Slashdot Mirror
MD Bill Would Criminalize Theft of Wireless Access
Pickens writes "A bill presented by Delegate LeRoy E. Myers Jr. to the Maryland House of Delegates would criminalize purposely surfing the Internet on someone else's wireless connection. The bill would make intentional unauthorized access to another person's computer, network, database, or software a misdemeanor with a penalty up to three years imprisonment and a fine of up to $1,000. The Maryland public defender's office has submitted written testimony opposing the specific ban and penalty suggested in Myers' bill. Noting that wireless connections are becoming common in neighborhoods, the written testimony says: 'A more effective way to prevent unauthorized access would be for owners to secure their wireless networks with assistance where necessary from Internet service providers or vendors.'"
You say "no," but your router says "yes."
Shop as usual. And avoid panic buying.
...after all, who is to determine whether someone purposely accessed the wireless connection. I know I have been in neighbourhoods where there were many wireless connections, and while I thought I was connecting through my host's access point, it turned out to be someone else's.
So, who it going to determine whether the access was on purpose, or the more likely alternative, accidental?
Yeah, and I suppose that sitting in someone else's light, or perhaps walking on their lawn should be criminalized too?
Yes, we pay for the internet, but if you don't secure your network, and the pedestrian use doesn't impair your surfing experience... no harm, no foul. At least, thats what I think - but I'm still not running the world *sigh*
It's funny, because, the most pre-eminent security guy in the USA, Bruce Schneir, who wrote THE book on cryptography, actually leaves his home WAP open so that people can squat on it. He thinks that if we all had our own open WAPS, we could all sorta squat on each other's wans, be much more effective as a society overall. Really, what this law is is an attempt to criminalize a culture of sharing.
This is my sig.
...in pre-XP windows, and pre-SP1 installations of XP.
Yey, my OS breaks the law for me!
Trackball users will be first against the wall.
The lesson here is that a sufficiently large corporation is indistinguishable from government. --ultranova
Given how silently Windows is able to connect to a wireless network, I don't see how this law would last. Computer novices with brand new laptops will just turn them on and start surfing the net without having a clue about what an ISP is, how the internet work, or even how they are connecting to the internet. They know there is this thing called the "internet" and that when they click on the big blue "e", they are accessing the internet. Where do you draw the line between the innocent bystander and the criminal?
The public defender is absolutely right. If you don't want other people surfing on your connection, it takes seriously five seconds to click a checkbox and enter a password on your router. If you leave your router open to all connections, that should legally mean that you desire to share your connection with others, since that is what will inevitably occur with such a setup. Leaving your router open like this is akin to bringing a box of donuts to work and leaving it open on the lunchroom tables.
McCain/Palin '08. Now THAT's hope and change!
It's only a crime if they can prove you used the neighbor's wireless intentionally. My laptop loves to connect to random wireless connections instead of my own - hell, it tries to connect to wireless connections that aren't even there (such as the wireless at my workplace) instead of connecting to my home wireless first. How do you prove it wasn't intentional? How do they prove it was?
For every action there is a completely absurd lawsuit.
I don't think it's that funny. This is another example of an Orwellian society attempting to make everyone a criminal. I mean come on, THREE YEARS for doing something fairly innocent?
This is outrageous.
Not that I agree with the bill, but given that Sprint's WiMax is hitting Baltimore and DC, maybe Sprint has a vested interest in this bill being passed?
http://www.xohm.com/
Cheers!
Atheist: Buddhist in a Prius
While they're at it, they should criminalize unauthorized looking at hotties, although accidental looking is fine. It is an important issue, because if too many people crowd around to look at the hottie it will not be able to move.
Absolute power corrupts absolutely. indymedia
Stealing someone's internet bandwidth (their porn came down slower than usual!) is now worth up to three years in the slammer? I always thought wardriving was a silly little crime like jaywalking, not something on the order of grand theft auto. Why is the punishment so steep in that bill?
I read the internet for the articles.
My SSID is broadcasted as "FreeInternet" It is firewalled from my real network and unless it gets in the way of my gaming, I have no problem with whoever using my broadband. I have a "click here" to accept that you are not going to do anything illegal (via DNS intercept), mac addresses are logged, and most known methods of p2p are blocked... but if you need to check your google groups and you are near my house, why the heck would I care if you do so? It took like 2 hours to set that up. So would it still be illegal to knowingly use my "FreeInternet" network?
Here in Toronto, Bell is already sending out wireless dsl routers with 128 bit WPA-PSK pre-configured, and the key printed on the base of the router. Hopefully, that'll soon be the norm everywhere.
