Stupid newbie question about legality

if this guy is living above a mcdonald's restaurant, i'll take it all back :-)

fair enough. as long as you know it's er... "frowned upon". :-)

Listen to an NPR All Things Considered story titled "The Ethicist: Stealing Thin Air"

April 17, 2005 Host Jennifer Ludden and Randy Cohen, The New York Times Magazine's ethics columnist, answer a listener's ethical dilemma. A laptop computer user wants to know if he should feel guilty for tapping into other people's wireless networks.

Sorry if this is somthing that everyone should know but I've done the net hunting and turned up nothing definitive.

I bought a USB dongle and dangled it out of the window and got an internet connection (without any configuration or special software) which I use. I have no idea who it belongs to. I live in the UK.

1) Is this illegal 2) Is this immoral (by Wireless type people definition) 3) How can I find out who's net it is and ask them nicely if I can use it. (I've done DNS lookups on my assigned IP and gateway but I just can some big network provider)

Cheers, Bruce.

Oh I'd maybe opt for the imoral, illegal well that's debatable. It may be that some kind soul is providing internet access for free for that area. Find the IP on

then do a lookup on http:/ at least then you'll know the provider.

The IP just turns out to be one of NTLs proxy servers, tracert yields a little more, how about a NET SEND to the first hop ? Oh Yea, as far as what 'I know', I'm afraid I've been out of the loop for a bit, and wireless is completely new to me.

Cheers.

I've been a little worried the security issues, most of my important stuff is encrypted, but if Public key cryptography is still the flavour of the day, wouldn't this be a perfect 'man in the middle' opertunity for an unscupulous connection provider ?

anern skrev:

It's easy to secure a wireless network, .. if you read the manual.

Unless he also has shared his disk with you it's not easy to find out who owns the network you are accessing, if you look up IP, it belongs to an ISP.

Some opens their networks to share with other, I don't think it's neither illegal or immoral to browse a few pages and read the email.

Browsing illegal stuff or jam the system or hach into other systems would be both illegal and immoral.

But what if the owner has opened his network to act as a honeypot, and snoops at your traffic at his network, to pick up password or even try to access your (shared) disk ?

many internet protocols don't use encrypted sessions, so it's easy to pick up passwords to email, http, ftp, telnet, ...

so it's best to use the encrypted variants before entering passwords, like VPN, SSH, SSL, TLS, https, sftp, stelnet, ... ....

se also: "A Cup of Bandwidth" By Robert X. Cringely:

arnulf @

As long as you keep your private key private, and use good (private) password, programs like PGP is safe.

ISP, proxies and wireless network is always 'man in the middle' if you don't trust 'man in the middle', use secure encrypted protocols before entering passwords.

If you don't know the reason why the wirelesss net is open, is it because:

1. It's free (and safe?)
2. Owner want to share "A Cup of Bandwidth"
3. Owner has no clue
4. It's a honeypot, where owner want to "get your data"
5. ....

In any case don't:

1. share your HD in such environments
2. use firewall on your PC (does the Microsoft firewall work on wireless or just wired connections?)
3. use secure encrypted protocols before entering password.
4. ....

Another security issue is email, emails between servers is unencrypted, and most often also between user and server (unencrypted email is like sending a postcard) many companies send all kind of stuff via emails, would the same company send the same stuff printed on a postcard ?

use PGP or a similar program to encrypt drawings, proposals, ... !

arnulf @

Don't worry about it. When they want you out, you will be out.

in most jurisdictions, yes. Accessing computer equipment you do not have explicit permission to access is generally illegal.

in my opinion, yes. Its like tapping into someone's phone or electricity, or watering your lawn from their tap.

almost impossible, unless you can use a direcitonal antenna to determine where the signal comes from, or they have left a clue eg a SSID which identifies them.

you can generally dig deeper than that using whois

What's the SSID? (the broadcast name of the access point)

Some individuals that intend to leave their AP open for use will use an obvious name to indicate so. Otherwise, giving us the SSID may help in identifying whose AP it is.

If you are walking down the street and see a home with no car parked in front, but the door is open... do you think it is legal for you to walk into the house and do whatever you want just because you didn't so much as have to even turn the door knob to gain access?

Same difference, and legally the same too. It is a violation of law.

His feelings about it have nothing to do with what makes it immoral. The *owner's* feelings are what counts. If he feels that his computers and network should be available for others to use, then it is not immoral to use them. And if not, it is immoral (not to mention illegal).

Apply that philosophy to very many situations and you'll find yourself in the poogie for a long term stretch.

You need a crash course in ethics.

(...)

To the best of my limited knowledge, there have been no court cases or FCC enforcement actions for cases of unauthorized wireless intrusion.

I have some personal experience with due diligence and computers. Back in the prehistoric age of computing, when modems roamed the planet, there was the problem of modem hacking. What if someone found the modem phone number by war dialing, and it was unprotected by any passwords, and trashed the corporate database. Note that this was before all the federal computer crime laws. Well, it got tossed on the grounds that due diligence was lacking on the part of the business owner and that he was at least party responsible for the loss. The court also recommended that the case be returned to the district attorney for criminal prosecution. The DA refused to prosecute for reasons unknown.

