MD Bill Would Criminalize Theft of Wireless Access

Pickens writes "A bill presented by Delegate LeRoy E. Myers Jr. to the Maryland House of Delegates would criminalize purposely surfing the Internet on someone else's wireless connection. The bill would make intentional unauthorized access to another person's computer, network, database, or software a misdemeanor with a penalty up to three years imprisonment and a fine of up to $1,000. The Maryland public defender's office has submitted written testimony opposing the specific ban and penalty suggested in Myers' bill. Noting that wireless connections are becoming common in neighborhoods, the written testimony says: 'A more effective way to prevent unauthorized access would be for owners to secure their wireless networks with assistance where necessary from Internet service providers or vendors.'"

Unsecured networks get connected to by default

[module0000]

...in pre-XP windows, and pre-SP1 installations of XP.

Yey, my OS breaks the law for me!

Ridiculous bill

[esocid]

What a ridiculous premise. If people are stupid enough to leave their wireless routers open, then it's their fault if someone uses it. Secure your router or don't complain when someone hops onto it. The other ridiculous part of this bill is that it classifies accessing someone's computer a misdemeanor.

According to the bill, intentional unauthorized access to another person's computer, network, database or software is a misdemeanor.

But then goes on to say this:

He said he didn't want unintentional use like that to be prosecuted the same as computer hacking.

Doesn't computer hacking including unauthorized access to someone's computer? Sorry, but you lost me.

This Is Rapidly Becoming Less And Less Of An Issue

[Odiumjunkie]

Here in Toronto, Bell is already sending out wireless dsl routers with 128 bit WPA-PSK pre-configured, and the key printed on the base of the router. Hopefully, that'll soon be the norm everywhere.

Once everyone is using WPA, this is a non-issue. Even if an exploit is discovered that makes cracking WPA trivial, breaking encryption on someone else's network is clearly illegal, and it will be safe to assume that any unencrypted network is intended for public access.

I, for one, will not mourn the passing of a thousand light/water/keyhole/car-left-with-keys-in-ignition/radio/tv-through-window analogies.

Actual text of the bill

[Archonoid]

Caps as in the original bill, emphasis mine.

"A person may not intentionally, willfully, and without
authorization access, attempt to access, cause to be accessed, or exceed the person's
authorized access to all or part of a computer network, computer control language,
computer, computer software, computer system, computer services OTHER THAN
WIRELESS INTERNET SERVICE, or computer database."

"A PERSON MAY NOT INTENTIONALLY, WILLFULLY, AND
WITHOUT AUTHORIZATION ACCESS, ATTEMPT TO ACCESS, CAUSE TO BE
ACCESSED, OR EXCEED THE PERSON'S AUTHORIZED ACCESS TO WIRELESS
INTERNET SERVICE WITH KNOWLEDGE THAT THE ACCESS IS UNAUTHORIZED
AND PROHIBITED BY LAW."

As I'm reading this, it seems like the most reasonable interpretation of the bill is: 1. You need authorization EXCEPT for wireless internet service, 2. When using wireless internet service, you may not access the service if you know that it's unauthorized and prohibited by law. It doesn't actually prohibit the access itself, it provides the fines for doing so if another law has made that access illegal.

Can any lawyers comment on this reading? Because it seems actually to be somewhat counter to the headline and summary, and actually somewhat benign.

Re:Actual text of the bill

[Harin_Teb]

not a lawyer, but as a law student I'll give it a go:

It seems to me that the second bolded portion "with knowledge..." requires what is known as specific knowledge. In this case what it means is not that you have to know you are accessing another persons wireless internet even though you are unauthorized, but you also have to know that it is illegal to do so. This would require actual knowledge of the law, and not constructive knowledge. Since actual knowledge is pretty damn hard to prove I would guess this portion will be mostly unenforceable. /Oblig:
blah blah blah not legal advice blah blah blah if you interpret a forum post as legal advice you deserve what you get blah blah blah but I'm still not responsible.

Re:abra-ca-de-ridiculous!

[cayenne8]

"If you accept that most people would not want to share their internet access"

My guess is, most people wouldn't care whether you shared their internet access or not. Not unless you ran so much traffic over it 24/7 that you caused their access to be degraded. At that point I'd think they might want to kick you off.

Re:I don't like that word "purposely" in there...

[trolltalk.com]

How many people will be so intimidated by the whole process that they'll just accept whatever plea is offered?

