This forum is in permanent archive mode. Our new active community can be found here.

The Arrests Over Free Wifi Usage.

edited May 2007 in Technology
I read this story on Digg, but most of their comments tend to be garbage. I wanted to hear what you guys think about it.
arstechnica.com/news.ars/post/20070522-michigan-man-arrested-for-using-cafes-free-wifi-from-his-car.html
I think the case about the guy who was arrested for using the wifi of the public library from his car is ridiculous. I mean sure businesses who offer free wifi usage for customers have more reasonable reasons for not wanting people to piggyback.  There has to be more definitive lines drawn. I mean, when these laws become more commonly known,  can a police officer have probably cause to search your car if you are sitting on your laptop in your car? Sure, if i were using the free wifi I wouldn't admit it. I say I was working on a paper or something that doesn't need the internet. Most of this just seems dumb.
«1

Comments

  • edited May 2007
    The whole thing is ridiculous. When you access the network you request to see if it is encrypted. You computer goes "Hello, can I get on?" and if the network has no encryption it's basically saying "Sure, come right on in!" I believe this is similar to the Admin giving permission for use of his system. If people don't want others piggybacking off their bandwidth, they shouldn't broadcast an unencrypted signal. If an officer asks me if I am using free wifi I will say "Fuck yeah man, the idiot didn't encrypt his network." If companies don't want people who don't buy anything from their store to not have access, they should encrypt it and give consumers the key on their receipt or something like that.

    The problem is that the Justice system has little to no knowledge about how this stuff works, so they attempt to legislate while remaining ignorant to the issue. This kinda makes me to want to go with Rym's idea and become some sort of technology lawyer to help clients who get screwed by idiotic legislation.
    Post edited by Andrew on
  • edited May 2007
    Ya, how is it ok to use a unencrypted home network and not ok to use a unencrypted network at a library or cafe? I don't get it. Or was home networks also not ok now? It is too much gray area.
    Since current law is against free wifi usage for some reason, I would make something up just to avoid any further complication. I do think it is dumb. I do agree that if they don't want random people using their wireless network then encrypt it and if it isn't it's their own fault.
    Post edited by mkg12 on
  • I've been known to have a lenient attitude toward "sharing" resources, but WiP and mkg12, I think your argument is too close to the "stealing is okay because it's easy" rationale. Does that mean that you can justify stealing jewelry from a window display case just because the glass is too easy to shatter? I don't know, that's pretty shaky ground.

    The one problem that I see with the public library example is that it is a public library. If they chose to make their resources public -- whether they are books or wifi -- then I don't see any way they can complain about usage.
  • Well the counter argument can also be made that, just because someone leaves their door wide open and unlock, doesn't make it okay for someone to just waltz right in and do as they please. There are laws that keep people from doing that. Granted WiFi is hardly physical property, so until written law catches up to technology we're going to see more stupid cases like these.
  • I don't find these unlocked houses and jewelry stealing examples to be good comparisons. I find the ideas to be fundamentaly different.
  • I've been known to have a lenient attitude toward "sharing" resources, but WiP and mkg12, I think your argument is too close to the "stealing is okay because it's easy" rationale.
    How would using their Wifi hinder their usage? The difference is that you are not taking it away from them so they can't use it--you can both use it. And, to mirror what they said, if they don't want anyone else to use it, then they should encrypt it. It's like if I went to a place and there was a sheet of paper everyone had to sign, and I had the only pen. I would sign, then leave the pen on the table so that everyone else can sign too. Allowing them to use my pen does not hinder my use of the pen, unless someone should put the pen in their pocket. In other words, the difference between using someone else's Wifi signal versus going into their home and stealing their router.
  • Here is the issue, when you connect to a router via DHCP the client (you) requests an IP address to connect to the private network under the router, which then goes to the internet. So, you cannot connect to the internet unless the router GIVES you an IP address under its private network. If you ask for an IP address and the router gives it to you, how is that stealing? I admit, if they secure it in anyway, including not broadcasting an SSID, you should be arrested for illegally accessing a network. But if they set up a router so that it is not secured in any way, I feel that they are giving out access with no requirements from you.

