back to article Geordie cops arrest two for Wi-Fi squatting

Two men have been arrested for "dishonestly obtaining a communications service" after they used a householder's wireless network to check their emails. The offence happened on Sunday in Tweedmouth, south of Berwick-upon-Tweed. A spokeswoman for Northumbria Police told the Reg: "I can confirm that two local men were using a …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Coat

    Geordie? in Berwick?

    One thing people in Berwick definitely aren't is Geordie. They don't routinely claim to be English or Scottish either... Berwicker is the term they prefer.

    Mine's the tweed jacket.

  2. Rich

    Just as well...

    ...there aren't more important crimes being committed that require lots of police time to solve, eh?

    Oh, but of course there is! the obviously **VERY** important crime of copying a CD or downloading an MP3 file. VERY VERY serious;

    Thank goodness the police have their priorities right. Phew...

    Sorry... what's that? No no no - you've got it wrong - these things are MUCH more important than burglary, murder, rape, assault, theft....

  3. Steve

    Dishonest?

    How were they dishonest? Did they claim they were only waiting for a bus? Or did the householder complain they they had refused to pay when asked?

    I've just realised that I've been dishonestly enjoying the view of the flowers in my neighbour's garden. I even absorbed reflected coloured visual radiation from them for hours, without ever asking permission. Will I have to go to jail now?

  4. Ross

    Kinda different

    Yeah, there's a rather large difference between operating a scheme like Fon and using your wireless router as it came out of the box and someone nicking your inet connection.

    If you don't have permission you have to accept the risk (as low as it is) of getting nicked.

  5. Anonymous Coward
    Thumb Up

    Wireless Internet

    I have secured my wireless router but I have let my next door neighbour use it as she pays me for it! As I get it free from BT, I effective get paid to use the Internet. AC because she might read this!

  6. Anonymous Coward
    Anonymous Coward

    It's not a crime, but war crimes are

    ""However, this is an offence and people pay good money to get the internet in their homes. It is worth reminding people who use a wireless connection to ensure they follow the manufacturer's instructions when setting it up and make sure all security systems are in place to keep computers safe."

    No it's not.

    The police continue to ignore that the device requests permission and the router says 'yes' and gives them a session id. No different than when their telephone connects to a GSM tower, says 'can I register' and the GSM tower says "yes no problem, here have a session id"

    If you say that permission is not enough, then how is it enough when the phone connects to the GSM tower???

    It's the exact same thing and the person connecting has no way of telling if that router is intentionally open or not.

    So now lets compare that with the METs response to an arrest warrant for an Israeli general. Something that pisses me off no end, since I've wanted to see one of those bomb happy generals on war crimes charges for years.

    http://news.bbc.co.uk/2/hi/uk_news/7251954.stm

    Attacking civilians is a war crime, and it's an arrestable offence in the UK even if it was committed abroad. The judge issued an arrest warrant. Then something strange happens, the person to be arrested is pre-warned of the warrant and stays on the plane. To pre-warn someone to avoid a warrant is a crime, even if it's done by the Foreign Office minister himself.

    Then even stranger, the police decide not to go into the plane to arrest him. And now totally bizarrely strange, the plane is given clearance to leave the UK with the suspect on board. Permitting his escape to freedom.

    It seems the police selectively implement the laws, straining interpretation to arrest someone for doing nothing more than using an 'intentionally?' open wifi connection.

    So:

    In the lobby is a wifi point 'lobby#4'. I assume it's an open wifi, so I use it. I assume it's provided by the company so I assume they put it there. But I don't know, it may be a neighbours wifi. There's no way to tell, the router says it ok, so I think it's OK.

    NOT A CRIME.

    Blowing up civilians homes, sometimes with them in it, dropping bombs on civilian targets killing lots of children.

    CRIME.

    Perhaps if I blew up the Wifi router, killing the inhabitants of the house, instead of simply connecting to the net, that this would be legal then? At least in the MET's region?

  7. Kevin Johnston

    Intent

    So here's a question...

    If my Satnav/whatever says that I am in the area of a Public WiFi point and my laptop actually picks up a residential unsecure/unencrytped point instead am I breaking the law? I can see that if I carry some form of scanner to search for access and use some from of cracking to get in them I am clearly intending to get unauthorised access to the Internet (gosh what a heinous criminal I am) but if someone chooses NOT to secure their Wifi (and I understand that all WiFi boxes have some form of security as default) then is that not implicit permission for open access in much the same way as removing any clear boundary markers (hedges etc) for your garden blurs the distinction between public and private land?

    Sorry for the length of that last sentence, just getting my hand in at long sentences

    Mines the one with the arrows on it :{>

  8. SpeakerToAliens
    IT Angle

    How did they get caught?

    Surely most people with wireless broadband wouldn't even realise it was happening. I'd have to go and deliberately look at the modem status pages to see it on mine. How many people do that regularly? I don't.

  9. Nick Drew

    Just a stunt to improve crime figures...

    Y'know, so that while the 'murderers mislaid/ ignored/ forgotten' column goes up, the 'evil WiFi-stealing gnomes arrested, locked away for good' column can also increase...

  10. Nick Palmer
    Flame

    Oh **** off

    If you freeload off someone's WiFi connection, you know damned well that a)they've paid for it and you haven't, b)unless specifically authorised to do so you're not supposed to, and c) that it's illegal to do so. Look at flowers all you want, Steve; you're not depriving anyone of anything, but when you consume a service that someone else has paid for, you're either depriving them of the bandwidth that you're using, or (in these days of "fair use" and traffic management) may well be consuming their allowance. And Rich? It IS theft; theft of a service, specifically, just the same as theft of gas or electricity. Perhaps their WiFi network should have been secured; that doesn't excuse stealing their service.

  11. Sordid Details
    Unhappy

    How is that dishonest?

    Did they have to hack the encryption or was it left wide open? If it was wide open, what was dishonest about it? By that token you could apply the same "dishonestly obtaining communication services" to anyone stepping into a public phone box.

    I'm intrigued to know how they got found out though.

  12. Pete James

    If I can help somebody as I pass along,

    If someone was piggybacking my wireless account I'd want the tigh-arsed little runt named and shamed. It's on the same level as low-life scum petrol-pinching or nicking milk of your doorstep. It's theft and the sarcy comments about looking at the neighbour's flowers miss the bloody point by a mile.

    Whether plod have better things to do is similar rubbish. Let me put this another way to the likes of Rich; Are you advocating the persons should not have been brought to book for breaking the law? You even mention that the Police should be concerned with theft amongst other crimes some people commit. So what's this then, morris dancing?

    But yes, you would also expect plod to have better things to do. It's a simple collar and it will help their stats, don't forget that.

  13. Anonymous Coward
    Anonymous Coward

    Entrapment?

    Seems strange that the owner of this wifi was not bright enough to secure it, yet was able to identify that it was being used by an.other and work out who that was?!

  14. Nick

    Continuing Enquiries?

    What enquiries are they continuing with? Is it not an open and shut case of, were they using a wireless point illicidly, yep.

    Does the wireless owner wish to file charges? Its not stated in the article.

    And Neighbourhood Inspector Shazza stating "This is a very unusual offence". Umm, not round here it ain't, if anyone would care to check their AP logs...

    I'm off to Berwick where apparently the local fuzz don't have the problems of hoodies, terrorists and other ne-er do wells and can spend their time protecting dumb people who should consider their actions before being allowed to try this majicalistic wireless-fi.

  15. John

    Rubbish

    How is someone supposed to know if a Wi-Fi connection is open and free or not? That and alot of devices will connect to any open Wi-Fi connection (like my phone).

    Surely it's up to someone to secure it. If it's hacked - that's a different matter all together.

  16. Andy Tyzack

    no truth

    there is no truth in this story whatsoever!

    please implement scare tactics as soon as possible!

  17. Dunhill
    Stop

    apples and apples ?

    In Holland if you leave your car door/window open and something is stolen it is YOUR fault, because you gave free access to the thief and nothing has to be broken.

    But if you are willingly or/and stupidly give free access to a wireless router it is NOT your fault ...

  18. oliver Stieber
    Thumb Down

    I leave my WIFI open

    And I'd prefer that the police didn't go around arresting people for using it.

    Open wifi = fair game. why else would it be open?

  19. cor
    Black Helicopters

    Wtf? Who is watching who?

    So the 'Polis' found them out?

    Did they intercept their datastream? That is far more serious than hitching a ride on an unsecured WiFi.

    My laptop has its wifi interface set to 'roaming' and dhcp. I work in an office location where I regularly move from my desk to a colleague at the other end of the building, or a conference room. I often stay in a hotel with wifi... etc.

    So if I leave my laptop on and it inadvertantly uses someone else's a.p. then I could be arrested? Don't make me laugh (or cry, seeing how pathetic this is).

    I will be watching the courts' ruling with great interest...

  20. Anonymous Coward
    Black Helicopters

    Again, I'm baffled

    I know this subject has been done to death. I'm not massively technical when it comes to networks (wired or wireless). But surely wireless network connections work on some kind of handshake authentication? In essence, my computer will request access and the wireless network router will accept, deny or request authentication.

    If my request is accepted, surely that is all the permission I need?

    Of course, if I hack/guess/brute force/spoof my way onto a network that requests authentication or denies my request, then I'm commiting an offence.

    Imagine you're visiting my house. You knock on the door and there's an automated response that opens the door and invites you in. You go in and you have free access to my home (TV, tea/coffee, biscuits, magazines etc). You have a cup of tea, watch some TV and then you leave. 2 days later you're arrested for entering my house and stealing my tea and watching my TV.

    My point is that it's not like someone breaking into a house that has an upstairs window left open, but more like entering a house after knocking on the door and being invited inside.

    Paris? Because even

  21. Steven Jones

    Law and common sense

    A nice common sense rule would be that if a WiFi configuration has no security on it is reasonable to assume that it is intentionally made free access (some people do that, although I wouldn't recommend it).

    After all, the criminal law requires that to be found guilty then it has to be proved beyond reasonable doubt. Clearly if you crack the security system then that's clear evidence of intention. As an analogy, trespassing is not a criminal offence (except in a few special cases like on railways), but breaking a lock in order to enter is.

    Perhaps if the police (and courts) followed this common sense rules the police can do something useful - like tracking down the people who have compromised my credit card security twice in three months.

  22. Anonymous Coward
    Coat

    On the same vein as ...

    .. adding this to the crime figures: I would guess that it's more about the police being seen to be tackling 'hi-tech' crime. Just throw in all the relevant techno jargon: wireless WLAN no-encryption security e-mail wardriving etc. That way all the Daily Mail readers can rest snugly in the beds knowing that plod is doing a good job.

