.

When is using an open wifi network a crime?

<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Thu Dec 08, 2011 11:59 am

Re: When is using an open wifi network a crime?

ziggy_567 wrote:Its not apples and oranges.

As with a house with an open door, an open wifi network is not an invitation to come on in and suck up bandwidth. There must be some other invitation other than the mere existence of the wifi network. Whether it be a hotel clerk telling you to connect to hhonors, a sign on the door of the Starbucks, or a landing page with a Terms of Use, there must be some sort of invitation to use the network.

As with any legal question, if you are unsure of legality its best to not do it until you are sure. As ether3al has pointed out, ignorance of the law is no excuse.


I guess it comes down to whether there should be an indication it is public, or an indication it is private.  I believe it should be the AP owner's responsibility to notify it is private.  They don't have to be an expert in security, they just have to read the manual.  Simple MAC filtering would be enough of an indication that it is private.  I'd even count having it open and naming the AP something like DoNOTconnect or PrivateNetwork; similar to a no trespassing sign.
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Thu Dec 08, 2011 12:01 pm

Re: When is using an open wifi network a crime?

eth3real wrote:
Eleven wrote:I understand the law, I just don't agree with it.  :)  Personally, I view the combination of absolutely no security on the AP, and the AP offering its services as being authorized.  Similar to being authorized to come in my house if I have the door wide open (no security) and invite you in when you walk by (SSID broadcasts).

I know the difference is technical and not everyone is going to understand how to configure an AP, but that's why they should read the manual, or listen to warnings they get when configuring or connecting to their AP.


Now we're starting to get on the same page. :)

The only difference I have, is that I think the law is not the one that's at fault here. I think the hardware manufacturers, or maybe the 802.11 standard, should require you to protect the access point during setup, and make you jump through hoops if you are absolutely sure you want your AP to be open and unprotected. This would force the lazy or non-security-aware people to at least have some sort of protection, and if they actually went through the trouble of making it open, then they knew what they were doing.


I agree 100%.  You're right, ultimately the hardware manufacturers are responsible for creating this mess.  That we can agree on. :)
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Fri Dec 09, 2011 7:24 am

Re: When is using an open wifi network a crime?

Eleven wrote:
I understand the law, I just don't agree with it.  :)  Personally, I view the combination of absolutely no security on the AP, and the AP offering its services as being authorized.  Similar to being authorized to come in my house if I have the door wide open (no security) and invite you in when you walk by (SSID broadcasts).

I know the difference is technical and not everyone is going to understand how to configure an AP, but that's why they should read the manual, or listen to warnings they get when configuring or connecting to their AP.


So instead of trying to "steal" or borrow in your case, their network why don't you knock on there door and try to educate them.  Yes I know people can read the manual but there are "baby boomers" and "Gen X" people that these manuals make no sense to.  With knowledge comes responsibility, so instead of doing something malicious help these people out.
CCENT, A+, Network+, Security+
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Fri Dec 09, 2011 8:58 am

Re: When is using an open wifi network a crime?

El33tsamurai wrote:So instead of trying to "steal" or borrow in your case, their network why don't you knock on there door and try to educate them.


I actually did that once. The guy freaked out and turned off his wifi permanently.
Put that in your pipe and grep it!
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri Dec 09, 2011 9:02 am

Re: When is using an open wifi network a crime?

I actually did that once. The guy freaked out and turned off his wifi permanently.


That is an alternative solution..... ;D
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Fri Dec 09, 2011 9:26 am

Re: When is using an open wifi network a crime?

Better you told him, then "someone else" comes by and steals vital information from him.  Note the name of the site "The Ethical Hacker Network", we are here because we want to do good not because we want to steal someones wireless or do malicious things.  
CCENT, A+, Network+, Security+
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Fri Dec 09, 2011 9:38 am

Re: When is using an open wifi network a crime?

