Sunday 25 January 2009

WiFi

Quick question to all the intelligent and/or legal minded readers.

My phone is currently set to pick up WiFi signals automatically; there's regular places that I go with free WiFi access.

It's not unusual to see a car parked outside McDonalds on night duty for ten minutes whilst the driver checks their emails - the WiFi signal that McDonalds provides as a free service apparently stretches out to the car.

I remember recently a man getting nicked for parking outside someone's home address on a regular basis and hacking into their wireless internet access - but how does that compare to my phone? Quite a few times recently on crime scenes, hospital guards, constant watches etc, I've spent the time browsing the net.
On a couple of these occasions I've noticed when leaving the internet that I've actually been connected automatically to someone's private wireless access.

This is surprising in itself, simply because I'm shocked that there are still privately owned unsecured wireless networks around.

However, the point for me is this - am I committing an unwitting offence by doing this?

If so, exactly what..?

37 comments:

Anonymous said...

That's a grey area me thinks.

I guess technically if you are downloading something and using another persons bandwidth, then that could loosely be considered theft? ie theft of their download allowance. But if you consider it on a par with abstracting electricity, it's not like you yanked out their ISDN line and plugged your phone in, is it?

I think altough ignorance is not considered an excuse, in this case intent to decieve would be hard to prove?

I'll shut up now....

Lola x

Old BE said...

http://news.bbc.co.uk/1/hi/england/hereford/worcs/6565079.stm

"The man arrested at the weekend was cautioned for dishonestly obtaining electronic communications services with intent to avoid payment."

Maccy D's presumably want you to buy something in there in return for the use of their network, so by sitting outside you are intending to avoid payment?

Area Trace No Search said...

When it's closed...?

Anonymous said...

Maccy D'd is free, whether you use their services or not.

I should imagine its theft. On the iphone it has the facility to switch on "Ask to join network" i should imagine most, if not all phones have this facility.

Old BE said...

Good question! Thing is I suppose it depends on whether the person providing the connection minds you borrowing it or not. So if you came and sat outside my flat I wouldn't mind, but if Bob the Burglar did the same thing I would object!

Anonymous said...

Some people leave their wifi networks open deliberately so that people can use them - other people aren't aware that there's a potential problem. Then there are people like me who encrypt and use MAC filters to prevent anything else from connecting.

Really it depends if people mind, I think. It's hard to tell from a list of detected open access points whether it's deliberate or not, unless the SSID contains a clue to that in the name.

To be honest though, anybody who has unwittingly left their network open is very unlikely to notice a bit of light usage. When it gets rude is when you do something illegal which they then get fingered for as the account holder on that IP address, but you of course wouldn't consider such things.

Anonymous said...

MAC filtering will deter the casual hacker and stop people getting on by accident - but will barely be noticed by a hacker (google: MAC address spoofing). I wouldn't rely on it to protect a network. Also encryption wise WPA or, preferably WPA2, is your best bet - WEP is cracked. And of course a strong password.

As to getting on people's networks by accident - I dunno, I've done it a few times unwittingly, on my neighbour's quite frequently (their signal is stronger). I think there's a difference between unwittingly logging on to an unsecured network and actively breaking in. I think it's a grey area.

There are many public networks free to access, so one could assume that you're on one of them if the network is open. It's not exactly hard to turn security on. And to be honest unless you want other people using your network, you close access down.

You also have to bear in mind that anything you do on someone else's network, they know about it. email passwords etc

Anonymous said...

As I understand it this is not an offence you can commit unwittingly -- it is not a strict liability offence.

If you notice, and you carry on using it, you are committing an offence for which people have been prosecuted.
The offence is apparently S.1 of the Computer Misuse Act 1990.
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article2310670.ece


I suggest you ask MacDonalds whether they will allow you to use their WiFi. Their coffee is quite drinkable these days, and if you buy some I feel sure the answer will be yes.

No doubt you are happy for the law to apply to you as it does to everyone else, and also keen to set an example of right behavior.

Ade said...

