Wi-Fi Sniffing Question

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Recently, I posted on a Mac newsgroup about visiting my daughter's townhome,
turning on my Wi-Fi enabled iPaq PDA, and logging on to the net using a signal
from
a neighbor's wireless router.  My daughter was unsuccessful in doing the same
with
her Mac Powerbook notebook.  Since then I've been hit with posts calling my
actions
"contemptible" and "stealing".  I often turn on my iPaq on in a mall or a
business to see
if there's a Wi-Fi hotspot nearby. Isn't Wi-Fi sniffing a common practice?   Is
there
anything unethical about it?

Thanks!
Scott



Re: Wi-Fi Sniffing Question
:Recently, I posted on a Mac newsgroup about visiting my daughter's townhome,
:turning on my Wi-Fi enabled iPaq PDA, and logging on to the net using a signal
from
:a neighbor's wireless router.  My daughter was unsuccessful in doing the same
with
:her Mac Powerbook notebook.  Since then I've been hit with posts calling my
actions
:"contemptible" and "stealing".

Those posts are not without justification.

:I often turn on my iPaq on in a mall or a business to see
:if there's a Wi-Fi hotspot nearby. Isn't Wi-Fi sniffing a common practice?

But you didn't just sniff: you actively *used* the neighbour's
equipment to send your traffic to the internet. Sniffing is a passive
activity.

:Is there anything unethical about it?

How much does your daughter's neighbour pay in "excess bandwidth" charges?
Or how much extra does the neighbour pay for an account with a higher
bandwidth limit? Did you offer to compensate the neighbour for the
bandwidth you used?

Hot-spots are generally set up by businesses for the use of their
customers, and non-customers are generally unwelcome unless the
business specifically advertises otherwise. If you went to a local
store one hot summer day and you found that the store had set up a
sprinkler on the lawn for customer's children to run through while a
parent shopped, then would you have gone over and filled a drum with
the water they were supplying, and taken it home to water your lawn?


Your email address appears to indicate that you are somewhere in the
USA. We're still debating some of the fine details of FCC regulations,
so we can't tell you -exactly- where the line is.  The FCC regulations
say with respect to the ISR spectrum that if a certain kind of
frequency hopping is being used and no attempt is made to encrypt the
data, that it is not an offence against -that- section of the
regulations to *record* the data [it would not be considered a
wiretap].

If, though, the other kind of frequency hopping or spread spectrum is
being used, or there is any kind of protection at all on the data, then
it is an offence under that section. There are also applicable state
laws. Nothing in the FCC section that permits that one variety of
frequency hopping to be recorded allows for using someone else's
equipment to *transmit* your data. Our arguments are about exactly
which US federal law would best apply in such a case, not about whether
it is permitted.


The question we are still arguing is more or less whether, if caught,
you'd most likely be charged with an FCC civil offence (potentially big
fine and confiscation of *all* your computer equipment, but no criminal
record), or under a minor criminal law [e.g. "Theft under $5000"]
(potentially big fine; potential restraints upon your behaviour for
several years such as being banned from owning a computer for 3 years;
potential jail time up to 2 years less a day to be served in state
prison, criminal record but no loss of civil rights), or whether you'd
be charged under one of the many laws with a -potential- penalty of 2
years or more of jail time (potential big fine, potential jail time in
a state or federal prison, potential permanent restraints on future
behaviour; potential permanent loss of certain civil rights... because
any offence with a -potential- jail term of 2 years or more is a Felony
even if one is only sentance to a token overnight jail visit.)

Incidently, in Canada, the offence is clearly established in law.
It used to be implicit in the computer security laws, but for emphasis
they specifically enacted a "Theft of Telecommunications" offence
that definitely applies to wireless. At least one person has been
formally charged under the law.
--
   IEA408I: GETMAIN cannot provide buffer for WATLIB.


Re: Wi-Fi Sniffing Question
Walter Roberson wrote:
> :Recently, I posted on a Mac newsgroup about visiting my daughter's townhome,
> :turning on my Wi-Fi enabled iPaq PDA, and logging on to the net using a
signal from
> :a neighbor's wireless router.  My daughter was unsuccessful in doing the same
with
> :her Mac Powerbook notebook.  Since then I've been hit with posts calling my
actions
> :"contemptible" and "stealing".
>
> Those posts are not without justification.
>
[snip]
>
> :Is there anything unethical about it?
>
> How much does your daughter's neighbour pay in "excess bandwidth" charges?
> Or how much extra does the neighbour pay for an account with a higher
> bandwidth limit? Did you offer to compensate the neighbour for the
> bandwidth you used?

Since hot spots don't usually have a sign on them saying "No
Trespassing" or even an SSID that looks, for example, like "PRIVATE
PROPERTY RESERVED FOR JOE SMITH AND FAMILY", I'll argue that you're
starting from the premise that the neighbor -

A. Has a bandwidth-sensitive pricing plan, which is very rare.
B. Can be identified and located (try it sometime,
     especially in an apartment building).
C. Cares if someone else uses their pipe to perform
     a legal and innocuous activity.

.... and, by that logic, that nobody is entitled to use anything they
haven't bought and paid for (and, I infer, roped off from everyone else
that hasn't been able to ante up).

> Hot-spots are generally set up by businesses for the use of their
> customers, and non-customers are generally unwelcome unless the
> business specifically advertises otherwise.

Sorry (and no disrepect), but I disagree. Hot spots are "generally" set
up by businesses to either provide short-term connectivity (for
training, etc.) or to bypass a physical restriction (such as offices in
converted warehouse spaces where wiring is prohibitively expensive), and
are used primarily by employees, not customers.