Once everyone is using WPA, this is a non-issue. Even if an exploit is discovered that makes cracking WPA trivial, breaking encryption on someone else's network is clearly illegal, and it will be safe to assume that any unencrypted network is intended for public access.
I, for one, will not mourn the passing of a thousand light/water/keyhole/car-left-with-keys-in-ignition/radio/tv-through-window analogies.
Yet, warrantless searches of my laptop is still perfectly reasonable, right?
And it is also okay if a private company did something like this if government directed, too, right?
Hi,
Microsoft is fixing unsecured wireless access just like they did viruses and spam.
Thank you
"All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
Telecommunications companies are asking for this bill because by criminalizing squatting, ppl are more likely to pay $$$ for their own connection.
This benefits the very people who are demanding retroactive immunity for illegal domestic spying.
At least the public defender's office mentioned understands something of the nature of the thing. Unsecured WiFI APs are the "VCR flashing 12:00" for the 21st century, and the other half of the equation is how any WiFi interface will by default connect to the first AP it can do so with regardless of who ows it. Also how are they planning on differentiating between businesses and individuals that purposefully leave their APs open for customers or neighbors to use at will, are they planning to make them criminals as well? Stupid.
From a politician who doesn't have a clue.
Athiesm is a religion like not collecting stamps is a hobby.
Caps as in the original bill, emphasis mine.
"A person may not intentionally, willfully, and without
authorization access, attempt to access, cause to be accessed, or exceed the person's
authorized access to all or part of a computer network, computer control language,
computer, computer software, computer system, computer services OTHER THAN
WIRELESS INTERNET SERVICE, or computer database."
"A PERSON MAY NOT INTENTIONALLY, WILLFULLY, AND
WITHOUT AUTHORIZATION ACCESS, ATTEMPT TO ACCESS, CAUSE TO BE
ACCESSED, OR EXCEED THE PERSON'S AUTHORIZED ACCESS TO WIRELESS
INTERNET SERVICE WITH KNOWLEDGE THAT THE ACCESS IS UNAUTHORIZED
AND PROHIBITED BY LAW."
As I'm reading this, it seems like the most reasonable interpretation of the bill is: 1. You need authorization EXCEPT for wireless internet service, 2. When using wireless internet service, you may not access the service if you know that it's unauthorized and prohibited by law. It doesn't actually prohibit the access itself, it provides the fines for doing so if another law has made that access illegal.
Can any lawyers comment on this reading? Because it seems actually to be somewhat counter to the headline and summary, and actually somewhat benign.
FTA:
A Fox News story says the man parked his truck in front of the shop during lunch breaks and checked his e-mail on his laptop computer.
When a nearby business owner got suspicious, police talked to the man and ruled out that he was spying or stalking someone. However, a prosecutor filed the charge of stealing the wireless connection, the story says.
The charge was a felony punishable by up to five years in jail and a fine of up to $10,000.
His other choice was a jail diversion program, which involved paying a $400 fine, doing 40 hours of community service and being on probation for six months.
Combining idiotic laws with the proliferation of access points, how can I prove that I'm using the (paid for) T-mobile access point at the Starbucks and not the business next door? The guy in the article may have admitted using the coffee shops inet access, but that doesn't show that there's not a bigger problem with laws like this.
Before my laptop self destructed (heat issue), I had a Verizon phone card that I used all the time. In fact a few times when on-call, I would pull in to the nearest parking lot and do what I needed to do.
If I had chosen to park in the parking lot near a coffee shop like this and the owner called the cops, how can I prove that I was using my own internet connection and not hijacking his? The few people who saw my Verizon card assumed it was a wifi card and had to be explained in depth how this wasn't wifi and would generally operate anywhere you could get a cell phone signal. I can only imagine explaining this to a cop.
configure /etc/interfaces -- give an ssid to the wireless card. Will always try that one first.
Possibly slightly insecure if you forget you did it, but it is a quick setup.
If people aren't smart enough to protect their wireless routers, how are they going to know anyone used them at all, let alone know how to track down who did it for prosecution?
We need an equivalent of the locked door test for this. IIRC, criminal responsibility for intrusion changes based on whether or not the door is closed, and whether or not it is locked.
In other words, if the door is open, it's reasonable to expect that perhaps the general public was invited in.
If the door is closed, but not locked, it's still possible that the general public is invited in, they're just trying to keep the heat in or the flies out.
If the door is closed and locked, clearly the general public is not invited in.