The New World Order for Dummies.
http://uk.youtube.com/watch?v=XRLPG_HplrA

What Jaq boots Smithy is really up to with her ID card scheme.
http://uk.youtube.com/watch?v=j7se4gFTCys

Of course we were warned about the Globalists.
http://uk.youtube.com/watch?v=8y06NSBBRtY


and not just once either.
http://uk.youtube.com/watch?v=_WSGwnz7XpY

Do you really believe Oswald could arrange this
http://uk.youtube.com/watch?v=XY02Qkuc_f8

or this
http://www.youtube.com/watch?v=7iW5kOB1pmg

or this
http://uk.youtube.com/watch?v=UjaguXX3GfE&feature=channel

or this
http://uk.youtube.com/watch?v=KfRDTADOcBo&feature=PlayList&p=A970EF034FA9BBB9&index=0

What is this non specific 'Change' he keeps talking about, has anybody bothered to ask him.
Who Knows, but it's obviously not this :-
http://thebestronpaulvideos.blogspot.com/2007/10/new-hope.html


This is why Kennedy was killed, because of Executive Order 1110 which allowed the US Treasury
to mint Treasury Notes instead of Federal Reserve Notes, The Federal Reserve is a Private Company, Just like the Bank of England, which is Why Westminster Borrows our money instead of coining it ourselves, free of charge.
This is why our children now owe £1Trillion in debt to the International Banks.
Had we Printed our Money, Free of charge, there would be no Loan nor interest to pay back and hence no Govt Debt.
No Govt debts means no need for Income tax and No £1Trillion debt for your children.
The Leadership of the Lib Lab Cons are simply Front men for the Global Elites.
There is no need for Income tax. We could issue our own money, free of charge into the economy.
http://uk.youtube.com/watch?v=xKzOiwNk5Ms&feature=related

Anonymous said...

There was a chap arrested in 2007 for using someone else's wifi:
http://www.guardian.co.uk/uk/2007/aug/23/ukcrime.news

The article seems to suggest that it's a violation of the Communications Act 2003. It's an absolute whopper of an act, but skimming through it I spotted that Ofcom are able to serve penalty notices to a person constantly misusing an electronic communications network:
"(5)For the purposes of this Chapter a person misuses an electronic communications network or electronic communications service if—
(a)the effect or likely effect of his use of the network or service is to cause another person unnecessarily to suffer annoyance, inconvenience or anxiety; or
(b)he uses the network or service to engage in conduct the effect or likely effect of which is to cause another person unnecessarily to suffer annoyance, inconvenience or anxiety."
http://tinyurl.com/df5k7s

Dark Side said...

I am not sure what the answer is Area but I have myself invested in an orange dongle which allows me internet access wherever their is an orange signal, it's not failed up to now and the connection speed is pretty good too..xx

Area Trace No Search said...

Dark side - funnily enough that's exactly what I've done as well.
Mobile broadband is the way forward, I reckon that it's not going to be long before it replaces home internet completely.

Old BE said...

Mobile broadband isn't as quick as wired, yet, but it isn't bad.

Mosher said...

Without looking at the news story, my memory tells me that the "owner" of the wifi signal didn't lodge a complaint - the chap in question was arrested by the police on their own.

Which doesn't really answer your question.

There seem to be 2 schools of thought. Those who say "if it's open, then help yourself. Either they want you to make use of it, or they're too stupid to lock it"; and those who argue that "it's like saying someone's too daft to lock their front door then saying it's OK for you to walk in and steal their stereo".

Technically, it does seem to be theft, however unwittingly you may be using it.

Anonymous said...

ASNT,

Not my area of legal expertise, but it has been suggested by the papers that the offence has been treated as theft. I am unsure if it is indeed a Theft Act offence, and not an instance of the papers over-simplying and misusing a technically precise term. Since theft requires an intention to permanently deprive, I fail to see how it ever can be.

Anonymous said...

Drat. pressed submit half way through.

