Email Delivery

Receive new posts as email.

Email address

Syndicate this site

RSS | Atom


About This Site
Contact Us
Privacy Policy


November 2010
Sun Mon Tues Wed Thurs Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        

Stories by Category

Basics :: Basics
Casting :: Casting Listen In Podcasts Videocasts
Culture :: Culture Hacking
Deals :: Deals
Future :: Future
Hardware :: Hardware Adapters Appliances Chips Consumer Electronics Gaming Home Entertainment Music Photography Video Gadgets Mesh Monitoring and Testing PDAs Phones Smartphones
Industry :: Industry Conferences Financial Free Health Legal Research Vendor analysis
International :: International
Media :: Media Locally cached Streaming
Metro-Scale Networks :: Metro-Scale Networks Community Networking Municipal
Network Types :: Network Types Broadband Wireless Cellular 2.5G and 3G 4G Power Line Satellite
News :: News Mainstream Media
Politics :: Politics Regulation Sock Puppets
Schedules :: Schedules
Security :: Security 802.1X
Site Specific :: Site Specific Administrative Detail April Fool's Blogging Book review Cluelessness Guest Commentary History Humor Self-Promotion Unique Wee-Fi Who's Hot Today?
Software :: Software Open Source
Spectrum :: Spectrum 60 GHz
Standards :: Standards 802.11a 802.11ac 802.11ad 802.11e 802.11g 802.11n 802.20 Bluetooth MIMO UWB WiGig WiMAX ZigBee
Transportation and Lodging :: Transportation and Lodging Air Travel Aquatic Commuting Hotels Rails
Unclassified :: Unclassified
Vertical Markets :: Vertical Markets Academia Enterprise WLAN Switches Home Hot Spot Aggregators Hot Spot Advertising Road Warrior Roaming Libraries Location Medical Public Safety Residential Rural SOHO Small-Medium Sized Business Universities Utilities wISP
Voice :: Voice


November 2010 | October 2010 | September 2010 | August 2010 | July 2010 | June 2010 | May 2010 | April 2010 | March 2010 | February 2010 | January 2010 | December 2009 | November 2009 | October 2009 | September 2009 | August 2009 | July 2009 | June 2009 | May 2009 | April 2009 | March 2009 | February 2009 | January 2009 | December 2008 | November 2008 | October 2008 | September 2008 | August 2008 | July 2008 | June 2008 | May 2008 | April 2008 | March 2008 | February 2008 | January 2008 | December 2007 | November 2007 | October 2007 | September 2007 | August 2007 | July 2007 | June 2007 | May 2007 | April 2007 | March 2007 | February 2007 | January 2007 | December 2006 | November 2006 | October 2006 | September 2006 | August 2006 | July 2006 | June 2006 | May 2006 | April 2006 | March 2006 | February 2006 | January 2006 | December 2005 | November 2005 | October 2005 | September 2005 | August 2005 | July 2005 | June 2005 | May 2005 | April 2005 | March 2005 | February 2005 | January 2005 | December 2004 | November 2004 | October 2004 | September 2004 | August 2004 | July 2004 | June 2004 | May 2004 | April 2004 | March 2004 | February 2004 | January 2004 | December 2003 | November 2003 | October 2003 | September 2003 | August 2003 | July 2003 | June 2003 | May 2003 | April 2003 | March 2003 | February 2003 | January 2003 | December 2002 | November 2002 | October 2002 | September 2002 | August 2002 | July 2002 | June 2002 | May 2002 | April 2002 | March 2002 | February 2002 | January 2002 | December 2001 | November 2001 | October 2001 | September 2001 | August 2001 | July 2001 | June 2001 | May 2001 | April 2001 |

Recent Entries

In-Flight Wi-Fi and In-Flight Bombs
Can WPA Protect against Firesheep on Same Network?
Southwest Sets In-Flight Wi-Fi at $5
Eye-Fi Adds a View for Web Access
Firesheep Makes Sidejacking Easy
Wi-Fi Direct Certification Starts
Decaf on the Starbucks Digital Network
Google Did Snag Passwords
WiMax and LTE Not Technically 4G by ITU Standards
AT&T Wi-Fi Connections Keep High Growth with Free Service

Site Philosophy

This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator. Part of the FM Tech advertising network.


Entire site and all contents except otherwise noted © Copyright 2001-2010 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.

Powered by
Movable Type

« T-Mobile USA May Be Sold: Whither Its Hotspots? | Main | Who's Hot Today? Oakland, Calif.; Mesquite, Texas »

July 4, 2005

Yikes, That Guy Might Be Using Your Wi-Fi!

