back to article A wardriving we will go!

One in three mobile workers worldwide routinely hijack wireless connections, according to a survey commissioned by the US National Cyber Security Alliance (NCSA) and Cisco. The Cisco-NCSA study paints a picture of lax attitudes for mobile security and disregard for the law - at a time when police on both sides of the Atlantic …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Bullshit...

    This is clearly a case where the law is wrong. Assigning an IP address to any node that requests one is a clear cut case of consent. I wouldn't even call it "tacit". The protocols are available to clearly designate a public network from a private one. If you have your network set to public, then you are inviting people to use it, period. That's why the protocols were developed the way they were.

  2. Anonymous Coward
    Anonymous Coward

    Bullshit part 2

    BTW, isn't this exactly akin to that article a couple weeks ago (can't find a link) about a guy who got busted by the cops with child porn, because his roomate let the police in the house, and his hard drive wasn't encrypted. His workstation even had a log on, but the police bypassed it. There argument was that since it wasn't locked (encrypted), it was assumed to be part of what they were allowed to see by entering the house.

    So, the cops can assume access to anything that isn't explicitly secured, but a business man trying to find his way to a meeting can't use an open wifi network to Google it? I'm calling double standards on that one.

  3. Anonymous Coward
    Anonymous Coward

    and...

    I simply do not understand why people who don't know any better get upset when other people that don't know any better 'use their WiFi'.

    Now, if someone is hacking or knowingly impeding the use of someone's WiFim then that is a problem. My friend just turns on her Dell laptop and connects to the nework with the greatest signal strength. The one time I checked, there was her connection (which I setup with WEP, an unbroadcast SSID and a strong password), in addtion to 5 others in the neighborhood. She had no idea what she was doing, but it wasn't like she was doing more than checking E-mail.

    Companies that manufacture base stations can only do so much, by applying a default password, randomly assigned SSID and or encryption at the factory, but people aren't going to understand all that.

    Is there a solution? Sure, go after something more serious, like SPAMMERS maybe? Oh, noes, soms guyz brokded teh InterWehbz!!!

    Who cares? Get over it people, it's a bump on a log!

  4. Paul

    wep? how sad!

    wep? how sad if you think its secure. however, if someone DOES sniff traffic and crack your wep key then they're definitely guilty of stealing service.

    Ignorance of the law is no excuse, so why should ignorance of good computer security practices be a reason to leave yourself unsecured and blame others for using service?

  5. Steve Evans

    I agree with all them above...

    How am I supposed to know that I am using an open wifi point against the owners wishes? If it turns up a default SSID with no encryption, and hands me an IP address, how am I to know it's not a community access point?

    If you don't put a door on your house, can you complain if people wander in? I doubt it, you'll get laughed out of court.

    In the UK there has been a recent trend with the bigger ISP of supplying wifi routers pre-configured with a random wep key, which is printed out and stuck on the bottom of the router. This makes perfect sense. Most users don't even bother using the wireless, even though it's turned on by default, so at least anyone using it without their knowledge must have cracked the wep key, and can't claim to be a casual roamer.

  6. Matthew

    oh

    I have two subnets at home. The first router has QoS and has things like the VoIP phones, the xbox and an unsecured wireless access point set to 1mbps. Then I have a Sonicwall which hosts my server, 5 pcs and a WPA secured access point. Occasionally I see a bit of web/email/msn messenger/psp traffic over the unsecured wifi but thats what I set it up for, as a bit of a public service. Is this wrong then?

  7. Anonymous Coward
    Anonymous Coward

    Crap

    Using an open WiFi connection is not hijacking. Hijacking would mean taking the connection and preventing the rightful owner from using it. Hijacking should no longer be used to describe this situation.

  8. Anonymous Coward
    Anonymous Coward

    Weak argument

    "If you don't put a door on your house, can you complain if people wander in? I doubt it, you'll get laughed out of court."

    Oh, please. If you are going to use such a weak analogy, an open door is *not* an invitation. Also, DEFRA puts it, "The slightest crossing on to the land is sufficient to be a trespass; removing soil or part of a building is a trespass; placing anything on someone else’s land is a trespass (e.g. leaving rubbish on the land). It is not necessary to know that the land belongs to somebody else — i.e. it is no defence that the trespass was due to a mistake of law or fact." But that's for land of course - depending on country - and as has been pointed out trespass is not a criminal offence (although I think it can be treated as harassment if repeated?)

