Comments on: FAQ: Wi-Fi mooching and the law

Is it legal to use another's network without asking? Is it OK to share your own network? It's not always clear.

[amadensor]

What I do for now

Since the law specifically mentions access greater than permitted, I would say that if there is no encryption, and the SSID is broadcast, the access is permitted. There are tools to bypass both of those, but that is, in effect, like using someone else's password. This seems like a reasonable way to look at things that seems to fit with the letter and spirit of the law. It allows people to easily shut people out if they want to, but at the same time, allows them to share if they want to. This puts the access controls in the hands of the network owner. Basically, if my front door is wide open (no WPA or WEP), and I have a big sign on the front lawn saying "Open House" (broadcast SSID) I think it would be hard to charge anyone with trespass without asking them to leave first.

I concur.

Tech-saavy people have a term for this point of
view: common sense. Unfortunately, not everbody
posesses this common sense.

Seriously, if you require "intent" -- well, many
systems are configured to automatically connect
to the access point with the strongest signal
for which they can associate. You can't show any
intent if a common implementation of the client
leaves the operator blissfully unaware of the
specifics of what its doing...

Second, I would say that configuring an access
point to publicly broadcast its presence, and to
grant passers by tokens (an IP address and
authorization) to access the network constitutes
explicit authorization for access. One might
argue that because that's the default
configuration for many access points, you can't
make that case, but I would contend that
restricting access is so trivial that failing to
do should be construed as intentional.

Regardless, the prevalence of intentionally open
public access points today reinforces the
public's expectation that if they happen upon an
open access, it's safe to reason that they may
use it.

you miss the actual case law

and I'm not a lawyer, just a trivialist, but here's the deal - look to
the laws that require homeowners to fence in their pools - it's
called "Managing an Attractive Nuisance" and basically means if you
leave your pool open to the public and someone drowns, you're
responsible, so if you leave your Wi-Fi open to the public, you are
responsible for everything that happens on your network. It's
ancient case law.

[amadensor]

Good point, for Wi-Fi network owners

I see where this can be applied to the owner of the access point, but not to the guy in the parking lot using his laptop.

[declan00]

case law

Kev, thanks for your comments. But this is a nuanced area of the law and analogies like the one you made don't always work.

It's very possible for a young child to drown in a pool. Generally the availability of a free WiFi connection doesn't kill people. Otherwise Internet cafes would be out of business. Think about it.

[afbcasejr]

Wi-Fi Mooching vs. Sharing

Virtually every 802.1x router has the ability, at a minimum, to enable WEP encryption. It also has the ability to give your network a "name". Don't want anyone on your net? 1. Name your network ("KEEP_OUT_youname" might be a good network name, and indicate that it should not be used). 2. Set WEP on and create a password.

The Federal Courts in California have already decided a parallel but different issue on appeal, with "deep linking" to other websites. The decision said - if the content isn't protected, it's fair game to link to it. The same should be true of WiFi. If it's not protected, minimally by a password, it should be assumed to be open. How many networks are open, and called "Linksys"?

It's the equivalent of owning acres of property adjoining a park - if you don't post a "no trespassing" sign, someone wandering off the park boundary into your property is not trespassing.

This isn't rocket science, and the law is, in fact, clear. If the network has a generic name, no password, and no protection - it's open. So what if I'm in a parking lot at 3AM - maybe I have an urgent email to Europe and my network at home is down for some reason. Panera Bread offers a free, open network at many of its shops. It's on 24x7. If I use it in the parking lot at 3AM is that any different from using it between 8AM and 10PM - especially if the parking lot is public property?

Let's not make more laws to protect stupid people from themselves - and let's not trample our rights under the Constitution. Don't want anyone on your net? Plug the hole. Personally, I have two WiFi routers at my home - one is my "business" router and it's named and WEP encrypted. The other is named - but open. Go ahead and use the open one, as long as I leave it that way.

