Slashdot Mirror
Wi-Fi Piggybacking Widespread
BaCa sent in this article about stealing network access that opens, "Sophos has revealed new research into the use of other people's Wi-Fi networks to piggyback onto the internet without payment. The research shows that 54 percent of computer users have admitted breaking the law, by using someone else's wireless internet access without permission." Of course, online polls being what they are, the results are hardly a plank for a full investigation, but a good share of the answerers did 'fess up to it as well.
but how is it illegal?
Oh, come on .. I can't believe it's not more like 90 or 95 percent. In fact, I'm typing this while "borrowing" my neighbor's linksys network. The admi--
$$%110113944 NO CARRIER
"Diplomacy is something you do until you find a rock." --Richard Pound
What about people who keep their access points open and connect to other people's access points when they're away? I'd imagine that if somebody purposefully leaves their AP open that it wouldn't be stealing. The trouble is knowing if somebody intentionally has an unsecured WAP or if the person just never knew/bothered to secure it.
Considering many systems are configured to latch on to the strongest unprotected wifi signal they see, I've piggy-backed several times without intent.
If you can't be bothered to set up even 40-bit WEP, then you have nothing to complain about. Hell, there are five signals that I can see from my house! Your RF is in my space! I should charge rent.
Learning HOW to think is more important than learning WHAT to think.
The article asserts that logging onto someone's AP without their permission is "breaking the law", but is that really clear? Do I have to explicitly ask for permission before I walk into a restaurant? Of course not -- there's a reasonable expectation that there are no barriers to my entry, so I'm allowed (even invited) in. But, while I think physical analogies to computer situations can be very misleading, in the real world entry becomes illegal when you've had to defeat some protection mechanism (a lock) to get in.
So, to summarize: I feel like cracking someone's WEP key to get on their net is pretty damn illegal. But I don't think hopping onto an open net is unsecured. In fact, the fact that it's open may be interpreted as a sign that the owner intends to allow open access!
--
Educational microcontroller kits for the digital generation.
You start by just stealing that one song. Then another, then another. Pretty soon your stealing movies, games, operating systems. Now you move up to what's known as speedballing - stealing songs using someone elses wifi. You try to hide your addiction by using proxies, but you can't hide from your own thoughts. Sooner or later, you'll be stealing large chunks of the internet. And one day - one day - you'll be found dead in alley clutching your hacked iPhone and box of sim chips. The police probably won't even investigate your death.
When you have an ornery parent...that REFUSES to get broadband...even if he's paying MORE for dialup through earthlink...you get desperate when you're visiting. Especially when two or three neighbors are running unsecured WiFi.
I think it should be legal unless you're cracking someone's WEP or WPA to get in.
I fail to understand why this is illegal. I know that there is the argument that "you wouldn't go into their house if it the door was open and steal something!". Well no, I wouldn't. However, this being a technology issue (and a fairly recent one at that) I think it needs to be held to a different standard.
If you fail to secure your network that tells me you don't care if people access it, and I think you should be allowed to share your access if you feel like it. I'm no computer genius... I couldn't get Ubuntu to run on my laptop (I can't believe I just admitted that on Slashdot, please don't stone me), but I was able to secure down my network just fine without any problems at all.
Now, if you do something illegal WHILE accessing someones network, then yes you should be held accountable. But just accessing an open network to browse the news or check emails should be a non-issue. Don't we have drunk drivers and murderers and such to deal with instead?
How is putting up an unsecured Wi-Fi connection any different than putting up an unsecured website?
oh, and here's one just for you people who like "it's like entering my house" analogies...
AccountKiller
Seriously. I leave mine open. If I see someone abusing the privilege I'll kick them off, but if someone wants to check google maps real quick then I'm happy to have been of help. There's been a large number of situations in my own past where an open network was of immense help, and I like the idea of being able to return the favor in some sense. I really hate the idea that the default way we're supposed to approach anyone is under the assumption that they're both too stupid to secure their connections, and too selfish to want anything but that.
Everything will be taken away from you.
We set our SSID to "Open WIFI" so everyone knows we're sharing on purpose with the hopes that guests will do the same.
You can have anything you wish, on "linksys" wireless.
You can have anything you wish, on "linksys" wireless.
Associate, it's on channel six;
Fire up your browser and grab some bits.
An' you can have anything you wish, on "linksys" wireless,
On "linksys" wireless!
~ C.