    Here is an analogy, lets say you are walking past a jewelry store, like in Jason's example. Let's say they have all the jewelry laid out on a table. You walk up and ask "Hey, can I have that necklace?" If they say "Yes, and you don't have to give me anything in return," and you take it without paying money, is that stealing? Now let's say this table was "encrypted", you walk up to the table and ask the clerk "Hey, can I have that necklace?" They are going to reply "Only if you give me money first." Sure, you could probably take it, but that would be stealing because they made their intentions clear that you had to provide something first.
  • edited May 2007
    So, if I happen to walk by your home while you are barbecuing am I stealing from you by smelling what you are cooking?

    What if you have your radio turned up loud? Am I stealing by listening?
    Post edited by HMTKSteve on
  • Does that mean that you can justify stealing jewelry from a window display case just because the glass is too easy to shatter?
    Your comparison does not apply, due to the nature of wireless connections. By broadcasting the network's ESSID and not requiring authentication, the access point is quite literally inviting any computer that receives its signal to connect. I don't mean "inviting" in the rhetorical sense of "weak security invites crime", either; an open access point is the technological equivalent of standing in the street and shouting, "My name's Alex, wanna chat?".
  • edited May 2007
    I may have lost this argument last night, but I'm not giving up. Here is some information from this site:

    CNet's News.com has one of its excellent FAQ pieces on whether it's legal to mooch WiFi. The bottom line: Uh, we dunno.

    Is it legal to use someone's Wi-Fi connection to browse the Web if they haven't put a password on it?
    Nobody really knows. "It's a totally open question in the law," says Neal Katyal, a professor of criminal law at Georgetown University. "There are arguments on both sides."

    That doesn't make much sense. Is there a specific law that regulates Wi-Fi access?
    Sort of. The primary law is the federal Computer Fraud and Abuse Act.

    You can read it for yourself, but the important part (check out paragraph (a)(2)) covers anyone who "intentionally accesses a computer without authorization or exceeds authorized access." Nobody knows exactly what that means in terms of wireless connections. The law was written in 1986 to punish computer hacking--and nobody contemplated 802.1x wireless links back then.

    Not much clarity there. Writer Declan McCullagh also checked with prosecutors:

    The representative said in an e-mail exchange: "Whether access is considered authorized can be determined in part by the precise circumstances of access, just as it would be in the physical world. The prosecutor and jury would look at how the access was accomplished and what was done with the access before definitively determining that it was unauthorized." In other words, the representative said, someone sitting in a company's parking lot at 3 a.m. for the sole purpose of network connectivity might be viewed as a lawbreaker.

    The FAQ also looks at the issue of whether it's legal to share a cable or DSL connection with neighbors:

    In many cases the answer is no. It depends on the wording of your contract with your broadband provider. Many don't want you to share. As far back as 2002, Time Warner Cable was sending warnings to customers with open Wi-Fi access points, and a year later it sued an apartment complex on charges of illicit sharing. Also, AT&T Broadband has acknowledged monitoring customers for "inordinately high" usage.
    Post edited by Jason on
  • edited May 2007
    "Whether access is considered authorized can be determined in part by the precise circumstances of access, just as it would be in the physical world. The prosecutor and jury would look at how the access was accomplished and what was done with the access before definitively determining that it was unauthorized."
    Here are the precise circumstances of access to an unprotected network:
    • Client: I wonder if anyone here could connect me to the Internet...
    • Router: Hey look at me! You can connect to the Internet through me!
    • Client: Hey, cool. Can I have an IP address and connect to you? Here is my MAC address.
    • Router: Sure man, here is your IP address. It's good for 24 hours.
    • Client: Sweet! Pr0n, here I come!
    Now, when the Admin of the router sets it up, he determines what level of security he wishes to have. By not setting a security level, he gives consent for his router to spew IP's to anyone who requests one. I, personally, view this as consent for using a network.

