StarDestroyer.Net BBS

I was having an argument with a friend regarding whether it is ok to use other people's wireless networks for internet access.

Primarily she told me that since she can get internet access by simply getting on the wireless networks of the other residents of her apartment, and therefore could ditch paying for her own internet access. "Why should I pay for internet when I can just use someone else's wireless network."

I tried to shoot that down by citing both the ethical and legal issues involved by doing that, as well as the fact that there is no gaurantee that the network will always be available to you.

So question

What legal issues are involved here. I recall a case of someone being proscecuted criminally. She didn't believe there are any legal issues, and said that if she got caught, there was nothing the owner of the wireless network could do about it legally.

What ethical issues do you see here?

Its not an ethical problem. It's clearly stealing. It's also a potential violation of privacy: it's like saying 'we don't need central heating because we can sit in the neighbours yard and get warm'.

Sure, people with vulnerable wireless are morons, but that doesn't make it okay to use their shit - particularly in places like AU, where such bandwidth is strictly metered.

On the other hand, stealing bandwidth is a powerful demonstrator for WPA2, I've done it several times myself. Claiming its okay to do because you're a cheap bastard is ridiculous.

Technicly in the US, you are doing an unauthorised accsesing of a network, which can be criminaly persecuted, but I don't know the possible punishments. I think there is some attempt in the US to redefine it so that if a network is left purpusefuly open (or, well, you are too stupid to even attempt to close it) it is assumed there can be no unauthorised accsess. But for now it is illegal.

As far as personally, I wouldn't use it for my primary internet connection. That is just wrong. However, using it when I'm outside and need an Internet connection on my laptop for light surfing and mail and there is no free or cheap hotspot available would be ok. No downloads tho.

It is kinda horrifiying how many people leave their networks wide open. In this little coffeshop I sometimes go to to study that is on the ground floor of an apartment building there are at least 6 open networks anytime I'm there. 2 of them with filesharing going on over the network with no priviledge protection against writing. I thought about leaving a message on one of those computers but decided it's better not to spook someone that stupid into making my life complicated.

I've posted this a couple of times before in response to this issue in general:

Here's a good analogy, and it's much more fitting than any attempt to make analogies to physical objects.

You put together and turn on a web server. This web server, when sent a request, will respond and grant me or anyone access to whatever resources it sees fit (as it is told by it's configuration files).

By accessing this server, I'm consuming resources that you're paying for. If you're hosting the server at your house on a broadband connection, sufficient access of the server could degrade your internet experience.

Am I stealing your internet? Should I personally ask permission before accessing your server? Should I be liable for criminal charges if you in fact did not intend to share certain resources through this web server because you were too inept to restrict what resources it was allowed to share?

No, I shouldn't! Authorization is implied by the fact that the server granted my requests.

The same applies to a wireless router that somebody was too inept to properly configure. If the router grants my honest requests for access and communication, that is implicit authorization to utilize the resources that router is willing to share with me.

At some point, the network administrator must take responsibility for the proper use of his or her equipment. The mechanisms by which networking technology works - the granting or denial of requests - inherently implies authorization (or a lack thereof) to those who abide by the security settings in place on a network.

I will readily accept that wireless routers should be configured by default to have their wireless component disabled until someone accesses the configuration utility and turns it on. Furthermore, I will happily support the prosecution of someone who defeats security measures implemented to restrict access to a wireless network - even if those measures are weak and easily broken.

Now, here's my take on the specific situation at hand.

No matter what I or anyone else thinks about wireless networking ethics, the law is the law and I'd be willing to bet she could theoretically get nailed for it. Theoretically.

However, there's still the logistical issue of finding the one person in an apartment complex of (how many?) people who is using their wireless network, especially if (as you implied) there are multiple overlapping wireless networks and it's even possible that people have been unwittingly connecting to each other's networks to begin with.

I personally think that relying on someone else for an internet connection is logistically feasible, so long as she doesn't rely on having a (relatively) assured connection to the internet at any given time. I wouldn't want to do it myself as I like to be able to use all of the bandwidth at my disposal without concern for others, and I wouldn't like being at the mercy of someone else for my internet connection.

Barring some psychological warfare on your part, I highly doubt she'll give up her habit (who really wants to give up something for nothing?), and I personally don't think it's worth the stress to yourself or to your friendship to press the issue.

The scenario boggles the mind - not ONE unsecured wireless network, but SEVERAL? Surely having more available networks would stimulate people to use decent security?

mmar, when you're trying to get clients to buy better APs, leaving nasty messages on servers is an excellent way to do it. People don't seem to understand what you mean by 'anyone can just get in' until you SHOW them.

Stark wrote:The scenario boggles the mind - not ONE unsecured wireless network, but SEVERAL? Surely having more available networks would stimulate people to use decent security?

mmar, when you're trying to get clients to buy better APs, leaving nasty messages on servers is an excellent way to do it. People don't seem to understand what you mean by 'anyone can just get in' until you SHOW them.

Most people who buy wireless networks don't understand the first thing about them.

I have spoken to someone who was adamant that the network that our company had set up for her had stopped working all of a sudden, despite the fact that only one of her computers couldn't access it.

Turns out she was connected to her neighbour's network. She didn't know the difference.

People are stupid, and live in their own closed little worlds, they don't know that you even can secure a wireless network, or even have more than one in range, or connect to someone else's.

And you won't educate them either, because they don't want to understand the computer they've paid a grand or so for.

Despite the overhead, WPA and WPA2 are your friends when keeping asswipes like her from leaching bandwidth or worse, browsing through and/or infecting your systems.

If I *need* superfast transfer speeds for huge files like movies, I'll just hardwire the connection between the laptop and the router.
Even heavily encrypted G is plenty fast enough for internet surfing, email, and the occasional small file transfer between machines.

Uraniun235 wrote:Now, here's my take on the specific situation at hand.

No matter what I or anyone else thinks about wireless networking ethics, the law is the law and I'd be willing to bet she could theoretically get nailed for it. Theoretically.

Not just theoretically - people have been nailed for using their neighbor's wireless access.

Just to teach her a lesson that she can't do that shit and freely brag about it, I'd frankly report her if I were you.

Uraniun235 wrote:I've posted this a couple of times before in response to this issue in general:

Here's a good analogy, and it's much more fitting than any attempt to make analogies to physical objects.

You put together and turn on a web server. This web server, when sent a request, will respond and grant me or anyone access to whatever resources it sees fit (as it is told by it's configuration files).

By accessing this server, I'm consuming resources that you're paying for. If you're hosting the server at your house on a broadband connection, sufficient access of the server could degrade your internet experience.

Am I stealing your internet? Should I personally ask permission before accessing your server? Should I be liable for criminal charges if you in fact did not intend to share certain resources through this web server because you were too inept to restrict what resources it was allowed to share?

No, I shouldn't! Authorization is implied by the fact that the server granted my requests.

You say that a physical comparison isn't apt here, but I disagree. What you described is basically finding your neighbors apartment door wide open, taking an extension cord from your apartment, and hooking it up to one of his outlets in order to run some of you appliances. It's stealing, pure and simple.

The same applies to a wireless router that somebody was too inept to properly configure. If the router grants my honest requests for access and communication, that is implicit authorization to utilize the resources that router is willing to share with me.

"If he leaves his door wide open when he's not home then it's implicit authorization for me to go into his house and take whatever I need."
That's an oversimplification, and I left out the "honest request" bit, but I'll adress that now. You are basically taking advantage of someone elses stupidity. Con artists like to use that as an excuse.

At some point, the network administrator must take responsibility for the proper use of his or her equipment. The mechanisms by which networking technology works - the granting or denial of requests - inherently implies authorization (or a lack thereof) to those who abide by the security settings in place on a network.

Of course, just like your neighbor really has no right to complain if he gets robbed blind for leaving his door wide open. However the people that took advantage of his being an idiot are still criminals because the door being wide open doesn't imply authorization to go in and take whatever you want.

I will readily accept that wireless routers should be configured by default to have their wireless component disabled until someone accesses the configuration utility and turns it on. Furthermore, I will happily support the prosecution of someone who defeats security measures implemented to restrict access to a wireless network - even if those measures are weak and easily broken.

So the door being unlocked, but closed (another not too intelligent thing to do) is where you draw the line. I know you would never walk into someone's home and feel free to take whatever you feel like because the door was left ajar, so why do you feel it's acceptable to steal peoples bandwidth? I mean you may not be causing any real harm, and the person you're stealing from probably will never know it's happening, but it doesn't make it any less immoral.

It's more of a legal problem than anything. I'm not sure whether theres an equivalent of the Computer Misuse Act that we have here in the UK where you are, but the first part of the act says the following

Computer Misuse Act 1990 UK laws wrote:Computer misuse offences

Unauthorised access to computer material.

1.—(1) A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
(2) The intent a person has to have to commit an offence under this section need not be directed at—
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.

This would extend to accessing someone elses wireless network, even if that person hasn't secured their wireless router.

I think most countries have something equivalent to the Computer Misuse Act.

Ethically it's stealing internet access and is of course wrong, it also pisses off the person who's internet connection it is (especially if they have a usage limit).

phongn wrote:

Uraniun235 wrote:Now, here's my take on the specific situation at hand.

No matter what I or anyone else thinks about wireless networking ethics, the law is the law and I'd be willing to bet she could theoretically get nailed for it. Theoretically.

Not just theoretically - people have been nailed for using their neighbor's wireless access.

Any examples?

Spanky The Dolphin wrote:Just to teach her a lesson that she can't do that shit and freely brag about it, I'd frankly report her if I were you.

Wasn't exactly bragging. She just felt that there is really no good reason to continue paying $40 a month for internet access, when she can get it for free. To her its a simple matter of $0 < $40.

And reporting her isn't in the best interest of continuation of the relationship..

You honestly think it's an ethical question when her attitude is 'lolz it's free'? *Somebody* is paying for it, and she's *stealing* it. Are you sad nobody here will support your moral cowardice?

She could offer to split the bill with the guy that has the network. I think that's what my sister and her roommates did this past year. At least that was a possibility, I forget if they actually got highspeed or not.

Or she could stop being a fucking criminal. Lots of people do bad things, selfish things, illegal things - it's the really fucked up people who try to *justify* this. Remember, it's OKAY to steal broadband! It's OKAY!

Well as laws for computer networking is all state driven, you'd have to check your state, but most states follow the same thing.

North Caralina law(where I live) states according to 12-454 of N.C.G.S 14-454-458 states that, and I quote: "It is unlawful to willfully, directly or indirectly, access or cause to be accessed any computer, computer program, computer system, computer network . . . A violation of this subsection is a Class F felony if the scheme results in damages more than one thousand dollars, or if the property or services obtained are worth more than one thousand dollars, any other violation is a class 1 misdemeanor."

Most states have the same thing, or at least something close, but I bet the article number is different.

The problem is that most people don't even think there is anything wrong with this since most people don't know anything about how the internet or wireless networks work

The reason this board is so up in arms over it is because we have the technical knowledge.

The other problem is that she doesn't think its illegal, and sees no reason why it should be illegal. Two arguments being that the signals are entering her house so its ok to use them, and the other being a rebuttal of the unlocked door argument in that the the wireless network owner does not own the internet. The second argument can be easily refuted by someone with a computer science degree (like me), but I would be hard pressed to refute the first one, espescially given that the person in question has a lot more legal background than I do.

The best evidence I would have to the contrary is examples of people being proscecuted for this, and/or laws against this. Otherwise it would be me being preachy.[/i]

Naquitis wrote:Well as laws for computer networking is all state driven, you'd have to check your state, but most states follow the same thing.

North Caralina law(where I live) states according to 12-454 of N.C.G.S 14-454-458 states that, and I quote: "It is unlawful to willfully, directly or indirectly, access or cause to be accessed any computer, computer program, computer system, computer network . . . A violation of this subsection is a Class F felony if the scheme results in damages more than one thousand dollars, or if the property or services obtained are worth more than one thousand dollars, any other violation is a class 1 misdemeanor."

Most states have the same thing, or at least something close, but I bet the article number is different.

Thank you

Flagg wrote:You say that a physical comparison isn't apt here, but I disagree.

"I'm only interested in advancing my own moral position so I'm going to intentionally use an inferior analogy to argue my case."

That's some good arguing there, chief. Why don't you try attacking the analogy I've advanced before trying to hinge your argument on yet another godawful analogy with physical objects which generally doesn't apply to computing?

What's next, a retarded car analogy?

What you described is basically finding your neighbors apartment door wide open, taking an extension cord from your apartment, and hooking it up to one of his outlets in order to run some of you appliances.

US residential internet providers charge a per-month fee for access, and for the most part there are no additional fees levied for however much bandwidth you choose to use. Hence, if I go on vacation for a month, I still get billed the same as if I'd stayed at home and maxed out the connection with Yugoslavian pornography the whole time.

This is distinctly disanalogous to physical public utilities like electricity or water, in which the rates are assessed by the amount of usage. Hence, where tapping into someone else's water or electric system could incur significant additional costs to that person, tapping into someone else's internet connection is unlikely to incur additional costs in the US.

Try again.

It's stealing, pure and simple.

Just like we're stealing Mike Wong's bandwidth whenever we access SDN without asking for his permission?

Naquitis wrote:Well as laws for computer networking is all state driven, you'd have to check your state, but most states follow the same thing.

North Caralina law(where I live) states according to 12-454 of N.C.G.S 14-454-458 states that, and I quote: "It is unlawful to willfully, directly or indirectly, access or cause to be accessed any computer, computer program, computer system, computer network . . . A violation of this subsection is a Class F felony if the scheme results in damages more than one thousand dollars, or if the property or services obtained are worth more than one thousand dollars, any other violation is a class 1 misdemeanor."

Most states have the same thing, or at least something close, but I bet the article number is different.

Hey, that's some nice selective quoting, chief. Why don'cha quote the whole law? (link)

§ 14‑454. Accessing computers.

(a) It is unlawful to willfully, directly or indirectly, access or cause to be accessed any computer, computer program, computer system, computer network, or any part thereof, for the purpose of:

(1) Devising or executing any scheme or artifice to defraud, unless the object of the scheme or artifice is to obtain educational testing material, a false educational testing score, or a false academic or vocational grade, or

(2) Obtaining property or services other than educational testing material, a false educational testing score, or a false academic or vocational grade for a person, by means of false or fraudulent pretenses, representations or promises.

A violation of this subsection is a Class G felony if the fraudulent scheme or artifice results in damage of more than one thousand dollars ($1,000), or if the property or services obtained are worth more than one thousand dollars ($1,000). Any other violation of this subsection is a Class 1 misdemeanor.

(b) Any person who willfully and without authorization, directly or indirectly, accesses or causes to be accessed any computer, computer program, computer system, or computer network for any purpose other than those set forth in subsection (a) above, is guilty of a Class 1 misdemeanor.

(c) For the purpose of this section, the phrase "access or cause to be accessed" includes introducing, directly or indirectly, a computer program (including a self‑replicating or a self‑propagating computer program) into a computer, computer program, computer system, or computer network. (1979, c. 831, s. 1; 1979, 2nd Sess., c. 1316, s. 19; 1981, cc. 63, 179; 1993, c. 539, s. 293; 1994, Ex. Sess., c. 24, s. 14(c); 1993 (Reg. Sess., 1994), c. 764, s. 1; 2000‑125, s. 4.)

Here's the kicker - and, incidentally, the more relevant portion of the law that you should have quoted in the first place :

(b) Any person who willfully and without authorization, directly or indirectly, accesses or causes to be accessed any computer, computer program, computer system, or computer network for any purpose other than those set forth in subsection (a) above, is guilty of a Class 1 misdemeanor.

That's where I see the whole tangle arising from. What does "without authorization" mean? Does it mean that I have to get explicit permission from the owner to access his network? Why doesn't that also apply to websites, then?

Spanky The Dolphin wrote:Just to teach her a lesson that she can't do that shit and freely brag about it, I'd frankly report her if I were you.

"With friends like these who needs enemies?"

If a friend jaywalked would you call the cops on him? If a friend downloaded music would you inform the RIAA? If he were smoking weed would you snitch to the DEA?

Uraniun235 wrote:What does "without authorization" mean? Does it mean that I have to get explicit permission from the owner to access his network? Why doesn't that also apply to websites, then?

Funnily enough, yes, it means that you must be explicitly authorised by the owner of that network. If you access a privately owned wireless network without permission, you are committing a crime.

Websites are different because they are placed on an open network, which is not privately owned that we call the "Internet".

If you access parts of a webserver that are not presented by the website, you could still be criminally liable.

I was always under the impression if you attempt to access a router with security turned on it was illegal, whereas if it's open you are allowed to use it.