Wi-Fi related arrest in Illinois

Let's muddy the waters...

Let's consider war drivers are freelance writers for Home and Garden, and they are taking surveys of rented houses with yards/lawns to find what percent of yards are protected with fences, and perhaps , maybe even signs that read, "No Trespassing."

Like effective throughput, a yard has a max capacity for people, and the more people you have on a yard, the less "fun" things you can do (like play volleyball => play online games.)
A fence with a gate could be a clear sign of restricted access (WEP, added security), but is lack of a fence equitable to tacit permission or entitlement?

Yes. I know a yard is not a utility, but with cases like electricity, consumption increases prices, same with water, and natural gas. Telephone use at the least is a DoS to the owner, and at worst toll charges or crimes.

Many ISP have tried to impose rules on their residential consumers like disallowing sharing of access to people not residents in the house receiving the service.

How about that yard? If you have no fences, or signs to deter people from entering your yard to throw a picnic or BBQ, is that a tacit agreement to mean the public is welcome?

A public wireless access point is not the same as a private yard. Analogies like that just don't really work, because they imply that you're entering someone's private property.

Once unprotected, unencrypted wireless signals extend beyond the owner of the AP's private property, then it becomes a public access point in my mind. If a wardriver is sitting in your driveway, that's a different story.

Just my two cents on the matter.

Personally, I think more 'busts' of users will lead to a change in law leaving more room for proof of intent. And why for fucks sake on a pogostick the word wardriver is still floating around and being tagged to anyone that makes contact with an 802.11 frame, that I don't know..

I initially think of wardrivers and their warcry to the masses that dangerous waters existed; their 3 year rampage definately got the message out and helped aid in further awareness by word of mouth and through manufacturer revamp of documents and process.

Fast forward to today, I have overheard and initiated many conversations about the legalities around using other access points. First off, no one knows what an access point is ... so you have to modify your conversation to include 'wireless router'. Here are the people I have run into:

1) Mom and pop that have been using their neighbor's wireless connection without knowing it, simply because the signals had invaded into their home so prevelantly that it stomped over their home network and their personal cable/dsl had gone for that extent of time entirely unused. In many cases I've heard they call in to their ISP wanting to know what the new password key they need to continue using their service, only to discover that the neighbors either caught on or woke up and set wep/wpa. Prosecute or dismiss due to proof of intent/motive?

2) Mom and pop that have been using their neighbor's wireless connection completely knowing that they are... either not understanding/knowing the electronic laws that make that illegal, or simply not caring because they are just browsing joeschmoe websites and sending/receiving email. Prosecute or dismiss due to proof of intent/motive?

3) John and Sarah are 30somethings with wifi enabled everything: cellphones, pdas, laptops, toasters, and underwear. They are a little more hip to the jive of computer law dos and don'ts, either through schooling or through word of mouth. They just don't care. They use wifi for communicating and either don't personally feel it is wrong as long as they don't try to go against protection mechanisms, or do anything illegal through that transport means.

Obviously a spectrum of others exist, but generally the people most effected by this are people that really have no intention to use the open nodes for anything other than vanilla surfing. And the criminal trying to hop a point and use it for less than noble reasons? .. are they really going to sit in there car, in the middle of a half empty parking lot, or on the edge of someone's private property to do so? Of course not, they are going to go where a multitude of people have laptops or similar devices with open access.. a restaurant, hotel, coffeshop, bar.

I think the following should and will develop over the next 5 years. Manufacturers of such devices will be required by law or public opinion to state directly on the box that 'Warning: Use of this device with [default settings,no protection enabled,no password/key enabled] may allows others to access your Internet connection without your permission or knowledge'. From their, open nodes will be open target. If you want to bust someone for using the node, you will have to prove what they were doing illegally on your network, or through your network. Much like proving guilt being reasonable doubt often requires establishing solid motive... just because Lt Tragg found something with a gun in their car, doesn't mean they're the killer.