Non-customers (the definition of which is left as an excercise for the
reader, but let's assume we mean "persons not lawfully on the premises")
might or might not be welcome, but may be tolerated simply because it's
cheaper to protect corporate assets by other means than it would be to
implement and enforce a wireless-accessible-data segregation plan.

> If you went to a local
> store one hot summer day and you found that the store had set up a
> sprinkler on the lawn for customer's children to run through while a
> parent shopped, then would you have gone over and filled a drum with
> the water they were supplying, and taken it home to water your lawn?

Not usually: water weighs eight pounds per gallon, and it's cheaper to
buy it from my water agency than to hire the help I'd need to collect
it, transport it, and spread it by hand. But, what the hell, I'll assume
I have a magical power to lift 55 gallon drums (that's, let's see, five
eights are forty, carry the four ... 440 pounds without considering the
weight of the drum).

This is, of course, farfetched, and I mention it to remind the reader
that there is an obvious and often-ignored difference between
"impractical" and "illegal" behavior. Very few impractical behaviors are
illegal (lawmakers have more obvious problems to deal with), and
formerly impractical behaviors that technology makes practical and
profitable - spam, for example - are eventually regulated and/or taxed
to the extent needed to keep the wheels of society spinning.

Using "theft" of water as a simile for WiFi access ignores the practical
obstacle to committing the "crime" - noone has, after all, outlawed
theft of the Moon or attempting to suck the ocean dry with a
garden hose - and detracts from a necessary public debate about our
wired society and the benefits universal Internet access provides, but I
digress.

Courts use a "Reasonable Man" standard when assesing damage and intent.
A reasonable man would not take water than was obviously intended for
another use (from, e.g., a scenic pond with fish in it) or which was
clearly being kept in reserve to benefit the community (a reservoir), or
which was, in and and of itself, harmful (toxic waste if properly posted).

However, a reasonable man would be perfectly justified in taking water
which was prima facie in discard: runoff from a lawn destined for the
storm drain, or runoff from his own roof even if from a neighboring
business' sprinkler. (Questions about the reasonableness of the effort
aside from the "ownership" of the water are also left as an exercise for
the reader. Be warned that the problems can be amazingly tricky: ask
yourself if a farmer is entitled to gather and redistribute runoff of
fertilyzer-laden water from his neighbor's field, even if the runoff
would or might harm a public resource such as a river. Again, I digress.)

> Your email address appears to indicate that you are somewhere in the
> USA. We're still debating some of the fine details of FCC regulations,
> so we can't tell you -exactly- where the line is.  The FCC regulations
> say with respect to the ISR spectrum that if a certain kind of
> frequency hopping is being used and no attempt is made to encrypt the
> data, that it is not an offence against -that- section of the
> regulations to *record* the data [it would not be considered a
> wiretap].
>
> If, though, the other kind of frequency hopping or spread spectrum is
> being used, or there is any kind of protection at all on the data, then
> it is an offence under that section. There are also applicable state
> laws. Nothing in the FCC section that permits that one variety of
> frequency hopping to be recorded allows for using someone else's
> equipment to *transmit* your data. Our arguments are about exactly
> which US federal law would best apply in such a case, not about whether
> it is permitted.

Please cite the NPRM and specific NFR.

> The question we are still arguing is more or less whether, if caught,
> you'd most likely be charged with an FCC civil offence (potentially big
> fine and confiscation of *all* your computer equipment, but no criminal
> record), or under a minor criminal law [e.g. "Theft under $5000"]
> (potentially big fine; potential restraints upon your behaviour for
> several years such as being banned from owning a computer for 3 years;
> potential jail time up to 2 years less a day to be served in state
> prison, criminal record but no loss of civil rights), or whether you'd
> be charged under one of the many laws with a -potential- penalty of 2
> years or more of jail time (potential big fine, potential jail time in
> a state or federal prison, potential permanent restraints on future
> behaviour; potential permanent loss of certain civil rights... because
> any offence with a -potential- jail term of 2 years or more is a Felony
> even if one is only sentance to a token overnight jail visit.)
>
> Incidently, in Canada, [snip]

My argument is limited to U.S. wireless access by U.S. citizens inside
U.S. borders.

The question is not "whether, if caught, you'd most likely be
charged ...". The question is whether any actionable activity is taking
place. If you start from the premise that anyone using something they
hadn't paid for is always guilty of a crime or trepass, you ignore
centuries of common law, where a "Reasonable man" would (and should)
presume use is allowed.

A Reasonable Man is entitled to drink from a watering hole in the
desert, no matter if it's on private land or not, provided he's a
transient and the use is not excessive or for profit or damaging (and
even if damaging, if his survival is jeopardized). A Reasonable Man is
entitled to cross private property to achieve a necessary business end:
surveyors, for example, are given priviledges to tramp and transit land
adjacent to that being measured. Property owners whose land is
surrounded by another's property have a de jure right to encroach the
surrounding land to the extent needed to reach their own, and in some
states (Oregon comes to mind) even a right to encroach private property
to reach a public resourse, such as the oceanfront beach, even if other
non-encroaching access is available.

The point, and I'm sorry to be so heavy-handed about it, is that there's
no "absolute" right, or "legal" behavior, that does not have exceptions
dictated by circumstance, custom, and practice. If you assume that
access to a WiFi hot spot without a specific invitation from it's
"owner" is inherently illegal and/or actionable, you ignore all
common-sense exceptions to the rules of private property.

