Dutch Court Says Breaking Into An Encrypted WiFi Router To Use The Connection Is Legal

from the that-seems-to-be-a-bit-far dept

Slashdot points us to the news of a somewhat surprising ruling out of the Netherlands. Apparently, a Dutch court has ruled that hacking into an encrypted WiFi router to use the connection is legal. I'll have to remember that next time I'm searching for WiFi in the Netherlands. Along those lines, it also said that just hopping on open WiFi networks cannot be prosecuted. That latter point I certainly agree with. If you leave a router open, it should be perfectly legal to use it. As for why hacking into an encrypted router was deemed legal, it's basically because the law defines a computer as a machine that handles the storage, processing and transmission of data. And, with most routers, there's no storage. So it's not a computer. If the guy had hacked into someone's computer, it would have been a different story. Of course, I wouldn't be surprised to see the government now modify the law to cover routers and other devices as well.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hacking, netherlands, open wifi, wifi


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    The eejit (profile), 21 Mar 2011 @ 1:25pm

    Wow, that's actually a fun loophole for people to get out of BREIN's suits.

    "I didn't do it, Your Honour - it was one of them dastardly BREIN hackers! They planted that musci on my router!"

    link to this | view in chronology ]

  • identicon
    Phillip, 21 Mar 2011 @ 1:42pm

    Unfortunately...

    I think this ruling is less about making WiFi more open and more about ignorance of technology. Routers do store data. My router (and every router I'm aware of) stores the passwords, MAC address filter list, and a host of other information on it in addition to transmitting the WiFi signal and processing network requests. This seems to fit their definition of a computer (and it should since a router is one).

    I do agree that if you leave your wireless unprotected it shouldn't be illegal for people to hop on. If you don't want other people using it, give it some protection.

    link to this | view in chronology ]

    • icon
      Gwiz (profile), 21 Mar 2011 @ 1:45pm

      Re: Unfortunately...

      ...give it some protection.

      Aha! A new business opportunity. Router Trojans!

      link to this | view in chronology ]

      • icon
        Greg G (profile), 22 Mar 2011 @ 9:12am

        Re: Re: Unfortunately...

        That makes me picture a condom, with a reservoir tip, over the wireless routers antenna.

        link to this | view in chronology ]

    • icon
      PaulT (profile), 21 Mar 2011 @ 1:51pm

      Re: Unfortunately...

      I suppose it depends on what the law classifies as "data". If the law specifies some kind of personal data such as names and addresses, rather than technical data such as MACs and passwords, it would probably not count as storage.

      link to this | view in chronology ]

      • icon
        Nick Coghlan (profile), 21 Mar 2011 @ 2:37pm

        Re: Re: Unfortunately...

        If nothing else, the router stores it's own SSID, usually a name the owner chose to give it. Many will also store the *name* of computers on that network, again something that isn't purely technical.

        Those that are also uplink capable will generally hold the username for the user's ISP account, a very personal piece of data.

        It's a crazy ruling.

        link to this | view in chronology ]

    • identicon
      abc gum, 21 Mar 2011 @ 5:05pm

      Re: Unfortunately...

      "Routers do store data."

      Not all WIFI devices include a router, most that do allow it to be turned off.

      link to this | view in chronology ]

    • icon
      Joe Magly (profile), 22 Mar 2011 @ 9:58am

      Re: Unfortunately...

      I would tend to agree.

      Many modern wireless and combo routers also include USB, eSATA or Firewire ports for hooking up storage devices for exposure over the network.

      There is no way to tell if a particular router has such a device hooked up until you actually break into it and generally, unlike shared storage on a PC that may implement some form of security, very often these router shares are open to whomever has network access.

      link to this | view in chronology ]

  • icon
    Nom du Clavier (profile), 21 Mar 2011 @ 1:43pm

    The law in this case seems to have gone through some revisions and is at best ambiguous. Not ambiguous enough that I'd agree with the ruling.

