Wi-Fi Piggybacking Widespread

BaCa sent in this article about stealing network access that opens, "Sophos has revealed new research into the use of other people's Wi-Fi networks to piggyback onto the internet without payment. The research shows that 54 percent of computer users have admitted breaking the law, by using someone else's wireless internet access without permission." Of course, online polls being what they are, the results are hardly a plank for a full investigation, but a good share of the answerers did 'fess up to it as well.

Re:I agree its wrong

[Eyah....TIMMY]

Here it is for California:
http://www.internetlibrary.com/statuteitem.cfm?Num=12/

"Access" means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network.

(7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.

It is illegal in the UK

[cyriustek]

Here are a few occasions instructing that using a wireless connection without payment, or without permission is illegal:

"Two people have been arrested in the UK for using another person's wireless internet access without permission. Neither was charged but both were cautioned for dishonestly obtaining electronic communications services with intent to avoid payment." http://www.out-law.com/page-7969

Another according to BBC NEWS where he was arrested for "Dishonestly obtaining free internet access is an offence under the Communications Act 2003 and a potential breach of the Computer Misuse Act." http://news.bbc.co.uk/2/hi/uk_news/england/london/6958429.stm

Per Federal Law, Piggybacking IS legal

Per Federal Law, Piggybacking IS legal
US law clearly states that accessing unencrypted wireless is legal.
But first, I want to address a lie that was started by Alex Leary, a reporter for the St Petersburg Times. I have been following this story since it appeared. A "Benjamin Smith" was never arrested by the St. Petersburg Police for unauthorized access to a computer network, never charged with a third-degree felony, never booked by the Pinellas County Sherff's Office, and never scheduled for a pretrial hearing. There was no follow up to the story because there was no trial. Alex Leary made the whole story up.
Do not spread urban legends. Especially about the law. When you are told that something is against the law, ask which specific law? When you are told someone was arrested, ask for the booking number? Went to trial, docket number. When someone cannot answer these questions, do not believe them.
Accessing unencrypted wireless is VERY legal.
According to Title 18 (Crimes and criminal
procedure) of the United States Code, Part I
(Crimes), Chapter 119 (Wire and electronic
communications interception and interception of oral
communications) from
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm :
2511. (2)(g) It shall not be unlawful under this
chapter
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm
or Chapter 121
http://www.usdoj.gov/criminal/cybercrime/ECPA2701_2712.htm
of this title for any person --
(i) to intercept or access an electronic
communication made through an electronic
communication system that is configured so that such
electronic communication is readily accessible to
the general public;
2510. Definitions
(16) "readily accessible to the general public"
means, with respect to a radio communication, that
such communication is not --
(A) scrambled or encrypted ;
(B) transmitted using modulation techniques whose
essential parameters have been withheld from the
public with the intention of preserving the privacy
of such communication;
(C) carried on a subcarrier or other signal
subsidiary to a radio transmission;
(D) transmitted over a communication system provided
by a common carrier, unless the communication is a
tone only paging system communication; or
(E) transmitted on frequencies allocated under part
25
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr25_04.html,
subpart D
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.401.htm ,
E
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.501.htm ,
or F
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.600.htm
of part 74
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr74_04.html ,
or part 94 http://wireless.fcc.gov/rules.html of the
Rules of the Federal Communications Commission
http://wireless.fcc.gov/rules.html , unless, in the
case of a communication transmitted on a frequency
allocated under part 74
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr74_04.html
that is not exclusively allocated to broadcast
auxiliary services, the communication is a two-way
voice communication by radio; [The unlicensed
spectrum used by Wi-Fi
http:

Re:I agree its wrong

[penix1]

You may not be in violation of a law but in most cases you are in violation of you ISP contract. Go back and re-read what is says about securing wireless as well as the definition of a "home network". In my case (Verizon) it says:

3.2 We will provide you with or, if available in your area for your chosen Service, you will choose, a User ID and/or Verizon User Name (collectively, "User ID") and password for each account purchased to enable you to access the Service. You agree to protect your User ID and to pay for all activity associated with it.

  3.3 You agree that you are responsible for all use on your account, including any secondary accounts or sub-accounts registered to your primary account. You understand this means that you accept full liability and responsibility for the actions of anyone who uses the Service via your account, or any secondary accounts, with or without your permission. You also agree to use the Service only within the United States.

  3.4 The Service is a consumer service and is not designed or intended to be used by any business or for any business or commercial purpose.

and:

3.7.1 You may not resell the Broadband Service, use it for high volume purposes, or exceed the bandwidth usage limitations that Verizon may establish from time to time for the Service.

  3.7.2 You may connect multiple computers/devices within a single home to your Broadband modem and/or router to access the Service, but only through a single Broadband account and a single IP address obtained from Verizon.

Even if your contract doesn't have that clause (something I doubt) YOU are still responsible for it in the event it is used for something illegal. It is a bad idea to open your wireless for this reason alone.

Re:I agree its wrong

[Shakrai]

By that definition, my operating system is in violation of the law whenever it scans for an available network and presents it to me for connection.

New York's definition is a lot better. Of course, I can't pull it up right now, because section of the Assembly site with our laws seems to be down, but it basically requires that you have to bypass a "password or code system" in order to commit the crime of "unauthorized use of a computer".

That's actually quite logical. Connecting to an open wi-fi network is not a crime in New York State. Bypassing someones WEP key in order to use his wi-fi however, is.

Re:I agree its wrong

[Shakrai]

The Assembly webpage came back up. It's a little vaguer then I recalled but I still think you are safe:

156.05 Unauthorized use of a computer.
A person is guilty of unauthorized use of a computer when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization.
Unauthorized use of a computer is a class A misdemeanor.

Then from the definations:

8. "Without authorization" means to use or to access a computer, computer service or computer network without the permission of the owner or lessor or someone licensed or privileged by the owner or lessor where such person knew that his or her use or access was without permission or after actual notice to such person that such use or access was without permission.

Proof that such person used or accessed a computer, computer service or computer network through the knowing use of a set of instructions, code or computer program that bypasses, defrauds or otherwise circumvents a security measure installed or used with the user's authorization on the computer, computer service or computer network shall be presumptive evidence that such person used or accessed such computer, computer service or computer network without authorization.

Based on that I would assume that you are ok connecting to an open wi-fi network without encryption. There's also this:

156.50 Offenses involving computers; defenses.
In any prosecution:
1. under section 156.05 or 156.10 of this article, it shall be a defense that the defendant had reasonable grounds to believe that he had authorization to use the computer;

One could probably make the argument that an open wi-fi network implies authorization to use the network. I doubt you could pull this off if you were using the wi-fi network to download kiddie porn, but given that many operating systems will connect automatically to such networks, you could probably use it as a defense if all you did was check your e-mail and surf a few webpages.

In fact, the kiddie porn example would bump the offense up to a felony:

156.10 Computer trespass.
A person is guilty of computer trespass when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization and:
1. he or she does so with an intent to commit or attempt to commit or further the commission of any felony; or
2. he or she thereby knowingly gains access to computer material.
Computer trespass is a class E felony.

So, in summary, you are PROBABLY safe using an open wi-fi network for ligit purposes, as it's unlikely that the police or prosecutor would bother charging you with a misdemeanor over using your neighbors connection to check your e-mail. You definitely aren't safe if the owner asks you to stop, has encryption in place or if you do something stupid (like try to access his c$ share) or illegal.