weirder when they are both called "Linksys." How is he supposed to know? I actually got onto my girlfriend once for getting on someone else's network, but she not only did not know she'd done that, but did not know at the time how she could have told what network she was on. (She is more expert now).
Usually people that are connecting to other's networks are not doing anything more nefarious than using someone else's bandwidth. I do know some people who deliberately set up open networks had to close them because some one did try to hack the other boxes on their home network. In any case, it is probaly is a good idea not to connect to networks not your own unless you know it is open on purpose. In the case of the neighbour you can generally ask, and I
"My WAP is open. It is intentionally so. My neighbours or anyone just generally passing by are free to share it. And people frequently do, according to my router's logs. It's not that I'm constantly needing those 6 MBit myself, so why would I mind anyone else using them".
Wow, what subversive pinko commie ideology is that? Sharing things free of charge with your neighbours, or - still worse - with total strangers? That's the kind of behaviour that troublemaker Jesus Christ was executed for advocating! No wonder the law comes down hard on it. Next thing you'll be suggesting we should start sharing source code with complete strangers, for Pete's sake.
I am sure that there are many other solipsists out there.