I could (and will) argue that a Reasonable Man finding an open WiFi
hotspot, unencrypted, without any notice forbidding access, would be
justified in assuming that its provider has chosen to contribute to a
common pool of wireless access, SO AS TO ENJOY THE BENEFIT PROVIDED BY
OTHERS FOR THE SAME PURPOSE.

It makes sense to me, and there's ample precedent by publicly-minded
individuals and corporations: Roofnet at MIT, Mel King's wirelss project
in the Roxbury district of Boston, and other less formal efforts all
come to mind.

And no, I'm not constructing a straw man to justify thievery. People
give away or loan or display private property all the time: examples run
the gamut from things like the tire hanging in my neighbor's front yard
to the formal gardens maintained by my church to the Linksys router in
my home office. Their owners make them available for all passerby to
enjoy, because it makes the world a better place to live.

FWIW. YMMV.

William



Re: Wi-Fi Sniffing Question
you must be one of those guys that`s always reasonable,
Mr reasonable,  you're not using your front yard right now, my dog will just
add a little moisture, there's no reason for him to leave a plop.




Re: Wi-Fi Sniffing Question
bumtracks wrote:
> you must be one of those guys that`s always reasonable,
> Mr reasonable,  you're not using your front yard right now, my dog will just
> add a little moisture, there's no reason for him to leave a plop.

I'm not so unreasonable as to expect a dumb animal to defecate in a
toilet. Humans, however, can usually be trained to accomplish simple
tasks like picking up their pet's feces.

I think a sense of social responsibility sets in at about the same stage
of development where children realize that sarcasm is, indeed, the wit
of fools.

William.




Re: Wi-Fi Sniffing Question
|Walter Roberson wrote:
|> How much does your daughter's neighbour pay in "excess bandwidth" charges?

|Since hot spots don't usually have a sign on them saying "No
|Trespassing" or even an SSID that looks, for example, like "PRIVATE
|PROPERTY RESERVED FOR JOE SMITH AND FAMILY", I'll argue that you're
|starting from the premise that the neighbor -

|A. Has a bandwidth-sensitive pricing plan, which is very rare.

The least expensive bandwidth *insensitive* plan I have found here
is $C 395 per month, with a $C 2000 installation fee -- and that company
can't deliver service to my area. If I recall correctly, the least
expensive bandwidth insensitive plan that I can actually get at my
house is $C 1185 per month with a $C 4000 installation fee.
($C 1 is about $US 0.80 at the moment.)

*Every* "residential" plan that I can actually get at my residence,
from -every- provider I've been able to find in the city, has bandwidth
restrictions and excess bandwidth charges. I've checked about a dozen
completely independant providers (not just resellers of the same duopoly.)

I am not in a rural area: if I recall my calculation correctly, I am
3 km from the centre of the city (population 660000+, located on
-all- the cross-country long-haul data links). I am not in the
top three poshest neighbourhoods, but I am in the area most in demand
amongst those whose family incomes are between about $US 40000 and
$US 150000 per annum -- what would probably be called "upper middle class".
And two of the top three poshest neighbourhoods are very close by.


|Using "theft" of water as a simile for WiFi access ignores the practical
|obstacle to committing the "crime" - noone has, after all, outlawed
|theft of the Moon

Actually they have. There is a fellow in the USA who was able to
successfully register title to the land on the Moon a number of years
back (he went through the official land claim procedures), and now sells
moon plots as a small business, and has been successful in
suing other people who have attempted to offer moon plots or burial-
on- the- Moon schemes. That land is *owned* in law, and that would make
taking it or using it without permission an offence.


|Courts use a "Reasonable Man" standard when assesing damage and intent.
|A reasonable man would not take water than was obviously intended for
|another use (from, e.g., a scenic pond with fish in it) or which was
|clearly being kept in reserve to benefit the community (a reservoir), or
|which was, in and and of itself, harmful (toxic waste if properly posted).

Unfortunately it's done a lot, manufacturering firms sucking their
water from a river, running the water through their processing plant,
and dumping the water out again contaiminated. It's very hard to
prosecute such cases: you have to get chemical tracers sufficient to
prove beyond a doubt that the water came from the plant, and last I
heard, the EPA had been specifically defunded for investigation of
such matters. Some private citizens or environmental groups continue
to gather the evidence, but the proof linking the clearly toxic waste
to the manufacturing plant usually requires a visit to the plant to
check for samples, which the plant seldom allows and which the EPA
(which has the legal authority to investigate) is forbidden to spend
money on persuing.

:> Your email address appears to indicate that you are somewhere in the
:> USA. We're still debating some of the fine details of FCC regulations,
:> so we can't tell you -exactly- where the line is.  The FCC regulations
:> say with respect to the ISR spectrum that if a certain kind of
:> frequency hopping is being used and no attempt is made to encrypt the
:> data, that it is not an offence against -that- section of the
:> regulations to *record* the data [it would not be considered a
:> wiretap].

:> If, though, the other kind of frequency hopping or spread spectrum is
:> being used, or there is any kind of protection at all on the data, then
:> it is an offence under that section.


:Please cite the NPRM and specific NFR.

I don't recognize the abbreviations "NPRM" or "NFR", but I have
previously cited the exact URLs and paragraph numbers for this part
of the FCC regulations.


:The question is not "whether, if caught, you'd most likely be
:charged ...". The question is whether any actionable activity is taking
:place.

It is. FCC regulations with a narrow exemption, the US Computer Fraud
and Abuse Statutes, theft by conversion.