Sort of hilarious over the top article about a fellow caught using someone else's Wi-Fi network furtively: The SUV driver apparently can afford a big old car but not a DSL or cable connection, which suggests nefarious activity. He was arrested under a law for unauthorized access to a computer network, a third-degree felony. Because the fellow was a) parked outside someone's home not just using a neighbor's leaky service, b) did it at 11 pm and c) was furtive, it's possible that he was engaged in untoward activity, but neither he nor prosecutors are talking.

The problem with an arrest like this, of course, is that what is the value of the theft? 15 cents? Who is the victim--the ISP or the subscriber? It's a lot of money spent to prosecute a problem that can be dealt with by turning on security.

If someone bothers to break through WEP for a home network, well, that crosses the line for sure. But this is just a strange case. It reminds me of the wrong-way driving, pantless Canadian, early morning Wi-Fi signal thief. Except the Canadian was alleged to be viewing child pornography, clearly an evil and illegal activity contravened by strong laws in almost every country in the world, where we don't yet know what the SUV fellow was up to.

And one point of view was missing: for ISPs that don't care if you share, this isn't a crime or a problem. The monolithic ISP view is always represented by companies that think sharing is stealing. Speakeasy Networks is apparently by my research the only ISP of any scale that encourages sharing. I asked the CEO about this the other day at their pre-WiMax launch, and he confirmed it: they don't monitor, they don't care. They're selling you a pipe and you can make lemonade for the neighbors with the signal that comes out.


The arrest isn't about theft of Internet service, it's about breaking into a computer system. It doesn't matter how weak the security is, if you knowingly break into a computer system you are committing a crime.

The same holds true for homes--you don't randomly wander about door to door checking if people locked their door and wander about the homes that are unlocked. Nor should you wander about a neighborhood looking for unprotected networks and wander around in those you discover.

Admittedly, end-users should set up security. But I've only seen on manufacturer ship with security features on by default: the 2wire wireless kit that shipped with my DSL.

[Editor's note: The article doesn't say that the SUV-parked Wi-Fi user was breaking into the family's computer, just using their network, which may have been unsecured. --gf.]

". . . the SUV-parked Wi-Fi user was breaking into the family's computer, just using their network, which may have been unsecured."

No offense, Glenn, but you're missing the point.

Whether security was enabled is irrelevant. ISP policy on connection sharing is irrelevant.

If you enter my unlocked house, even if you don't take any stuff or touch anything, you're breaking the law. My laxity / naivite / stupidity doesn't exonerate you.

And that's one of the reasons MicroSoft changed its 802.11 support in XP SP2 from an automatic connect to a conscious choice by the user.

Mr. SUV driver may have been doing something completely innocent, or he may have been sending out spam. Either way, connecting to a network without permission is as illegal as "borrowing" someone's lawn mower.

[Editor's note: My question here is that is connecting to an unsecured wireless network like stealing a physical object or not? All of your examples require physical entry and remove a physical item from the property of and available use of the owner. I won't justify using unsecured networks, but I question whether felony charges make sense. In this case, the guy was acting so strangely, I expect he was using the network for a separate purpose which can be charged. We have so much law already -- shouldn't this be a civil issue? What are the damages to society for someone using another person's unsecured network for checking email? Not any. Other laws already protect against illegal activity.--gf]

I tend to agree with gf. This is different then stealing someone's lawn mower or breaking into someone's house. In my opinion it is more like the home owner placing his lawn mower out in the street, leaving it there for a week, and then being angry when it comes up missing.

The home owner is broadcasting a signal out into a public space (in this case the street) using a public frequency (2.4Ghz is an unlicensed band).

Do I feel that the bandwidth borrower is justified in his actions? No. But I do feel that the home owner is also somewhat negligent for not "putting his lawn mower away". (i.e. taking simple steps to secure his network and avoid broadcasting into public places)

Is it realy breaking in to a system ? if it is an unsecure network and it brodcasts the SSID and you say yes to conect when it pops up on you screen and the the router feeds you an I.P. how is that steeling ? the wireless is spilling in to public space and giving you the information you need to get on and access.

The breaking in and physical ystealing is not comparing the same thing.

But tell me this you roam around your house naked and step out the front door and some one takes a picture ther is not a thing leagly you can do about it. In fact most likley you'll be the one to be charged. Some one enters your house and does the same thing you have crossed a physical or in case of an open door precived line on to private property.

I feel that the person that neglected to turn on security on his router should be the one the ISP's go after not those accising it as each ISP has a different TOS that someone accising from the out side would have no Knowldge of.

Does anybody remember the days of driving around with the handset from a 46Mhz cordless home telephone and picking up a dialtone on the street and making a phone call. Both are theft of a service that the customer has the responsibity to secure just to protect themselves.