  23. Jason Clery
    Thumb Up

    HAHA

    HAHA, tight bastards got caught... Hope they get a nice fine

  24. Jason Clery
    Thumb Up

    lets hope

    Lets hope its the acknowledged broadband thieves Simon and Mark

  25. Anonymous Coward
    Anonymous Coward

    Re:Entrapment

    Well, my own network is only 'secured' by WEP (because of the kid's WEP only DSs), so is trivial to crack. But I *do* know how to spot someone nicking my bandwidth.

    WEP, as insecure as it is, does serve one major purpose (and is why its better than no security at all). A WEP based network is clearly private and, therefore, anyone accessing it without its owners permission is very likely in contravention of the Computer Misuse Act and, possibly, the Wireless Telegraphy Act too.

    Illegal access of an insecure network *may* be harder to prove. If you are broadcasting an SSID of, say, "Hi Everyone" on an insecure network, then it could easily be construed as public. An SSID of "Smith Family", (though possibly not smart to put your name in the SSID), indicates that the network is *probably* private.

    I would imagine that not broadcasting the SSID would be construed as a good indicator that the network is private, too.

  26. Matt

    @AC

    Agree with all your point, but can't help but point out that you can't really pre-warn someone. You either warn them or you don't.

    I'm afraid I have to turn down the kind invitation of those across the pond to stick pre in front of everything to make it sound more exciting. I think I'll only accept pre if you can post it as well (not in a post box clearly).

    So, I'll allow pre-paid because you can post-pay but you can't have pre-planned because you can't post-plan (unless your a government spin doctor).

  27. Anonymous Coward
    Stop

    There should be a difference between...

    ...using someones unsecured wireless internet connection and hacking it.

    If my neighbour is dumb enough to use an unsecured wireless net connection, then others should be able to use it and not get prosecuted.

    However, if my other neighbour has secured his, and two young punks are caught outside his house with a laptop running Kismit or AirCrack, then they should get cuffed and slapped good and proper by the courts.

    This is of course, after the police have solved all the murders, rapes, armed robberies in the area...

  28. James Bassett
    Pirate

    LEaving the WiFi unlocked

    So are you lot seriously suggesting that because someone doesn't have the technical know-how to lock down their WiFi YOU should be allowed to steal it?

    What if someone suffers from Alzheimers and forgets to lock their front door? I suppose you consider that justification for walking into their house and nicking their telly? Forgetfukll fuckers! Serves 'em right!

    Someone didn't get their Maths O Levels so I'm alright to short change the thick bastards. Should have tried harder at school shouldn't they!

    You're a bunch of fecking theives and, worse than that, with your fucked-up pseudo logic and pathetic "Freedom Fighter" bullshit, you're theives who don't even have the balls to admit it!

  29. Anonymous Coward
    Anonymous Coward

    Smell the pretty flowers Freeloaders!

    "If you freeload off someone's FLOWER GARDEN, you know damned well that a)they've paid for it and you haven't, b)unless specifically authorised to do so you're not supposed to, and c) that it's illegal to do so. Look at flowers all you want, Steve; you're not depriving anyone of anything, but when you consume a service that someone else has paid for, you're either depriving them..."

    Well your depriving them of nothing because they agreed you could use it.

    I pull out my iPod, there's a Wifi point 'TSS-Public'. Now you can say that TSS Public is a WiFi point of a charity that desperately needs maximum bandwidth to save dying puppies. But I reckon it's the petrol stations public Wifi point because they're all competing to provide free connections here.

    Even if their connection was called 'TSS-Public' I have no way to tell if that 'TSS-Public' is *their* 'TSS-Public' since the names don't even have to be unique.

    Well one way to check, I'll try to connect to it and see if it accepts my connection. Oooo look it does. I asked, they accepted.

    If they stuck a tap in the middle of the street, labelled 'TSS Public' would you be happy for me to use it? Here (south France) there are taps in the street for people to drink from. I am not stealing when I drink the water, but I don't have permission to use it. I assume I have permission because it's there in public.

    With Wifi it's one better than that, not only is it there in public, the iPod asks to connect before actually using the connection! Imagine that! It asks first!

  30. Anonymous Coward
    Anonymous Coward

    @Holland

    "In Holland if you leave your car door/window open and something is stolen it is YOUR fault, because you gave free access to the thief and nothing has to be broken."

    Fibber.

    On the other hand if you ask the driver for a light and he gives you the light, you aren't stealing his fire. If his car had flames coming out the back and you lit your cigar on it, then you still wouldn't be stealing his fire.

    You have implicit permission to light your fag.

    In the case of WiFi it's simpler, you have *explicit* permission, the iPod asks permission first before sending any data and your router grants that permission.

  31. Anonymous Coward
    Anonymous Coward

    Re: Nick Palmer

    My wifi signal can be a little bit weak at the far end of my house and my neighbour has an unsecured wifi connection.

    I therefore imagine that occasionally I piggyback on their connection without knowing it.

    Am I breaking the law and should I be arrested?

    And what about the fact that my neighbour has "given me permission" to use their connection as my computer asks permission of the router, which then says yes.

  32. Seán

    Trespass

    Trespass is a civil matter. If the wireless network is unsecured there is no breaking and entering involved. If the law of the land were to be followed, these trespassing guys would be able to sue if their machine caught a virus.

    What are the pigs doing getting involved in a civil matter? How could they prove the "offence" took place? Either they have no evidence or someone has equipped the filth with electronic surveillance devices and neglected to inform, er, anyone.

    The law is divided into criminal and civil, if you start to make civil matters criminal that means the polis control civil interaction. How much fun is that going to be?

  33. Alan Gregson

    @oliver Stieber

    Do you leave your front door open as well?

  34. Anonymous Coward
    Anonymous Coward

    Hmm...

    There isn't a large pool of police that get dished out to the next crime, they tend to specialise, at least to a certain extent. I for one would not want a murder squad copper investigating a Tech Crime or vice versa, those complaining about 'don't they have better crimes to investigate' should probably consider this. Also if the police have had a crime reported to them (not made clear in the article), they aren't going to look very good if they don't bother to investigate it.

    Now, the article didn't say weather or not the WiFi was secured, even if it wasn't that isn't an open invitation to use it, although would probably be accepted as a genuine accident if there were public free open access points in the vicinity. The article also doesn't say how the perps were nabbed, it is highly likely though, that they were using sufficient bandwidth to be noticed, or the owner of the access point noticed the access light flashing when they didn't think it was in use. You don't need to run monitoring to find this out.

    As a further point, I'm not sure if this is still the case but, when I first got broadband it specifically and clearly said that no-one else, other than the inhabitants of the house are allowed to use it.

    Also, how many OSes automatically connect to any WiFi access point that they can? My XP laptop certainly doesn't, I would regard this as a massive security flaw if it did.

  35. Killian
    Stop

    Here we go again...

    @Pete James & Nick Palmer

    Every time one of these stories breaks it's the same old argument.

    Once more with feeling...

    An open WiFi connection with a broadcast ID is an invitation. That's not an opinion, it's the how the protocol works. Accepting a public invitaion should not be illegal. The fact that the law fails to understand even the most basic principles of this technology doesn't make it right - just badly informed.

    A better analogy for this situation would be to install a series drinking fountains in your neighbourhood, each with a sign on saying "water here" then support a law that has people arrested for 'stealing water' when they stop for a drink.

    The only reason wireless routers default to open connections is laziness on the part of manufacturers and end users. There are straight-forward solutions to improve the situation but no-one's interested - if the sale of the router is made and the user has a connection everyone's happy to ignore the obvious and easily addressed issues.

    I think people being upset by use of police time to support this slack/ignorant behaviour is warranted although we should bear in mind that they are still going to check up on kerb-side laptop users in case there in genuine criminal intent (like hacking secured connections to trade kiddie-porn on someone else's account).

    Until next time... K

  36. dreadful scathe
    Happy

    its simple

    I don't know what all the fuss is about - if someone physically BROADCASTS an OPEN and UNSECURED WIFI CONNECTION - thats an implicit invitation to connect. You can butter it up, put metaphorical wings on it then crowbar in all the burglary and theft related analogies you like, but it doesn't make it anything the police should be bothering themselves with.

  37. Anonymous Coward
    Pirate

    Entrapment

    Now if I had say milk dilivered and it was left on somebody else's dorrstep and they took it in not knowing that it wasn;t for there use - would they be breaking the law (no Pete James they wont).

    If somebody broadcasts a `open` unsecure connection into my property and my equipment has defaults dictated by microsoft am I breaking the law - or are they by invading my space with there signal.

    The fact that they leave there connections open then means they want you to be able to use there (not abuse) connection, is that braking the law. Of course the other side is they are utterly clueless and have an internet connection which by default means there BOT city ruining the internet for others thru there ignorance.

    bottom line people who leave open wifi connections without the intent and no disclaimer saying dont use this are frankly the ones who should be hung and drawn and generaly dealt with by the law. Why, well its those fraggels who have by definition weak insecure computers and enable criminals to create BOT-nets.

    Why should the innocent be prosecuted at the expense of preserving the stupid - this is a general trend we live with today - get somebody who is ill and sick and somebody who isn't and have both say homless thru equaly bad luck/events and its the sick ill person who is housed whilst the healthy pearson is tossed aside until there damaged enough to not be able to contribute to society - then they get help when its too late.

    Bottom line I've used open wifi connections, my computer asks for permision by asking for a IP, the router goes yes I'll allow you. Now give me my day in court and I'll prove legaly that not only is that legal and valid but also countersue for defimation of character and loss of earnings/time and I would win.

    Remember its not the UK anymore its EU and all the bells and whistles.

    Bottom line - if you run wifi and dont have a clue how to set it up then pay somebody to sort it you ignorant plebs - very very simple. Stop penny pinching and entraping innocents wasting police time because your ignorant. Very very clear and simple.

    posted anon to avoid the trolls and ingorants who can only vent and not fix things.

  38. John Ridley

    No crime

    If I leave my WiFi unencrypted, it's because I WANT people to be able to use it. If I don't want them to, I turn on the encryption. It's not that difficult.

    Hopefully the police checked with the homeowner in question; I would think that the homeowner would have to press charges; they're the (possibly) wronged party. If not, IMHO there's no case.

  39. Ed Cooper

    I'm sorry but

    if I'm going to have "look at me I'm base station NETGEAR, I'm accepting all connections, you're welcome" penetrating my skull at 2.4GHz I really fail to see why I'm beyond my rights to connect to this service.

    This is not theft at any practical level. If I phone my neighbour and as such make use of their phone line rental and equipment am I committing a crime. No. Because by paying phone rental they have implied permission for others to connect to this service. As such leaving their base station totally unsecured expresses permission.

    It should be plainly clear to anyone if they buy a wireless router then connect there equipment without any sort of authorisation that so can anyone else. If you are paying by the byte, its your responsibility to secure it.

  40. Anonymous Coward
    Anonymous Coward

    Fon peculiarity !.