:The point, and I'm sorry to be so heavy-handed about it, is that there's
:no "absolute" right, or "legal" behavior, that does not have exceptions
:dictated by circumstance, custom, and practice. If you assume that
:access to a WiFi hot spot without a specific invitation from it's
:"owner" is inherently illegal and/or actionable, you ignore all
:common-sense exceptions to the rules of private property.

The US Computer Fraud and Abuse Statutes are written as abolutes.
There is no provision in them for "just a little" cracking or
"having some harmless fun". There have been successful prosecutions
(with jail term) for what many people would consider borderline at worst
or harmless behaviour (e.g., inserting a "backdoor" in order to be
able to bypass a security barrier so that the person could remotely
undertake the work they had been lawfully contracted to do, in an
organizational culture in which the person had been led to believe
that no-one would care.)

If you do not know much about the Computer Fraud and Abuse Statutes,
then that might be partly because on the face of them, they are
written to only protect hospitals and big money (e.g., banks), and
they look like they would have no jurisdiction at the local level
(which would be State law or municipal bylaws.) There happens to be
a clause in them, though, that activates them if the device accessed
is one that is used for "interstate commerce"... which applies to
any computer system or network that is used for electronic shopping
intrastate, or for viewing electronic advertisements aimed at getting
the reader to buy intrastate (near impossible to avoid these days),
or for sending email intrastate. Computer systems and networks
which are -not- covered because of that clause are as rare as the
proverbial antique car in top shape previously owned by a
"little old lady who only drove to church on Sunday."


:I could (and will) argue that a Reasonable Man finding an open WiFi
:hotspot, unencrypted, without any notice forbidding access, would be
:justified in assuming that its provider has chosen to contribute to a
:common pool of wireless access, SO AS TO ENJOY THE BENEFIT PROVIDED BY
:OTHERS FOR THE SAME PURPOSE.

I disagree. Anyone who has been a part of the computer culture for
more than a couple of months knows that there are millions and
millions of computer systems out there owned by people who don't
have a clue how to properly secure their systems, or even that
their systems need to be secured.  When it comes to computers
(taken even in the sense of embedded computers such as are in
WiFi access points), if you don't have permission in advance, then
the access is very likely a violation under US Federal law... with
the sole exception of public information kiosks, which are fair game for
anything you can do with them.
--
   I've been working on a kernel
   All the livelong night.
   I've been working on a kernel
   And it still won't work quite right.      -- J. Benson & J. Doll


Re: Wi-Fi Sniffing Question
Taking a moment's reflection, Walter Roberson mused:
|
| I disagree. Anyone who has been a part of the computer culture for
| more than a couple of months knows that there are millions and
| millions of computer systems out there owned by people who don't
| have a clue how to properly secure their systems, or even that
| their systems need to be secured.

    That argument kind of defeats itself doesn't it?  ;-)




Re: Wi-Fi Sniffing Question
William,

Thank you!

Scott

William Warren wrote:

