All that is wrong with the world…

February 27, 2010

Is making use of unprotected Wi-Fi stealing?

Filed under: Security, Tech — Tags: , , , , , , , — allthatiswrong @ 7:18 pm

Table of Contents

Introduction
Does WEP count as unprotected?
The “unlocked door” analogy
Is it really stealing?
Whose responsibility?
There is no excuse
Legal issues
Conclusion
References

Introduction

I have seen this issue popup quite a lot and it is an interesting topic of discussion. There have been many interesting cases of people being arrested for accessing open Wi-Fi connections as legal systems adapt to the presence of this new technology. Unfortunately most of the prominent court cases have been based around prosecuting the defendant with unauthorized computer access and in some cases theft. Certainly many people seem to share the opinion that making use of a connection you did not have access to is in some way stealing, or at least morally wrong.

In this article I argue that accessing an unprotected Wi-Fi network is not stealing, nor is it in any way morally wrong. I have chosen the term unprotected Wi-Fi to remove any ambiguity, so as to refer to all Wi-Fi networks that have encryption disabled, and offer a DHCP lease and network access to any device that requests it. This is in contrast to the term open Wi-Fi, which some people take to mean Wi-Fi networks that are intended to be open for anyone to access.

Does WEP count as unprotected?

It is important to distinguish between an unsecured Wi-Fi network, and a Wi-Fi network with any form of security. Many consider a Wi-Fi network with only WEP encryption to be unsecured, however for the purposes of this article a WEP protected Wi-Fi network is considered a secure network. The reason many people consider WEP to be equivalent to an unsecured network is because it is a very old form of security, and it can be bypassed these days often in just a few minutes.

The fact that WEP is all but useless technically is irrelevant here. What is important is that the owner made an attempt to secure their network, and by doing so made it clear that the network was not open for anyone to use. This is a big difference between leaving a Wi-Fi connection unsecured, and making an attempt to secure it. An attempt to secure a wireless network however weak is still making the intention of the owner clear. This is equivalent to hanging a keep out or no trespassing sign on a private property. While it can be easily bypassed, there can be no question that doing so is going against the owners wishes.

This is in contrast to an unsecured Wi-Fi network where the intention of the owner is ambiguous, and we only have limited information to go by. With an unsecured Wi-Fi network not even the most minimal of efforts have been made to keep people out, despite it often being trivial to do so. With a device that broadcasts its presence and allows anyone to join upon request it is fair to assume you are allowed to use this network. This situation is similar to trespassing law in many countries, whereby it cannot be considered trespassing if no effort was made to warn people of the private property.

The “unlocked door” analogy

One of the most common arguments against using an unsecured Wi-Fi connection is to compare the situation to someone leaving the door to their house unlocked and arguing that this is analogous to leaving a Wi-Fi connection unsecured. Unfortunately this analogy is specious as best.

A Wireless AP broadcasts radio waves in all directions for hundreds of feet announcing its presence and in many cases supplying the authorization and information necessary to join a network. An AP is set by its owner to either allow anyone to join the network, or to only allow people with the key to join. In this way the AP is a somewhat intelligent device acting as a gatekeeper following the orders of its owner. Unlike a door which is passive and awaits interaction, an AP is an active device sending out broadcasts and responding authoritively to requests for access.

This is what prevents any comparison to an unlocked door from being accurate. When people connect to an unsecured Wi-Fi network, they are doing so because the network advertised itself as available, and when they requested to join they were granted access. This is not the case with an unlocked door which can be physically identified as belonging to a particular residence, and which generally would require other boundaries to be broken before it can be accessed.

Unlike a locked door a wireless access point has no physically distinguishing characteristics to aid in determining if the access point was intended to be private or public. Except for the fact that is generally trivial to enable security or even change the SSID to reflect the owner’s intentions. Without even the smallest effort taken to communicate that a wireless network is intended to be private it is only reasonable to assume it is intended to be public.

From summary it would appear that the wireless network had been deliberately configured to accept connections from anyone. Just because someone configures their devices so that it broadcasts and authorizes anyone who wishes to join either due to ignorance or disregard, should someone really be arrested for then joining that network?

Understandably many people see this issue as purely a moral issue, and so wish to reduce the argument to its simplest form. Simply because someone, for whatever reasons leaves something unlocked or available, that does not give an opportunist the right to take advantage of that. Unfortunately the situation with unsecured wireless APs is more complex than a simple unlocked door analogy, and reducing it to such a simple form leaves us with a useless analogy that is no longer accurate.

Is it really stealing?

Many people are quick to label using an unsecured Wi-Fi network that the owner did not want to be used, as stealing that person’s connection or service. Most of the time however this is simply inaccurate for the same reasons as downloading a song or a movie is not stealing. The core concept of stealing let alone any dictionary definition requires that the owner be deprived of their property or service in some way for some amount of time. This is rarely the case with Wi-Fi ‘theft’.

In much of the world internet access is not metered, nor is there any finite usage limit. There is no theft of service in thiese situations as the owner of the internet connection is not deprived of using his service in anyway. They may not even be aware that someone is making use of the connection.

There are of course exceptions to this. In countries where interest access is ridiculously limited such as Australia or in developing countries, or where someone takes advantage of the network and saturates the connection, then it is accurate to say that the owner is being deprived of something which is theirs, so an argument can be made that it is indeed stealing.

There is also the viewpoint that since the wireless AP is broadcasting onto your private property without needing any effort on your part it is not stealing. Similar to how accessing television or radio signals broadcast over public frequencies cannot be considered stealing, nor can accessing a publicly broadcasted Wi-Fi signal. I am not convinced this argument is similar enough to the Wi-Fi situation o have merit, however I find it irrelevant as accessing unsecured Wi-Fi cannot be said to be stealing as the deprivation criterion has not been met.

