Slashdot Mirror

← Back to Stories (view on slashdot.org)

Finland To Legalize Use of Unsecured Wi-Fi

Posted by Soulskill on from the it-turns-out-not-to-be-a-swedish-trap dept.

Apotekaren writes "The Finnish Ministry of Justice has started preparing changes to a current law that criminalizes using unsecured wireless hot spots (Google translation; Finnish original). The reasoning includes the impossibility of tracking unlawful use, the ease of securing networks, and the lack of real damage done by this activity. It is also hard for a user to know if an unsecured network is intended for public use or not. The increased ubiquity of legal, open networks in parks, airports, and other public places has also influenced this move by the Ministry of Justice."

32 of 151 comments (clear)

  1. There's got to be a better way... by LostCluster · · Score: 4, Interesting

    We need a standard for secure WiFi that allows guests in, most likely by giving them a personal shared key on their receipt or ticket. The big problem with unsecured WiFi is that there's no accountability. Some video-downloading hog can take all the bandwidth, and trying to use anything on 2.4 GHz during a Apple or Google developer conference presentation is near impossible. WiFi was a good first take, but we've got to work QoS and authentication in just like we have for wired just for safety's sake. Otherwise, these laws banning open WiFi actually make sense.

    1. Re:There's got to be a better way... by Tiger4 · · Score: 2, Insightful

      If the protocol automatically left a token on the host machine, it would then be up to the host to decide if she cared or not about who had been visiting. Of course that would just lead to some kind of spoofing behavior.

      Or we could get the vendors to just have security ON by default. Or even have the OFF setting have a timeout, so it defaults back to ON after a few hours/days. Then when the owners turn it off, they can't claim they didn't know what it meant.

      --
      Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
    2. Re:There's got to be a better way... by fotbr · · Score: 5, Insightful

      Sounds like you don't need laws, you need more bandwidth.

    3. Re:There's got to be a better way... by Stenchwarrior · · Score: 3, Interesting

      I agree. Where's the middle ground here? I guess making anyone who wants to use the public stuff register their MAC would be a huge pain in the arse, not to mention how easily that is spoofed. What about logging in through a proxy with user-name and password? It would have to be something that changes frequently otherwise they would be swiped by MitM attacks. Why not some sort of biometric credentialing that requires fingerprint or retina? The whole idea is to satisfy audit-tracking and accountability policies but biometrics sounds like a pain, once again.

      Surely someone here has some good ideas?

      --
      Loading...
    4. Re:There's got to be a better way... by Mordok-DestroyerOfWo · · Score: 5, Insightful

      I'd argue that you really don't need to reinvent the wheel. I like the idea of guest accounts. Simply throttle their bandwidth to something appropriate for the activity. If you're running a hotspot and are graciously allowing your neighbors access then 10 connections with 20 kbps each seems perfectly reasonable to me.

      --
      "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
    5. Re:There's got to be a better way... by MozeeToby · · Score: 3, Interesting

      So because open WiFi doesn't work in the most extreme situations, everyone should be legally obligated not to use it? Really? That is your argument? Open WiFi works just fine at my house (with a separate 'guest' SSID that doesn't grant network access obviously), and my place of business, and the college I attended, and the park downtown, and any number of other situations. There's absolutely no reason to ban operating an open WiFi connection except to make copyright content owners happy.

    6. Re:There's got to be a better way... by Paracelcus · · Score: 2, Insightful

      BS, we don't need more and more draconian laws that are almost impossible to enforce and make lawbreakers out of ordinary harmless Lusers.

      Get tough on crime! just like the 17 year old girl who got life for having a pound of pot in her possession! We'll teach her! after 70 years in the slammer getting raped, beaten and finally forgotten she can be safely loosed upon society, her debt paid and in the final months of her life she can reflect how truly sorry she is for her transgression and how wise those laws are that prevented her from having a family or ever having even a little comfort or happiness.

      USA, USA, USA!

      --
      I killed da wabbit -Elmer Fudd
    7. Re:There's got to be a better way... by laejoh · · Score: 3, Funny

      That's one t-shirt that won't get any RIAA approuval!

    8. Re:There's got to be a better way... by Anssi55 · · Score: 2, Informative

      There seems to be some confusion. The law in question only forbids unauthorized access. It does not forbid unsecured Wi-Fi itself (yes, summary is wrong).
      And now they may be changing the law to allow accessing unsecured Wi-Fi without asking for permission.

    9. Re:There's got to be a better way... by natehoy · · Score: 3, Interesting

      I don't understand, then.

      I turn on my WiFi device, and it looks for permission to use a connection. It finds a router which is clearly broadcasting its presence in a public place.

      It then asks the router (which has been configured by its owner) for permission to use the network.

      The router (which has been configured by its owner) grants permission and hands out an IP address for my device's use.