    So lets say someone has joined up to FON to offer Wifi connections to all and sundry, for a fee paid through FON. Lets say that offeror then decided he dont want to be one of FON's local hotspots anymore BUT by mistake left his connection open. What would the case be then if some poor unsuspecting FON user used his opne connection thinking he was still part of the FON network ??.

    I think the law needs to be changed so the Pigs have to prove that the person using the connection knew that he was not allowed to access the open wifi.

  41. Anonymous Coward
    Alert

    Eh?

    Obviously the crime stats are so low in Newcastle that not only do the cops have nothing to do, but they are forced to venture as far as the Scottish borders to get a whiff of anything illegal.

    It's such a shame things are this bad - I might even drive down to Geordieland this weekend and drop some litter in the town centre. I would be disappointed if numerous squad cars and an armed response unit didn't surround me immediately.

  42. Paul Smith
    Black Helicopters

    No such thing as ...

    There is no such thing as "Unsecured" in this context. The WiFi router will grant access to the service if, and only if, the criteria established by the owner of the system has been meet. If that owner, despite the manufacturers instructions and the service providers advice, choses to allow remote connections from computers he or she does not personally know, that is a lifestyle choice, but I fail to see how somebody can be accused of accessing the system without consent.

  43. Pete James

    @ Killian

    ....and all the other people assuming that the connection was open.

    Go back and read the story.

    Nowhere does it say the wireless network was open.

    At the end there is a comment about people making their network secure.

    But NOWHERE does it say the network was open.

  44. Anonymous Coward
    Anonymous Coward

    Look, you don't even have to lock it

    If you turned off the 'broadcast my id' option, it's 1 checkbox, it's not even necessary to lock your connection with passwords and stuff if you don't want people connecting.

    You connect what you want, then turn off your broadcasting of the invitation to join your network and bingo end of story. Your devices already know the id of your network and others don't.

    Or you can specify only the devices you want to connect. Connect them, go to the Mac filtering web screen and click 'allow' the ones you want to connect, then click 'enable filtering' and that's it.

    If you want to you can enable the password and lock the network too. Up to you, but these people just want to check their email on one of the half million open hotspots around the world.

  45. Anonymous Coward
    Thumb Down

    Computer Misuse Act

    AFAIK, for the purposes of the Computer Misuse Act, a router *is* a computer. To be in contravention of the act you merely have to access a computer that you *personally* have *not* be given permission to use.

    The onus is on the accessor to ascertain that they *do* have permission and not on the owner to prove they *don't*.

    In the case of public hotspots, that *explicit* permission is given by advertising the hotspot, either at its location or on TV, radio, etc. Permission can be granted as a group as with subscribers to FON.

    So, as I read it, if you access a WiFi node without ensuring that it *is* public you *are* liable under the Computer Misuse Act and can face up to 5 years in the slammer if caught.

    Nasty, possibly unfair, but that appears to be the way UK legislation on this matter works. And, of course, you do have to get caught first.....

    Maybe if there are some legal types with experience of the CMA they could check on this.

  46. cor
    Paris Hilton

    "..especially as the price includes free wifi internet access.."

    Cruizin tha Googlenet I found this LOL:

    "When looking for somewhere to stay in Berwick we consulted Trip Advisor and decided to go for the number one ranked B&B in Berwick.

    Well the place certainly lived up to expectations!

    I cant praise the Old Vicarage enough. From the gorgeous little touches like homemade cakes on the tea tray in the room to the superb choice of breakfasts. What a delight.

    The bed was supremely comfortable with lovely high quality bed linen and fluffy white towels. It really was like home from home.

    Great value for money (especially as the price includes free wifi internet access).

    The breakfasts were superb too.

    I wouldnt think of staying anywhere else in Berwick!"

    See for yourselves if you like :

    <link> : www.tripadvisor.com/ShowUserReviews-g504038-d620173-r10036172-Old_Vicarage_Guest_House-Berwick_upon_Tweed_Northumberland_England.html

  47. Keith Williams
    Flame

    Amazing.

    I find the responses in here Totally Amazing.

    Just because someone doesn't have the technical knowledge to secure a router doesn't make it fair game for someone else to use.

    Would you appreciate it if someone was using your wireless router to download child porn? To review bomb making information? To download movies over bit torrent and using up your bandwidth so you got throttled?

    It is a crime in the UK, the US and Canada (and probably other countries) to use communications devices without permission of the owner. It doesnt matter if the connection is unencrypted, or un passworded it is still a crime.

    Personally, I configure the most powerful encryption I can, preface the name of the router with "()" to indicate closed, and turn off broadcast invitations of the SSID. On the other hand, I do this stuff for a living so it is no problem for me.

    Flames because I expected better of everyone here.

  48. Julian Bond
    Paris Hilton

    How did it come to this

    How did it come to this? Whether it's legal or not, why are we even bothering to enforce it?

    Which raises a much more interesting question. What were these two people doing and how did they come to be caught? Sitting in a car engaging in Ugandan discussions while admiring pictures of Paris perhaps?

  49. Julian Bond
    Jobs Horns

    iPhone?

    I look forward to the first iPhone owner who is picked up by the Police for using someone else's wifi to read Google maps and work out where they are.

  50. GrahamT
    Coat

    It's not real Wi Fi..

    This is the Geordie version,

    Way aye Fi

    Mine's the raincoat and flat cap, next the whippet.

  51. Anonymous Coward
    Anonymous Coward

    (no title)

    "It is worth reminding people who use a wireless connection to ensure they follow the manufacturer's instructions when setting it up"

    Gawd. I recall following the manufacturer's instructions and felt myself very lucky to get it working at all, after ages changing settings at random to see if this was the problem, or that was the problem. Manufacturer seemed to think I would already be an expert, and not need much guidance.

    Folk should secure their own link, but it should be simple to achieve.

  52. Martin
    Gates Horns

    What about

    The fact that this guy's Microwave signals invaded the alleged accused property and as such if it is unsecured then he should be allowed to use it unless the offending waves pay rent!

  53. Charles Hammond

    How did they get caught?

    Well when you see a couple of blokes with a computer drving around in a neighborhood looking for an open connection, it is kind of clear that they knew it was illegal and they had malice of forethought to knowingly break the law. Basically they are cheap bastards looking for a free ride. They can just as easily infect your network with a virus or a trojan.

  54. Dan
    Go

    permission was requested and given

    http://upload.wikimedia.org/wikipedia/commons/thumb/2/28/DHCP_session_en.svg/200px-DHCP_session_en.svg.png

    client request....

    server offer ....

    client accept...

    server acknowledge

    It is called DHCP and if you leave a wireless router running with no security giving permission I am unsure how anyone can say you did not have permission.

  55. Henry
    Alert

    This *CAN* be a serious offence.

    Unauthorised access of a wireless network *IS* illegal, I've argued this with a Prosecutor as well as a copper working in this field.

    Computer Misuse Act, Section 1

    "Unauthorised access to computer material

    (1) A person is guilty of an offence if—

    (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

    (b) the access he intends to secure is unauthorised; and

    (c) he knows at the time when he causes the computer to perform the function that that is the case.

    (2) The intent a person has to have to commit an offence under this section need not be directed at—

    (a) any particular program or data;

    (b) a program or data of any particular kind; or

    (c) a program or data held in any particular computer.

    (3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both. "

    Why should we give a sh1t? - How would you feel if the bobbies knocked on your door to arrest you for distributing kiddie porn?....

  56. Magnus

    Re: Computer misuse act

    I suppose the main issue is defining what is meant by "personally giving permission".

    If my computer "personally" contacts their computer and it gives my computer permission to access it, which is basically what happens when you leave you network unsecured (or secure it and give the person concerned the key etc), then I would say you can argue that you haven't breached it. In this your computer acts as you agent, you have given it the power to act on your behalf (in a similar way that you are responsible if you set up your computer to lie on your behalf).

    Are there any legal precedents out there? I'd say that's the main issue with most of the legislation out there either formulated specifically for all these new technologies or old laws shoehorned into use for them is that they mostly haven't been tested. There isn't a broad basis of opinion out there. All of it is not helped by the fact that most of the legislators or judiciary are totally unfamiliar with how most of these things actually work.

    My opinion is that if you leave your network unsecured you are making it public and have given permission for people to access it. In any case it is going to be very interesting to see how all these social conventions will develop.

  57. cor
    Alert

    Maybe its time for a 'fair use' policy on WiFi ?

    This may clear up a lot of grey area.

    What if I lived in a semi-detached house, sharing a wall with my neighbours livingroom/bedroom etc. Now, I am a stingy b45t3rd and I keep my heating set at 17 deg, whilst next door they maintain 23 deg all day. Clearly there will always be some heat transfer to my house, effectively costing the neighbour more money than if I also kept my rooms at 23 deg. Must I pay compensation, go to jail?

    It's not as clear cut as many might think....

  58. Anonymous Coward
    Black Helicopters

    @Ross

    And who do you ask permission of if the router is called "Netgear"? Go knocking door to door?

    Personally I think if a router is open, then it's been left open for a reason. All boxes from SKY and BT, that arrive these days, are pre-locked with their key on a sticker on the bottom.

    Honestly, how is someone supposed to know he's not supposed to access it if it has no indications of being private? Would you be arrested for walking onto some waste land that had no fence or signs saying "private"?

    Oh well, at least I'm pretty safe, I doubt plod knows what a Nokia N95 is, and what it can do with Opera and Fring :-)

  59. Anonymous Coward
    Thumb Up

    Boring conversation.

    God this is full of rubbish. Look at it like this - as default my wireless card will pick up any wireless network it can and connect to it. Am I committing a crime if I turn on my computer and suddenly have an internet connection? If I don't have the know how to stop it connecting and my neighbour cant be arsed to read the fin manual that came with the service they are paying good money for, they ought to be locked up not me.

    I do however have the know how, and recently secured my neighbours router on their behalf after informing them that 18 different mac addresses had been using it. I now have a free inet connection, 16 people don't. All because I brought a laptop home to fix for a friend, I had no intention of having an internet connection at home.

    But still if you ask me who is to blame, its pretty equal. But if no effort has been made to secure the network then it ought to be the person running the network, or the ISP who provided them with the kit to setup a wireless network without ensuring they understand what is needed to protect their service.

    Anyone who buys a piece of kit with wi-fi should not be assumed to be in the wrong as they may not even intend/know how to use the wi-fi features. Anyone plugging a wireless router into THEIR phone line which THEY pay for, ought to RTFM.

  60. Nestor Fylaktos

    Man, i am a criminal

    I remember a couple of years ago i was on the 345 bus from south ken going to camberwell (which by the way can take a LONG time.) I had my laptop with me, so i though I'd turn the wireless switch on and see how many networks i'd pick up, and how many unsecured. As the bus stops frequently to pick people up, i was able to log on to few unsecured ones - on the go. Quickly checked my email, read a few pages on BBC news, and then waited for the next.