    Some people may argue that a lot of common folk do not know how this works, and therefore should be excused from not setting up the proper security levels on their router. They believe that even though these Admins allowed their router to give out IP addresses, they should still be able to press charges against other people use their bandwidth.
    Post edited by Andrew on
  • *Sigh*
  • edited May 2007
    Here's how I break it down.
    Obviously, you have signed a contract with your ISP. If you violate that contract, it is breach of contract. There is no question about the relationship between the customer and the ISP, so there's no point discussing it. Assuming the customer is not violating the terms of their service contract, the only party that can possibly be conducting illegal activity is the person using the open wireless. The question of whether using open wireless is illegal in the US is an unanswered question. There are not yet any legislative or judicial decisions yet which have made the answer clear. I imagine it will take a lot of time to get a definite answer, especially in the US legal system.
    The question now becomes whether or not it is morally right and ethical to use someone's open wireless network, regardless of the law. I will say up front that I do occasionally use open WAPs (wireless access points), but only when I really have to. My main reason for avoiding them is for my own security, but that's a discussion for another time. Despite what I do, I actually do think that under most circumstances, using someone's open WAP is indeed wrong. However, it is not very wrong. It is basically the equivalent of not keeping off the grass in the park.
    Here is why I think using open wifi is in fact what I would call ultra-petite larceny. First off, when you use someone's WAP, you are using their resources. Whether you like it or not, you are costing them electricity and bandwidth. The amounts involved may be insignificant, but they are cleary non-zero. If you are in a country where bandwidth is severely limited, as our Australian friends can tell you, you are actually making quite a significant theft if you use someone's wireless.
    Having all that cleared up leaves us with only one question. When someone leaves their wifi open, are they are implicitly giving everyone permission to take those resources at no charge? I would say that by default if someone leaves their wifi wide open, and their ESSID broadcast on, they are not implicitly giving permission to strangers to use those resources.
    If I leave my car unlocked in the street with a sign that says "this car is unlocked", it's still grand theft auto if you take it. I would have to explicitly put a sign that says "free car" or "please take this unlocked car for free" in order to make it legal to take the car. In fact, I'd probably have to go further than that and explicitly sign over the title and other documents, but those are just some car-specific regulations we can ignore.
    Similar to the car, if you want to give free wifi, you need some explicit way of telling people that the wifi is free. If your ESSID is "freewifi", I would consider that to be granting permission. If you go to Bryant Park in NYC, you will see signs in the lawn that say something along the lines of "free wifi provided by Google". Coffee shops, hotels, and other businesses will also put up signs explicitly stating that they offer free wifi access. If someone has the ESSID of say, "geeknights", and there is no posted sign, then I would consider it stealing in a very small amount to use that connection.
    It seems in this particular case that it comes down to whether or not permission to use the free wifi was explicitly given to everyone, or just to customers. If the cafe had a sign in the window that says "free wi-fi", I would side with the guy. If they had a sign inside the cafe that said "free wi-fi for customers", I would side with the cafe. Regardless of who I would personally side with, or what I think is right and wrong, I think this case comes down to signage. I don't think that this will be the case where the law needs to figure out its stance on technology. This will be an easy case of the law saying what type of signage will amount to explicit permission, and for whom. US law has a lot of practice with that sort of case, and I think it will turn out well.
    Post edited by Apreche on
  • Ignorance is never a valid defense.

    All the analogies I see are in reference to things that are used up by sharing. Take the vending machine example; If a vending machine is broken in such as way that pressing "H2" gives you free gum, are you stealing? A normal vending machine requires money before giving you the item, if this one is broken so as to not ask for money are you stealing?

    Wi-Fi (unless the person has a metered account) is not used up in the process of using it. It's not like stealing water or electricity. Further, because a Wi-Fi router is giving permission to the other user (gives IP address) you could say that you are not stealing because the router gave you permission to use it.

