January 22, 2019

WiFi Freeloading Now a Crime in U.K.

A British man has been fined and given a suspended prison sentence for connecting to a stranger’s WiFi access point without permission, according to a BBC story. There is no indication that he did anything improper while connected; all he did was to park his car in front of a stranger’s house and connect his laptop to the stranger’s open WiFi network. He was convicted of “dishonestly obtaining an electronic communications service”.

As the story notes, this case is quite different from previous WiFi-related convictions, in which people were convicted not of connecting to an open network but of committing other crimes, such as swiping financial information, once connected.

Most WiFi equipment operates in an open fashion by default, allowing anybody to connect. It’s well known that few people change their network settings. I used to find quite often that my laptop was connected accidentally to my neighbor’s WiFi network – failing to get a strong enough signal from my own (secured) network, the laptop would connect automatically to any open network it found.

Often the person who set up the network is happy to let strangers use it. Many businesses set up open access points to attract customers. Unfortunately, the technology offers no agreed-upon way for the network owner to say whether he welcomes connections. Taking steps to secure an access point is a clear statement that connections are not welcome; but many people worry that changing security settings will break their network, so the lack of security precautions doesn’t always indicate that the owner welcomes connections.

It would be nice if people used the SSID to indicate their preference. (Joe Gratz says he uses the SSID “PleaseUseSparingly”.) Changing the SSID is easy and is unlikely to break anything that is already working.

Another part of the BBC article is even scarier:

“There have been incidences where paedophiles deliberately leave their wireless networks open so that, if caught, they can say that is wasn’t them that used the network for illegal purposes,” said NetSurity’s Mr Cracknell.

Such a defence would hold little water as the person installing the network, be they a home user or a business, has ultimate responsibility for any criminal activity that takes place on that network, whether it be launching a hack attack or downloading illegal pornography.

I doubt this is true. If it is, everybody who runs a WiFi network is at risk of a long jail sentence.

Comments

  1. John Costello says:

    This also happened recently in Tampa, FL.
    http://www.sptimes.com/2005/07/04/State/Wi_Fi_cloaks_a_new_br.shtml
    This man was using an open network from his car and was arrested for “hacking” into it.

  2. Stephen Cochran says:

    The fact is, most houses have several externally accessible resources (power outlets, water faucets, phone jacks [inside the demarc box, for testing]) that anyone could walk up to and use. In general, these resources are commonly available and don’t pose a great temptation to “pirate”. However, incidences of using a neighbor’s faucet to water your lawn during rationing are not unknown.

    WiFi is just one more household resource that is exposed to the outside world, and how to deal with this issue will remain a problem. Personally, I like applying the tresspass laws, but the definition of “tresspass” doesn’t really hold up well when the violator is standing outside of your property line.

  3. vortigern says:

    “Unfortunately, the technology offers no agreed-upon way for the network owner to say whether he welcomes connections”

    I’m not sure about that, I always ask if I can use an open wireless connection.

    I do this:

    Me: Hey can I join this network?

    DHCP Server: “Yes, here you go have an IP address” OR “No, you cannot. I’m not giving you an IP address”

    I have always taken the positive answer to my DHCP request as permission to use the network. How else are you to take it?

    Of course the BBC story does not comment on whether the “criminal” asked for an IP via DHCP or not and I would like to know whether he did as it has great implications.

  4. Vortigern,

    I assume he did get an IP address via DHCP. I think the prosecutors argued (or would have argued, if the discussion was not so specific technologically) that he should not have been asking for and using an IP address.

  5. Stephen Cochran,

    The issue with, say, using your neighbor’s water is that the neighbor is paying by the gallon for that water. With WiFi, there may be no impact at all on the homeowner whose access point is being used.

    To clarify this issue, consider a hypothetical case where Alice uses Bob’s access point, and Alice verifies before doing so that Bob’s network would otherwise be completely idle. So there is no cost at all to Bob. Would you still consider Alice’s behavior improper?

  6. vortigern says:

    ” that he should not have been asking for”

    I admit its well over my head, but if I can’t ask how do I get permission?

    It seems to me that if kids come knocking on my door and ask for permission to play football in my garden, I say yes and then prosecute them for trespass because they should not have asked for or been granted permission. If the arguement is that in order request a DHCP you have already accessed the network signal, then the kids have also trespassed on my property by approaching my front door before I have granted permission (or even after it would seem).

    I’m not sure Joe Gratz “pleaseusesparingly” SSID is any more explicit then a positive DHCP answer. You would seem to be open to prosecution just as easily there.