Here are a few occasions instructing that using a wireless connection without payment, or without permission is illegal:
"Two people have been arrested in the UK for using another person's wireless internet access without permission. Neither was charged but both were cautioned for dishonestly obtaining electronic communications services with intent to avoid payment." http://www.out-law.com/page-7969
Another according to BBC NEWS where he was arrested for "Dishonestly obtaining free internet access is an offence under the Communications Act 2003 and a potential breach of the Computer Misuse Act." http://news.bbc.co.uk/2/hi/uk_news/england/london/6958429.stm
Look. 2.4ISM is an unlicensed band. Under 200mW, I have rights to transmit anything I want to. Period. If your router interprets it as a part of an HTTP request, that's not my fault. The "I'm swinging my arms, and if you walk into them it's your fault" theory.
And, I do think someone needs to introduce RFC 2131 (DHCP) into evidence. An open router responds to a polite request with a positive acknowledgment. It is possible to configure the box not to give that acknowledgment, probably via an encryption key, but also by MAC filters or turning off DHCP. Introduce the owner's manual while you're at it.
I leave my connection open and my SSID reads "Use but dont abuse". At any given time, there are 10 MAC addresses in my DHCP log (I have 4 devices total). From what I can tell, NO ONE abuses the connection. One person (my elderly neighbor) uses it to email her kids and grandkids. What's wrong with that? I always have the bandwidth I need, and will continue to leave it open. By the way, only one other AP in this area is open. It's SSID is: Linksys.
One other closed AP has the SSID: "Free Ride Is Over".
I live in a community. Leaving my AP open benefits others within my community without adversely affecting me.Yep, in the same way that giving a hitchhiker a ride is depriving a bus company of revenue. Or helping your neighbour install Linux is depriving both MS and your local PC repair shop of revenue. Let's just make "helping people" or "being a good neighbour" illegal in general, shall we?
I guess the real motivation for this being illegal in the UK is to try to reduce the possibility of anyone getting truly anonymous net access. After all, they might be TERRORISTS! Or PAEDOPHILES! Or inconvenient protestors who disagree with the government and are going to do something about it...
Per Federal Law, Piggybacking IS legal : ; , , ,
US law clearly states that accessing unencrypted wireless is legal.
But first, I want to address a lie that was started by Alex Leary, a reporter for the St Petersburg Times. I have been following this story since it appeared. A "Benjamin Smith" was never arrested by the St. Petersburg Police for unauthorized access to a computer network, never charged with a third-degree felony, never booked by the Pinellas County Sherff's Office, and never scheduled for a pretrial hearing. There was no follow up to the story because there was no trial. Alex Leary made the whole story up.
Do not spread urban legends. Especially about the law. When you are told that something is against the law, ask which specific law? When you are told someone was arrested, ask for the booking number? Went to trial, docket number. When someone cannot answer these questions, do not believe them.
Accessing unencrypted wireless is VERY legal.
According to Title 18 (Crimes and criminal
procedure) of the United States Code, Part I
(Crimes), Chapter 119 (Wire and electronic
communications interception and interception of oral
communications) from
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm
2511. (2)(g) It shall not be unlawful under this
chapter
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm
or Chapter 121
http://www.usdoj.gov/criminal/cybercrime/ECPA2701_2712.htm
of this title for any person --
(i) to intercept or access an electronic
communication made through an electronic
communication system that is configured so that such
electronic communication is readily accessible to
the general public;
2510. Definitions
(16) "readily accessible to the general public"
means, with respect to a radio communication, that
such communication is not --
(A) scrambled or encrypted
(B) transmitted using modulation techniques whose
essential parameters have been withheld from the
public with the intention of preserving the privacy
of such communication;
(C) carried on a subcarrier or other signal
subsidiary to a radio transmission;
(D) transmitted over a communication system provided
by a common carrier, unless the communication is a
tone only paging system communication; or
(E) transmitted on frequencies allocated under part
25
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr25_04.html,
subpart D
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.401.htm
E
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.501.htm
or F
http://edocket.access.gpo.gov/cfr_2004/octqtr/47cfr74.600.htm
of part 74
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr74_04.html
or part 94 http://wireless.fcc.gov/rules.html of the
Rules of the Federal Communications Commission
http://wireless.fcc.gov/rules.html , unless, in the
case of a communication transmitted on a frequency
allocated under part 74
http://www.access.gpo.gov/nara/cfr/waisidx_04/47cfr74_04.html
that is not exclusively allocated to broadcast
auxiliary services, the communication is a two-way
voice communication by radio; [The unlicensed
spectrum used by Wi-Fi
http:
I can see over 50 wireless networks from my Brooklyn apartment (very high density population here). Almost all of the networks are protected. My own router would crap out every once in a while, and my only point of access was this network called 'Salvation'. Salvation indeed! Whoever ran this, I assume, did it as public service. I took the idea and ran with it. My open network was called 'freebeer!!!', and I kept the router next to the window. I'd have about 5 people logged in at any given point. Never felt a performance hit on my end.