    If the law unequivocally supported the judge's decision, I'd have to very much disagree with the law in question, in fact.

    For the time being I'll have to modify the firmware on my router so that even if you defeat the encryption, if you actually go out on the interwebs from it, you'll end up downloading something off of a honeynet in the same network -- which would then of course actually be illegal. ;)

    link to this | view in chronology ]

  • icon
    misterdoug (profile), 21 Mar 2011 @ 1:52pm

    Just a technicality

    It's as if the law defined "lock" as a cyindrical mechanism with a keyhole, forgetting to include combination locks, cardkey locks, etc, and the judge was being overly literal. This shouldn't be too hard for legislators to fix with a little clarification, but I'm susprised nobody pointed out to the judge that routers actually do run software and store information (passwords, configuration, etc). Seems like a no-brainer to prove that they are computers.

    link to this | view in chronology ]

  • icon
    misterdoug (profile), 21 Mar 2011 @ 1:58pm

    Contrast to the U.S.

    This is in stark contrast to the law in the United States, where we like to make it illegal to discuss circumvention techniques because then somebody might use them for piracy.

    link to this | view in chronology ]

  • identicon
    Pendrake, 21 Mar 2011 @ 2:19pm

    No storage?

    If there is no storage... where did I upgrade my router's firmware to?

    And where does those nifty websites to adjust settings get stored?

    What about the black-listed and white-listed domains?

    A router does have storage, just not that much...

    link to this | view in chronology ]

  • icon
    RikuoAmero (profile), 21 Mar 2011 @ 2:32pm

    "the law defines a computer as a machine that handles the storage, processing and transmission of data".

    So, if I disconnect my computer from the internet, its no longer transmitting data...does that mean its no longer a computer? So, if say I'm at a coffee shop, someone has their laptop open on the table and has gone to take a piss, if I just disconnect it from the internet and only then hack into it, its not hacking, because its not a computer due to not transmitting any data?

    link to this | view in chronology ]

    • icon
      aldestrawk (profile), 22 Mar 2011 @ 12:41am

      Re:

      The transfer of data doesn't have to be packets transmitted over a LAN or the internet. The data transfer could be to a USB flash device, a writable CD or DVD, or even a floppy. Also, for the definition, the computer just has to be capable of data transfer.

      link to this | view in chronology ]

  • icon
    Pickle Monger (profile), 21 Mar 2011 @ 2:35pm

    No storage for data? Not a computer...

    Wow! I guess people with the netbooks and tablets that rely on cloud-based storage better stay out of Netherlands then...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2011 @ 2:41pm

    If I leave my front door unlocked should it be legal for you to come and go as you please? Nevermind any consumption of food or destruction of property, but if a homeless person walks into my apartment and sleeps on the floor for the day and that's it, doesn't do anything else, isn't that still trespassing?

    But just as I secure my network I still lock my apartment doors as well. You could also say the lady with the short skirt was asking for it...

    link to this | view in chronology ]

    • icon
      Ray (profile), 21 Mar 2011 @ 2:55pm

      Re:

      I think it depends on the region of the law, but if the door is "unlocked and closed" then you should be good. If the door is open, then trespassing might be difficult, again all this depends on how the law is written.

      On the topic this appears to be a strange ruling.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Mar 2011 @ 3:15pm

      Re:

      If you leave your front door unlocked, you may or may not be able to press charges for trespassing. You certainly won't be able to prosecute for breaking and entering.

      And the "short skirt" reference is vile, but in many states, you can be charged for leaving a car at a convenience store unlocked and running; the logic being that you not only "asked for it" to be stolen, but you're placing a burden on law enforcement.

      link to this | view in chronology ]

      • icon
        Hugh Mann (profile), 21 Mar 2011 @ 3:59pm

        Re: Re:

        Sure, you can charge the tresspasser w/ breaking and entering. What you are "breaking" is more figurative in the legal sense. It doesn't mean actual destruction of property. It means breaking the spatial plane of the property, i.e., crossing through it to enter the house.

