Slashdot Mirror
UK Police Cracking Down on Broadband Theft
dubculture writes "A 39 year-old man in West London was arrested for dishonestly obtaining free internet access" from an unsecured wireless router nearby. The article discusses a couple of other cases, including one where a fine of £500 (~US$1000) was handed out for, essentially, taking advantage of someone else's inability (read: apathy) towards securing their home network."
I have an unsecure network, and I really don't care if anyone uses it as long as nothing illegal is performed.
If someone leaves a hose running into the street is it wrong to take some of that water?
Read my Very Short "Stories"
Before anyone starts in with the "if the door is open, you can't go into someones house anyway" argument, I'm going to point out that most laptops these days auto connect to open connections, or at least do a popup that if the avg user isn't paying attention will connect them when they hit enter. Just like with property, than when rights aren't enforced long enough when people walk on it, it becomes public use land, the same is true of the wireless network. people leaving their networks with SSID broadcast no security is *not* the equivalent of an open, unlocked door on a residence, it's the equivalent of laying out all your stuff in the middle of the street with a sign that says "please take", or at least a path through their land that they never gated and never shooed anyone off of, it's for the public use at that point.
"goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
...then why do hardware manufacturers design their products to automatically join unsecured networks by default? You could get cited simply for buying a laptop and turning it on. Some unsecured networks actually are intended to be used freely. How are you supposed to tell?
Seems to me that the law should clearly state the legal difference between an "open" and "closed" wifi network, presumably with password protection being the key difference.
Bandwidth should be ubiquitous - as usual we are letting our fears drive our policies. I completely understand that the authorities want to be able to pinpoint who's using their connection to download child p0rn, send messages to known terrorist organizations, steal credit cards, or send spam. But the reality of it all is that the 'bad boys' already know how to protect themselves and how to obfuscate their identity. Add to this that 90% of all computers connected to the Internet are virus and trojan ridden (i.e. running Windows). So, this whole push to penalize people for using Internet connections wherever they are available is tantamount to the RIAA's effort to curb the proliferation of digital media, which thus far has proven to be an exercise in futility (since digital media inherently wants to be copied since it [most] always produces identical copies).
I see a huge opportunity here for some entity to encourage and drive the proliferation of [low cost] ubiquitous Internet access. Obviously in some way or fashion the wireless and mobile industries are working towards that goal, but it's far from being universally available. Again, the wrong paradim is being applied - we should encourage bandwidth to be used, not prevent others from accessing it. If I am able to share my bandwidth with my neighbors, and vice versa - we all win in the end and enjoy higher QoS. Also, the more we spread out the last 100 feet Internet access points the more efficient we are using our infrastructure as a whole. I know this sounds anarchistic to some extent, but right now we are moving into the exact opposite of the spectrum: bandwidth scaling, packet filtering, access restrictions wherever you turn. Is this how we imagined the Internet to turn into? If we let this trend continue, how is it going to wind up 10 or 20 years from now? Are we all going to be monitored/analyzed/profiled and at the same time 'herded' into tightly controlled pipes managed by large consolidated corporate monopolies? I hope WiMax will come to the rescue at some time - it's been promised for a long time and the roll out has been extremely slow.
'inability (read: apathy)' is editorializing. Which, fine, that happens on slashdot. But the idea that people have that 'if the damn users would just learn aboud WEP versus WPA, duh' is moronic. People USE computers, and may not know every detail or security concept, and they shouldn't have to. We 'techno elite' should provide the simple tools to work with confusing concepts. And we should default to good security. Which is not always possible, if you want your product to just work with the rest of yoru network.
But blaming the users and callign them apathetic? Get over yourself. Not everyone should have to or needs to know dirty security details or how to configure their router. If you MUST sustain your ego by blaming someone you can call an idiot, at least blame 'The Geek Squad' or whatever other support people set up the layman's network. Not the layman.
Rubbish law. When you log into a network, so long as you're not hacking it, you politely ask the router "may i use this network and have an IP address?". The router says "yes", on behalf of you, the owner. Therefore it is authorized.
Its NOT the same as leaving your front door open in your house, or your car unlocked.
It IS the same as leaving your front door open in your house, having a visitor stop at the door and ask "may I come in?" and you replying "yes". You can't then turn around and sue for trespassing.
-J
This metaphore is deeply flawed. It doesn't contain any cars.
Knowledge is power. Knowledge shared is power lost.