  7. Robert T Childers says:

    Well, what irks me in the case of the man in florida as well as other locations, is that the person is being called a hacker when he was using the software on his laptop as it was designed to be used. There was no need for any action other than enabling the laptop to use its wifi card. The software managed the connection on his end and the Router managed the connection on its end. There was NO HACKING.

  8. I’m still waiting for people to be prosecuted for sharing/uploading/downloading copyleft files.

    It’s bound to happen.

  9. I have the ability to “harden” my access point, but don’t for the simple reason that I can’t ever truely secure it–and simply trying to secure it with broken locks makes me responsible for all of the traffic. It doesn’t help that my EULA from you cable provider preclude use of stronger security (IPSec) that would allow upgradable hardening/securing.

    I also simply share the connection. 🙂

  10. Recently I had the chance to install a number of new linksys access-points. While things like the ESSID were explained nicely for novice users the entire part of setting up security was marked ‘optional’ and overloaded the novice reader with terms like WPA PSK, TKIP, AES and other unexplained remarks about passphrases and encryption keys.

    Not a single word in this manual about the risks of not securing your access point.

    Together with the tools in some operating systems to connect automatically to any open wireless network giving out an IP I would think that a lawyer could make a strong case that the current state of wireless network security is such that using an open wireless network can hardly be described as any form of trespass. (but I am not a lawyer)

  11. I use WEP on my wireless network, but as it can be broken in a matter of minutes I also have my router set to alert me if a new device connects to the network. I’ve had a couple of drive-by attempts, but as several of my neighbours have unsecured networks no-one’s really taken the time to try and use mine. (If I take my laptop in to the garden I can see two “linksys” SSIDs and a “netgear” one — if you can’t even be bothered to do any basic configuration then it’s sort of like leaving your front door open and a putting a big sign up saying “Please come in and take stuff”.

    Maybe it’s illegal, maybe it isn’t, but calling wi-fi autodiscovery “hacking” shows a total lack of understanding of what’s involved…

  12. Stephen Cochran says:

    Ed, yes I understand that using the water or electricity increases the homeowner’s cost, whereas using their WiFi doesn’t (other than opportunity cost if they don’t choose an idle time). The same would be true if they tapped into the phone line to make local calls, as opposed to long distance (ignoring the issue of why they would do that).

    Yes, it would still be improper if done without permission. That’s one of the major reasons I like the idea of applying the tresspass laws, rather than theft, to handle these situations.

  13. Some people need a no-trespassing sign. What’s missing is something that informs the visitor that the site is not public. You can get this for free by downloading our WIFI Access Blocker software from http://www.myWIFIzone.com.

  14. While the possibility that someone else than the owner accesses a Wifi signal is a source for confusion and really scary possibilities that someone is using my network for something extremely illegal, leaving me holding the bag, there is also a positive side.

    If Wifi access becomes as universal as access to television and radio access, the enemies of freedom now proposing total Internet surveillance in Europe by requiring service providers to store all traffic data will run against a wall. It makes no sense to store that data if there is no guarantee that the person left in the traffic data file is actually the person that accessed the network. And, yes, anyone who wants to use the Internet for a crime serious enough to be an excuse for total surveillance will of course access over some open Wifi, instead of leaving his own name in the log files.

  15. Looks like an interesting app from myWIFIzone, I wonder if a further extension would be possible, that would allow, for example, a registered community of users to access other “registed” access points?

  16. We hadn’t thought of a registered community. I suppose that all members would have to agree to permit access to their zones…

    We are launching a “freespot” service later this month where users get a captive portal and must agree to an acceptable use policy before gaining access (even though the site is free). That addresses some of the legal issues and records the event. There’s a monthly fee but we figure public zones will want this protection.

  17. Ok so Im used to free wireless hotspots in hotels, starbucks, and malls. well I guesse i left my wifi on and when i got home there was a linksys id i automaticly connected to i checked my available connections sure enough i was connected. opened explorer and i was taken to http://www.bsa.org i assume this is a personal connection and also that it may be dangerous to automaticly connect me to this thing so i got off. Is there any law in the united states against connecting to any wireless network that lets you so long as it is for lawful purposes.

  18. May I suggest the makers of WiFi products to turn encryption on by default and after hardware resets. The default encryption key will be completely random. Users will then be forced to configure it after they buy the AP. Configuring encryption can be as easy as pressing a button.

    Users will be more responsible for unauthorized internet activity through their AP because they have to turn off the encryption first and indirectly agree to accept the risks of unencrypted wifi.