        Yes, the actual damage done may be negligible, but I'm not aware of any jurisdiction anywhere that takes the position of an open door on a private home being the equivalent of an invitation for any random passerby to enter.

        HM

        link to this | view in chronology ]

        • icon
          Hugh Mann (profile), 21 Mar 2011 @ 5:04pm

          Re: Re: Re:

          Correction:

          Just checked Black's Law Dictionary. The "breaking" does require SOME force, but it can be even the slightest "force", such as the gentlest tap required to push an unlocked door open held in place only by its own weight. So, if the door actually is wide open, it's arguably not "breaking".

          It is still trespassing, though, as "trespass" is the mere unauthorized entry onto the private property of another.

          In any case, I submit that the relatively minor action required to connect to an open wifi signal is sufficient to treat it as analogous to "breaking" in the physical/legal sense.

          HM

          link to this | view in chronology ]

  • identicon
    Trerro, 21 Mar 2011 @ 2:59pm

    Odd...

    An open router is exactly that, so yeah, it should be perfectly legal to use.

    As for breaking into an encrypted one purely to use the connection, I don't think that should be legal, but I think it's a rather minor offense. IMO, trespassing would probably be the appropriate charge, with the punishment being a requirement to pay the bill on that connection for the month.

    As for the "it doesn't store anything, so it's not a computer" clause, that's... iffy at best. It's true that there's no storing of personal data and such, but you do save the block list, port forwarding list, and other config settings to the router, so that definitely isn't "no storage". It's good that they recognize that hacking a router is nowhere near as significant as hacking the computer behind said router, but to completely dismiss the offense is IMO, going too far in the other direction.

    link to this | view in chronology ]

    • icon
      Cdaragorn (profile), 22 Mar 2011 @ 7:40am

      Re: Odd...

      "An open router is exactly that, so yeah, it should be perfectly legal to use."

      So if I leave my toolbox out on my front lawn, it should be perfectly legal for you to take it and use the tools, even if you intend to return it?

      Just because something isn't locked up doesn't make it ok to use it. Locks exist because there are dishonest ppl who will take things if they can, not to let ppl know that you don't want them taking your stuff.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2011 @ 3:02pm

    It seems mostly like a surprising ruling that will get overturned somewhere down the line. It just doesn't appear to be in line with even basic logic.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2011 @ 3:44pm

    I'm not sure this is bad.
    I'm a bit uncomfortable with the notion that someone can be found criminally guilty for basic finding information about something when it doesn't deprive someone of something(for example your bank account) this is one of those things that needs intent to be really bad, if your intent is to test the security of others but do no harm where is the problem really?
    on the other hand if your intent is to take advantage of someone to make money out of them and have them bear all the problems that is wrong.

    link to this | view in chronology ]

  • identicon
    Cowifi, 21 Mar 2011 @ 3:46pm

    Ignorance is Bliss

    This is ignorance at best.

    Beside the usual stuff routers store.
    What about the fact routers have also built in storage and storage control technologies.
    Just look at all those people using router with built in torrent clients and utilizing storage.

    Sorry this doesn't wash, my detectors can still pickup Bull$!t.

    This is illegal pure and simple. How dumb can you get?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Mar 2011 @ 3:49pm

    Is it really legal, or does it just fail to violate the particular trumped-up computer hacking charge that they tried to stick on this kid?

    link to this | view in chronology ]

  • icon
    Pitabred (profile), 21 Mar 2011 @ 3:50pm

    Civil vs Criminal

    This story didn't say that the breaking of encryption was legal. Just that it wasn't criminal. They could still be open to and lose civil lawsuits. It's just that the government is stepping out of direct prosecution.

    link to this | view in chronology ]

  • icon
    Hugh Mann (profile), 21 Mar 2011 @ 3:52pm

    Why should it be legal to hop onto open WiFi signals?

    I can see making it a very minor offense, and perhaps even require that you knew it wasn't supposed to be available to you (so it's not illegal to accidentally click on the neighbor's wifi signal when you meant to click on the one at Starbucks, etc.).

    And, certainly, I don't have a lot of sympathy for those who complain about moochers when it's not hard for them to take some steps to avoid it.

    However, specifically making it legal seems like the online equivalent of saying it's legal to walk into someone's house and sit down on the couch and watch TV as long as the door was open and they don't actually make a mess.

    HM

    link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 21 Mar 2011 @ 4:03pm

      Re: Why should it be legal to hop onto open WiFi signals?

      However, specifically making it legal seems like the online equivalent of saying it's legal to walk into someone's house and sit down on the couch and watch TV as long as the door was open and they don't actually make a mess.


      Not at all. The very nature of open WiFi is that *IT* broadcasts itself out to the world and says "HEY, JOIN ME!"

      That's not the same as what you describe at all.

      link to this | view in chronology ]

      • identicon
        Tom Anderson, 21 Mar 2011 @ 4:26pm

        Re: Re: Why should it be legal to hop onto open WiFi signals?

        It's not breaking and entering to enter an open door. The teen was convicted of some of the charges against him, and the case has been appealed, so it doesn't seem like the decision of the judge to be lenient on the hacking now makes it legal. The Netherlands doesn't follow common law, it follows civil law, so unlike in other places like the UK or the US, what one judge decides in this one case has little bearing on the legality of hacking routers in other cases. Hacking routers is already illegal in the Netherlands as the original story pointed out, at least for certain purposes.

        link to this | view in chronology ]

        • icon
          Hugh Mann (profile), 21 Mar 2011 @ 4:59pm

          Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

          Did a quick check of Black's Law Dictionary for "breaking and entering". The "breaking" part does require some force, but it can be even the slightest force, such as that of pushing open a door held in place only by its own weight.

          So, the "open door" analogy is not quite correct after all.

          However, I would say that it turns the tables somewhat, in that hopping on to an unsecured wifi router takes some "force" (i.e., an action) by the perpetrator. In that sense, it is still like "breaking and entering". It may be a very minor action on the part of the perpetrator (i.e., specifically selecting the wifi signal or setting his PC to automatically connect to available signals), but it still takes an action. More akin to someone walking down the street, either looking for doors that might be pushed open, or actually trying each one - giving each a gentle push to see if it will swing open and admit him.

          So, again, I wouldn't advocate huge fines or anything like that, but I do disagree strongly with the idea that the electronic equivalent of a trespass should be excused, and the trespasser considered ENTITLED to trespass merely because the owner was less than entirely diligent in nailing down his property.

          I had a neighbor once who actually disconnected the cable coming into my apartment and connected it to his apartment (needless to say, I discovered thsi VERY quickly). Should that be OK? Basic cable is not scrambled. What if he just inserted a signal splitter and mooched off of my account? Should he be entitled to do that merely because I didn't think to encase the cable connection in some sort of locked housing?

          As a kid, I was taught to respect the property of others. If you didn't acquire it (i.e., usually, pay for it) legitimately, leave it alone, as it belongs to someone else. I really dislike this philosophy of, "hey, if it's not atually locked down, it's fair game!"

          HM

          link to this | view in chronology ]

          • icon
            PaulT (profile), 21 Mar 2011 @ 5:18pm

            Re: Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

            Again, the physical analogies really don't hold up if you examine them closely.

            "So, again, I wouldn't advocate huge fines or anything like that, but I do disagree strongly with the idea that the electronic equivalent of a trespass should be excused, and the trespasser considered ENTITLED to trespass merely because the owner was less than entirely diligent in nailing down his property.

            1. What if the owner of the unsecured network didn't care, or actually wants people to access it if they need to? Should the law intervene then? How would law enforcement know before they've hassled 2 private citizens doing nothing illegal, as allowing someone access to your property is not illegal?

            2. Given that pretty much every ISP supplied router comes with some kind of password as standard, most unsecured routers would have had the "nailing down" removed, not the other way around. The clueless or lazy would have the standard encryption.

            "Should he be entitled to do that merely because I didn't think to encase the cable connection in some sort of locked housing?"

            No, because he actually had to enter your property in order to access it. In a wireless situation, your signal would be on his property, or on public property. There's a big difference.

            link to this | view in chronology ]

            • icon
              Hugh Mann (profile), 21 Mar 2011 @ 5:49pm

              Re: Re: Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

              The owner can easily use an SSID that says "Use me". I'm happy to say that a passerby should be entitled to rely on that kind of an SSID and not be tricked into breaking the law. So, I would make this an "opt in" situation for router owners, rather than "opt out".

              Most routers come with some sort of default password, like "admin". If the owner didn't change that, is it the same as leaving it open?

              Clarification - the guy who mooched my cable didn't need to enter my property. The cable connection was on the common exterior of our duplex.

              HM

              link to this | view in chronology ]

      • icon
        Hugh Mann (profile), 21 Mar 2011 @ 4:33pm

        Re: Re: Why should it be legal to hop onto open WiFi signals?

        I don't think I view "availability" as the same thing as an "invitation". To me, the open-door analogy seems apt. You know it's not your router, just like you know it's not your house. Yes, the guy who leaves his router open is just as dumb as the guy who leaves his door open, but it seems quite a leap to essentially bless the unauthorized use of another's property. If I accidentally left my phone on a park bench, does that mean I've invited the world to use my phone? Yes, I may still be responsible to the phone carrier for the charges, but I could recover those charges from the guy who used my phone without my authorization (if I could find him, etc.)

        So, if I leave my door open and my porchlight on, is THAT when I cross the line into having invited the world to c'mon in?

        HM

        link to this | view in chronology ]

        • icon
          PaulT (profile), 21 Mar 2011 @ 5:00pm

          Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

          I think that you've just demonstrated the problem with comparing the physical and non-physical. There are places where the comparison simply does not work, and this is one of them.

          link to this | view in chronology ]

          • icon
            Hugh Mann (profile), 21 Mar 2011 @ 5:08pm

            Re: Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

            I disagree. I think the physical analogy works well. If it's not yours, leave it alone. Works in both contexts.

            HM

            link to this | view in chronology ]

            • icon
              PaulT (profile), 21 Mar 2011 @ 5:30pm

              Re: Re: Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

              There's a lot of things I use every day that aren't mine. Most of them, I only use based on implied rather than explicit permission being granted. There's nothing wrong with that, because the implicit invitation is what's intended.

              If your wireless signal is entering someone else's property (or public property) and it's not secured, isn't that an implication that the owner doesn't wish to restrict it? If not, I can't think of any physical analogy offhand that would work. Analogies like trying the doors on peoples houses and leaving phones in parks certainly don't work.

              link to this | view in chronology ]

              • icon
                Hugh Mann (profile), 21 Mar 2011 @ 6:06pm

                Re: Re: Re: Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

                Actually, an interesting perspective. If you are "emitting" something from private property that is detectable in a public space, is it reasonable to assume you are therefore entitled to receive the emissions for your own purposes? Stated this way, I am almost persuaded.

                Certainly, it's a serious breach of etiquette to intentionally position yourelf to hear conversations in your neighbor's house or so that you can look in through your neighbor's window to survey what's inside - all from outside your neighbor's property. But, admittedly, that which is inconsiderate is not necessarily illegal.

                Of course, there's a difference between stumbling upon such a thing and purposely seeking it out to take advantage of it. Should you be able to use binoculars from the sidewalk in order to look through an uncovered window? That might be more analogous. It's not like people are naturally equipped to perceive wifi signals.

                Anyway, I don't find the "implicit invitation" concept persuasive, because the state should more likely err on the side of a citizen not acting against his own privacy interests. However, I might be persuaded by more of an "if it's out there, it's out there" argument, and just look down my nose at those who have the bad manners to snoop in what is actually none of their business.

