Sort of hilarious over the top article about a fellow caught using someone else's Wi-Fi network furtively: The SUV driver apparently can afford a big old car but not a DSL or cable connection, which suggests nefarious activity. He was arrested under a law for unauthorized access to a computer network, a third-degree felony. Because the fellow was a) parked outside someone's home not just using a neighbor's leaky service, b) did it at 11 pm and c) was furtive, it's possible that he was engaged in untoward activity, but neither he nor prosecutors are talking.
The problem with an arrest like this, of course, is that what is the value of the theft? 15 cents? Who is the victim--the ISP or the subscriber? It's a lot of money spent to prosecute a problem that can be dealt with by turning on security.
If someone bothers to break through WEP for a home network, well, that crosses the line for sure. But this is just a strange case. It reminds me of the wrong-way driving, pantless Canadian, early morning Wi-Fi signal thief. Except the Canadian was alleged to be viewing child pornography, clearly an evil and illegal activity contravened by strong laws in almost every country in the world, where we don't yet know what the SUV fellow was up to.
And one point of view was missing: for ISPs that don't care if you share, this isn't a crime or a problem. The monolithic ISP view is always represented by companies that think sharing is stealing. Speakeasy Networks is apparently by my research the only ISP of any scale that encourages sharing. I asked the CEO about this the other day at their pre-WiMax launch, and he confirmed it: they don't monitor, they don't care. They're selling you a pipe and you can make lemonade for the neighbors with the signal that comes out.
The arrest isn't about theft of Internet service, it's about breaking into a computer system. It doesn't matter how weak the security is, if you knowingly break into a computer system you are committing a crime.
The same holds true for homes--you don't randomly wander about door to door checking if people locked their door and wander about the homes that are unlocked. Nor should you wander about a neighborhood looking for unprotected networks and wander around in those you discover.
Admittedly, end-users should set up security. But I've only seen on manufacturer ship with security features on by default: the 2wire wireless kit that shipped with my DSL.
[Editor's note: The article doesn't say that the SUV-parked Wi-Fi user was breaking into the family's computer, just using their network, which may have been unsecured. --gf.]
". . . the SUV-parked Wi-Fi user was breaking into the family's computer, just using their network, which may have been unsecured."
No offense, Glenn, but you're missing the point.
Whether security was enabled is irrelevant. ISP policy on connection sharing is irrelevant.
If you enter my unlocked house, even if you don't take any stuff or touch anything, you're breaking the law. My laxity / naivite / stupidity doesn't exonerate you.
And that's one of the reasons MicroSoft changed its 802.11 support in XP SP2 from an automatic connect to a conscious choice by the user.
Mr. SUV driver may have been doing something completely innocent, or he may have been sending out spam. Either way, connecting to a network without permission is as illegal as "borrowing" someone's lawn mower.
[Editor's note: My question here is that is connecting to an unsecured wireless network like stealing a physical object or not? All of your examples require physical entry and remove a physical item from the property of and available use of the owner. I won't justify using unsecured networks, but I question whether felony charges make sense. In this case, the guy was acting so strangely, I expect he was using the network for a separate purpose which can be charged. We have so much law already -- shouldn't this be a civil issue? What are the damages to society for someone using another person's unsecured network for checking email? Not any. Other laws already protect against illegal activity.--gf]
I tend to agree with gf. This is different then stealing someone's lawn mower or breaking into someone's house. In my opinion it is more like the home owner placing his lawn mower out in the street, leaving it there for a week, and then being angry when it comes up missing.
The home owner is broadcasting a signal out into a public space (in this case the street) using a public frequency (2.4Ghz is an unlicensed band).
Do I feel that the bandwidth borrower is justified in his actions? No. But I do feel that the home owner is also somewhat negligent for not "putting his lawn mower away". (i.e. taking simple steps to secure his network and avoid broadcasting into public places)
Is it realy breaking in to a system ? if it is an unsecure network and it brodcasts the SSID and you say yes to conect when it pops up on you screen and the the router feeds you an I.P. how is that steeling ? the wireless is spilling in to public space and giving you the information you need to get on and access.
The breaking in and physical ystealing is not comparing the same thing.
But tell me this you roam around your house naked and step out the front door and some one takes a picture ther is not a thing leagly you can do about it. In fact most likley you'll be the one to be charged. Some one enters your house and does the same thing you have crossed a physical or in case of an open door precived line on to private property.
I feel that the person that neglected to turn on security on his router should be the one the ISP's go after not those accising it as each ISP has a different TOS that someone accising from the out side would have no Knowldge of.
Does anybody remember the days of driving around with the handset from a 46Mhz cordless home telephone and picking up a dialtone on the street and making a phone call. Both are theft of a service that the customer has the responsibity to secure just to protect themselves.