Anyway, whatever it is it will not be strict liability but will require intent. Accordingly, unless you are 'wilfully blind' if your phone logs on to a net over which it is not authorised and you have no knowledge, that's not a problem.

With McDonalds, one could probably suggest they are giving implied permission by offering 'free wifi'. There is no express communication saying it is conditional on a purchase, whatever the niceties.

All in all, I think you are pretty safe unless you rock up outside No 10 Arcacia Av and start blantly ripping the ar*e out of it.

Bridge said...

That reminds me of a story I heard as a lad:

One day a man was walking by a farmhouse when he noticed a pie cooling on the window. He stopped for a moment to enjoy the smell of the pie cooling when the cook came out and demanded payment for him smelling the food she had just cooked.

The man reached into his pocket and pulled out a pound note, which he then started to fold and rub.

"What are you doing?" asked the cook.

"I'm paying for the smell of your cooking with the sound of me folding my money," replied the man.

Happy surfing.

Hogdayafternoon said...

Bridge: Similar tale from a sink estate up north: The pie was cooling outside a back door when a cat came along and crapped on it. They had to throw half of it away.

Old BE said...

Are you sure they didn't throw the pie away and eat the cat?

Anonymous said...

http://networks.silicon.com/mobile/0,39024665,39166790,00.htm

http://www.vnunet.com/vnunet/news/2200710/mcdonald-serves-free-wi-uk

The second one of these quotes a macdonalds representative as saying "The company also said that there will be no restrictions to customers using the service, regardless of the purchase made."

I think in general, even if the person whose connection it is leaves it open deliberately, they themselves might be in violation of the contract they have with their ISP. Your phone company might have advice, but I'm fairly sure there is no device liability on their, or the handset manufacturers part as far as connecting goes.

Anonymous said...

Also, because most of these kind of phones continually connect to available wifi, I'd hazard (hope) that unless you actually are accessing the network by actively going on the net, there's no problem? Mine does it all the time, unless I deactivate the functionality, and surely if just connecting was illegal, the actual functionality would be illegal?

Anonymous said...

It's far from theft - It's using something that is being offered to you free of charge.

WiFi works on the principle that it is an open invitation. Much like having an open door with a big sign outside saying "come in, help yourself".

The fella that took a caution for just using his neighbour's WiFi is a fool for taking a caution.

Cracking a secured WiFi point (which is almost trivial these days), on the other hand, is more likely to be an offence under Computer Misuse Act.

Anonymous said...

I remember someone being raided for being involved in child porn etc. Turns out that their computers were completely clean and they were totally innocent. However their wireless network was insecure so someone had being using a laptop to download/upload material. As you can imagine they were not caught.

Dishonestly obtaining electronic communications services with intent to avoid payment under the Communications Act 2003 is the offence. I suppose if the person leaves the connection open on purpose then it is not an offence. but if they are ignorant/object it will be.

Anonymous said...

The relevant law is
The Computer Misuse Act 1990, Section 1
1(1) A person is guilty of an offence if –

(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured;
(b) the access he intends to secure or enable to be secured is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
All parts of the offence must be present , as 1 (1) (e) requires unauthorised access, and Mac Donald’s have by setting up a WIFI network have implicitly given access (It is a public place, they could turn it off when the store is shut and most importantly they advertise the fact.) There can be no offence.
Likewise any offence under the Theft Act 1968, such as s13 theft of electricity, there can be no offence as the access is authorised. The time you would be committing an offence is if you intercepted communication (s1 RIPA 2000) or if you try and commit an offence you access will then not be authorised and you may fall foul of s2 of the Computer misuse Act, which states
2(1) A person is guilty of an offence under this section if he commits an offence under section 1 above (‘the unauthorised access offence’) with intent-
a) to commit an offence to which this section applies; or
b) to facilitate the commission of such an offence (whether by himself or by any other person).

In short as long as you have authorisation use the WIFI and do not use the access to commit a separate offence you are fine.

Joseph K.

Anonymous said...

There seems to be a fundamental with the situation as it stands. How do you know if the owner of an open WiFi network intends it to be used by the general public, in which case using it is fine, or if he intends it to be restriced for personal use or paying customers, in which case it could be illegal.

Anonymous said...

if you were outside my house, you'd find an open wireless point. it's open deliberately, not through stupidity. easier than trying to remember yet another pasword and add friend's laptop mac addresses tot he authorised list, so when friends are round with anythgin that needs net access they help themselves. also my neighbour shares my net connection the one night a week he's home and checking his email. and he always asks if its okay befoer doing so.

i'm not fussed, so long as you're not using ALL my bandwidth, share and share alike.

Anonymous said...

@ Anonymous 27 January 2009 17:11

"How do you know if the owner of an open WiFi network intends it to be used by the general public"

If the WiFi point is broadcasting and open, it is intended to be used by anyone.

It may be that the owner of the WiFi point does not realise this, but that's an issue of personal responsibility.

If the owner does not realise that they have the door open and a sign above it saying "come on in", that does not mean that someone walking in is committing an act of trespass, let alone an illegal act.

Mosher said...

Anon - garbage. Nobody puts a sign up on their unlocked door the same way that nobody unwittingly gives their wifi the name "FREE_USE".

You may as well argue that as NASA didn't have full operative security in place that the guy who's currently risking extradition to the US and a ridiculously long prison sentence is innocent on the basis that their system was open to hacking.

Just because something is "open" doesn't mean that it's free for use. If someone parks their bike at some railings and doesn't lock it, does that mean that you'll decide to use it to cycle home? Remind me to guard my possessions closely when you're in the vicinity.

Anonymous said...

Mosher - the invitaion being displayed by an open wifi point is not literal, in the sense that the broadcast SSID is labeled "CONNECT_HERE_FOR_FREE".

The protocols for a broadcasting WiFi point are, for some routers, open by default.

The point is that an open Wifi point is not _just_ open. A point I have gone to pains to make. It is _actively_ advertising and inviting people to join. It is broadcasting a signal that says "join me".

Most wireless devices will, by default, connect to the nearest and strongest signal that it can.

The access point advertises its presence and invites the connection. The wireless device (laptop, pda, phone) receives the signal, and executes a handshake, joining it to the network.

Bringing up the McKinnon case is puerile and obtuse, inasmuch as it is irrelevant.

Anonymous said...

Just to add to that - During the handshake, the wireless device (pda etc.) asks the Wifi point for permission to connect.

Remind me not to employ you when IT is involved.

Anonymous said...

"If someone parks their bike at some railings and doesn't lock it, does that mean that you'll decide to use it to cycle home?"

It does if it has a sign advertising its free us:

http://www.viewlondon.co.uk/whatson/borrow-the-bike-london-feature-1344.html

Mosher said...

Anon: "the wireless device (pda etc.) asks the Wifi point for permission to connect."

So the person *using* said device does not, correct? For a bizarre analogy, that's like a blind man being accused of trespass for walking into the wrong (unlocked) house because his dog led him there. Again - what side of the fence do you fall on? Is it his for not training the dog properly? Or the owner of the house for not closing the door? Only now we're blaming the kit/dog and not the person using it.

There are two sides to this - the people who don't lock down their wi-fi and the people who don't prevent their laptop, PDA, whatever from automatically connecting to a network without asking.

I do know that XP, by default, will ask permission so perhaps you better check your own IT qualifications before having a go at me. I'm in Ubuntu right now so can't give you the exact wording, but if the system attempts to connect to a SSID to which it's not previously been connected and said SSID is not encrypted, XP will ask "are you sure"? This is more a warning about people being able to packet-sniff, but does involve an active decision by the user - NOT an automatic one by the machine.

Actually, now I think about it I don't recall my laptop (or any of our company ones, or the desktops) connecting to a wi-fi network without being explicitly told to in the first instance.

The one breach of this is if you connect to one network called, for instance, "NETGEAR". If another with the same name, also unencrypted, is encountered then the machine will happily hop onto it.