Some people also hold the view that accessing an unsecured Wi-FI for internet access without explicit permission from the owner is not just stealing from the owner, but also from the ISP who provides the internet service. This is simply incorrect. The ISP is irrelevant here unless the contract specifically disallows providing internet access through unsecured Wi-Fi. Most contracts however simply contain a clause against reselling and not against making it freely accessible have. Accessing the internet through an unsecured Wi-Fi connection is no more stealing from the ISP than watching a friends cable TV is stealing from the cable company.

For the most part however people who connect to an unsecured Wi-Fi connection are in all likelihood only going to only be visiting some simple web -pages and perhaps emailing. There will always be some people who will take unfair advantage of such a connection or use up a download quote on metered connections, but these are exceptions to the rule. Generally, making use of an unsecured Wi-Fi connection does no harm to the owner and should not be considered stealing.

Whose responsibility?

There is also the question of who should bear the responsibility when someone connects to an unsecured Wi-Fi network. Most people are quick to blame the clients along with accusations of theft, but is this really fair? As I point out a bit further down, when someone installs a wireless access point most of the time they must consciously leave security disabled, or at least be aware that they have done so.

If someone leaves their car unlocked with the keys in the ignition and it gets stolen, many places will hold the owner of the car responsible. Many regions have explicit laws against this situation which find the owner at fault. As much as taking advantage of a car with the keys left in it is wrong, we live in a world where crime is inevitable, as such people must be responsible to a reasonable degree for their possessions.

That is not a terrific example as stealing a car is indisputably morally wrong – no question about it. This is less true for connecting to an unsecured Wi-Fi however. While an analogy can be made between leaving an AP unsecured and broadcasting and leaving a car unlocked with keys inside, it is obvious that the car belongs to somebody and is not yours to take. It is rare that it is as obvious that an unsecured Wi-Fi network is not intended to be used.

In most cities there are literally hundreds of networks, some may be provided by a city or council, some may be provided by some sort of organization or business and some may be provided by people genuinely happy to share their connection. With Wi-FI being near ubiquitous how are most people to know if a network is intended to be free for use by anyone or intended to be private? The answer is they cannot, nor should they have to. The onus must be on the owner of the AP to read the manual that came with their device, or to have someone to set it up for them if they lack the knowledge to do so.

It is also important to keep in mind that many laptops and devices will connect to an unsecured wireless network by default without user intervention. Many people may not realize they are not authorized to be on an unsecured wireless network and will only note that their computer has picked up free internet. To prosecute people for using their devices as intended when enabled only due to the ignorance or laziness of an AP owner is wrong.

A more accurate analogy to stealing a car with keys in the ignition might be accessing a public website. If a family or individual decided to place some private photos on a website and only share them with friends, yet made no effort to protect them and someone stumbled across them, who is at fault? Websites are intended to be public unless locked down, so how could the person who stumbled across an apparently public website be expected to know any better?

The ignorance of the owner is not an excuse here. There is no need to know about .htaccess or such as hosting companies provide a simple interface to password protect directories and generally provide free support. Just as a person accessing a public website could not know the owner did not intend for the website to be public, most people accessing an unsecured Wi-Fi network would have no reason to assume the network was not intended to be open. In all cases the owner must bear responsibility for securing their property without exception.

There may be many reasons that people deliberately leave their wireless network unsecured, while being aware of the risks. Whether motivated by convenience, compatibility or any other reason is irrelevant. If you are aware of the risks and decide to leave your wireless network unsecured then you must accept the possibility of people connecting to and using it. Leaving your front door unlocked may be more convenient, but you could not expect any insurance payout in the event of a robbery.

There is no excuse

These days there really is very little excuse to leave a wireless network unsecured as a result of ignorance. Every router or modem in made in at least the last five years either stresses the importance of enabling security for your wireless AP, or more commonly will force you to make a decision when first setting up the device.

There is no prerequisite of technical knowledge required to enable security. Wireless AP manufacturers are well aware that most people do not have even a basic technical understanding and their devices are designed accordingly. When setting up the majority of devices, you must explicitly choose an option equivalent to “No security” which is generally advised and warned against, or choose one of the security methods and provide a password or key. Indeed, many devices these days go so far as to have a default key or passphrase as a sticker on the box allowing the devices to be secure by default and making it easy for clients to join.

Some of the most common Wireless AP’s for consumers are the NetGear WGT624, NetGear WNR350, Linksys WAG160N, Dlink DI-524 and the Belkin Wireless G router. All of these routers have been around for around 5 years or more. They all provide strong, hard to miss advice recommending against leaving security off, and all force you to explicitly disable or enable security during the quick setup.

Unfortunately the only argument I have ever encountered against this rather basic axiom was based on lies and misrepresentation. The fact of the matter is it is difficult to avoid making a choice to enable security on any router from the last 5 years. If we acknowledge that the majority of people operating an unsecured Wi-Fi network explicitly chose not to enable security, it is only reasonable to assume they have no problem with people openly using their unsecured Wi-Fi network.

In the event that someone honestly may not have any technical knowledge at all and finds it all too confusing, it is likely they will have someone qualified to set things up for them. The qualified person will either enable security for this person, or explain the choices in which case again the owner of the wireless network must make a choice to disable security.

Even if someone happened to have an exceptionally old or uncommon router that does not advise or force you to make a choice regarding security, there are still many other avenues in which users will have been informed:

  • ISPs
  • Their Operating System
  • News/Media
  • Whoever is responsible for doing computer maintenance or repair

Additionally, in the event that someone owns a very old router and had somehow managed to avoid all the above avenues which make clear the ramifications of running an open Wi-Fi, it Is likely that the router firmware will be updated at some point, then making it necessary to make a choice regarding security.

