Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dutch Court Rules WiFi Hacking Not a Criminal Offense

Posted by timothy on from the firecrackers-drugs-wifi-cracking-oh-my dept.

loekessers writes "Breaking in to an encrypted router and using the WiFi connection is not an criminal offense, a Dutch court ruled. (Original article in Dutch; English translation.) WiFi hackers can not be prosecuted for breaching router security. The judge reasoned that the student didn't gain access to the computer connected to the router, but only used the router's internet connection. Under Dutch law, breaking into a computer is forbidden. A computer in The Netherlands is defined as a machine that is used for three things: the storage, processing and transmission of data. A router can therefore not be described as a computer because it is only used to transfer or process data and not for storing bits and bytes. Hacking a device that is no computer by law is not illegal, and can not be prosecuted, the court concluded. "

23 of 234 comments (clear)

  1. Where is the line? by mordenkhai · · Score: 3, Interesting

    How many "bits and bytes" does a device have to store to be declared a computer? I mean, mine stores a password, those are a few bits, where is the limit? I don't know enough about the case to comment on the details, but it seems an odd thing to base a ruling on to me.

    1. Re:Where is the line? by Sir_Sri · · Score: 2

      ya, it stores all of the settings of the router, which determine where all the data is transmitted to...

    2. Re:Where is the line? by cappp · · Score: 5, Informative

      The court's ruling itself can be found here. It's a little wonky linguistically and the frames are messy, but scroll down and you'll find some really interesting details. For your question it seems the court considered two factors - was it a computerised device (which the translation makes difficult to establish...seemingly could be read either way) and second, was there an intrusion which exposed personal data. Since the latter didn't occur it doesn't matter if the former is true.

      As for other details, the case involves a guy posting a threat - on 4chan - to commit a school shooting and apparantly hacked the Wifi as a little camo'.

    3. Re:Where is the line? by Idefix97 · · Score: 5, Interesting

      I've read the original article mentioned in Dutch, and the gist of it is really that it isn't illegal to simply use someone else's network (even when it is encrypted), but it would be illegal to start browsing electronic files in that network.

    4. Re:Where is the line? by turbidostato · · Score: 2

      "Ruling aside, the law will most likely be augmented to include networks and network devices in addition to computers."

      Because?

      What's the problem about breaking in someone's network that makes it a criminal offense instead of a civil one? This rule is quite a sensible one, why should it be overruled?

    5. Re:Where is the line? by kwark · · Score: 4, Insightful

      When you are breaking and entering someones wlan, you are not accessing these parts of the router. You are only gaining access to the transmission part of the device (AccessPoint), it's like finding a way to sneakily plug a cable into someone else his network (without tresspassing on his property). The safety of the other parts is not compromised (your not using the same passphrase for the default user of the device and the wlan, are you) .

      The law used to deter wireless hacking has the word computer in it. Using specific devices is always a big risk in laws with fast evolving technologies. A judge decided to formulate a definition of the word computer. I personally think it was a good call, though I don't want any unautorized access to my wlan myself.

      If you want to argue this should be illegal, a better comparison would be to compare it with stealing electricity.

    6. Re:Where is the line? by maxwell+demon · · Score: 2

      Even if he did not cause financial loss it's still an act which should be illegal. After all, breaking into a private house is a crime even if you don't steal anything, don't read the diary of the owner, and don't damage anything in the process of breaking in.
      And if the connection is encrypted, you can't even say the door was wide open. "The door lock wasn't strong enough" isn't a valid excuse.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    7. Re:Where is the line? by Anonymous Coward · · Score: 2, Informative

      You keep repeating that, it makes you look dumb. There is no confidence involved because the two parties have had no communication. There's also no profit involved. You also look retarded for quoting a dictionary as opposed to the relevant Dutch law. I'd even be willing to cut you some slack if you had a layman's argument as to why this was so, but as is, you should put the crack pipe down.

    8. Re:Where is the line? by Midnight+Thunder · · Score: 2

      If the router was using an encrypted connection, then they should at least be a fine, but only if real intrusion was demonstrated. If it wasn't encrypted then that's the owner's fault.

      The door analogy fails in the sense that your building has a specific graphical location, with which by default I am outside. A wireless signal can encroach on space that I am in and therefore includes me in that space whether I like it or not. You could argue that when I am decrypting the signal I am simply making sense of the noise around me and not intentionally making use of that noise. Think of it this way: if your minivan is on my land without my permission is the crime of me unlocking it to see what's in it still the same as if I did that while it was outside my land?

      In many ways if you have sensitive data going over the wireless signal, then you should be using an extra layer of encryption on top of whatever the wireless standard offers, or questioning your use of the wireless technology. In many cases lack of computing power is not an excuse, as it is with cell phones for example. The only question I have now is what cross-platform solutions provide this extra level of data encryption?

      --
      Jumpstart the tartan drive.
    9. Re:Where is the line? by HungryHobo · · Score: 2

      it's very comparable to those kinds of things, I'm guessing that since the hacking law was written with penalties assuming that it would be people breaking into bank servers or stealing credit card numbers the judge wasn't keen to apply such large penalties for something which has more in common with sneaking into a cinema or riding the subway without a ticket.