    What if you had a chauffeured car that cost you a flat fee to use every month and the driver was sitting on the curb with a big sign saying, "need a ride?" Would it be stealing to go up to the driver and ask for a ride?
  • HOLY CRAP, I HAVE SCOTT ON MY SIDE! VICTORY! VICTORY! VICTORY!
  • But Scott is basing his argument on morals and not law.
  • edited May 2007
    If I leave my car unlocked in the street with a sign that says "this car is unlocked", it's still grand theft auto if you take it. I would have to explicitly put a sign that says "free car" or "please take this unlocked car for free" in order to make it legal to take the car. In fact, I'd probably have to go further than that and explicitly sign over the title and other documents, but those are just some car-specific regulations we can ignore.
    What if upon request, the car gives you those documents? My whole issue is how people actually connect to a Wifi network. If the person cannot connect without action from the router, who is to blame for "unwanted" access?

    You state that we should place signs on whether or not people are allowed to access a network via Wifi. I believe there is a fundamental difference though. When you place a sign on a car saying this car is free, you are authorizing the public to perform a certain action. With Wifi, when you place a sign up or mark an ESSID, you are restricting access from the public. I say restricting because by default, with no external security, a router will provide access to anyone. Furthermore, at what point do you recognize a sign to be a valid consent and how you do know that sign is actually from the owner? Your argument is flawed due to the fact that the router at a base level views everyone as authorized, not just the owner.

    Let’s go over breaking and entering. By definition it states:
    Breaking and entering is defined as the crime of illegally entering a residence or other enclosed property using any amount of force (even pushing open an unlocked door)
    Ok, so accessing an unsecured network is NOT breaking and entering because there was zero amount of force required (the router actively lets you in). I believe that by setting up an unencrypted Wifi router, people must assume that informed consent is given from the Admin.
    Post edited by Andrew on
  • edited May 2007
    The fact that the WAP protocol works via a mechanism of request and response means nothing. What if I have a house with a voice-activated talking lock mechanism. It asks your name, and you say your name out loud. However, I was too stupid to configure it properly and it unlocks the door for absolutely anybody no matter what name they say. That still doesn't imply I'm granting your permission to enter my house or use my resources.
    Your argument rests on the assumption that a router without security implies permission to take the resources. This is just wrong. If I leave my bike out on the front lawn with a sign that says "bicycle" and I leave it out there for days and days, without  a lock, does that imply that I'm giving it away for free? If I leave a car unlocked with the door open and the title in the seat, and the keys in the ignition, does that imply the car is being given away for free? The answers are all no.
    Because most people who setup wireless access points do not know what the hell they are doing, how can you say that an open WAP implies that the owner is granting permission to use their resources? In most cases the owner is absolutely not granting permission, they just don't know any better. If your neighbor is too stupid to lock his house, you still can't go in and take things.
    In summary, using an access point uses resources. If you use someone else's resources without permission, that is stealing. If there is no explicit permisison, e.g: a sign on the wall, granting this permission, you need some sort of implicit permission. Is it safe to assume that most people understand that if they setup a wireless access point without security that they are also granting permission to others to use those resources? The answer is no. Thus,  in the vast majority of cases there is no implicit permission to use an open WAP. No explicit permission and no implicit permission means no permission.
    In your worldview it is ok to trespass on people's property because they don't put up any no trespassing signs.
    Post edited by Apreche on
  • edited May 2007
    The fact that the WAP protocol works via a mechanism of request and response means nothing. What if I have a house with a voice-activated talking lock mechanism. It asks your name, and you say your name out loud. However, I was too stupid to configure it properly and it unlocks the door for absolutely anybody no matter what name they say. That still doesn't imply I'm granting your permission to enter my house or use my resources.
    How does one then determine if the person who set it up was either too stupid to know better or actually grants permission? Ignorance is not a vaild defense in court and I do not believe that it is a vaild reason for prosecution either. If the door requests your name and you give it and the door opens, you are fully within legal bounds to enter the house. It does mean that the owner grants permission to enter the house. They set up the voice lock! They are responsible to configure it under the requirements they desire! It is NOT up to the person trying to gain access to try and figure out if you want people to enter or if the owner is just retarded. That may not be what the owner desired, but that is what is set up and it is the owners fault for not fully knowning the technology they owned.