El33tsamurai wrote:
Eleven wrote:
I understand the law, I just don't agree with it.  :)  Personally, I view the combination of absolutely no security on the AP, and the AP offering its services as being authorized.  Similar to being authorized to come in my house if I have the door wide open (no security) and invite you in when you walk by (SSID broadcasts).

I know the difference is technical and not everyone is going to understand how to configure an AP, but that's why they should read the manual, or listen to warnings they get when configuring or connecting to their AP.


So instead of trying to "steal" or borrow in your case, their network why don't you knock on there door and try to educate them. 


I don't view it as stealing or malicious because they are offering a service.  And it's not borrowing because they aren't getting it back (they probably wouldn't even notice it missing).  It's simply using a service they offered.  If someone chooses not to shred their trash and they leave it in a public place like on their curb, it's their own fault if someone takes their trash and goes through it.  If someone uses the trash for illegal purposes, or by passes security such as even the most insecure lock in the world to get to the trash or ignores a no trespassing sign, THEN that's a crime.  If someone is broadcasting use of their open wifi to the world, it should be their own fault for not enabling any security and ignoring warnings that it's not secure.

Like I've said, there is also the analogy of someone creating a private web page on a website and choosing not to protect it at all and ignoring warnings.  Then the person who sees it advertised (indexed) in google, who has no malicious intentions, and clicks the link and that person should go to jail?  Nope.  It's the sites owner's fault for negligence.  Even though Apache defaults to making the web page public just like an AP might, even though the site owner has no idea what they're doing, it's still the owner's fault for not making any effort to limit access.

I never used an open access point.  I've never even owned a smartphone.  I'm about to get a wifi card for my desktop though to test my own wifi security and was hoping to also use it for open wifi networks.  Kind of bummed the last part is considered illegal.


Yes I know people can read the manual but there are "baby boomers" and "Gen X" people that these manuals make no sense to.  With knowledge comes responsibility, so instead of doing something malicious help these people out.


That's the thing though, it's not a matter of tech savvy people taking advantage of those who aren't.  There are way more people who don't understand technology than geeks, so I'm sure there are more computer illiterate people breaking this law than geeks breaking it.  But yes I have thought about yesterday and today of notifying people who may of accidentally have setup open wifi...
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Fri Dec 09, 2011 9:39 am

Re: When is using an open wifi network a crime?

Eleven wrote:ultimately the hardware manufacturers are responsible for creating this mess.  That we can agree on. :)

I don't know about this.  The past few routers I've configured do a very good job of making strong suggestions to the user that secure is better, namely in these routers I would have had to jump through hoops and multiple warning messages in order to turn OFF security.  With WPA2, all you need is a PSK.  It's another password, not even with the complexity requirements.  I don't even care if the password is written on the router itself.  The problem is not manufacturers, the problem is always and will continue to be the human element.

That said, open wifi is not an invitation.  Legally even the police can't come into your house without a warrant, even if the door is open.  No explicit consent = no consent = illegal.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Fri Dec 09, 2011 9:46 am

Re: When is using an open wifi network a crime?

That's good to know. I've seen way too many routers that you can take out of the box, plug it in, and it's already up and running with a typical wifi name (like Linksys or Netgear), absolutely no protection, and utilize a default username and password for the admin console. Many people will see this, "it's working!", and never look at it again. While driving through my neighborhood with a laptop running airodump-ng or kismet, I can still find dozens of networks like this.
Put that in your pipe and grep it!
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Fri Dec 09, 2011 9:57 am

Re: When is using an open wifi network a crime?

yatz wrote:That said, open wifi is not an invitation.  Legally even the police can't come into your house without a warrant, even if the door is open.  No explicit consent = no consent = illegal.


It's not just that the door is open (no security) it's that the AP was configured to offer its services.  I don't have to have explicit authorization to take someones trash, or view a webpage that has no access control.  Even though the owner may of considered them private, they are assumed to be public.  Entering and searching a house is a lot more sensitive than using internet.  If someone is monitoring communication of an open wifi, yes, that should be a crime.
Last edited by Eleven on Fri Dec 09, 2011 9:59 am, edited 1 time in total.
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 220

Joined: Sat Feb 03, 2007 4:01 pm

Post Fri Dec 09, 2011 10:07 am

Re: When is using an open wifi network a crime?