Al Case
CEO
Stamford Research, LLC

[sotoma]

Stupid is as stupid does

Too many owner of wireless devices are irresponsible with the technology. When something like this happens, a stupid person wants to blame someone else. Users should read the directions, ask questions and then apply the technology appropriately. I won't buy any excuse because there are too many easy ways to keep unwanted visitors off a wireless LAN. If I come across an unsecured wireless LAN I would absolutely use the bandwidth and assume the owner wanted it that way, he/she read the manuals and understands the risks associated with an unsecure wireless LAN. Shame on the owner of that wireless LAN and in my opinion he's exposed himself as the national poster child to not be "that guy" who doesn't know or care to know about being responsible with technology.

Stupid is as stupid does.

[burgher]

Not everyone is as smart as you...

How many times have you read the fine print of the license
agreement that pops up on the application you are installing?
I'm guessing next to zero...

From an ethical standpoint using someone else's access point is
theft. I baked an apple pie, and set it into my window to cool.
It's sitting in an open window so I must have meant it to be
eaten by whoever wants it. At least that's the argument you are
making.

If it's not yours ask the PERSON that owns it for permission
before you use it. I I want to use my neighbor's unsecured
wireless network, I'll ask them before I do. Unfortunately in
today's world...common sense and common descency aren't
common anymore.

I don't know why I'm still constantly amazed at how difficult it is
for people and the law to keep up with technology (actually I do,
it's more wishful thinking on my part). When you look at the
intent of the action it becomes clear that it's illegal. e.g. Is it
illegal for someone to splice the cable running into my house to
obtain free cable...you bet. It's the same thing here, the only
thing that's different is the physical act, the intent is the same.

When using a wireless hotspot, you are doing so with the
consent of the host, assuming you agree to abide by certain
rules (license agreement/terms of service).

Maybe someday people will wake up and realize there is very
little new legal ground to cover especially when you look at
intent as opposed to physicla means (techies should understand
this as MVC). I'm often reminded of the quote, "there is nothing
new under the sun." It's true when you look beyond the view
and get to the real heart of the matter.

[201293546946733175101343322673]

Why Blame the Device?

We should blame the people who use or misuse those devices, right? :)

[steven.randolph]

Problem and Solution

The Real Problem is that virtually all Wi-Fi access points have been sold unsecured by default, so far. And even though I, and other people who are likely to read this article, have no particular problem setting up the security, the vast majority of home users haven't got a clue. The manufacturers need to supply access points that are secure by default, and simplified procedures for configuring the security. I understand that they're already working on this. Of course, people should be able to turn off the security if they want.

[burgher]

Definitely

I completely agree. If the router out of the box is set to a secure
state, it requires willful intent to make it less secure. It kind of
reminds me of the passenger side airbags and child seats stuff a
few years back. "sure you can disable those safety features, but
here are the consequences of those actions (both good and
bad)." Righ now John Q. Public doesn't have a clue, and given
our culture...(if there isn't a warning label in 300pt blinking red
fonts, it must be ok)...selling it in a less secure state (i.e. no WEP
or WPA enabled by default) means that people will think that it's
ok and playing with them funny settings is for them smart
computer geeks.

I agree

... but then wont you have those same people returning thier new boxes saying that it doesnt work right because thay cant connect... the problem here is education... no matter what, if people dont know what they are doing, then they run the risk of doing damage...

[OneWithTech]

Wifi Hotspot vs. Personal Hotspot

Imaging this:
You know that a password of some sort can be used to keep
intruders off of you wireless network.

Then:
Some pedafile uses your wireless network for child porn and the
police are knocking on your door.

Are you at fault:
I think so...if you are willingly allowing someone to do what they
want with there network.

The moral of the story:
Unless your a Starbuck or use a Corporate Wifi Access point,
lock your wifi up. Be Safe!

-Justin

If the law worked like that...

... Starbucks wouldn't have access points, nor
would companies have them. The logic is the quite
similar as that of phone activity (fax spamming,
fraud, extortion) -- the phone company is simply
the medium, not an active accomplice. Luckily,
the criminal is still responsible for the
criminal activity.

