Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Wireless Networking Portables Your Rights Online

Finland To Legalize Use of Unsecured Wi-Fi 151

Apotekaren writes "The Finnish Ministry of Justice has started preparing changes to a current law that criminalizes using unsecured wireless hot spots (Google translation; Finnish original). The reasoning includes the impossibility of tracking unlawful use, the ease of securing networks, and the lack of real damage done by this activity. It is also hard for a user to know if an unsecured network is intended for public use or not. The increased ubiquity of legal, open networks in parks, airports, and other public places has also influenced this move by the Ministry of Justice."
This discussion has been archived. No new comments can be posted.

Finland To Legalize Use of Unsecured Wi-Fi

Comments Filter:
  • by LostCluster ( 625375 ) * on Friday June 11, 2010 @02:04PM (#32539882)

    We need a standard for secure WiFi that allows guests in, most likely by giving them a personal shared key on their receipt or ticket. The big problem with unsecured WiFi is that there's no accountability. Some video-downloading hog can take all the bandwidth, and trying to use anything on 2.4 GHz during a Apple or Google developer conference presentation is near impossible. WiFi was a good first take, but we've got to work QoS and authentication in just like we have for wired just for safety's sake. Otherwise, these laws banning open WiFi actually make sense.

    • Re: (Score:3, Insightful)

      by Tiger4 ( 840741 )

      If the protocol automatically left a token on the host machine, it would then be up to the host to decide if she cared or not about who had been visiting. Of course that would just lead to some kind of spoofing behavior.

      Or we could get the vendors to just have security ON by default. Or even have the OFF setting have a timeout, so it defaults back to ON after a few hours/days. Then when the owners turn it off, they can't claim they didn't know what it meant.

      • Re: (Score:2, Insightful)

        by lucifron ( 964735 )

        Then when the owners turn it off, they can't claim they didn't know what it meant.

        Why should it matter whether they "know" or not?

        ISP's aren't accountable for their what their users do, should it be any different for individuals who let their neighbours check mail or whatever?

        • by fyngyrz ( 762201 )

          And more to the point, at least in the US, where does the right to tell people what they can do with their own computers and bandwidth come from? There's no such right assigned in the constitution, and there are an awful lot of statements that seem to imply otherwise.

          If I decide it's ok for others to use my wifi, and my bandwidth, that should be my decision.

          As for needing keys and so forth... no, not really. Buy a second hotspot, they're like $40 or something like that. Make one open, tell your router

    • by fotbr ( 855184 ) on Friday June 11, 2010 @02:15PM (#32540070) Journal

      Sounds like you don't need laws, you need more bandwidth.

      • Re: (Score:3, Funny)

        by laejoh ( 648921 )
        That's one t-shirt that won't get any RIAA approuval!
      • by adolf ( 21054 )

        Or better QoS. Or throttling. Or...

        It's one thing when an ISP with a near-monopoly does it, but it's entirely another when a small institution where folks will be spending a small amount of time does it.

        This is not new tech. Indeed, the problem of a Wifi leech has been solved for a long, long time.

    • by Stenchwarrior ( 1335051 ) on Friday June 11, 2010 @02:22PM (#32540198)

      I agree. Where's the middle ground here? I guess making anyone who wants to use the public stuff register their MAC would be a huge pain in the arse, not to mention how easily that is spoofed. What about logging in through a proxy with user-name and password? It would have to be something that changes frequently otherwise they would be swiped by MitM attacks. Why not some sort of biometric credentialing that requires fingerprint or retina? The whole idea is to satisfy audit-tracking and accountability policies but biometrics sounds like a pain, once again.

      Surely someone here has some good ideas?

      • You could just throttle all your guests to 1 Mbit/s or less.

        Also: I thought the EU Parliament made it illegal to have open wifi spots?

        • Also: I thought the EU Parliament made it illegal to have open wifi spots?

          EU, Schmeu. This is Finland, where Conan O'Brian was President until former President Jay Leno took back the office on a technicality.

      • Yep... there needs to be a way to make the registration easier... like a QR-style code that prints on your receipt, so we know everybody on the network is a paying customer, and meter out the bandwidth according to how much the owner cares about them. Then nobody's typing 128 bit keys, but we have the security of a frequently changing 128 bit key.

    • I agree.

      No one, least of all me, likes a "nanny law" - and hoo boy is this one the daddy of all nanny laws - but if people are going to continue to expect the law to somehow work to protect them from ne'er-do-wells, this is about the best possible law that could actually work.

      If we want the laws to protect people, then they need to be written so as to offer that protection. The one and only way to prevent someone from using or snooping your WLAN (short of turning it off or containing all of the signal it e

    • by Mordok-DestroyerOfWo ( 1000167 ) on Friday June 11, 2010 @02:23PM (#32540216)
      I'd argue that you really don't need to reinvent the wheel. I like the idea of guest accounts. Simply throttle their bandwidth to something appropriate for the activity. If you're running a hotspot and are graciously allowing your neighbors access then 10 connections with 20 kbps each seems perfectly reasonable to me.
      • by fbjon ( 692006 ) on Friday June 11, 2010 @03:21PM (#32541150) Homepage Journal
        I do exactly this with Tomato WRT. QoS throttling for all unknown devices down to around ISDN speeds. It can be circumvented of course, but I don't really see that happening.
      • by Korin43 ( 881732 ) *
        The problem is that there's only "secure with password" and "completely insecure" modes. Why isn't there a way to have encrypted anonymous access? It's obviously possible since people do it with SSL all the time.
      • The difference between "accounts for guests" and "the guest account" is that one knows takes the time to identify who you're giving access to, and the other doesn't bother. Since there's a lot of money to be made when you know your customers better, that's the better solution for business places...

    • by MozeeToby ( 1163751 ) on Friday June 11, 2010 @02:32PM (#32540364)

      So because open WiFi doesn't work in the most extreme situations, everyone should be legally obligated not to use it? Really? That is your argument? Open WiFi works just fine at my house (with a separate 'guest' SSID that doesn't grant network access obviously), and my place of business, and the college I attended, and the park downtown, and any number of other situations. There's absolutely no reason to ban operating an open WiFi connection except to make copyright content owners happy.

      • It's Steve's Keynote, and the announcement went out to the developers and media in the audience that all cell phones and PDAs must be turned off. This isn't just for information control, but also so the demos on stage will work. Not enough people listened, and the demos failed.

        There's only 11 WiFi channels, and they overlap. Basically, if there's more than 11 WiFi networks in the auditorium, there's going to be problems. The owners of the space (in this case, Steve) should have some way to control the WiFi

      • by amazeofdeath ( 1102843 ) on Friday June 11, 2010 @04:26PM (#32542414)

        There's no ban on *having* an unsecured WiFi access point in Finland. The bad wording in TFS muddles it a bit, but the point is that *unauthorized* use of an open WiFi access point is illegal currently. The new law is supposed to allow any use of open WiFi networks, as it can easily happen accidentally, the user often doesn't know whether there's a permission to use the network, and encrypting the network is pretty damn easy.

    • Re: (Score:2, Insightful)

      by Paracelcus ( 151056 )

      BS, we don't need more and more draconian laws that are almost impossible to enforce and make lawbreakers out of ordinary harmless Lusers.

      Get tough on crime! just like the 17 year old girl who got life for having a pound of pot in her possession! We'll teach her! after 70 years in the slammer getting raped, beaten and finally forgotten she can be safely loosed upon society, her debt paid and in the final months of her life she can reflect how truly sorry she is for her transgression and how wise those laws

    • by sqrt(2) ( 786011 )

      Apple's Airport routers have a guest network feature, and I think it can be configured to only give limited bandwidth and services to people on that network. If you have the password, you join the secure network and get full speed.

      • Yep, that's the direction I want to this to go. Make it easy for the admin/owner of the bandwidth in a place to control how they give it out, and easy for the user to take it or leave it.

    • Re: (Score:2, Informative)

      by Anssi55 ( 729722 )

      There seems to be some confusion. The law in question only forbids unauthorized access. It does not forbid unsecured Wi-Fi itself (yes, summary is wrong).
      And now they may be changing the law to allow accessing unsecured Wi-Fi without asking for permission.

    • Re: (Score:2, Interesting)

      by vlueboy ( 1799360 )

      It was easier for me to just turn off WPA2 than to give my string or allow MAC addresses for some one-time guests the other day. Even WPS is a pain in the neck.

      I think your idead of receipts is wonderful. What we need is for a company to put one Guest Button on every router, with a big juicy text LCD screen. You push the button and the LCD gives you a SHORT temp password (aiming 64-char keys would defeat the purpose) with its own LAN for the people in front of you. After a set period (configurable in your r

      • and the MAC addresses are logged in case you want to add them to your security

        You can do better than that. Tie the receipt with the temp code to the transaction that generated it. If they paid by credit card, you've got a name and identity. Even if they paid by cash, you've got the timestamp that you can take to the security camera and get a photo of the person.

        Point is, nobody's download The Hurt Locker on this connection and not leaving us with a person to point to...

    • The big problem with unsecured WiFi is that there's no accountability.

      A big problem with unsecured WiFi is that typical home systems consider the LAN non-public and safer than the WAN, and a user who doesn't know enough to secure their WiFi doesn't know enough to understand this issue either.

    • by geekoid ( 135745 )

      That can be done, but it turns out not to be worth it. The cost of managing the system is nmore then you can charge and have customers.

      If wi-fi is failing at a conference, it's the admins fault.

      The laws banning open Wi-Fi is a mistake.

    • It takes no time.

      'Locks keep honest people honest' - not an issue for me.

      Week locks attract me like a moth to flame.

  • Gateways (Score:5, Funny)

    by suso ( 153703 ) * on Friday June 11, 2010 @02:05PM (#32539900) Journal

    Finland To Legalize Use of Unsecured Wi-Fi

    Kids, don't you know that unsecured wifi is just a gateway. Pretty soon you'll be cracking into stuff with stronger encryption. Then where will be? Sitting on the side of the road in some bad neighborhood looking asking to borrow a power jack.

    • Re:Gateways (Score:5, Funny)

      by ArbitraryDescriptor ( 1257752 ) on Friday June 11, 2010 @02:15PM (#32540066)

      Kids, don't you know that unsecured wifi is just a gateway. Pretty soon you'll be cracking into stuff with stronger encryption. Then where will be? Sitting on the side of the road in some bad neighborhood looking asking to borrow a power jack.

      That's bullshit. I didn't even try unsecured wifi until I had spent countless hours on stolen AOL passwords. If anything it's the illegal nature of wifi that draws people into harder stuff. By forcing them to hangout in seedy locales, like underground poetry bars, they are exposed to things like hipsters and thick-rimmed, non-prescription glasses; things that they would have never even heard of otherwise!

      • by suso ( 153703 ) *

        Alright, I'm really really serious now. This is the last time. For sure.

        This is your dialup

        This is AOL

        This is your dialup on AOL

        *sizzle*

        Any questions?

        • Re:Gateways (Score:5, Funny)

          by ArbitraryDescriptor ( 1257752 ) on Friday June 11, 2010 @02:45PM (#32540576)
          Those trial CDs had your name all over them. I looked up to you, what was I supposed to think? Then the way you just left them lying around... what did you think was going to happen?

          I learned it from watching you, dad. I learned it from watching you!

          *sobbing ensues*
          • *Young man sitting in front of computer screen, sweating and breathing heavily.*
            Child's voice: "When I grow up, I want to be a webmaster!"
            *camera pans out, showing a very slowly loading web page, complete with errors*
            Narrator: "Nobody ever says 'I want to be stuck testing web pages via AOL when I grow up'"

            *A CD spins like a coin on a desk*
            "When I grow up, I want to be a ballet dancer"
            *the CD falls to reveal an AOL logo*
            "Don't let AOL get in the way of your dreams"
    • I swear man! Just let me crack one more WEP and I'll go cold turkey.
    • Re: (Score:3, Funny)

      by natehoy ( 1608657 )

      One tweet, man, that's all I need to send. Please, man, it's been hours, and I'm hurtin' real bad. I just need a couple kilobytes, man. Please. Help a guy out?

  • Name Change (Score:5, Insightful)

    by just_another_sean ( 919159 ) on Friday June 11, 2010 @02:17PM (#32540110) Journal

    I hear by propose that Finland change the name of the Ministry of Justice to the Ministry of Common Sense and Applied Intelligence!

    Imagine that, a reasonable and informed change to a law to sync with their ever changing technological landscape. I am astounded! One
    only hopes others will learn from this event.

    • Can we get guys like that in the US? And maybe like that Spanish Judge who ruled that an individual file sharing wasn't a crime against humanity while we're at it?

    • Maybe it is a regional thing. Sweden has yet to actually shut down TPB, Finland is changing the law to reflect technological changes...I even heard about citizens in Denmark using cryptographic protocols to maintain a fair market for small farms.

      OK fine, the region does still have problems, and I am not exactly an expert on politics in those countries. Still, as an American, am I free to pretend that there are havens of sensibility.
      • Re: (Score:1, Interesting)

        by Anonymous Coward

        This didn't happen by accident. The Ministry of Justice actually recognised the Finnish Pirate Party as having expertise in the subject and asked for opinions on the matter. Glad to see they also took heed of the advice given, especially considering the party does not yet have any representatives in the parliament.

    • Re:Name Change (Score:5, Informative)

      by DMNT ( 754837 ) on Friday June 11, 2010 @02:38PM (#32540462)

      The finnish legislation standard used to be (until 2000's where they passed some questionable laws) to lay down technologically neutral laws, where the technology used played no important role but the action did. This proposed legislation is just an exception to be amended to the current law, which regulates the use of other people's property, which you currently are not allowed to use without a prior permission. Currently some of the facilities offer free WiFi without informing you of such and this behaviour would be illegal by the law even when it's not easy to detect or to prosecute. So they are for the sake of clarity, going to make an exception because it is often hard to find out whether you're allowed to use the open network or not.

      The human translation for newstext:

      Joining a wireless accesspoint to be legalized

      The ministry of justice is forming a law to allow use of unprotected WiFi access points. By the current law the unauthorized use of open networks has been illegal.

      The exception is rationalized by for example, the lack of harm done, impossibility of oversight and the relative easiness of protecting the network. For the end user it is also often difficult to find out when the network is meant for public use and when it is not.

      The statements received by the ministry of justice (which includes EFFI, Electronic Frontier Finland, by transl.) remind that the avilability of free WiFi access has increased in public space such as parks and air fields and they don't always inform the end user of the free availability.

      According to the ministry of justice, there has been only one sentence for the use of unsecured WiFi by the district court. Higher court upheld the decision and it never went to the supreme court.

      Most of the statements were for the legalization. However, many of them held it in high value that the owner of the access point should be held innocent in case of the illegal use of the access point.

      Experts' opinion is that a lot of the WiFi access points are unsecured and the unauthorized use of them is common. Securing of the access point is usually easy when following the manuals of the access point.

      The unauthorized use of the access point might slow the network down but it is hard to note unless there's a lot of file transfers compared to the bandwidth available.

      • Yeah, the legislation was mostly sane (not counting firearms laws), but after Lex Karpela it has gone downhill very fast.

    • Re: (Score:2, Redundant)

      by DMNT ( 754837 )

      The finnish legislation standard used to be (until 2000's where they passed some questionable laws) to lay down technologically neutral laws, where the technology used played no important role but the actual action by the person did no matter what the tool used. This proposed legislation is just an exception to be amended to the current law, which regulates the use of other people's property, which you currently are not allowed to use without a prior permission. Currently some of the facilities offer free W

    • What is surprising (to me at least) is that the unsecured WiFi was illegal in the first place. I find that disturbing that Finnish laws are so intrusive in the first place. Maybe tolerance of such things is why they have one of the most peaceful and least corrupt countries in the World. However, the original law shows the Government has no problem reaching into individual freedoms (yes, I know that Finland is not alone in this).
      • It could be worse -- the law could have stated that failing to secure a wifi network is a crime.
      • Re: (Score:2, Informative)

        by Anssi55 ( 729722 )

        What is surprising (to me at least) is that the unsecured WiFi was illegal in the first place.

        Only accessing them without a permission is illegal (as said in TFA; the summary fails to mention that, however)

        • The summary is basically right, the wording just muddles the content. You are right in that having an open WLAN access point is and has been legal, any unauthorized use has been illegal, and the latter is about tho change.

        • Thanks for the clarification - it did seem rather draconian, so the summary did seem at odds with the pragmatism of the Finns I know.
    • by nurb432 ( 527695 )

      The WTO will hear about it and propose sanctions.

  • Barnes and Nobel (Score:4, Interesting)

    by orsty3001 ( 1377575 ) on Friday June 11, 2010 @02:22PM (#32540192)
    Just do what Barnes and Nobel does. If you try to connect to their system it will want to text you a temporary access code.
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      So you have to access their system, give them your phone number, wait for the text message, then enter a lengthy code on a mobile device and then you can use the wireless network. That sounds so user-friendly, I wonder why this isn't more common. </sarcasm>

    • The link to the AP is still unencrypted then. I don't think Barnes and Nobel sets up a tunnel between you and the AP, so your Facebook chats and msn chats are all wide open for people to see.

      The only way around this is to have TWO APs setup. One to GET the access code, or WPA/WEP key, while the other to actually connect to for wireless - but then everyone is using the same encryption key anyways.

  • by TruthSauce ( 1813784 ) on Friday June 11, 2010 @02:35PM (#32540414)

    There are a lot of common sense ideas in the Scandinavian countries.

    I've been thinking about it and I think that perhaps it's related to their increased tolerance for failure. A Swede or Norwegian or Finn is able to say "yes, this was a mistake" and not be derided in public for it.

    The concept that humans aren't perfect isn't lost on these people as it seems to be in much of the rest of the world.

    Another great example of this is the sex offender registries in the area. They're not only non-existent, they're actually illegal. They contend that it is a gross violation of personal privacy for those who already served their time and point out (probably correctly) that they do very little than encourage fear and paranoia amongst the populace. There was even a very public protest in OPPOSITION to a group who set up a private registry with similar information, after which, the site was removed due to its illegal content (in violation of local privacy laws).

    To bring up another example, in these countries, there are very few frivolous lawsuits, as the system is carefully balanced to make it burdensome to bring one.

    It is much easier for a judge to deem the plaintiff liable for all court costs and all defense costs if he feels the lawsuit was brought with malice or with little hope of succeeding.

    Additionally, the state represents both parties in some cases, removing the financial burden of defending yourself from lawsuits. What they then do is place that burden on one of the parties in the case that they have been shown to be "willfully" out of compliance with civil law, but in cases where it is a genuine misunderstanding, the costs are absorbed by the system.

    Rather than having a heirarchy where the rich can do whatever they want and the poor get fucked. Or a system where the powerful control everything and those down on their luck are brazenly left out to dry, these countries seem to have found a balance.

    Also, worth noting, that these countries, despite their low populations and high standard of living, are not in the list of struggling economies, even during this "European crisis".

    Absolutely brilliant. :-)

    • by dropadrop ( 1057046 ) on Friday June 11, 2010 @03:07PM (#32540938)

      Also, worth noting, that these countries, despite their low populations and high standard of living, are not in the list of struggling economies, even during this "European crisis".

      Absolutely brilliant. :-)

      To be fair, Finland and Sweden have not been doing especially well during this crisis. Both countries are highly dependent on exports that have been doing badly. Finland had a huge drop in both exports and gdp (In Finland GDP was -7.8% last year, a drop of 9% since the previous year) during 2009, and the government took a huge loan just to keep things running. The good part is, that we don't have as much debt as more southern countries, so on the big picture things still look ok.

    • Re: (Score:2, Informative)

      It's also the country that passed Lex Nokia [bloomberg.com] not too long ago. Certainly the Finnish situation isn't as bad as it is in the UK and the US, but it's still not perfect.
      • Re: (Score:3, Interesting)

        by Luckyo ( 1726890 )

        There is a funny thing about that law. Up to this point, NOT A SINGLE COMPANY USED IT.
        Because there is a clause in the law stating that to use the law to monitor your employees, you are required to inform a government official in charge of privacy investigation, essentially making it public that you're using the law. And the public backlash because of the law was so heavy, that not a single company wants to be known as "the first company to start using that unfair snooping law".

        So the law is in place, but n

    • A Swede or Norwegian or Finn is able to say "yes, this was a mistake" and not be derided in public for it.

      You left out Denmark (... you insensitive clod). Yes, this was a mistake ;-)

      Also, while I hope we Scandinavians live up to the generally positive image you portray of us, it's not all roses.

      Recall The Pirate Bay---police raids of their server farm, law suit? Not good :\

      And due to a lawsuit between IFPI ("RIAA international") and Danish ISP A, resulting in the court ordering ISP A to block access to thepiratebay.org, my Danish ISP B also blocks access :( ... Ah well, I can read their blog via tor ;-)

  • I live in Finland, and I have been using unsecured Wi-Fi nets since at least 4 years (maybe longer) perfectly legally. In some cities (Oulu) it is a service offered by the municipality, in others it's part of the student campus facilities, etc. etc. In theory, you were not allowed to use your neighbor's Wi-Fi (if you knew it's his/hers), though I have never heard that being enforced, ever. This law just makes the point wholly moot.

    • Did you not know that you do have explicit permission to use those public municipal networks? They publish ToU online on their site, and that's fine by the law. Using your neighbour's network accidentally or not is a criminal offence, unless the neighbour really is providing a public service. As the Finnish article says, there was a guy (IIRC, in Salo), who did some hacking and "accidentally" used his neighbour's connections for it; he got caught and got sentenced for the unauthorized use. All in all, the t

  • Unsecured wireless isn't illegal in most places and shouldn't be.

    I'm aware of all of the potential issues, but the implications of government control; being forced to secure something if you don't wish to - are far worse.

    • by amazeofdeath ( 1102843 ) on Friday June 11, 2010 @04:18PM (#32542278)

      It isn't illegal in Finland, *unauthorized* use of unsecured WiFi connections is currently. The lawmakers are trying to clear the situation, as the user can't know whether he has a permission or not to use the open connection. The current law defaults to no permission, the new should default to open -> permission.

    • Yep. Just put the legal liability for any illegal activity done over the WiFi to the owner of the Internet gateway address unless they can tell you who did it and we'll be all set.

      • Well, that's pretty much it goes nowadays in most Western countries at least. Both the US and UK have had lawsuits to establish that just having an open WiFi access point is no defence in CP downloads, for example.

  • Germany's internet laws suck, alas. :(

    Why are the Scandinavian countries generally so awesome with new media and civil rights? Sweden has Wikileaks and (had) the Pirate Bay, Iceland has the IMMI thing planned, now Finland allows open wi-fi...

  • Well since open wifi is just a public-like place where obviously people will do illegal things since they can't always be monitored, lets move to banning open, public spaces. We've all seen how things like drug deals are done there. Along with things like drinking in public, illegal panhandlers, illegally sleeping on public benches, illegally urinating in public, vandalism, dogs being illegally let off leash ignoring leash laws. By gosh, these open public anythings are just breeding grounds of illegal activ

Technology is dominated by those who manage what they do not understand.

Working...