[Editor's note: Weren't laws passed specifically for that? I'd reiterate that while I don't think it's *good* behavior, using someone's open Wi-Fi network doesn't mean you're costing them money. In the days of cordless phones, people did that to make free long-distance phone calls.--gf]

Jac and especially Jeff: I think -you're- missing the point..

RE: "connecting to a network without permission is as illegal as 'borrowing' someone's lawn mower." -- I'm not sure what country's law you're consulting there, but that's clearly not true in Florida. Connecting to an open wi-fi network in a public place, a network that sends out its SSID to your adapter so that it can connect, without ever entering private property, is completely different from breaking and entering and taking a lawn mower.

RE: "If you enter my unlocked house, even if you don't take any stuff or touch anything, you're breaking the law." -- But he DIDN'T enter an unlocked house or step onto the wi-fi-provider's property. THAT's a key point that you're missing. The owner send the signal out into public space.

RE: "The arrest isn't about theft of Internet service, it's about breaking into a computer system." -- another key point missed: the person didn't -break- in as I said above.

The lawnmower comparison doesn't apply here.

Imagine this: You're at home. Your window's closed. Your neighbor's window is open. She plays a catchy tune on her stereo. You open your window to hear the song more clearly. Now imagine being arrested for opening your window.

What Smith did was akin to what you've just done -- it wasn't akin to breaking and entering.

In any case -- there are obviously many different viewpoints here. But wherever you stand, I think it's important that reporters take into account and reflect -all- the viewpoints (or at least all the widely-held viewpoints) and in this case he went hook-line-and-sinker for one extreme viewpoint, which he adopted as fact and presented as such in his coverage.

I hope it doesn't take long for this mess to be thrown out of court.

More here.

If you put a lamp in your garden, am I allowed to read by it (staying on the street :-) ?

I think Sean is missing the point entirely.

What we are talking about is a RESOURCE. This is NOT akin to a broadcast signal, where end users with a decryption tool (radio) can decipher the signal. The Wi-Fi pipe is a resource in which Smith hopped INto and SENT and RECEIVED data.

Here's a better analogy: You have an electric wire that falls onto the public sidewalk (whether accidentally or not is immaterial). Does this give anyone the right to tap into your electric wire and use your eletricity--whether or not it actually costs you anything? How about a water hose that falls onto the public sidewalk outside your home? Can anyone ethically use your water now?

Better yet: what if you dropped your wallet, stuffed with cash and credit cards and an ATM card with the password written on the back, in a public area. Does the fact that your PRIVATE resource is accessible in the PUBLIC domain make it "fair game" for anyone to use? It could be argued that no one "broke in and stole" the wallet. It was just there. When they stuck your ATM card into the ATM teller and entered the password that you stupidly make available, does this justify the act of the UNAUTHORIZED tapping into your resource (bank account)?

Of course not.

The key is: jurisdiction. Does the end-user have jurisdiction to use the resource? Whether or not the resource was accessed while the end-user is physically in public space is a ridiculous distinction. Again, the key here is that the NATURE OF THE RESOURCE: is the RESOURCE public or private? And whether or not the resource is accessible in a public or private physicality is immaterial, just as someone finding your PRIVATE wallet in a PUBLIC location does NOT suddenly deem your wallet a PUBLIC resource.

i don't think it would be illegal to use some one elses network if before the connection it didn't show any notice that "it would be illegal to connect in this open network". why would we have an open network anyway? it's not a matter of law i think. i think the user should secure his network so that no one can use it. and this way no one will be able to use the resource.

The charge is unauthorized access to a computer network a third-degree felony.

Is this to say that I may be guilty of a third-degree felony because my XP laptop sitting in my car automatically connected to an Open access point? How am I supposed to know the access point is not free? It was not Locked and it gave me and IP number.

There are lots of Free networks around, how are you supposed to know you are Not Authorized to use what appears to be an Open Publicly accessible Internet connection? The individual did not trespass on anyone’s property, he was on a public street using what looks to be a Free Public Internet Connection.

Ron wrote: "There are lots of Free networks around, how are you supposed to know you are Not Authorized to use what appears to be an Open Publicly accessible Internet connection?"

Well, THAT is the problem, and you ask THE question that should be asked by the courts.

The notion that should NOT be posited is that, simply because the connection is/was publicly accessible therefore makes that previously private resource into "public domain."

Ron's question pursues this issue in the correct arena: how to determine jurisdiction. Ron never questions whether or not such jurisdiction exists because the (ISP) connection was publicly accessible. He moves the debate forward correctly.

Yes, what this case properly brings to the fore is HOW to safeguard usage and access and the NEED TO DELINEATE JURISDICTION CLEARLY so as to remove the "confusion" (ha-ha, yeah right) about a resource's authorized usage (jurisdiction).

Again, it is ridiculous to suggest that just because you CAN do something means that you SHOULD do something (or that is should be legal). The "entitlement mentality" runs amock.