As for the view that it's theft, under US law it
clearly doesn't qualify. To be theft, it would
need to be trespassory (which it could be),
involve actually taking (removal from it's
location; doesn't qualify) a tangible object
(wifi isn't) belonging to another (radio waves
cannot be owned) with the intent (hard to show
for open APs) of permanently depriving the owner
of it (accessing wifi doesn't permanently
depriving anyone of anything).

For the few states that have the concept in state
law, "theft of chattels" probably would apply
either. "Theft of services" wouldn't apply either
since a) the service was given away and b) the
person providing the service was not providing it
as a commercial activity or with expectation of
payment.

[201293546946733175101343322673]

Now I see Seven WI-Fi Connections

And three are not encrypted. I see no reason to use their Wi-Fi unless their connecitons are faster than mine :)

[Below Meigh]

weeeee

Yes. They are not smart enough to close the door to the kitchen with all the food on the table, so its ok to grab some?
Or is it that they are playing music, that you like, and thus can listen to it...for free.
Tough line huh.
(my nephew plays xbox live...kicks my butt too, and doesn't have a modem. Just picks up free signal from his bedroom and uses it. lucky and free. But for how long? and is that illegal?)

[macemoneta]

Google

When you access Google (i.e., connect to Google's network and computers), you don't have to get permission first. Why not? Because the default state of the Internet is open. That is, if someone doesn't want you to access something, they must actively prevent you from doing so (with a login, as CNET requires for posting comments).

Leaving your WiFi access point without a password causes it to broadcast its SSID and an open invitation. Many laptops with WiFi are configured to automatically connect to such an access point.

I'm quite certain that any new laws on this subject will (unintentionally, of course) make use if the Internet illegal. It will simply become the "just cause" to arrest anyone using the net at the whim of local authorities, who then get to confiscate equipent, search your home, etc. <sigh>

[FonMyLawyer]

Google Fon Home?

Google, mucho moral relativist, are pushing the e-nvelope with fon.com. Giving complete strangers access to your "secure" wireless network... oft in violation of ISP contracts.

First gmail seek to undermine constitutional privacy and now fon ... well you'll see

[K12MacTech]

Terminology

Wifi and 802.1x are not terms that can be used interchangeably
as you infer. Wifi is a general term encompassing many aspects
of the 802.11 wireless networking standard. 802.1x is a subset
of that and involves the issue that is truly the heart of this
discussion - if a user configures 802.1x, they will not have any
unathorized access that they are not explicitly allowing. On the
other hand, I have a WiFi access point at home that cannot use
802.1x. The best I can do is create a closed network, and use
WEP to require a password.

It is all too common in tech reporting that facts are mistated,
especially when it comes to terms, acronyms, standards and
other industry buzzwords. Please research next time.
http://searchmobilecomputing.techtarget.com/sDefinition/
0,,sid40_gci838865,00.html
http://searchmobilecomputing.techtarget.com/sDefinition/
0,,sid40_gci787174,00.html

802.1x

I believe the reporter intended to say 802.11x, not referring to a particular standard, but using x as a variable, where x in {a|b|g}.

That doesn't make up for the fact that his editor blew it.

[Below Meigh]

Watch then sue Verizon DSL...

Verizon DSL can be sold with a WiFi Modem (Westell 327W). This model has wireless ON by default. Almost all subscribers (except net-saavy) will not know to call Verizon support to walk through and not only set a PWD for the router/modem, but to disable the wireless option that they may not need/use. Its a free ride for anyone within 800'-1000'.
And I know this as I was joking with a Verizon tech and I asked her if she could send a note to the upper mgmt about this being on by default, she agreed but said that "they would rather (user) call tech support and learn to disable it..." Um, but these subscribers don't even know its on! Or that its insecure!
This could allow anyone to ride the connection (they don't even need to attempt hacking into the user's PC...just surf for free...). So beware...

[volterwd]

800'?

who you kidding... theoretical ranges are way off actual

[JCardoza81]

Water fountain on the sidewalk?

How about this for an analogy:
Someone puts a drinking fountain on a public sidewalk.

Yes it cost them money to put it there.

Yes it belongs to them.