    That makes me an offender of gargantuan proportions, i presume

  61. The Other Steve
    Flame

    Cluestick acumin (again, might as well define a macro for this comment)

    Once more with feeling, despite your pathetic pedantry w/r/t IEEE 8011.x protocols implying that you have permission, your persistent belief that people ought not be held responsible for intruding upon poorly secured systems, and your absolutely awful analogies and attempts to apply utterly irrelevant areas of the law (I'm looking at you, whoever mentioned trespass again), using someone else's connection without their permission is an offence under Section 1 of the Computer Misuse Act 1990, possibly even section 2 if the actual theft of resources (bandwidth) is taken into account.

    All your plaintive whining about how it isn't a crime is not changing this piece of legislation one jot.

    In reverse order :

    Trespass law, not relevant in the least no matter how many times people insist that it should be. Specific legislation exists which governs unauthorised access to computer systems. See CMA.

    "If it's insecure, it's OK", wrong. See CMA. You will not find any mention in the definition of offences that requires any level of security on behalf the system. Oh, and pull your head out of your arse.

    "802.x gave me permission". Wrong. See CMA. Just sending the packet is causing the computer to perform an operation, basically, you are committing an offence just by asking. I don't care to speculate on the morality or otherwise of this, but just read the sodding Act. In any case, the details of the protocol are also irrelevant to the definition of an offence.

    The only things relevant are as follows : 1) As far as the owner of the system is concerned, you are not an authorised user. 2) You know this (or can be reasonably expected to figure it out for yourself unless you're a retard, this counts even if you're a twisty pedantic little git who thinks he can get off by being clever) 3) you cause the system to perform any function.

    You can whine and be pedantic about it all day long but it doesn't change the law. A law that the freeloader/cheerleader crew obviously (still) haven't even bothered to read, let alone comprehend, so, once again, here is the CMA.

    http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm

    Go away and read it. And don't pitch any more stupid "but it ISN'T a crime, it ISN'T, its just not fair!!!" tantrums until you have.

    I make no case for or against the morality, fairness or whatever of this legislation, but clearly rather a lot of you need to read and understand it so that you can be clear on what is and what isn't an offence before you start flaming off that activity X is not a crime when it's clearly defined as an offence. Knowing this stuff is important if you want to be an IT professional when you grow up. In the event that you are already either grown up or an IT professional, then shame on you.

    And for the "the police should have better thing to do" crowd,

    1) it is in fact entirely possible that the police in Berwick didn't have anything ELSE to do, let alone anything better Berwick is a small town with a poulation of ~25k, many of them pensioners. As far as small Northumbrian towns go, Berwick is quite wholesome.

    2) Remember this the next time you want to criticise the police for not responding in a timely fashion (or at all) to one of your own complaints. "Sorry sir, we can't come out for your vehicle being vandalised, that might prevent us from responding to something we think is more important."

  62. James Hunter
    IT Angle

    asking permission first - an analogy

    To the people who are saying it is an offence even if the router is open because they didn't ask the owners explicit permission first - try this analogy.

    When you browse the web you are connecting to someone elses resources, eg the el reg site - they have to pay their providers for the bandwidth costs of supplying news to you. So you are using their service which they paid for. Did you ask them permission to connect to the website first? No? Then you are committing an offence in the same way that the 'wi-fi leechers' did.

    Oh wait a minute, you're not. You see, even though there is no explicit permission given anywhere on this (or most other) sites, you have IMPLICIT permission to connect because the pages are open and when your browser connects to the web server and asks for a page, the server replies OK. This is the same as my wireless card asking a router for an IP address and connection and it saying OK.

    Now, sometimes people don't want you to connect to their webpages - eg they may have a pay for service that you haven't paid for, In this case, they secure those pages, requiring you to have a password/certificate/whatever. This is the same as my wireless card asking a router for permission to connect and the router saying no, you haven't got the correct MAC/password/etc.

    So if you believe connectiong to an unsecured wireless router is an offence without the owners explicit permission, I'm afraid you can't browse any more websites until you've asked their owners explicitly.

    The rest of us, who have some understanding of technology will of course still be able to browse happily away. Maybe the comments on this site will be a little more sensible then.

    It's simple -

    1) an UNSECURED router is an open invite to connect. the owner has given permission to connect by not blocking you. If they are too stupid to understand they should be blocking people, TOUGH, they should take some personal responsibility and learn about the technology they are using (you remember personal responsibility, the thing we used to have before it became fashionable to blame someone else for everything that happens to us)

    2) Cracking a SECURED connection is an offence.

    IT? icon because clearly, some people on here haven't a clue about IT issues

  63. Trevor Watt

    What a load of nonsence

    Some of the points raised here are simply ridiculous.

    1. My neighbours connection is not secure and I can accidental connect to it - NO, you know about it so by blocking connects to their WiFi you can prevent this.

    2. It connects automatically so it must be OK! - NO, if it is not commercial or clearly labeled as an open service then you can bet it is not. Most commercial offerings need a log-in even if it is just an email address or postcode.

    3. If they are stupid enough not to secure their network then they deserve it/should be the ones locked up. - NO stupidity is not a crime or a legal reason to exploit someone.

    4. It is not costing them anything. - NO it could be the person who you are stealing from pays for their service on a limited access agreement, if the exceed (from your use) their inclusive download limit they pay more. Much more.

    5. All WiFi comes with security on, they must have turned it off. - NO all kit does not come security enabled, quite a bit does not.

    6. It is not my fault, as default my wireless card will pick up any wireless network it can and connect to it. - Change your defaults then.

    7. It is not a crime under the Computer Misuse Act. - Correct, but it is a crime.

    8. Entrapment - No, there is no such thing in the UK without encouragement to take part. Just because something (anything) is not secure it does not give you the right to take it.

    9. Don't the police have better things to do? - They catch people committing crimes, all crimes, they do not select which to enforce and which not to. If someone committed a crime against you you would not want the deciding it was not important enough and simply ignore the criminals.

  64. Jim
    Boffin

    Ignorance?

    If I'm not mistaken, ignorance (of the law) is not a viable argument for defence so why would ignorance (of technology) be a viable argument for prosecution?

    A wireless network that advertises itself and accepts incoming requests for connections should be considered a public service. If the owner wishes to identify the network as private then they need do nothing more than stop SSID broadcast to demonstrate their intent, add encryption if you want.

    Of course, these conditions are open to abuse as the owner can cry foul AND THEN stop SSID broadcast/add encryption after the event...

    Obviously, in this article, there is no info about what steps the owner took to avoid public use of their connection though one could take "It is worth reminding people who use a wireless connection to ensure they follow the manufacturer's instructions when setting it up and make sure all security systems are in place to keep computers safe." to mean that the owner had been less than careful.

  65. cor
    Paris Hilton

    @ The other Steve

    You make a valid point about RTFM'ing the legislation before whining on about the unfairness of it all. That much is certainly true.

    But (and I mean this genuinely) how does this relate to, say, pinging an ip address?

    As I'm sure you know, if you ping an address you are requiring the other machine to perform an action. Even if it rejects ping responses, it still has to read the packet.

    Knock, knock.

    Who's there?

    Amy.

    Amy who?

    Amy going to jail for knocking on yer door?

    Paris? Well she would find it hard to fathom too..

  66. John
    Flame

    Fascist State

    Yes, you heard me right. You UK types live in a fascist state. I mean WTF??? ARRESTED? for hopping on a wi-fi network? Argue the merits of whether it is illegal or not, that doesn't matter here. The important thing to note is that two citizens were arrested, not cited, but arrested for hopping on a wi-fi network and checking their email. How is it that that is a crime henious enough to get arrested for? I'm so dumbfounded by this I can barely put it in words. The only thing that comes to mind is "papers please..." Now these two guys have their DNA swabs on file and will for ever be marked as criminals in your fucked up justice system.

    Fire, because I couldn't find the flag with the red and black design on it... :(

  67. Jason Clery
    Flame

    @James Hunter

    Be a man then James, go openly steal wifi and try your defense when the y decide to arrest you. Go on, put your money where your mouth is.

    As The Other Steve said

    "http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm

    Go away and read it. And don't pitch any more stupid "but it ISN'T a crime, it ISN'T, its just not fair!!!" tantrums until you have."

    And more importantly

    "Knowing this stuff is important if you want to be an IT professional when you grow up. In the event that you are already either grown up or an IT professional, then shame on you."

  68. Anonymous Coward
    Anonymous Coward

    Computer Misuse Act

    The text is available at http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1 :

    1. Unauthorised access to computer material

    (1) A person is guilty of an offence if—

    (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

    (b) the access he intends to secure is unauthorised; and

    (c) he knows at the time when he causes the computer to perform the function that that is the case.

    IANAL but one could argue that if the WiFi access point is broadcasting SSIDs and is unencrypted, then a person cannot know that the access that he intends to secure is unauthorised.

  69. Anonymous Coward
    Anonymous Coward

    Does your open wifi have a porn filter? Would you mind not beaming it to my house?

    "1. My neighbours connection is not secure and I can accidental connect to it - NO, you know about it so by blocking connects to their WiFi you can prevent this."

    You hypothesize that the person knows whose wifi it is in this scenario, that is not the reality. You only have the name it's broadcasting and a flag to say if it can be used. It's so bad that if your wifi says it's "linksys" and you connect to it, you don't know if you've connected to your "linksys" or your neighbours "linksys".

    "2. It connects automatically so it must be OK! - NO, if it is not commercial or clearly labeled as an open service then you can bet it is not. Most commercial offerings need a log-in even if it is just an email address or postcode."

    No, it's fine to connect to open WiFi, it's very common to have no login and often there's no way to identify the wifi connection. Perhaps if you made it a law to secure your wifi unless you don't want to, then this would a reasonable argument. As it is saying *some* wifi you can use needs a login, doesn't help you determine if *this* wifi you want to use can be used.

    "3. If they are stupid enough not to secure their network then they deserve it/should be the ones locked up. - NO stupidity is not a crime or a legal reason to exploit someone."

    My Wifi is filtered because I want to protect my kids from porn, is yours? Would you mind not beaming your open wifi into my home? Is it too much to ask you to turn off the broadcasting of your open wifi at least so it doesn't show up as a network they can connect to?

    We are talking about a shared service, which you say, you won't do anything to stop it being used by anyone else, but if they use it, you'll have them arrested, but they have no way of knowing if linksys is theirs or yours.

    "4. It is not costing them anything. - NO it could be the person who you are stealing from pays for their service on a limited access agreement, if the exceed (from your use) their inclusive download limit they pay more. Much more."

    Stealing? No using. I'm using the one from the bar across the road now. It's intentionally open and I'm using it to make a point. They want it to be used and I'm happy to use it.