                HM

                link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 21 Mar 2011 @ 10:16pm

          Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

          Yes, the guy who leaves his router open is just as dumb as the guy who leaves his door open, but it seems quite a leap to essentially bless the unauthorized use of another's property.

          Not at all. The router *specifically* sends out an invitation signal telling anyone to connect to it.

          Many computers automatically connect to open routers. It's the way it was designed, and it's exactly what it was designed to do. To claim that's somehow breaking and entering or trespassing is preposterous.

          link to this | view in chronology ]

          • icon
            Hugh Mann (profile), 22 Mar 2011 @ 7:20am

            Re: Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

            While there may be a valid question as to whether it should be illegal, I hardly think it's "preposterous".

            Sure, many PCs automatically connect to open routeres (though I'm not sure how many do that by default these days). So, we might consider the difference between stumbling across an open router, versus identifying one and intentionally returning to it repeatedly. Your wireless-promiscuous PC can only connect automatically if you take it somewhere suitable. It doesn't move around on its own.

            HM

            link to this | view in chronology ]

          • icon
            Cdaragorn (profile), 22 Mar 2011 @ 8:18am

            Re: Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

            "The router *specifically* sends out an invitation signal telling anyone to connect to it."

            No, it does not. It sends a signal telling other computers that it's there, it does absolutely nothing to invite anyone to connect to it. Pretending that because I can see something equals the owner inviting me to use it is ridiculous.

            What I find preposterous is that you pretend that just because I leave something open and available I am immediately removed of any right of ownership, or that it's ok for others to come and use it simply because it's easily available.

            I should not have to lock something I own up in order for it to be wrong for others to use it without my permission.

            "Many computers automatically connect to open routers. It's the way it was designed, and it's exactly what it was designed to do."

            No, it was not designed that way. Operating systems chose to do that, wifi was never designed with the intent to automatically connect to any open connection.

            If I leave my toolbox out on my lawn, that does not suddenly make it ok for someone to come by and use it without asking me.

            And as far as those saying the wireless is somehow on public property, that's also bogus. You can only see the light waves coming from the router, the network is physically only in one place: wherever the router is. It's the EXACT same thing as seeing an open door or a toolbox on a lawn and then pretending that it's somehow public property.

            link to this | view in chronology ]

            • icon
              PaulT (profile), 22 Mar 2011 @ 9:33am

              Re: Re: Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

              "I should not have to lock something I own up in order for it to be wrong for others to use it without my permission."

              Don't like it? Lock the thing, or at least ensure that the thing you "own" isn't easily accessible from public property.

              "If I leave my toolbox out on my lawn, that does not suddenly make it ok for someone to come by and use it without asking me."

              What if you leave it on someone else's lawn, as with your wireless signal? if you're transmitting an unsecured signal on to public property (or someone else's private property), why should it be illegal for them to access that signal?

              "It's the EXACT same thing as seeing an open door or a toolbox on a lawn and then pretending that it's somehow public property."

              Bullshit. At best, it's the same as radio waves being available or a satellite signal. Those are always publicly available unless otherwise secured. If you're transmitting wireless signals on to public property, then it's down to you to secure those signals.

              link to this | view in chronology ]

              • icon
                Cdaragorn (profile), 22 Mar 2011 @ 5:31pm

                Re: Re: Re: Re: Re: Re: Why should it be legal to hop onto open WiFi signals?

                Yep, swearing always makes your point right.

                Fact is, the network and the bandwidth it uses don't belong to you. Just because you can see it from your property does not magically mean that it's on public property. That's exactly like saying that because light waves carry the image of my toolbox to your window, my toolbox is now on public property and free to use.

                link to this | view in chronology ]

      • icon
        Cdaragorn (profile), 22 Mar 2011 @ 8:02am

        Re: Re: Why should it be legal to hop onto open WiFi signals?