The only counterpoint I have seen to this was a rather idiotic argument trying to compare people deliberately choosing to have security disabled for whichever reason to people being taken advantage of in Nigerian mail scams. This is also the prevailing problem with the most popular view on this issue today, equating a willful ignorant owner of a wireless AP with being a hapless victim taken advantage of.

Of course there are exceptions to my argument. There may be people with very old pre-2005 routers who never needed to update the router firmware or read the manual. These people never needed to hire anyone more qualified because their setup already worked. They didn’t pay attention to warnings mention by media about leaving your Wi-Fi networks unsecured and didn’t consider warnings from the OS to be relevant.

These people are the exception to the rule and as such do not negate what should be considered the general guiding rule. If someone left their Wi-Fi unsecured it was most likely intentional regardless of the reasons for doing so. It takes a very special case to claim true ignorance and to ignore all of the various methods people are made aware of the risks of running an unsecured Wi-Fi network.

Legal issues

The legal issues of connecting to an unsecured Wi-Fi network are complex and tend to differ substantially by country or state. Unfortunately many of the most public cases from the US and UK of people accessing an unprotected Wi-Fi network have resulted in people being prosecuted for stealing or theft. This is wrong on many levels, not least because it ignores any culpability attributable to the owner

Much legislation against illegally accessing a computer or computer network makes use of the word authorization. In a purely technical context there should be no issue here, as when connecting to an unsecured Wi-Fi network you must be authorized by the AP to do so. Of course, the law is about the intent of people and not the actions of machines. Even so, should the fact that owners of Wi-Fi access points decline to explicitly protect their network not be taken as an implicit authorization?

In Australia, Canada, the UK and likely most countries it is illegal to access an unsecured Wi-Fi network without explicit permission from the owner. In contrast to common sense where you would assume an unprotected network is open, you must instead make sure you have the consent of the owner of the network you are connecting to. This creates a somewhat dangerous situation…what if a small café or business offered free Wi-Fi and decided they didn’t like a particular customer? Under these laws they could have that person prosecuted if he accessed their open Wi-Fi network, despite not having done anything wrong. Recently the UK has announced they will attempt to practically outlaw all open or unsecured Wi-Fi networks with their Digital Economy Bill, making network owners equal to ISPs as well as being responsible for all content transmitted over their network and having to keep detailed logs and access records.

In the US at least it would appear to not be a federal crime. According to Title 18 (Crimes and criminal procedure) of the United States Code, Part I (Crimes), Chapter 119 (Wire and electronic communications interception and interception of oral communications) it is not illegal to access electronic communications readily accessible to the general public. Readily accessible to the general public is defined as not being encrypted and broadcast over public frequencies. However I have not seen or heard of any case coming under federal jurisdiction with most cases being handled by state legislation instead. In Texas and Florida the situation is similar to that of Canada and Australia, where the owner bears no responsibility for operating an unsecured Wi-Fi network and anyone accessing it without permission of the owner has committed an illegal act.

The state of New York has a saner approach in that owners bear the responsibility for protecting their networks, and unauthorized access occurs only when protections are intentionally bypassed. The proposed House Bill 495 for New Hampshire was interesting, being similar to the New York legislation in which the responsibility was placed on the owner for securing their network. Unfortunately however this bill was ultimately not passed.

In Germany there does not seem to be any issue with connecting to an unsecured Wi-Fi network as it is clear that an unsecured AP is open and available for anybody to use. Instead the law seems to target the owners who fail to secure their network in that they must bear responsibility and making them liable for certain actions. Out of all of the legislation and cases I have seen Germany and New York seem to have the most practical and rational laws. The UK seems to have the absolute worst laws, with people accessing an unsecured Wi-Fi network possibly facing heavy penalties as well as making the networks owners soon to be responsible for all contents transmitted over their network. This is disappointing, although not surprising given the direction the UK has been heading in the last few years.

What about operating an unsecured Wi-Fi network for defensive reasons, similar to how Bruce Schneier advocates? Many people are of the opinion that leaving their Wi-Fi network accessible will be a valid defense in the event they are accused of some illegal act. This issue however is quite complex, and depends both on the region you are in, and if it is a civil or criminal case.

In a criminal case the prosecution has a higher burden of proof and must show you to be guilty beyond a reasonable doubt, or the equivalent in countries other than the US. In a civil trial however the plaintiff only has to prove guilt on the Preponderance of the evidence (or equivalent). The RIAA for example has successfully prosecuted many people for filesharing based on nothing more than an IP address.

With some regions considering Wi-Fi owners to be liable for what is downloaded over their connection – such as the recent case in the UK where a pub owner was fined for a movie download, having an open Wi-FI network is no defense at all. In other regions network operators are not responsible for what other people do on the network, provided there is nothing incriminating on their computer or in their residence. In such a case a person may be successful in establishing the equivalent of reasonable doubt; however this is far from a sure thing.

An interesting parallel can be drawn between cordless phones and unsecured Wi-Fi networks. When cordless phones were introduced to the market there was no security, and it was easy for anyone within distance to eavesdrop on conversations. This actually went to court in the US with the judge ruling that since the owner was broadcasting over public airwaves there could be no expectation of privacy. Ten years later the situation has been completely reversed.

Rather than making it easy for innocent people to be prosecuted with vague and ambiguous “unauthorized access” legislation as a result of the ignorance and/or laziness of wireless network owners, I would much rather see some sort of computer trespassing law, putting the onus on the network owner to inform people they are not authorized.