    "5. All WiFi comes with security on, they must have turned it off. - NO all kit does not come security enabled, quite a bit does not."

    Agreed, more should.

    "6. It is not my fault, as default my wireless card will pick up any wireless network it can and connect to it. - Change your defaults then."

    That fixes nothing, since they want to still connect to open wifi! There's nothing wrong with consenting person A offering wifi to consenting person B. OK, usually person A is a business or a hotel or a terminal or ... or... but the principle is there.

    "7. It is not a crime under the Computer Misuse Act. - Correct, but it is a crime."

    No, you have permission the wifi asked and got permission to connect. No different from the gsm phone asking and getting permission. Any case should be kicked back as misjudged.

    "9. Don't the police have better things to do? "

    It's not there job to extend laws by reinterpreting the 'permission' to it's maximum form. You didn't get permission before you used elReg's web server and stole their electricity.

  70. Anonymous Coward
    Anonymous Coward

    @Cluestick

    Did you get permission to use www.theregister.co.uk webserver before you connected to it? No, care to reread your own interpretation of that law.

    "802.x gave me permission". Wrong. See CMA. Just sending the packet is causing the computer to perform an operation,"

    That wifi hotspot *SENT ME* a packet saying "here I am, I'm "Wifi Hotspot ajsdg9378". If it's a crime to send the packet, then it's a crime for the hotspot to send my iPod a packet and use my computer.

    "The only things relevant are as follows ....2) You know this (or can be reasonably expected to figure it out for yourself unless you're a retard, this counts even if you're a twisty pedantic little git who thinks he can get off by being clever)"

    And this is where it gets interesting, because it requires that you know this and you only know this in as much as tells you "here I am for connections" and it lets you connect. You added an insult at the end which to me emphasizes you understand the weakness of the logic in your argument.

    They have to use the tightest of definitions of 'permission' to be written or verbal permission here. But they could equally arrest the hotspot owner under that definition they're using. It's sending out these packets connecting to peoples wifi device and offering up it's service using the broadcast packet.

  71. Mike VandeVelde

    settle down kids

    Probably something as simple as a lady noticing people driving up and parking in front of their house. Wonder who that is? Why don't they come knock on the door then? What are they doing in there? A phone call to the police, and around they come to check it out, since nothing much else is going on to otherwise occupy their time. A little tap on the car window - wot you gents up to there? Doing what to the what? Well you're bothering the lady over there, how about you move along. Some bunch of crap spewed as in the comments above about rights and whatnot, so the copper decides to see what he can do about it, and lo and behold there is this law that can be applied. I doubt they're going to put a squad together with all kinds of gear to combat the epidemic of wi-fi stealing. Nobody need worry, unless you're some numpty like these two. I'm fairly certain that if they had just said oh sorry sir we didn't realize we were bothering anyone we'll be on our way then that nobody would have wasted any paperwork on the situation. There must have been something more to it. I mean really. Why all the gasping terror?

  72. Anonymous Coward
    Anonymous Coward

    @cor

    If you are accessing a machine through a public network, you are allowed to carry out operations, such as pinging, accessing web pages on it etc. You are not allowed to make the machine to which you are connecting perform any task or operation that it is not designed to do.* (ie: you're not allowed to hack the shit out of it, but you are allowed to ping, tracert, download web pages, see if it has open anon ftp etc.)

    You are not allowed to connect to a machine through a private network and perform the same sort of operation (unless you have explicit permisson). If you do pick up an IP address while walking past someone's unsecured wifi and then start pinging their machines, downloading web pages from them, trying to get FTP sessions starting etc. etc. this is definately a crime. Use of their network bandwidth is also a crime these are, as previously stated, under the CMA.

    *Incidentally this is why honeypot servers are a very bad idea from a legal point of view, because they are designed to be hacked, therefore you can't hack them!

  73. carlo
    Happy

    @trevor watt

    6. It is not my fault, as default my wireless card will pick up any wireless network it can and connect to it. - Change your defaults then.

    And why is it the responsibility of the owner of a device which happens to support wi-fi (regardless of if its a feature they use or are interested in using), to RTFM about something they couldnt care less about, to prevent them from breaking the 'law'?

    When someone who is quite clearly aware that the phone line they are paying hard earned dosh for is hooked up to a wi-fi router, it ought to be their responibility to ensure their service is protected.

    And @ The Other Steve

    Laws and legislation don't take into account circumstances, police officers who often know little if anything about IT do. And in doing so they take cases to court that would get laughed at and thrown out by anyone with any technical knowledge who looks at the same circumstances. Anyone interpretting said laws could spout off what they believe is seen as a breach until they turn blue in the face, but, until it gets to court and clear intent to breach the law is shown it aint worth crap.

    Also entrapment shouldn't be an issue as for an offence to get anywhere near court they ought to have logs, which would clearly show changes to the configuration or atleast how the people accessed the network.

  74. ratfox Silver badge

    How about crossing the garden?

    Suppose you are walking in a place you don't know, and you see flowers in the distance. You walk 5 meters on the grass to admire the flowers - that's illegal. You are trespassing on somebody's property. While it COULD have been a public garden, it is not, and you are committing a crime...

    On the other hand, you do not get jailed for that, usually, right?

    In my opinion, as far as your actions can reasonably be considered as in good faith, you should not get jailed for it. There are lots of people who open their network, because they WANT everybody to profit from it. I believe it is reasonable to assume, when you see a network that is open, to assume this is the case.

    @Trevor: It is a bit weird that whoever can leave his router in the standard open configuration and expect that nobody to use it, but the poor guy who is too ignorant to change the standard configuration of his computer to take any wireless network will go to jail for it...

  75. Matt
    Flame

    And I thought the Reg was read by IT pros....

    @the other Steve

    Thank you! You've saved me typing the exact same thing. It's an offence to connect to a network which you don't have explicit permission to connect to. End of. What about the wireless telegraphy act, doesn't that have some bearing on this case too?

    As for the Police setting their own priorities -part of the problem with UK policing is that increasingly government does NOT trust them to use their judgement (not that doing 65mph on a deserted 50mph-limit dual carriageway at 2am should ever be a priority but I digress!)

    @James Hunter

    No, no, no, no again. Read the other Steve's post. Most protocols feature some form of 'handshake' - at whatever layer, be it DHCP, HTTP, FTP, whatever. If you handshake and/OR fool it into handshaking with you when you're not allowed/don't have permission to then as I read it you are breaking the CMA. Just because the computer has given you permission doesn't make it OK until its owner has done so.

    I, as a non-IT professional welcome this because I'm sick and tired of friends/relatives leaving their routers wide open and thus leaving themselves open to all sorts of kiddie porn/warez/bittorrents flying across their connection (Even if only by next door's spotty teenager). If I can 'scare' my more IT-illiterate chums into turning on their WPA(or asking me to do it) by saying "People have been arrested for this you know", then so much the better...

    @Nestor Fylaktos

    Just keep in mind that the POP email protocol sends your email password across the net in plain text...

    @cor

    Don't forget ping is short for Packet INternet Groper - it can be used as hacking tool - remember the ping of death attacks. Many public facing computers have ping response turned off for that reason, even if it is useful for fault finding. But also, I don't think anyone has been prosecuted anywhere for pinging a computer

    Also, as far as I'm aware, there's no such concept of 'entrapment' in English law - it's an Americanism. There's incitement to commit a crime, there's something called agent provocateur , maybe a legal bod could set us right?

  76. Terry Browning

    Use mine.

    I keep my router open for the convenience of others.

    It's simply good manners.

    If someone, for instance, wants to check their email, google, etc, why force them to pay extortionate mobile data rates?

    If someone were thirsty, would you let them drink your tap water, or force them to buy Perrier?

  77. Anonymous Coward
    Anonymous Coward

    How many wifi's in 1990??

    One last point,

    People here quote the Computer misuse act of 1990. There were no wifis in 1990 and no Internet www.

    The Computer Misuse act is being distorted to apply to these cases. It's being done badly without discussion. It does not represent some agreed definition of misuse of a computer, it represents the case of misuse from 1990.

  78. Daniel B.
    Boffin

    WiFi-ness

    Please. Every single "out-of-the-box" WiFi/DSL router I've seen for the last 4 years or so is WEP-enabled by default; turning it OFF would take at least some technical knowledge. They have even made it easier by providing the WEP key on the router itself, so you don't have to hassle with that "weird key generation" thingy. On my apt block alone, I've seen at least 8 SSID's... all of them secured, with the default ssid's though: 2wire334, 2wire123, and such.

    Because of how WiFi/DHCP works, an open and unsecured a.p. is fair game, and could actually be tested in any court. The *real* reason for going after wifi freeloaders is because the ones that are actually suffering are the ISP's themselves. On my previous apartment I gave wifi access to some neighbours in exchange for a fee; with 4 of 'em my link basically paid itself... but in the ISP's eyes, they're losing 4 potential clients even if I gave them that access for free!!! (Then again, I was planning to increase my bandwidth before I moved, so maybe it wasn't that much of a loss for them.) If ISP's let everyone go hippie-sharing their hotspots, they fear they'll lose $$$ because of that. Some broadband providers already have "no sharing" rules in their T's & C's.

  79. Guy Fawkes

    @ James Bassett

    "So are you lot seriously suggesting that because someone doesn't have the technical know-how to lock down their WiFi YOU should be allowed to steal it?"

    Indeed, I advocate exactly that position. WiFi routers *should* come from the factory with, at a minimum, WEP enabled, and clear instructions on how to connect to the router without disabling encryption.

    If you consider your WiFi signal to be a valuable item, subject to theft, and you don't know how to secure it, then you can hire a professional to secure it for you, just as you would hire a locksmith if you are not capable of installing your own deadbolt on your front door. Or, indeed, just as you would hire someone to install a front door if you haven't one (which is a bit closer analogy to unsecured WiFi).

    I am a network professional; I grasp the concepts of WiFi handshaking and authorization. Access Points which are secured are not open for public use; Access Points which are not secured ought to be considered by the law to be open for public use. Full stop.

    And for the record, I use only my own AP, and the ones provided explicitly for my own use. My neighbor's signal is unsecured and gives me a full "five bars," but I don't use it; however, I feel he has invited me to do so.

  80. b166er

    Bit rowdy for a Thursday ;p

    The fools must have owned up when asked what they were doing. Otherwise how could plod have known?

    Should've been wiser and said they were using mobile broadband (not exactly a lie either)

    If the plod did somehow know, then I'd like to know how.

    Whatever did we do before locks? That's right, we had nothing worth pinching. Then came the locks. Presumably no-one used them at first either. Now locks are commonplace and we all know how to use them and are advised to use them.

    ISPs started sending out wireless routers without encryption enabled, so they were initially irresponsible. Now encryption is enabled by default. It'll just take a bit of time for those old unencrypted routers to find their way to the recycling point and problem solved.