Now days, the issue is a bit clearer. Unauthorized *USE* of any computer is considered a federal crime. Some states have also adopted the federal model. The method of access is irrelevant. It's the

*USE* of the computah that's important. For ISP's, it's under "theft of service". For business users, it's "unauthorized access". For home wireless users, it's anything but clear as to what constitutes "unauthorized use". The lack of precedent setting court cases makes it difficult to determine.

For example, pretend someone inadvertently maintained an open wireless access point. Some evil person used it to access their home computah, download enough info to perform and identity theft, steal some money, and somehow got themselves caught. The DA will prosecute for the identity theft, the actual theft, but not the "unauthorized use". Compared to the other charges, it's such a minor issue that it would not be worth adding to the charge sheet. To create a legal precedent, it would be necessary to catch someone doing the unauthorized wireless intrusion, *NOT* perform an unauthorized use of the computer, and somehow do enough damage to create an actionable case. In my opinion, that's almost impossible, which might explain why there have been (to the best of my limited knowledge) no precedent setting cases.

In my never humble opinion, this mess comes under the class of victimless crimes. Show me a victim, and I will demonstrate a crime. For wireless, if someone does damage via a wireless entry, they can be prosecuted for the damage. However, without demonstrable damage, there is no victim, therefore no crime.

While I'm unloading my opinions, I should point out the breach of ethical behavior and common sense failure is not a prosecutable offense. There's little question that snooping around someone else's system is not a good thing to do. However, our legal system is there fore the sole reason that people lack common sense and ethical behavior and must have a written mess of rules and laws to guide them toward righteous behavior. It started with the 10 commandments and it's been downhill ever since. When people start worrying more about legal hair-spitting, than about ethical behavior, methinks we're headed for trouble. Do the right thing, and don't expect the law to tell you the difference between right and wrong.

Disclaimer: I am not an attorney. I don't like attorney's. I really hate legal hair splitting. I don't know why I'm writing this. I should do something useful...

Did you do anything special like hacking or cracking to gain access? If not then just go on the assumption that the owner of the access point had made his internet connection available to anyone that wishes to use it.

Not unless you feel it is. And from your questions here you have some feelings that you are doing something wrong ... dont you?

Dont ... it is out there in the open so just use it. Consider it a public service unless told otherwise. It is a lot easier to obtain forgivness than to aquire permission.

Bruce, All I can recomend to you is use it if you want but dont screw it up for others that may be using the service also.

"Floyd L. Davidson" wrote

No .. but walking down the sidewalk and looking into open windows is not a crime. Nor is walking up and knocking on the door.

What if there is an "estate sale" sign in the front yard.

If a business has an open door it is NOT illegal to just walk in.

There are big differences between houses and radio waves.

For one, houses do not cross property lines like radio waves do.

No ... not the same difference. You are talking apples and oranges ... so to speak.

Perhaps just the opposite is true. Morality had a lot to do with what a person thinks. The majority of the community usually sets the standards of what is morally correct biased upon their thinking. Morality is a human thing.

Then the owner of the computer should use WEP protection. (All wireless routers come with it and during the set up you are asked to do just that). Otherwise he has set up an open network. "OPEN" meaning OPEN to anyone that wants in. If it is password protected then he is clearly saying "stay out unless invited".

Portable telephone used to be "in the clear" and some still are. It is NOT illegal to listen to them on a scanner. Up until the cell phone industry paid congress to have special laws passed it was legal to listen to any radio frequency that was clear and open (un-cripted). That was one of the big freedoms we as American people enjoyed as one of our rights as opposed to the communistic and dictator controlled countries where even owning a short wave radio could land you in jail.

Right Floyd .... You are not a lawyer are you. LOL.

I respect others privacy and property and expect others to respect mine. I have a wireless router that is open to anyone that wishes to use it. If my intentions were otherwise it would have not been set up that way. I enjoy looking for hot spots and seeing if there are any shared files on the network. Even if I knew enough to do so I would never hack or try to access files on someone's network that I felt were not intended for me to see.

Accessing the internet thru someone's OPEN ACCESS wireless connection is not a crime in itself. The person operating that wireless connection has the power and ability to stop it anytime they wish to do so.

Or a Starbuck's?

Fred

Well, wouldn't running it without encryption suggest that it's open for anyone's use?

I have an 802.11g acess point plugged into my Cisco 831 router at my home. Neither of my PCs have wireless cards in them (I got my hands on one but have never gotten around to installing it in my PC). It's just there in case I have someone stop by who needs to use it. If they have a laptop or other wireless device that needs it (I also acquired an access point for 802.11a, but haven't gotten around to setting it up). Therefore, I don't encrypt it.

And what's the big deal if someone *is* using my access point? I probably wouldn't even notice (or care) unless it was to the point of completely clogging up my cablemodem or if they were downloading p*rn or something that was in itself illegal.

I heard about a fellow that got himself a T1 and set up an access point. He told his neighbors to get wireless cards installed in their PCs and they could use his T1. I understand that he very quickly became the most popular guy in the neighborhood.

I understand the need for encryption in most business environments. But unless someone is using it to the point of loading down your home network, isn't encryption on a home network *more* than a bit of overkill?

As a matter of curiousity, what kind of names would indicate that the access point is open for free use? And what kind of names would tell you to stay away?

I've read that there is a way to option your access point so that it doesn't identify and that you can only gain access to it if you know it is there and set up your wireless card to look for it. Does anyone know if that is true?

Fred

Jeff, I like your last paragraph best of all.

William Lee

"Jeff Liebermann" wrote