A quiet day

[altivo]

I did nothing exciting or notable other than making dinner: salad, corn bread, chili, and jell-o. ;p

Did routine animal chores, answered e-mail, read parts of the Sunday papers.

One brief article noted an arrest in Love's Park (a suburb of Rockford) of a man who was sitting in his car outside a non-profit agency with a laptop computer, using their wireless internet connection. Police charged him with "accessing a private computer system without permission from the operator" which is apparently against state law. He did not fight the charges. A judge fined him $250 and sentenced him to a year of court supervision.

I'm inclined to agree that this sort of activity is unethical. It's the same as hooking your garden hose up to the neighbor's house and watering your grass or washing your car on their water bill rather than your own. OK if they give you permission, but the fact that there wasn't a padlock on their water spigot doesn't excuse you for doing it without asking permission first. Whether existing laws can really be used to prosecute it though, I have questions. The law forbidding users to "access a private computer system" was written to stop hackers from breaking into computers. Stealing bandwidth from someone's wireless router without their knowledge does not really constitute breaking into any computer system.

Most routers can be locked down in several different ways, so there is really no excuse for allowing this sort of thing on your dime. That's what it amounts to. Since DSL and other access agreements are often limited to a certain bandwidth or a certain number of bytes transferred per month or week, unauthorized users can indeed be eating your lunch. Oddly enough, most home users of wireless LANs don't seem to take this seriously or for that matter even realize that it is possible, and neither do many businesses and organizations. I suppose there's nothing wrong with giving away wireless access to anyone who happens by if you feel like doing it, but at least be aware of what is happening rather than blissfully unaware of the implications.

Oh, and while we were sitting at dinner, rain started spattering on the kitchen skylights and roof. At first we didn't recognize the source of noise. Both of us thought something was boiling on the stove, but it was all turned off. It rained hard for about ten minutes. Neither of us thought there had been any chance of rain in the forecast, so we turned on the NOAA radio to see. They were declaring a "chance of flurries" for tonight. At the time, it was snowing in Wisconsin, they said. Since the temperature here was still 40° F., flurries were pretty unlikely. Another case of the NWS looking at their computer simulations instead of the actual conditions being reported.

Comments

[lobowolf.livejournal.com]

Connecting to an unsecured wireless access point is one of those gray areas. As far as I know, it's not technically illegal from a federal standpoint. Since unsecured wireless LAN connections are freely offered by some stores and restaurants, that would give the police the power to arrest somebody accessing a wireless access point at McDonald's. Permission is not always given, so it's unclear where that kind of thing would fall.

Obviously, if the man were using a publicly advertised wireless LAN connection, the police wouldn't have arrested him, although because the wording of the Illinois law is vague, they probably could do that.

You can look at it from the "padlock on the spigot" analogy, but on the other hand, it's a radio signal that's broadcast out in all directions. If a neighbor sprayed water in all directions and some of it landed on my property or onto a public thoroughfare, wouldn't I have the right to use it? Because radio signals are by nature uncontainable, the only way to prevent anyone from utilizing them is by encoding them with some kind of security.

I see your point, but I'm playing Devil's advocate here. I wouldn't want people leaching off my wireless access point, but then again, I have WEP enabled. I think if somebody purposefully defeats the WEP, then I'd consider it breaking into my network...but if I left it open, I would have to say that I couldn't consider it "breaking and entering."

[lobowolf.livejournal.com]

Of course, I would also think it would depend on intent. I've hopped onto an unsecured access point on occasion (Attention Illinois officials: Not in Illinois....I wasn't anywhere near your state when I did this) to check my e-mail or look up an address on Google..which to me is an entirely different thing than trying to break into somebody's computer on the LAN to steal their banking records.

[altivo.livejournal.com]

Well, yes, it's a wireless signal that can't be contained very easily. And listening to it isn't of itself harmful. The problem is that commandeering it for your own uses consumes bandwidth, which is often a regulated commodity. And while the owner of the access point may in fact have unlimited access, or else never use the amount purchased every month, you don't know that. So redirecting it for your own use, to your own destination on the internet, is in fact not the same as just letting the water from the neighbor's sprinkler fall on your lawn by accident. Instead it's like moving their sprinkler deliberately to make it water your flower bed or something.