Prosecuting people for connecting to an unsecured Wi-Fi for doing nothing more than checking their email or the news is wrong. It sets a dangerous precedent, shifting the responsibility of properly configuring their equipment onto the user who saw a Wi-Fi network advertised as available and connected accordingly.

Conclusion

Technically there should be no problem here as it is hardware and software working exactly as it was designed to do. Legally it can depend on your country and jurisdiction. Morally there is generally no issue as it has been established that most users decide to leave such networks open. While there may be some people who take unfair advantage of an unsecured wireless network, these people are the extreme, and are distinct from simple accessing the wireless network.

As noted while there are exceptions to the rule they are irrelevant to what should be the general attitude. Just as it is reasonable in society to assume it is reasonable to open a shop during business hours if the door is open, it is reasonable to assume an unprotected Wi-FI network is free to be used. Entering a shop with an open door that was actually closed should not result in being prosecuted for trespassing, just as connecting to an unsecured wireless network should not result in prosecution for theft.

It should be noted that my argument and opinion is limited to the English speaking countries and Europe. It would also apply in countries where the same AP manufactures have market dominance similar to those of the English speaking countries such as D-Link and Linksys. If there are countries where a local or niche brand is more popular, then that brand of AP may well not offer security as an explicit configuration step or enabled by default and so would be an additional exception to my argument.

Anecdotally it seems the same people who consider accessing an unsecured Wi-Fi network to be stealing are the same people with aging moral principles who don’t think the owners of a Wi-Fi network should bear any responsibility for their actions. That people should be free to setup their wireless network and anyone accessing it without permission is in the wrong. This view is incorrect for all the reasons outlined above, and yet it is unfortunately the view of the majority.

It is also worth mentioning that many APs allow for multiple SSID’s to be setup. What this means is that a secure network with encryption can be setup, as well as a deliberately unsecured network for guests to access. It is quite probably that a signficiant portion of unsecured Wi-Fi networks are deliberate making use of this functionality.

Update 1 – April 4th 2011

A Dutch court recently ruled that deliberately hacking into a WiFi AP is not a criminal offense, as they do not consider a router to be a computer. My understanding behind the courts logic is that since the router does not store personal information it should not be classed the same as a PC. Interesting, but I don’t really see how that is relevant. By intentionally breaking into a network, you now have direct access to other PC’s, can screw with the network and do all sorts of nefarious deeds. To be clear, it is still considered a civil offense so that the owners may seek damages and I would think that if the PC’s behind the network were attacked in some fashion it would be a criminal offense. It’s an interesting take and the more I think about it, the more sense it seems to make.

References

  1. http://blogs.computerworld.com/why_its_ok_to_steal_wi_fi A blog entry by Mike Egan, advocating the view that accessing unsecured Wi-Fi is not stealing.
  2. http://www.wired.com/politics/security/commentary/securitymatters/2008/01/securitymatters_0110 – Bruce Schneier advocating leaving Wi-Fi networks open for the good of society.
  3. http://news.bbc.co.uk/2/hi/6960304.stm – A BBC commentary asking if stealing Wi-FI is wrong.
  4. http://www.pcmag.com/article2/0,2817,1565274,00.asp – John Dvorak advocating the view that the owner of a Wi-FI network should bear responsibility, not the people who access it.
  5. http://www.securityfocus.com/columnists/237 – An interesting SecurityFocus article on the subject of authorization in the context of unprotected Wi-Fi
  6. http://www.wi-fi.org/news_articles.php?f=media_news&news_id=1 A Wi-Fi Alliance survey from 2006, showing that 70% of Americans enable security on their wireless devices, and 83% consider stealing wrong.
  7. http://www.sophos.com/pressoffice/news/articles/2007/11/wi-fi.html – A sophos survey from 2007, showing 54% of people see nothing wrong with accessing unsecured Wi-FI connections. As with filesharing, when legislation makes an activity the majority of the population perform illegal, it’s time to change the law.
  8. http://www.ispreview.co.uk/story/2010/01/08/usa-home-to-more-open-wireless-wifi-broadband-hotspots-than-eu-and-uk.html – According to WeFi statistics, approximately 30% of WiFi AP’s in the world are unsecured. I wonder just how many were left unsecured intentionally?
  9. http://www.smh.com.au/nsw/revealed-keneallys-transport-blueprint-20100219-olzc.html – A newspaper hacks into a site by guessing the URL. Most people would consider the onus is on the site owner to protect their content since it is a public website. Why is this position reverse so often for Wi-Fi networks, when joining an unsecured network is significantly less effort than guessing a URL?
  10. http://www.oucs.ox.ac.uk/network/wireless/services/owl/vpn/xp_sp1/select2.png – Windows XP advising that a network is unsecured. You actually have to tick a box to acknowledge this and connect anyway.
  11. http://arstechnica.com/tech-policy/news/2007/04/child-porn-case-shows-that-an-open-wifi-network-is-no-defense.ars – An Ars Technica article about a case where having an unsecured Wi-Fi network was no defense.
  12. http://www.cbsnews.com/stories/2005/07/07/tech/main707361.shtml – Man arrested for stealing Wi-Fi in St. Petersburg Florida
  13. http://arstechnica.com/tech-policy/news/2007/05/michigan-man-arrested-for-using-cafes-free-wifi-from-his-car.ars – Man arrested for using free Wi-Fi from a café in Michigan
  14. http://www.pcworld.com/article/136326/london_man_arrested_for_stealing_wifi.html – A man arrested in London for using an unsecured Wi-Fi network.
  15. http://news.bbc.co.uk/2/hi/uk_news/england/hereford/worcs/6565079.stm – Two people cautioned for accessing unsecured Wi-Fi networks.
  16. http://torrentfreak.com/victims-of-wifi-theft-not-responsible-for-illegal-uploads-080709/ – A German court ruling Wi-Fi network operators are not responsible for what other users do on their network.
  17. http://news.zdnet.co.uk/communications/0,1000000085,39909136,00.htm?tag=mncol;txt – A contrasting case in the U.K. where a pub was fined £8000 and found responsible for downloads guests made on its Wi-Fi network.
  18. http://news.zdnet.co.uk/communications/0,1000000085,40057470,00.htm?tag=mncol;txt – The UK is planning to outlaw open/unsecured Wi-Fi networks with its Digital Economy Bill.
  19. http://caselaw.lp.findlaw.com/cgi-bin/getcase.pl?court=6th&navby=case&no=950180p – A sixth circuit court ruling on the expectation of privacy for cordless phones
  20. http://www.lawtechjournal.com/articles/2009/01_091026_nowicki.pdf – A criticism of Michigans computer crime statute
  21. http://www.mcguirewoods.com/news-resources/publications/technology_business/roaming.pdf – An Article in the CRi journal, arguing that Wi-Fi roaming should be not be illegal
  22. http://www.wired.com/gadgets/wireless/news/2003/04/58651 – A Wired article on the proposed House Bill 495
  23. http://www.justice.gov/criminal/cybercrime/wiretap2510_2522.htm – Federal wiretap law from USDOJ
  24. http://economictimes.indiatimes.com/News_by_Industry/Trai_plans_to_prevent_WiFi_abuse/articleshow/3491302.cms – WiFi networks to be required to be protected in India, to prevent terrorists making use of them.
  25. http://mashable.com/2010/02/22/stolen-wifi-confusion/ – A woman calling in to Leo Laporte who had been using an unsecured wifi for over a year without realizing. Obviously ignore all of his nonsense about it being illegal and stealing.
About these ads

