Appeals Court Says Using Open WiFi May Be A Crime

from the uh-oh dept

For many years, we've had ongoing debates about whether or not it's ethical or legal to use open WiFi connections. It's one of those debates that never seem to stop. Unfortunately, in a ruling yesterday, the Third Circuit appeals court suggested that merely using an open WiFi network may be a criminal act. This is hugely problematic for a variety of reasons.

The case is mainly about the question of whether or not police need a warrant to track down someone connecting to a neighbor's open WiFi. In fact, on first reading it, I had thought that I'd lump it in with yesterday's big victory for the 4th Amendment in the 11th Circuit, saying that police need to get a warrant for mobile phone location. The main thrust of this new ruling is that police do not need a warrant to use a tool called "MoocherHunter" to track down who is likely using someone else's WiFi. While I'm a big 4th Amendment fan, this ruling actually makes a fair bit of sense on that front, as I'll explain below. But eventually, it runs into serious trouble with some offhand comments towards the end.

In this case, police were trying to track down someone downloading and sharing child pornography via a P2P setup, and were able to track down the IP address. After visiting the residence associated with the IP address, the police quickly realized that no one in the house was the likely person involved with child porn (there was no child porn on the computers, nor the file sharing software with a matching user ID). From there, the police asked the residents to cooperate by installing "MoocherHunter" to try to track down who was actually connecting to their open router. It's worth noting that the police actually had a "lengthy discussion" with federal prosecutors over whether or not a warrant was needed for MoocherHunter first, and they concluded it wasn't needed.

Eventually, the results were narrowed down to the likely culprit, Richard Stanley, and the police then got a warrant to search that guy's apartment, leading him to confess (after first trying to run away). Stanley's computer also contained the child porn. Stanley tried to suppress the evidence, arguing that the use of MoocherHunter required a warrant, not unlike the Kyllo ruling that found that police needed a warrant to use a thermal imaging device from outside someone's house to detect if there was enough heat inside to support probable cause for growing marijuana. The court here notes that while, superficially, these may look similar (a device pointed at someone's residence), the reality is that they were quite different, because Kyllo was about looking inside someone's house to see what they were doing in the privacy of their own home, whereas MoocherHunter was about identifying someone who had reached out of their own home into someone else's space to make use of their WiFi connection.
Critical to Kyllo’s holding, however, was the fact that the defendant sought to confine his activities to the interior of his home. He justifiably relied on the privacy protections of the home to shield these activities from public observation. See Kyllo, 533 U.S. at 34 (characterizing the thermal imaging scan as a “search of the interior of [Kyllo’s] home[],” which it considered to be “the prototypical . . . area of protected privacy”). See 13 also id. at 37 (“In the home, our cases show, all details are intimate details, because the entire area is held safe from prying government eyes.”) (emphasis in original).

Stanley can make no such claim. Stanley made no effort to confine his conduct to the interior of his home. In fact, his conduct—sharing child pornography with other Internet users via a stranger’s Internet connection—was deliberately projected outside of his home, as it required interactions with persons and objects beyond the threshold of his residence. In effect, Stanley opened his window and extended an invisible, virtual arm across the street to the Neighbor’s router so that he could exploit his Internet connection. In so doing, Stanley deliberately ventured beyond the privacy protections of the home, and thus, beyond the safe harbor provided by Kyllo....
The court further emphasizes that since MoocherHunter only revealed the path, but not the content, Stanley has even less privacy interest. That all makes some amount of sense. The court then has an interesting discussion about the third party doctrine, and whether or not Smith v. Maryland applies to Stanley's signals. In this case, it concludes it does not. And while the reasoning is a bit convoluted, this seems important:
Were we to hold that Stanley exposed his “signal” under Smith by transmitting it to a third-party router, we might open a veritable Pandora’s Box of Internet-related privacy concerns. The Internet, by its very nature, requires all users to transmit their signals to third parties. Even a person who subscribes to a lawful, legitimate Internet connection necessarily transmits her signal to a modem and/or servers owned by third parties. This signal carries with it an abundance of detailed, private information about that user’s Internet activity. A holding that an Internet user discloses her “signal” every time it is routed through third-party equipment could, without adequate qualification, unintentionally provide the government unfettered access to this mass of private information without requiring its agents to obtain a warrant. We doubt the wisdom of such a sweeping ruling, and in any event, find it unnecessary to embrace its reasoning.
That's a very good ruling. But, then, suddenly, the ruling goes off the rails, saying that merely connecting to the open WiFi itself may have been a criminal act:
The presence of Stanley’s signal was likely illegal. A large number of states, including Pennsylvania, have criminalized unauthorized access to a computer network. A number of states have also passed statutes penalizing theft of services, which often explicitly include telephone, cable, or computer services. We need not decide here whether these statutes apply to wireless mooching, but the dubious legality of Stanley’s conduct bolsters our conclusion that society would be unwilling to recognize his privacy interests as “reasonable.”
Yikes. While the court acknowledges in a footnote that this issue is somewhat contested, it's incredibly problematic in general. Just the idea that this is unauthorized access is a big problem, because it's not unauthorized. The neighbors left their WiFi open, and thus, by default, it is sending out signals that effectively say "welcome, feel free to connect to this network." It is authorized by the very nature of the setup of the network. Thus, it's quite questionable to argue that this is either unauthorized access or "theft of services." The court doesn't even seem to consider this. And while this part is not central to the overall ruling, it is still quite troubling to have that on the record in an appeals court ruling.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 3rd circuit, 3rd party doctrine, 4th amendment, kyllo, moocherhunter, mooching, open wifi, richard stanley, warrants, wifi


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Michael, 12 Jun 2014 @ 8:08am

    the police quickly realized that no one in the house was the likely person involved with child porn

    Holy s***! The police actually looked to determine if the people in the house were actually guilty? I would have expected this story to end right here with something like:

    "SWAT broke down the door, killed three children with flash grenades, shot and killed 2 adults, and took one adult into custody after he was treated for 3 gunshot wounds. And all computers were accidentally destroyed during the raid but they KNOW they had child porn on them so it is ok."

    link to this | view in chronology ]

  • identicon
    Michael, 12 Jun 2014 @ 8:16am

    was deliberately projected outside of his home

    This seems dubious. Unless he placed equipment outside of his home, he simply intercepted a signal that was in his home. If you expand on the argument that connecting to an open Wi-Fi router outside of his physical house, does that not mean you lose your expectation of privacy connecting to a cellular signal? What if the signal is on a wire rather than through the air?

    While this is a situation in which it is good they caught the guy, it seems like they may have created a mess doing so.

    link to this | view in chronology ]

    • identicon
      PRMan, 12 Jun 2014 @ 8:41am

      Re:

      How about the much easier: The owners of the Wifi consented to a search of their property.

      link to this | view in chronology ]

      • icon
        Berenerd (profile), 12 Jun 2014 @ 8:50am

        Re: Re:

        Thats what I was thinking. The owners allowed access to their wireless access, but, even windows warns you that the data you are transmitting over the unsecured network is vulnerable to people seeing what you are doing.

        link to this | view in chronology ]

      • icon
        Bergman (profile), 12 Jun 2014 @ 12:32pm

        Re: Re:

        Exactly this. The owner of the router gave the police voluntary access to their property. No violation involved.

        link to this | view in chronology ]

    • icon
      beltorak (profile), 12 Jun 2014 @ 9:32pm

      Re:

      > Unless he placed equipment outside of his home, he simply intercepted a signal that was in his home.

      But the signal goes both ways. Yes, the access point is broadcast indiscriminately, but in order to use that access point you have to send signals back to the router. It's the client computer that initiates the "connection".

      Even with the IPv6 "router advertisement" feature (which basically broadcasts "hey, if you need to send packets somewhere, consider routing them through me :)"); well that gets a little more messy.

      > What if the signal is on a wire rather than through the air?

      Even so, probably even more so. Let's say the good neighbor had the router in his home and a sign outside that said "free ethernet drop point". The guy would still have to make an effort to run the wire from his computer to the router. But WiFi isn't exactly like that, it would be closer to imagine the good neighbor having a router with 100 ft ethernet lines already hooked up on his end traversing through an open window (or something) with the end points strewn about his lawn, and his neighbor's lawns, and the street, etc. But in order to use that router, the person must take direct action and hook up those wires to his machine.

      We are in dire need of reforming the third party doctrine. The way I figure it, for an interaction between parties, any and all data (and metadata, which is really just data) that results from that interaction must be held strictly in confidence between all the direct participants. This would nicely cover the "business records" case. Middle-men (ISP's, backbone routers, etc) who have nothing to do with the content of the interaction have no rights to that content, and any metadata they generate as a result of handling the data (look, more metadata) must be held in strict confidence between them, the interacting participants, and the intermediaries they connected to for that transaction. "Reasonable and Articulate Suspicion" and probable cause must be validated by a Judge with a warrant in order for law enforcement officers to acquire any of it.

      But we as a society must also reevaluate our expectations of privacy when it comes to technology. It is ridiculous to think that you can keep a secret by communicating via mailed postcards; people have to realize that many things in their daily lives (from increasingly "smart" appliances like fridges and TVs in the "internet of things" to unsecured WiFi signals at Starbucks) carry exactly the same "technical" privacy protections as postcards, or shouting in a bar.

      Let us get away from imperceptible (to the human senses anyway) radio signals and consider the guy and the good neighbor were transcribing network packets by shouting at each other across the yards. Would it be OK for a police officer to stand on the sidewalk and listen for as long as he wanted to gather incriminating evidence?

      Now it gets more interesting if you consider that the guy and the good neighbor are shouting in code (or, to break the analogy, the child porn purveyor was using a VPN or Tor). The police know that the end point is the good neighbor's router, and there may be any number of people who are in shouting conversations with him, but only one conversation is being carried out in Navajo.... This is similar in setup to the college student who was caught for emailing a bomb threat even though he used Tor, because he was (likely) the only one on the network using Tor at the time.




      I'm just thinking out loud at this point, I think I need to re-review Cory Doctorow's "Coming Cival War over General Purpose Computing"....

      link to this | view in chronology ]

  • icon
    Kalvan (profile), 12 Jun 2014 @ 8:18am

    To quote Wayne, Asshole say what?

    What is someone saying when they leave their wifi unsecured? Here are a few possibilities off the top of my head.

    Are they saying, "Come all ye yearning to wifi free"?

    Are they saying, "It's unlocked because I couldn't figure out how to secure the damn thing"?

    Are they saying, "We're doing some dodgy stuff here and we want plausible denyability later, yeah, it was a jerk in the next apartment hijacking my wifi, not me, that downloaded the movies. Really!"

    Is the question comparable to an unlocked door on a house? And where would the law fall if someone walked into a house and claimed it wasn't breaking and entering because the door wasn't locked? Not being a lawyer, I'm really asking

    link to this | view in chronology ]

    • icon
      Gwiz (profile), 12 Jun 2014 @ 8:27am

      Re: To quote Wayne, Asshole say what?

      What is someone saying when they leave their wifi unsecured? Here are a few possibilities off the top of my head.

      Regardless of the motivation behind leaving the WiFi open, the signal itself is saying "I'm open, come on and connect to me". A lot of devices will automatically connect to unsecured WiFi all by themselves.


      Is the question comparable to an unlocked door on a house?

      In my opinion, no. More like your neighbor's kid tossing his football over the fence into your yard and you pick it up to toss around with your kid for awhile. No trespass of real property has occurred in either case.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2014 @ 8:33am

      Re: To quote Wayne, Asshole say what?

      Perhaps if the name of the Wifi said "open wifi" or "guest Wifi" (which might just be intended for visitors and not neighbors) or "free wifi" it might indicate that this wifi is intended for everyone to use?

      link to this | view in chronology ]

    • icon
      PaulT (profile), 12 Jun 2014 @ 8:35am

      Re: To quote Wayne, Asshole say what?

      "Are they saying, "It's unlocked because I couldn't figure out how to secure the damn thing"?"

      Virtually all routers supplied by ISPs have some kind of default password on them, even if it's just a WEP key. Someone who knows enough to replace that router themselves will most likely know enough about them to secure them. So, this is increasingly unlikely, and increases the likelihood that access is intended to be allowed (for whatever reason).

      "Is the question comparable to an unlocked door on a house?"

      No. You can't tell if a door is unlocked until you try it, at which point you're probably already trespassing. Unless the door is wide open, you certainly couldn't tell from the other side of the street (where a wifi signal may be transmitting).

      An open wifi is more akin to an open door, with a sign above it saying "come on in". Even that's a horribly inaccurate analogy (for example, many systems will automatically connect to an open wifi point whether you ask them to or not).

      "where would the law fall"

      That's the real question. Just because reality says that accessing an open wifi point is both morally and technically fine, that doesn't mean that some tech-clueless lawyers/judges/etc. won't interpret facts and apply the law incorrectly.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Jun 2014 @ 9:00am

        Re: Re: To quote Wayne, Asshole say what?

        Well now a days I think most new routers come with encrypted wifi by default. Everywhere I look almost every wifi is encrypted unless someone or some company deliberately created an open wifi for their customers. But just a few years ago I remember the reverse was true, almost every wifi was unencrypted and you can get an Internet connection from your neighbors who probably had no clue they were sharing their Internet connection with those around them. So things have changed a lot.

        link to this | view in chronology ]

        • identicon
          Anon, 12 Jun 2014 @ 12:08pm

          Re: Re: Re: To quote Wayne, Asshole say what?

          My 5 year old Netgear wifi router came default with wifi disabled, and it would not let you enable it until you set a password, no default password.

          Once you enabled it with a password, you could then remove the password and make it open, but the first time install would not allow you to immediately create an open wifi without first making it closed.

          link to this | view in chronology ]

        • icon
          PaulT (profile), 13 Jun 2014 @ 1:33am

          Re: Re: Re: To quote Wayne, Asshole say what?

          "Well now a days I think most new routers come with encrypted wifi by default."

          Exactly what I said in my first paragraph.

          link to this | view in chronology ]

    • icon
      John Fenderson (profile), 12 Jun 2014 @ 8:38am

      Re: To quote Wayne, Asshole say what?

      I leave an unsecured (but somewhat limited) open WiFi channel at my home. What I am trying to say is "come all yearning to Wifi free".


      "And where would the law fall if someone walked into a house and claimed it wasn't breaking and entering because the door wasn't locked?"

      If the door had to be opened to enter, then it's "breaking" whether that door was locked or not.

      WiFi is a bit different in its social context. Not so long ago, it was understood that when you encountered an open WiFi channel, it was because the owner intentionally left it that way so that anyone could use it. The shift to that no longer being true is deeply regrettable.

      What I want to know is what to do about it to ensure that people know that they have my permission to use my open WiFi. I guess I have to set up a weak captured portal system so that the first time a device connects, they'll get a web page explaining that they have such permission. That sucks.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Jun 2014 @ 8:50pm

        Re: Re: To quote Wayne, Asshole say what?

        "If the door had to be opened to enter, then it's "breaking" whether that door was locked or not."

        Uh oh, I'm in deep do-do then. I just got home from going to Walmart and ,yes I admit it, I opened the door to go in. And then again when I was leaving. I not only broke in, but out as well! Should I call 911 in an attempt to turn myself in now, or just wait for the SWAT team?

        link to this | view in chronology ]

        • icon
          PaulT (profile), 13 Jun 2014 @ 1:34am

          Re: Re: Re: To quote Wayne, Asshole say what?

          "Uh oh, I'm in deep do-do then. I just got home from going to Walmart and ,yes I admit it, I opened the door to go in"

          Do you understand the difference between a public business and a private residence?

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 13 Jun 2014 @ 8:30am

            Re: Re: Re: Re: To quote Wayne, Asshole say what?

            "Do you understand the difference between a public business and a private residence?"

            Do you understand that no distinction was being made between the two? Backpedal much?

            link to this | view in chronology ]

        • icon
          John Fenderson (profile), 13 Jun 2014 @ 2:36pm

          Re: Re: Re: To quote Wayne, Asshole say what?

          You're just being silly. B&E cannot happen if you have permission to enter. But I'm guessing you already knew that.

          BTW, here's the legal dictionary's definition:

          breaking and entering v., n. entering a residence or other enclosed property through the slightest amount of force (even pushing open a door), without authorization. If there is intent to commit a crime, this is burglary. If there is no such intent, the breaking and entering alone is probably at least illegal trespass, which is a misdemeanor crime.

          link to this | view in chronology ]

    • identicon
      PRMan, 12 Jun 2014 @ 8:43am

      Re: To quote Wayne, Asshole say what?

      Technical people will say, "There is no difference between the three."

      Lawyers and judges will say, "There is an absolute difference between the three."

      It comes down to "mens rea" which looks at the same actions with different motivations to do evil or not.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Jun 2014 @ 8:51pm

        Re: Re: To quote Wayne, Asshole say what?

        "Lawyers and judges will say, "There is an absolute difference between the three."

        It comes down to "mens rea" which looks at the same actions with different motivations to do evil or not."

        Yeah, and any decent mind reader can clearly tell the difference.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2014 @ 9:20am

      Re: To quote Wayne, Asshole say what?

      openwireless.org

      link to this | view in chronology ]

    • icon
      ChrisB (profile), 12 Jun 2014 @ 10:04am

      Re: To quote Wayne, Asshole say what?

      It is not comparable to an unlocked door. It is comparable to an open window with music coming out. If you don't want people to hear and use the music, close your window.

      link to this | view in chronology ]

      • identicon
        Michael, 12 Jun 2014 @ 12:56pm

        Re: Re: To quote Wayne, Asshole say what?

        Please pay up for your public performance.

        - RIAA

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2014 @ 10:55am

      Re: To quote Wayne, Asshole say what?

      It's not comparable because they aren't the same thing. At all.

      It's normal to access routers to get to the internet.

      It's not normal to just enter people's houses as an uninvited stranger.

      Having a router set as open to access is making a public area for people to get into.

      Having your door open or even unlocked on your private residence doesn't turn it into a public space.

      ---

      The digital world is a far more fluid thing. For those that grew up in it the rules seem clear cut and easy to understand... but then I see these questions arise and I wonder how people think the internet or technology works.

      link to this | view in chronology ]

    • icon
      Bergman (profile), 12 Jun 2014 @ 12:34pm

      Re: To quote Wayne, Asshole say what?

      They're saying "I don't lock my back door because I trust my neighbors."

      Leaving a door unlocked doesn't make residential burglary okay -- someone walking off with my TV can't claim they had permission because I didn't lock my door while getting the mail.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2014 @ 8:18am

    I agree that the police don't need a warrant to trace the whereabouts of an open wifi or even an encrypted wifi so long as it's location can be traced from public property.

    A wifi signal is simply radiation being transmitted from some location. If those signals had been transmitted in the visual light spectrum someone could see them and see where that light is coming from. Just like if they had been turning on a flashlight. The only difference here is that this radiation is being transmitted in a spectra that you can't see with your eyes but you can 'see' and decipher it with the right equipment.

    In fact I'm against laws that prohibit scanners from 'snooping' on cordless phones. If those cordless phones are broadcasting everywhere and the neighbor can pick up the signal then that's not the neighbor's fault. It's the fault of the user or phone manufacturer for not encrypting the signal. Then again I suppose government would prefer to simply ban civilian cordless phone eavesdropping equipment to discourage companies from encrypting the signal so that police can more easily eavesdrop on conversations without a warrant.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2014 @ 8:27am

      Re:

      its location *

      link to this | view in chronology ]

    • identicon
      Michael, 12 Jun 2014 @ 12:59pm

      Re:

      That is not what happened here. The police tracked the person down who was using an open WiFi router. What this is saying is that you have no expectation of privacy if you connect to a WiFi router that you do not own.

      That seems like a rather bad precedent to set.

      link to this | view in chronology ]

      • icon
        The Wanderer (profile), 13 Jun 2014 @ 8:41am

        Re: Re:

        Actually, if I'm reading this correctly, they are explicitly not saying that.

        Rather, they are saying that if you connect to a WiFi router without having been authorized to do so by the owner of the router (an important point, since while the open "please connect to me if you want to" broadcast of an unsecured wireless router can be reasonably read to say that the router is granting authorization, the router is not the one from whom authorization is needed), you may be committing a crime.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Jun 2014 @ 8:12am

      Re:

      I think you are ignoring "expectation of privacy," quite possibly, on purpose. People having a face-to-face conversation in an open area, with others around that can hear them, don't have that expectation.

      You are suggesting that those same people, who are having a cell phone conversation, with no one around them to hear (even one side of the conversation), should expect that their conversation is being monitored?

      If you need special equipment to listen to my private telephone conversation, then I think you missed the boat.

      link to this | view in chronology ]

  • icon
    SickFRS (profile), 12 Jun 2014 @ 8:23am

    I don't see why the court didn't see it both ways... that the signal he connected to was being broadcast outside the confines of the home and therefore wasn't protected by "unauthorized access". Now if the home was in the middle of a 100 acre farm and the guy trespassed to get access then, sure, it's unauthorized but he was able to access an open signal in his own home. So while they were legally able to to track his signal on those grounds it's likely that he was legal in connecting to a signal based on the same grounds. While I may not enter your open door and take your cash, I believe it's within my rights to keep your cash it if you throw it through my window into my living room. Glad the guy got caught.

    link to this | view in chronology ]

  • icon
    mr. sim (profile), 12 Jun 2014 @ 8:30am

    how did this ever go to court?

    the police more than likely had the permission of the homeowner who paid for the wifi. a criminal should never be allowed to claim evidence was improperly collected from OTHER PEOPLES PROPERTY. if someone breaks into my home and the police investigates finding fingerprints which eventually find the thief. the thief has no right to contest the arrest on the grounds that taking his fingerprints from my home violated his rights.

    the criminal should have never had a leg to stand on simply because the wifi was not his and therefore he didn't have the legal right to deny the police to run the "moocherhunter" software. if you access other peoples wifi or home without permission and leave behind evidence they can use against you then expect that it WILL BE USED AGAINST YOU.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 12 Jun 2014 @ 8:44am

      Re:

      I was wondering about this exact thing. The cops had permission from the "provider" (the owner of the WiFi). This would be a classic, and correct, application of the Third Party doctrine.

      Personally, I would never have given permission to run police-supplied software on my systems. It would also have been unnecessary, as my servers keep logs of all accesses (MAC address of devices, the IP address I assigned them, where they connected to, and when). The cops could get those records by providing a subpoena.

      link to this | view in chronology ]

      • identicon
        Michael, 12 Jun 2014 @ 1:04pm

        Re: Re:

        It is a little more subtle than that, in my opinion. The police found out that someone other than the owner of the WiFi router was using the router as a WiFi access point.

        If having the router unsecured is the equivalent of inviting someone to use it, and using it removes their expectation of privacy, that is a little concerning.

        Even more concerning, they have indicated that USING the open WiFi router is unauthorized access and in and of itself illegal. That is REALLY concerning because that would mean there is no way to determine if it is ok for you to access any open WiFi without first contacting the owner of the router. That's very different from the way the world currently works as many (I would venture to say most) people find it socially acceptable to connect to and use an open WiFi router.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 12 Jun 2014 @ 5:53pm

          Re: Re: Re:

          "and using it removes their expectation of privacy, that is a little concerning."

          But it does, in exactly the same way and to the same degree that using any other intermediary, such as an ISP, removes your expectation of privacy. That is, if you're using my WiFi then I have access to every bit that you're sending and receiving. I have made no promises to you about what I will or won't do with those bits. You can, at a minimum, expect that the traffic will get logged. Further, the radio signals can be picked up (and even modified) by anybody nearby.

          This is why you have to be very cautious when using open WiFi, be it your own, or mine, or the local Starbucks. Ideally, you use a VPN so your entire datastream is encrypted. At a minimum, only use SSL and HTTPS, and avoid typing or viewing sensitive information.

          link to this | view in chronology ]

          • icon
            The Wanderer (profile), 13 Jun 2014 @ 8:52am

            Re: Re: Re: Re:

            if you're using my WiFi then I have access to every bit that you're sending and receiving. I have made no promises to you about what I will or won't do with those bits.
            I remember reading about one fellow who put in a setup such that browsing through his open WiFi would work, but all image requests made over HTTP would be redirected to be filled by random images from a porn stash. (Or possibly from a repository of explicit images online, I don't recall in detail.)

            The post included details of how he set it up, and it turned out to be not all that complicated in the end.

            I believe someone else did a similar image-intercepting arrangement, except that instead of replacing the image outright, they applied an imagemagick script to turn the requested image upside down... again, not terribly complicated in the final implementation.

            link to this | view in chronology ]

            • icon
              John Fenderson (profile), 13 Jun 2014 @ 2:42pm

              Re: Re: Re: Re: Re:

              Yes. In fact, I have an app on my phone right now that can do this. It can also do complete MITM (intercepting the entire datastream, editing it, and passing it along) as well as disconnecting and/or barring any given device from the AP and other such things.

              It makes for some fun practical jokes. Particularly replacing all the images in web pages (although, being a traditionalist, I prefer goatse).

              link to this | view in chronology ]

              • icon
                John Fenderson (profile), 13 Jun 2014 @ 2:43pm

                Re: Re: Re: Re: Re: Re:

                I should clarify that I don't have to own the AP to do all of this. It can be done with any open WiFi that is in range of my phone.

                link to this | view in chronology ]

    • icon
      nasch (profile), 12 Jun 2014 @ 2:47pm

      Re:

      how did this ever go to court?

      the police more than likely had the permission of the homeowner who paid for the wifi. a criminal should never be allowed to claim evidence was improperly collected from OTHER PEOPLES PROPERTY.


      Who do you think should decide they can't make that claim if not a court?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2014 @ 8:31am

    Is this a big screw you to Comcast? (Oh please oh please oh please) Would it now be illegal for anyone to connect to subscriber's routers that Comcast makes open WiFi connections now by default?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2014 @ 10:48am

      Re:

      Or perhaps it would just turn Comcast's own customers into criminals for possessing an open WiFi router.

      link to this | view in chronology ]

    • identicon
      Michael, 12 Jun 2014 @ 1:07pm

      Re:

      Actually, it is EXACTLY what Comcast would want. It makes it illegal for anyone other than the paying subscriber to connect to an open WiFi router.

      If you want to access the internet and your neighbor left their WiFi open - sorry, you HAVE to get your own or it is illegal access.

      link to this | view in chronology ]

  • icon
    Oblate (profile), 12 Jun 2014 @ 8:37am

    Well, clearly not an authorized connection

    > Just the idea that this is unauthorized access is a big problem, because it's not unauthorized.

    Did the owners of the apartment authorize him to connect? If not, then it is clearly an unauthorized connection. Analogy: If I leave my hose connected in my yard, is it ok for my neighbor to drag it into their house to fill their fish tank? Almost every house has electric plugs somewhere on the outside- is it acceptable for anyone to roll up and plug in to them? Clearly not. Just because it's there doesn't mean it's there for anyone to use. These are obvious cases of unauthorized use.

    Now I don't think that means a felony was committed (IANAL so I'm not sure how theft of services statutes would apply) but I don't see how you can make the claim that it was an authorized connection. Open WiFi may allow such a connection, but that is different from someone authorizing a connection.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 12 Jun 2014 @ 8:45am

      Re: Well, clearly not an authorized connection

      Historically (and this generally remains true), the very fact that owner chose to leave the WiFi open is the permission to use it.

      link to this | view in chronology ]

      • icon
        Berenerd (profile), 12 Jun 2014 @ 9:06am

        Re: Re: Well, clearly not an authorized connection

        Where I do agree with this to a point, there is still the understanding that an open connection is not a secure connection and you take the responsibility yourself when connecting to an open connection to encrypt your "tunnel" through it because by nature, its insecure. This means, the person with the open WiFi has the right to police their Wifi as they see fit, even if it means letting the police onto it with a specific intention. The police used that to get a warrant to search the house. They didn't use that and say "OH LOOK ITS THAT GUY!" without getting proper evidence. Though with lack of how they got the search warrant the first time I do not know so I can't comment.

        link to this | view in chronology ]

      • icon
        Bergman (profile), 12 Jun 2014 @ 12:40pm

        Re: Re: Well, clearly not an authorized connection

        So if I go out of my house to get the mail and leave my front door closed but unlocked, it's not residential burglary for someone to slip inside and take my TV while I'm out?

        Fail.

        link to this | view in chronology ]

        • icon
          nasch (profile), 12 Jun 2014 @ 2:48pm

          Re: Re: Re: Well, clearly not an authorized connection

          So if I go out of my house to get the mail and leave my front door closed but unlocked, it's not residential burglary for someone to slip inside and take my TV while I'm out?

          Fail.


          The fail is in equating using a wifi signal with stealing a TV.

          link to this | view in chronology ]

        • icon
          PaulT (profile), 13 Jun 2014 @ 1:30am

          Re: Re: Re: Well, clearly not an authorized connection

          The fail is that ridiculous analogy. Try a different one that addresses the reality of what happens when someone uses the unsecured radio signal that's accessible from public airspace.

          link to this | view in chronology ]

          • icon
            Aaron (profile), 15 Jun 2014 @ 5:47am

            Re: Re: Re: Re: Well, clearly not an authorized connection

            Wonder if anyone's got sued for trespassing, because their Wifi (open or closed) was in range of a neighbor. I know it's stupid but an intriguing thought.

            link to this | view in chronology ]

    • icon
      Gwiz (profile), 12 Jun 2014 @ 9:09am

      Re: Well, clearly not an authorized connection

      Did the owners of the apartment authorize him to connect? If not, then it is clearly an unauthorized connection. Analogy: If I leave my hose connected in my yard, is it ok for my neighbor to drag it into their house to fill their fish tank? Almost every house has electric plugs somewhere on the outside- is it acceptable for anyone to roll up and plug in to them? Clearly not. Just because it's there doesn't mean it's there for anyone to use. These are obvious cases of unauthorized use.

      Yes, but more importantly, both of those examples have to have someone trespass onto your property to engage in them. Not so with WiFi, you are transmitting that signal into your neighbor's house. Kind of more like turning on your hose and tossing it over the fence into your neighbor's yard. If my neighbor did that, then I would naturally assume it's permission to water my garden with his hose.

      link to this | view in chronology ]

      • icon
        Bergman (profile), 12 Jun 2014 @ 12:41pm

        Re: Re: Well, clearly not an authorized connection

        If they were just receiving a signal broadcast into their house, you might have a point.

        But an internet connection is a two-way transmission, and required a broadcast back to the router, which was on private property.

        At that point, there is in fact trespass.

        link to this | view in chronology ]

        • icon
          Gwiz (profile), 12 Jun 2014 @ 1:31pm

          Re: Re: Re: Well, clearly not an authorized connection

          But an internet connection is a two-way transmission, and required a broadcast back to the router, which was on private property.

          At that point, there is in fact trespass.



          I disagree with this too.

          Yes, using the WiFi does require it being broadcast back to the router. But, at that point I have already received permission to use the connection (IMHO). Permission is granted with the initial broadcasting of the SSID name and the fact that it's unsecured. The router is basically shouting to all devices in range "Hey, open WiFi here!"

          If you really don't want anyone connecting to your open WiFi, set the router so it doesn't broadcast the SSID name to everyone. You can still connect without a password, but you have to manually type in the SSID name to do it.

          link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 12 Jun 2014 @ 12:38pm

      Re: Well, clearly not an authorized connection

      Did the owners of the apartment authorize him to connect?

      Yes. They did. Because their network broadcasts a signal that says "welcome, connect"

      Analogy: If I leave my hose connected in my yard, is it ok for my neighbor to drag it into their house to fill their fish tank?

      Not analagous at all. That involves first trespassing, and there's no comparable signal. However, if you put a sign on the hose that says "hey neighbors, use my water" then yes. Because that's what open WiFi is. It's the router blasting out a signal that says "this network is here for you to connect to."

      link to this | view in chronology ]

      • icon
        Bergman (profile), 12 Jun 2014 @ 12:42pm

        Re: Re: Well, clearly not an authorized connection

        Untrue. It's like leaving the front door of your house open while you get the mail.

        Just because the door is open doesn't mean it's okay to take my TV.

        link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 12 Jun 2014 @ 2:00pm

          Re: Re: Re: Well, clearly not an authorized connection

          Untrue. It's like leaving the front door of your house open while you get the mail.


          You can keep repeating it, but it's still not true.

          1. It's not "leaving your door open." It's leaving your door open with a GIANT LOUDSPEAKER SAYING COME IN!. Your AP is *broadcasting* a signal that specifically says "THIS IS HERE FOR YOU TO JOIN." Your access point is giving permission for people to join it.

          Just because the door is open doesn't mean it's okay to take my TV.


          But it does mean I can watch your TV from across the street. Same thing here.

          link to this | view in chronology ]

          • icon
            The Wanderer (profile), 13 Jun 2014 @ 9:01am

            Re: Re: Re: Re: Well, clearly not an authorized connection

            Your access point is giving permission for people to join it.
            Yes, but the question is: does the fact that your access point is giving this permission mean that you are giving this permission?

            Because the access point does not have the legal authority to grant permission. Only the owner has that authority.

            If the owner has explicitly configured the access point to be open and unsecured, then things get kind of murky; I could make arguments in either direction (or both directions at once) at that point, and most likely the question would turn on the owner's intent in so doing.

            But if the access point is open and unsecured simply because that's its default state - which for a lot of "home wireless router"s sold in the past decade, many of which may still be in use, was the case - then that open and unsecured state says nothing whatsoever about whether the owner has granted authorization.

            link to this | view in chronology ]

            • icon
              Gwiz (profile), 13 Jun 2014 @ 9:53am

              Re: Re: Re: Re: Re: Well, clearly not an authorized connection

              Because the access point does not have the legal authority to grant permission. Only the owner has that authority.

              That really doesn't make very much sense to me. There are tons of systems these days that grant or deny access automatically. By granting access they are giving the permission of the owner.

              By your reasoning, every website on the web that doesn't have a login requirement would not actually be granting you permission to view the contents. That's kind of silly.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 13 Jun 2014 @ 9:57am

              Re: Re: Re: Re: Re: Well, clearly not an authorized connection

              "Because the access point does not have the legal authority to grant permission. Only the owner has that authority."

              If I hang up one of those OPEN/CLOSED flip over signs, and "accidentally" flip it over the the OPEN side when I meant to be CLOSED, and someone walks in, can I have them arrested? After all, the sign itself has no authority, and I didn't mean to be OPEN.

              "most likely the question would turn on the owner's intent in so doing."

              Ah, so they better be able to read my mind, or be prepared to be arrested for breaking and entering. Sounds about right.

              link to this | view in chronology ]

            • icon
              Mike Masnick (profile), 13 Jun 2014 @ 10:38am

              Re: Re: Re: Re: Re: Well, clearly not an authorized connection

              Yes, but the question is: does the fact that your access point is giving this permission mean that you are giving this permission?

              Yes, in the same way as when you put up a website, if someone tries to visit that website, they are allowed to do so.

              Because the access point does not have the legal authority to grant permission. Only the owner has that authority.

              That's just wrong. Again, in the same way as a website lets you visit it without a person granting you explicit permission, but by announcing "hey, connect to me" the owner IS GIVING EXPLICIT permission.

              then that open and unsecured state says nothing whatsoever about whether the owner has granted authorization.

              That's just wrong. Yes, the router is announcing that you have permission just as this server is saying you have permission to visit this website without me telling you so.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 13 Jun 2014 @ 5:40pm

                Re: Re: Re: Re: Re: Re: Well, clearly not an authorized connection

                "by announcing "hey, connect to me" the owner IS GIVING EXPLICIT permission."

                I concur. The sole puropose of open WiFi is to connect to Internetz without password. Including strangers within WiFi range.

                link to this | view in chronology ]

            • icon
              PaulT (profile), 13 Jun 2014 @ 10:49pm

              Re: Re: Re: Re: Re: Well, clearly not an authorized connection

              Well, here's the problem with that interpretation - it's impossible for anyone to tell whether the owner of the access point is intentionally granting permission or not. Given that the default state of the vast majority of devices for many years has been to have the wifi disabled or password protected out of the box, it's reasonable to assume that an open wifi point is intentionally left in that state by the owner.

              But, it's not possible for a person connecting to such a device to know the intentions of its owner. Are we honestly meant to accept that anyone near such a device is meant to read minds? Especially once you consider that some devices might join the open wifi without intervention by that device's owner? Sounds like a very dangerous precedent to me.

              link to this | view in chronology ]

              • icon
                The Wanderer (profile), 14 Jun 2014 @ 4:53am

                Re: Re: Re: Re: Re: Re: Well, clearly not an authorized connection

                I agree that that is a problem.

                But the logic I gave is an (IMO decent) encapsulation of the logic being employed by those who say that connecting to unsecured WiFi "without permission" is, or should not be, allowed.

                And yes, this same logic would be - and apparently is - applied to Websites and other servers. It's what underlies things like deciding that modifying a URL to connect to a part of the site you haven't been linked to is "hacking", or that accessing a Web server which does not require password authentication but whose existence is not publicized outside of a small circle can likewise be "hacking" - both of which decisions, if I'm not mistaken, have been made and held up (or at least not overturned) in court.


                Understand: I don't *like* this logic, and I'm not happy with its implications.

                But I can understand why those who accept, employ, and support it do so - because it is internally consistent.

                I'm pretty sure the problem here is one of conflicting underlying assumptions, and unless you can break one or more of those assumptions, you're never going to get the different sides to agree. Breaking assumptions in a context as abstract as this one (where presenting direct, visible, incontrovertible evidence is generally not possible) is very difficult, but in order to do it, you need to at least recognize what those assumptions are - and argue against the *assumptions themselves*.

                So far, all I'm seeing presented here is assertions against the assumptions, which are not going to convince anyone whose thinking is based on those assumptions.

                What I'm trying to do here, at least as much as anything else, is point out some of those different underlying assumptions, and hopefully help people understand them - hopefully well enough to effectively argue against them, and failing that, possibly well enough to think "maybe the people on the other side do have something of a point", which even if it doesn't advance The Agenda(tm), might help promote understanding and thence comity in a different regard.

                link to this | view in chronology ]

              • icon
                The Wanderer (profile), 14 Jun 2014 @ 4:58am

                Re: Re: Re: Re: Re: Re: Well, clearly not an authorized connection

                Given that the default state of the vast majority of devices for many years has been to have the wifi disabled or password protected out of the box, it's reasonable to assume that an open wifi point is intentionally left in that state by the owner.
                Actually, this specifically gets at the point I was making pretty well - because while you think it's reasonable to assume that, people on the other side of the argument may very well think it's *not* reasonable to assume that, and/or is reasonable to assume the contrary. (Particularly given that the default state of virtually all devices for a different many years, previous to the years you mentioned, was to be unsecured.)

                That difference in assumptions is precisely what needs to be addressed (one side justified and supported, the other side debunked and broken down) if this argument is to be won by any means other than attrition as one side's supporters die off. So far, the only argument I recall having seen presented against the opposing assumption is that "the vast majority of devices are secured by default nowadays", which plainly is not getting the job done.

                link to this | view in chronology ]

                • icon
                  Cain Abel (profile), 1 Aug 2014 @ 1:28pm

                  Re: Re: Re: Re: Re: Re: Re: Well, clearly not an authorized connection

                  This is wrong.

                  The default state of a Wifi AP has always been "unplugged". In this state, they do *NOT* broadcast the SSID, and they do *NOT* allow access to your network.

                  It's up to the user to learn how to use the tools he buys. Either he has the ability to understand how to configure his AP, or he needs to pay someone to do that, or to have a friend help him for free.

                  Either way, not being able to properly use a tool has never been a legal excuse.

                  link to this | view in chronology ]

        • identicon
          Anonymous Coward, 13 Jun 2014 @ 8:25am

          Re: Re: Re: Well, clearly not an authorized connection

          Leaving the wifi signal unsecured changes the categorization of the signal from private (secured) to public (unsecured).

          When the signal is public, it becomes analogous to the locked door vs open door scenario. Someone above mentioned, in jest, that they better turn themselves in because they "broke into" WalMart by walking through their closed, but unlocked door. Someone replied to that with some snark about not knowing the difference between a public store, and a private residence.

          When the signal becomes public, by being unsecured, it becomes like the WalMart, where it is expected that people will come & go as they please, and there is no trespassing taking place.

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2014 @ 8:38am

    > The neighbors left their WiFi open, and thus, by default, it is sending out signals that effectively say "welcome, feel free to connect to this network." It is authorized by the very nature of the setup of the network.

    This is a dangerous line of reasoning. Let's take it to its logical conclusion:

    The other day, I pulled up to my office parking lot, and the car parked next to me was a Mercedes with the doors unlocked and the keys sitting out in the open. Does very nature of the car's owner's setup effectively say, "Welcome, feel free to steal my car."

    Similarly, if a neighbor uses a weak WPA password, they are protecting their network with WPA, but the very nature of choosing a weak password effectively says, "Welcome, feel free to connect to this network."

    You're basically saying if the wireless network can be easily connected to, then it should be fair game for anyone to use.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 12 Jun 2014 @ 8:48am

      Re:

      I don't think either of those analogies work. There is no history of social norms being that leaving keys in the car constitutes permission for anyone to use that car. There is a history of such a social norm with unsecured WiFi.

      As to using a weak password, I would argue that the very fact of using a password (or any access control) at all, regardless of its strength, clearly indicates that only people in possession of the password are authorized to use the connection.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Jun 2014 @ 9:55am

        Re: Re:

        Perhaps more significantly, accessing someone's WiFi generally involves using it as a conduit to reach the open internet. As such, it's more like walking through an easement rather than breaking into a home. Had the person accessed private files on the WiFi owner's home network, the question of whether it was authorized becomes a lot more important.

        link to this | view in chronology ]

      • icon
        Kalvan (profile), 12 Jun 2014 @ 10:56am

        Car keys as invitation

        "There is no history of social norms being that leaving keys in the car constitutes permission for anyone to use that car."

        It's not widespread, but... about 10 years ago my wife got a job in a small college in the mountains of Colorado. The staff left the keys in their cars. When my wife asked about this, she was told, "what if a student or staff member without a car has to make a quick trip downtown? They can't drive our cars without the keys!"

        My wife's mind was blown, but there was no history of car theft at the college. A few years later, the police encouraged them to stop doing that.

        link to this | view in chronology ]

        • identicon
          Michael, 12 Jun 2014 @ 1:12pm

          Re: Car keys as invitation

          It was common practice on Marsh Harbor in the Bahamas too. I knew one guy that actually super-glued the key in the ignition of his car so people couldn't accidentally take it.

          link to this | view in chronology ]

    • icon
      Gwiz (profile), 12 Jun 2014 @ 8:59am

      Re:

      The other day, I pulled up to my office parking lot, and the car parked next to me was a Mercedes with the doors unlocked and the keys sitting out in the open. Does very nature of the car's owner's setup effectively say, "Welcome, feel free to steal my car."

      Nope, but if you want your analogy to be close to an open WiFi setup then the Mercedes would also have a sign on the windshield that says: "The owner of this car gives permission for anyone to test drive it". The very nature of open WiFi gives this explicit permission by broadcasting it's existence to every device within range.


      Similarly, if a neighbor uses a weak WPA password, they are protecting their network with WPA, but the very nature of choosing a weak password effectively says, "Welcome, feel free to connect to this network."

      Nope, the existence of a password, no matter how weak, denies permission and therefore it wouldn't be an open WiFi connection, which is what we are talking about here. Breaking or guessing the password to gain access is unauthorized access, not open access.


      You're basically saying if the wireless network can be easily connected to, then it should be fair game for anyone to use.

      Nope, we are talking about open WiFi, not ease of access. Permission to use is implied by the fact that it's not secured.

      link to this | view in chronology ]

      • icon
        Gwiz (profile), 12 Jun 2014 @ 9:53am

        Re: Re:

        The other day, I pulled up to my office parking lot, and the car parked next to me was a Mercedes with the doors unlocked and the keys sitting out in the open. Does very nature of the car's owner's setup effectively say, "Welcome, feel free to steal my car."

        Actually, there's another problem with your analogy. To compare with using my neighbor's open WiFi your analogy would have to be revised to consider the fact that the WiFi signal is being transmitted onto my property. More like if that Mercedes of yours was left with the key in it in my driveway. And there is even existing case law to support that I would then have the right to use that Mercedes. Here in Michigan we have an abandoned vehicle law, if someone abandons their vehicle on your property for x amount (I don't remember the length of time offhand) of time, you can then apply for a title from the State and the vehicle belongs to you.

        link to this | view in chronology ]

      • identicon
        boomslang, 12 Jun 2014 @ 9:53am

        Re: Re:

        I'm the OP (I usually post anonymously, but I like Fenderson for being a fellow pedant, so I'll put a name to my replies)

        First, Gwiz:
        > "The owner of this car gives permission for anyone to test drive it"

        I don't buy that. Open wifi access points don't have signs on them that say "The owner of this network gives permission for anyone to connect." The argument in the article is that the act of leaving your wifi open *implies* that others should be allowed to use it, just like leaving the Mercedes unlocked with visible keys *implies* that others should be allowed to "test-drive" it.

        Second, Fenderson:
        > "There is no history of social norms being that leaving keys in the car constitutes permission for anyone to use that car."

        This is a good point, but I'd like to tie in what Gwiz said. There are social norms for places putting up signs that say "Free Wifi" (coffee shops, libraries, airports, etc). My guess is that the unsuspecting neighbor didn't have a sign that said "Free Wifi" on the front of his house.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 12 Jun 2014 @ 10:01am

          Re: Re: Re:

          "Free Wifi" signs in establishments aren't there to grant permission, they're there to advertise.

          "My guess is that the unsuspecting neighbor didn't have a sign that said "Free Wifi" on the front of his house."

          Probably not, but I would argue that shouldn't be relevant. In this day and age, in order to sun your WiFi unsecured, you have to make a deliberate choice to do it -- nearly every AP comes with WPA enabled by default, and there is copious documentation about WiFi security that comes with them. If someone chooses to turn off WPA, they aren't "unsuspecting" at all. They're making a conscious choice.

          link to this | view in chronology ]

          • identicon
            boomslang, 12 Jun 2014 @ 10:25am

            Re: Re: Re: Re:

            > In this day and age, in order to sun your WiFi unsecured, you have to make a deliberate choice to do it -- nearly every AP comes with WPA enabled by default, and there is copious documentation about WiFi security that comes with them.

            In this day and age, people still use "password" and "123456" as passwords, but there's also copious documentation explaining why those two passwords are bad choices.

            I'm just saying that the argument that by leaving wifi unprotected, the owner implies authorization to anyone who wants to join is a tricky argument.

            Even though real-world analogies like the unlocked Mercedes (and I'm not making this up; the owner usually parks next to me at my office building) rarely fit the tech world, I think the Mercedes analogy works, and car locks have been around a lot longer than WPA.

            How about another question. If a neighbor has left his or her wifi open, can I then use range extenders to increase the range and let others who might not otherwise be in range gain access to the neighbor's open wifi?

            Or, can I manipulate traffic on the neighbor's network? Can I cut his connections? Can I log into the router web configuration and set up WPA?

            link to this | view in chronology ]

            • icon
              John Fenderson (profile), 12 Jun 2014 @ 11:29am

              Re: Re: Re: Re: Re:

              "I'm just saying that the argument that by leaving wifi unprotected, the owner implies authorization to anyone who wants to join is a tricky argument."

              I understand. I simply disagree -- it doesn't seem tricky at all.

              "If a neighbor has left his or her wifi open, can I then use range extenders to increase the range and let others who might not otherwise be in range gain access to the neighbor's open wifi?"

              Of course, and why not?

              "can I manipulate traffic on the neighbor's network? Can I cut his connections? Can I log into the router web configuration and set up WPA?"

              Of course not -- all of those things involve hacking and/or actual computer intrusion. You're conflating very different things.

              link to this | view in chronology ]

              • identicon
                boomslang, 12 Jun 2014 @ 11:38am

                Re: Re: Re: Re: Re: Re:

                So, leaving the network open implies that other people are authorized to use the network...but performing certain actions in the network are not authorized?

                How is the mooch supposed to know where the line should be drawn? Implying that people are authorized to connect by leaving wifi open is one thing, but using the network seems to be another.

                link to this | view in chronology ]

                • identicon
                  Michael, 12 Jun 2014 @ 1:20pm

                  Re: Re: Re: Re: Re: Re: Re:

                  First, any analogy that involves actual physical property (like a car) is fundamentally flawed by the fact that two people cannot use it at the same time. Someone using an open WiFi can be (and often is) completely transparent.

                  Part of this is about social acceptance. It has become normal to use open WiFi routers to access the internet. However, along with that, it has been not socially acceptable to use the entire bandwidth, change router settings, access other devices on the network, etc.

                  People using open WiFi tend to not expect people to be hacking into their systems, but they also (mostly) tend to accept it when it happens and simply secure their devices or the WiFi router.

                  Now, socially acceptable and law are certainly not the same thing. The problem we have is if you codify law in direct conflict with social norms, you tend to simply create laws that everyone will ignore. That never really works out well.

                  link to this | view in chronology ]

                • icon
                  nasch (profile), 12 Jun 2014 @ 3:16pm

                  Re: Re: Re: Re: Re: Re: Re:

                  Implying that people are authorized to connect by leaving wifi open is one thing, but using the network seems to be another.

                  You're suggesting it would be OK to connect to the router, but not OK to use that connection to access the internet?

                  link to this | view in chronology ]

                • icon
                  John Fenderson (profile), 12 Jun 2014 @ 6:08pm

                  Re: Re: Re: Re: Re: Re: Re:

                  "How is the mooch supposed to know where the line should be drawn?"

                  Because in order to do things the "mooch" (I prefer "guest") isn't allowed to do, he has to bypass access controls. Connecting to the WiFi means that they get an internet connection. That's the intention.

                  Open Wifi doesn't mean they everyone has free reign through all your systems, so it's not even remotely like leaving your front door open. It's more like what an earlier commenter said: letting people walk through an easement to get to the highway on the other side.

                  link to this | view in chronology ]

        • icon
          Gwiz (profile), 12 Jun 2014 @ 10:11am

          Re: Re: Re:

          Open wifi access points don't have signs on them that say "The owner of this network gives permission for anyone to connect."

          I'm arguing that broadcasting an unsecured SSID is exactly that message. It's saying "Hi. I'm a unsecured WiFi connection."

          If you want a private, closed WiFi that doesn't require a password, then don't broadcast the SSID (you can turn that off on most routers, by the way). Or better yet, turn on WPA/WEP and use a password.

          link to this | view in chronology ]

      • identicon
        Lee, 12 Jun 2014 @ 11:15am

        Re: Re:

        So if I don't have a lock on my front door, my house isn't secure - and it's fair game?

        Methinks not.

        I also dispute the idea that if I haven't explicitly denied authorization, that it's implied. I'd argue the exact opposite - it's denied unless it's explicitly authorized.

        link to this | view in chronology ]

        • icon
          nasch (profile), 12 Jun 2014 @ 3:17pm

          Re: Re: Re:

          I also dispute the idea that if I haven't explicitly denied authorization, that it's implied. I'd argue the exact opposite - it's denied unless it's explicitly authorized.

          Broadcasting an unsecured SSID is exactly that explicit authorization.

          link to this | view in chronology ]

          • icon
            Cain Abel (profile), 1 Aug 2014 @ 1:35pm

            Re: Re: Re: Re:

            Not just broadcasting SSID, also allowing association (no MAC filtering at the AP level), also having a DHCP server and giving DHCP offers (no MAC filtering at the DHCP level).

            The STA (the Wifi client) doesn't enter unless the AP allows it to enter.

            It's like having an automatic door.

            link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 12 Jun 2014 @ 12:35pm

      Re:

      The other day, I pulled up to my office parking lot, and the car parked next to me was a Mercedes with the doors unlocked and the keys sitting out in the open. Does very nature of the car's owner's setup effectively say, "Welcome, feel free to steal my car."

      No. But an open WiFi system is literally broadcasting a signal that grants permission to connect to it. Back in the early days of WiFi, most systems AUTOMATICALLY connected to ANY open WiFi network, because that's how open WiFi was designed to work. The open WiFi access point sends out a signal that says "hey, anyone, connect to me!"

      That's ENTIRELY different from leaving a key in the car.

      Similarly, if a neighbor uses a weak WPA password, they are protecting their network with WPA, but the very nature of choosing a weak password effectively says, "Welcome, feel free to connect to this network."

      No, because there, you've put a sign on it that says "you're not welcome here unless you've been granted permission." Very very different.

      You're basically saying if the wireless network can be easily connected to, then it should be fair game for anyone to use

      No. I'm saying that if your WiFi BROADCASTS a signal saying "welcome, join" then if you do join, you're clearly authorized.

      link to this | view in chronology ]

    • identicon
      DER, 12 Nov 2015 @ 9:42am

      Re: Piggybacking

      I am reading all these posts because I realized this morning upon trying to reconnect to the internet after some difficulty, the available wireless network I clicked on is my neighbor's directly across the street. No log in was required at all.

      A bit of snooping told me that the LInksys router password has been changed from its default, which may have the person thinking that they are running secure wifi. NOT!

      link to this | view in chronology ]

  • icon
    W Klink (profile), 12 Jun 2014 @ 8:40am

    Just get a warrant...

    I can't understand why they decided to skip the warrant. They thought about it and they had the time. It doesn't seem likely that a warrant would be denied. And if a warrant WAS denied, then the same court that denied the warrant would have likely been more inclined to have required one. On the other hand, if they DID get a warrant, much of this delay would have been gone and there would be less risk of the defendant getting off. What's the down side with getting a warrant? Why, when they have an abundance of probable cause, do police still try to skip this step?

    link to this | view in chronology ]

  • identicon
    Trevor, 12 Jun 2014 @ 8:40am

    Question

    Up until the whole "connecting to open wifi is a crime" part of the ruling, I thought the Court was on a somewhat reasonable path.

    In this case, the Cops didn't set up a mobile free wifi stingray style thing and track everyone connected to it, they asked a private citizen if they could monitor his internet router, and he agreed.

    In essence, they weren't searching Stanley's home, but rather got permission to search the owner of the wifi's home. In that search, the discovered evidence of Stanley's involvement.

    I would equate this situation to something like:
    Police are investigating mail fraud. They go to the address, but realize the owners are not involved. After asking for permission and receiving it, they monitor mail as it is delivered but do not open anything, and discover mail being re routed to another person through that address. Further investigation revealed that other person was likely involved, and a warrant was obtained.

    It seems like the Police actually tried to do it right this time. They could have avoided this whole headache of an Appeal had they just set up some mobile hotspot and not told him, or something. That seems to be the norm now.

    /my 2 cents

    link to this | view in chronology ]

  • icon
    Derek (profile), 12 Jun 2014 @ 9:31am

    Trespassing

    "The neighbors left their WiFi open, and thus, by default, it is sending out signals that effectively say "welcome, feel free to connect to this network."

    Can I ask a hopefully relevant question: If my neighbors decide to play ball on my yard, does it make a difference whether I have a fence up? I see this as similar - an open WiFi is like an unfenced yard. But that doesn't generally (to me) mean that any passerby can sit down and have a picnic. Or does it (legally speaking)?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 12 Jun 2014 @ 9:47am

      Re: Trespassing

      A fence doesn't make a difference in your case. But that's the wrong analogy -- using open WiFi is not trespassing in any sense, it's using a service. Your analogy would be better if someone was accessing your computers through your WiFi, but that's not what's being discussed here.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Jun 2014 @ 8:41am

      Re: Trespassing

      Did you put up a sign saying either, "Keep off lawn," or "Playing on my lawn is OK?"

      Can't we all just agree that a router broadcasting the SSID IS the sign. If the signal is open, and the SSID is being broadcast, then it's fair game. If the signal is secured, and the SSID is being broadcast, then you know it's not fair game.

      Also, if the signal is unsecured, but the SSID is not being broadcast, it's not fair game.

      link to this | view in chronology ]

      • icon
        The Wanderer (profile), 13 Jun 2014 @ 9:11am

        Re: Re: Trespassing

        That set of simple standards would be the ideal, and I'd support it.

        But that's not necessarily the existing understanding - and the existing understanding is what is being (and, arguably but - somewhat reluctantly - IMO, needs to be) applied in existing cases.

        link to this | view in chronology ]

  • icon
    Jay Lahto (profile), 12 Jun 2014 @ 9:32am

    Make Comcast Last?

    So, does this mean that all of Comcast's Xfinity WiFi customers are now committing a crime if they connect to another subscriber's WiFi through their Comcast provided equipment?
    Guess I'd better turn myself in; I connected to a neighbor's Xfinity AP (I don't know who)with my android phone using my Xfinity ID just to see if it worked.
    I hope they have internet access in the big house.

    link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 12 Jun 2014 @ 9:33am

    Agree with the court

    Actually, I agree with the court in this case.

    Let's put it into a different context. Suppose one of my next door neighbors is sneaking in through my doggie door to make international phone calls.

    The police ask me to cooperate in catching the neighbor; to allow them to wait in my kitchen. I'm certainly entitled to give them that access: It is my house after all. I should have the right to not cooperate with the police; but the moocher has no right to insist that I not cooperate.

    So it seems to me that someone who "enters" my house to borrow my WiFi has no grounds for complaint if I assist the police in finding out who they are. My WiFi, my choice.

    link to this | view in chronology ]

    • icon
      Gwiz (profile), 12 Jun 2014 @ 9:43am

      Re: Agree with the court

      Let's put it into a different context. Suppose one of my next door neighbors is sneaking in through my doggie door to make international phone calls.

      Incorrect analogy. With open WiFi it's more like you running your phone line and placing an extension into your neighbors' house that they make international calls with. Remember, your WiFi signal doesn't stop at your property line, you are transmitting into their house all the time. There is no trespassing of your physical property when someone connects to your open WiFi signal from within their own house.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2014 @ 9:50am

      Re: Agree with the court

      Wow... apples and oranges comparison.

      One does not have to physically enter a house to gain access to WiFi. Entering a home without permission to make an international call or not should be considered illegal entry whether the door is wide open or barred shut. And is a greater crime than the call being placed.

      If you leave your WiFi open then it should be the equivalent of putting your property out onto the curb for others to freely take. You cannot expect people to know if you are offering Free WiFi or not if it is unprotected.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Jun 2014 @ 10:30am

        Re: Re: Agree with the court

        If you leave your property on your porch/drive it still doesn't provide express consent for others to take without compensation (in the absence of a 'free to a good home' sign or the equivalent). I leave my car in my driveway. Should I not expect it to be there when I want to use it?

        Why not extend your analogy to leaving a window open being equal to you giving permission to enter your home, have sex with your pets, and eat all the cookies in the kitchen? Where does the authority come from to do anything on or with private property?

        Authorized access requires permission from an authority (i.e. the owner or an agent of the owner). Leaving wifi networks unencrypted is not permission, it is simply a vulnerability.

        link to this | view in chronology ]

        • icon
          Gwiz (profile), 12 Jun 2014 @ 11:05am

          Re: Re: Re: Agree with the court

          Why not extend your analogy to leaving a window open being equal to you giving permission to enter your home, have sex with your pets, and eat all the cookies in the kitchen? Where does the authority come from to do anything on or with private property?

          No one is talking about trespassing here. That's always been illegal.

          Question: Is it illegal to listen to my neighbor's loud stereo from my property? How is this different?


          Authorized access requires permission from an authority (i.e. the owner or an agent of the owner). Leaving wifi networks unencrypted is not permission, it is simply a vulnerability.

          I disagree. Open access is not the default setting for routers these days. You have to conscientiously set your router to open. Add in the fact that the router is basically screaming "I'm an open WiFi!" to every device within range when it broadcasts the SSID, how is that not permission? I don't need explicit permission to receive unencrypted television signals that enter my house, do I?

          link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 12 Jun 2014 @ 12:40pm

      Re: Agree with the court

      Let's put it into a different context. Suppose one of my next door neighbors is sneaking in through my doggie door to make international phone calls.

      That is totally different. With open WiFi you are sending your signal TO his yard and it has a clear message with the signal that SAYS "please connect." That's how WiFi works.

      My WiFi, my choice.

      Right, and the choice you make with open wifi is to have your WiFi blast out a message that says "please connect."

      link to this | view in chronology ]

  • identicon
    rapnel, 12 Jun 2014 @ 9:45am

    Using open wifi is not a crime. I don't care if any law implies otherwise.

    Likewise, providing open wifi is a service and I would always encourage it and I do provide it.

    Gosh, that's a tiny bit like using a common handheld radio isn't it? "We're you authorized to use that channel?" Wat?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2014 @ 9:52am

    The court did not say it was illegal. It acknowlaged that some states make it illegal.
    No one has challenged those laws, and in this case that was not challenged. A court is not going to invalidate a law when it is not asked to.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2014 @ 9:53am

    *calls Prenda law*

    Hello, I'd like to sue someone for facilitating criminal activities. Who, you ask? Every damn store that's living in 2014.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2014 @ 9:55am

    Stanley tried to suppress the evidence, arguing that the use of MoocherHunter required a warrant


    A warrant for someone to check their own network for intruders? Next we'll see monsters claiming children have to get a warrant before they look under the bed.

    link to this | view in chronology ]

  • icon
    Ernie Gordon (profile), 12 Jun 2014 @ 11:07am

    If you leave your car running but unattended when you run into the house to get something you forgot and someone drives off in it, that's theft - an unlawful taking which deprives the owner of their property (or use of their property in some jurisdictions). Use of unsecured WiFi cannot be theft because it does not depriving the owner of their property.

    link to this | view in chronology ]

    • identicon
      Lee, 12 Jun 2014 @ 11:19am

      Re:

      So by that logic, my downloading music / movies / etc. would be legal, because I'm not depriving the owner of their property.

      But it is - I'm depriving them of revenue in my case above, and the use of unsecured WiFi deprives me of my ability to, perhaps, stream my Netflix without interruption. You may be negatively affecting me - I'm not sure what you want to call that, but it certainly isn't right.

      link to this | view in chronology ]

      • icon
        nasch (profile), 12 Jun 2014 @ 3:21pm

        Re: Re:

        So by that logic, my downloading music / movies / etc. would be legal, because I'm not depriving the owner of their property.

        It's not theft. Whether it's illegal is a different question.

        the use of unsecured WiFi deprives me of my ability to, perhaps, stream my Netflix without interruption. You may be negatively affecting me - I'm not sure what you want to call that, but it certainly isn't right.

        There is a very simple solution to that problem that doesn't involve any laws.

        link to this | view in chronology ]

  • identicon
    andypandy, 12 Jun 2014 @ 11:43am

    here we go again!!!

    It is legal it is not legal it is legal it is not legal. Come on lets just make it legal once and for all and stop messing with what people have purchased.

    link to this | view in chronology ]

  • identicon
    John Cressman, 12 Jun 2014 @ 12:11pm

    Maybe not...

    I'm with the police on this one - you know, it hurts just saying that.

    They actually asked the person who was paying for the internet service to install the software to find the person - they didn't do it themselves.

    The person agreed. Enuf said.

    You use someone else's wifi at your own risk... open or not. Let's face it... open wifi is a redflag anymore... it's WAY too easy to do a man-in-the-middle attack nowadays.

    link to this | view in chronology ]

  • icon
    Bergman (profile), 12 Jun 2014 @ 12:29pm

    It's not problematic at all at the end

    If I leave my front door unlocked, it's still residential burglary for someone to help themselves to my TV.

    If my niece leaves her ball on the grass of her front yard, it's not free for anyone to take.

    It may be possible to take unsecured Wi-Fi without breaking into anything, but that's not the same thing as putting a table on the sidewalk with a sign saying "free stuff".

    I do secure my Wi-Fi but even if I didn't, If I wanted people to use my Wi-Fi, I'd name my router something like "Free Internet Connection" not "MyName's Wireless".

    link to this | view in chronology ]

    • icon
      Gwiz (profile), 12 Jun 2014 @ 1:22pm

      Re: It's not problematic at all at the end

      If I leave my front door unlocked, it's still residential burglary for someone to help themselves to my TV.

      Yes. But using someone's open WiFi doesn't' involve trespassing. BIG difference.


      If my niece leaves her ball on the grass of her front yard, it's not free for anyone to take.

      What if your niece leaves her ball in my yard? I have every right to be a dickhead neighbor and throw it in the trash. Using someone's open WiFi doesn't involve trespassing onto someone else's property, it's broadcast onto my property.


      It may be possible to take unsecured Wi-Fi without breaking into anything, but that's not the same thing as putting a table on the sidewalk with a sign saying "free stuff".

      Please explain the difference. Your router is sending out a signal saying "Unsecured WiFi here!", why is that different than a physical sign saying "Free stuff here!"?


      I do secure my Wi-Fi but even if I didn't, If I wanted people to use my Wi-Fi, I'd name my router something like "Free Internet Connection" not "MyName's Wireless".

      What does the SSID name have to do with anything? Most of the AT&T DSL connections around my house are the default "2WIRExxx" names. It's just an arbitrary name.

      link to this | view in chronology ]

    • identicon
      Michael, 12 Jun 2014 @ 1:25pm

      Re: It's not problematic at all at the end

      and I have an open WiFi router to allow internet access. It is not named in any way that has open in it (it is actually my last name + "QC") and I DO have it there so anyone can access the internet when they are within range.

      My way of letting people know they can use it - leaving it unsecured and broadcasting the ID.

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 12 Jun 2014 @ 6:11pm

      Re: It's not problematic at all at the end

      What "stuff" is being taken?

      link to this | view in chronology ]

  • identicon
    Anonymous, 12 Jun 2014 @ 3:14pm

    This is Amerikkka. What ISN'T a crime?

    link to this | view in chronology ]

  • identicon
    Rekrul, 12 Jun 2014 @ 4:37pm

    So the lesson here is; When using someone else's WiFi for illegal purposes, don't be greedy. Don't keep using it after the cops pay a visit to your neighbor's home. ;)

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 12 Jun 2014 @ 6:14pm

      Re:

      You joke (and I marked it funny!) but I remember what a police detective friend of mine once told me about committing crime: if you're halfway intelligent, you can get away with nearly anything if you only do it once. What gets people caught is that they get greedy and do it again.

      link to this | view in chronology ]

  • identicon
    wifi en eventos, 12 Jun 2014 @ 10:40pm

    different view

    I would say free wi fi is not crime but free unsecured wifi should be . better have a safe connection.

    link to this | view in chronology ]

  • identicon
    JustSomeGuy, 12 Jun 2014 @ 10:56pm

    Vehemently disagree

    "Just the idea that this is unauthorized access is a big problem, because it's not unauthorized."

    If I (stupidly) leave my front house door open when I go out, that is NOT authorisation for someone to enter my home.

    Ditto for unsecured wifi, unless your SSID is "come_use_me_for_free". The vast majority of people have no idea how to secure their equipment.

    In any case, if you want to have some fun with your neighbours, you should rename your wifi to "FBI surveillance van # 7".

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 13 Jun 2014 @ 5:53am

      Re: Vehemently disagree

      "The vast majority of people have no idea how to secure their equipment."

      If the equipment was purchased in the last few years, it comes pre-secured, so people don't have to know. You have to know how to unsecure it.

      link to this | view in chronology ]

    • icon
      nasch (profile), 13 Jun 2014 @ 7:14am

      Re: Vehemently disagree

      If I (stupidly) leave my front house door open when I go out, that is NOT authorisation for someone to enter my home.

      Why do so many people think open wifi is the same as an open front door?

      link to this | view in chronology ]

      • icon
        PaulT (profile), 13 Jun 2014 @ 7:19am

        Re: Re: Vehemently disagree

        "Why do so many people think open wifi is the same as an open front door?"

        Option 1: They haven't got a clue what the actual argument is and choose a faulty analogy that has nothing to do with it.

        Option 2: They know exactly what the argument is, and deliberately introduce misleading analogies to skew the argument and distract from the point or to introduce an emotional response not relevant to the true argument (see also: **AAs using shoplifting analogies when discussing file sharing).

        link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 13 Jun 2014 @ 7:21am

      Re: Vehemently disagree

      Did you read any of the comments above already dealing with this?

      If I (stupidly) leave my front house door open when I go out, that is NOT authorisation for someone to enter my home.

      That is true. But that's not what you're doing with open WiFi. Open WiFi is literally blasting out a signal that says "come use me". If you put a sign on your front door that says "come on in" it would be the same thing.

      Ditto for unsecured wifi, unless your SSID is "come_use_me_for_free".

      Your WiFi is broadcasting a "come use me for free" signal. If you don't want that, change it.

      The vast majority of people have no idea how to secure their equipment.

      People claim this, but it's bullshit. May have been true in early years, but almost all WiFi today comes secured.

      link to this | view in chronology ]

      • icon
        PaulT (profile), 13 Jun 2014 @ 7:27am

        Re: Re: Vehemently disagree

        "Your WiFi is broadcasting a "come use me for free" signal"...

        ...into publicly accessible airspace.

        I think that's something to emphasise in these argument. If I'm using your open wifi, I'm doing to from the street or an adjacent building, not entering your property as I would need to in order to open your door.

        In other words, if people have a real issue with people using their wifi, they should stop sending open invitations to the general public for them to do so.

        link to this | view in chronology ]

    • icon
      Gwiz (profile), 13 Jun 2014 @ 8:17am

      Re: Vehemently disagree

      If I (stupidly) leave my front house door open when I go out, that is NOT authorisation for someone to enter my home.

      That's right. But if you do, there's no law keeping me from standing on the street and watching your TV through the door that was stupidly left open. That's closer to using someone's open WiFi. No trespassing onto your property is involved.

      We've gone over this multiple times on this comment page already and I'm beginning to feel like a broken record. *sigh*

      link to this | view in chronology ]

    • icon
      Cain Abel (profile), 1 Aug 2014 @ 1:43pm

      Re: Vehemently disagree

      "The vast majority of people have no idea how to secure their equipment."

      Not my problem.

      If they don't know how to use a Wifi AP, then they should:
      - learn themselves
      - or seek help
      - or refrain from using it

      link to this | view in chronology ]

  • icon
    Gene Cavanaugh (profile), 13 Jun 2014 @ 7:43am

    Open WiFi is an invitation? Don't think so.

    You say: "The neighbors left their WiFi open, and thus, by default, it is sending out signals that effectively say "welcome, feel free to connect to this network."".

    By that reasoning, if I leave my lawn unguarded, I am saying "here, feel free to dig up my grass?" or if I leave my car outside unlocked with a package in it (admittedly stupid, but ...) I am saying "free package, everyone".

    Don't think so. I think taking what is not yours, whether the owner knows or not, or feels deprived or not, is, and should be, criminal.

    link to this | view in chronology ]

    • icon
      PaulT (profile), 13 Jun 2014 @ 7:47am

      Re: Open WiFi is an invitation? Don't think so.

      "By that reasoning, if I leave my lawn unguarded, I am saying "here, feel free to dig up my grass?" or if I leave my car outside unlocked with a package in it (admittedly stupid, but ...) I am saying "free package, everyone"."

      Yes, if they can do so with neither entering your property nor removing access from those items for yourself.

      or, you can read the thread, realise this idiotic analogy has been repeatedly been debunked before you got here, and address the actual argument with an original thought.

      link to this | view in chronology ]

    • icon
      Cain Abel (profile), 1 Aug 2014 @ 1:47pm

      Re: Open WiFi is an invitation? Don't think so.

      Wrong analogy.

      We are NOT discussing unsecured FTP server or NFS server.

      We are NOT discussing the deletion of files.

      link to this | view in chronology ]

      • icon
        nasch (profile), 1 Aug 2014 @ 2:05pm

        Re: Re: Open WiFi is an invitation? Don't think so.

        Did this story just get linked somewhere? Why several new comments today?

        link to this | view in chronology ]

  • identicon
    Anonymous, 13 Jun 2014 @ 6:18pm

    If CP was legal, there would be fewer problems like this. But then, if CP was legal, how could we clog the court system and overfill our prisons with non-violent offenders whose only "crime" is looking at and sharing pictures?
    Gotta remember though...it's for da chilldrin!

    link to this | view in chronology ]

  • icon
    Aaron (profile), 15 Jun 2014 @ 6:00am

    If my neighbor has an apple tree that is rooted on his property but dangles on my side of the fence, you damn right ima eat an apple.

    link to this | view in chronology ]

  • identicon
    yep, 15 Jun 2014 @ 4:39pm

    reasoning for third party

    The way I see it its the third parties call, they can require the police to get a warrant or waive that right. Now as a consumer I expect my privacy to be guarded by my ISPs and the services I use and the interconnects they both use. However if I am connecting to someones network with out permission or payment they carry no responsibility to protect my data. It does not however make doing so illegal.

    link to this | view in chronology ]

  • identicon
    mej, 10 Sep 2014 @ 12:23pm

    Bad analogies all around

    A wifi router broadcasts signals that anyone may capture and decrypt. If you broadcast to that wifi router, you ARE entering someone else's home and are trespassing, unless you have explicit permission.

    It is a social convention/law whether an open wifi is an invitation to use it or not. Obviously there is disagreement. That's what legislatures are for.

    link to this | view in chronology ]

    • icon
      nasch (profile), 10 Sep 2014 @ 1:05pm

      Re: Bad analogies all around

      A wifi router broadcasts signals that anyone may capture and decrypt. If you broadcast to that wifi router, you ARE entering someone else's home and are trespassing, unless you have explicit permission.

      So much wrong...


      • If the signal is encrypted, then only those who have been given the key may decrypt it (attackers CAN decrypt it but they have not been given permission, therefore they MAY not).

      • Broadcasting a radio signal is not entering someone's home. Leave aside the issue of permission for a moment. If someone is standing outside my house and I call out the window and invite him to connect to my router, and he does, is he then inside my home? Of course not.

      • If the access point is open, that is permission. That is the only purpose of an open access point: to allow anyone who wants to connect to it. Leaving access open is the way that the administrator grants permission.

      link to this | view in chronology ]

  • icon
    RobTX (profile), 27 Jun 2017 @ 4:08pm

    Kicking an old thread which still has bad analogies

    Watching TV or listening to music from the street through an open door or window does not deprive the owner of anything, just as the passerby cannot un-hear the music or un-see the TV once they are aware of it.

    WiFi is similar in really only one respect, for all those that say a broadcast SSID and/or no password is essentially the same as an open door or window, in that a STAtion (wifi device) within range literally cannot un-hear the signal as it is broadcast by the AP. At the same time, the rightful owner is not (yet) deprived of anything simply by another off-property person being able to receive the WiFi signal.

    That is where the similarities end, for multiple reasons:
    (1) It is considered Industry Best Practice to enable an SSID to be broadcast as it simplifies connections and preserves mobile device battery life. Note that I am NOT advocating for no password.

    (1a) Broadcast or NOT broadcast should neither be a technical security measure, nor a legal basis on which to form the rightful owner's intent for usage of the SSID.

    (1b) Sometimes an SSID may be set to broadcast and left with no password, while the owner is troubleshooting a problem. Maybe, they forget to immediately reset the security credentials to be required, once troubleshooting is complete. Does this oversight by the owner constitute authorization to use? I think not.

    (1c) Not setting an SSID to broadcast does NOT mean that it is never transferred in a WiFi frame and it would be a trivial effort to capture enough WiFi traffic to be able to determine what the SSID is, without hacking anything, just simple deduction and analysis.

    (1d) Suppose a new neighbor moves in and, unwittingly, sets up their WiFi SSID and it ends up being the same as another neighbor's within range. Now, who is the rightful owner of that SSID literally being transmitted by two distinct owners and how would one convey trespass when there is no way to distinguish one from the other so long as both have the same SSID?

    (2) The reception alone of a WiFi signal is useless until the STAtion initiates association with that SSID, which at that point constitutes an intent to use a resource.

    (2a) Just as many will say that "all routers being shipped since blah-blah-blah will have security enabled by default", I could argue that all STAtions have a setting to auto-join known or even open wireless SSIDs, which COULD be turned off or set to ONLY join known SSIDs. For Security purposes, I would recommend disabling the setting of joining open SSIDs which are not otherwise configured on the device.

    (2b) At the point that the STA-to-AP association is complete, there is a broadcast by the STA for an IP address which would be fulfilled by a DHCP server. So, now is having a DHCP server stating an intent for the entire neighborhood to freely use that as well?

    (2c) Once an IP address is assigned, then the STA begins consuming bandwidth, very likely diminishing the value of the connection for the legitimate owner(s). At this point, theft of service has been committed.

    (3) To the posts saying that logging into the owner's AP administration page or any other device recognized on the owner's network, that THIS is crossing the line. What if the admin credentials on the AP had been left at default? What if the owner's Windows machine has sharing enabled and the machine name is being broadcast on the network, as is almost always the case with Windows? Or, the Windows machine has Remote Desktop Protocol enabled? Is an "unauthorized user" supposed to infer that if he/she was able to openly gain access through the AP, gain an IP address from the DHCP server on the AP, and then receives broadcast UDP traffic from a Windows host with no security on a file share is ONLY THEN crossing the line and now has "HACKED" something that was very easily known just by listening?

    IANAL, but I see very many places where these arguments fail when asserting that either broadcast SSID, that no password, or that both means fair use for anyone within range. I especially don't understand those who would say that accessing a broadcast, unsecured SSID is all good but then accessing anything local to the owner's network would be theft or trespass, while to bypass the local network and consume bandwidth on the Internet connection itself is then fair use again. You can have it one way, or the other, but not both! Either it is totally off-limits without express permission, or anything is fair game!

    Lastly, for those who know enough about WiFi to know the terms WEP or WPA and think that you are espousing some wisdom related to Information Security, please forget those terms and never mention them in public again. WEP has been exploited for about 15 years now, and WPA1 with either AES or TKIP has for about 8 years. Only WPA2/AES, preferably with 802.1x authentication of the STA and the User, are true security for now (2017-06-27), but not forever! By mentioning WEP or WPA, and not specifying WPA2, others who may happen upon this thread may infer some technical merit in that and assume that they are secure with either of those when in fact they are even more of a target, because now they are signalling that there is something they want to keep outsiders from, but any 12-year-old would be able to break into it in a matter of minutes. Sure, this would be crossing the line into illegal territory and while we may have something to charge the offenders with, we aren't doing a DAMN thing to deter them by using WEP or WPA. If we want to talk about the next responsible attempts that AP vendors (and I work for one) could do to improve overall security, it would be to remove the code and administrative options to configure both of these legacy measures of OBSCURITY, *and* to make cloud-management of the AP easier (mandatory) such that some level of authentication of the user and machine is more readily available to the intentional non-Enterprise users. Shame on them for not doing it yet!

    Personally, I favor enabling Guest access but not Open access, then we require some form of handshake that you've seen and agree to my terms and I allow you to use my resource within all legal bounds, so long as your use is not detrimental to mine. This would leverage a captive portal with an SMS PIN or some common hotspot user authentication framework, so that in the event that the RIAA/MPAA, or two MIB from an TLA come knocking on my door, I have some potential means of attribution of the wrongdoing. Then again, these may just be additional veils of Obscurity without meaningfully augmenting Security one bit.

    Look forward to the responses....

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.