Or, to change to a different analogy, like standing outside their house with a cordless phone that you've modified so it will search until it locates the signal from the base station inside, and then calling South America on their line. ;p

I agree it's a gray area in the law, at least right now. I also think this guy who was arrested here could have fought the arrest and won or at least gotten off with a much lighter punishment. But I also think law and ethics aren't necessarily in agreement all the time, and stealing bandwidth surreptitiously is certainly unethical even if it might be legal.

Places like McDonald's or Starbucks that offer free access as a perk and advertise it as such don't enter into the picture at all. That's different, they've declared their intention to give it away (and often they have safeguards installed that throttle any single connection to prevent people from hogging the bandwidth to download pirate videos or whatever, just as we control them at the library.)

[lobowolf.livejournal.com]

True..the analogy is more like moving the sprinkler to water your own flower-bed. My point was mainly as to the current legality, but yes, stealing somebody else's bandwidth is definitely unethical, particularly if you have no way of knowing if it's a metered service. So the issue is more "theft of service" than anything else. With computer technology, lawmakers really have very little idea about how any of it works (it's a series of tubes..remember that?), so I can understand why the charges were what they were. But at this point, I don't think the police can differentiate "breaking into a network" and stealing bandwidth. For me, the former has ramifications of breaking into the DOD to steal nuclear secrets while the latter seems more like picking somebody's daisies.

I think one of the reasons why this bothers me is that corporations sell this stuff without the encryption turned on, and broadcasting a default SSID. They couldn't sell it any other way, because most of the people using it aren't smart enough to figure out how to set the encryption. The access points should really come out of the box defaulted to some kind of security setting, and it should be easy enough for the average person to operate.

Here's another point I suppose...if you leave $1000 sitting in plain sight on your doorstep and somebody steals it, it is certainly a crime, but I don't think anyone is going to feel sorry for you because you didn't take any reasonable steps to protect something valuable. So, I argue that if it's an individual or a corporation that has a wireless network, and they don't want other people using it, then the individual really has at least some obligation to enable the security features to keep unauthorized users out. Stealing is stealing, but there's a legal difference between stealing something that's left out in plain view, and smashing a window and entering a home. Again, I'm arguing the legal issue and not the ethical one.

McDonald's or Starbucks...if they've advertised it for open use, that's pretty clear..but what about say..Guido's cafe..who has wireless connections for their patrons, but they don't advertise it and it's supposed to be used inside the restaurant for dinner patrons only. So what happens when somebody outside grabs an unsecured connection? Does that make them legally guilty of stealing? (It seems very unethical, yes, but legally...I think it's a gray area).

[altivo.livejournal.com]

My main point was that the law needs to be updated, as is often the case with technology stuff. That law was written before wireless access was widespread and now it's being misapplied.

Living as I do in an area where bandwidth is still expensive and difficult to get, I may be more sensitive on the issue. I've also been through the experience of being literally hacked, in the case of the college network where I used to work, and seeing the full bandwidth of a T1 consumed by illegal activities. Genuinely illegal activities: the hackers had broken into an insecure machine and set it up as a clandestine FTP server loaded with illegal copies of commercial software that they were distributing. It was amazing how that consumed bandwidth and how difficult it was to get it under control.

I don't use wireless access at all myself, but we have declined to install it in the library because of potential legal issues and the fact that we couldn't contain it inside the building.

[lobowolf.livejournal.com]

Well, having been personally hacked, I can certainly understand how you feel..(and particularly where it's somebody stealing a lot of bandwidth and then using it for illegal activities). Around here, I don't think bandwidth is as hard to get, so I'm probably not as sensitive to it as I would be otherwise.

The people who make the laws need to understand the technology, and if they can't, then they shouldn't be making laws concerning it without understanding or consulting somebody who does.

Off to work :P

[altivo.livejournal.com]

The people who make the laws need to understand the technology, and if they can't, then they shouldn't be making laws concerning it without understanding or consulting somebody who does.