      What part of unauthorized could possibly apply here?

      This law simply clarifies the definition of "unauthorized".

      Having said that, you miss the point I was trying to make.

      If I want to use your open network to sniff out your credit card number, your Facebook account credentials, snoop your open network shares over your open network, there is not a law on the books which is going to technically prevent me from doing so. I'm going to collect that information, and there's about a 99.999% chance no one will ever catch me doing so. Meanwhile, you're in your house thinking the law is somehow keeping you safe. Hint: It isn't.

      You might sit in your house thinking the law protects you, but that's a dangerous sense of security. It actually encourages you to run your network "open", because you think the law protects you.

      If you want the law to protect your WiFi access point from unauthorized use, then this law is exactly what you want.

      It establishes clear guidelines as to what "authorized" means, makes you an active participant in protecting yourself from harm, and sets a foundation that both protects you from evildoers and allows the police to identify truly unauthorized users at the same time.

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
    10. Re:There's got to be a better way... by fbjon · · Score: 4, Informative

      I do exactly this with Tomato WRT. QoS throttling for all unknown devices down to around ISDN speeds. It can be circumvented of course, but I don't really see that happening.

      --
      True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
    11. Re:There's got to be a better way... by fluch · · Score: 5, Insightful

      If the owner leaves the WiFi access point unsecured and the DHCP server gives to my the network config info needed, then I consider this as the owners permission to use his network: my computer asked if it can join the network, the DHCP server (configured by the owner) said yes, here are the details.

    12. Re:There's got to be a better way... by vlueboy · · Score: 2, Interesting

      It was easier for me to just turn off WPA2 than to give my string or allow MAC addresses for some one-time guests the other day. Even WPS is a pain in the neck.

      I think your idead of receipts is wonderful. What we need is for a company to put one Guest Button on every router, with a big juicy text LCD screen. You push the button and the LCD gives you a SHORT temp password (aiming 64-char keys would defeat the purpose) with its own LAN for the people in front of you. After a set period (configurable in your router) the lan disappears, and the MAC addresses are logged in case you want to add them to your security.

      My DLink 825 is proof that companies trust users to do pretty complext stuff on consumer routers, down to IPv6 configuration, DHCP management and access rules. I'm suggesting just another feature that will sell your routers as user friendly.

    13. Re:There's got to be a better way... by Sancho · · Score: 2, Interesting

      What part of unauthorized could possibly apply here?

      At least in most states in the US, there's technical ability and then there's legal authorization. I technically have the ability to open my neighbor's door and walk into their house. I do not have the legal authorization to do so. This is analogy is more apropos than most because my neighbor is handicapped and has a button which opens the door automatically if it is unlocked.

      I have the technical ability to connect to most open access points. I may not have the legal authorization to do so. Just because the router is configured (by default, in most cases) to hand out addresses does not indicate that there's a legal authorization to use the network. Though it seems like about half of Slashdotters think that if you can do something, you should be authorized to--that simply isn't the way the law works.

      If I want to use your open network to sniff out your credit card number, your Facebook account credentials,

      These may fall under some state wiretapping laws. But your choice of wording is somewhat unfortunate. You probably aren't using the network, in these cases. You're just capturing data transmissions.

      snoop your open network shares over your open network

      I guess this depends on what you mean by 'snoop.' Capture files as they go across the wire? See above. Connect to the shares? That's likely a violation of the Computer Fraud and Abuse Act.

      Meanwhile, you're in your house thinking the law is somehow keeping you safe.

      The law doesn't perform actions, so anyone who thinks that any law keeps them safe is being silly.

      What happens is that people fear getting caught, and so they don't take the actions. If there's almost no chance that they'll be caught, sure, they might not care. But that's why there are often very high penalties for these types of crimes.

      Regardless, there are ways of getting caught doing passive sniffing. The law is not unenforceable. If I see you in your car outside of my house with a laptop, you might be up to no good. I could call the police to have them investigate.

    14. Re:There's got to be a better way... by amazeofdeath · · Score: 4, Informative

      There's no ban on *having* an unsecured WiFi access point in Finland. The bad wording in TFS muddles it a bit, but the point is that *unauthorized* use of an open WiFi access point is illegal currently. The new law is supposed to allow any use of open WiFi networks, as it can easily happen accidentally, the user often doesn't know whether there's a permission to use the network, and encrypting the network is pretty damn easy.

      --
      U+F8FF
    15. Re:There's got to be a better way... by lucifron · · Score: 2, Insightful

      Then when the owners turn it off, they can't claim they didn't know what it meant.

      Why should it matter whether they "know" or not?

      ISP's aren't accountable for their what their users do, should it be any different for individuals who let their neighbours check mail or whatever?

