Posted on 01/07/2008 10:46:22 AM PST by SubGeniusX
Network security firm Sophos recently published a study on what it terms WiFi "piggybacking," or logging on to someone's open 802.11b/g/n network without their knowledge or permission. According to the company's study, which was carried out on behalf of The Times, 54 percent of the respondents have gone WiFi freeloading, or as Sophos put it, "admitted breaking the law [in the UK]."
Amazingly, accessing an unsecured, wide-open WiFi network without permission is illegal in some places, and not just in the UK. An Illinois man was arrested and fined $250 in 2006 for using an open network without permission, while a Michigan man who parked his car in front of a café and snarfed its free WiFi was charged this past May with "Fraudulent access to computers, computer systems, and computer networks." On top of that, it's common to read stories about WiFi "stealing" in the mainstream media.
It's time to put an end to this silliness. Using an open WiFi network is no more "stealing" than is listening to the radio or watching TV using the old rabbit ears. If the WiFi waves come to you and can be accessed without hacking, there should be no question that such access is legal and morally OK. If your neighbor runs his sprinkler and accidentally waters your yard, do you owe him money? Have you done something wrong? Have you ripped off the water company? Of course not. So why is it that when it comes to WiFi, people start talking about theft?
The issue is going to come to a head soon because more and more consumer electronics devices are WiFi-enabled, and many of them, including Apple's iPhone and most Skype phones we've used, come ready out of the box to auto-connect to open WiFi networks. Furthermore, as laptop sales continue to grow even beyond desktops, the use of open WiFi is only going to grow along with it.
Steal this WiFi connection!
When you steal something, there's typically a victim. With WiFi, Sophos thinks the ISPs are the victims. "Stealing WiFi Internet access may feel like a victimless crime, but it deprives ISPs of revenue," according to Sophos' senior technology consultant Graham Cluley. Furthermore, "if you've hopped onto your next door neighbors' wireless broadband connection to illegally download movies and music from the 'Net, chances are that you are also slowing down their Internet access and impacting on their download limit." In Sophos' view, then, both ISPs and everyday subscribers can be victims.
In one fell swoop, "stealing WiFi" gets mentioned in the same breath as "illegally" downloading movies and music. The fact is, people join open WiFis for all manner of reasons: to check e-mail, surf the web, look up directions to some place, etc. Those don't sound like nefarious activities, however, and certainly not activities which are likely to get someone in trouble. Of course if you run an open WAP (wireless access point) and it is heavily used for just e-mail, you could still hit your bandwidth cap (if you even have one), but that has to happen only once for that user to figure out what's up, and fix the problem. And let's be honest: it is their problem. No one forced that user to install a WAP or to leave it wide open. We'll get back to this in a minute.
The argument that using open WiFi networks deprives ISPs of significant revenue is also a red herring. Take the case of public WiFi hotspots: official hotspots aren't that difficult to find in major cities—every public library in Chicago has open WiFi, for instance. Are the public libraries and the countless other free hotspot providers helping defraud ISPs? No, they're not. There's no law that using the Internet requires payment of a fee to an ISP, and the myriad public hotspots prove this.
Really, there's only one time when you could argue that an ISP is being gypped, and that's when someone is repeatedly using his neighbor's open WiFi in lieu of paying for his own service. Is this really wrong? Let's consider some parallel examples. If the man in question were given a key and told that he could enter his neighbor's house whenever he wanted to use a PC to access the Internet, would this be wrong? Of course not. They key here (pun intended) is the "permission" given by the owner of the home. Our leeching friend would clearly be in the wrong if he were breaking into the house, of course, because he would be sidestepping something clearly set up to keep him out. If he has permission, I suppose one could argue that it's still not right, but you won't find a court that will punish such a person, nor will you find too many people thrilled at the idea that someone else can tell them who they can and can't allow into their homes for what purposes.
Some people leave their wireless access points wide open deliberately. A friend of mine and recent seminary graduate lived in a campus-owned apartment building. In addition to being a man of the cloth, Peter is a longtime Linux user and open-source advocate. While living here in Chicago, he got his DSL from Speakeasy and shared the connection with others in his building... and anyone else who needed a quick Internet fix (Speakeasy even encouraged this). He even positioned his router so that anyone in the church across the street could pick up a signal. Obviously, not everyone is like Peter. But despite easy-to-read instructions and a plethora of warnings about the need to secure your WAP, some people just can't be bothered to enable the most basic security settings.
To the person with a laptop and a sudden need to check e-mail or surf the web, it's not possible to tell who is leaving their access points open deliberately and who just plain doesn't care. The access point is there and the virtual doors are unlocked, so why not take advantage of it if you're in need?