I certainly agree with that. But the other side of the coin is that people who USE technology have some responsibility for understanding how it works and using it responsibly. I don't want to see a situation developing where draconian laws are passed against "stealing wireless bandwidth" just because so many owners of wireless access points are too ignorant or too lazy to secure them properly.

[kakoukorakos.livejournal.com]

I don't think it's remotely reasonable to prosecute people for taking advantage of something like an open wireless hotspot. WiFi operates in the public radio spectrum, so if folks don't secure their communications, it sucks to be them. I don't know that any tangible property analogies work here due to the nature of the medium, but I would fight a fine like that tooth and nail and try to get help from whatever groups would help (maybe EFF?).

What it boils down to is that if you're not competent enough to regulate access to your access point, you probably shouldn't be operating it, and you sure as hell shouldn't complain when someone helps themselves. Why? Because a lot of people *do* want to share their excess bandwidth in that manner. It's a bad precedent, in light of that, to force hotspot users to assume that they're trespassing and risking prosecution by using what many folks set out for the public good. So an analogy I'd put forth would be a landowner whose property borders public land like open space or a national forest. It is the landowner's responsibility to mark the boundary and post signs, and if people disregard the signs, climb any fences, and trespass, then that's solid prosecution. But I don't see a landowner as having any reasonable grounds for prosecuting someone for trespassing if the border is unmarked and most reasonable people wouldn't have reason to believe that there is a boundary, or that somehow public use stops at a specific place. I think that case goes to show how out-of-touch the authorities are on technology issues, because they can't even apply their own technology laws sensibly.

[altivo.livejournal.com]

Unfortunately, the precedent already exists in the US. Remember the controversy some years ago over the radio spectrum used by cellular telephones? Under federal law it is now illegal to listen to that frequency block using any device other than a properly activated cell phone. Manufacturers of receiving equipment are prosecuted if it is capable of receiving those channels. Users can be prosecuted likewise. Various groups fought this law as unreasonable and used the same arguments that you present here. I agree, the user is responsible for safeguarding their communications, but the cell phone industry and the public did not agree with that and were outraged by the idea that anyone might be able to listen to their "private" conversations. Money talks, cell phones are a big bucks industry, and Congress readily knuckled under to them.

Since the Reagan era, radio spectrum is no longer considered "public" property. The FCC has literally held auction sales in which they sold off, for cash money, portions of the radio bandwidth. Once such sales take place, any bootlegger using those "private" bands is considered to be in violation of federal law and subject to severe penalty. I agree with you that this is outrageous, but still it is the attitude and approach being taken by lawmakers who treat commercial interests as paramount.

I'm afraid we will see similar behavior with respect to wireless access as soon as the industry gets up in arms about it. To prevent that, users are going to have to agree on a more liberal standard and live by it. I don't see that happening. Most users have no idea how to set up or control this stuff and they aren't likely to learn. The industry is only interested in selling, not in being proactive in this respect.

[kakoukorakos.livejournal.com]

I can understand certain parts of the commercial spectrum being locked-down. I think it probably was prudent to prosecute sniffers on cellular frequencies, for example. Or people who transmit on business band radio. Those applications are important to the infrastructure.

I don't like the way the high-power broadcast spectrum is being administered, which means that commercial interests get preference over LPFM stations. So you either have a multi-million dollar operation, or you're forced to broadcast illegally because ClearChannel doesn't want any competition, even if your LPFM broadcasts are extremely limited in range and not interfering with their signals at all.

But the 2.4GHz spectrum is for low-power casual public use. There are no station operating requirements. Nobody can cry about you listening to their GRS handheld radio they purchased at Wal*Mart. But apparently they can complain and sue you if they're inept at running their station and someone uses it. That's really lame. But by the nature of the beast, I don't see the FCC doing anything to regulate the low-power public spectrum. Little Johnny wouldn't be able to play with his RC car. Manufacturers of mobile phones would probably have to find a workaround. About the only solution would be to force all wireless data communications into another part of the spectrum, where they could be protected. Not that forcing everyone to obtain licenses and assure they're not in conflict with other access points would necessarily be a bad thing, though.