        "The very nature of open WiFi is that *IT* broadcasts itself out to the world and says "HEY, JOIN ME!""

        Actually, all wifi broadcasts itself to the world, not just open connections. It's only obvious a connection is open when you actually look at the connections you can see in an area.

        IMHO, the analogy to a door being open or closed matches this very well, as an open connection appears open, and a protected one appears closed. The only failure is that in entering someone's home, you'll almost definitely be seen, whereas normally no one will ever see that you've joined an open wifi connection.

        The point I believe Hugh is trying to make is that just because it's easy does not mean we should take the further step of telling everyone it's ok. I should not have to lock my stuff up to be given the privilege of keeping it from other ppl.

        Locks exist because dishonest ppl will take things if they can, not because I have to let ppl know that I don't want them taking or using my stuff.

        link to this | view in chronology ]

  • icon
    Hugh Mann (profile), 21 Mar 2011 @ 3:53pm

    Why should it be legal to hop onto open WiFi signals?

    I can see making it a very minor offense, and perhaps even require that you knew it wasn't supposed to be available to you (so it's not illegal to accidentally click on the neighbor's wifi signal when you meant to click on the one at Starbucks, etc.).

    And, certainly, I don't have a lot of sympathy for those who complain about moochers when it's not hard for them to take some steps to avoid it.

    However, specifically making it legal seems like the online equivalent of saying it's legal to walk into someone's house and sit down on the couch and watch TV as long as the door was open and they don't actually make a mess.

    HM

    link to this | view in chronology ]

  • identicon
    porkster, 21 Mar 2011 @ 5:24pm

    Routers definitions

    Routers are store and forward devices.
    Most if not all wifi devices store the packet and then change the Datalink Framing for transmission on an Ethernet port.

    link to this | view in chronology ]

  • icon
    aldestrawk (profile), 22 Mar 2011 @ 1:51am

    additional details

    Here are some additional details of this case which may change the discussion although I am rather late in joining.

    -The defendant, described as a kid by one commenter here, is actually 25

    -The court said that using the WIFI connection was a civil matter, not criminal. This is not quite the same as saying it is legal.

    -The router in question is an Alcatel (now Thomson) device, Speedtouch 51EBO2. There is a known problem with the speedtouch wireless routers in that the algorithm to generate a default password is flawed and the password can be easily determined. A description is given here:
    http://www.mentalpitstop.com/touchspeedcalc/calculate_speedtouch_default_wep_wpa_wpa2_passwor d_by_ssid.html

    ISPs in the Netherlands are still distributing these routers and allowing the customers to use the default password. The defendant was found to have both the SSID and the password written down. If the defendant had used MAC address spoofing on his computer he would not have been caught.

    I am glad that the Dutch court attempts to make a distinction in the level of intrusion of a computing device. They saw that the defendant was just stealing bandwidth. I think the appropriate analogy is attaching a splitter and cable to your neighbors cable TV connection so you can watch for free. However, the rationale they used, that a router is not a computer, is completely ridiculous. Routers, and switches from the very beginning have always had some kind of storage even if that was just PROM. For most of their existence they have also used storage that was writable out in the field (e.g. EEPROM or flash devices). This storage is used to remember configuration information various sorts of logging. As current flash devices have increased in capacity the amount of configuration and, in particular, logs have also increased.
    The courts must also recognize that infiltration of a WIFI router can be used as a stepping stone for real criminal activity. At the outset, you have access to all the logs which often includes source and destination IP addresses and the associated URls if your router does DNS caching. Once gaining administrative access you can reprogram the flash to create a way to sniff all your victims packets and even become a man in the middle for some real fun.

    link to this | view in chronology ]

    • icon
      aldestrawk (profile), 22 Mar 2011 @ 2:04am

      Re: additional details

      I think I should emphasize that the WIFI router in this case had a default password but that password is not a single password, like "admin", given to all the devices when they are manufactured. It is a generated password, specific to a particular device that the user should not necessarily have to change. I don't know the details yet as to how the generation takes place.

