Confessions of a Wi-Fi Thief

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Thursday June 19, 2008 @02:30AM from the is-that-a-bandwidth-in-your-pocket dept.

Michelle Shildkret from Time wrote in to tell us about a story about "the ethics of stealing Wi-Fi. Many of us been guilty of the same crime at one point or another — according to the article, 53% of us at least. But how guilty do we really feel? As it is officially a crime to steal wi-fi (Title 18, Part 1, Chapter 47 of the United States Code, which covers anybody who 'intentionally accesses a computer without authorization or exceeds authorized access')."

24 of 849 comments (clear)

Not a thief by xtracto · 2008-06-19 02:31 · Score: 5, Insightful

"intentionally accesses a computer without authorization or exceeds authorized access")."

Then, I have never stolen WiFi. I have never accessed without authorization; as I have never cracked a WEP or WPA password scheme.

Everytime I use an available wireless network, I instruct my computer to ask for permission to connect to the router and enter to the wireless network. And most of the time the router gives me such permit and assigns my router an IP. When it does not happen, then I assume the owner has instructed the router to give permission to specific machines (as in, machines with a specific MAC adddress) and hence I do not use such networks.

Seriously, someone must create an interface in which a person is able to send the commands manually to the router (like the AT commants in a modem) to ask for connection permission (i.e., DHCP protocol). That way, when you are in court, you could use that program along the court's wifi to show them how you are indeed asking for permission and the software is granting you the permission.

--
Ubuntu is an African word meaning 'I can't configure Debian'
1. Re:Not a thief by Rinisari · 2008-06-19 02:41 · Score: 5, Insightful
  
  Exactly the defense that anyone would should use. If the plaintiff says, "Well, I didn't explicitly grant you permission to use my network," then you can fire back, "You did when your router gave me explicit permission by assigning me an IP address and giving me a gateway by which I could access the Internet. Essentially, I asked if I could use the network, and, acting on your behalf since you set it up, it said I could when it gave me the information required to use the network."
  
  --
  Colin Dean Go a year without DRM
2. Re:Not a thief by palegray.net · 2008-06-19 02:42 · Score: 5, Insightful
  
  Then, I have never stolen WiFi. I have never accessed without authorization; as I have never cracked a WEP or WPA password scheme. That's the key to the whole debate. I've had a WiFi router at my home and various offices for years. If I enable features designed to limit access (MAC address checking, WEP/WPA encryption, etc) and someone tries to spoof and/or brute force their way into my network, that's theft of service and unauthorized access. If my router is set up for wide open access, I'm granting permission for anyone to use it.
  
  In general, laws are designed to work like this: that which is not expressly forbidden is permitted. We're talking about radio waves here; before anyone starts up with some dumb analogy to parked cars and leaving the keys in them, consider this: when you use a resource I have made freely available, you're not denying me access to it. Someone might make the argument that excessive use of my resource would degrade its usefulness to the primary (owning) party, but that's easily remedied using simple protection schemes (either block access entirely, or throttle access to unauthenticated clients). I've done exactly this in numerous cases, using various router packages.
  
  Here's a sad, but interesting article: Man charged with wireless trespassing from July of 2005. To quote a section:
  Wireless networks are becoming more prevalent with the spread of broadband Internet access, and many consumers are not aware of how to configure their networks to avoid unauthorized access. This man was charged with a felony because the owner of the connection failed to educate himself on how to use a point and click interface to secure a home wireless router. Was he up to no good? Maybe, but we don't know for sure, and it's beside the point. If someone were to use my connection for criminal activities, it becomes my problem to prove it was the third party's actions, and not my own that led to the violation of law. He's "innocent until proven guilty" the same as I am. This is why companies (at least ones that aren't interested in getting sued) track their network access and provide authentication schemes.
  
  --
  512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
3. Re:Not a thief by e03179 · 2008-06-19 02:46 · Score: 5, Funny
  
  You did when your router gave me explicit permission by assigning me an IP address...
  I am not a Wi-Fi hacker, but I'm pretty sure that humans don't get assigned IP addresses.
  