[vimsig.livejournal.com]

Your icon is lovely
:O)

[altivo.livejournal.com]

That's my mare, Tess, with her last foal, Dawn. Three and a half years ago, when Dawn was only a day or two old. (No, I don't breed horses here. Tess was pregnant when I bought her, and had three prior offspring that were sold separately at the same auction.) Dawn is now with a family in Wisconsin, and doing well there by all reports.

[dakhun.livejournal.com]

You might as well ask if it is ethical to give something away for free if you plan to phone the police whenever anyone takes it. :-P

What strikes me as odd about this case is how they were able to determine who was "stealing" their bandwidth, or even IF it was being "stolen". They don't have the savvy to make their Wifi secure, so I am highly skeptical that they would have the savvy to have collected the necessary information to be able to prove in court that this specific person was "taking" anything. I predict that unless he confesses, there will be no conviction.

[altivo.livejournal.com]

Actually, the victims of this crime (if it was a crime, which I question under current law) were completely unaware of what was going on. The arresting officer determined it based on observation of the accused's behavior. And yes, the "thief" did admit guilt and was sentenced to a fine and a year's court supervision. I suspect if he had fought it, he could have gotten off, because the law under which he was charged doesn't exactly apply.

I somewhat disagree with you about the ethics here. If a retailer displays items on a rack out on the sidewalk, is it ethical to steal them? If I have a utility electrical outlet on the outside wall of my house, intended to power an electrical gardening tool or something, and it isn't locked, is it ethical to run a cord over to it and use it to power your air conditioning?

If I leave my house door unlocked, is it ethical for someone to just walk in and help themselves to my possessions? Just because it is possible doesn't make it ethical. Legality in some of these cases may be fuzzy, and require more details, but I think the ethics are quite clear.

That doesn't mean that I am absolved of responsibility in these situations. Not locking the door is going to be construed as a breach of responsibility by a court, I'm sure, and probably by an insurance company as well. However, it isn't usual to put locks on utility outlets; furthermore, it is customary in many places for retailers to put displays out on the sidewalk regularly. They aren't expected to have someone out there to guard them. Instead, the honesty of the customer is assumed.

I'm not proposing that laws be made to clearly prevent this activity. I do think it's the responsibility of those who set up wireless access points to secure them in some way if they don't want Joe Anyone to use their bandwidth. On the other hoof, I still think it is unethical to take bandwidth in that manner unless the operator of the access point has clearly given permission, as some now do. Coffee shops, hotels, restaurants, and so forth are more and more beginning to offer that as a perk. Usually they put up a sign declaring their intent, and that's fine with me.

[dakhun.livejournal.com]

If a retailer displays items on a rack out on the sidewalk, is it ethical to steal them? If I have a utility electrical outlet on the outside wall of my house, intended to power an electrical gardening tool or something, and it isn't locked, is it ethical to run a cord over to it and use it to power your air conditioning?

If I leave my house door unlocked, is it ethical for someone to just walk in and help themselves to my possessions?

Well, those aren't good examples because they aren't proportional to the value of the bandwidth that was "stolen" in this case. If you are tapping into an unsecured wi-fi you aren't going to get very good bandwidth outside of the building, so you are not going to be tranferring gigabytes of info, and therefore you aren't going to impact on their internet bill. I'd liken it to taking a sesame seed that fell off of someone's hamburger bun when they were eating lunch. They paid money for that sesame seed, and technically, it was illegal to steal it off of their table after they left the restaurant, technically you are stealing their food, but who really cares?

[altivo.livejournal.com]

I think you are trivializing this inappropriately. I have seen people talking about how they are in fact getting gigabytes of bandwidth by living as parasites off a neighbor's unsecured wireless access, especially within apartment buildings or the like. Not being a wireless user myself, I have no actual experience with how well or how badly it works and at what distance, but I am going by what people keep telling me they are actually doing.

As I said in comments above, the loss may be trivial in many instances. However, where I live, bandwidth is still costly and hard to get. If you pay for a fixed number of megabytes per week or month, and someone else is taking them without your knowledge, that really does constitute theft even though you may be technically incompetent to recognize or prevent the theft.