    As for the ISP's, if they don't want other people to be piggybacking on an unsecured network, they should have the customer sign a contract that requires them to establish some sort of encryption. If they customer does not follow through, the should have legal action taken against them. But you cannot take action against the people who used the network.
    Post edited by Andrew on
  • edited May 2007
     
     
    How does one then determine if the person who set it up was either too stupid to know better or actually grants permission? Ignorance is not a vaild defense in court and I do not believe that it is a vaild reason for prosecution either. If the door requests your name and you give it and the door opens, you are fully within legal bounds to enter the house. It does mean that the owner grants permission to enter the house. They set up the voice lock! They are responsible to configure it under the requirements they desire! It is NOT up to the person trying to gain access to try and figure out if you want people to enter or if the owner is just retarded. That may not be what the owner desired, but that is what is set up and it is the owners fault for not fully knowning the technology they owned.
    Let's say there was a house on your street and a metally disabled person lived there. This person did not want anyone to come into their house, as most people do. However, because of their disability they often left their door open. They were just too ignorant to know how to use the lock and the door properly. Is it now suddenly ok to go in the house? Are you seriously saying that there is implied permission to enter the house because the person is too ignorant to close the door?
    Let's say you don't even know who lives there. It's just a random house as far as you're concerned. Does that change anything somehow? You can guess what my answer is.
    Post edited by Apreche on
  • edited May 2007
    Let's say there was a house on your street and a metally disabled person lived there. This person did not want anyone to come into their house, as most people do. However, because of their disability they often left their door open. They were just too ignorant to know how to use the lock and the door properly. Is it now suddenly ok to go in the house? Are you seriously saying that there is implied permission to enter the house because the person is too ignorant to close the door?
    Now with someone mentally disabled it is different. In order for someone to be considered to have given informed consent, they have to been in possession of their reasoning faculties. That is not a case of ignorance, it is a case in which the person was not mentally able to complete a task. If they were not able to simply close the door, I would have to imagine that they must have some sort of legal guardian who would be legally responsible. If they don't have one and they couldn't complete that task, I would argue that they are not fit to live alone.

    Again, you say that the protocol has no effect on the situation, but it does. The person requesting permission asks through the computer if they can gain access to use the owners resources. Simply leaving a door/car/window open is not the same situation, it simply doesn't apply.
    Post edited by Andrew on
  • Ok, let's carry your crazy logic a bit further. Let's say you have a particularly stupid user. They are poking around the web and a box shows up. They click ok. Without realizing it, they just agreed to reveal their credit card information and SSN to the whole world. A web page is created with all of this person's information on it, and they "agreed" to it. You really think it's ok to spend that person's money now? Come on, they even agreed to it!
  • Ok, let's carry your crazy logic a bit further. Let's say you have a particularly stupid user. They are poking around the web and a box shows up. They click ok. Without realizing it, they just agreed to reveal their credit card information and SSN to the whole world. A web page is created with all of this person's information on it, and they "agreed" to it. You really think it's ok to spend that person's money now? Come on, they even agreed to it!

    That person would also have to input said information to share it.
  • edited May 2007

    Ok, let's carry your crazy logic a bit further. Let's say you have a particularly stupid user. They are poking around the web and a box shows up. They click ok. Without realizing it, they just agreed to reveal their credit card information and SSN to the whole world. A web page is created with all of this person's information on it, and they "agreed" to it. You really think it's ok to spend that person's money now? Come on, they even agreed to it!

