Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
This forum is in permanent archive mode. Our new active community can be found here.
The Arrests Over Free Wifi Usage.
I read this story on Digg, but most of their comments tend to be garbage. I wanted to hear what you guys think about it.
arstechnica.com/news.ars/post/20070522-michigan-man-arrested-for-using-cafes-free-wifi-from-his-car.html
I think the case about the guy who was arrested for using the wifi of the public library from his car is ridiculous. I mean sure businesses who offer free wifi usage for customers have more reasonable reasons for not wanting people to piggyback. There has to be more definitive lines drawn. I mean, when these laws become more commonly known, can a police officer have probably cause to search your car if you are sitting on your laptop in your car? Sure, if i were using the free wifi I wouldn't admit it. I say I was working on a paper or something that doesn't need the internet. Most of this just seems dumb.
arstechnica.com/news.ars/post/20070522-michigan-man-arrested-for-using-cafes-free-wifi-from-his-car.html
I think the case about the guy who was arrested for using the wifi of the public library from his car is ridiculous. I mean sure businesses who offer free wifi usage for customers have more reasonable reasons for not wanting people to piggyback. There has to be more definitive lines drawn. I mean, when these laws become more commonly known, can a police officer have probably cause to search your car if you are sitting on your laptop in your car? Sure, if i were using the free wifi I wouldn't admit it. I say I was working on a paper or something that doesn't need the internet. Most of this just seems dumb.
Comments
The problem is that the Justice system has little to no knowledge about how this stuff works, so they attempt to legislate while remaining ignorant to the issue. This kinda makes me to want to go with Rym's idea and become some sort of technology lawyer to help clients who get screwed by idiotic legislation.
Since current law is against free wifi usage for some reason, I would make something up just to avoid any further complication. I do think it is dumb. I do agree that if they don't want random people using their wireless network then encrypt it and if it isn't it's their own fault.
The one problem that I see with the public library example is that it is a public library. If they chose to make their resources public -- whether they are books or wifi -- then I don't see any way they can complain about usage.
Here is an analogy, lets say you are walking past a jewelry store, like in Jason's example. Let's say they have all the jewelry laid out on a table. You walk up and ask "Hey, can I have that necklace?" If they say "Yes, and you don't have to give me anything in return," and you take it without paying money, is that stealing? Now let's say this table was "encrypted", you walk up to the table and ask the clerk "Hey, can I have that necklace?" They are going to reply "Only if you give me money first." Sure, you could probably take it, but that would be stealing because they made their intentions clear that you had to provide something first.
What if you have your radio turned up loud? Am I stealing by listening?
CNet's News.com has one of its excellent FAQ pieces on whether it's legal to mooch WiFi. The bottom line: Uh, we dunno.
Is it legal to use someone's Wi-Fi connection to browse the Web if they haven't put a password on it?
Nobody really knows. "It's a totally open question in the law," says Neal Katyal, a professor of criminal law at Georgetown University. "There are arguments on both sides."
That doesn't make much sense. Is there a specific law that regulates Wi-Fi access?
Sort of. The primary law is the federal Computer Fraud and Abuse Act.
You can read it for yourself, but the important part (check out paragraph (a)(2)) covers anyone who "intentionally accesses a computer without authorization or exceeds authorized access." Nobody knows exactly what that means in terms of wireless connections. The law was written in 1986 to punish computer hacking--and nobody contemplated 802.1x wireless links back then.
Not much clarity there. Writer Declan McCullagh also checked with prosecutors:
The representative said in an e-mail exchange: "Whether access is considered authorized can be determined in part by the precise circumstances of access, just as it would be in the physical world. The prosecutor and jury would look at how the access was accomplished and what was done with the access before definitively determining that it was unauthorized." In other words, the representative said, someone sitting in a company's parking lot at 3 a.m. for the sole purpose of network connectivity might be viewed as a lawbreaker.
The FAQ also looks at the issue of whether it's legal to share a cable or DSL connection with neighbors:
In many cases the answer is no. It depends on the wording of your contract with your broadband provider. Many don't want you to share. As far back as 2002, Time Warner Cable was sending warnings to customers with open Wi-Fi access points, and a year later it sued an apartment complex on charges of illicit sharing. Also, AT&T Broadband has acknowledged monitoring customers for "inordinately high" usage.
- Client: I wonder if anyone here could connect me to the Internet...
- Router: Hey look at me! You can connect to the Internet through me!
- Client: Hey, cool. Can I have an IP address and connect to you? Here is my MAC address.
- Router: Sure man, here is your IP address. It's good for 24 hours.
- Client: Sweet! Pr0n, here I come!