  --
  -516
4. Re:Not a thief by Just+Some+Guy · 2008-06-19 02:47 · Score: 5, Insightful
  
  Does the law already consider an open, unencrypted network as implicitly giving permission, or is it written to say that if the person who owns that open, unencrypted network has not given permission then it's illegal?
  How does the law answer the same question about websites?
  
  --
  Dewey, what part of this looks like authorities should be involved?
5. Re:Not a thief by palegray.net · 2008-06-19 02:52 · Score: 5, Insightful
  
  I've never done any of the things you describe, because I consider them to be highly unethical. In my mind, connecting to an unadvertised resource fails the ethics test because there's no way anyone could reasonably imply that consent was given.
  
  Those who crack networks by breaking WEP, spoofing keys, or other measures should be held legally accountable. People who merely access an open, advertised resource shouldn't be at risk of going to prison.
  
  --
  512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
6. Re:Not a thief by Bandman · 2008-06-19 02:54 · Score: 5, Funny
  
  I'm also pretty sure laptops don't get criminal trials
  
  --
  Check out my sysadmin blog!
7. Re:Not a thief by Bandman · 2008-06-19 02:56 · Score: 5, Funny
  
  If the access point is broadcasting a signal which says that it isn't open I don't use it, even if it's using an insecure system such as WEP which might reasonably be treated as an invitation to hack.
  
  This is apparently some definition of the term "reasonably" of which I was previously unaware.
  
  --
  Check out my sysadmin blog!
8. Re:Not a thief by Anonymous Coward · 2008-06-19 03:25 · Score: 5, Insightful
  
  I liken using somebody's unsecured wireless network to listening to a neighbor's music that they play loud enough for me to hear. I didn't ask my neighbor to send wifi signals into my home.
9. Re:Not a thief by McDutchie · 2008-06-19 03:37 · Score: 5, Insightful
  
  So it's more like entering an unlocked house to take a sip from the faucet. The only crime committed is that you didn't pay for bottled water.
  
  Except that you didn't enter any house. Your neighbour is transmitting their open-access signal into your own house for you to use. Your analogy is therefore broken.
10. Re:Not a thief by xtracto · 2008-06-19 03:44 · Score: 5, Insightful
  
  If you leave the network, the bandwidth will still be there.
  
  That could presumably be false if whoever is paying for the service pays for a limit GB/month allowance
  
  --
  Ubuntu is an African word meaning 'I can't configure Debian'
11. Re:Not a thief by TheSpatulaOfLove · 2008-06-19 03:50 · Score: 5, Funny
  
  I'm also pretty sure laptops don't get criminal trials Laptops may not, but printers are subject to civil lawsuits - Right, RIAA?
12. Re:Not a thief by DriedClexler · 2008-06-19 03:55 · Score: 5, Funny
  
  *sigh*
  
  Three things are certain in life:
  
  1. Death
  2. Taxes
  3. Increasingly complicated analogy wars in discussions of wi-fi freeriding
  
  --
  Information theory is life. The rest is just the KL divergence.
13. Re:Not a thief by Illbay · 2008-06-19 04:08 · Score: 5, Funny
  
  Not true. Haven't you heard? The U.S. Supreme Court has now granted full U.S. Constitutional protections to laptops. Even if they're being detained at Gitmo.
  
  --
  Any technology distinguishable from magic is insufficiently advanced.
14. Re:Not a thief by evilandi · 2008-06-19 04:12 · Score: 5, Interesting
  
  I believe it is a lesser crime to enter without breaking in.
  
  Correct. Burglary is the act of breaking AND entering AND committing theft (logical AND; all three must happen). Theft is the intention to permanently deprive someone of physical property. Since accessing open WiFi does not involve depriving someone of physical property (neither permanent nor temporary), it is neither theft nor burglary.
  
  Fraud covers many crimes such as obtaining goods or services through deception. Since there was no deception, there was no fraud.
  
  A door does not reply with a message granting me access; the fact that it is open, closed, locked, unlocked, slightly ajar or otherwise is legally irrelevant - the important thing with burglary is that you had to break something to gain entry and then take something without permission, with no intention of giving it back.
  
  An open WiFi router does specifically reply with a message granting me permission. The fact that it uses a particular protocol or particular encryption is legally irrelevent - the important thing is that it replied back with a message specifically granting me permission. Users are authorised.
  
  (Declaration of interest: I run a deliberately open WiFi hotspot - albeit heavily firewalled and bandwidth-throttled. )
  
  --
  Andrew Oakley - www.aoakley.com
Authorization by Hatta · 2008-06-19 02:38 · Score: 5, Interesting

Title 18, Part 1, Chapter 47 of the United States Code, which covers anybody who "intentionally accesses a computer without authorization or exceeds authorized access"

Open routers have a policy of allowing authorization by default. As such, using an open router is not illegal under this act. If you have to crack anything, then it is illegal. But a simple open router is no different than an open anonymous FTP site, web server, irc server, etc.

--
Give me Classic Slashdot or give me death!
Not At All? by D+Ninja · 2008-06-19 02:40 · Score: 5, Funny

But how guilty do we really feel? About as guilty as I feel when I drive above the speed limit.
Broadcast = Permission by Toe,+The · 2008-06-19 02:46 · Score: 5, Insightful

Indeed. I don't know how the law is interpreted, but I cannot imagine how anyone who broadcasts an unencrypted radio signal can complain if someone else picks up that signal. It would be like a TV station claiming that you are stealing their content because you tuned into their channel.

You could say that a wifi router is different from TV because the activity is two-way: but the wifi router chooses to respond to me. If the owner of the router never bothered to tell their router not to respond to me, then is it my fault that it does? Am I guilty if my computer merely pings their router because it created a response on that router? They are the one who initiated the communication by broadcasting hello packets.
1. Re:Broadcast = Permission by Just+Some+Guy · 2008-06-19 03:06 · Score: 5, Insightful
  
  Am I guilty if my computer merely pings their router because it created a response on that router? They are the one who initiated the communication by broadcasting hello packets.
  Complicating matters is that certain popular OSes (XP, I'm looking at you) tend to auto-connect to the strongest signal available, no matter how nicely you ask them to stop doing that. If you're closer to your next-door neighbor's WAP than your own, and Windows decides to use his without asking your permission or even telling you, then can you really be considered guilty of anything? And doesn't that mean that the world's largest OS vendor considers "default allow" to be the correct interpretation of WAP etiquette?
  
  As little as I'm a fan of MS, I think "that's the way Windows does it automatically" would be a pretty good defense against criminal intent, even if a jury disagreed with the legality of the actions themselves.
  
  --
  Dewey, what part of this looks like authorities should be involved?
Re:Not a thief - depends by Anonymous Coward · 2008-06-19 02:46 · Score: 5, Informative
It depends from country to country:
- In Singapore you can be arrested for using an open access point because it is not clear that it was set up for you to use.
- In Germany you can be arrested for having an open access point because it is clear that you have set it up for others to use.
Ahh.. the logic of law.
Does the law really say this? by feenberg · 2008-06-19 02:48 · Score: 5, Informative

Here is a link to the actual law:
http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html

In addition to "intention" there seems also to be a requirement for damage or fraud, or revealing atomic secrets. I don't think it is obvious that using a wi-fi router based on a DHCP reply is improper under the law, although the syntax of the law is complex. Walking up the front walk of a home to ring the doorbell isn't necessarily trespassing, even without permission.
tsoat by Tsoat · 2008-06-19 02:48 · Score: 5, Insightful

Encrypt your signal or expect people to use it. It's that simple folks
Re:no theft here by nanop · 2008-06-19 02:51 · Score: 5, Funny

We'll today'll be the last time I heat my burrito in the microwave in "Executives Only" lounge, lest I be charged under Title 18, Part 1, Chapter 47...
Re:You forgot to add... by rodney+dill · 2008-06-19 04:17 · Score: 5, Funny

Sorry I'm not at 127.0.0.1 right now, please leave a message... (beep)

--

Use your head, can't you, use your head,
You're on earth, there's no cure for that - S. Beckett