As for the "default router settings are open" argument, that's kind of like saying "newly installed doors are unlocked." As for the "flashing 12:00:00" argument, if you aren't competent to lock your front door, there's a problem. Manufacturers of wireless equipment need to do a better job of explaining this. They need a BIG RED PAGE when you open the box, explaining how to do the basic security, and how if you don't, you could have legal problems because you're responsible for ALL access through that wireless connection. As far as I can see, the directions are very little past, "insert the Windows driver disk."
By the way, so the instructions tell you as a minimum key to use your name, address, and phone number, and the street address for the SSID. Ain't much of a lock, is it? But it's is still most definitely a lock, and it takes deliberate action to open. No default-configured computer from anywhere will automatically crack even a trivial key and automatically make a connection.
The living have better things to do than to continue hating the dead.
iPhones automagically associate with open wifi access points. This would make everyone with an iPhone a criminal. How do you know which access points are intended for open use and which are not? Around here, many restaurants specifically offer free wifi to attract customers!
I live downtown with a high capacity internet connection that I typically don't use to its full extent, so I've QoS'd everything to allow excess bandwidth I'm not using to be available to anyone who wants to connect to my wide open wireless internet. Many people use this, and I've also had some students and neighbors thank me for it... I've also heard of others doing the same and I've been to many coffee shops and other such places where they freely offer wireless internet.
That being said, how will the end users know which networks are free to use, and which are ignorant people who can't configure technology (that they should know how to configure if they're going to try to use it)?
This sounds more like large ISP's paying someone kickbacks to the people in charge to prevent people from using 'free' internet, than it does protecting the children.
To me theft of wireless means that you're sitting there, snorting traffic and running a decryption utility to process packets and ascertain a WEP or WPA key. Not really hard to do, but still akin to breaking and entering since the owners have obviously chosen to close off the network. I don't see a problem with breaking into such a thing a crime. BUT if someone gets pressed for using an open wireless access point the owners are going to have to prove malicious intent especially since windows doesn't mind hopping from access point to access point.
In my apartment, I pick up 11 wireless networks (even though there are only 8 apartments surrounding me), two of which apparently were set up by numbskulls (i.e. not set up at all. They just plugged the router in and left their network name at the default "linksys") and were left unsecured. My Windows Vista laptop will automatically connect to one of those networks if my router happens to puke and lose connection. If I'm away from the computer when this happens, I don't even know what went on while I was away, and I could surf for hours using someone else's connection. If "hijacking" someone else's wireless is made a crime, buying a Windows Vista machine will be like buying a car that automatically robs bank vaults while you're away at work.
This bill turns people into unwitting criminals because some people are idiotic enough not to protect their router, and Vista will automatically connect to these routers without asking. So, if it gets passed, the one question here is: if Vista forces me to break the law by automatically "hijacking" an unsecured wireless network, can Steve Ballmer be charged as an accessory to the crime?
I live here legally. I pay taxes, pay for my health insurance, pay the hospital to deliver my kids, raise my kids. My kids go to the college one state over. I get raped for $$$$$$$$$$$$$$$$$$$$$ tuition.
Asswad from Mexshitco comes up. Has a bunch of kids (free on the public dime by giving a false name or just not paying the hospital). Enrolls their kids in every free-public-money scam thanks to the Democraps, uses up MY tax money. Has his kids sitting around shitting up the school system to the point where all the non-spanish-speaking teachers are run off and my kids have to wait for the brainless shitheads to catch up before anything else can be taught, or else I wind up spending MORE of my money to send my kids to a decent school because his kids have fucked over the school but good.
Now we hit college time. His kids are supposed to get all sorts of "minority scholarships" for "underpriviledged minorities", and they're talking about giving his kids in-state tuition????
WTF IS GOING ON HERE.
No, seriously. Enough is enough. I've run the numbers and no longer want the mooching illegals around ruining the schools, ruining the health care and emergency rooms, running up the costs in insurance (I have to pay an extra %1000/year for uninsured/underinsured coverage thanks to all the mexshitcans around here), and all the rest of the trouble they cause. Enough is enough.
I would argue that my neighbors Wi-Fi signal was tresspassing into my home, therefore it was mine to use as it was on my property. If my neighbor had an apple tree haning over my fence any apples that fell on my side of the fence would be my fair game as well.
The preceding post was not a Slashvertisement.
A year ago 3 of 6 Wi-Fi setups I could get from my house were unsecured and could be used, although only one of them had a strong enough signal to be reliably useful. Now 1 of 10 are unsecured. I live in a poor neighborhood with many retired renters, it seems like if they are figuring out (or stumbling across) how to secure their router than anyone can.