I know with cable television, in many jurisdictions, if you let your neighbors hook up to your cable, both you and the neighbor could be charged with a crime. Just because it's okay with you that random people use "your" bandwidth, doesn't mean it's okay with your ISP. My analogy probably isn't perfect, but just because someone opens up their wireless router and doesn't mind if people drive by and use their access point doesn't mean it's legal. I'm not sure what the law says about this. There are laws about stealing computer services, but whose are you stealing? The ISP or the owner of the access point? I think it would hinge on that question. It would probably depend on whether you pay by the gigabyte, or have an unlimited rate. If you are eating at an all you can eat restaurant, you aren't allowed to share your food with a non-paying friend. Generally, however, you can share if you pay for a fixed size meal.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
These days you can Wardrive (http://en.wikipedia.org/wiki/Wardriving) with a Nintendo DS. You can even access the internet through that said Nintendo DS using the information gathered. Granted, it is quite limited on the scope of what it can do, but the point is it isn't as hard as one would think.
/ 05/1428250
The analogy of someone leaving the door open is quite correct in a way. However, the technology makes the door more like an unlocked door of a giant mansion with many entrances that are all unlocked. People, especially the common person, would probably never know that someone was using the internet.
Even with encryption, it has been proven it isn't hard to break anyway: http://hardware.slashdot.org/article.pl?sid=05/04
This is just a warning to all you wifi freeloaders in the lobby: Buy some coffee. Or else.
-The Management
I do not respond to cowards. Especially anonymous ones.
> That being said, the owner of the access point is entirely within their rights to both improperly
> secure it, and to attempt to pursue those who improperly use it. The analogy of the home with the
> door left open applies somewhat well here.
No. If I go into your house it is reasonable to assume that I know I'm doing something wrong. But if I light up my laptop and use the first available signal it really isn't the same thing. Perhaps if the access point vendors added a splash page option for every new association so the rules of access could be displayed, but at that point why not just make them stop broadcasting an ESSID by default. When a laptop or PDA can associate by default with no intervention it is really hard to say the user should divine the state of mind of the owner of the AP. An unsecured access point is indistinguisable from an OPEN access point.
I have used 'available' WiFi before and don't consider myself a thief. My Thinkpad+Cisco350 just refused to associate to my brother's D-Link AP, instead jumping on one of his neighbor's AP regardless how I tried telling it NOT to do that. So I finally said screw it, it's only a 2Mbps link but I can check my mail and read slashdot. By the same token I have told my neighbors I don't care if they connect to mine, that if I ever cared they wouldn't see it anymore. I do know HOW to secure an AP, I choose not to. (I loaded HyperWRT-Thibor14 on it. I can certainly click the button to supress broadcasting the ESSID or enable one of the real security options.) If we all lightened up a bit we could have WiFi signal darned near everywhere.
That said, if some idiot started leaching GBs of bandwidth running BT on my DSL line I'd block em. But my default is to share a resource I have in relative abundance. I don't keep a BT client going 24/7 so most of the time my circuit is idle.
Democrat delenda est
Given the circumstances of the arrest and the description of the law, there is no way this is (or should be considered) an illegal act.
If the fellow was wealthy enough to this to a high court, or possibly the European court, they would win hands down and the law would be struck off the books. As an English person myself I can tell you that the UK has a strong propensity for these kinds of knee-jerk fascist laws that often stay on the books for years both because of the tendency of the average Brit to knuckle under to the cops and because rich people are rarely charged with such offences.
The law (as described in the article), says that "Dishonestly obtaining free internet access..." was the crime. Yet it's a long established legal principle that merely adding the word "dishonest" in front of something does not actually make it a crime. You can't just say that driving a car is alright but "dishonestly driving a car" is a crime. This is patent nonsense.
The crime should be correctly defined as "stealing broadband access," and stealing requires both knowledge of wrong-doing and an intent to deprive the victim at a bare minimum.
There is no deprivation here, and nothing has been lost. The man in question seemed to have no way of knowing that the owner of the broadband connection did not want people to access it. Some people have wireless and leave it open on purpose. I know at least four of my neighbors do this.
To top it all off, when the police saw him sitting on the wall and asked him what he was doing, he freely admitted it and apparently didn't see anything wrong with the practice. A good argument could be made that he was "Honestly obtaining free internet access" and not being dishonest at all.
