This also brings the question, if you deploy a honeypot are you "leaving your doors unlocked" so to speak. Meaning you would be unable to charge the intruder for trespassing on your network as you invited them in.

Malware researchers do try to analyze live samples that are found in the wild using forensic response tools and network security monitoring to determine the malware's behavior.  AV companies also report back on detected malware to identify the spread of a sample and potential new variants.  This is all legitimate, ethical behavior.  Analyzing a piece of malware before removing/disabling it is probably the most prudent course of action when dealing with unknown malware.  

On the other hand, knowingly introducing malware into the wild for any reason is illegal in many places (probably anywhere in the U.S.).  I don't know what the civil liability would be (it exists, but you'd have to talk to an attorney), but if you're caught releasing a virus/worm into the wild you can go to jail.  It won't matter if it was for research or if you were working for an AV company.  If you want to run a sample for analysis, you need to do it on a segregated network for both legal and ethical reasons.

Part of me said to leave this thread to die.  But here is one other factor one should take into account before putting on their gray hat and using someone else's WiFi....

Lets say you are using it to do some "other" security research and you don't bother to anonymize yourself.  Well now your neighbor's IP gets logged while you are "testing" a website or downloading some malware "samples."  Lets say that site was actually a government site and maybe not our government.  they intern start launching attacks on your neighbor and their system is compromised.  Next thing you know they are calling all their credit card companies and banks to file identity theft reports.  Or one more, someone uses their computer to hide child porn and some local law enforcement or fed track it down.  Lots of bad things happen because you felt that their "open" WiFi was an invitation for free internet. 

As ethical hackers, we have to look past the open doors and windows and take it upon ourselves to tell the owners to close them when we find them.  Regardless if there is a law to protect them or not.  I am sure a savvy lawyer could get such a case thrown out in court by stating "Well they didn't say NOT to use the open WiFi" and state that such signage wasn't present. 

Anyway just another way to think aside from the laws.

New York law is the most permissive.[1] The statute against unauthorized access only applies when the network "is equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of said computer or computer system"

https://secure.wikimedia.org/wikipedia/en/wiki/Legality_of_piggybacking#United_States

Eleven, just for clarification:

Yes, the law implies that connecting to someone else's open wireless network is a violation. But, the reality is, who could ever enforce this law? With so many open wireless networks, and so many laptops, smartphones, etc. utilizing wireless networks, how could anyone police this? "Grandmas across the country" are not going to jail for this. Seriously.

You came here to ask:
When is using an open wifi network a crime?

The answer, written in law, is:
Whenever you don't have permission.

End of story.

How about this:

You didn't know that it was illegal to access an unauthorized network.

The people running open wireless networks don't know that wireless security is something to consider.

By your logic, you would be at fault for not knowing the law. You could have read up on the local laws and known better because that information is open to the public. You could have found it online, gone to a local library, etc..

If people don't know it's a problem, how are they going to fix it? Are you going to be the one to inform the public that their access points need to be secure? Are really saying that leaving your access point unprotected that you're giving people an invitation to access it?

Let me ask you this, if you disagree with the law, what would you do to change it?
If you think everyone should know better with their access points, how would you go about educating them?

People obviously aren't reading the instruction manuals that come with their products, and people obviously aren't reading the laws for their area. What can you do about it?

I agree that unknowing end-users of wireless routers should be protected from just not knowing any better. I don't believe that this law is efficient in protecting those people, as most people don't know the law exists, nor would the owners of the network even realize that such an event took place.

I think these people should have protected networks, because I don't think it's right that they're just open to anybody use their networks like we're discussing. I definitely don't agree with people legitimizing it "because it was open." I don't believe that the owners of open wireless networks are at fault for this. It is simply easier (in most cases) to leave it alone once it's working, as most people who are not technical would be afraid of messing it up if they change anything. That's not their fault; it should be easier to make it secure than easier to leave it open.

Hardware manufacturer's are not required to make the interface easy for people to use, or make the interface enforce any kind of security standards. Maybe that's what needs to change, but I believe the current laws are fine where they are.

You keep saying that the laws are inconsistent, but comparing it to a website is not a fair comparison. Wifi has a finite range, and it is easier to make it open than secure. If you made an open website on the internet, you had to go through the trouble of making it open on the internet, which can be accessed by the entire world. Not a fair comparison by a longshot.

This is one of those laws that has good intentions, but very little effect in practice. Now that you know you're "not allowed" to connect to open access points, doesn't mean that there is anyone enforcing that law. If you go 5 mph over the speed limit, you are still breaking the law. Is anyone going to give you a citation for it? Probably not. Did you still knowingly break that law? Yes.

My entire point of this, is that we need some kind of protection against attacks like this. If someone accesses my network that I did not authorize, I want to file charges. These wireless APs don't come with a big disclaimer on the box saying "this may open your network to unauthorized access, potentially sharing your internet connection and network services to others in range." Do you really think the end users are at fault for this?

Now that you know the law, you can assume that every open wifi network is unauthorized until you see a sign saying it's okay, or ask permission.

The moral of the story is that we didn't write the laws, the laws don't always make sense, but it is still unethical to break the laws regardless of your viewpoint. Just because you think it should be okay doesn't make it okay.

You say you're defending your position as much as we are, but we're not defending our position; we're telling you what the law says. In the end, none of use can change the laws, we're just telling you the facts.

Eleven, why are you trying to defend this so much?

We've already covered the basics, having an open access point DOES NOT imply authorization, and the law EXPLICITLY says "unauthorized access" is a violation. What more is there to discuss?

If you want to change the laws, send a letter to your congressmen. You asked why it was illegal, and we answered. The rest is an ethics question, and you already know where we stand. We can talk this in circles all you want, but now you know the law, it doesn't matter if you feel like it should be okay or not.