41 Comments »

  1. This is so insane I can’t believe that in some countries it’s could be actually illegal to use an open WiFi! These computer laws are ridiculuous! I want nothing to do with this stupid computer networking junk anymore! F**k all these stupid laws!

    Comment by me — February 28, 2010 @ 10:56 am

  2. Hi. It should be like those who dont protect their WIFI should be arrested, since they are the actual problem. It is so simple.
    I dont think people can leave their doors open and call in on insurance either???

    Comment by Bernhard Edgren — February 28, 2010 @ 11:10 am

  3. Common sense must be applied in these situations, unless you want to be a complete jerk who hides behind technical definitions when the owner’s intent should be obvious. Parking your car in a residential area to piggyback on someone’s unsecured wi-fi because you found it while wardriving is NOT okay. Chewing up your neighbor’s entire connection running torrents is NOT okay.

    Sitting down in a park and picking up the wi-fi from the apartment across the street and checking your e-mail? They just *might* be nice people who thought the park would benefit from wi-fi access.

    If the ultimate gauge of wireless security is the owner’s intentions, then there are certain scenarios where it should be obvious that the owner wasn’t intending to share with complete strangers. Please, my fellow geeks, stop trying to justify what you know to be against the wishes of the owner by saying “they should know better!”

    We know better. Let’s start acting like it.

    Comment by Kevin — February 28, 2010 @ 11:34 am

    • No.. This could precipitate ‘entrapment’. If I have a grudge with my neighbour, I could open up a wifi network, wait until my neighbour accessed it, then sue them. Entrapment is immoral.

      Analogously, it is not OK for police to put $50 on a park table, and then arrest the first guy who picks it up. That’s entrapment. Perhaps the police can open up wifi networks and go fishing for criminals? No, I think not.

      Clearly, the AP owners must be held accountable. Wake up, your argument is ridiculous.

      Comment by ad — May 6, 2010 @ 9:47 am

      • Hi ad,

        I don’t think that simply leaving an AP open could be considered entrapment in a legal sense.

        The owner of the AP would have to setup the AP with the explicit intention of getting the target to make use of it, when they knew it was illegal.

        Leaving an AP unsecured out of ignorance, or because of the irrational though process that people should not use it because it isn’t theirs could not be considered entrapment.

        Comment by allthatiswrong — May 6, 2010 @ 5:14 pm

  4. “That people should be free to setup their wireless network and anyone accessing it without permission is in the wrong”

    This is exactly the case and the arguments above are simply the personal moral justification of the author to intrude on any network that he wishes to without so much as a “by your leave”. If you have not been invited in, stay out. Networking protocols that handle the complexities of routing do not count as any sort of authorization.

    Comment by Brian — February 28, 2010 @ 11:48 am

    • I just don’t understand this reasoning.

      Lets say we have two people, Foo and Bar.

      Foo buys a brand new wireless AP, goes home and sets it up. He notes the hard to miss warnings advising about security, but doesn’t care because its easier not to.

      He set’s it up so its broadcasting, gives it a nice non default SSID to personalize it, and he is on his way.

      Along comes Bar who took a break in a park and planned to do some work on his laptop. He notices a few AP’s, one of which is apparently free.

      He has no idea of where it is coming from, and when he attempts to connect it grants him full internet access.

      By your reasoning, Foo is completely faultless and Bar should have known better. How does that make sense?

      Comment by allthatiswrong — February 28, 2010 @ 12:01 pm

    • “the arguments above are simply the personal moral justification of the author to intrude on any network that he wishes to without so much as a “by your leave”. If you have not been invited in, stay out. Networking protocols that handle the complexities of routing do not count as any sort of authorization.”