    I'm not even sure how that analogy applies... They agreed to build a webpage with their information on it, but not for you to use it. I'll admit, what I have been arguing is just to let someone on a network and not actually use up their resources, which is a different aspect. Since you can argue that allowing someone on a network is equivalent to letting them use your bandwidth and electricity, I haven't really been clear on that point. I mean, even if you just give them an IP address on your network you are letting them eat up at least some of their electricity. I'm not sure you can limit their amount used after you let them on. There is also no other reason to let them on other than letting them use your resources. With the website, I'm not sure why, but they could be posting it for a many different reasons. With Wifi, there is only one reason to let someone on your network, and that is to use your bandwidth and electricity.
    Post edited by Andrew on
  • I don't feel like there is much more to say here.
  • Theft Of Service, for using the Free WiFi At The Library?


    Can someone explain why the guy at the library deserved to be arrested? I can understand why it's wrong to use wi-fi of a private user or a business owner. And I imagine a lot of these people aren't all ignorant. Maybe some even assume that Wi-Fi router sets up a default security on it's own. Or as a business owner can't be bothered with issuing a password for every customer that comes through the door. Just looking back at some of the past court casing involving the Internet. I imagine the judges, juries, and lawyers aren't very educated on how it all works either. Given that I really doubt anyone is going to be very sympathetic to the guy taking advantage of the computer illiterate owner or private customer.
  • edited May 2007
    Weeee! Scott argued the same exact points that I did with you guys on Skype the other night!

    Now, normally I'm an extreme opponent of using ignorance as an out, but in this case I have to side with Scott. Not everyone can be expected to fully understand the encryption issue, just as not everyone can be expected to understand the entire U.S. tax code.

    Well, that train of thought got me thinking about an interesting scenario where it would be fun to try to defend ignorance: Federal taxes. How do you know you have to file your taxes? The government just expects everyone to know by social osmosis. I think it would be funny to argue in court that people were never informed of their duty to file.

    Hear me out.

    It's often said that ignorance is no excuse for breaking the law. However, I think you could fight this idea and win. Consider for a moment the tax code alone. It contains 9,899 sections alone, each broken into between two a 98 sub-sections. Each of those statutes has its own sub-points. No average American taxpayer can be expected to understand all of those, or even know that the majority of those regulations exist.

    What do you think?
    Post edited by Jason on
  • edited May 2007
    Well, that train of thought got me thinking about an interesting scenario where it would be fun to try to defend ignorance: Federal taxes. How do you know you have to file your taxes? The government just expects everyone to know by social osmosis. I think it would be funny to argue in court that people were never informed of their duty to file.

    Hear me out.

    It's often said that ignorance is no excuse for breaking the law. However, I think you could fight this idea and win. Consider for a moment the tax code alone. It contains9,899 sections alone, each broken into between two a 98 sub-sections. Each of those statutes has its own sub-points. No average American taxpayer can be expected to understand all of those, or even know that the majority of those regulations exist.

    What do you think?
    You know full well that the Government would never accept that argument, and I am sure there is numerous precedence to prove it. Your point only further justifies that fact that saying that someone is ignorant of an issue has never, and will never be a viable excuse for any legal action. Not for a defense, nor (in my best knowledge) for pressing charges.
    Post edited by Andrew on
  • Ignorance of the tax code would never work. Just look at how many companies advertise about their tax services!
  • Are you legally required to look at advertising?

    Look, I know it would never fly, because government has a vested interest in making it not fly. But consider it as a mental experiment. Say you are Johnny Q. Smith, living in rural Montana and running a bait shop out of your back yard. You don't have Internet and you don't watch TV. You dropped out of school in eighth grade. You can't read. Your closest neighbor is two miles away, and the closest town is 25 miles away.

    Nobody wants to be Johnny Q. Smith, in all of his splendor. But those people exist. They have counterparts in urban Cleveland, in the middle of the iron jungle, who are equally ignorant. I wonder how many people each year simply don't file tax returns out of ignorance of the process alone, and who are never prosecuted for it.
Sign In or Register to comment.