    Yeah, ok, it's trivial to crack wireless encryption, but that's for your hardcore element, you know, the type who break and enter. Meanwhile, using Community WiFi is similar to scrumping really (if your not taking the mickey of course).

    As I can see from above, obviously the farmer gets a little pissed when he finds someone scrumping his WiFi. Really though, he could be just as pissed with his ISP for not providing a secure wireless connection or educating him about the gaping hole in his perimeter.

    But ISPs don't really care if someone's using your connection, because if that takes you over your limit, then that works for them.

    I don't endorse borrowing peoples wireless connections before you all accuse me of being a thief, I just agree with those above that stated plod have far more important things to be doing. If anyone should be doing anything about WiFi theft, then it's owners, ISPs and regulators.

    It's a rose-tinted view of a world in which there are no opportunist thieves, but unfortunately we don't live in a world like that. Bet most of you have taken a pen home from work and forgotten to take it back.

  81. Guy Fawkes

    @ Fraser

    "how many OSes automatically connect to any WiFi access point that they can? My XP laptop certainly doesn't, I would regard this as a massive security flaw if it did."

    Either you are a liar, or you have specifically configured your XP laptop to *not* connect to any signal it can. The default configuration of Windows XP (at least as recently as Service Pack 2) is to connect to any signal it sees - whether that be an AP, or an ad-hoc (aka "per-to-peer") network. And that's why any time you see "free Public Wi-Fi" you should suspect a "man-in-the-middle" attack, but I digress...

    It *is* a massive security flaw. But it's also Microsoft Windows. The Windows design philosophy is to build a system that can be used by idiots (and sure enough, it *is* used by idiots).

  82. heystoopid
    Go

    Sounds like

    Sounds like a vicious case of profiling to me and the evidence was actually obtained from the perp's portable computer !

  83. Sir Runcible Spoon Silver badge
    Stop

    @The Other Steve

    "Just sending the packet is causing the computer to perform an operation, basically, you are committing an offence just by asking"

    If this is really true, then what happens when I turn on my wi-fi receiver and discover an SSID that has been broadcast?

    Surely that wi-fi router has made a connection to *my* network first! Explain that one away.

    @The Reg - thanks for censoring my last post - I was having a bad day at the time :P

  84. John Watts
    Flame

    I couldn't be arsed to read half the comments ...

    ... so if someone's pointed this out already, well I don't care.

    You'll probably find that the plod noticed two men in a car looking suspicious - they were doing what they do; it could have burglars casing someone's house.

    If I leave my front door open I am not inviting any of you stupid people to come in and take something that's mine.

    You can give it all the twaddle about trespass being civil but if it's with criminal intent it becomes burglary (it's actually burglary with intent to commit theft and can also be with intent to commit rape or murder).

    If you accidentally connect to the wrong network then your intention was not to take bandwidth that was not yours - you're unlikely to be prosecuted (unless you were reckless in which case you may be prosecuted).

    Looking at someone's flowers is not stealing anything as nobody pays for that reflected light. It comes from the sun - it's nowhere near the same as stealing bandwidth.

    Going back to the stupid comments about the police having nothing better to do; consider this - traffic cops, who are always slated for being so petty as to stop people who do something against the law (you know a bit of respect, politeness and a lack of belligerence will help turn points into a bollocking) arrest loads of people for other offences that come to light after the original stop. The way it works is that most criminals are actually stupid and also break lots of laws and often have warrants out on them which come to light when they're stopped for speeding (it's thirty for a reason in built up areas so don't fucking whine if you get caught by a camera).

    Two people parked up in a car seem likely to have set out deliberately to steal bandwidth. They deserved to get nicked.

    To all you people who think it's perfectly acceptable - I hope you get burgled or mugged.

    I just wish I'd read this article earlier so more people would read this.

  85. Steve Roper
    Flame

    @ James Basset and anyone else who thinks this is stealing

    Mr Basset:

    If someone walks into your house through your unlocked front door and nicks your telly, that is theft - I agree on that point.

    If you dump your telly on the footpath outside your house, and someone puts it in their boot and drives off: a) That is NOT theft because there is no indication of ownership; and b) YOU are now guilty of illegal dumping and littering.

    In my city (Adelaide) our local ISP, Internode, has rolled out a system called CitiLAN, which is free-for-all wifi access (albeit slow - about 2x dialup speed) located at all major shopping centres. If you are within about 1-2 km of a hub, you have access to it, and it's very useful for checking your email on the go, or if your home line is down.

    Now, my laptop is configured to auto-connect to the strongest signal; if that is secured, it will try the next strongest signal. If you lived here, Mr. Basset, and I was on the PUBLIC ROAD outside your house, and my laptop connects to your unsecured router instead of CitiLAN, then guess what? Not only am I NOT stealing your bandwidth, YOU ARE INTERFERING WITH PUBLIC COMMUNICATIONS!

    Fortunately the laws and police here are a bit more sensible than what you have in the UK; if you are in a public place, accessing any *unsecured* wireless signal is perfectly legal. Same as taking fruit from a fruit tree - as long as you don't reach into private property to take it; i.e. if the fruit is overhanging the footpath, you can legally take it (and the owner of the tree can actually be fined for obstructing a public thoroughfare).

    So, if you whingers want to charge people with "stealing" your unsecured bandwidth from a FUCKING PUBLIC PLACE, I want to see scum like you charged for interference with public communications. So if anyone tries to get me that way, that's what I'll slap them with. And I'll win, under SA law.

  86. Reid Malenfant

    Are people really this dense?

    The most likely reason the Police involved themselves in this case would have been in response to a formal complaint from an "aggrieved" person. Most, if not all, Force’s have digital message recording systems that automatically create unique actionable tasks with a meticulous audit trail of activity. They are often context specific in that the nature of the job, as originally recorded, largely dictates the anticipated Police activity. Everything is recorded and accountable; if a crime is reported, officers have to record it as such and follow certain procedures – thanks to the Home Office, they no longer have a choice in the matter.

    This complaint was almost certainly one of theft/deception/unlawful abstraction etc – and this is entirely the complainant’s call. If the suspect’s identity were also supplied, the Officer in the Case (OIC) would have very little room left to manoeuvre. I guarantee the cops involved would have groaned far more than you! The OIC would have had to juggle this job with a docket full of pending investigations and court files. Many have 25 – 30 jobs on the boil at any one time, all time critical. You don’t have the luxury of saying “No, sorry, too trivial”. This is why jobs stack up at peak times and you run out of uncommitted cops.

    That said, no-one has the right assume ownership of another’s property, goods and services regardless of its ready accessibility or the owner’s ignorance, stupidity, loss or abandonment. This is a cornerstone of English law and is why you can be convicted of theft by finding. Just because there is an implied right of access through your garden to your front door – to bona fide callers such as postmen etc – doesn’t give anyone the right to unreasonably loiter there or help themselves, irrespective of any lack of security – this is a legal principle regardless of the technology inolved.

    Most people I know have no idea how any IT system works and could care even less, they’re only interested in buying their toys and expecting them to work – and that’s their right. Failing to secure your network is, in principle, no different from failing to secure your home; neither gives another the right to make use of it without consent and, in this context, that consent must be expressly and freely given - by a human!

    If you don’t like it, tough! Grow up and stop whining.

  87. Colin
    Stop

    Sorry but seem peeps here are fooling themselves

    It doesn't matter what the technology does or doesn't do. It doesn't matter if the connection was made via an open router or if they hacked into it.

    The simple fact is they did not own the router so as soon as they connected to it then they broke the law unless they had been given permission by the person who owns it.

    Permission as it pertains to the technology concerned is not the issue but as it pertains to the person who pays the cost of the connection. In the eyes of the law the use of the device was without the express permisson of the person who owns it or their agents. To do this is a crime and once reported the police are duty bound to respond.

    Arguments and analogies supporting the two people arrested are totally irrelevant, the law is quite clear on this and has been for years. The same thing applies if you are to use your employer's phone to make a personal call to any number without the explict permission of our employer or the management of your employer's company.

    These two people are acused of breaking the law, they will get there day in court and there it will be decided if they actually commited a crime or not. People here going on about the merits of the actions of either the police or defending the two accused persons are just wasting space on the vulture's servers.

    The "I didn't know it wasn't an open hot spot honest gov", lines won't wash in a court of law. Ignorance of the law is no defense and people have been, can be, and will be found guilty of a crime they claim to be ignorant of commiting. The law states it is up to you to ensure you use publicly available connections. So basically if in doubt ask, if still in doubt don't use.

  88. Henry
    Flame

    You can't argue your way out of a Criminal Offence

    STOP TRYING TO APPLY COMMON SENSE TO THE LAW.

    Some firearms laws were introduced before the introduction of hand-held automatic weapons - does that make them invalid to offences commited with hand-held automatic weapons? No dumbass. The law was kept deliberately loose when drafted to account for these technological innovations.

    Want to argue? Think you can still connect to a network because they didn't secure it? Think that a car parked on the street with the keys in is fair game? Talk to policemen and lawyers who were involved with drafting it and try defending an individual charged with it (CMA Sect. 1 and CMA Sect. 2) - I have.

    Oh - by the way, be carefull picking up soap in the shower....

  89. tony trolle
    Pirate

    I wish...

    my belkin wireless would stay up long enough to get hacked :-)

  90. Seán

    @some steve or another

    I wasn't having difficulties with understanding the law, I was commenting on it being a bullshit piece of fascism. I was also pointing out how preexisting laws dealing with access to land work by way of contrast. So you know what you can do, and the horse you rode in on.

  91. Maty

    look at it the other way around ..

    I understand the computer misuse act as applying to access primarily to computer, not to bandwidth. If I access someone's network, I'm talking to their router, not to their computer.

    So let's assume Mr Gormless has a wireless network inadvertently offering open access. Ms Nitwit has a computer set by default to access any wireless network that is offering. Without Mr G or MS N knowing it, their machines have formed a beautiful relationship. (And this happens quite a lot). However, it is Mr G who has accessed Ms N's computer. It was his router that first broadcast the invitation, and it was his router that talked to Ms N's computer. Even if it's just a MAC number, Mr G has been extracting potentially useful data from Ms N's machine.

    And if Ms N sends her emails through Mr G's router, I could make an argument that Mr G is 'intercepting' her private communications. It would be a pretty dumb argument, but just as strong as the 'bandwidth stealing' case.

  92. Toby Parkins

    Steeling Blackberries

    I hope the police there are going to start arresting people for steeling blackberries (the ones that grow in hedges :)

    I remember my mum telling me when I was a kid that it was ok to pick and eat blackberries out of people's hedges. Do you think she was not telling the truth?

    No wonder people resent paying their council tax when so much goes to the police force.