      The whole point is, you ARE invited in, and it IS authorized. The broadcasting of the SSID of an unrestricted network is an invitation. It is essentially a continuous public airwave shouting beacon announcing the presence of an open access point.

      If your computer then attempts to connect (which as the author stated many laptops and other devices will attempt automatically upon receiving such an invitation), this is the public airwave equivalent of asking “by your leave”.

      Finally, the connection can only be established succesfully if the access point doing the shouting replies in the affirmative, and then actually allows it to be established. There is nothing mythical about it, nor anything treacherous.

      The only thing that clouds the whole process is the fact that it’s fully automated. We could go back to the unlocked door analogy and make it perhaps slightly more appropriate, by adding some neon signs on the front lawn that point to the door and say “Open House This Way!”, and by adding a pressure sensor in the ground that causes the door to open when someone steps on it. Try telling the judge that you didn’t invite AND authorize anyone passing by to make use of your bathroom for a piss and a drink of water.

      Comment by Murmandamus — March 1, 2010 @ 6:08 am

    • Let me add that I think there is an assumption on the part of those who view this whole article as some kind of unwarranted moral justification. The assumption being, that in general nobody would purposefully leave their wireless access point unprotected for the benefit of others. I think that assumption is thorougly false. I think people gladly would, and in fact are, doing exactly that.

      There is a whole movement worldwide that is desperately going back to a sense of community, sharing, and “paying it forward”, because they think this change in heading is sorely needed. It seems that people with the above mentioned assumption just can’t or won’t grasp this concept. I’m afraid that this kind of mindset is as obsolete, and as much entrenched in the dogma of personal gain and special interest, as the so-called laws that are being used to criminalize such movements.

      Now for the sake of argument, let us hypothesize that the aforementioned assumption is actually true, and that we should create and enforce regulations based on that assumption. Would this not serve only to preclude, a priori, even the possibility for anyone to consider leaving his WiFi AP unprotected for the benefit of others? In fact this is what’s being considered right now in the U.K. as you can see here:

      http://news.zdnet.co.uk/communications/0,1000000085,40057470,00.htm

      We need to get to our senses, people. Who wants to live in a society that outlaws altruism? Who can claim to live in a free and just society anymore when this is where we’re all headed?

      Comment by Murmandamus — March 1, 2010 @ 1:59 pm

  5. The car theft analogy is poorly chosen, since you blame the owner for leaving the keys. Try a bicycle left in the front yard. Taking that is theft, plain and simple, both legally and morally. As it happens, I agree with you about wi-fi. I just think your argument needs bucking up in this area.

    As you can see from the bicycle comparison, it’s not the lack of locking, it’s the “here I am, take me for free sign”. In wi-fi, that’s a broadcast of the SSID (in addition to the lack of encrytion, of course). Do that and you are saying “here I am, take me for free”. Without it, you’ve got a bike sitting on the front lawn.

    Comment by Richard — February 28, 2010 @ 11:57 am

    • Hi Richard,

      I agree the bicycle example may be more accurate than the car example, however I was trying to draw a parallel of the owners responsibility and not between taking a car and using unsecured wireless.

      In that sense I think the car example holds up because it demonstrates that owners must bear responsibility for their property and that this is no different with Wi-Fi.

      Comment by allthatiswrong — February 28, 2010 @ 12:10 pm

  6. Ah.. no harm comes to the owner?

    Hmm, so if someone uses the connection for hacking or looking up underage pron then that is ok?

    Comment by cooldude — February 28, 2010 @ 12:23 pm

    • Come on now.

      I pointed out that people who do that are wrong, however they are exceptions.

      Most people just want web or email and nothing nefarious.

      Should we need a license to purchase baseball bats because a minority of people who buy them use them to murder?

      Comment by allthatiswrong — February 28, 2010 @ 12:52 pm

  7. My AP is open. It doesn’t say linksys either. I never have put security on any of my wireless routers, and believe me, I’ve been through a few wireless routers. I’ve been thinking that I might need to setup some security, but the one computer that needs the security and doesn’t need to be listened in on, always uses a VPN when it connects anyways, so it really doesn’t matter. The current router actually allows a guest zone (first one to do so here), so I may put a password on just cause, and leave the guest on 24/7. It already is. :)

    Comment by Bryan Price — February 28, 2010 @ 12:28 pm

  8. I propose an analogy to an automated lawn sprinkler which is spraying not only on the owner’s property but beyond, onto the public sidewalk/road or neighbor’s yard. Is it illegal to setup a bucket and capture this water for your own use?
    The owner clearly could have restricted the water from leaving their property.
    Is the owner liable if someone uses this water to drown someone else?

    Also, what are the criteria for legally being an ISP?

    Comment by zak — February 28, 2010 @ 4:07 pm

  9. Do you have any references to the practice being illegal in Canada? I’ve heard the opposite from a police officer. (The only case of successful prosecution of which I am aware was that of a child pornographer, and the illegal activity related to communications was that of using it to perpetrate a crime.)

    Comment by am — February 28, 2010 @ 6:11 pm

    • Hi. I’m not overly familiar with Canadian law, however I believe it is illegal under S 342.1 of the criminal code.

      Big link: http://www.canlii.org/en/ca/laws/stat/rsc-1985-c-c-46/latest/rsc-1985-c-c-46.html

      It seems to firmly place the responsibility on people accessing a wireless network to make sure they have permission.

      There was also apparently a case of a man in Ontario being prosecuted with theft of communications for accessing unsecured Wi-Fi. The only real info I could find was here:

      http://www.michaelgeist.ca/index.php?option=com_content&task=view&id=1150&Itemid=85

      Although the original news site no longer has the story and I could not find any further info on the case.