So I don't know what kit you're using. But remind me not to call upon *your* services if I'm ever looking for IT staff ;)

Anonymous said...

May I remind people that the crime under the CMA is in three parts 1) causing a computer to access, the exact mechanism does not matter. 2) The access is unauthorised, and 3) you know or believe the access to be unauthorised. So it does not mater what mechanism you use to access a computer WiFi, of just using a terminal that has been left on. Once you have gained access the only question is to intent. As stated above if the network is called FREEWiFi you are probably OK. You are less on far dodgier ground if the network is JohnSmithprivatehome.

Joseph K.

Anonymous said...

@Mosher 29 January 2009 15:49

Your analogy is obtuse. To be accurately analogous to an unsecured network the door would need to have an invitation written above it (or over loudspeaker, if you want to continue with the blind theme), advertising it's presence and asking people to walk in.

That is what an unsecured WiFi point _does_.

The "are you sure" is to check that you are happy to join an unencrypted network. This is, as you pointed out, because unencrypted networks are open to man in the middle attacks. Inferring the additional functionality of this being part of the authorisation process is ridiculous.

With Windows / Linux / OSX (the standard is platform agnostic), the device will read the broadcasting WiFi, and attempt to connect (whether automated, or with a manual confirm). This attempt involve a handshake. That handshake says "can I connect". The WiFi device will then _authorise_ that connection.

"remind me not to call upon *your* services if I'm ever looking for IT staff" Wise words. It would be embarrassing for you to be shown up by a new hire. Or was it merely a clumsy attempt at repartee.


@Joseph K

1(1)a) Does not apply, as the connection is with a network, not any program or data held in a computer

1(1)b) Does not apply, as the connection is authorised.

1(1)c) Does not apply, see b) above. How does the user know? Because the WiFi point was explicitly asked "May I connect", by the wireless device, to which it responded "Yes, you may". If it had not, there would be no connection.

If the unsecured network was not broadcasting its SSID, or it was in any way encrypted, then CMA S1 would apply.

An SSID such as JohnSmithprivatehome might lend some credence to 1(1)c), but what if the connection were automatic, or the user never needed to see the SSID label? It holds as much lawful authority as a sign saying "No Trespassing" on non-crown property. i.e. None.

Section 125 of the Communications Act 2003 - Dishonestly obtaining electronic communications services may be applicable. But intent would need to be proven.

Anonymous said...

Anonymous maybe you misread my post , or I did not make myself clear. I think that ATNS is in the clear. The only controversy would seem to be around the access of a private (home or office) WiFi network in which case I would think your point about accessing a network or a computer is too fine to rely on, as the act stats any computer and any data, therefore connecting to a network and accessing data on another computer could be enough. The CMA was deliberately drawn as wide as possible to encompass all situations, but as I am not a specialist lawyer I could be wrong on this. As you correctly pointed out the issue is about authorisation. As The CMA is Criminal law and Trespass is (mostly) a Tort the “no trespassing” sign is not a good analogy. If there was a sign saying no access then by definition, if you access a computer you have the intent. It could be argued that as some people deliberately leave their WiFi open, if the system name is silent as to this there would be a presumed invitation, but again I would not like to argue this is court. I am not familiar with CA 2002 s 125, but intent is intent

Joseph K.

Unknown said...

Abstracting Electricity comes to mind.. (Oh yeah, I'm slightly intoximicated so I've not ready further than Lola's post..)

Or indeed something under the new Fraud Act of whenever it was done.. Or perhaps under the Computer Misuse act...

There is an offence that can be moulded to fit, guaranteed... and if anyone can make something fit then I am sure it'd be me ;)

If not any of the above I'm sure I can find something under Ecclesiastical Courts Jurisdiction Act 1860... If not that the Chichester Byways, Highways, Fields and Barbwire Act of 1949 as ammended.

Anonymous said...

I am truly grateful to the owner of this web site who
has shared this enormous post at here.

Check out my blog post: acoustic guitar chord