    It seems to me to be more a question of ethics - not whether it's legal or not but whether it's right. It seems pretty obviously wrong to me. "I'm a tech-savvy Reg reader so if some normal person doesn't know how to secure their router I can as I damn well please," doesn't wash. Someone else has already pointed out the similarity between the door analogy and the short-skirt-is-asking-for-it argument. Difference in severity, not principle.

    I suppose what I'm trying to say is you people need to get over the idea that you can do as you like just because it's the Internet and you know how. "It's not against the law" is an argument used by 8 year olds.

    And as for the police - well, of course there's a double standard. Kind of essential for law enforcement types. Without knowing specifics I can't form any opinion on whether they exceeded their authority in the case mentioned above.

    Finally, it's interesting that spamming is some people's first idea of a more serious crime. Yeah, unwanted email is really one of society's biggest problems.

  9. James Butler

    But, yer Honor ...

    "She was naked and unconscious ... she didn't object, and she doesn't even remember it ... how can I be guilty?"

    If you're calling yourself smart enough to know the difference between an unsecured and a secured access point, you know better than to claim, "But yer Honor ... it was open and defenseless, and it didn't even know I did it ... how can I be guilty?"

    And, no, DHCP assigning an IP is not explicit permission to access that node.

    And, no, DHCP wasn't designed the way it was to give you unauthorized access to somebody else's router.

    And, yes, consumer-level wifi access points/routers ship unsecured because the general population is, oddly enough, not very technically inclined, but again, this is not explicit permission to tap into them.

    THE UK/US LAW IS: Thou shalt not piggyback on someone else's bandwidth without their explicit permission. Period.

    I hope that's not too complex for you guys ... you don't like it, lobby to get your laws changed. Sheesh.

  10. Anonymous Coward
    Anonymous Coward

    Consent?

    So, how do you know if they consent to you probing their ports? Was the access point drunk?

    The problem with the consent analogy is that, if you have a totally sober person who is standing in the middle of the street with a big sign saying "I want some hot sex (free!)", I'd take that as consent. Though I might not take that offer up without a few tests at the local doctors.

    Actually, thats not a bad analogy - the main reason I don't connect to most unsecured routers is that I don't want *my* traffic snooped on - if I'm using protection (VPN) and I'm not committed to another (corporate network) its my choice :)

    Its not like most new routers don't come with some kind of security enabled that means you would have to chat to the administrator to get access to the fun stuff...

  11. Anonymous Coward
    Anonymous Coward

    @James Butler

    I don't know if you were specifically replying to me, but I didn't deny that it is the law, I said: "This is clearly a case where the law is wrong."

    The problem is that you can have public networks, some businesses and municipalities do it. The question is what you consider explicit permission. What if the SSID is "FreeWifi"? Does that constitute explicit consent? I would hope so or else there are alot of cities, libraries, small businesses, etc that are encouraging people to break the law.

    But from a technological standpoint naming your SSID after whether it is public is redundant. Networks should be named after what they are, i.e. "BrentsWifi" not the legality of thier use. Routers provide us with a seperate fields to specify whether the network is public or not. It is silly to have to adopt a stupid naming convention, essentially perverting the standards that IEEE and others worked so hard to develop, simply because some lawyers don't have a proper understanding of protocols.

    No DHCP was not invented to invite people to use your wireless network, but since you need some designator to grant permission to use your network, it makes the more sense base the definition of consent on DHCP, rather than what you call your SSID.

  12. Anonymous Coward
    Anonymous Coward

    One last note, I swear...

    Hopefully ending my comments on this topic, if I were to write a web spider to go follow HTTP links, and download any images it found, would I be responsible if it downloaded child pornography? I would bet I would be in court. Why? Because I delegated my authority to a software agent acting on my behalf, and I am responsible for its actions. (unless you can argue common carrier status)

    So how is this different than delegating control of who accesses your network to your wireless router? It is still an agent acting on your behalf, so if someone requests an IP address, and it gives it to them, then you allowed them access!

  13. Brian Miller

    Get upside-down-ternet instead

    http://www.ex-parrot.com/~pete/upside-down-ternet.html

    I laughed myself silly when I found that someone decided to have fun with the squid proxy and his neighbors. He found that (*gasp*) they were logging onto his wireless connection and hogging the traffic on his broadband connection. So he decided to give them an entirely different Internet experience: all your pictures are belong to upside-down! HA HA HA!

    Now when someone logs onto his network, he lets them surf the web, but their connection results in their pictures being shown upside-down via squid.

  14. Phil Bennett

    @Brent, one last note...

    Delegating control?

    If you wrote a web spider that followed HTTP (and being a responsible person, it would follow standards eg robots.txt) I suspect that pointing at Google would be a fairly good defence...

    Well, like throwing bloody fish in the water draws away the sharks anyway - if the new prey kills the shark you dont have to worry :)

  15. Kevin

    @the door analogy

    That is a weak analogy but still it should not be criminal to use unsecured wireless. Closest analogy I can imagine would be like being arrested for trespassing for taking a walk in a public park that is advertised as free to the public.

    Now the use of a packet sniffer or brute force to hack in is definitely illegal and should be prosecuted.

    We all have to remember these unsecured access points are screaming HEY I'M HERE USE ME I'M FREE HERES MY NUMBER to all the computers nearby and the computers are just taking them up on the offer.

  16. Lathem Gibson

    What about insurance companies?

    Here in the US, when I insure my car, I've always found a clause in the contract which states that I'm not covered for theft, if the keys are left in the ignition.

    Now, it's stupid to compare car theft to using an open AP, but clearly, people shouldn't entirely rely on laws to protect them. Laws, much like locks, serve mainly to keep honest people out. As one commenter pointed out, WEP is a joke from a true security standpoint, but so too is my ignition lock, and no doubt the locksets on most of our homes. The point is that each is a layer of security, which, in most cases, is good enough to deter all but the boldest criminals.

    In the case of a wireless access point, the physical realities are that when one broadcasts a radio signal into the air, there is always the possibility someone will have a suitable receiver, capable of picking up and using your signal. If you don't want someone to do so, the burden is most certainly on the transmitting party to calibrate their instruments correctly.

    If broadcasting unencrypted signals with only the threat of the law to prevent people from receiving them really worked, would satellite TV carriers do so?

    If legislation is appropriate in the case of Wifi at all, it should be placed on manufacturers, requiring them to forcibly enable WEP, at the very least, on all consumer-grade APs. To apply the law so broadly, that anyone connecting, even accidentally, to an open access point, would make criminals out of so many people as to make the law laughable.

  17. This post has been deleted by its author

  18. Brett Brennan

    It's all about the law

    This whole wifi thing is about a law that was passed, not from consumer complaints, but from ISP complaints. The major telcos want each and every person to purchase (a) an analog voice line, (b) a DSL data line and (c) a wireless data card and contract from THEM. If you "borrow" bandwidth from an open access point, especially one that was set up to knowingly share bandwidth, you are "robbing" the telco or cable carrier of their revenue that they "lost" when you "stole" bandwidth that is not yours under contract.

    This behavior has been going on for over a decade. When I got my first high-speed internet connection 10 years ago, the contract EXPLICITLY prohibited me from connecting more than one computer to the line at a time. Indeed, the telco wouldn't even sell a stand-alone router: only a PCI card and funky-chicken software to use it that attempted to prevent routing. (It didn't work.) Now the telcos and cablecos allow you to connect more than one PC to their equipment, but implicitly it's only YOUR equipment, not some stranger's PC.

    Consider this scenario (one I've been guilty of promoting on occasion): you have several neighbors that are within 100M of your house. They all have DSL, but the speeds are sucky and they are all paying US$60/mo for the privilege.

    You discover that a commercial grade 8X8 SDSL link is only US$200/mo. If you broadcast 802.11g or better to your neighbors and have the commercial link, and you all "share" the cost...well, four or more it's cheaper than the DSL that they currently have.

    But they're all guilty of theft, and you're guilty of RICO or something like that - because the telco explicitly prohibits the resale of that bandwidth.

    I'm in a campground right now that has to use DirecWay to support their WiFi hotspot, because the local telco and cable companies WILL NOT SELL them a DSL line for shared use, unless the campground owner - and I swear, I couldn't make this up if I tried - PAYS the telco or cableco a monthly fee of around US$200 AND allows the telco or cableco to collect ALL revenue from the resale of the service to tenants in the campground! AND the campground owner has to BUY the equipment from the provider up front (at full retail), as well as pay for all the installation charges. Thank God DirecWay only charged US$2000 for the hardware and US$300/mo for the service, but lets him keep the resale revenue!

    And, a final note: the Apple iPhone is specifically configured to take advantage of open WiFi at any opportunity to augment the EDGE connection for heavy data transfers. You do have to agree to connect, or explicitly set up the device to NOT try to connect to any open WiFi source, but the intent is clear: use a bit of shared bandwidth to grab a few files or mail and everyone is happy.

    Is Apple guilty of selling burglary tools to the public? Or does AT&T figure this is a way to get back at all the cablecos that are beating it to on-demand programming?

    'Nuff said. I'm going back into me shell...

  19. Nick Ryan Silver badge

    Windows...

    Don't forget, that windows will, by default, automatically search for available wireless networks. When it finds one that it can connect to, it will automatically connect to it.

    So, before you know it, a "standard user" has just "hijacked" somebody else's wireless access, usually without knowing it.

    Where does the original offence happen? When windows starts the communication with other devices, when it automatically establishes a connection on your behalf or when you attempt to access your e-mail a website not realising that you're using some other network other than the one you expected (which might be switched off, or down for some other reason).

    While you could take the ridiculous standpoint that users must know what their system is doing, with the abstract mess that is windows (in particular its "security") and the general fear of "knowing anything", this is akin to expecting all drivers to know the operation of their car, from basic combustion engine principles to the actions of the EMU (engine management unit).

    You can, of course, take the analogies too far - so am I "stealing light or electricity" if I stand in front of a house at night and read a book by the light of the house's security light (that, like many of these annoying lights, turns on when I walk on the *public* footpath past the front of their house)?

    Now, intentionally accessing an open (i.e., unsecured for *whatever* reason) wireless access point and port scanning the computers that are also associated with it, attempting to access them or to use the connection to send or access illegal content, now that's an entirely different matter.

  20. This post has been deleted by its author

  21. Nick L

    Superb...

    > http://www.ex-parrot.com/~pete/upside-down-ternet.html

    Now that is the work of genius.

    For what it's worth,I'd advocate MAC filtering on the wireless access point as well as WEP (or WPA, or whatever) and using a separate subnet with appropriate provisions however even that's not perfect. I used to run my wireless open, but given that the cheerleader defence is not a defence, I've stopped that and put some basic measures in place. If someone hacks that, I should know about it and secondly I've made myself a little more secure in case someone starts doing naughty things...

  22. Anonymous Coward
    Anonymous Coward

    To all the people talking about open doors...

    or leaving your belongings on the street. I think that is a good analogy. It may be stupid of the people who do it, but it is still illegal to take stuff that doesn’t belong to you, even if it is lying in the street, so yes it probably is like that.

    I see it like walking in to a field with the gate open to have a picnic, and then complaining when the farmer throws you off. It is still illegal even if there is no fence.

  23. Andy Barker

    More Windows...

    I went to a friend's house the other evening and found that their wifi router was still set to the default manufacturer ssid and no protection, as was their neighbour's - both to the same ssid.

    So neither neighbour had any idea who's network they were connecting to at any given time (I could tell by MAC address, but they didn't have a clue).

    So both neighbours could have been prosecuted by the police, and terminated by their ISPs (for sharing the connection against the ISP T&C).

  24. lansalot

    Hijack ?

    "One in three mobile workers worldwide routinely hijack wireless connections"

    Surely, piggyback would be a more accurate term? When I checked my email at the Travel Lodge in Kings Cross Road (thanks to the house across the road), I didn't hijack it at all. The owner still had his access, I just came along for the ride.

    Sure, flattening the link with a heap of torrents or locking the owner out of his own router would have other connotations, but if it's only a quick peek, well - where's the harm ?

  25. Mad Mike

    Difference

    What's the difference between a Wi-Fi hotspot setup to allow shared us by all and sundry, and a private network setup by someone ignorant of security etc? The answer is nothing. All will be transmitting a SSID, with no encryption. Either, the law needs to be changed to say unprotected Wi-Fi is available to all, or hardware manufacturers need to be forced to add something that defines free Wi-Fi hotspot. Perhaps a flag or something.

    Until then, this laws an arse.

  26. Steve

    Trespass vs Theft, and the insurance thang.

    I like the trespass analogy better than the theft analogy. For a start, (in the UK) trespass is a breach of *civil* law, not criminal, which means that, many signs to the contrary, you can not be prosecuted for trespass. Police can be called to remove you from the place in which you are trespassing, and the landowner (or building, or whatever) is entitled to use "reasonable force" to remove you.

    You haven't committed a criminal offence until and unless you start to damage/steal something, (or otherwise do something that would we considered criminal in *any* context).

    So, returning to the 'open door' argument, by UK law at least, if you leave your door open, and someone comes into your house, they haven't committed an offence until they nick your stuff and/or trash the place.

    If they do nick your stuff, it's a crime, but your insurance company will not pay up as there will be no visible means of entry, indicating that you didn't secure the place properly, like you're supposed to do under the Ts&Cs of your agreement with them.

    Seems to me that this would be a more reasonable approach for the law to take.

    From a practical 'real world' point of view, if you put up an open AP, people will use it. All APs come with manuals, all these manuals explain how to set up a 'private' network as opposed to an 'open' one, if you can drive a web browser configuring them is not difficult. So if you are stupid enough to put up an open AP *by mistake*, people using your bandwidth is likely to be the least of your many, many other problems.

  27. Anonymous Coward
    Anonymous Coward

    Morality

    >1. Open Wi-Fi point isn't like leaving your door open for people to enter; rather

    > it is like leaving all your belongings out on the street for others to take at their

    > liesure!

    It's still wrong to take them, even things in a skip aren't yours to take.

    >2. All Wi-Fi Access Points can be configured for encryption and other security

    > measures. If the owner isn't using those measures, then it is their fault.

    We know perfectly well that many owners don't understand the equipment to that level. An arrogant "weak people deserve what they get" attitude. Is uncivilised and immoral.

    >3. Many people (myself included) happily run part of our wireless networks

    > as an open to all network (the bandwidth is throttled so as not to affect my

    > own surfing, but it is more than adequate for average browsing/email).

    Good for you, a very generous service, but you do realise that you're acting as an ISP and may well be breaking your terms of service with your provider?

    Presumably you make it clear that it's deliberately free? Notices? A named SSID?

    >4. There are plenty of other crimes taking place on the street (car theft,

    > mugging etc) Why are the Police bother some bloke sitting in his car? Even if

    > he was on the internet, he could easily have been using a built-in 3-G

    > datacard, or using an open access point, or reading previously cached

    > data or any number of other legal activities...

    There's murders happening, why are the police bothering people committing a burglary? Should the police halt all operations until the most serious crime is sorted out and work down the list?

    (Although why he admitted the crime is baffling, denial would surely have got him off)

    >In short, long may bandwidth borrowing continue. If you don't know how to

    > drive a car, you should expect to crash; if you don't know how to setup

    > security on your PC expect to get viruses or become a Bot-host;

    If you don't learn to fight expect to get hit?

    Whatever the legality of it, people pay for bandwidth and it's assumed that unless there is a notice saying otherwise, they aren't giving it away.

    It's basic morality, it's not yours so don't take it. Not hard is it really?

  28. Anonymous Coward
    Anonymous Coward

    "I can't tell whose connection I'm using",

    Not that feeble an excuse if you haven't changed the default SSID. If your neighbour's router also identifies itself as belkin54g, how does the average user tell them apart?

  29. Anonymous Coward
    Anonymous Coward

    How do you know?

    As people above have said, Windows often connects automatically. My Mum was recently staying in my flat and using my laptop; hardly techno-literate, she mentioned my internet connection was a bit slow; which it was because Windows was automatically connecting to my neighbour's unsecured network rather than my own encrypted one.

    Also, I've recently been travelling, and routinely sniffed out unsecured networks; sometimes they had a relevant SSID like "hostelfreewifi" or something, but in reality I had no way of knowing if any particular network was supposed to let me in or not, but since the tools to put a "lock" on a wi-fi connection are there and simple, I automatically assumed unsecured meant "come on in" (and unsecured wi-fi is the norm in lots of South American airports, coffee shops etc.) In fact, until I saw these stories when I got home, it never occurred to me that I was doing anything wrong.

  30. Jon Foster

    Comes down to lack of knowledge again

    IMHO the root of the problem is really that the average user does not have a clue what they're doing. We're too busy teaching "ICT" and how to use MS Word.

    If we policed our networks rigerously and brought charges against everyone who was "ignorant" we would criminalise 95% of the population!

  31. Anonymous Coward
    Anonymous Coward

    Who the **** cares?

    Really?

    Two examples:

    a) I live on a street where there is a 30 km/h speed limit. Children regularly play on the street. I have never seen anyone driving slower than 50 km/h. Nobody has ever been prosecuted or even fined $10.

    b) Someone who is far away from home needs to send an urgent email. There is no inernet cafe in sight and he is late for the train. But he finds somebody's open hotspot on his laptop and decides to send the 2kB email, consuming about 0.0000001% of their monthly bandwidth allowance.

    Which is the bigger crime? Grossly negligent behaviour that threatens the lives of minors, or the equivalent of stealing a one cent coin that someone accidentally dropped on the street?

    If we live in a society that doesn't even shrug a shoulder when people commit crime a), then I don't understand what all the fuss about crime b) is about. When people say "bandwith stealing is a serious offence", they need to get a sense of perspective.

  32. Anonymous Coward
    Anonymous Coward

    Lax attitudes to wifi security? You bet, and it's not just the punters!

    I found yesterday that ADSL installed by a BT engineer, for a customers brand new Sony Vaio, was configured with WEP security and a router password that would take 10 seconds to guess.

    If BT still think that WEP = security, and charge innocent customers for configuring this 'security' then attitudes, nay, knowledge, of wifi security is absent way beyond the average punter.

    Naturally, explaining that BT had left next to zero security, I changed the security to WPA AES and put a strong password on the router. The only thing BT did right was to leave remote router configuration off.

  33. SImon Hobson Bronze badge

    My word, there's a lot of hot air in here !

    What a load of hot air, false claims, bad analogies, and crimes against the english language !

    ** Regarding, is it the users fault if they don't secure their wireless when they install it ?

    Well YES it damn well is. Ignorance is no excuse, they went out and bought this equipment, if they don't know how to install it then that's their fault - they can either learn or get someone to do it who does understand. Would "I don't understand mechanics" be an excuse for having dodgy brakes on a car ? No - the driver and/or owner are expected to keep them in good working order, either by knowing enough to be able to do it themselves or by getting someone else to do it.

    It seems that once it's got anything to do with the internet or computers then there is an assumption that everyone has a right to go there regardless of whether they know or care how to do it properly.

    ** As to whether it's still trespass if you leave the door open ...

    Well that isn't really a good analogy. Suppose you are walking along in a town/village/city/whatever and come across a patch of ground at the side of the road. It has some paths, some seats, a drinking fountain - but no apparent boundary betwen it and the road. Would it be wrong to think that this is a public place provided for public use ? Would it automatically be theft to take a sip from the drinking fountain ?

    Would the answer change if there were no paths, no seats, and just a tap on a post in a grassy area ?

    If someone didn't want you to use what looks like a public place, they have the means to make it clear - either by putting up a notice or a small fence.

    ** Having an open network with DHCP constitutes permission

    Well I'd agree with that. Again, the owner has taken action to make the wireless network available but chose not to make any attempt to stop all and sundry using it. They chose to install a DHCP server that will give an address to visitors. Heck, I'd call that implied permission - if they don't want to imply permission, then don't install equipment that will automatically give you access.

    The nearest analogy I can think of might be to fit a doorbell that plays a recording - and configuring it so that whenever anyone presses the bell it replies with "come on in and sit yourself down in front of the TV". Installing an open wireless with active DHCP is the network equivalent of that - your computer rang the doorbell (requested an address by DHCP), their network automatically replied "come on in, feel free to use the TV" (DHCP gave the computer an address). Note, the owner of the wireless network installed it in this manner - if they didn't intend it to work that way then they should NOT have installed it so as to do that. See note above about knowing how to do it properly or get someone in who does.

  34. Daniel Voyce

    Whats the problem?

    I mean jeez, if you dont secure your wifi then expect other people to use it, especially with Microshafts oh so "efficient" Wifi selection.

    If mine was unsecured and there was someone checking their emails on it - so what?

    If there was some PFY downloading bucket loads of porn then I might have something to say about it - but not much as it would be MY FAULT for not securing it!

  35. hugo tyson

    Wrong analogy

    Lots of public places have drinking fountains. Isn't that a better

    analogy for an unsecured AP? Everyone pays for water, so

    someone is paying for this water, but so what?

    I think the real problem is this: the law has a blind spot for situations where

    not only do you *not* know whether the access is intended to be permitted,

    you *cannot* know from all the available info, and in fact two APs could be

    set up indistinguishably with differing intents by the owners.

    Maybe the AP makers need some good ole suing to force them to have a startup

    page that makes you set an AP name, and adds the suffix "-Private" unless you

    explicitly say so.

  36. Rich Bryant

    There's no need for any analogies

    Only accurate descriptions.

    If you have a wireless router, you are an unlicensed broadcaster. You are broadcasting data to ANY receiver which is configured to receive it.

    If the network is "secured", you are broadcating encrypted data. That data is essentially worthless to anyone who does not have the decryption key.

    Therefore, with your wireless router (an RF transmitter), you will always broadcast data while the device is active. The choice as to whether to make that data readable or not is entirely yours.

    It is not illegal to receive broadcasts in either the USA or the UK.

    So please, stop talking about imaginary "crimes".

  37. Colin Millar

    Wasn't there a regulator for this industry?

    What was it now - OFFLINE, OFFTRACK, OFFAL?

    Has anyone noticed the similarity between s32-33 of the Communications Act and a prohibition on providing "electronic communications networks without advance notification to OFCOM"

    I think we should be told how many unsecured WiFi owners have been prosecuted since the Act came into force. At a guess I would suggest a figure not unadjacent to zero might be the answer. Of course if they read the Reg they may now go after all those who have owned up to doing this on purpose as a bit of a public service on the grounds that their mates in the TELCOS have thereby been deprived of a microgram or two of blood.

    Could it be that proper enforcement of s33 of the Comminications Act 2003 would be inconvenient to the TELCOS frenzied flogging poorly secured WiFi broadband to the unsuspecting masses?

  38. Colin Millar

    And another thing!!

    s126 of the same Act - supply of apparatus etc

    When can we expect to see PCWorld and DELL dragged through the courts

  39. Anonymous Coward
    Anonymous Coward

    the path up to the front door, actually

    A better analogy is the path through the front garden which leads to the front door, where it is reasonably presumed people are invited to walk for various purposes.

    Or the difference between a shop and a home, where one holds out an offer to supply something, and it is taken to be an invitation to enter.

  40. Anonymous Coward
    Anonymous Coward

    a few years back

    in Aldreley Edge, Cheshire, there was a wireless network that basically identified itself with "call this number for connection" and then gave a premium rate number, rather cleverly whoever was running it would speak the network key really quickly and not repeat it (sorry Warren but I have to tell them that you foolishly paid a fortune by redialling to hear it again!!)

    anyway I have no idea how much the person in question may have made from it but i had to admire their enterprising spirit, and for all I know they were also 'peeking' into any machines that were connecting

    oh well its back to fighting for a pay rise!

  41. Anonymous Coward
    Anonymous Coward

    Welcome

    >The nearest analogy I can think of might be to fit a doorbell that plays a

    > recording - and configuring it so that whenever anyone presses the bell

    > it replies with "come on in and sit yourself down in front of the TV".

    Or a door mat with "Welcome" on it?

    Just because the door has a handle doesn't mean you can use anything you might find within.

    The wheel nuts on my car aren't locked, although locking nuts are available, does that mean you can just take my wheels? Is it my fault because I'm too dumb to lock them up?

    How screwed up are you lot if you can't see the basic morality issue of taking something that isn't yours, regardless of legality.

    >It is not illegal to receive broadcasts in either the USA or the UK.

    There are various laws regarding unauthorised access to computer equipment though.

  42. Roland Korn

    A radio is a radio is a radio .... is a ...

    Radio. If you transmit then they will receive.

    What part of that little bit of information do you corporate property shills not understand? Do you want to buy a cup of radio waves? I have a deal on 2meter single sideband today.

    As long as the network device is not compromised then accessing the web/net via a WiFi is not a crime.

    It is also not illegal to receive broadcasts here in Canada, though satellite broadcasters would love for people to believe otherwise. Though it was illegal to rebroadcast/retransmit the signal/information - mind you all this for signals above 1W .... consumer goods were exempt as long as they didn't interfere with commercial/municipal operations ....

  43. Raheim Sherbedgia

    FCC Rules??

    On the bottom of every piece of electronic kit in the U.S. there is a sticker that says the device cannot produce any interferring signal and must accept any other signals received, even if they are harmfu. (that's paraphrasing btw...)

    I don't see why picking up a radio signal from an unsecured router wouldn't qualify here. My deivce is accepting a signal from the router isn't it? From the way the sticker reads it seems that I'm actually required by law to accept the signal from that router.

  44. Gilbert Wham

    upside-downternet

    @ brian miller: which can, most likely, be rectified by pressing alt-up arrow.Bugs the shit out of your co-workers. Try it.

  45. Anonymous Coward
    Anonymous Coward

    We need the law to be changed - petition anyone?

    I recently found out about a company which is facilitating what I think would be a very good deal for many consumers : Share a small fraction of one's own broadband bandwidth, in exchange for being able to use other people's broadband when travelling. The company is here:

    http://www.fon.com/en/

    That service at least makes it pretty unambiguous to even the most obtuse lawyer or judge that the person paying for the broadband connection has consented to the use of the connection by other people, and I would sign up, except that in the UK as far as I know I could be held responsible when another user downloads k1ddypr0n and jolly rodger anarchist cooking thingies over my broadband. As far as I know, the only way to avoid being liable is to register oneself as an ISP, which then requires one to keep long term records of any users, (probably including a street address and other information that it would be impractical to get), (and maybe also provide a nice socket and power connection for the echelon/carnivore box if you believe the tinhatters).

    The central company (fon or others) could set up as an ISP and then route all connections over VPN to their own internet connection, solving the liability problem but introducing lots of technical and economic problems that otherwise are unnecessary.

    What would really help is a law that clearly states that a user is not liable for things that someone else does over their internet connection. Some people would say that this would be a blanket excuse for anyone who *does* download illegal stuff from the internet, but those people would be daily mail readers and therefore irrelevant. Clearly, the present situation does not prevent people from using someone else's connection for all their illegal needs (as explained in many posts already), and prosecuting a few grannies who didn't know why the light was always blinking will not prevent the next mp3 stealing terrorist threat or whatever.

  46. Jon Tocker

    oh no, not another effing analogy

    But here it is:

    If I choose to purchase apples from the local greengrocer and stick a percentage of those on the roadside with a sign saying "Help Yourself" then people are permitted to do so. If I choose to pay for broadband and then broadcast access to said broadband out to whoever happens to be passing though, then people are permitted to help themselves as well.

    If a law is passed forbidding me to give away apples I have purchased at my gate and I persist in doing so, then it's my responsibility if I continue to do so and people take them. If the ToS I have agreed to in signing up with my Telco says I must not share WiFi access out to the public and I do so, then that likewise is my responsibility.

    Running Windows is like said passer-by having a 1-year-old in tow who sees the shiny red apples and can't resist helping him/herself, but that's OK because I left them there to be taken. Like windows helping itself to any open wifi connection...

    Frankly, I don't know what the Telcos are moaning about - I pay $x for an agreed service and if I exceed the cap I pay extra to cover it. If passing people piggy-back of a connection I have made public, they are doing so on MY DIME with MY PERMISSION. They're not "stealing" it as I HAVE PAID FOR IT.

    Honestly, it's not like more bandwidth is used than is being paid for. If I elect not to secure my access point then I'm inviting people to use my connection.

  47. Edward Pearson

    Re: Bullshit part 2

    You sir are a fool.

    Using your logic, if I was to leave my front door unlocked, anybody could legally stroll in off the street and start leafing through my girlfriend's underwear draw.

  48. Anonymous Coward
    Anonymous Coward

    Analogies

    Using someone's open Wi-Fi network is like taking a rest in a park bench that someone put in their front lawn next to the sidewalk.

  49. Anonymous Coward
    Anonymous Coward

    How about

    http://slurpr.com/

This topic is closed for new posts.