      Comment by allthatiswrong — February 28, 2010 @ 7:47 pm

      • The incident you mention involved someone being charged under section 326 of the Criminal Code of Canada (theft of telecommunications), and not section 342.1 (theft of computer resources). An earlier incident involved someone being charged under 342.1, but in that case, as far as I know, the only charges which were pursued where those related to child pornography, and not theft of computing resources. I can find no evidence of any convictions being reported in the news, for either section.

        It may be clearer in Canada that unauthorized use of network resources would constitute theft in Canada, counteracting one of your arguments.

        Both sections 342.1 & 326 reference “colour of right” where there has been no fraud or malice. Merely accessing someone’s wifi, and not performing fraud or malice, means that a conviction can occur only where there is no “colour of right”

        Colour of right means, roughly, that the person believed they had the authorization to use the resource. I’m not so sure how firmly the requirement is to have clear authorization, but I am not a lawyer.

        Comment by am — March 2, 2010 @ 7:06 am

        • Ahh. Thanks for the clarification.

          I remember reading that the man charged in Ontario was charged with legislation specific to Ontario, so it still could have been theft of resources?

          I would still say Canada is similar to the situation in Australia and some US states like Florida as there have at least been attempts to people.

          As it is a complex issue I suppose it will require more cases until it becomes clear.

          Comment by allthatiswrong — March 2, 2010 @ 12:31 pm

  10. The car, bicycle, etc., analogies are all missing the point. Using free wifi is like lingering outside a bakery because you enjoy the smells coming from within-the bakery is deprived of nothing, and you’re using something that was available to everyone within sniffing range.

    It’s one thing to intrude on a network that’s clearly intended to be secure. Even if the security is only WEP, the intent of the owner is clear-they don’t want unauthorized people on their network. That’s where the “bicycle in the front yard” analogy comes into play-it’s trivially easy to do, but clearly unauthorized.

    However, if one leaves one’s connection unsecured, it just may be they don’t mind anyone else having access. I quite deliberately leave my AP unsecured. I don’t care if someone wants to do a bit of web surfing through it, and thus far it’s never taken near enough bandwidth that I’ve actually had a problem. I live in an apartment complex, and happily logged onto a neighbor’s wifi while waiting for my own net to be hooked up. Doesn’t bother me if someone else does the same thing in turn.

    At this point, where it’s easy for even non-technical users to set up security on an AP, leaving it unsecured is tantamount to permitting anyone access. Don’t want that? Lock down your AP. (Though I’d encourage you not to anyway-the world wouldn’t be a worse place for a bit more sharing!)

    Comment by Todd — February 28, 2010 @ 6:46 pm

  11. In Australia our usage *is* metered – if you go over your download/upload limit, you might have to pay $6.00/meg!!!!!

    According to all the morality arguments here – I take it that if I am charged $1800.00 excess fees (happens here in Australia), I can pass that on to the person who felt they could use my bandwidth without bothering to check the terms and conditions….

    Comment by Erin — February 28, 2010 @ 10:27 pm

    • Hi. I know that access is metered in Australia, I made a point of mentioning that.

      It’s rare that you will have to pay money for each additional MB if you go over a quote, it is far more common that your speed will be limited instead.

      In any event, in countries like Australia where internet access does have limitations, it should be treated that much more valuably and there should be that much more motivation to protect it.

      The arguments I made above still apply.

      Comment by allthatiswrong — March 1, 2010 @ 2:25 am

  12. I am wondering where the assertion that such behaviour is illegal in Australia comes from – could someone please point out the law?

    Comment by shung yip — March 1, 2010 @ 3:53 am

    • Hi. There is no specific law against doing so(that I am aware of) in Australia, nor have any cases gone before a court to establish precedent.

      The current federal law, the Cybercrime Act 2001 refers to specifically accessing data as opposed to just accessing computers or networks. It also has a provision on intent to commit a serious offense which would exclude most cases of people just checking a few websites.

      While I would not think deliberately accessing an unsecured wireless network could be prosecuted under that act, given the idiot turns the country has taken in the last few years I would not be surprised if they twisted things so they could.

      Perhaps by saying that someone accessing an unsecured wireless network was impairing communications – which is illegal. Hooray for vague legislation.

      Comment by allthatiswrong — March 1, 2010 @ 4:54 am

  13. [...] suraj.sun writes with this excerpt from ZDNet about another troubling aspect of the UK’s much-maligned Digital Economy Bill: “The government will not exempt universities, libraries and small businesses providing open Wi-Fi services from its Digital Economy Bill copyright crackdown, according to official advice released earlier this week. This would leave many organizations open to the same penalties for copyright infringement as individual subscribers, potentially including disconnection from the internet, leading legal experts to say it will become impossible for small businesses and the like to offer Wi-Fi access. ‘This is going to be a very unfortunate measure for small businesses, particularly in a recession, many of whom are using open free Wi-Fi very effectively as a way to get the punters in. Even if they password protect, they then have two options — to pay someone like The Cloud to manage it for them, or take responsibility themselves for becoming an ISP effectively, and keep records for everyone they assign connections to, which is an impossible burden for a small cafe,’ said Lilian Edwards, professor of internet law at Sheffield University.” Relatedly, an anonymous reader passes along a post which breaks down the question of whether using unprotected Wi-Fi is stealing. [...]

    Pingback by UK Bill Would Outlaw Open Wi-Fi | JetLib News — March 1, 2010 @ 4:48 am

  14. [...] Introduction Does WEP count as unprotected? The “unlocked door” analogy Is it really stealing? Whose responsibility? There is no excuse Legal issues Conclusion References [...]