Eleven wrote:
El33tsamurai wrote:
Eleven wrote:
I understand the law, I just don't agree with it.  :)  Personally, I view the combination of absolutely no security on the AP, and the AP offering its services as being authorized.  Similar to being authorized to come in my house if I have the door wide open (no security) and invite you in when you walk by (SSID broadcasts).

I know the difference is technical and not everyone is going to understand how to configure an AP, but that's why they should read the manual, or listen to warnings they get when configuring or connecting to their AP.


So instead of trying to "steal" or borrow in your case, their network why don't you knock on there door and try to educate them. 


I don't view it as stealing or malicious because they are offering a service. And it's not borrowing because they aren't getting it back (they probably wouldn't even notice it missing).  It's simply using a service they offered.  If someone chooses not to shred their trash and they leave it in a public place like on their curb, it's their own fault if someone takes their trash and goes through it.  If someone uses the trash for illegal purposes, or by passes security such as even the most insecure lock in the world to get to the trash or ignores a no trespassing sign, THEN that's a crime.  If someone is broadcasting use of their open wifi to the world, it should be their own fault for not enabling any security and ignoring warnings that it's not secure.


Offering a service?  A service has to be advertised as a service which was post before.  So no its not a service.  

"And it's not borrowing because they aren't getting it back (they probably wouldn't even notice it missing)."  Jelly beans at the candy store are small and the owner would not miss if 10 or 15 were missing, so it makes it right to take 10 to 15 because he would not notice?  See this thing called "morals" tells me its wrong.

" If someone chooses not to shred their trash and they leave it in a public place like on their curb, it's their own fault if someone takes their trash and goes through it.  If someone uses the trash for illegal purposes, or by passes security such as even the most insecure lock in the world to get to the trash or ignores a no trespassing sign, THEN that's a crime."  And if you check with the ISP they will tell you the same thing about using another persons internet ;).  

"If someone is broadcasting use of their open wifi to the world, it should be their own fault for not enabling any security and ignoring warnings that it's not secure."  Like I stated before they might not understand and it takes "ethical people" to help them out.


Eleven wrote:
Like I've said, there is also the analogy of someone creating a private web page on a website and choosing not to protect it at all and ignoring warnings.  Then the person who sees it advertised (indexed) in google, who has no malicious intentions, and clicks the link and that person should go to jail?  Nope.  It's the sites owner's fault for negligence.  Even though Apache defaults to making the web page public just like an AP might, even though the site owner has no idea what they're doing, it's still the owner's fault for not making any effort to limit access.

I never used an open access point.  I've never even owned a smartphone.  I'm about to get a wifi card for my desktop though to test my own wifi security and was hoping to also use it for open wifi networks.  Kind of bummed the last part is considered illegal.


Yes I know people can read the manual but there are "baby boomers" and "Gen X" people that these manuals make no sense to.  With knowledge comes responsibility, so instead of doing something malicious help these people out.


That's the thing though, it's not a matter of tech savvy people taking advantage of those who aren't.  There are way more people who don't understand technology than geeks, so I'm sure there are more computer illiterate people breaking this law than geeks breaking it.  But yes I have thought about yesterday and today of notifying people who may of accidentally have setup open wifi...


You should do more then think about it, you should do it.
CCENT, A+, Network+, Security+
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Fri Dec 09, 2011 10:19 am

Re: When is using an open wifi network a crime?

Eleven wrote:
It's not just that the door is open (no security) it's that the AP was configured to offer its services.


This is the source of confusion.  It's not only the AP services that are being accessed, it's the internet service that is being paid for by the owner that are being accessed.  Let's consider them separately.