To recap, I understand the laws, I generally hold myself to a stricter sense of ethic, abiding the law because I know the limits quite clearly and understand the risks (it is easier fighting temptation in a city where free public nodes are everywhere anyways). I'm not saying everyone should drop their ethics in the community and should just start using open nodes. I am saying that the concept is quite likely to migrate focus from 'evil hightech hacker with chalk in hand' to mom and pop being caught, prosecuted, and victimized but such strict laws that effect the masses and not just the criminals... just review the idea statistically, between those that understand the technology and those that don't, between those that understand the extent of the law and those that don't, and the number of regulars/randoms/nontechs around you that don't believe they're really doing anything wrong.

To piggyback off of CotMans excellent analogy.. how many people/kids trample on your front lawn? It is handed down from generation to generation that simply trodding over someones nice lawn is not very courteous.. but surely a police officer wouldn't hop out of his squad car and club down someone for doing so, unless the person on the law looked like they had malicious intent. Even then, they wouldn't be arrested and prosecuted, but would be questioned about their activity by the officer and likely told to stay off the premise and/or other peoples property.
--storytime-break--

I once was sitting in a grocery store parking lot facing the street, waiting for a friend to meet up to head out for a day of paintballing at a private field. I was facing the street to obviously see when he approached, that way I wouldn't be waiting in the parking lot for an additional 30 minutes not seeing him arrive. A good distance across the street there happened to be a drivethrough ATM, next to an icecream shop. I sat there waiting and waiting, fiddling with some of my paintball gear, listening to music because my friend was just really late. After some time, I had two squad cars pull into the parking lot behind me, with one officer getting out and approaching my already rolled down window (summertime in Maine). Appearantly someone using the ATM across the way reported that a 'shady man' was parked across the street and 'using binoculars' to get PINs and banking information. sigh. So I discussed what I was doing parked there, my friend being late, what the device in my back seat was (paintball marker).. and laughed together wondering why the person thought I had binoculars because I hadn't even removed my mask (closest thing we could think of that person could have mistaken) from my duffel bag on the passenger-side back seat. He didn't immediately assume guilt and cuff me.. he investigated the complaint, got my ID/address for the report, laughed at the idiot person across the way for wasting his time, then went on his way.

On another occasion I was fulfilling my plan to wardrive the majority of the state of maine, and was working on the city of Augusta .. just happening to be the State capitol. I was surprisingly on my way out of the city (already driven to content) inside my superrockincool-corsica setup, approximately 2 or 3 am EST, when behind me pulled up a police cruiser. He stayed back, following me. I assumed he was wondering what the big cylandrical units on top of my car were (yagis). I just kept driving the speed limit, he followed me straight to the edge of the city without turning lights.. as soon as I was on my way out, he turned around and found something else that caught his interest.

--storytime-break--
Sure more people can go on the lawn, dogs and cats end up all over it.. even skunks and racoons. Do you immediately haul out and threaten these people with firearms (damn straight!err... no) Do you immediately call the police on the bystander? No. You may ask the person to stop, or you may put up a fence, or maybe a sign that clearly denotes that you don't want people on your lawn. If people hop the fence to be on your lawn, or repeatedly ignore your request for them to stay off, then you pursue further action. Simply passing over the edge of the lawn to enjoy the wet grass on your feet like the hippie you are.. as you pass down the street, that is not necessarily enforceably illegal. Doing so with a joint or crackpipe otoh may get you busted...

Yes, it is not a great analogy, but had more in common with the issues than oither utilities. (Even telephones are poor, since POTS lines are "one user at a time.")

I invite you to find a better analogy for a desired residential private resource that some residents may choose share with friends, but is also limited and flat-fee based per month for the allocation granted.

Access points transmit radio waves, which is included on the EM spectrum, and visible light is there too. Ignoring legal "peeping tom" issues, if a person leaves their curtains open, is that an invitation for people to use devices to watch (with telescope or otherwise) the EM radiation that leaks off of their property?
What about video cameras? Would it be acceptable to those supporting the view that "unprotected services leaking beyond property lines is free for the public" ?

How about listening to cordless phone conversations? Does the content of these suddenly become open to the public, once it leaves a resident's property? If it is "public" can such conversations be used without acquiring search warrant or wiretapping permission? (For unprotected radio, where cordless phone transmissions were picked up on conventional AM/FM radio, there is a legal history on this topic.)

One more to offer? If the content is viewed as "free to the public" then does that mean any observation of laws being broken by a resident using of such content transmitted off their property may be admissible in court without a search warrant? Could such evidence be gathered and then be used to get a search warrant?

Consider a case, where a resident is looking at "kiddie porn." If this is being done in a wireless fashion, and the view is that unencrypted EM radiation beyond the property line is "public" would you be fine with the police driving around, looking for instances of passively observable unencrypted data that indicate law violations, to get search warrants to and to help arrent and prosecute people in their houses? (Again, you would only be observing the content/packets that leak beyond their property line.)

The existing laws are clear on this, and existing legal decisions back this up at both the State and Federal levels. What it comes down to is this: Without explicit permission to join a network, then any use of it is illegal. It doesn't matter what the medium is (wired, wireless or string and can); what matters is the the owner's expectation of privacy and whether the user has been granted permission. Explicit permission is just that. Someone has to state something like: "I, (network owner) grant you, permission to use this network." It may be verbal, written or signage, but it has to be stated in some manner. Mearely broadcasting an SSID doesn't grant any Tom, Dick or Harry permission to use the WLAN. Broadcast SSID is a part of the 802.11 standard needed for WLAN users the ability to roam across APs on a WLAN.

Sure, in a perfect world, WiFi equipment would come secured out of the box. (The currect Linksys units actually prompt the user to do this. When Microsoft sold wireless equipment, their's did too.) Of course, in a perfect world, users would also RTFM.

I would agree with those who say not securing the WLAN is inviting trouble. However, in light of current laws claiming that an AP must be secured in order not to be used is nothing more than blaming the victim and refusal to take responsibity for one's own actions.

By the way, this particular case isn't anything new. A lot of similar cases have been adjudicated. I've got a nice little collection of links for similar cases if anyone is interested. A contact in Illinois has told me that such Theft of Service cases have been routinely prosecuted for the last several years.

A Theft of Services is actually pretty benign charge, when they could be charged under existing network access laws laws. In most places ToS is a misdeameanor, where as most network access laws are felonies.

Techdirt linked to it also

Techdirt also has a comment section and it was full of the usual open door, water hose and reading lamp analogies.

The first problem I see with the article is the term "piggybacking". Don't get me wrong I'm elated that they stopped saying wardriver but this new term makes the reader automatically assume no laws are broken.

It should've read "Another Fucktard Criminal caught stealing bandwidth through an Open Wireless Access Point". But that doesn't have the same warm and fuzzy feeling for the reader.
_________

To the point of 'stealing resources', simply associating your laptop with the network and obtaining an IP lease (since guessably 95% of people with Internet-connected wifi nodes have DHCP of some kind enabled) is utilizing network resources that do not belong to you and thus an infraction of the law. Misconfigured Windows or Linux systems make many people criminals without their knowledge. In its strictest sense, running Netstumbler is an infraction of the law because Netstumbler is an active scanner for nodes. It can more accurately guestimate signal strength than Kismet, because Netstumbler partially associates with the accesspoints.

Looking through history, I have staunchly argued this topic on the flipside of very strict 'this should never be legal'. It isn't and as Thorn pointed out, shouldn't be treated haphazardly like it may be. It is against the law to use electronic resources without express permission of the owner.

My overblown point is that tides of opinion will probably change as this becomes enforced to prove points. I have a hard time believing that mass enforcement and media attention of this subject will cause people to stop using open nodes when conveniently available. Instead I think it will cause lobbying for changes/clarification of law to exclude certain types of usage. Not because I think it should, but because a majority populous will not like being labelled 'criminal' for something of that nature. Techies understand the nature of it far more, but to end users it is a matter of gaining quick access to the Internet. Comparing the topic to intercepting traffic, voice or other communications does not quite equate. Transport is the same but intent changes the entire relation.

.. and frankly, will the public be comfortable letting LEOs enforce this? Point in case, if I fire up my wifi adapter and do a quick scan of networks broadcasting ESSID, I get 6 networks from my apartment. If I walk out to the bus stop, or sit in a car on the side of the road, I can equally see those same six networks. How is the distinction made that:
a) am I using wireless network connectivity or not
I bring my tech everywhere, simply sitting in the car with my notebook open doesn't mean I'm connected to a network at all, it means I'm a dork using my computer in the car.
b) am I using 802.11 or GPRS/GSM?
Just because my browser is passing through pages doesn't mean I'm connected to an access point at all.
c) which access point am I associated with?
Of the 6 accessable networks mentioned above, 1 is a public node that I run, open to all. 3 are open nodes of nearby apartments, and 2 have some form of WEP/WPA encrypting them. Am I now going to be harassed by cops for using my own public node if I stop to connect up in between running errands?

* Sitting at a location where only open or 'secured' heh. nodes exist could surely incriminate if the previous two questions were confirmed, but in the case of public network.. I could be a criminal sitting in my car after cracking the WEP of one of the nodes and using their connectivity for ill purpose.. but have the excuse of the public node to defend me and the opus would be on enforcement to determine this?
* Likewise, I could be sitting out on the curb entirely limiting myself to a public node and be accused of accessing someones open or private network, surely if an officer taps on the door of one of those apartments he has a 5/6 shot of getting someone that doesn't want me on their network .. who is to make the distinction which network I was using?
* Meanwhile, my neighbor is connecting to an open node thinking he's connecting to my free wireless, but is accidentally cruising one of the nearby open nodes because his WZC connected him to that instead... is he now enforeably guilty of stealing someones resources?
* Or when I was living out of my car for a while, I would stay connected by utilizing many of the free Personal Teclo Project nodes around the city. Many of these are placed in businesses that offer the free nodes as a feature of buying food/drinks/service from their establishment. If I am off property (not taking physical space at business), not purchasing a latte, but connected to their Internet brielfy.. does this make me a criminal? If I am sitting in restaurant A and connect to cafe B's free node that bleeds over each other, am I now an unwanted use of resources subject to enforcement of the law because I'm not in their establishment buying things?

How is this distinction made at the time of allegation? .. or even if legitly accessing a free node am I just used as a media scapegoat, with my head hung from the upper end of an omni as warning to all others that may approach the misconfigured network?

... to repeat, I am not questioning the current laws, creating excuses for breaking them, or advocating change (although anticipating from public exposure). This is a discussion beacon.

That's the problem, though. There aren't really any analogies that accurately describe the subject. The closest one I saw was Deviant Ollam's open door, mega-phone broadcasting analogy.

Accessing someone's unprotected wireless and looking at them naked are two entirely different things.

As the activity the resident is engaging in is illegal, then really they are with in their rights to do that. I would personally view that as an intrusion of privacy, but there are a lot of things that are legal that I don't nessecarily agree with.

Let's be clear about one thing. I'm not advocating wardriving for the purpose of examining people's personal information (and no, I'm not using "wardriver" to describe anyone who stumbles into WiFi). I'm just advocating free internet access when the wireless extends beyond property lines.

converge,
This is the best way I have heard it put, a situation came up in the past 6 months where I had to get an address from a text file on my laptop, just after leaving my house I pulled over, opened my notebook, found the information, and left, as I was leaving a man came running out of the closest house yelling "Get the hell of my internet.” Was I connected to his AP? No, but if he couldn’t make that distinction how can a LEO. I was just a “dork using my computer in the car.” On another note my car was vandalized that night, along with the vandalization was a note with the same remark the man had yelled at me.

RF (whether WiFi or any other RF signal) doesn't stop at property lines. Just because it continues past a property line, doesn't give you the right to use a network. That's like claiming it you could use the network if you got a long enough Cat5 cable.

Like I said before, it the law doesn't care or recognise the medium. The issue is whether the use is authorized or not.

while that analogy is an appropriate legal fiction to describe the way the government looks at the "theft of service" issue, it also points directly to the reason many people don't fully comprehend the "crime" since a CAT5 cable running to someone's home is a physical intrusion (and likely such a hypothetical would have also involved a tresspass in order to jack into a switch or router) whereas RF signals (because they're not tangible) don't make many people feel like they're transgressing or intruding on someone else.

personally, i hope that marketplace pressures in conjunction with some minor regulations make the whole matter moot, or at least redefine the standards. if all devices shipped completely disabled from the factory, i would consider that the enabling of a WiFi access point without simultaneous enabling of security should be considered tacit acknowledgement that the point is open to public use. on the other side of the coin, any and all security measures taken (even horridly bad security, like 56-bit WEP or non-broadcast of an SSID) should be considered overwhelmingly clear indication that an access point is not for public use.

that way, people sitting in an internet café don't have to worry about breaking the law if their auto-configuring WiFi client connects to the wrong network, and those of us who seek a quick internet connection at a hotspot wouldn't have to fart around looking for signs or other indications that a particular network is public. (i've been in restaraunts and stores where wireless networks appear during a scan with the establishment's actual name as the SSID and often i can't tell if that's a public service for patrons or Ira in accounting being a douche-nozzle with his laptop in the back room.)

This has more faults than others, since a person with a megaphone would probably be considered a nuissance, as their neighbors would probably not want to hear what they had to say.

Again, the service or utility needs to be a desired service.

This is obviously true, since it could also be sais that looking at person A naked is entirely different from looking at person B naked. In such a case, "entirely," is not necessary, when applied to a boolean evaluation "different."

Either one thing is different from another or it isn't.

Wait. How can the broadcasts of ESSID, and use of those waves to gain Internet access be free to the public, but the those waves that are part of the resident's access are not free to the public?

They are both EM radiation carrying content used by the resident.

If this were like trees overhanging a yard, is this like saying apple trees are fair game, but orange tree being hugged by the resident is not? In what way are you claiming the difference in content between the user broadcasts and device broadcasts are dissimilar?

In your view(?), either unencrypted transmissions from a residence are "free to the public" or "they are not."

I don't see how you can claim the resident has right to privacy for EM radiation communications between their devices, but no right to privacy for just the broadcasts from the access point.

It looks more and more like you are trying to build an exception case, just for wifi.

Again, we have a resource that is desired, and paid for by a resident. That resident may choose to share it with others or not.

Once you start broadcasting responses to the resident's wifi, you are no longer just taking what falls beyond their property line, you are now "reaching over the fence."

In order for you to use the internet, you must transmit data into their property, over their yard, into their residence. Couldn't this be like a kind of trespassing by proxy?

RE: This is the same difference between a"joyriding" charge, of you left your keys in the car with the doors unlocked, verses "Grand Theft Larceny" involving "hot-wiring". Either way a crime was committed, But the law uses common sense to differentiate intensity of the offense

This doesn't make much sense to me... are you saying that if somehow they could limit their signal to end at their property lines, everything would be fine and joyous? Can I lean over their curb and check my email real quick? What if half of my foot were across the line? Say I got arrested, could I plead innocent because I wasn't positive where their property line was? Where does this end?
I agree that router manufacturers shouldn't enable protection in their products right out of the box, but I certainly think that even old fellows like my grandfather can easily read the manual and figure out how to select whatever encryption, whatever password/passphrase seed, hide his SSID, etc. This isn't that hard!! It's right there in the manual. I think router manufacterers should a) put a physical disclaimer on the box for everyone to see before they buy it warning them about unprotected wireless, and b) set a startup page that pops up on initialization saying it again.
Okay: true story. For about a year, we had a starbucks downtown that had free-access wifi. Then they got a BRILLIANT idea! "Lets make this protected so that to access it, people have to PAY us!! Muhahaha" and they sing "we are geniuses, we are geniuses". Okay, so what do you think happened? A friend of mine, who rents an apartment across the street from starbucks, set up a wireless router in his room. The signal range of said router encompassed starbucks and the other coffee shop next to it. He left it open. He never gave explicit permission for anyone to use it, but now who's router do you think starbucks-goers use? They certainly don't pay, I'll tell you that. Is this illegal? Do you think it's illegal for someone to connect to this router, or do you think that it's illegal for this guy to set up a router taking "business" away from starbucks? Or both?
I'm not picking sides here, because there are good arguments for both. But you know what? If I'm sitting somewhere, and my windows box decides that it finds a network that looks fun to check out, I'm going to let it connect.