[dakhun.livejournal.com]

If the cost of the goods stolen was so valuable, then there should have been some form of restitution. But I don't think I'm trivialising it at all. Internet can't be any more expensive in a suburb of Rockford than it is where I live - he didn't drive up to a farmhouse.

[altivo.livejournal.com]

Actually there are whole cities around here where you still can't get broadband. Things may be different in Canada, but here we are at the mercy of the telephone and cable companies, who only choose to serve areas where they can get the highest profit with the least investment. Where infrastructure needs updating first, it doesn't happen.

What exactly the situation may be in Loves Park, I don't know. However, according to the latest Statistical Abstracts, broadband is only available to about 62% of US residents in any form or at any price. In much of my county, even in towns and smaller cities, some sort of keyed wireless connection may be the only option (not to be confused with a wireless LAN, of course) where the subscriber puts up an antenna pointed at a cell phone tower or some such point, and pays for a limited amount of bandwidth per month. Beyond that, they are either cut off or charged by the KB.

Again, I am talking about ethics, not law. I agree that the law was misapplied in this case, but I also think that taking random bandwidth just because it's possible is no different from hacking the phone system or cable tv lines just because it's possible.

[kakoukorakos.livejournal.com]

I think a better analogy would actually be a box out at the end of the driveway filled with stuff. If it's not clearly labelled as an "honor system garage sale" or something, should the average passerby assume that it's not trash just waiting to find a new home. Because, as I noted above, many businesses do intentionally give away their excess bandwidth, especially after-hours when most of the employees have gone home for the day. If someone isn't secure and they haven't so much as put a tag in their SSID that says they intend their network to be private, then the reasonable assumption is that they're providing a hotspot. It would be reasonable to expect, if you see "Starbucks" or such in the SSID, that it probably is intended for use by their patrons, but for hotspots that invite anyone onto their networks, well that's just silly.

And when I say "invite", I mean just that. A hotspot is an area where you're in good signal range of an access point that's sending out invitation broadcasts. Basically, it says, "I'm here! This is my name! Do you want to get on my network?". A secured access point will make the same broadcast, but when you tell your system to join the network, it will say "Okay, but do you have the password? Is your MAC address registered with us?", or a handful of other access control parameters. People just shouldn't be throwing parties with the front door wide open and a sign out saying "come on in!" if they don't want random strangers crashing the party. And they have no business calling the cops without even telling their uninvited guests politely to leave.

[altivo.livejournal.com]

I agree with you in principle. In practice, though, that's not what actually happens. Just as with the cell phone industry, the example I cited elsewhere, the commercial interests involved will go to Congress and make a fuss. Congress doesn't understand technology but does understand dollars. They will pass some weirdly inappropriate law, probably unenforceable, and the president, who understands technology even less than Congress does (witness the "canned SPAM act") will sign it amid a big fanfare about how it now protects the privacy of businesses and individuals, while reserving his right as chief executive to invade anyone's network if he feels like it.

The FCC, under this mandate from Congress, will engage whatever enforcement it can in support of the law, and there you are. A big mess.

[cabcat.livejournal.com]

The poor guy that works next door had someone hook on to his wireless and blew his bandwidth for the month. He just bought a new router and it doesn't really say how to switch on WPA or WEP. I helped him work out how to switch the security on.

Why don't you get one of those weather stations and setup the sensors, even the little Oregon scientific one I got dad for christmas has been way more accurate at predicting the weather than the Bureau of meteorology.

[altivo.livejournal.com]

We have an Oregon Scientific setup here. It's good for checking the barometer readings and temperature, and it usually gives an accurate time (but not always.) Other than that, I'm better at predicting weather by the feeling in my bones and looking at the sky and weathervane than the experts seem to be using their expensive computers and gigantic databanks.

[cabcat.livejournal.com]

I'm good at that, when I get wet outside I say "Yes it must be raining"

[altivo.livejournal.com]

That's the problem. The experts never go outside or look out a window.

[cabcat.livejournal.com]

That's because their buildings don't have windows, they subscribe to the casino design theory, no clocks, no windows and no easily accessible exits. That way they get the most concentration on tasks from their employees :)