    16. Re:There's got to be a better way... by flink · · Score: 4, Insightful

      If your neighbors "doohicky" continuously flung teleporters that would transport the user into their house all over the neighborhood then it would be a more apt analogy. The point is that RF is not a door and a WI-FI router is not a house, it's its own thing and needs its own set of rules.

    17. Re:There's got to be a better way... by natehoy · · Score: 3, Insightful

      If you pollute public airspace with transmissions using a device that creates an attractive nuisance to devices that are looking for that signal, don't be surprised if devices use it.

      "Unlocked door" analogies don't fucking work. Don't you get that. YOU ARE BROADCASTING AN INVITATION TO THE PUBLIC. If you didn't read the 2 cartoon pages that came with your router that warned you about that, that's your problem, not the geeks who did.

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  2. Gateways by suso · · Score: 4, Funny

    Finland To Legalize Use of Unsecured Wi-Fi

    Kids, don't you know that unsecured wifi is just a gateway. Pretty soon you'll be cracking into stuff with stronger encryption. Then where will be? Sitting on the side of the road in some bad neighborhood looking asking to borrow a power jack.

    1. Re:Gateways by ArbitraryDescriptor · · Score: 4, Funny

      Kids, don't you know that unsecured wifi is just a gateway. Pretty soon you'll be cracking into stuff with stronger encryption. Then where will be? Sitting on the side of the road in some bad neighborhood looking asking to borrow a power jack.

      That's bullshit. I didn't even try unsecured wifi until I had spent countless hours on stolen AOL passwords. If anything it's the illegal nature of wifi that draws people into harder stuff. By forcing them to hangout in seedy locales, like underground poetry bars, they are exposed to things like hipsters and thick-rimmed, non-prescription glasses; things that they would have never even heard of otherwise!

    2. Re:Gateways by natehoy · · Score: 3, Funny

      One tweet, man, that's all I need to send. Please, man, it's been hours, and I'm hurtin' real bad. I just need a couple kilobytes, man. Please. Help a guy out?

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
    3. Re:Gateways by ArbitraryDescriptor · · Score: 5, Funny

      Those trial CDs had your name all over them. I looked up to you, what was I supposed to think? Then the way you just left them lying around... what did you think was going to happen?

      I learned it from watching you, dad. I learned it from watching you!

      *sobbing ensues*

  3. Name Change by just_another_sean · · Score: 4, Insightful

    I hear by propose that Finland change the name of the Ministry of Justice to the Ministry of Common Sense and Applied Intelligence!

    Imagine that, a reasonable and informed change to a law to sync with their ever changing technological landscape. I am astounded! One
    only hopes others will learn from this event.

    --
    Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
    1. Re:Name Change by DMNT · · Score: 5, Informative

      The finnish legislation standard used to be (until 2000's where they passed some questionable laws) to lay down technologically neutral laws, where the technology used played no important role but the action did. This proposed legislation is just an exception to be amended to the current law, which regulates the use of other people's property, which you currently are not allowed to use without a prior permission. Currently some of the facilities offer free WiFi without informing you of such and this behaviour would be illegal by the law even when it's not easy to detect or to prosecute. So they are for the sake of clarity, going to make an exception because it is often hard to find out whether you're allowed to use the open network or not.

      The human translation for newstext:

      Joining a wireless accesspoint to be legalized

      The ministry of justice is forming a law to allow use of unprotected WiFi access points. By the current law the unauthorized use of open networks has been illegal.

      The exception is rationalized by for example, the lack of harm done, impossibility of oversight and the relative easiness of protecting the network. For the end user it is also often difficult to find out when the network is meant for public use and when it is not.

      The statements received by the ministry of justice (which includes EFFI, Electronic Frontier Finland, by transl.) remind that the avilability of free WiFi access has increased in public space such as parks and air fields and they don't always inform the end user of the free availability.

      According to the ministry of justice, there has been only one sentence for the use of unsecured WiFi by the district court. Higher court upheld the decision and it never went to the supreme court.

      Most of the statements were for the legalization. However, many of them held it in high value that the owner of the access point should be held innocent in case of the illegal use of the access point.

      Experts' opinion is that a lot of the WiFi access points are unsecured and the unauthorized use of them is common. Securing of the access point is usually easy when following the manuals of the access point.

      The unauthorized use of the access point might slow the network down but it is hard to note unless there's a lot of file transfers compared to the bandwidth available.

      --
      ?SYNTAX ERROR
    2. Re:Name Change by Anssi55 · · Score: 2, Informative

      What is surprising (to me at least) is that the unsecured WiFi was illegal in the first place.

      Only accessing them without a permission is illegal (as said in TFA; the summary fails to mention that, however)

  4. Barnes and Nobel by orsty3001 · · Score: 4, Interesting

    Just do what Barnes and Nobel does. If you try to connect to their system it will want to text you a temporary access code.