The netgear router eventually died, and my linksys replacement is also run unprotected, except it's named after my band's name. Only rarely do I see people logged on to the network. They know the music sucks without even listening to it!
That being said, as someone who willingly shares his network connection, I have no issues logging onto any available wi-fi point I can find: regardless if it's open intentionally or not. My only complaint is that most people choose to have their networks closed off. I guess to most users it is only an issue of security. Spirit of sharing? blah. Even though you are paying for something that you only ever use sporadically, sharing is a no-no. IPs must be very happy about how human nature interprets this particular topic.
Imagine is EVERYONE shared? ha! We'd have a full blown democracy! Or communism, if you are a pure capitalist.
the gain of widespread free wifi is much greater than the harm of aononymous criminals. a pedophile cannot hurt a child with only an internet connection, a terrorist can't blow up a bus with only an internet connection, however only an internet connection can make the difference between finding your hotel and spending the night sleeping in your car cause you got lost. a free access point can keep you entertained, it can let you send an important email after a power surge toasts your modem, or GET an important email after your neighborhood loses power. or for that matter check your utility company's outage reporting website (yes it sounds stupid, but some do have a website to check for and report power failures)
Snowden and Manning are heroes.
In 2004, I was covering the Presidential debate and Kerry rally following it in Phoenix.
The press facilities at the debate were adequate, but sucked nine kinds of ass at the Kerry rally.
As per company policy, I FTP'd my photos in following the event only to find out that most of them were received as corrupted.
So I drove around with my laptop on the passenger seat looking for an open wireless point. I drove past a house with every light on, and an open access point. Since the light was on, I decided to ring the doorbell to let the homeowner know who was camped out in front of their driveway with a laptop.
The guy came to the door and said the wireless was 'obviously' open for all to use, since he didn't lock it down. He told me I was welcome to come in and sit in the house while I worked, provided that he and his wife could look over my shoulder at the pictures.
Message contains 1 attachment: spam.gif
I would say that the beacon and authentication process would communicate that permission is granted:
For decades much of the computer using community has taken the settings of things like file permissions as not just a technical access control, but an expression of intent.
For instance:
- If a file's permission is read-group or read-world and it is sitting in a directory that is also group or world accessible, anyone might chose to examine it at any time, without notice to, or explicit permission from, the owner.
- If it (or the containing directories) is not read-enabled, users with adequate system permission or knowledge of system internals may be ABLE to read it. But (if they behaved ethically) they would normally NOT do so unless the had either explicitly obtained permission from the file owner or were performing the access as something necessary to their job function - in which case they'd read it as little as possible.
Tools (such as mail readers) were normally designed to set the permissions of files they created in accordance with the likely wishes of the users.
IMHO continuing that logic makes perfect sense.
A significant number of people deliberately make their access points available to any non-disruptive transient user, as a community service. This is often done by leaving them at their default settings. Meanwhile, access points have a fine mechanism for putting up a "no trespassing" sign: WEP encryption. It's very weak and can be trivially broken. But turning it on makes it clear that the AP's owner did not intend for the AP to be used without explicit permission, and breaking the encryption makes it clear that a user intended to disregard the owner's wishes. So it's like the latch on a screen door: Trivially bypassed - but clearly expressing intent.
Granted most APs are shipped with WEP turned off, so a lot of users leave them open out of ignorance rather than as an expression of intent. But IMHO the user of an open AP can plausibly deny any intent to trespass on the AP and that the user had failed to post the property as private.
So it seems to me that the appropriate stand for the legal system to take is that the WEP setting and key distribution practices of an AP's owner are an expression of the owner's intent.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
My MacBook Pro's Airport card connected to each network more or less at random. When I connected to her's, it worked OK, but when I connected to her neighbor's, it didn't work at all. Sometimes the Airport would switch networks in the middle of my use of the Internet, which really got to be a drag.
So I finally convinced her to let me rename and secure her access point. This went very well, and I was able to set up both my Mac and her WinXP laptop to use the newly secured net.