1. Access to internal network from open wifi

This is my point from earlier.  An open door does not imply consent.  The services the AP is offering provide entry into a personal network.  Just because the network is digital instead of physical, that doesn't make it any less personal property.  The owner purchased the equipment, configured it for personal use, and it is serving the owner as such.  In the case where this serving is capable of supporting more than just the owner, it is still the owner's property and requires the owner's consent.  Unfortunately, there isn't a very good way for an owner to grant that consent to a general audience, but this does not give blanket authority.  The consent is still required for access.  Getting a DHCP address on a network for possible access is equivalent to accessing a license, so yes, even connecting to an open wifi without explicit consent is not permitted.

2. Access across subscription-based internet link to external network from open wifi

This takes the same concept one step further.  Now the use is not limited to personal property use but also could violate the usage agreement between the owner and the service provider.


Who is at fault if the owner enables this by disabling security?  Well, who is at fault if a car door is left unlocked in a mall parking lot and your CDs get stolen?  The owner may be at fault, but theft is still theft.  In the case of open wifi, the theft is just harder to classify.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Fri Dec 09, 2011 10:53 am

Re: When is using an open wifi network a crime?

yatz wrote:
This is the source of confusion.  It's not only the AP services that are being accessed, it's the internet service that is being paid for by the owner that are being accessed.  Let's consider them separately.


1. Access to internal network from open wifi

This is my point from earlier.  An open door does not imply consent.  The services the AP is offering provide entry into a personal network.  Just because the network is digital instead of physical, that doesn't make it any less personal property.  The owner purchased the equipment, configured it for personal use, and it is serving the owner as such.  In the case where this serving is capable of supporting more than just the owner, it is still the owner's property and requires the owner's consent.  Unfortunately, there isn't a very good way for an owner to grant that consent to a general audience, but this does not give blanket authority.  The consent is still required for access.  Getting a DHCP address on a network for possible access is equivalent to accessing a license, so yes, even connecting to an open wifi without explicit consent is not permitted.

2. Access across subscription-based internet link to external network from open wifi

This takes the same concept one step further.  Now the use is not limited to personal property use but also could violate the usage agreement between the owner and the service provider.


Okay, but how is that any different than someone who isn't technical, spending money setting up a website they want to be private and not enabling any security what so ever to make it private.  If someone clicks a link to it, they haven't been explicitly authorized to use the network and server resources that they didn't pay for, but they can because it was configured to be open and therefore assumed to be public.  I just think open wifi networks should be considered the same way.

Who is at fault if the owner enables this by disabling security?  Well, who is at fault if a car door is left unlocked in a mall parking lot and your CDs get stolen?  The owner may be at fault, but theft is still theft.  In the case of open wifi, the theft is just harder to classify.


If the owner of the AP, configures their AP to offer its services without any restrictions, that should count as authorization for the same reason as when someone setups a web server to offer its services without any restrictions, it is implied authorization.
<<

Eleven

User avatar

Full Member
Full Member

Posts: 121

Joined: Thu Nov 10, 2011 6:47 pm

Post Fri Dec 09, 2011 11:02 am

Re: When is using an open wifi network a crime?

El33tsamurai wrote:
"And it's not borrowing because they aren't getting it back (they probably wouldn't even notice it missing)."  Jelly beans at the candy store are small and the owner would not miss if 10 or 15 were missing, so it makes it right to take 10 to 15 because he would not notice?  See this thing called "morals" tells me its wrong.



Again, I say the AP is offering its resources just like a website with no access control, so it's more similar to being offered the jelly beans so no it wouldn't be immoral.
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Fri Dec 09, 2011 12:42 pm

Re: When is using an open wifi network a crime?

Eleven, why are you trying to defend this so much?

We've already covered the basics, having an open access point DOES NOT imply authorization, and the law EXPLICITLY says "unauthorized access" is a violation. What more is there to discuss?

If you want to change the laws, send a letter to your congressmen. You asked why it was illegal, and we answered. The rest is an ethics question, and you already know where we stand. We can talk this in circles all you want, but now you know the law, it doesn't matter if you feel like it should be okay or not.
Put that in your pipe and grep it!
PreviousNext

Return to Wireless

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software