> Walter Roberson wrote:
> > :Recently, I posted on a Mac newsgroup about visiting my daughter's townhome,
> > :turning on my Wi-Fi enabled iPaq PDA, and logging on to the net using a
signal from
> > :a neighbor's wireless router.  My daughter was unsuccessful in doing the
same with
> > :her Mac Powerbook notebook.  Since then I've been hit with posts calling my
actions
> > :"contemptible" and "stealing".
> >
> > Those posts are not without justification.
> >
> [snip]
> >
> > :Is there anything unethical about it?
> >
> > How much does your daughter's neighbour pay in "excess bandwidth" charges?
> > Or how much extra does the neighbour pay for an account with a higher
> > bandwidth limit? Did you offer to compensate the neighbour for the
> > bandwidth you used?
>
> Since hot spots don't usually have a sign on them saying "No
> Trespassing" or even an SSID that looks, for example, like "PRIVATE
> PROPERTY RESERVED FOR JOE SMITH AND FAMILY", I'll argue that you're
> starting from the premise that the neighbor -
>
> A. Has a bandwidth-sensitive pricing plan, which is very rare.
> B. Can be identified and located (try it sometime,
>      especially in an apartment building).
> C. Cares if someone else uses their pipe to perform
>      a legal and innocuous activity.
>
> ... and, by that logic, that nobody is entitled to use anything they
> haven't bought and paid for (and, I infer, roped off from everyone else
> that hasn't been able to ante up).
>
> > Hot-spots are generally set up by businesses for the use of their
> > customers, and non-customers are generally unwelcome unless the
> > business specifically advertises otherwise.
>
> Sorry (and no disrepect), but I disagree. Hot spots are "generally" set
> up by businesses to either provide short-term connectivity (for
> training, etc.) or to bypass a physical restriction (such as offices in
> converted warehouse spaces where wiring is prohibitively expensive), and
> are used primarily by employees, not customers.
>
> Non-customers (the definition of which is left as an excercise for the
> reader, but let's assume we mean "persons not lawfully on the premises")
> might or might not be welcome, but may be tolerated simply because it's
> cheaper to protect corporate assets by other means than it would be to
> implement and enforce a wireless-accessible-data segregation plan.
>
> > If you went to a local
> > store one hot summer day and you found that the store had set up a
> > sprinkler on the lawn for customer's children to run through while a
> > parent shopped, then would you have gone over and filled a drum with
> > the water they were supplying, and taken it home to water your lawn?
>
> Not usually: water weighs eight pounds per gallon, and it's cheaper to
> buy it from my water agency than to hire the help I'd need to collect
> it, transport it, and spread it by hand. But, what the hell, I'll assume
> I have a magical power to lift 55 gallon drums (that's, let's see, five
> eights are forty, carry the four ... 440 pounds without considering the
> weight of the drum).
>
> This is, of course, farfetched, and I mention it to remind the reader
> that there is an obvious and often-ignored difference between
> "impractical" and "illegal" behavior. Very few impractical behaviors are
> illegal (lawmakers have more obvious problems to deal with), and
> formerly impractical behaviors that technology makes practical and
> profitable - spam, for example - are eventually regulated and/or taxed
> to the extent needed to keep the wheels of society spinning.
>
> Using "theft" of water as a simile for WiFi access ignores the practical
> obstacle to committing the "crime" - noone has, after all, outlawed
> theft of the Moon or attempting to suck the ocean dry with a
> garden hose - and detracts from a necessary public debate about our
> wired society and the benefits universal Internet access provides, but I
> digress.
>
> Courts use a "Reasonable Man" standard when assesing damage and intent.
> A reasonable man would not take water than was obviously intended for
> another use (from, e.g., a scenic pond with fish in it) or which was
> clearly being kept in reserve to benefit the community (a reservoir), or
> which was, in and and of itself, harmful (toxic waste if properly posted).
>
> However, a reasonable man would be perfectly justified in taking water
> which was prima facie in discard: runoff from a lawn destined for the
> storm drain, or runoff from his own roof even if from a neighboring
> business' sprinkler. (Questions about the reasonableness of the effort
> aside from the "ownership" of the water are also left as an exercise for
> the reader. Be warned that the problems can be amazingly tricky: ask
> yourself if a farmer is entitled to gather and redistribute runoff of
> fertilyzer-laden water from his neighbor's field, even if the runoff
> would or might harm a public resource such as a river. Again, I digress.)
>
> > Your email address appears to indicate that you are somewhere in the
> > USA. We're still debating some of the fine details of FCC regulations,
> > so we can't tell you -exactly- where the line is.  The FCC regulations
> > say with respect to the ISR spectrum that if a certain kind of
> > frequency hopping is being used and no attempt is made to encrypt the
> > data, that it is not an offence against -that- section of the
> > regulations to *record* the data [it would not be considered a
> > wiretap].
> >
> > If, though, the other kind of frequency hopping or spread spectrum is
> > being used, or there is any kind of protection at all on the data, then
> > it is an offence under that section. There are also applicable state
> > laws. Nothing in the FCC section that permits that one variety of
> > frequency hopping to be recorded allows for using someone else's
> > equipment to *transmit* your data. Our arguments are about exactly
> > which US federal law would best apply in such a case, not about whether
> > it is permitted.
>
> Please cite the NPRM and specific NFR.
>
> > The question we are still arguing is more or less whether, if caught,
> > you'd most likely be charged with an FCC civil offence (potentially big
> > fine and confiscation of *all* your computer equipment, but no criminal
> > record), or under a minor criminal law [e.g. "Theft under $5000"]
> > (potentially big fine; potential restraints upon your behaviour for
> > several years such as being banned from owning a computer for 3 years;
> > potential jail time up to 2 years less a day to be served in state
> > prison, criminal record but no loss of civil rights), or whether you'd
> > be charged under one of the many laws with a -potential- penalty of 2
> > years or more of jail time (potential big fine, potential jail time in
> > a state or federal prison, potential permanent restraints on future
> > behaviour; potential permanent loss of certain civil rights... because
> > any offence with a -potential- jail term of 2 years or more is a Felony
> > even if one is only sentance to a token overnight jail visit.)
> >
> > Incidently, in Canada, [snip]
>
> My argument is limited to U.S. wireless access by U.S. citizens inside
> U.S. borders.
>
> The question is not "whether, if caught, you'd most likely be
> charged ...". The question is whether any actionable activity is taking
> place. If you start from the premise that anyone using something they
> hadn't paid for is always guilty of a crime or trepass, you ignore
> centuries of common law, where a "Reasonable man" would (and should)
> presume use is allowed.
>
> A Reasonable Man is entitled to drink from a watering hole in the
> desert, no matter if it's on private land or not, provided he's a
> transient and the use is not excessive or for profit or damaging (and
> even if damaging, if his survival is jeopardized). A Reasonable Man is
> entitled to cross private property to achieve a necessary business end:
> surveyors, for example, are given priviledges to tramp and transit land
> adjacent to that being measured. Property owners whose land is
> surrounded by another's property have a de jure right to encroach the
> surrounding land to the extent needed to reach their own, and in some
> states (Oregon comes to mind) even a right to encroach private property
> to reach a public resourse, such as the oceanfront beach, even if other
> non-encroaching access is available.
>
> The point, and I'm sorry to be so heavy-handed about it, is that there's
> no "absolute" right, or "legal" behavior, that does not have exceptions
> dictated by circumstance, custom, and practice. If you assume that
> access to a WiFi hot spot without a specific invitation from it's
> "owner" is inherently illegal and/or actionable, you ignore all
> common-sense exceptions to the rules of private property.
>
> I could (and will) argue that a Reasonable Man finding an open WiFi
> hotspot, unencrypted, without any notice forbidding access, would be
> justified in assuming that its provider has chosen to contribute to a
> common pool of wireless access, SO AS TO ENJOY THE BENEFIT PROVIDED BY
> OTHERS FOR THE SAME PURPOSE.
>
> It makes sense to me, and there's ample precedent by publicly-minded
> individuals and corporations: Roofnet at MIT, Mel King's wirelss project
> in the Roxbury district of Boston, and other less formal efforts all
> come to mind.
>
> And no, I'm not constructing a straw man to justify thievery. People
> give away or loan or display private property all the time: examples run
> the gamut from things like the tire hanging in my neighbor's front yard
> to the formal gardens maintained by my church to the Linksys router in
> my home office. Their owners make them available for all passerby to
> enjoy, because it makes the world a better place to live.
>
> FWIW. YMMV.
>
> William