Ditto those who don't have the several thousand dollars to hire a lawyer?

Ditto those who don't have the courage to tell the prosecutor "go fuck yourself - see you in court, numnuts - and you'd better have LOTS of proof ..."

Ditto those who don't want to "rock the boat"

Ditto those who can't afford to take time off work.

When a case goes to trial, even when you win, you usually end up losing. Its not like the other side has any "skin in the game." They still get paid, win or lose. Justice? Not for us.

Re:come here, sweetheart

[LabRat007]

3 years and $1000? I've seen people who have gotten less for rape of a minor. Does the punishment really need to be this severe?

Re:come here, sweetheart

[Lumpy]

Exactly. we have that kind of law here in Michigan. we recently had a man arrested for it and charged with a FELONY over checking his email OUTSIDE a coffee shop.

This man's life is now ruined because of an asshole cop in Sparta, Michigan is so much of a useless jerk he pushed the issue hard. The mans was sitting in his car in front of a coffee shop wher ethe sign in the window said "FREE WIFI" the state court ruled he ony is allowed to get the free WIFI if he went inside.

Anyone that does not fight this kind of law tooth and nail, and then does not try to burn the asshat that introduced it on a stake in the front of the capitol building deserved everything they get. The law is only there to protect cable, telco, and cellular company profits. it has no other use.

Honestly the politicians at the local, state, and federal level need to be scared to hell of the populace. Because only then will they do the right thing instead of bending over and passing laws for the companies that pay them to do so.

MOD PARENT UP: READ BILL & BEAT the GROUPTHINK

[langelgjm]

IANAL, but I have been looking at this bill I have just come to the same realization that you have. Practically every post in this discussion has COMPLETELY misunderstood the bill.

First, people need to read the actual proposed bill, which they can do here (NB: PDF). Note that the CAPITAL parts are being ADDED to the existing law.

Next, people need to understand that under existing Maryland law unauthorized access to a computer network is already illegal. This clearly includes wireless networks. This means that your iPhone / XP / Vista / whatever that automatically connects to an insecure network is technically breaking EXISTING law. The current law reads:

A person may not intentionally, willfully, and without authorization access, attempt to access, cause to be accessed, or exceed the person's authorized access to all or part of a computer network, computer control language, computer, computer software, computer system, computer services, or computer database.

This delegate wants to amend that section to exclude wireless internet access. It would instead read:

A person may not intentionally, willfully, and without authorization access, attempt to access, cause to be accessed, or exceed the person's authorized access to all or part of a computer network, computer control language, computer, computer software, computer system, computer services OTHER THAN WIRELESS INTERNET SERVICE, or computer database.

This would mean that your device that automatically connects to an insecure network would no longer be breaking the law. But in order to keep purposeful, intentional access to a wireless network (or "wireless internet service") illegal, they have added this section to the bill:

(4) A PERSON MAY NOT INTENTIONALLY, WILLFULLY, AND WITHOUT AUTHORIZATION ACCESS, ATTEMPT TO ACCESS, CAUSE TO BE ACCESSED, OR EXCEED THE PERSON'S AUTHORIZED ACCESS TO WIRELESS INTERNET SERVICE WITH KNOWLEDGE THAT THE ACCESS IS UNAUTHORIZED AND PROHIBITED BY LAW.

THIS PROPOSED BILL MAKES FEWER THINGS ILLEGAL. Now I know a lot of people think that unauthorized access to an insecure network, even when purposeful and intentional, shouldn't be illegal, but it already is. This bill would simply decriminalize unintentional unauthorized access.

PLEASE, SOMEONE BEAT THE /. GROUPTHINK AND MOD THE PARENT POST UP, OR THIS ONE.

This bill is specifically to exempt that behavior

[langelgjm]

OK, so I didn't read TFA. So I'm probably completely off base here. I mean, I get the idea behind the law - internet access is like any other consumable utility (gas, water, electric).

Don't waste time reading the article, which is completely misleading. Instead, read the actual bill.

You don't at all get the idea behind the law. This bill is SPECIFICALLY designed to address what happened to you - when someone connects to a network without authorization, and without knowing that they were unauthorized. Ignore the /. groupthink, and read my other comment that explains the bill in detail. Ignore the summary, and the title. THEY ARE ALL WRONG. Unauthorized access to a network is ALREADY ILLEGAL, and this bill simply tries to add an exception for when that happens without you realizing that it is unauthorized.