If somebody has enabled their router to be open to all connections, THAT IS ALL THE AUTHORIZATION NEEDED. If my handheld sends a request for association with their router, and their router accepts my request, THAT IS ALL THE AUTHORIZATION NEEDED. If somebody leaves the door of their store open, I should expect to be able to enter the store. If they lock the door, then, that lets me know that I shouldn't enter.
Don't piss off The Angry Economist
See above for someone else's thought that the SSID is not a sign. Here's another problem with this approach. Let's say I want to connect a specific Access Point. If everyone has to name their open access point the same, then there is no way for me to tell which one is the access point I want to connect to. Maybe we can configure the router into some general state that uses the SSID for identification, but where it also broadcasts information that anyone connect to it who so wishes. Oh wait - that's exactly what's going on right now.
The open AP = permission is not a lie, it's the entire design and purpose of the device. There is no ambiguity.
Another question: if you assume that an open AP does not imply permission, what do you do when you want to connect to web servers? Gateways? Tor? P2P? You're basically destroying everything that makes the internet tick, which is that intelligence is on the edges.
Perhaps a better approach would be to force all routers to be delivered with a dead wireless connection, and where you have to connect to it via cable to set up its wireless configuration. I'm sure that wouldn't go over well with the router manufacturers.
Those who can, do. Those who can't, sue.
So, if these individuals are going to be in the state anyway
There's your first problem. They should NOT be in the state anyway. And as for evidence, do a quick search. There are umpteen studies on the matter and government officials (like the ones in Texas) have even been caught trying to doctor data.
Start here and move forward.
Nah, just mandate that configuration is done through Ethernet or serial connection.
My Phillips wireless router came default with the wireless functionality switched off. That is also a good solution: You have to access the router to enable it, and the wizards you go through can advise you to turn on security.
IANAL, but I have been looking at this bill I have just come to the same realization that you have. Practically every post in this discussion has COMPLETELY misunderstood the bill.
First, people need to read the actual proposed bill, which they can do here (NB: PDF). Note that the CAPITAL parts are being ADDED to the existing law.
Next, people need to understand that under existing Maryland law unauthorized access to a computer network is already illegal. This clearly includes wireless networks. This means that your iPhone / XP / Vista / whatever that automatically connects to an insecure network is technically breaking EXISTING law. The current law reads:
A person may not intentionally, willfully, and without authorization access, attempt to access, cause to be accessed, or exceed the person's authorized access to all or part of a computer network, computer control language, computer, computer software, computer system, computer services, or computer database.This delegate wants to amend that section to exclude wireless internet access. It would instead read:
A person may not intentionally, willfully, and without authorization access, attempt to access, cause to be accessed, or exceed the person's authorized access to all or part of a computer network, computer control language, computer, computer software, computer system, computer services OTHER THAN WIRELESS INTERNET SERVICE, or computer database.This would mean that your device that automatically connects to an insecure network would no longer be breaking the law. But in order to keep purposeful, intentional access to a wireless network (or "wireless internet service") illegal, they have added this section to the bill:
(4) A PERSON MAY NOT INTENTIONALLY, WILLFULLY, AND WITHOUT AUTHORIZATION ACCESS, ATTEMPT TO ACCESS, CAUSE TO BE ACCESSED, OR EXCEED THE PERSON'S AUTHORIZED ACCESS TO WIRELESS INTERNET SERVICE WITH KNOWLEDGE THAT THE ACCESS IS UNAUTHORIZED AND PROHIBITED BY LAW.THIS PROPOSED BILL MAKES FEWER THINGS ILLEGAL. Now I know a lot of people think that unauthorized access to an insecure network, even when purposeful and intentional, shouldn't be illegal, but it already is. This bill would simply decriminalize unintentional unauthorized access.
PLEASE, SOMEONE BEAT THE /. GROUPTHINK AND MOD THE PARENT POST UP, OR THIS ONE.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
Don't waste time reading the article, which is completely misleading. Instead, read the actual bill.
You don't at all get the idea behind the law. This bill is SPECIFICALLY designed to address what happened to you - when someone connects to a network without authorization, and without knowing that they were unauthorized. Ignore the /. groupthink, and read my other comment that explains the bill in detail. Ignore the summary, and the title. THEY ARE ALL WRONG. Unauthorized access to a network is ALREADY ILLEGAL, and this bill simply tries to add an exception for when that happens without you realizing that it is unauthorized.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson