UK Man Convicted For Wi-Fi Piggybacking 659
CatrionaMcM tips us to a BBC story reporting that Gregory Straszkiewicz, a UK resident, was fined £500 and sentenced to a conditional discharge for 12 months after being caught using a laptop from a car parked outside somebody else's house. '[H]e was prosecuted under the Communications Act and found guilty of dishonestly obtaining an electronic communications service.' A separate BBC story notes that two other people in England were arrested and cautioned for sharing Wi-Fi uninvited.
Good, I hope this continues and moves to the US (Score:5, Insightful)
It's not mystery tech. anymore (Score:3, Insightful)
Re:Open AP? (Score:5, Insightful)
Re:Open AP? (Score:2, Insightful)
Unless you are told/informed/read other wise, a network is NOT public. It's no different than seeing an unlocked door. You wouldn't just walk in and look around would you?
autoconnect (Score:4, Insightful)
Re:Well... (Score:3, Insightful)
There are other countries besides yours.
Re:Good, I hope this continues and moves to the US (Score:5, Insightful)
But for piggybacking wi-fi they charge you £500. Cool. They should also put him in jail, just to show how dangerous for society his actions were.
UK has a lousiest law system in the world, IMHO. I know it well - I live here.
Re:Crime to use open wifi? (Score:3, Insightful)
He asked to use the network (Score:5, Insightful)
To which the access point replied: "Yes, you can have X.X.X.X. You can route your traffic through X.X.X.X."
He *asked* to use the network, and the network said *yes*.
Open Networks Are Open (Score:5, Insightful)
Re:Crime to use open wifi? (Score:3, Insightful)
There is no 'invitation'. When you use someone elses bandwidth, you deprive them of a commodity that they have paid money for. So yes, it ought to be a crime.
Re:Open AP? (Score:5, Insightful)
Re:Open AP? (Score:5, Insightful)
I love this example, because there is a legal difference in many jurisdictions between locked and unlocked doors.
If you defeat a lock and enter a building, that is breaking and entering. But if the door is unlocked the most you can be convicted of (providing you haven't damaged or stolen anything) is trespassing.
The law should really make the same distinction about networks.
Re:He asked to use the network (Score:2, Insightful)
He *tried* the door handle. The door opened. Does this mean he had an automatic right to go inside? Technically possible != legal.
Re:Open AP? (Score:5, Insightful)
Yes, it is very much different from seeing an unlocked door. That's why intelligent people don't resort to analogies to discuss simple concepts like communication over radiowaves. The established standard has means of negotiation that allow people to use a shared resource without prior agreements. Using the standard is vital to many interesting and legitimate uses of the shared resource. You're advocating a restriction on useful applications to give technological nitwits the illusion of safety, while in reality their baseless assumption of being protected only causes them to be more vulnerable because they see no need to secure their networks. There is not even one good reason for punishing the use of open access points by anyone.
Backwards.... (Score:5, Insightful)
Technically, the structure of the internet is built on a 'Default allow' schema. Essentially, if you don't say 'no' then I can. I don't have to get permission to use your web server, your anonymous FTP server, or route over your backbone. If you choose to, you can of course block all of those, but you have to choose to disallow me access.
Add to that the facts that public 'hot spots' are more & more common & XP will sometimes jump from one network to another without asking and you have a recipee for legal chaos when incompetents leave their AP's open.
Do it all the time - I don't actually remember the last time a business had someone out front asking me to come in.
Re:Open AP? (Score:5, Insightful)
Re:Open AP? (Score:1, Insightful)
Re:Open AP? (Score:2, Insightful)
Re:Open AP? (Score:2, Insightful)
Re:He asked to use the network (Score:5, Insightful)
Is this a trick question? If you're standing in the street, yes.
Re:Open AP? (Score:2, Insightful)
Actually, since we're discussing the UK, I believe what you are suggesting would be an "attractive nuisance", since squatting in a house to gain adverse posession of it legally requires only that the property is treated as a normal residence by the new "posessors" for 12 years and (key point) has no broken windows or locks.
If the door is unlocked, you've invited the courts into your house over a land dispute. In other words, it's your fault it happened.
Furthermore, the new "posessors" may place a section 6 notice on the door, at which point the people with the title may no longer re-enter the property without legal involvement.
So, yeah, why is it illegal to use Wi-Fi that's open, but not illegal to use someone else's unlocked home in the UK?
Re:Open AP? (Score:3, Insightful)
Re:Open AP? (Score:2, Insightful)
Contents of the packet sniffer are clearly irrelevant. Point is, if the system in question hadn't broadcast its name, and the appropriate DHCP info to allow the connection, the connection would not have occured.
Clicking is not hacking.
Why does everyone assume the AP was open? (Score:5, Insightful)
The article doesn't say it was, in fact it notes the details are extremely sketchy.
Furthermore, if I drop my wallet, does everyone here just assume that I don't want it anymore and you are therefore free to take it?
I had at one time a public access point, it was identified as "Free basic web access, be nice" or something and was run through a linux box wich filtered and limited access quite a bit AND logged everything. I did it mostly out of curiousity. Just what would people access through a connection provided by someone they didn't know?
The answer was suprisingly mundane. Mostly email and light browsing. The location was in Amsterdam in an apartment near the "kalvertoren" a few years ago. For the non-dutch this is in the heart of amsterdam, yes within walking distance of the red-light district. This is holland, everything is in walking distance.
HOWEVER I have also found in more recent years that if you leave an AP open for general use, some people WILL not automatically limit themselves to minimum use. Cue the by now old trick of simply filtering a specific users access to replace all their image requests with tubgirl (if you think goatse is bad, google for it).
Still simply securing your network ain't always enough. At least some wifi security can be easily bypassed. At what point do we say "this is secured enough, you are now commiting a crime".
Personally I think it is bad sign if a bike stolen from an open garden gets a response from the police that you should have a 1 meter high fence, that is locked and the bike should have secured to something. Perhaps some people like to live in a world were everything has to be secured, I prefer to just lock up those that cannot understand the difference between something you own and something someone else owns. Either way, it seems we need an awfull lot of locks in this world.
Re:Open AP? (Score:3, Insightful)
Re:Open AP? (Score:5, Insightful)
Re:Open AP? (Score:2, Insightful)
Re:Invitations (Score:3, Insightful)
If someone sets up a stand with some brochures and a sign that says, "take one," am I stealing if I take one without first asking whoever put it up? Is it my fault if they just wanted something to put their brochures in, and didn't bother to look at what it said, and then ALSO decided to put it in a public place?
If someone doesn't want me to use their WiFi (Score:2, Insightful)
Re:Backwards.... (Score:3, Insightful)
Re:Open AP? (Score:3, Insightful)
Re:Open AP? (Score:3, Insightful)
He wasn't waiting for a bus and idly checking to see if he could go on the net while he waited. He was there because he knew he could do whatever it was he needed to do on an internet connection not his own. He had probably wardrove it to begin with, it certainly wasn't a coincidental connection.
Wi-fi Humping and Sane Laws (Score:3, Insightful)
I can't believe they charged the guy $1000 for something his adapter's Windows client probably did on it's own. Hell, my *Linux* wrapper drivers catch on to the open network with the best signal automatically. I have had to intervene manually several times to stop this piggybacking, or humping as I prefer to call it. And not many people know enough to do this. In particular, you can't expect people to click cancel on an OS that requires a confirmation every time you want to scratch your balls. Wake up, Britain.
Re:Good, I hope this continues and moves to the US (Score:3, Insightful)
Everything is natural. Humans build interwebs like spiders weave their webs.
On the other hand, if you define Internet as not natural, it is therefore supernatural and I can choose not to believe in NO CARRIER
Re:Open AP? (Score:5, Insightful)
Re:Open AP? (Score:3, Insightful)
Of course, if you're an IP lawyer spoiling for a fight, I say go for it. Let me know how that works out for you.
Re:Open AP? (Score:3, Insightful)
If I am hiking on public land for example, and I'm next to some private land, the private land should be marked as private. Otherwise, how will can I tell where the border is?
The owner of a wireless access point can easily setup a barrier with a wireless encryption key or other security methods. Otherwise, there is no way to distinguish private APs from legitimate public APs. With these new UK laws, I suppose there is no such thing has an non-invitation public AP.
Re:Good, I hope this continues and moves to the US (Score:3, Insightful)
For USAians, I quote the tenth amendment to the Constitution. aka "the tail end of the Bill of Rights":
"The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
In other words, if you can do it, and no government says you can't...then you *do* have the right to.
Re:Open AP? (Score:5, Insightful)
You may see it as so. But the law disagrees. In fact the law (in this instance) is consistent with locks on doors, etc... Absence of a lock is not indicative of permission to enter. This makes sense because, lacking signs, there is no way to tell the difference between a WAP you are encouraged to enter, and one where the owner forgot to lock his door.
Re:Good, I hope this continues and moves to the US (Score:1, Insightful)
You're talking about a device that actually BEAMS radio ADVERTISEMENTS into public spaces. And you are complaining about people connecting to it?! W-T-F!?
Would you also bitch if you put a web server on the Internet and people connected to it to?
If you don't want people using your access point then encrpyt it. Even lame-ass WEP sends a clear message: I don't want you to come in. Abusing legal services to cover ignorance and incompetence is just pathetic.
Re:Open AP? (Score:3, Insightful)
Just because the default configuration of routers broadcasts the SSID doesn't make it a free-for-all. Similarly, just because a Bluetooth phone is set to 'visible' doesn't mean 'connect to me and do what the hell you like': at a protocol level it means 'you can connect to me', but at a human level there's no such implication made purely by the presence of the packets.
Similarly, just because an operating system finds the packets and produces a UI in response to them doesn't mean there's an invitation either, it just means that the packets have been spotted by the operating system and it's acting in a pre-programmed manner in response to them. Ultimately, you're still given a choice as to whether to connect, and moreso a choice whether to actually use the network or not. The fact that you can doesn't mean you should.
Re:Open AP? (Score:5, Insightful)
There are lots of analogies being thrown around already, I'm sure, so let's just dispense with those for the time being and get down to brass tacks.
My neighbor's access point is a crappy linksys wrouter that he got several years ago. He uses WEP but I can crack that quicker than he can type in the key. Does the fact that he is using a known-to-be-weak encryption scheme mean that I have the right to be on? My other neighbor does not advertise his SSID, but I can get on his AP just the same simply by grabbing enough packets out of the air. Does that mean that I have the right to use the service he's paying for?
Simple deduction tells me that I should not assume that, simply because I can access a resource, the owner does not mind if I access the resource. You cannot validly assume that the average home user of 802.11 technology knows enough to secure it.
Frankly, at this point, I do not care whether or not people want to lay blame for this at the feet of the vendors or of the end users. The simple fact is that unless you have an explicit reason to believe that you are meant to access someone's wireless, you should not; and to access it anyway is unethical.
Re:Open AP? (Score:3, Insightful)
Your argument is:
"My computer's default setup connects - it's not my fault"
and
"Their wrouter's default setup allows me to connect - it's their fault"
Did I miss something?
Otherwise: bzzt!
Re:Open AP? (Score:2, Insightful)
When I grew up we never locked our doors and we left our bikes out in the yard. And it wasn't a small town. It's a shame that now that behavior would be considered so absurd that it even extends to encrypting the radio waves emanating from within.
Re:Open AP? (Score:5, Insightful)
As has been noted elsewhere, you are assuming "laziness" or incompetence on the part of the "sysadmin" where mere ignorance performs as well. Which explanation do you suppose Occam would select?
Re:Why does everyone assume the AP was open? (Score:3, Insightful)
"Furthermore, if I drop my wallet, does everyone here just assume that I don't want it anymore and you are therefore free to take it?"
We are free to take it, whether or not you want it doesn't matter.
However, thaty anology is really flawed and shows a basic lack od understanding of how WiFi works.
I send out a signal.
I get a reply.
I say "hey can I connect"
I get a reply that says either:
NO!
Sure, I need a username and password.
Sure I need an user name
OR
Come right on in, I don't care who you are.
If it is the last option, then no one should be held accoutable if they log in, because they have defacto permission.
Re:Open AP? (Score:2, Insightful)
Re:Open AP? (Score:5, Insightful)
Just because I can get in a a car and drive it doesn't mean I should.
If you do not possess the knowledge to properly set up a wireless network, then by no means should you be doing it.
The law should be simple: if you set it up, w/ SSID broadcast turned off, encryption enabled, or both, then you should be allowed to sue for unauthorized access. If neither, then it should be assumed it is a public service
The lack of technical knowledge of the 'victim' DOES NOT MATTER. They failed to follow the directions that came with the router. They failed to learn about the tech they were about to use. They get burnt.
If I install a dishwasher myself, but fail to read the directions, and it floods my house, Is it the water's fault, or mine?
Re:Open AP? (Score:4, Insightful)
This whole line of reasoning has always struck me as a rather disingenuous argument, because proponents of the "Well, the SSID was broadcast and there was no key required, so obviously it's free for anyone to use" theory never offer any criteria for exactly how much the owner of a wireless access point needs to do before random clients can "assume" it's not intended for public use.
I see your point and I do understand where you are coming from on this, but the problem is a bit sticky.
For instance, where I live, and probably where most people live these days, pretty much every business around from the local hamburger joint to the local bar, etc advertises free wifi. Many if not most of them simply set up an AP with a broadcast SSID and have done. The people who work there may not even know what the SSID is, but they expect you to just search and find it, which you can. In several places there is overlap between these APs from businesses and similarly configured APs from regular folk. Sometimes the SSID is obvious, like $RESTAURANT, but sometimes it's just the default Linksys SSID or whatever. There are services that help these folks set up their networks and require some kind of authentication over ssl to actually get out to the net, etc, or will just set up the system for you in some other way, but those cost money, and, like I said, many small businesses find it simpler to just fire up an AP out of the box and hook it up.
I have also noted that since encryption adds significant overhead to wifi connections, making them in many cases many times slower than without, people will open the network for that reason alone. The 11mbps connections were especially nasty that way.
Then you have your neighbour problem. Sure it's not anything like the situation with getting connected to an open wifi connection run by a business, but even so there are people who deliberately set their wifi networks as open networks that broadcast their SSID specifically because they want people to be able to use them. There are even clubs that work together to convince people to set their networks up this way, and set their own up this way, specifically so people can use them.
Given all that and the permissive nature of these networks, a culture is brewing such that people do not see connecting to open networks as wrong, and often do not care that people connect to theirs. In my experience, this is actually more the rule than the exception, even with non-technical users.
Now we come to your point. For instance the person who just got wifi and has no idea other people can connect to it, etc, who barely struggled through the instructions and has no idea how to monitor the connection. This is the guy I am sure your worry most about. It's not their fault they did not secure their network, per se, and it is not fair in any case for people to just use their stuff because the "door is open" and the "keys are in it" or whatever analogy you like today. But at the same time it's hard to draw the line between legitemately using an open network and using one that was not supposed to be open. Sometimes, in fact, it's the proverbial "clueless user" who ends up on the wrong network thinking he is on his own. It's even weirder when they are both called "Linksys." How is he supposed to know? I actually got onto my girlfriend once for getting on someone else's network, but she not only did not know she'd done that, but did not know at the time how she could have told what network she was on. (She is more expert now).
Usually people that are connecting to other's networks are not doing anything more nefarious than using someone else's bandwidth. I do know some people who deliberately set up open networks had to close them because some one did try to hack the other boxes on their home network. In any case, it is probaly is a good idea not to connect to networks not your own unless you know it is open on purpose. In the case of the neighbour you can generally ask, and I
Re:Open AP? (Score:2, Insightful)
Don't equate protocol-level advertisements with human-level advertisements, because they're not at all the same.
Just because somebody leaves their front door open isn't an invitation into their home, even though if they were competent they would have closed and locked it. When it comes to technical equipment thrust into the hands of inexperienced mass consumers, it's not reasonable for anybody to expect them to be able to configure it much, if any, beyond manufacturer-guided values. Unless there's a wizard which says 'do you want to make your wireless network private?', you and I both know that people who can barely operate a video recorder won't get anywhere near knowing what the implications of visible SSIDs and a lack of MAC-address filtering are.
Situations like this are yet another product of technology that isn't really ready for consumers being handed to them because the benefits largely outweigh the downsides. Really, most of the blame lies with the manufacturers for providing dumb defaults, and for the whole damned industry for not coming up with a nice simple pairing mechanism (push button on laptop, push button on AP; LCD on the AP flashes a code, type it into the laptop to join the network) that any consumer can use without compromising basic security.
Re:Open AP? (Score:3, Insightful)
I'm back to: if you don't want anyone else connecting to your AP: lock it. It won't keep out the (determined) cracker but it will tell people it's not public. Then you have a case.
The virtual world is *nothing* like the real world, and doesn't have *any* of the social norms that we have in the real world (like fences and accepted lawn-markers/sizes so people know what's private and what's not). Analogies that use the real world are all lacking because ideas, bits, broadcasts and all that other non-tangible stuff just can't be represented by the real world.
Re:Open AP? (Score:3, Insightful)
Any analogy that includes the real world fails to take in account the fact that in the real world we have hundreds of years of property law and social norms that makes it "obvious" to us what trespassing is and what break'n enter is.
This same obviousness doesn't (yet?) exist in the virtual world; and (hopefully!) never will.
Some of these same questions can be asked about accessing a server on the Internet: if I request to make a connection with some server, and it lets me, have I broken a law? ok, so if I connect on port-80, using http and I breaking the law? what if I use telnet on port 120 and it lets me in?
For me, the bottom line is that the visual cues and social norms simply don't (and can't) exist on the internet. While it may be true that most people don't want to allow anonymous telnet access on port 120 we shouldn't assume that anyone who connects in such a way is automatically breaking some law.
The burden should be on the service operator to at least make a cursory effort to in some way state that this is a private connection. This could be anything from a username/password to even anonymous login with a banner (delivered to every connection) that this is a private port and that use of it was private. At that point: it's private.
Re:Open AP? (Score:3, Insightful)
Re:Open AP? (Score:3, Insightful)
Re:Open AP? (Score:2, Insightful)
Okay, you know the difference between implicit and explicit, but you don't know the difference between a certain byte value in a certain field of a DHCP PDU, and actual permission and authorisation in the real world. I know this is slashdot, but jeez - the amount of people here thinking that just because the DHCP RFC refers to Offers, Requests and Acknowledgments, that equates to actual authorisation and permission in the real world. As I said in another post, they're called offers and requests etc. to ease understanding of the protocol. The word "OFFER" never actually flies over the wires.
In summary, even if you are explicitly "offered" an IP, you weren't offered anything else, implicitly or otherwise.
Re:Open AP? (Score:3, Insightful)
no it should not (Score:2, Insightful)
An open access point is a literal invitation.
But only at a technical level not a legal one. Why is this distinction so hard for people to grasp? An inanimate piece of equipment cannot grant your legal authority to someone, even if it can automatically grant connection to another piece of equipment. Because you are a human being with rights, responsibilities and legal standing. Your router is not.
This the kind of thing that crashes the legal mind (Score:4, Insightful)
Wow, what subversive pinko commie ideology is that? Sharing things free of charge with your neighbours, or - still worse - with total strangers? That's the kind of behaviour that troublemaker Jesus Christ was executed for advocating! No wonder the law comes down hard on it. Next thing you'll be suggesting we should start sharing source code with complete strangers, for Pete's sake.