Except that I made a crucial mistake: I performed the re-configuration wirelessly. I didn't do it by plugging an ethernet cable into her access point.
Imagine my dismay when I realized I had reconfigured her neighbor's access point, and not her's!
I sat in my room quaking with fear, awaiting the heavy bootheels of the Royal Canadian Mounted Police kicking down my door so they could haul me in for being a cyberterrorist.
I never heard any complaints though, and eventually my neighbor's network was renamed to "linksys" and was again unsecured. My guess is that LinkSys tech support explained how to do a hard reset.
My question for my Slashdot friends is this: who is the Rocket Scientist at LinkSys who decided to support wireless reconfiguration of their routers?
Request your free CD of my piano music.
I leave mine open. If I see someone abusing the privilege I'll kick them off, but if someone wants to check google maps real quick then I'm happy to have been of help. There's been a large number of situations in my own past where an open network was of immense help, and I like the idea of being able to return the favor in some sense.
;-)
Hey, who let a socially responsible person post to this discussion? Didn't we ban such people from slashdot?
As a few others have pointed out, the wifi spectrum was intentionally made open for everyone to use. The intent was a Public Good: a wireless network capability that was available to anyone (or at least anyone with standards-compliant equipment).
But it seems we have a lot of people here who are profoundly anti-open-communication, and think that people who caught communicating openly should be punished. This strikes me as a rather perverse misinterpretation of what the wifi spectrum was all about. In the US, it's also against the whole idea of the First Amendment.
We should be arguing: If you don't believe in using the wifi spectrum for free, open communication, then you shouldn't be using it. Pay for a license to use your own block of restricted spectrum. Go away and don't bother those of us who want a small chunk of spectrum to remain a Public Good.
We also need more people complaining that they want their AP open, and they object to official harassment of people using the wifi spectrum as it was designed to be used. Would that get the message across? Or would the officials just start harassing those of us running open APs?
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Welcome to the 21st century, where it's considered a felony(by cops and judges) to turn on a standard wifi enabled computer running Windows.
Shoddy attempt at spin, there. In each of your links, the perp was purposely sitting outside a hub and creating traffic, knowing he was siphoning bandwidth and money. An automatic detection is not the same as traffic.
In addition to that, your typical mail client will check for new messages every 10 minutes. Windows will automatically download updates. Many manufacturers pre-install software that also automatically downloads additional software updates. These things all generate traffic.
Regardless, the crime people are being charged with is unauthorized computer access. The amount of traffic they generate is irrelevant. The law is interpreted as meaning that it's illegal to access the network device, regardless of the AP being configured to broadcast that it's open and offering IP address leases to machines that it sees trying to connect.
How is your average user supposed to know that the internet access they are given automatically is illegal?
How do you distinguish between APs that are open but illegal to use from APs that are intentionally left open for the public to use?
As long as we continue calling net access via unprotected gateways, music file downloading, etc 'STEALING' we are not going to be able to deal with the problems that are real.
It isn't stealing. For music, it is copying without permission. that is wrong, but it isn't worse than murder, as US federal law currently maintains, and it isn't 'Piracy'. Piracy is a crime that involves murder, theft and the destruction of property, with rape and enslavement frequently thrown in. None of that happens on line. It isn't even physically possible.
For net access, there are less drastic means to fix things. I run a home network that is open. I know that at least one neighbor has used it for their access. For the occasional email or light browsing, that's not a problem. I pay for the connection so that my family can use the net. As long as we are not inconvenienced, we are not harmed. My ISP has contracted with us to provide a certain level of data throughput, so they aren't out. We can't exceed our contract amount anyway. Where there is no harm, there is no reason for a stupid law.
If I were running a business this would be different. Then, I wouldn't be running it wide open. Where someone has to break in, it should be illegal, but any open network connection should be able to be used.
Can anyone show me where I'm wrong?
P.S. I did have one incident where somebody was downloading something big, and we had seriously degraded performance on our home wifi. I solved it by unplugging the wifi for 15 minutes. Never happened again. Simple solutions are the best.
Everybody knows 3 people with my name.
If 54% of adults admitted that they regularly used marijuana, or cheated on their taxes, or ran stop signs, you can bet your rusty router rules that the laws (or the "leadership") would be changed - in a hurry. Maybe the laws wouldn't be revoked ("yea, running stop signs is bad..."), but at least relaxed ("...just a warning").
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.