Now, when the Admin of the router sets it up, he determines what level of security he wishes to have. By not setting a security level, he gives consent for his router to spew IP's to anyone who requests one. I, personally, view this as consent for using a network.Some people may argue that a lot of common folk do not know how this works, and therefore should be excused from not setting up the proper security levels on their router. They believe that even though these Admins allowed their router to give out IP addresses, they should still be able to press charges against other people use their bandwidth.
Obviously, you have signed a contract with your ISP. If you violate that contract, it is breach of contract. There is no question about the relationship between the customer and the ISP, so there's no point discussing it. Assuming the customer is not violating the terms of their service contract, the only party that can possibly be conducting illegal activity is the person using the open wireless. The question of whether using open wireless is illegal in the US is an unanswered question. There are not yet any legislative or judicial decisions yet which have made the answer clear. I imagine it will take a lot of time to get a definite answer, especially in the US legal system.
The question now becomes whether or not it is morally right and ethical to use someone's open wireless network, regardless of the law. I will say up front that I do occasionally use open WAPs (wireless access points), but only when I really have to. My main reason for avoiding them is for my own security, but that's a discussion for another time. Despite what I do, I actually do think that under most circumstances, using someone's open WAP is indeed wrong. However, it is not very wrong. It is basically the equivalent of not keeping off the grass in the park.
Here is why I think using open wifi is in fact what I would call ultra-petite larceny. First off, when you use someone's WAP, you are using their resources. Whether you like it or not, you are costing them electricity and bandwidth. The amounts involved may be insignificant, but they are cleary non-zero. If you are in a country where bandwidth is severely limited, as our Australian friends can tell you, you are actually making quite a significant theft if you use someone's wireless.
Having all that cleared up leaves us with only one question. When someone leaves their wifi open, are they are implicitly giving everyone permission to take those resources at no charge? I would say that by default if someone leaves their wifi wide open, and their ESSID broadcast on, they are not implicitly giving permission to strangers to use those resources.
If I leave my car unlocked in the street with a sign that says "this car is unlocked", it's still grand theft auto if you take it. I would have to explicitly put a sign that says "free car" or "please take this unlocked car for free" in order to make it legal to take the car. In fact, I'd probably have to go further than that and explicitly sign over the title and other documents, but those are just some car-specific regulations we can ignore.
Similar to the car, if you want to give free wifi, you need some explicit way of telling people that the wifi is free. If your ESSID is "freewifi", I would consider that to be granting permission. If you go to Bryant Park in NYC, you will see signs in the lawn that say something along the lines of "free wifi provided by Google". Coffee shops, hotels, and other businesses will also put up signs explicitly stating that they offer free wifi access. If someone has the ESSID of say, "geeknights", and there is no posted sign, then I would consider it stealing in a very small amount to use that connection.
It seems in this particular case that it comes down to whether or not permission to use the free wifi was explicitly given to everyone, or just to customers. If the cafe had a sign in the window that says "free wi-fi", I would side with the guy. If they had a sign inside the cafe that said "free wi-fi for customers", I would side with the cafe. Regardless of who I would personally side with, or what I think is right and wrong, I think this case comes down to signage. I don't think that this will be the case where the law needs to figure out its stance on technology. This will be an easy case of the law saying what type of signage will amount to explicit permission, and for whom. US law has a lot of practice with that sort of case, and I think it will turn out well.
All the analogies I see are in reference to things that are used up by sharing. Take the vending machine example; If a vending machine is broken in such as way that pressing "H2" gives you free gum, are you stealing? A normal vending machine requires money before giving you the item, if this one is broken so as to not ask for money are you stealing?
Wi-Fi (unless the person has a metered account) is not used up in the process of using it. It's not like stealing water or electricity. Further, because a Wi-Fi router is giving permission to the other user (gives IP address) you could say that you are not stealing because the router gave you permission to use it.
What if you had a chauffeured car that cost you a flat fee to use every month and the driver was sitting on the curb with a big sign saying, "need a ride?" Would it be stealing to go up to the driver and ask for a ride?
You state that we should place signs on whether or not people are allowed to access a network via Wifi. I believe there is a fundamental difference though. When you place a sign on a car saying this car is free, you are authorizing the public to perform a certain action. With Wifi, when you place a sign up or mark an ESSID, you are restricting access from the public. I say restricting because by default, with no external security, a router will provide access to anyone. Furthermore, at what point do you recognize a sign to be a valid consent and how you do know that sign is actually from the owner? Your argument is flawed due to the fact that the router at a base level views everyone as authorized, not just the owner.
Let’s go over breaking and entering. By definition it states: Ok, so accessing an unsecured network is NOT breaking and entering because there was zero amount of force required (the router actively lets you in). I believe that by setting up an unencrypted Wifi router, people must assume that informed consent is given from the Admin.