  5. Scandinavian countries seem wise by TruthSauce · · Score: 5, Insightful

    There are a lot of common sense ideas in the Scandinavian countries.

    I've been thinking about it and I think that perhaps it's related to their increased tolerance for failure. A Swede or Norwegian or Finn is able to say "yes, this was a mistake" and not be derided in public for it.

    The concept that humans aren't perfect isn't lost on these people as it seems to be in much of the rest of the world.

    Another great example of this is the sex offender registries in the area. They're not only non-existent, they're actually illegal. They contend that it is a gross violation of personal privacy for those who already served their time and point out (probably correctly) that they do very little than encourage fear and paranoia amongst the populace. There was even a very public protest in OPPOSITION to a group who set up a private registry with similar information, after which, the site was removed due to its illegal content (in violation of local privacy laws).

    To bring up another example, in these countries, there are very few frivolous lawsuits, as the system is carefully balanced to make it burdensome to bring one.

    It is much easier for a judge to deem the plaintiff liable for all court costs and all defense costs if he feels the lawsuit was brought with malice or with little hope of succeeding.

    Additionally, the state represents both parties in some cases, removing the financial burden of defending yourself from lawsuits. What they then do is place that burden on one of the parties in the case that they have been shown to be "willfully" out of compliance with civil law, but in cases where it is a genuine misunderstanding, the costs are absorbed by the system.

    Rather than having a heirarchy where the rich can do whatever they want and the poor get fucked. Or a system where the powerful control everything and those down on their luck are brazenly left out to dry, these countries seem to have found a balance.

    Also, worth noting, that these countries, despite their low populations and high standard of living, are not in the list of struggling economies, even during this "European crisis".

    Absolutely brilliant. :-)

    1. Re:Scandinavian countries seem wise by dropadrop · · Score: 4, Informative

      Also, worth noting, that these countries, despite their low populations and high standard of living, are not in the list of struggling economies, even during this "European crisis".

      Absolutely brilliant. :-)

      To be fair, Finland and Sweden have not been doing especially well during this crisis. Both countries are highly dependent on exports that have been doing badly. Finland had a huge drop in both exports and gdp (In Finland GDP was -7.8% last year, a drop of 9% since the previous year) during 2009, and the government took a huge loan just to keep things running. The good part is, that we don't have as much debt as more southern countries, so on the big picture things still look ok.

    2. Re:Scandinavian countries seem wise by Second_Derivative · · Score: 2, Informative

      It's also the country that passed Lex Nokia not too long ago. Certainly the Finnish situation isn't as bad as it is in the UK and the US, but it's still not perfect.

    3. Re:Scandinavian countries seem wise by Luckyo · · Score: 3, Interesting

      There is a funny thing about that law. Up to this point, NOT A SINGLE COMPANY USED IT.
      Because there is a clause in the law stating that to use the law to monitor your employees, you are required to inform a government official in charge of privacy investigation, essentially making it public that you're using the law. And the public backlash because of the law was so heavy, that not a single company wants to be known as "the first company to start using that unfair snooping law".

      So the law is in place, but no one wants the bad rep for using it. So it's not being used. A sort of classic nordic common sense, very similar to what we did when christians came with their crusades to bring the religion. Obey them while they have the upper hand, but dig your idols back from the ground when the guys with big swords leave. Same here, once the big money behind the law lobby has gone away, the pressure has been put not to actually put law to use.

      This sort of common sense is why our criminal law allows police to conduct immediate house searches without court warrant based on suspicion of any crime with potential punishment of 6 months jail or more. It's there, and it's used to catch mainly marijuana growers and resellers. But its abuse for purposes other then that is minimal-to-nonexistent, because folks at police know - if they abuse it even once in a noticeable way, they'll lose the law.
      It's that mutual respect between the law and it's executors and general population that is unique to Nordic countries, and why authorities tend to have more leeway legally, and yet rarely if every abuse it clocking lowest corruption figures in the world.

  6. Re:We have the bandwidth by Mr.+Freeman · · Score: 2, Insightful

    "And how is anyone ever going to be able to use IP addresses as evidence anymore if you can just claim that you have an open network."

    I guess that you'll have to actually obtain some evidence of illegal activity then. It is not the job of laws to restrict freedom for the purpose of making it easy to sue people or catch criminals.

    The price of freedom is that some criminals will run free, get used to it. It's what all of America was built on for fuck's sake. It saddens me that there's people who can't accept this fact.

    --
    -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
  7. Re:Unsecured wireless isn't illegal and shouldn't by amazeofdeath · · Score: 3, Informative

    It isn't illegal in Finland, *unauthorized* use of unsecured WiFi connections is currently. The lawmakers are trying to clear the situation, as the user can't know whether he has a permission or not to use the open connection. The current law defaults to no permission, the new should default to open -> permission.

    --
    U+F8FF