[Editor's note: Weren't laws passed specifically for that? I'd reiterate that while I don't think it's *good* behavior, using someone's open Wi-Fi network doesn't mean you're costing them money. In the days of cordless phones, people did that to make free long-distance phone calls.--gf]
Jac and especially Jeff: I think -you're- missing the point..
RE: "connecting to a network without permission is as illegal as 'borrowing' someone's lawn mower." -- I'm not sure what country's law you're consulting there, but that's clearly not true in Florida. Connecting to an open wi-fi network in a public place, a network that sends out its SSID to your adapter so that it can connect, without ever entering private property, is completely different from breaking and entering and taking a lawn mower.
RE: "If you enter my unlocked house, even if you don't take any stuff or touch anything, you're breaking the law." -- But he DIDN'T enter an unlocked house or step onto the wi-fi-provider's property. THAT's a key point that you're missing. The owner send the signal out into public space.
RE: "The arrest isn't about theft of Internet service, it's about breaking into a computer system." -- another key point missed: the person didn't -break- in as I said above.
The lawnmower comparison doesn't apply here.
Imagine this: You're at home. Your window's closed. Your neighbor's window is open. She plays a catchy tune on her stereo. You open your window to hear the song more clearly. Now imagine being arrested for opening your window.
What Smith did was akin to what you've just done -- it wasn't akin to breaking and entering.
In any case -- there are obviously many different viewpoints here. But wherever you stand, I think it's important that reporters take into account and reflect -all- the viewpoints (or at least all the widely-held viewpoints) and in this case he went hook-line-and-sinker for one extreme viewpoint, which he adopted as fact and presented as such in his coverage.
I hope it doesn't take long for this mess to be thrown out of court.
More here.
If you put a lamp in your garden, am I allowed to read by it (staying on the street :-) ?
I think Sean is missing the point entirely.
What we are talking about is a RESOURCE. This is NOT akin to a broadcast signal, where end users with a decryption tool (radio) can decipher the signal. The Wi-Fi pipe is a resource in which Smith hopped INto and SENT and RECEIVED data.
Here's a better analogy: You have an electric wire that falls onto the public sidewalk (whether accidentally or not is immaterial). Does this give anyone the right to tap into your electric wire and use your eletricity--whether or not it actually costs you anything? How about a water hose that falls onto the public sidewalk outside your home? Can anyone ethically use your water now?
Better yet: what if you dropped your wallet, stuffed with cash and credit cards and an ATM card with the password written on the back, in a public area. Does the fact that your PRIVATE resource is accessible in the PUBLIC domain make it "fair game" for anyone to use? It could be argued that no one "broke in and stole" the wallet. It was just there. When they stuck your ATM card into the ATM teller and entered the password that you stupidly make available, does this justify the act of the UNAUTHORIZED tapping into your resource (bank account)?
Of course not.
The key is: jurisdiction. Does the end-user have jurisdiction to use the resource? Whether or not the resource was accessed while the end-user is physically in public space is a ridiculous distinction. Again, the key here is that the NATURE OF THE RESOURCE: is the RESOURCE public or private? And whether or not the resource is accessible in a public or private physicality is immaterial, just as someone finding your PRIVATE wallet in a PUBLIC location does NOT suddenly deem your wallet a PUBLIC resource.
i don't think it would be illegal to use some one elses network if before the connection it didn't show any notice that "it would be illegal to connect in this open network". why would we have an open network anyway? it's not a matter of law i think. i think the user should secure his network so that no one can use it. and this way no one will be able to use the resource.
The charge is unauthorized access to a computer network a third-degree felony.
Is this to say that I may be guilty of a third-degree felony because my XP laptop sitting in my car automatically connected to an Open access point? How am I supposed to know the access point is not free? It was not Locked and it gave me and IP number.
There are lots of Free networks around, how are you supposed to know you are Not Authorized to use what appears to be an Open Publicly accessible Internet connection? The individual did not trespass on anyone’s property, he was on a public street using what looks to be a Free Public Internet Connection.
Ron wrote: "There are lots of Free networks around, how are you supposed to know you are Not Authorized to use what appears to be an Open Publicly accessible Internet connection?"
Well, THAT is the problem, and you ask THE question that should be asked by the courts.
The notion that should NOT be posited is that, simply because the connection is/was publicly accessible therefore makes that previously private resource into "public domain."
Ron's question pursues this issue in the correct arena: how to determine jurisdiction. Ron never questions whether or not such jurisdiction exists because the (ISP) connection was publicly accessible. He moves the debate forward correctly.
Yes, what this case properly brings to the fore is HOW to safeguard usage and access and the NEED TO DELINEATE JURISDICTION CLEARLY so as to remove the "confusion" (ha-ha, yeah right) about a resource's authorized usage (jurisdiction).