Your argument rests on the assumption that a router without security implies permission to take the resources. This is just wrong. If I leave my bike out on the front lawn with a sign that says "bicycle" and I leave it out there for days and days, without a lock, does that imply that I'm giving it away for free? If I leave a car unlocked with the door open and the title in the seat, and the keys in the ignition, does that imply the car is being given away for free? The answers are all no.
Because most people who setup wireless access points do not know what the hell they are doing, how can you say that an open WAP implies that the owner is granting permission to use their resources? In most cases the owner is absolutely not granting permission, they just don't know any better. If your neighbor is too stupid to lock his house, you still can't go in and take things.
In summary, using an access point uses resources. If you use someone else's resources without permission, that is stealing. If there is no explicit permisison, e.g: a sign on the wall, granting this permission, you need some sort of implicit permission. Is it safe to assume that most people understand that if they setup a wireless access point without security that they are also granting permission to others to use those resources? The answer is no. Thus, in the vast majority of cases there is no implicit permission to use an open WAP. No explicit permission and no implicit permission means no permission.
In your worldview it is ok to trespass on people's property because they don't put up any no trespassing signs.
As for the ISP's, if they don't want other people to be piggybacking on an unsecured network, they should have the customer sign a contract that requires them to establish some sort of encryption. If they customer does not follow through, the should have legal action taken against them. But you cannot take action against the people who used the network.
How does one then determine if the person who set it up was either too stupid to know better or actually grants permission? Ignorance is not a vaild defense in court and I do not believe that it is a vaild reason for prosecution either. If the door requests your name and you give it and the door opens, you are fully within legal bounds to enter the house. It does mean that the owner grants permission to enter the house. They set up the voice lock! They are responsible to configure it under the requirements they desire! It is NOT up to the person trying to gain access to try and figure out if you want people to enter or if the owner is just retarded. That may not be what the owner desired, but that is what is set up and it is the owners fault for not fully knowning the technology they owned.
Let's say there was a house on your street and a metally disabled person lived there. This person did not want anyone to come into their house, as most people do. However, because of their disability they often left their door open. They were just too ignorant to know how to use the lock and the door properly. Is it now suddenly ok to go in the house? Are you seriously saying that there is implied permission to enter the house because the person is too ignorant to close the door?
Let's say you don't even know who lives there. It's just a random house as far as you're concerned. Does that change anything somehow? You can guess what my answer is.
Again, you say that the protocol has no effect on the situation, but it does. The person requesting permission asks through the computer if they can gain access to use the owners resources. Simply leaving a door/car/window open is not the same situation, it simply doesn't apply.
Can someone explain why the guy at the library deserved to be arrested? I can understand why it's wrong to use wi-fi of a private user or a business owner. And I imagine a lot of these people aren't all ignorant. Maybe some even assume that Wi-Fi router sets up a default security on it's own. Or as a business owner can't be bothered with issuing a password for every customer that comes through the door. Just looking back at some of the past court casing involving the Internet. I imagine the judges, juries, and lawyers aren't very educated on how it all works either. Given that I really doubt anyone is going to be very sympathetic to the guy taking advantage of the computer illiterate owner or private customer.
Now, normally I'm an extreme opponent of using ignorance as an out, but in this case I have to side with Scott. Not everyone can be expected to fully understand the encryption issue, just as not everyone can be expected to understand the entire U.S. tax code.
Well, that train of thought got me thinking about an interesting scenario where it would be fun to try to defend ignorance: Federal taxes. How do you know you have to file your taxes? The government just expects everyone to know by social osmosis. I think it would be funny to argue in court that people were never informed of their duty to file.
Hear me out.
It's often said that ignorance is no excuse for breaking the law. However, I think you could fight this idea and win. Consider for a moment the tax code alone. It contains 9,899 sections alone, each broken into between two a 98 sub-sections. Each of those statutes has its own sub-points. No average American taxpayer can be expected to understand all of those, or even know that the majority of those regulations exist.
What do you think?
Look, I know it would never fly, because government has a vested interest in making it not fly. But consider it as a mental experiment. Say you are Johnny Q. Smith, living in rural Montana and running a bait shop out of your back yard. You don't have Internet and you don't watch TV. You dropped out of school in eighth grade. You can't read. Your closest neighbor is two miles away, and the closest town is 25 miles away.
Nobody wants to be Johnny Q. Smith, in all of his splendor. But those people exist. They have counterparts in urban Cleveland, in the middle of the iron jungle, who are equally ignorant. I wonder how many people each year simply don't file tax returns out of ignorance of the process alone, and who are never prosecuted for it.