  93. Dr Patrick J R Harkin

    @Anonymous Coward

    "Now if I had say milk dilivered and it was left on somebody else's dorrstep and they took it in not knowing that it wasn;t for there use - would they be breaking the law (no Pete James they wont)."

    Well, actually, if they weren't expecting a milk delivery, then they would. It's called "stealing by finding", I believe, though whilst technically they should report the "find", no sensible system would bother with a low cost, perishable, fungible item like a pinta.

    Using a neighbours wifi without their permission IS a criminal offence but is not a serious one in terms of loss of commodity. It COULD be a serious matter if criminals were using non-secured wifi as essentially anonymous net access for nefarious purposes.

    Perhaps it should be an offence to run an unsecured wifi access point - and as soon as the industry makes kit which talks without needing an engineering qualification to get it working - and without uPnP! - I'd support that law. But not yet.

  94. Anonymous Coward
    Thumb Down

    Re: look at it the other way around ..

    "I understand the computer misuse act as applying to access primarily to computer, not to bandwidth. If I access someone's network, I'm talking to their router, not to their computer."

    A router *IS* a computer, and is treated as such under the Act. When you connect through someone's Wireless router you modify information on that router. If, therefore, you do not have permission you *are* modifying information on a computer you do not have permission for and *are* contravening the Act.

    All other arguments are moot. If you are caught accessing someone else's network and the maintainers of that network did not give you permission ( and leaving his router open because he doesn't know how to configure is does *not* constitute permission ), then you are in a *very* sticky position and are quite likely to end up with a criminal record. Your only defence would be that you believed it was a public access point and, furthermore it iwas *reasonable* to believe it was public.

    Note to potential flamers: I'm not saying this is fair, its just how the law operates in this respect as I understand it.

  95. cor
    Linux

    hi Matt

    "Just keep in mind that the POP email protocol sends your email password across the net in plain text..."

    Possibly so by default, but you can use encrypted pop3 if you are savvy enough to click on the box/button. (Or is that something not available on Windows? I use the demon Linux). Obviously your ISP must support this too, if they don't, they need to be swapped out.

    "Many public facing computers have ping response turned off for that reason.."

    Yeah, spoilsports. That's why we have "$ nmap -P0 <address>"

    ;P

  96. Anonymous Coward
    Anonymous Coward

    @Guy

    "Either you are a liar..."

    Nope...

    "...or you have specifically configured your XP laptop to *not* connect to any signal it can..."

    I have used XP home (well, my friends use it and I have had occasion to support it) and XP pro, since arround the time it was released. I have mainly used desktops (therefore no wifi), but have had a couple of laptops that have had wireless. There is a pretty high chance that in setting up a laptop I would just automatically configure an OS to not connect to access points, although I have no recollection of doing this. Having said this one of my friends was round a few days ago, he has XP home on a T42 Thinkpad, newly installed and that didn't automatically connect to my neighbour's open access point, although it did when I missed my access point in the list and clicked on the it. I think you may be getting confused with XP automatically connecting to access points to which it has previously been connected. Not 100% sure mind.

  97. One-armed Freddy
    Stop

    Flawed analogies

    The analogy of having public water taps on streets is flawed. If a council has provided a tap for public use then you're allowed to use it. If my neighbour has an outside tap with a sign saying 'free water, help yourself' then it's reasonable to assume you can use it. If I have an outside tap visible from the road that doesn't have a sign saying it's for public use but it's not secured with a lock and key, that doesn't mean you should assume you can use it. The fact that it reflects light into your eyes doesn't allow you to use the water that I have paid for.

    The principle is the same for wifi, if you're not sure whether you're allowed to use an open wireless network then don't. If it's been intended for public use then I'd expect that to be reflected in the SSID or to see some signs up somewhere saying 'free wifi for customers.' (Incidentally, this raises the moral question as to whether you should be allowed to use the open wifi provided for customers of the cafe you live above when you've never been in there, but that's for another time.)

    If someone leaves a bag full of money on a table in a pub and I take some of it then I'm stealing. Just because it's open and I can see it doesn't give me the right to take what isn't mine. Just because your laptop connects automatically to an unsecured network doesn't give you the right to start using someone else's bandwith. If you see you've connected by mistake then disconnect. It's not difficult. I expect the commenters saying it's the sole responsibility of the network owners are the same people who defend virus and malware coders saying that if people are too stupid to protect themselves they deserve to be infected. Newsflash: not everyone is as computer literate as you! Some people might be unaware that it needs securing! Shock horror! Should we ban them from having computers and keep the internet a pure utopian society for IT professionals?!

    And does anyone seriously believe the police dropped the investigation of murders and rapes to come and arrest these people? Come on now, stop being silly.

  98. Brian
    Go

    Misrepresentaion of WiFi facility

    When I use my laptop, away from work, I will check to see what WiFi connections are available and generally use an appropriate one.

    Is it not an offense to advertise a facility, in effect, your SSID, if you do not intend to make that facilily available, free or otherwise.

    Secondly are they using your laptop resources without your permission and hence committing a crime under the Computer Misuse Act

  99. Paul

    Take the less out of wireless

    If I were to trail wires from my router into my neighbours houses and into the street, and then complain to the police that neighbours and strangers were connecting to my broadband, I'm sure I'd not get any sympathy from them, prosecutors or judges. That seems the most appropriate analogy for the pre-wireless Computer Misuse Act 1990.

  100. g e
    Pirate

    Responsibility

    People want the technology without the responsibility of maintaining it correctly and knowing how to use it. This is why we have driving tests for vehicles.

    It wasn't illegal to nab open wifi before the law was made, then someone decided it should be and it was. What's legal and isn't is just a case of where some lawlord sticks the goalposts this week apart from the obvious like murder, etc.

    If you have the technical ability to tell that someone's accessing your wifi then you also have the technical ability to secure your router, likely meaning that the accessed device was run by someone who had nothing better to do than wait for someone to connect to dob em in.

    Nabbing someone's wifi isn't really acceptable behaviour - especially if you're using it to d/l (C)/illegal material thereby incriminating the wifi owner - but if people would simply educate themselves a tiny little bit the problem wouldn't exist.

    If ignorance is bliss there must be a shitload more ecstatically happy people in the UK than I regularly meet.

  101. Ross

    lmao

    I am soooo appalled by the lack of legal knowledge shown by the folks on these comments. First of all, how you *think* it should work counts for shit. How the law says it works is what is important.

    1. Read up on "mens rea" and "actus reus" to help your 'ickle brains deal with the difference between your laptop randomly connecting to an open WiFi spot for a few secs and you actively using that open WiFi spot sans permission.

    2. Permission can only be granted by legal entities - that is human beings or corporations. A router/DHCP server cannot give legal consent. Saying that the DHCP gave you consent to connect is no different to saying your open front door gave me permission to come in and drink your beer. Clearly it's a fallacy.

    3. If you can't get permission because you don't know who to ask, then you don't have it. Simple as that.

    4. The idea that you can't steal a service is plainly wrong. If I pick up your un-PIN'ed mobile and make calls on it I commit an offence, if I steal your electricity I commit an offence, etc

    Basically the kids stealing WiFI were busted in accordance with the law.

  102. Neil Alexander
    Stop

    "Missing technical knowledge?"

    There is not really any excuse for failing to set up your network properly. I do not know of one wireless router that comes without an instruction/guidance booklet explaining how the wireless security works and what it does - and I've set up a lot of wireless routers.

    If you take the router out of the box, plug it in without reading the instruction manual, and your connection is unsecured by default, then that is as much your own fault for not reading the instructions that were provided. Heaven forbid that we should allow people to drive before actually learning the laws of the road; why should things like wireless security be different?

    The wireless security setup procedure in any commercial wireless router is not any more difficult than "go to this address, tick the box, enter a wireless key, click Apply". If the user can't understand the fundamental details of the technology from reading the instruction manual, then what is the user doing with the technology to start with?

    Incidentally, whether computers or wireless-capable devices should automatically connect to a wireless network is not at all relevant. The fact is, is that there are devices that do regardless. I have a 802.11-capable mobile phone. If I leave the wireless on and it stumbles across an open network, it might connect to it. (I say might because, well, frankly, I've never tried.) If it succeeds, my EDGE data session could get paused and then could get moved across to WLAN. If my Windows Live Messenger or push email services are active, they could reconnect using this new connection. All of this takes place without even taking the device out of my pocket. Would the police still like to run down the street and take me away for it?

    If you take the two minutes that is required to tick the box that turns your wireless security on during your initial setup procedure that, in all likeliness, you'll never have to repeat, then that won't happen. You can then go to bed at night knowing full well that:

    - innocent passers-by will not be unknowingly connected to your network;

    - less innocent passers-by will only be able to get into your network by deliberately trying to attack your network or find your key, and if they do "steal" your connection, they have done it deliberately and you have a case against them;

    - you've made the effort to actually understand the technology and prevent such mishaps from happening.

    Long live common sense.

  103. b166er

    @Neil

    Trouble is mate, most ISPs send out a router with a one page document saying plug it in and you're all set. Oh and by the way here's that WEP key thingy you'll need when Windows asks for it.

    The procedure has been dumbed down so that your average user (who doesn't care about wireless encryption and just wants to get on the net wirelessly) can plug'n'play. Therefore, most people who receive a wireless router will never see the full documentation (especially since it's tucked away in the CD-ROM that accompanied the router and not in printed text format).

    The onus as I said earlier, is on ISPs and regulators to make unsecured WiFi a problem apparent and to educate their users about it.

  104. Reid Malenfant

    The last word

    The Computer Misuse Act 1990 does not provide a specific definition of a computer. The definition is therefore left to the Courts who are expected to adopt the contemporary meaning of the word. The interpretation of the law proceeds by Stated Cases, thus: In DPP v McKeown, DPP v Jones ([1997] 2Cr App R, 155, HL at page 163) Lord Hoffman defined a computer as “a device for storing, processing and retrieving information”.

    This, therefore, will be a working definition of a ‘computer’ unless or until it is further modified by Legislation or another Stated Case. It clearly follows that Wi-Fi access points and routers, or any such combination of the two, will be regarded as ‘computers’ under the provisions of the Act.

    The offences. Section 1: Unauthorised access to computer material

    (1) A person is guilty of an offence if—

    (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

    (b) the access he intends to secure is unauthorised; and

    (c) he knows at the time when he causes the computer to perform the function that that is the case.

    (2) The intent a person has to have to commit an offence under this section need not be directed at—

    (a) any particular program or data;

    (b) a program or data of any particular kind; or

    (c) a program or data held in any particular computer.

    Section 1 CMA - Unauthorised Access

    As amended by section 35 Police and Justice Act 2006 and Schedule 15 of the Serious Crime Act 2007. Sections 1 and 2 of the CMA must be read in conjunction with section 17 of the CMA, which gives the interpretation of “unauthorised access” for the purpose of section 1. This states that there has to be knowledge on the part of the offender that the access is unauthorised; mere recklessness is not sufficient.

