eth3real wrote:I agree that unknowing end-users of wireless routers should be protected from just not knowing any better. I don't believe that this law is efficient in protecting those people, as most people don't know the law exists, nor would the owners of the network even realize that such an event took place.
I think these people should have protected networks, because I don't think it's right that they're just open to anybody use their networks like we're discussing. I definitely don't agree with people legitimizing it "because it was open." I don't believe that the owners of open wireless networks are at fault for this. It is simply easier (in most cases) to leave it alone once it's working, as most people who are not technical would be afraid of messing it up if they change anything. That's not their fault; it should be easier to make it secure than easier to leave it open.
Hardware manufacturer's are not required to make the interface easy for people to use, or make the interface enforce any kind of security standards. Maybe that's what needs to change, but I believe the current laws are fine where they are.
You keep saying that the laws are inconsistent, but comparing it to a website is not a fair comparison. Wifi has a finite range, and it is easier to make it open than secure. If you made an open website on the internet, you had to go through the trouble of making it open on the internet, which can be accessed by the entire world. Not a fair comparison by a longshot.
This is one of those laws that has good intentions, but very little effect in practice. Now that you know you're "not allowed" to connect to open access points, doesn't mean that there is anyone enforcing that law. If you go 5 mph over the speed limit, you are still breaking the law. Is anyone going to give you a citation for it? Probably not. Did you still knowingly break that law? Yes.
It is their fault for not knowing any better. This isn't someone tech savvy tricking a user like with hacking; the users are notified their network is open. I don't know anything about cars, but if I choose to ignore an engine light, like someone does when configuring their AP or connecting to it, and say "well my car is working so I'm not worried about it" that's my fault when something goes wrong. They configured the AP, they see the notification it's not secure, it should be assumed it was intended to be public like other open APs, and websites.
As for a website being an unfair comparison, it isn't. The wifi range has nothing to do with it. Also, websites, just like APs, and anything else, are easier to keep open than restricted. As I've said, you could create a website you want public and have a page you don't want public. Regardless of the reason, if you do nothing to limit access to the page, it's you own fault. People aren't criminals for clicking the link.
I don't want anyone connecting to my AP either. That's why I took measures to restrict access. Something anyone can do. If they can't, there is the manual, google, message boards, free tech support, they could have a friend do it, or pay someone to do it. Lots of options and no excuses for no security.
My entire point of this, is that we need some kind of protection against attacks like this. If someone accesses my network that I did not authorize, I want to file charges. These wireless APs don't come with a big disclaimer on the box saying "this may open your network to unauthorized access, potentially sharing your internet connection and network services to others in range." Do you really think the end users are at fault for this?
I definitely want anyone who attacks a computer to go to jail, but at the same time I don't consider grandmas across the country making one click as blackhats who need to be jailed for violating the Computer Fraud and Abuse Act...