      link to this | view in chronology ]

      • identicon
        abc gum, 22 Mar 2011 @ 5:27am

        Re: Re: additional details

        Upon purchasing a home, one "should not necessarily have to change" the locks .... but many do.

        link to this | view in chronology ]

        • icon
          aldestrawk (profile), 22 Mar 2011 @ 10:36am

          Re: Re: Re: additional details

          The company making the router allows for the password to be changed and probably recommends that it be changed. What they try to do is set up a default configuration that works in most cases. They have to consider that a lot of users who, despite being told they should change their password, don't bother. It used to be that a default password was a single value used for every device sold. One can find websites on the internet that list the default password for any consumer or office computing device that you can imagine. A much improved procedure is to generate a default password that is specific to each instance of a device. This makes the default more secure but they will always allow you to change it.

          link to this | view in chronology ]

          • identicon
            abc gum, 22 Mar 2011 @ 6:09pm

            Re: Re: Re: Re: additional details

            I agree, and they should be commended for providing their customers with added value. I just find it humorous that many people who change their door locks do not change their passwords.

            link to this | view in chronology ]

            • icon
              aldestrawk (profile), 22 Mar 2011 @ 8:41pm

              Re: Re: Re: Re: Re: additional details

              If I sold my house the buyers should trust that they don't have to change the locks. Here is why. I was paranoid enough to get Medeco locks, which you have to register for and show ID to get a key copy made(only at Medeco distributors). They also keep a count of the number of key copies made for that lock. So, the buyers don't have to trust me unless I have lost a key.
              As for changing password, I think people have a perceptual problem seeing a threat that doesn't have a concrete presence. It's like being afraid of sharks when you swim in the ocean but having no concern that the bacteria count in the water is very high.

              link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Mar 2011 @ 6:35am

    Mean while, here in Alabama according to the local TV news the police are putting people who connect to an open internet connection that is not theirs. They have even charged one youth who lived next door to a school with pornography for connection to the school's internet connection even though he did not download any pornography images on the theory that he might possible do so in the future.

    link to this | view in chronology ]

  • icon
    aldestrawk (profile), 22 Mar 2011 @ 4:23pm

    Mike, my reading of the appeal judgment is slightly different from the summary that Loek Essers gives in the link you provided. I am paraphrasing here from the awful Google translation with some help from the original Dutch (I am not fluent).
    The court decides that a router is not a computer because it is primarily a data transfer device. A router does not store any sensitive information, itself, that is intended to be protected from prying eyes and the defendant did not have access to such data on the owner's computer. Therefore, there was no computer trespass or intrusion. The defendant's use of bandwidth is not a crime because that bandwidth is not an asset and cannot be stolen. It has not been otherwise criminalized by the legislature.
    Essers wrote "Hacking a device that is no computer by law is not illegal, and can not be prosecuted, the court concluded". This is not strictly correct. The court viewed the defendants access of the router only as a way to gain free use of the internet. Hacking can be much more than just bypassing security to gain access. The defendant, with administrative access, could have bricked the router or done quite a number of imaginative things. One example, is to poison the DNS cache so that their banking site pointed to your own website in a devious phishing attack. These things would be criminal acts on their own but, apparently, there could not be an additional count of computer intrusion on the router itself.
    The judgment did not address open versus protected WIFI connections. I think that Essers was referring to a separate case.

    The defendant was still guilty on the first charge because of the threats, to kill people at his old Dutch University, he made on 4chan. I was amused by the defense position that the threats could not be serious because everything on 4chan is fictional bullshit. He was sentenced to 120 days community service or 60 days in jail.

    link to this | view in chronology ]

  • identicon
    Paul Keating, 23 Mar 2011 @ 4:05am

    Dumb Routers

    I do not believe there is such a thing as a dumb router. All of the ones I have used have some capacity to store data although it is generally limited to the router's functions and configuration.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.