Re: Wi-Fi Sniffing Question
That is a simple question with a multi-faceted answer! Yes there are
unethical issues with it...you are using bandwidth you are not paying
for!! BUT...if the individual/company KNOWS that their network is
available to the public it is NOT stealing bandwidth.
How would you like it if I came to your home and stood outside and
used your network for free? And then did Gods only knows what with
it...maybe porn, maybe warez, maybe music sharing, etc. Who do you
think the people are gonna bust for it....? Me...they don't know who I
am and where I went to AND until they go thru YOUR computers, they
don't even know I EXIST!


>Recently, I posted on a Mac newsgroup about visiting my daughter's townhome,
>turning on my Wi-Fi enabled iPaq PDA, and logging on to the net using a signal
from
>a neighbor's wireless router.  My daughter was unsuccessful in doing the same
with
>her Mac Powerbook notebook.  Since then I've been hit with posts calling my
actions
>"contemptible" and "stealing".  I often turn on my iPaq on in a mall or a
business to see
>if there's a Wi-Fi hotspot nearby. Isn't Wi-Fi sniffing a common practice?   Is
there
>anything unethical about it?
>
>Thanks!
>Scott



Re: Wi-Fi Sniffing Question

>Recently, I posted on a Mac newsgroup about visiting my daughter's townhome,
>turning on my Wi-Fi enabled iPaq PDA, and logging on to the net using a signal
from
>a neighbor's wireless router.  My daughter was unsuccessful in doing the same
with
>her Mac Powerbook notebook.  Since then I've been hit with posts calling my
actions
>"contemptible" and "stealing".  I often turn on my iPaq on in a mall or a
business to see
>if there's a Wi-Fi hotspot nearby. Isn't Wi-Fi sniffing a common practice?   Is
there
>anything unethical about it?
>
I see several replies saying it is both unethical and illegal, but I
really have some doubts about that: any legislation would have to be
carefully written to avoid a successful challenge.  Anyone who sets up
a WiFi system and doesn't encrypt it to restrict access could be
construed as issuing an open invitation for it to be used by anyone.
After all, most air waves are "free to air" and you can listen to
radio and TV for free - except for police channels in some states.
Similarly, two-way HF and UHF CB repeaters are set up all over the
place and are freely accessible to anyone with a CB transceiver to
extend range.  What is different about a WiFi?

If my WiFi card can find a useable unencrypted service and log on, it
does so.  The only restriction is that I have set a log-on priority,
so that if any of my networks are available, it will log onto one of
them first - after that, anything goes.

I encounter a similar situation as you reported when I visit my
daughter.  As soon as I turn on my laptop, it automatically logs on to
a neighbours unencrypted broadband WiFi network and I can access the
Internet to browse and receive email.  I can't send email through my
normal server, but I can through my web server.

When the neighbour was acquainted with this situation, and advised to
encrypt to protect his network, he said he "couldn't give a s--t" as
he had unlimited hours and unlimited download and didn't want to
encrypt, so I could "go for it".  So I feel comfortable about that,
but not quite so comfortable about some other situations.  I can
understand if someone has a limited service and had to pay for
additional usage, that there could be a question of ethics in using
that service without notice to the owner - but if the owner fails to
encrypt or limit access, then it seems to me to be a bit like our
local newspaper, which sets out papers for readers to pick up for free
if they want it.

Hot spots are a different matter - you can log on to them only if you
pay the necessary fee.

So my view is, if you are passing through and it is a "one off" and
you are only going to download a few K in emails and never use that
site again, no harm is done.  If it is likely to be a regular
occurrence, then it would be ethical and I think obligatory to
acquaint the WiFi owner of your usage.  However, if the owner then
gives an all-clear or fails to encrypt, I wouldn't see any problem in
continuing to use it.

--
Regards,
Peter Wilkins


Re: Wi-Fi Sniffing Question
:I see several replies saying it is both unethical and illegal, but I
:really have some doubts about that: any legislation would have to be
:carefully written to avoid a successful challenge.  Anyone who sets up
:a WiFi system and doesn't encrypt it to restrict access could be
:construed as issuing an open invitation for it to be used by anyone.

WiFi systems that are connected to the Internet in the USA fall under
the classification of computer systems used for interstate commerce,
and thus are protected systems for the purposes of the US Computer
Fraud and Abuse Statutes. The CFAS say that anyone who uses a
computer system without authorization or who knowingly exceeds their
authorization is in violation; the only exception is for the case
of information kiosks.

:After all, most air waves are "free to air" and you can listen to
:radio and TV for free - except for police channels in some states.
:Similarly, two-way HF and UHF CB repeaters are set up all over the
:place and are freely accessible to anyone with a CB transceiver to
:extend range.  What is different about a WiFi?

In the USA, is it legal to use "cable descramblers" or hacked
satellite TV cards to get subscription content for free? If not, then
why not, since it's just radio waves?

You missed cell phones, by the way.