Yes it's rude to fill up your swimming pool with their water fountain.

No it's not illegal to drink from it.

They may very well have intended for it to be for their own personal use. But to put someone in jail for 1 to 3 years for drinking from it???? Put a lock on it! Excessive use of other people's WiFi is rude, don't play Xbox on it or watch movies all the time. But if you have a problem with other people using your Internet don't broadcast it to the neighborhood without at least a password!

[mobiman]

If it is illegal, then Jail the accessory.... Microsoft

If a user has win XP, and has the default connect to wireless network automatically,
then the OS is telling him that a new 'default' network is accessible, and all information he will share is open and unsecured.....

and the default is to click ok....

doesn't that make MS an accessory before the fact?

[volterwd]

Yeah because the user doesnt

really know that they are getting this from somewhere...

the real problem is the lax default security... it should come with at least a pw

Keep your stinking hotspot off my property!!!

The scenario of someone SEEKING the connection is one thing, and this case will be a bellweather for that, but .... what about my neighbor's unsecured wireless being accessible to me from within my own property?

[volterwd]

How does that interfere

with use of said property?

dumb&dumber

they should have the wifi router company put a disclaimer on the box for knuckleheads, you know like the one on my hair dryer that says "DO NOT USE IN THE SHOWER". actually they should take that one off the hair dryer, it thins out the herd.

I also disagree

You forgot to mention the fact that the pie man has sent out invitations all over the neighborhood, inviting people over for pie!!!
Regardless of whether he intends this, or whether it is legal for him to do this (ISP rules) he as the net admin is responsible for his net... not the client.

[AiRDawG]

PIE!

Your pie analogy is somewhat flawed.

If you were throwing the pie out into the streets and at your neighbors houses, anything that landed off your property would be considered fair game, and in the case of your neighbors, may even be considered intrusive. If you throw the pie out into the street, then go out and actively protect the pie peices from anyone who tries to take some, then you may have a case for "this is mine and you have no right to it". But If you're freely distributing delicious apple pie and no effort is made to claim it as your own and that you do not wish for anyone to have it, I say too bad for you. You should have heeded the pie baker's manual and put up the "No free pie" signs in your yard. You know, the signs that were included with the pie shell and ingredients? That's how pie is these days. Many pies even come with a button on them that puts the "no free pie" signs up for you.

Until I see signs telling me not to grab the free pie all over the road, I'm gonna eat to my hearts content, and if I'm ever punished for taking public domain, then down with the system.

[apmcevoy]

PIE!

MMMMMM PIE!

[FonMyLawyer]

google fon home?

Google, mucho moral relativists, are pushing the e-nvelope with fon.com: Giving complete strangers access to your "secure" wireless network... oft in violation of ISP contracts.

gmail erodes constitutional privacy protection and now fon ... well you'll see

[ʜäcĸchen]

open signals

I believe in free wireless access personally ,yet for the people that do not . I believe that if you dont wish to have your router accessed that you should have some form of encrytion on it.

throw people in jail for a year for accessing a left open router ? come on I think people are getting just a little petty with things here.

plain and simple and to the point if you dont want your router accessed encrypt it. Then if someone breaches the encryption and it can be proven sure I believe that is a crime commited, but for someones ignorance or lack of technical expertise in setting up something that a child in grade school can do is really petty.

[JKStraw77]

Auto connect features can cause problems. In my apt. complex there are literally 30 -40 accounts that my routers picks up, many unlocked. I attempt to keep my MacBook Pro from connecting to any of these by disabling the "automatically connect to available networks" by checking the box "ask before joining network". However, this does not always seem to work>?> I fear many are luring those unaware of the hackers who leave their networks unsecure so that they can access the computer users who connect to their networks. How would this play out legally I wonder? If you unknowingly are connected to another persons network and they then use your computer as a host to attempt to hack, for instance, the pentagons network, or use your computer, along with others who have willing joined, to bombard a website causing it to crash - they'd have your IP address, right? Who would be at fault in this instance? There sure seems to be quite a few legal precedents that have yet to be established and quite confusing.