A couple of caveats: be familiar with the law of the land. As the examples at the beginning of this story show, it's illegal to access a WAP without permission—even if it's wide open—in some places. Also, you should never use an open point for anything illegal or even unneighborly. Don't log onto the first "linksys" WAP you see and fire up a torrent for your favorite, just-released Linux distro.
And as always, don't leave your own 802.11b/g/n router wide open unless you're comfortable with random surfers using your 'Net access for their own purposes.
Open WiFi is clearly here to stay.
That depends on how your ISP charges you. I have a monthly bandwidth limit. If I exceed that limit I get charged extra for the additional use. So if I leave my connection unsecured and someone else uses it, yes, they are definitely depleting my stuff.
I understand that your analogy is flawed. A better analogy would be "If I held a big noisy party at my house, with free booze and eats for my friends, would it be okay for anonymous strangers to crash it, eat and drink, and split without ever saying anything to the host?" You might get away with it, it might not be illegal even, though I'd argue tresspassing. But it is absolutely unethical.
If you want to "hang an OPEN sign" on your WiFi, then name it "ctdonath2's FREE access" or "Starbuck's Free HotSpot" with SSID. But LexBaird's WiFi isn't an open sign, it's an address so my invited guests can find the party.
I have to disagree
“Using an open WiFi network is no more “stealing” than is listening to the radio or watching TV using the old rabbit ears.”
You watching my TV or listing to my radio (or your own) does not degrade my service. You hooking into my bandwidth limited connection and using some of that limited resource for your own enjoyment most certainly *IS* stealing.
“If your neighbor runs his sprinkler and accidentally waters your yard, do you owe him money?”
No but if you move his sprinkler so it gets your flowers and not the whole of his lawn you have.. Bandwidth is limited..
“Stealing WiFi Internet access may feel like a victimless crime, but it deprives ISPs of revenue,”
That it does, in the same way cable theft steals from cable companies. Also youre stealing from the person who pays for the bandwidth.
“but that has to happen only once for that user to figure out what’s up, and fix the problem.”
Right its only a problem if you get caught. Guess what many people dont understand bandwidth and will just assume ‘the net is slow today’. I use my network for my phone as well as do many people.
“And as always, don’t leave your own 802.11b/g/n router wide open unless you’re comfortable with random surfers using your ‘Net access for their own purposes.”
And dont leave your door unlocked unless youre comfortable with people coming in to your home and taking something..
As my grandfather used to say “Locks are to keep the honest people out”.
I believe there was a case recently where that exact situation happened and the owner of the router (and, by default, owner of the service) was held responsible for his neighbor illegally downloading material to his (the neighbor) computer. This was because, like you said, the router's IP address was the IP address used to download the material. Sad thing is, the guy who owned the service had no idea that his neighbor was stealing the connection.
You left out the part where he is not a customer *anywhere*... Im sure if I bought a coffee and was having it on the patio (or in my car) they could care less..
I have nothing more to offer this topic but semantics and implied intent.
Intent and ignorance has a lot to do with how I fell. Might be due to all the ignorant and old people who have no clue that what the default settings are that call me when they get viruses, lose speed and have a bunch of other problem on thier home networks.
I understand what you are saying and I understand what the default settings are. But ... well, I know I am not gonna win here... but, I cannot help but feel there is a huge “OOPS” factor here from people who have no clue and do not intend to let people steal/share their service. There are quite a few of unprotected connections that come up for me when I log on. But I would never take advantage of that because I did not pay for it and because I do not take it for granted that the person who is unprotected is consciously broadcasting for me to get a freebie. I automatically assume that it is an error on the broadcasters part and stand on the ‘I did not pay for that’ theory.
I know a guy who rented an apartment and did not want to incur the costs of cable internet. He made an agreement with the guy downstairs to share the connection that came thru the downstairs apartment. To me, that is a totally different thing.
I have no other argument than to say that, to me, it is different. I am not gonna win here and see that I will not change anyone’s mind... but to me, it is just different. Purely emotional.
:)
For home use you’re 100% right but it can be dammed inconvenient for a business..
“If you don’t password protect, then it’s not really stealing.”
Horse crap...
Thats like saying if you dont lock your door coming into youre house is not breaking and entering..
But that consequence is less certain than outright theft of an object. It may or may not have resulted in actual revenue.
WiFi is a constant service which is only partially used in most cases by it's rightful owner. "Theft" of part of that service may or may not even be noticed by the rightful owner. Unauthorized use of WiFi bandwidth will frequently not negatively impact the owner at all.
In other words, it's often difficult to find any actual harm or damage to such unauthorized use of bandwidth.