When you look more closely at the spectrum allocation, you will find
that there is a -lot- of the spectrum that is only legally accessible
to people with appropriate commercial or amateur licenses. Try setting
up your own FM radio station and see how long your right to -transmit-
signals lasts.
--
Before responding, take into account the possibility that the Universe
was created just an instant ago, and that you have not actually read
anything, but were instead created intact with a memory of having read it.


Re: Wi-Fi Sniffing Question
    It is also illegal to listen in on cellular calls.  It is
legal in Canada (or at least it was a number of years back).  You
could go to Canada and buy a scanner that would listen in on cellular
calls.  But if you tried to bring it back into the United States and
were caught, you were in big trouble because listening in on cellular
calls is considered [in the U.S.] to be wiretapping.  

    Just because you can 'listen' to just about anything else, on
all [except the commercial (television, AM, and FM)  broadcast and on
amateur radio] radio services, you are not legally allowed to divulge
the contents of or use the information 'for profit'.  This means (for
example) that a tow truck company that monitored the police and fire
frequencies [for the purpose of finding accidents or people who
otherwise needed a tow] is in violation of the law for using the
intercepted communications for gain.  I'm not saying it doesn't happen
all the time because it does.  But that doesn't make it legal.  

    Knowingly gaining access to someone else's communication
system without their approval is risky business.  So, 'free to listen
to whatever you want' is a relatively loose term.  Listening carries
responsibility.  



                        Fred



Re: Wi-Fi Sniffing Question
On Fri, 12 Nov 2004 18:05:08 +1100, Peter Wilkins

>
>>Recently, I posted on a Mac newsgroup about visiting my daughter's townhome,
>>turning on my Wi-Fi enabled iPaq PDA, and logging on to the net using a signal
from
>>a neighbor's wireless router.  My daughter was unsuccessful in doing the same
with
>>her Mac Powerbook notebook.  Since then I've been hit with posts calling my
actions
>>"contemptible" and "stealing".  I often turn on my iPaq on in a mall or a
business to see
>>if there's a Wi-Fi hotspot nearby. Isn't Wi-Fi sniffing a common practice?  
Is there
>>anything unethical about it?
>>
>I see several replies saying it is both unethical and illegal, but I
>really have some doubts about that: any legislation would have to be
>carefully written to avoid a successful challenge.  Anyone who sets up
>a WiFi system and doesn't encrypt it to restrict access could be
>construed as issuing an open invitation for it to be used by anyone.
>After all, most air waves are "free to air" and you can listen to
>radio and TV for free - except for police channels in some states.
>Similarly, two-way HF and UHF CB repeaters are set up all over the
>place and are freely accessible to anyone with a CB transceiver to
>extend range.  What is different about a WiFi?
>
You missed the cell phone frequencies, it used to be okay to listen
but now it is illegal to listen a cell phone conversation you are not
a part of. You also missed that in Virginia nd DC it is illegal to
posses a radar detector. The Police even have radar detector detectors
that can sense your detector and the Police WILL confiscate it and
only return it to you if you come to Court. It is illegal to receive
those frequencies, it is also illegal to transmit on ANY frequency an
airplane uses if not for "official" airplane business. This was
designed to stop people from interfering with plane to ground
communications.
In short, there are LOTS of frequencies that are illegal to use and
activities that are illegal and just because we find them doesn't mean
we can use them.
I guess another analogy would be, you find a bag of money laying on
the ground, it has a Banks name on it, but no one is around, are you
stealing it if you pick it up and keep the money? ABSOLUTELY, and you
WILL be prosecuted for Bank Robbery!
Just because you find it, doesn't mean you can use it!



Re: Wi-Fi Sniffing Question
wrote :

snip
>In short, there are LOTS of frequencies that are illegal to use and
>activities that are illegal and just because we find them doesn't mean
>we can use them.

I couldn't agree more - but not everything is quite so black and
white, and I don't know that the law is yet completely firmed up
regarding WiFi, particularly here in Oz where I don't think the
government even knows what the term means.

>I guess another analogy would be, you find a bag of money laying on
>the ground, it has a Banks name on it, but no one is around, are you
>stealing it if you pick it up and keep the money? ABSOLUTELY, and you
>WILL be prosecuted for Bank Robbery!

That money was already lost or stolen - a better analogy would be if
the bank was deliberately throwing banknotes out the window and you
picked them up - can you keep them?  Probably!

>Just because you find it, doesn't mean you can use it!

Of course, and if you read my original post you would note that when
faced with this situation (when visiting my daughter my computer
automatically logs on to a neighbours network) we acquainted him of
the situation (it took a few days to find out WHICH neighbour was
broadcasting) and received his blessing.  But what should I have done
if I had not received his blessing?  He wouldn't encrypt and my
computer automatically logs on to his network as soon as it is turned
on.  So I suppose I shouldn't turn on my computer while visiting my
daughter, but why should I be penalised because someone won't take the
elementary precaution of limiting access to his network?

I don't know the answer, I'm no lawyer, but I think it is not
completely black or white - there has to be room for some compromise.
If you take someone's bandwidth by stealth, then there is no argument
in my mind: it is at least immoral and probably illegal.  But if you
advise him of the problem and he takes no steps to prevent it, then I
think the matter should become a bit grey, and the law should be a bit
more lenient.



--
Regards,
Peter Wilkins


Re: Wi-Fi Sniffing Question
On Sat, 13 Nov 2004 13:50:23 +1100, Peter Wilkins

>wrote :
>
>snip
>>In short, there are LOTS of frequencies that are illegal to use and
>>activities that are illegal and just because we find them doesn't mean
>>we can use them.
>
>I couldn't agree more - but not everything is quite so black and
>white, and I don't know that the law is yet completely firmed up
>regarding WiFi, particularly here in Oz where I don't think the
>government even knows what the term means.
>
Well I wouldn't want to be the first person tried for violating
whatever they will call it!