  2. IF this passed in the US... by Ambvai · · Score: 2

    Speaking as though this passed in the US, I'm mildly concerned. There are plenty of extra costs that may be incurred, such as metered bandwidth or access of illegal materials. If this were to fly, it would also necessitate that other people using your network without authorization would not come back to bite the network holder.

    1. Re:IF this passed in the US... by Opportunist · · Score: 2

      Then you better start to learn how to secure your router. Sorry, but sympathy for those unable to secure their systems and unwilling to learn how to do it is not forthcoming.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:IF this passed in the US... by freakmn · · Score: 2

      yeah, we shouldn't make any stealing illegal. Learn to lock your house more if you dont want burgers.

      This makes me want to leave my door unlocked, with the hope that the reverse hamburglar deposits burgers in my house.

      --
      warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
    3. Re:IF this passed in the US... by micheas · · Score: 2

      The issue is "should this be subject of Civil or Criminal proceedings?"

      Civil litigation could include tortuous interference on the grounds of directly, or indirectly causing the network owner to incur costs from bandwidth usage or inappropriate network usage.

      With small claims court having a $5,000 limit and the much lower standards of proof required for civil litigation vs criminal litigation, it seems likely that you would be more likely to get compensated for a few thousand dollars out of civil litigation than to actually see a dime out of criminal prosecution. Further more, if you factor your increased taxes locking up someone that decrypted a wifi signal, you might actually find out that you lost money by having the person sent to jail.

      The moral? Make sure your log files are easy to prepare and annotate for shipment to your attorney or court.

      --
      Work bio at MMWD
    4. Re:IF this passed in the US... by Duradin · · Score: 2

      Sorry, but sympathy for those unable to wear body armor capable of stopping a .50 BMG AP round is not forthcoming.

    5. Re:IF this passed in the US... by cortesoft · · Score: 4, Insightful

      How is this different than stealing your car, taking it for a spin, and then putting it back in your driveway?

      Would you respond "Learn to install a better alarm and not allow your car to be hot-wired so easy"?

      You don't have to install an unbreakable lock to be protected from theft in the eyes of the law.

    6. Re:IF this passed in the US... by JaredOfEuropa · · Score: 2

      This is exactly what this Dutch court case is about. The judges did not rule that breaking into someone's WiFi is now allowed; they ruled that it is not a criminal offence defined as "computervredebreuk" (lit. "violating a computer's peace"). It is still subject to civil proceedings. Although... interestingly, in 2008 a Dutch judge ruled that using someone else's bandwidth isn't theft because bandwidth and data "aren't goods". Maybe this jurisprudence adds up to WiFi hacking being legal, after all.

      It's not the judges who are idiots though, as some here claim. From a normal user's perspective, routers only transmit data, they do not store and process it, even if it does do some storage and processing internally. That user's perspective is probably how Dutch law defines data processing and storage, which simply means the law is worded wrong or incomplete if it does alllow Wifi hacking. I do remember that the definition for "computervredebreuk" used to be a lot less narrow... in those days, you technically could be jailed for changing the settings on your sister's alarm clock without her permission. Which is probably why they changed the law at some point.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    7. Re:IF this passed in the US... by sjames · · Score: 2

      And more to the point, if someone stole your car and used it as a getaway in a bank robbery, the bank wouldn't sue you for the money they lost.

  3. Re:Niiiiice by Mitsoid · · Score: 2

    It seems the law, as the judge rules, is that you have to "Browse" through the personal information. If you hack the router and gain access, but stop there and only use it for connecting, you are not breaking the law they have. It appears "Intrusion" requires you view the information on the device...

    I suppose a poor analogy would be picking the lock on a house, but not opening the door... when no law against 'lock picking' exists... which in this case also did not share the key with anyone else, nor leave the house vulnerable to another person with ill intent

  4. Theft of service by tepples · · Score: 2

    It appears "Intrusion" requires you view the information on the device...

    Do they have a "theft of service" law in the Netherlands? If so, running up a big Internet bill might be grounds for that.

  5. Re:Niiiiice by c6gunner · · Score: 2

    I suppose a poor analogy would be picking the lock on a house, but not opening the door... when no law against 'lock picking' exists... which in this case also did not share the key with anyone else, nor leave the house vulnerable to another person with ill intent

    A better analogy would be picking the lock, walking in, kicking your feet up on the coffee table, turning on the TV, and using their phone to call up the local pizza and/or beer delivery place. Might not be illegal, but it certainly should be.

  6. Re:Questionable by c6gunner · · Score: 2

    I run a dual core 400 MHz P-II as a router ...

    Ouch.

    Not that I have anything against hardware reuse ... but seriously, if you shelled out some cash to upgrade to an Atom-based box, the reduction in electrical usage would probably be enough to recoup the cost within a year.

  7. Re:That can be sued for in civil court by leomekenkamp · · Score: 2

    But also keep in mind that the dutch legal system is extremely wonky, ruled by judges who are completely out of touch with reality.

    [citations needed]

    Because right now, this judge has declared that taking fuel from his car is not theft.

    No, the judge has said no such thing. In fact, I wholeheartedly believe this same judge would declare the unauthorized taking of fuel from a car a criminal offense. The judge said that there is no criminal law against simply using someone else's network. And he is right: there is no such law.

    --
    Wenn ist das Nunstueck git und Slotermeyer? Ja! Beiherhund das Oder die Flipperwaldt gersput.