The 1990s should have taught us this: Rights do not spring from the ability to do something (we all have the ability to murder, for instance, or perjure ourselves in federal court). Rather, they eminate from RULE OF LAW. The "rightness" of a behavior is not based upon its consequences, but on RULE OF LAW.

Here's Florida State law (from Chapter 815):

815.03 (1) "Access" means to approach, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system, or computer network.

815.06 (1) Whoever willfully, knowingly, and without authorization: (a) Accesses or causes to be accessed any computer, computer system, or computer network commits an offense against computer users. (2) Whoever violates subsection (1) commits a felony of the third degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084.

lalogos: Beep, beep, beep - back the truck up. Return from that bizarre tangent. I didn't send you there.

I never addressed whether being in public or private space makes accessing a hotspot legal or illegal, right or wrong. Listen: Others suggested that Smith's action was just like going over to the neighbor's and stealing the lawnmower, or entering a stranger's house without permission. I said those comparisons were not valid because the former doesn't involve physical trespass or breaking and entering.

If someone steals a pack of gum and I say that's just like killing ten children, you can say "not at all because it's theft, not murder," -without- claiming that theft is friendly or legal.

Of course I -don't- claim that private property becomes public property just because it's in a public place. Save that wallet-in-the-street argument for Sunday school because it doesn't apply here. Ditto for the "can do, would do" argument: did you -really- think I was saying "just because you can do something, you should do it?" I don't think so. We're not in a courtroom; there's no money for you here one way or the other so why not discuss this honestly?

I'm not sure about the "entitlement mentality" you carry on about, but the "legislate and litigate first, ask questions later, innovate never" mentality's in full effect here. And it's hurting all of us.

But Ron -is- right in asking: how are you supposed to know what's free to use and what's not?

In San Francisco and Seattle at least, it's become common practice for people to assume that an open hotspot that's accessible in a public place is being shared and is OK to access. (OK meaning: legal, ethically sound, not objected to by the hotspot owner). And that's not -just- because it's a public place. It's because:
-the hotspot beams a signal into a public space that essentially says, "Hello world, I'm open for anyone to use, here's the information you neeed to use me,"
-reasonable use of the hotspot can be expected not to detract from the owner's use, and
-the owner can easily close this signal from the public (turn on WEP encryption, turn off that SSID broadcast, turn or move the hotspot so it doesn't reach the public, use a captive portal, etc. etc.)

Also, many (most?) wi-fi cards and software -automatically- connect to such open hotspots by default without asking the person to go over and ask the owner for permission. I've yet to see this message on a laptop: "warning: if you check your e-mail here you'll be arrested and your name will be associated with kiddie porn and credit card theft in your hometown newspaper."

lalagos, your final sentence terrifies me:

"The 'rightness' of a behavior is not based upon its consequences, but on RULE OF LAW."

Thankfully we're not living in Nazi Germany and many Americans realize that laws can be wrong, and that you've got it backwards: a behavior's potential consequences determine whether it's right or wrong.

New tech often brings with it overly-broad laws passed by legislators who don't yet understand what they're dealing with, but it also often brings changes in the law. Florida government may be a mess, but I'll bet we'll see such changes in the wake of this arrest.

What about the open networks that are left that way willingly by the owner? They are making an invitation to use the network, you just can't see the invitation. How do you distinguish those from the "others"?

Is it up to the manufacturers to implement some way so that someone who comes across an open network can tell if it is OK to use it?

The Florida law noted mentions without authorization. As soon as a system can be implemented that can provide authorization via a SSID notation or something, the gray area awaits.

I think what the SUV driver was doing was more analogous to leaving your hose or power line (or just an extension cord) out in the street, and someone using the water or the electricity. The analogy fails in the fact that we aren't generally charged for *bandwidth_used*, however if someone picked up my hose and sucked enough water that my shower ran dry I'd consider that worth complaining about. Similarly, even if the guy was simply downloading email, if those messages had multi-MB attachments and the homeowner's usable bandwidth was impaired, then I think there's cause to charge the "hacker" with something (whether a 3rd degree felony, I don't know - but something).

I do think it's reasonable to consider any unexpected hotspot to be private unless explicitly advertised otherwise. Just like if your neighbor leaves his or her window open and walks around naked, they are being stupid and negligent about their security but you still shouldn't watch - unless they've let you know ahead of time that it's okay. (Even then, that sounds kind of sick - but this is an analogy not a recommendation. ;)

Now, it's quite possible that someday someone will accidentally use their neighbor's wireless, e.g. if their own wireless is on the blink but they don't notice that they've connected to their neighbor's instead. Hopefully we'll all remember that they are innocent until proven guilty - but it will be a tough one to convince a jury. :(