Finland To Legalize Use of Unsecured Wi-Fi

Apotekaren writes "The Finnish Ministry of Justice has started preparing changes to a current law that criminalizes using unsecured wireless hot spots (Google translation; Finnish original). The reasoning includes the impossibility of tracking unlawful use, the ease of securing networks, and the lack of real damage done by this activity. It is also hard for a user to know if an unsecured network is intended for public use or not. The increased ubiquity of legal, open networks in parks, airports, and other public places has also influenced this move by the Ministry of Justice."

There's got to be a better way...

[LostCluster]

We need a standard for secure WiFi that allows guests in, most likely by giving them a personal shared key on their receipt or ticket. The big problem with unsecured WiFi is that there's no accountability. Some video-downloading hog can take all the bandwidth, and trying to use anything on 2.4 GHz during a Apple or Google developer conference presentation is near impossible. WiFi was a good first take, but we've got to work QoS and authentication in just like we have for wired just for safety's sake. Otherwise, these laws banning open WiFi actually make sense.

Re:There's got to be a better way...

[Stenchwarrior]

I agree. Where's the middle ground here? I guess making anyone who wants to use the public stuff register their MAC would be a huge pain in the arse, not to mention how easily that is spoofed. What about logging in through a proxy with user-name and password? It would have to be something that changes frequently otherwise they would be swiped by MitM attacks. Why not some sort of biometric credentialing that requires fingerprint or retina? The whole idea is to satisfy audit-tracking and accountability policies but biometrics sounds like a pain, once again.

Surely someone here has some good ideas?

Re:There's got to be a better way...

[MozeeToby]

So because open WiFi doesn't work in the most extreme situations, everyone should be legally obligated not to use it? Really? That is your argument? Open WiFi works just fine at my house (with a separate 'guest' SSID that doesn't grant network access obviously), and my place of business, and the college I attended, and the park downtown, and any number of other situations. There's absolutely no reason to ban operating an open WiFi connection except to make copyright content owners happy.

Re:There's got to be a better way...

[natehoy]

I don't understand, then.

I turn on my WiFi device, and it looks for permission to use a connection. It finds a router which is clearly broadcasting its presence in a public place.

It then asks the router (which has been configured by its owner) for permission to use the network.

The router (which has been configured by its owner) grants permission and hands out an IP address for my device's use.

What part of unauthorized could possibly apply here?

This law simply clarifies the definition of "unauthorized".

Having said that, you miss the point I was trying to make.

If I want to use your open network to sniff out your credit card number, your Facebook account credentials, snoop your open network shares over your open network, there is not a law on the books which is going to technically prevent me from doing so. I'm going to collect that information, and there's about a 99.999% chance no one will ever catch me doing so. Meanwhile, you're in your house thinking the law is somehow keeping you safe. Hint: It isn't.

You might sit in your house thinking the law protects you, but that's a dangerous sense of security. It actually encourages you to run your network "open", because you think the law protects you.

If you want the law to protect your WiFi access point from unauthorized use, then this law is exactly what you want.

It establishes clear guidelines as to what "authorized" means, makes you an active participant in protecting yourself from harm, and sets a foundation that both protects you from evildoers and allows the police to identify truly unauthorized users at the same time.

Barnes and Nobel

[orsty3001]

Just do what Barnes and Nobel does. If you try to connect to their system it will want to text you a temporary access code.

Re:Scandinavian countries seem wise

[Luckyo]

There is a funny thing about that law. Up to this point, NOT A SINGLE COMPANY USED IT.
Because there is a clause in the law stating that to use the law to monitor your employees, you are required to inform a government official in charge of privacy investigation, essentially making it public that you're using the law. And the public backlash because of the law was so heavy, that not a single company wants to be known as "the first company to start using that unfair snooping law".

So the law is in place, but no one wants the bad rep for using it. So it's not being used. A sort of classic nordic common sense, very similar to what we did when christians came with their crusades to bring the religion. Obey them while they have the upper hand, but dig your idols back from the ground when the guys with big swords leave. Same here, once the big money behind the law lobby has gone away, the pressure has been put not to actually put law to use.

This sort of common sense is why our criminal law allows police to conduct immediate house searches without court warrant based on suspicion of any crime with potential punishment of 6 months jail or more. It's there, and it's used to catch mainly marijuana growers and resellers. But its abuse for purposes other then that is minimal-to-nonexistent, because folks at police know - if they abuse it even once in a noticeable way, they'll lose the law.
It's that mutual respect between the law and it's executors and general population that is unique to Nordic countries, and why authorities tend to have more leeway legally, and yet rarely if every abuse it clocking lowest corruption figures in the world.