If, on the other hand, an unauthorized user hogs enough bandwidth to be noticeable and to negatively impact the owner, then it's a more clear-cut problem. The owner is not getting the full value for which he has paid, and it's the unauthorized user who has caused that decrease in value.
This last scenario is most like trespassing, in my mind. The bandwidth paid for and owned by the rightful owner is much like a parcel of land of a specific size. Like an owner of a large ranch, he may rarely if ever put the entire purchase to use. The impact of a temporary user on his broadband WiFi network would be just as negligible as the impact of a hunter camping overnight on a corner of a 1000 acre ranch.
At the very worst, such access should be on the order of misdemeanor trespassing, with a $50 fine and a shake of the finger.
It should absolutely not be prosecuted under statutes enacted to punish dangerous criminal network hacking and digital espionage, etc.. That's a clear case of misapplication of the law.
It takes special equipment and an overt effort to steal bandwidth over an unauthorized connection to a Wi-Fi access point. It's hardly an open door. The law in many states and some federal laws treat unauthorized access to another person's computer as a criminal act. The effort I make to lock down my computers and networks would be more than adequate proof that intrusion is unwanted and a prosecutable offense. I've been locking down computers for my employer since 1983.
Now then...
There is a cultural norm to stay out of an area which (1) does not have any visible invitation, or (2) features a physical hinderance (fence, lock) or visible dis-invitation ("POSTED", "Keep Out"). Some people are happy to share their property with casual users, and either post an invite or just leave trails unhindered. Those not so inclined build a hinderance (even if easily breached), or post signs discouraging use.
Ditto Wi-Fi: out of the box, most routers default to inviting use without hinderance ... and a great many potential users see that as a cultural norm of inviting responsible use.
Alongside the owner's responsibilities, the user has responsibilities too. I may leave my Wi-Fi connection open for public use, but that presumes users won't go running torrent servers or performing illegal acts. This is like someone with a forest/field allowing hikers to wander thru so long as little or no impact occurs.
So yes: if the SSID is broadcast, and there is no WEP key, and no other hinderance or dis-invitation indicated (like the SSID is "KeepOut"), then there is at worst fair doubt of the owner's intent to allow use, and to a large percentage of potential users that is viewed as "responsible & polite use encouraged". It's hardly "theft".
The word you’re looking for, and more people should use, is “tresspass”.
Is he a customer if he buys one cup of coffee and sits inside for 2 hours?
If you read my whole post, you'll discover that I not only looked for the word, I found it too! ;-)
Let's compare apples and apples here. My neighbor hired a contractor to install a fence. The contractor pulled an extension cord over to my driveway and connected to the power socket to run his saw. He did that without asking my permission. That circuit already has enough load that running the saw risked popping the circuit breaker. That was blatant theft of my electrical service without my permission. The electricity stolen was discretely billable.
If that same contractor managed to successfully connect to my WiFi and start downloading a movie over my DSL line, my network performance would have been impaired. That DSL line is my connection to make a living. When it is impaired, my ability to work is impaired. It costs real money because it takes longer to provide the service to my customers.
Only if steps have been taken to hinder unauthorized access.
For many computers (including iPhones and PSPs), simply turning it on is enough for the machine to connect to any unlocked Wi-Fi router - hardly "special equipment and an overt effort". For most others, it merely click on "show local wireless networks" and select an entry - again, hardly "special equipment and an overt effort".
"Special equipment and an overt effort" would entail, say, a "sniffer" (a rare piece of network diagnostic equipment) to detect an un-broadcast SSID, gather a few GB of traffic, and run a decryptor to determine the WEP key.
AGAIN: what we're talking about here is something that BROADCASTS "I'm here! I'm free! Anyone can connect!" and hands out DCHP IP addresses to anyone who asks for one. THAT, my friend, is an "open door".
SSID “KeepOut”.
ROFL. Luv it!
But really, I guess what I’m saying is unless the network owner has taken some positive steps to secure it (and failed), then someone who comes along and uses it casually CANNOT be presumed to have done something immoral or unethical or illegal.
That’s kinda like a prior restraint sort of thing. If I put a couch out for the garbage guys to pick up, I can’t really fault some guy driving by in a pickup and loading it up.
If the legislatures are so hell bent on passing laws (which we already know they are) then the law should be that any AP bought OOB has to have default security.
Then, at least, it would be a valid presumption to say somebody else who is using it had broke in.
See my #122. With my monthly bandwidth limit (and it is low enough to be a factor at the end of every month but that's what I can afford to pay for), it is defiantly theft if an unauthorized person uses my bandwidth.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.