Again, it is ridiculous to suggest that just because you CAN do something means that you SHOULD do something (or that is should be legal). The "entitlement mentality" runs amock.
The 1990s should have taught us this: Rights do not spring from the ability to do something (we all have the ability to murder, for instance, or perjure ourselves in federal court). Rather, they eminate from RULE OF LAW. The "rightness" of a behavior is not based upon its consequences, but on RULE OF LAW.
Here's Florida State law (from Chapter 815):
815.03 (1) "Access" means to approach, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system, or computer network.
815.06 (1) Whoever willfully, knowingly, and without authorization: (a) Accesses or causes to be accessed any computer, computer system, or computer network commits an offense against computer users. (2) Whoever violates subsection (1) commits a felony of the third degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084.
lalogos: Beep, beep, beep - back the truck up. Return from that bizarre tangent. I didn't send you there.
I never addressed whether being in public or private space makes accessing a hotspot legal or illegal, right or wrong. Listen: Others suggested that Smith's action was just like going over to the neighbor's and stealing the lawnmower, or entering a stranger's house without permission. I said those comparisons were not valid because the former doesn't involve physical trespass or breaking and entering.
If someone steals a pack of gum and I say that's just like killing ten children, you can say "not at all because it's theft, not murder," -without- claiming that theft is friendly or legal.
Of course I -don't- claim that private property becomes public property just because it's in a public place. Save that wallet-in-the-street argument for Sunday school because it doesn't apply here. Ditto for the "can do, would do" argument: did you -really- think I was saying "just because you can do something, you should do it?" I don't think so. We're not in a courtroom; there's no money for you here one way or the other so why not discuss this honestly?
I'm not sure about the "entitlement mentality" you carry on about, but the "legislate and litigate first, ask questions later, innovate never" mentality's in full effect here. And it's hurting all of us.
But Ron -is- right in asking: how are you supposed to know what's free to use and what's not?
In San Francisco and Seattle at least, it's become common practice for people to assume that an open hotspot that's accessible in a public place is being shared and is OK to access. (OK meaning: legal, ethically sound, not objected to by the hotspot owner). And that's not -just- because it's a public place. It's because:
-the hotspot beams a signal into a public space that essentially says, "Hello world, I'm open for anyone to use, here's the information you neeed to use me,"
-reasonable use of the hotspot can be expected not to detract from the owner's use, and
-the owner can easily close this signal from the public (turn on WEP encryption, turn off that SSID broadcast, turn or move the hotspot so it doesn't reach the public, use a captive portal, etc. etc.)
Also, many (most?) wi-fi cards and software -automatically- connect to such open hotspots by default without asking the person to go over and ask the owner for permission. I've yet to see this message on a laptop: "warning: if you check your e-mail here you'll be arrested and your name will be associated with kiddie porn and credit card theft in your hometown newspaper."
lalagos, your final sentence terrifies me:
"The 'rightness' of a behavior is not based upon its consequences, but on RULE OF LAW."
Thankfully we're not living in Nazi Germany and many Americans realize that laws can be wrong, and that you've got it backwards: a behavior's potential consequences determine whether it's right or wrong.
New tech often brings with it overly-broad laws passed by legislators who don't yet understand what they're dealing with, but it also often brings changes in the law. Florida government may be a mess, but I'll bet we'll see such changes in the wake of this arrest.
What about the open networks that are left that way willingly by the owner? They are making an invitation to use the network, you just can't see the invitation. How do you distinguish those from the "others"?
Is it up to the manufacturers to implement some way so that someone who comes across an open network can tell if it is OK to use it?
The Florida law noted mentions without authorization. As soon as a system can be implemented that can provide authorization via a SSID notation or something, the gray area awaits.
I think what the SUV driver was doing was more analogous to leaving your hose or power line (or just an extension cord) out in the street, and someone using the water or the electricity. The analogy fails in the fact that we aren't generally charged for *bandwidth_used*, however if someone picked up my hose and sucked enough water that my shower ran dry I'd consider that worth complaining about. Similarly, even if the guy was simply downloading email, if those messages had multi-MB attachments and the homeowner's usable bandwidth was impaired, then I think there's cause to charge the "hacker" with something (whether a 3rd degree felony, I don't know - but something).
I do think it's reasonable to consider any unexpected hotspot to be private unless explicitly advertised otherwise. Just like if your neighbor leaves his or her window open and walks around naked, they are being stupid and negligent about their security but you still shouldn't watch - unless they've let you know ahead of time that it's okay. (Even then, that sounds kind of sick - but this is an analogy not a recommendation. ;)
Now, it's quite possible that someday someone will accidentally use their neighbor's wireless, e.g. if their own wireless is on the blink but they don't notice that they've connected to their neighbor's instead. Hopefully we'll all remember that they are innocent until proven guilty - but it will be a tough one to convince a jury. :(