    Section 35 of the Police and Justice Act 2006 increases the penalty for a section 1 CMA offence, on summary conviction, to a maximum of 12 months imprisonment and/or a fine and on indictment to a maximum of 2 years’ imprisonment and/or a fine.

    The particular case in question will be tried on its merits but, as the specific circumstances have not been reported here, there is insufficient information upon which to make an informed opinion. All other comments are therefore mere speculation.

    However, the unambiguous common sense intention of the Act is to both punish and deter people from hacking, tampering and accessing computers, data and services they are not entitled to. This is the current law, ignorance of which is no excuse. Should you decide to ignore it then you will become liable its as simple as that.

  105. Julian Bond
    Alert

    The law's an ass

    The law as applied here is an ass.

    The law is unenforceable in general. Which means it's being used selectively as a last resort.

    The analogies don't work. Please stop trying to use them. Leaving a WiFi point open is not the same as leaving your front door open, your keys in your car, a tap in the street with a sign on it or leaving your garden flowers in plain sight.

    I want to live in a world where WiFi is freely available everywhere. Not a world where the Police can arrest and charge me because my computing device picked up an open WiFi point. As WiFi migrates into more and more devices this is going to become more and more likely. Putting the law more and more out of step with common usage.

  106. Anonymous Coward
    Anonymous Coward

    @Ross

    Re point 1:

    Just to clarify the points you made:

    from Wiki:

    actus reus - is the Latin term for the "guilty act" - action

    mens rea - the Latin term for "guilty mind" - intent

    "there must be an actus reus accompanied by some level of mens rea to constitute the crime with which the defendant is charged"

    From the CMA:

    A person is guilty of an offence if -

    (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

    (b) the access he intends to secure is unauthorised; and

    (c) he knows at the time when he causes the computer to perform the function that that is the case.

    In order for the actus reus to be fulfilled, sections a and b have to be fulfilled.

    In order for the mens rea to be fulfilled, section c must be fulfilled.

    Re point 2:

    You make the point that permission can only be granted by legal entities, however this is not required to be a verbal permission. If this were so, then a passport/drivers licence would not be a legal document. It is safe then to assume that a non verbal but recordable form of permission granting is legally binding. As a drivers licence or passport is produced by a selection of computer controlled devices, it would also be fair to say that these devices have been used by the entity to grant a permission on their behalf.

    Now then the interesting part is applying the terms to the usage of a wireless router. The device is bought specifically for the purpose of routing data packets between multiple devices not connected through a physical infrastructure. In order to do this various protocols are made available to the entity for controlling how they wish the router to grant permission on their behalf to route data packets to non physically connected devices.

    Irrelevant of how the protocols are setup when the device is purchased, it is the entity owning the device who is responsible for the operation of that device in terms or the permissions they have decided to grant.

    If they run the device setup to broadcast it's SSID, accept a request for an IP address, test this request against the permission granting protocols, grant a DHCP lease, and then route data packets to the device - then the device is granting permission on behalf of the owner.

    In order for the actus reus to be fulfilled, section b of the CMA states that the access he intends to secure is unauthorised.

    As we have seen, the access if granted will be authorised on behalf of the entity if the criteria are met that dictate the granting of access to the routing device. If this device was given criteria for testing the validity of an access which state "any device", then any access has been authorised.

    If the criteria state "must fulfill some validation metric" then the device is permitted by the owner to grant permission only to devices controlled by other entities that have been communicated with by the router owning entity to convey these validation metrics. In other words - if you are asked to validate yourself by a device then you are committing an offence if you try to access the device but were not told how to by the owner of the device.

    In order for the mens rea to be fulfilled, section c of the CMA states "he knows at the time when he causes the computer to perform the function that that is the case". In other words, if you know that the router requires validation metrics to validate your device, and you have not been told how to validate your device to the router - then if you try to access the device with foreknowledge that you have not been authorised you are breaking the law.

    To say again - if the router is not encrypted and broadcasting it's ID and function, then the owner has taken responsibility for the the device to grant permissions on their behalf to *any client* to have data routed to it.

    Saying that the DHCP gave you consent to connect is entirely different to saying your open front door gave me permission to come in and drink your beer. It is more akin to a publican, barman, punter relationship:

    client machine - punter

    wireless router - barman

    broadcast SSID - sign that says "I am a barman come and ask me if you can be supplied with some beer"

    DHPC - ask the barman if you can have beer, he looks at what the boss told him to do on his protocol sheet, he does it.

    i) no encryption - the barman has been told that he can supply beer to anyone

    ii) encryption - the barman has been told he can only supply beer to those that have the magic words

    iii) MAC address filtering - the barman has been told he can only supply beer to those on the guest list.

    iv) encryption with MAC address filtering - the barman has been told he can only supply beer to those on the guest list who also have the magic word.

    Charge per unit of beer supplied is arranged by the publican (router owner), and has nothing to do with the way in which the barman has been instructed to supply the beer (it could be a prepaid function, publicans private party or a normal pub - all of which it is the responsibility of the publican to point out to prospective punters)

    It is not illegal to take beer from a bar when you ask the barman and he says it's OK. It is illegal to take beer if he refuses you - for whatever reason. By asking, the responsibility for permission granting moves to the barman. Imagine if every time you ordered a pint you had to ask for authorisation from the publican.

    Re point 4:

    If you pick up my non PIN protected mobile and make calls on it you commit an offence, however if *I* put a sticker on my phone saying *any person* can use my phone to make calls then I have explicitly given you permission. If the sticker says *any family member* then you are stealing. The sticker is the analog of the SSID broadcast, the writing on the sticker is analogous to MAC address filtering,

    If you steal then you are committing an offence, but to steal you must not have permission in the first place.

    Your finishing statement states:

    "Basically the kids stealing WiFI were busted in accordance with the law".

    This is only true if the data they were being supplied with was made accessible by accessing the router using validation metrics they did not obtain direct from the owner of the router (ie. hacking) if it was open then the access was authorised correctly on behalf of the owner of the router - whether they knew what validation metrics they were using to grant permissions is a different matter.

  107. IanKRolfe

    Surely it works both ways?

    Surely any WiFi router that broadcasts an SSID is making an unauthoriised access to your computer, in attempting to create a network between it and your laptop. So if I am prosecuted for using someone's WiFi, shouldn't the owner of the Router be prosecuted for "causing *my* computer to perform a function with intent to secure access to any program or data held in *my* computer".

    If responding to a someone person's router's SSID invitation to join a network is illegal, then asking my computer to join in the first place is also an illegal access to MY computer!!!

    Anyhow, technical arguments aside, it would appear that the main motivation behind these prosecutions is that the government is worried about the implications of people "stealing" bandwidth (i.e. the possibility of it being used for criminal purposes), so it would make MUCH MORE SENSE to change the law to make owners of wireless routers responsible for securing them, rather than prosecuting people for using them - especially in previous cases where the question of authorisation has been more ambiguous (internet cafes, etc).

  108. Colin

    I still don't understand you people

    Stop coming up with the same bullshit about how open wifi access points give implict permission of use. Because like it or not under the law they do not. How the tecnology works is irrelavent and most of us that read EL Reg are probably more than qualified to know this information anyway so repeated decriptions of what a router is and how one works is pointless.

    The law demands that you must have knowingly used something that you knew was not yours, the how and why of it are not up for debate. All that is considered under the law is did you use something that you knew you did not have the right to use. If you did then you commited a crime plain and simple.

    Any other point is moot. if you don't like it tough. There is only one way you will change it. Sitting here pontificating about the merits of the law on the net will do squat. Try asking your MP's to ammend the law you might get better success

  109. Mark
    Boffin

    @Fraser

    And there you have agreed: WiFi access to an open AP is allowed. The 2.4GHz spectrum is a public resource and WiFi networks extend to the public.

    To ensure privacy you can use Wired Equivalent Privacy (WEP).

    A public network you access is giving access without explicit notification? Yup, but that includes an open WAP.

  110. Mark
    Boffin

    @Colin

    Do you have trouble understanding people who say that, despite having a nice flat lawn, the earth is round?

    Now your second para may have some room for a wedge into your head. The law, you say, demands that you musk KNOW that you are using something that is not yours (I assume also there is "and you are not allowed to use it" too, else children who don't own computers will be in jail for using their parents PC).

    So there ARE people who open up their AP for use. BT have a system where the wireless access is MEANT to be shared. There are public open WiFi spots. All are available for use by you, the public.

    Furthermore, your computer will connect to the best signal that you have access for (it will not connect to a secured connection unless you have filled in the key for access). It does not have to let you know this. You can find it out, but you don't have to.

    So we have a WiFi spot that doesn't say "GetOffMyLand" and is open for access. Your computer doesn't tell you where the router you have connected to is (e.g. 12 Seemly St) so you have no way of knowing that it ISN'T one of the possible AP's meant for public access.

    So the law doesn't apply.

    Now if you come out and say "please stop accessing my network", you'll have given me notification I cannot access your network. However, you have to properly inform me what your AP is called, the channel and so on so that I may be able to disconnect from YOUR network.

    However, if my computer WITHOUT MY CONSENT keeps accessing your network, I anm not committing any offense because *I* am not connecting to your network. My computer is. You may say that my computer access is really me, but then I can say your router giving me access is really you. As long as there are several possible open connections and you refuse to configure YOUR system to erject unauthorised access, why must I attempt to configure my system to exclude your network when there's no way of doing so?

    I'm trying not to access but your machine keeps hijacking my connection.

  111. Colin
    Stop

    @Mark

    Mark the insulting comment was not required. To insult the person stating an argument does not invalidate the argument itself. The plain fact is it doesn't matter to the law, what the technology is doing. It is up to you the person, to ensure you do not use your computer to connect to the internet via my wifi access point. Regardless of whether or not I have it secured.

    Unless I have given you permission by either directly telling you in person or via writing/email/or phone or by giving an open permission to all and sundry, via signage or marking my SSID as an Open Point available to all. Then the law as it is will find you guilty of illegally using my access point, it may be daft but that is the law. No one said it had to make sense, lots of laws don't. But that is how it is.

    If your computer is accessing someone's private AP, as you say "WITHOUT MY CONSENT" then the law doesn't care. It still puts the onus on you to find another AP that is open to all. The fact remains that unless you are using an open AP then you are in breach of the law.

    The defense of; "I'm trying not to access but your machine keeps hijacking my connection." won't work. You don't have a connection you have a computer, the connection begins at the Access Point. So the law still is on the side of the person who pays for the access point, which is not you.

    It's real simple when you think of it, laws are designed to protect the person with the money at stake. If you aren't paying for it and you use it then the law will always beat you for doing it. The laws always have worked that way and always will.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019