Unless there are facts not in evidence in this story, like the broadband being secured with a password, there simply is no crime here at all. Unfortunately the way the justice system is both in the UK and in North America, this unjust, ridiculous law will hang around bothering people for ages before someone with enough political power or money decides they are tired of it.
I am also British but I do not agree with your analysis. Firstly, because "Dishonestly obtaining free internet access is an offence under the Communications Act 2003 and a potential breach of the Computer Misuse Act." The offence is specifically stated in the law as it is currently written, although not using that particular phrase. The use of the word 'dishonest' does not make a law valid, but it is the correct usage to indicate that a crime is believed to have been committed when the charge is being written. After all and as you have pointed out, without the word dishonest then it appears that there has been no crime. Unfortunately, TFA has not used the specific wording from the act but has quoted what the individual has been charged with. The case could, I suppose, fail on this technicality but I suspect that the judge will accept it. Secondly, any unauthorised use of someone's computer equipment, which includes a network, is covered by the Computer Misuse Act. If the owner has not given specific permission as required by this Act, then an offence has been committed. Of course, we will not know until the court case is heard whether the owner had given such permission but the accused did admit to "using the owner's unsecured wireless internet connection without permission" so it looks quite likely that the Act was contravened. Thirdly, if the ISP account allows x Mbs to be downloaded and this individual was downloading y Mbs, then deprivation of that bandwidth did take place. Whether the owner would have noticed it is not relevant in law. Just because you are not driving your car at any particular time does not give me the authority to drive it. Furthermore, if the account was capped, then the legal user of the network has also been deprived of a specific amount of data that now cannot be downloaded during the relevant download period. Fourthly, you might leave your network open and free to all users but, unless you have advertised it as such, then no-one can use your network without your 'specific permission'. That is why airports have the signs announcing that a wifi is available. It is the legal authority for others to use it. Simply leaving it unsecured does not fulfil this requirement as far as I understand it. The law in the UK, rightly or wrongly, does not accept that an open network implicitly grants permission for anyone to use it. You might like it to be so but it is not currently what the law believes to be a correct interpretation of the appropriate Acts. The police have reasonable grounds for suspicion that the law has been contravened and have thus acted appropriately.
Despite my analysis, the judge may decide that there is insufficient evidence here to prove guilt beyond all reasonable doubt or there may be, as you have already acknowledged, further facts that have not been included in TFA. We will all have to wait to see whether the judge or CPS (although I do not think that they will be asked for a judgement in this case) thinks that the police acted correctly and whether the case leads anywhere. Regardless, the outcome could well clear up any misunderstandings that might currently exist as to what it, and what is not, permitted by law in UK with regard to unsecured networks.
Finally, I do not agree that this is an 'unjust' law - but IANAL. It addresses a specific problem, in fact a series of problems, and I personally support it. The title of TFA is, in the usual Slashdot fashion, a gross exaggeration of the truth - a single person has been charged, there is hardly a 'crackdown' on broadband theft.
Have a look at soylentnews.org for a different view
A person who--
- (a) dishonestly obtains an electronic communications service, and
- (b)does so with intent to avoid payment of a charge applicable to the provision of that service,
is guilty of an offence.It is not an offence under this section to obtain a service mentioned in section 297(1) of the Copyright, Designs and Patents Act 1988 (c. 48) (dishonestly obtaining a broadcasting or cable programme service provided from a place in the UK).
A person guilty of an offence under this section shall be liable--
Here's the relevant section of the Computer Misuse Act 1990:
A person is guilty of an offence if--
The intent a person has to have to commit an offence under this section need not be directed at--
A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
My idea never seems to get traction, but I still think its a good one and will repeat it once again:
If you INTEND to make your wifi open access, then you should signify this by including the key word "[PUBLIC]" or [PUB]" at the start (e.g. "[PUBLIC] Joe's Wifi" or "[PUB] Megaboob, Inc").
That makes the intent crystal clear (some other key words could also be included to provide flexibility).
I agree that any open wifi spot ought to be assumed to be public in the first place, but since the law seems to disagree, I believe my idea is the next best alternative. Software that searches for hotspots could be updated to look for these key words to indicate if the hotspots are intended to be public or not.
Long term, it would be nice if the wifi standard were updated so that a bit could be toggled which would indicate whether the hotspot is intended to be public or not. In the configuration menu it could be right next to the "Make SSID Visible" checkbox.