>>I guess another analogy would be, you find a bag of money laying on
>>the ground, it has a Banks name on it, but no one is around, are you
>>stealing it if you pick it up and keep the money? ABSOLUTELY, and you
>>WILL be prosecuted for Bank Robbery!
>
>That money was already lost or stolen - a better analogy would be if
>the bank was deliberately throwing banknotes out the window and you
>picked them up - can you keep them?  Probably!
>
AHHH...that was the point of my analogy! YOU are still going to be
charged with bank robbery! YOU kept the money and didn't turn it in!
That makes you an "accessory after the fact".

>>Just because you find it, doesn't mean you can use it!
>
>Of course, and if you read my original post you would note that when
>faced with this situation (when visiting my daughter my computer
>automatically logs on to a neighbours network) we acquainted him of
>the situation (it took a few days to find out WHICH neighbour was
>broadcasting) and received his blessing.  But what should I have done
>if I had not received his blessing?  He wouldn't encrypt and my
>computer automatically logs on to his network as soon as it is turned
>on.  So I suppose I shouldn't turn on my computer while visiting my
>daughter, but why should I be penalised because someone won't take the
>elementary precaution of limiting access to his network?
>
If you advise him and he still won't do anything about it you STILL
don't have the legal right to use it. He has not told you it is okay.
Maybe he is just too obtuse to recognize the problem. Don't get caught
ESPECIALLY after you told him of the problem!!!

>I don't know the answer, I'm no lawyer, but I think it is not
>completely black or white - there has to be room for some compromise.
>If you take someone's bandwidth by stealth, then there is no argument
>in my mind: it is at least immoral and probably illegal.  But if you
>advise him of the problem and he takes no steps to prevent it, then I
>think the matter should become a bit grey, and the law should be a bit
>more lenient.
The law is NEVER more gray or lenient! It is ALWAYS black and white,
laywers just want you to THINK it is grey! There are NO COLORS in the
law books!



Re: Wi-Fi Sniffing Question
On Sat, 13 Nov 2004 13:50:23 +1100, in alt.internet.wireless , Peter

>Of course, and if you read my original post you would note that when
>faced with this situation (when visiting my daughter my computer
>automatically logs on to a neighbours network) we acquainted him of
>the situation (it took a few days to find out WHICH neighbour was
>broadcasting) and received his blessing.  But what should I have done
>if I had not received his blessing?  He wouldn't encrypt and my
>computer automatically logs on to his network as soon as it is turned
>on.  

You should properly configure your computer to prevent it doing that.

>So I suppose I shouldn't turn on my computer while visiting my
>daughter, but why should I be penalised because someone won't take the
>elementary precaution of limiting access to his network?

Its his fault he's not taking precautions, but you still have a duty to
avoid acting illegally. An analogy might be if he insisted on leaving the
doors and windows open, it would still be illegal for you to enter his
house. So you must make reasonable efforts.


--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html
CLC readme: <http://www.ungerhu.com/jxh/clc.welcome.txt

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+
Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----


Re: Wi-Fi Sniffing Question
Taking a moment's reflection, f/f george mused:
|
| You also missed that in Virginia nd DC it is illegal to
| posses a radar detector. The Police even have radar detector detectors
| that can sense your detector and the Police WILL confiscate it and
| only return it to you if you come to Court. It is illegal to receive
| those frequencies ...

    It's only illegal in those states because no one has challenged the law
and taken it to the Supreme Court.  The State law against radar detectors is
unconstitutional according to the stipulation that unencrypted RF band
transmission can be freely received by anyone.  This is why passive sniffing
of wireless networks is legal, but connection (which would also involve
transmitting) is illegal.  However, until someone appeals the law in those
states, they remain enforceable.




Re: Wi-Fi Sniffing Question
[with regard to radar detectors]

:    It's only illegal in those states because no one has challenged the law
:and taken it to the Supreme Court.  The State law against radar detectors is
:unconstitutional according to the stipulation that unencrypted RF band
:transmission can be freely received by anyone.

Could you clarify which 'stipulation' that is?
--
The Knights Of The Lambda Calculus aren't dead --this is their normal form!


Re: Wi-Fi Sniffing Question
>[with regard to radar detectors]
>
>:    It's only illegal in those states because no one has challenged the law
>:and taken it to the Supreme Court.  The State law against radar detectors is
>:unconstitutional according to the stipulation that unencrypted RF band
>:transmission can be freely received by anyone.
>
UMMM....NOT! In Virginia it WAS taken to the Supreme court and it was
decided in the State's favor, because to allow the reception of "those
particular" frequencies "enhanced" the breaking of the law.
I am not able to cite the case, but the Police do it all the time.
No other States, except Michigan and the District of Columbia, have
banned the reception of those frequencies while travelling, to my
knowledge.

Also the free reception is NOT guaranteed! It is allowed except where
the Police or other Law type organizations would be harmed because of
the reception. The Law is rarely cut and dry, and is FULL of
exceptions.



Re: Wi-Fi Sniffing Question
Taking a moment's reflection, Walter Roberson mused:
|
| Could you clarify which 'stipulation' that is?

    It was in the FCC charter.  However, upon looking at the dates of my
source documents, I see they are likely no longer current (early 80's).




Site Timeline