    Pingback by Is making use of unprotected Wi-Fi stealing? | The Clarksburg Post-Intelligencer — March 1, 2010 @ 6:33 am

  15. Then there’s the matter of passwords. Most of my age 40+ computer clients (and family members) hate all the passwords they have to manage. It’s difficult for them to grasp the concept that the router has a username and password and the AP has a password, let alone remember and distinguish between them both. It’s too much hassle for them to manage on their own. While I’m happy to help and remind them, something that *maybe* needs remembering every 18 months is too abstract and easily forgotten.
    I bunch this discussion with “the internet wants to be free.” It’s like a residence that lights the sidewalk: It’s a public service for the benefit of everyone (unless it’s a huge, glaring light that blinds drivers and pedestrians, then it’s a public nuisance).

    Comment by Keystone — March 1, 2010 @ 12:04 pm

    • There are ways to (learn to) manage your passwords just like there are ways to manage your keys. And the cool thing about passwords, contrary to keys, is that you don’t need them all to be different for situations that aren’t quite so critical.

      I don’t think we should base creating legislation and penalize those who make an effort to utilize their assets responsibly and for public benefit, on the premise that people are simply not capable. In my opinion, this kind of lowest-common-denominator thinking, by which we are supposedly protected against ourselves (and which then is used against us by those who seek to profit from it), has gone on long enough.

      Comment by Murmandamus — March 1, 2010 @ 2:20 pm

  16. [...] Is making use of unprotected Wi-Fi stealing? « All that is wrong with the world…. Share and [...]

    Pingback by hypertexture » Blog Archive » Is making use of unprotected Wi-Fi stealing? « All that is wrong with the world… — March 4, 2010 @ 1:12 pm

  17. Hi man!!

    Great article, even though cracking a protected wireless network is not very difficult as everybody with a basic networking knowledge can nowadays find the way to do that following simple step-by-step instructions listed on very easy online tutorials!

    That said I have just a question for you:

    What if an infringment of copyright is made with a Wireless Laptop at Wifi Hotspots??

    Comment by joe99 — March 5, 2010 @ 8:00 pm

    • Hi Joe, and thanks.

      It does depend on where you are in the world and the relevant legislation. Using the US as an example, copyright infringement is a civil issue so the burden of proof is lower. You will have seen many cases where the RIAA prosecutes people using nothing more than an IP address.

      Even so, if you run an open wireless network and are a victim of such an action you should be able to show that it was unlikely you did anything wrong, and the suit will be dropped. The reasons most of the RIAA prosecutions have been successful despite the lack of evidence is simply due to fear mongering. If you bother to make a good defense then history has shown us the suit will be dropped.

      So don’t let that worry you too much.

      Comment by allthatiswrong — March 6, 2010 @ 4:53 pm

  18. The other end of this whole spectrum.. is that once you put these laws in place, is it right to hold the owner of the connection responsible for abuse (alleged copyright infringements and such)..

    Remember, just because its secured, doesn’t mean it cannot be accessed..

    And don’t doubt for a second that cracking will become immensely more popular once unsecured networks become thin. Then what? All this crap for nothing.

    Comment by blah — March 8, 2010 @ 2:07 pm

    • The scenario you describe is quite distinct from using an unsecured Wi-Fi connection.

      If you can show that someone cracked the security of your network, then I am not familiar with the laws in any region which would hold you accountable for illegal actions performed on your network – except maybe the new UK legislation.

      Comment by allthatiswrong — March 8, 2010 @ 2:38 pm

  19. my wireless router at home overheated when i used p2p heavily for 24 hours for the next 25 days ~

    Comment by PNP Transistor : — October 30, 2010 @ 11:48 pm

  20. wireless routers are very necessary nowadays because we do not want so many wires running around the home :::

    Comment by Optocoupler — November 22, 2010 @ 1:30 am

  21. Can any one let know me that is there any on the net course for Search engine optimization, because I desire to learn more concerning Search engine marketing.

    Comment by Justina Schuch — December 4, 2011 @ 5:34 pm

  22. [...] Is making use of unprotected Wi-Fi stealing? « All that is wrong with the world… There is also the viewpoint that since the wireless AP is broadcasting onto your private property without needing any effort on your part it is not stealing. Similar to how accessing television or radio signals broadcast over public frequencies cannot be considered stealing, nor can accessing a publicly broadcasted Wi-Fi signal. I am not convinced this argument is similar enough to the Wi-Fi situation o have merit, however I find it irrelevant as accessing unsecured Wi-Fi cannot be said to be stealing as the deprivation criterion has not been met. [...]

    Pingback by temp by rustythecat - Pearltrees — December 15, 2011 @ 9:51 pm

  23. Well I definitely enjoyed studying it. This subject procured by you is very useful for good planning.

    Comment by find your power animal — January 5, 2012 @ 2:31 am

  24. There are relatively decent informative comments made through out blog.

    Comment by Internet Marketing — February 15, 2012 @ 4:20 am

  25. [...] [...]

    Pingback by What is the law where you live? — March 13, 2012 @ 10:35 pm

  26. I tend not to comment, however I browsed a bunch of responses on Is making use of unprotected Wi-Fi stealing?
    All that is wrong with the world. I actually do have a couple of
    questions for you if you do not mind. Could it be just me or does it look as
    if like a few of the remarks come across like they are written by brain dead folks? :-P And, if you are writing at additional online social sites, I would like to
    follow you. Could you list of all of all your public sites like your twitter feed,
    Facebook page or linkedin profile?

    Comment by http://www.freed2.com — December 26, 2012 @ 12:54 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 75 other followers

%d bloggers like this: