A Dutch court has ruled that hacking into Wi-Fi connections is not a crime providing any connected computers remain untouched. However Wi-Fi freeloaders would still lay themselves open to civil proceedings. The unusual ruling came in the case of a student who threatened a shooting rampage against staff at students at Maerlant …
A router *stores* the MAC address of all attached devices in its ARP tables?
Therefore merely connecting to a Wireless Router and obtaining an IP address causes "storage" to be performed.
Seems a router does have some exposure to the "transmission of data" bit...
No it doesn't.
Even if it did --on persistent storage as opposed to transient memory-- AND you could sway a judge that this falls under the letter of the law, then that still has no bearing on the spirit of the law. Otherwise, causing your MAC address to be stored in someone else's computer, like through ARP, gratuitous or otherwise, would already end up being a punishable offence. I don't think going that far would be very reasonable.
Of course, if you reboot the router remotely at the end of your session, the MAC is lost ;-)
Yes, they do.
*My* router stores all sorts of information. Off hand I can think of:
Port forwarding rules, MAC addresses for reserved DHCP leases, DNS servers (I use Google's open DNS server as secondary and tertiary backups), and my WPA-PSK.
These are all pieces of data I entered into it manually, and it keeps them even when powered off. If that's ain't "storage" then tell me what is.
"Since a router is not used to store data, a judge reasoned, it fails to qualify as a computer"
It's not 'used' to store data, but it does store data and as such would qualify as a computer under that definition.
That's the point
A router *incidentally* stores data so that it can do its job. Nobody is using it to store data with the intention of retrieving that data later for some purpose of their own.
Your toaster may also store data, but if I use it illicitly I am using it as a toaster, not a computer.
There *are* firmwares out there that can turn your router into a small torrent box (as well as the usual router functions, of course). That would qualify under "storage for later retrieval".
I can think of a couple of things where the ruling is a bit dodgy.
A router/modem does store and transmit data, namely that surrounding NAT.
Stealing electricity? That's what hackers were done for over in Blighty before computer crimes were dealt with separately by the powers that be.
Erm if a router does not store data...
... then how does it work?
Yes it passes data but it also stores data in the form of OS etc that can usually be manipulated.
also routers tend to have some form of intermediate cache, and the store of packets while they look at and act on the headers.
"storage, processing and transmission of data"
That is what a router does, data is temporarily stored in memory, processed and then transmitted again. The key itself is stolen from the device which could also count as storage.
Just because it doesn't have 300GB doesn't mean data is not stored.
actually most routers use store and forward to route packets. Yes albeit for all very a short time, but store non the less.
switches store and forward
Routers forward packets. The packets are encapsulated fragments of something, not the entire thing.
re: packets are encapsulated fragments
Disks store files as sectors. The sectors are encapsulated fragments of files, not necessarily the whole thing.
I have a 1GB external usb drive connected to my router. Does that make it a computer? The router also run Linux and I'm able to install programs into its flash Rom....
I'm from Holland - isn't that weird!
RE: Pavlov's obedient mutt
Cigar and a waffle?
Goldmember by any chance?
Bong and a
If hacking the router is legal, is keeping a copy of anything you might happen to see passing through it while you're in there also legal, as the concept of "storage" would seem to apply to the device itself rather than what you nefariously attach to it?
I've just read the small print on this can, it says: "Warning: May contain worms."
Its gonna be very difficult to sue someone for stealing your bandwith. Because last year a judge ruled against bandwith theft because bandwith wasn't a 'product' so to say. So someone would have to prove that he has suffered damage because of the stolen wifi/bandwith.
Bandwidth isnt theft so using it is like civil trespass, or taking photos while trespassing.
In civil trespassing if the landowner can prove you denied earnings they have a good chance of a civil win. If you run a business via your internet connection you could say the bandwidth theft denied other potential customers and so denied moneys so you could make a civil claim for loss of earnings.
It's a good verdict
If a router were to qualify as a computer, then so would a telephone, a washing machine, a car, ... anything containing digital electronics. And then the authorities would try to add "computer hacking" to the charges brought against every joyrider, and you'd end up with stupidity like the US concept of "wire fraud". Best not to go anywhere near that slippery slope. If they want hacking into networks to be illegal, modify the legislation so that it is. Don't abuse existing laws.
Oversight of the lawmakers
The point the judge makes is that both in the law (Wetboek van Strafrecht 80sexies) and in the 'Memorandum of Understanding' during the creation of the law, they only considered devices ('automated works') that store (in a non-transient form), (substantially) process *and* transmit data. According to the judge a router fails that test because it does not 1) store (non-transient) the data sent, and 2 does not process the data beyond what is necessary for transmission.
Secondary, the judge finds that the computer crime law (Wetboek van Strafrecht 138a) according to the legal history was intended for protection of those who 'through actual security measures have made clear that they want to shield their data/information from prying eyes'.
As the defendant did not break into a computer (80sexies), and the misuse / misappropriation of a connection is not covered in law (138a), the defendant was cleared of that charge.
+1 for clue, well done that chap
*Applause* Look, other commentards, see how much smarter people seem when they actually have a fucking clue what they're talking about because they took time to click the links or read something of the story before spewing their brain farts into the interwebs ?
Look upon the above comment and aspire to it.
spewing their brain farts into the interwebs
Now where can I get a Wetbook of 80 Sexies?
better to read the judgement
It summarized that since the router stored no files for the user, the law is not applicable which deals with accessing files and information stored on a network.
It is not a clueless judge, just one who applies the law, both to the letter as well as the intention.
(the user breached the network to post on a site via that IP, not to get data from the network).
If the hacker would have accessed a computer, snooped traffic, or if the router had user files stored in it, the law would have been applicable, but in this case the law is outdated, and must be amended/updated to apply for this sort of cases.
It's a computery thingy, but,
This is a lot more like using somebody's phone without their permission.
It's the using it for illegal, reprehensible, or, say, defamatory purpose that already attracts penalties, usually. For instance, using somebody's own wireless router could be part of an impersonation or identity theft attack.
IP address is not identity
WARNING we do not want IP address to get precedent as a form of identity, as they really just tie up to a household not a person
Yes and no
A lot of people live on their own, and many don't have a lot of visitors, so their fixed network address, if it's secure - as it ought to be - will be used only by them.
Also, a service such as a bank MIGHT allow login only from one new!twork address, so that you can do banking at home. You'd still have a password and so on but those might be written down, if you're stupid. So cracking your home network could be a FACTOR in stealing your money.
Legal prosecution usually uses the standard of reasonable doubt. If you have a secure home network, there isn't much reasonable doubt that only you are using it. Therefore I expect to find, if I ask and if anybody wants to tell me, that terrorists and child abusers use insecure networks and insecure computers so that they can claim that whatever happened on their equipment may have been done by somebody else. Alleged music sharers have used the same defence. Ideological music sharers also may appreciate it as a way to share. You could hide old PCs with wi-fi near to public places for guerilla music sharing without going onto the Internet and getting caught. I suppose the same applies for terrorism and child abuse...
Sensable to me
I take the view there are far too many laws and existing laws can be used if designed properly.
"getting onto a network" via wireless or wires without stealing or physical damage is akin to civil trespass, were if told to get off you did and the gate was closed (password changed) no further action is usually taken.
Taking files off a network this way is just like burglary and so should be tried as such with the same fines, laws etc.
Why make-up a totally new set of laws just because the medium is different. At the end of the day some thing was taken (not in this case as an example) so regardless of physically or virtually breaking in it should be tried as theft.
Not burglary or theft
Unless by "taking files off a network" you mean deleting them.
There's an analogy with breaking and entering, perhaps, but "theft" means depriving someone of something. Copying or reading something without permission is not theft, not even by a reasonable analogy.
Addresses are part of packet administration
Wireless packet headers usually*** have three MAC address fields in them. One's the identification of the network which is usually, but not necessarily the same as, the access point's MAC address. This ESSID serves the same purpose as network cable -- it allows you to distinguish traffic on your network from that of your neighbors'. Google collected ESSIDs as useful location information -- they weren't "Slurping" addresses for some nefarious purposes but the fuss made about what they did and why suggests that a lot of technical people haven't a clue what's going on below the socket layer, let alone understand how the MAC works.
(***They 'usually' have three addresses but sometimes they can have four....so there.....)
I'm actually more concerned over...
...the fact that 4chan actually gave info to the authorities. That's not like them.
But then, usually that info is worthless because Anonymous and similar uses intermediary jumps with no logging so tracing them is beyond most police capabilities. So I guess you could say that the amateur had it coming...
4chan has standards
There's a big difference between Anonymous's usual mildly malicious fun-and-games threatening a massacre.
As we already know, 4chan are ****s.
4chan are ****s; consequently, you can almost count on them to do the most ****ish thing that is reasonably possible in any situation.
If you leave your back door unlocked and 4chan see you do it, they will wait till you've gone and steal your TV - really this is an analogy for what they actually do, which is interfere with other people's computers.
If they see their best friend stealing your TV, they will shoot him in both legs and then call the police. And then probably steal the TV.
It's about being a ****. 4chan is a place set up online where people go to be ****s amongst like minded ****s. They are all ****s. It's what 4chan is about.
The judge applied the law correctly. Perhaps that is surprising.
It is indeed a good verdict: The judge looked at the law and saw that it wasn't written to prosecute anything but diving into someone's computer and wreaking havoc/stealing information/whatever. Turns out there's no law against retrieving wlan keys and making use of someone else's wlan without permission, so it's not forbidden.
Intuition might say it should be, but it may be more realistic to look at the damage caused by the act of making use of someone else's wlan and prosecute for that. That would be negligible in this case, but perhaps a lot less in others. Thus the bottom line may very well be that there needs to be no law against it.
The term used is actually more "breach of the peace in a computer" rather than "hacking". The latter is overbroad and sensationalised and that in turn might easily influence public opinion. I don't think we need more of that sensationalism. How sensational is it these days to use someone else's wireless and internet uplink for, well, anything? Don't we already know very well that wlan isn't all that secure anyway?
Technically astute Learned Beak ...
made a good decision.
WiFi s inherently weak and breaking any protection is now so easy. Guess he wouldn't convict Google, either.
Interpretation of the Ruling
So, it's the right ruling for the wrong reasons? This leaves me conflicted.
Paris because she's often conflicted.
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. All layer 3 and up devices are computers..... at least. Any programmable layer 2 device would also be one. You might even argue all layer 2 devices are. If you're going to be anal about the letter of the law, at least be anal about the definition of computer. Now where did I leave my abacus?
Still in the dark
The Dutch judicial system is stuck in the Dark Ages and probably doesn't even know what Wi-Fi is. Some day when they actually get a PC or two, someone can explain what Wi-Fi is to the technically challenged beaks.
The Dutch are incredibly computer-literate. The problem here is the laws, that are outdated. According to the law, hacking a router is not illegal, because they do not have a law that covers routers. This will likely change pretty soon, fact is, in Holland, they apply the law - compare that to US, UK or France where when a law does not cover this or that aspect, they just condem and try to find a way to "interpret" the article in a way that would allow them to condem ... the obvious caveat is that the laws end up being interpreted in hundreds of different ways, which means that nobody knows what is and is not covered by the article, in the end.
I can sort of understand this.
AFAIK it isn't a crime to open the combination lock on your locker - though it would be a crime to take anything out. Likewise, figuring out the password for the connection does no harm in itself. Actually USING the connection is a different matter.
I don't like it, but i can see the reasoning.
being daft about definitions
I suspect even a dvd player "copies, stores and processes" dvd data.
Correct decision, possibly wrong reasoning. WiFi breaking should not be a criminal offence. Civil perhaps, but not criminal.
judge judy was high when she gave the decision. router's dont store data ? Yeah right, and RAM is downloadable.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- SOULLESS machine-intelligence ROBOT cars to hit Blighty in 2015
- BuzzGasm! Thirteen Astonishing True Facts You Never Knew About SCREWS
- Worstall on Wednesday YES, iPhones ARE getting slower with each new release of iOS
- Microsoft's Euro cloud darkens: Redmond must let feds into foreign servers