Shostack + Friends Blog Archive

 

Trespass and Forgiveness

fmtv.jpg

A man in the UK has been arrested somewhat dramatically for illegally using a WiFi connection. The BBC reports it here as “Man arrested over wi-fi ‘theft’” and El Reg as “Broadbandit nabbed in Wi-Fi bust.” Each is worth reading.

The police statement is worrying. El Reg says:

Despite not having secured a conviction yet or even charged the man, DC Mark Roberts of the computer crime unit said: “This arrest should act as a warning to anyone who thinks it is acceptable to illegally use other people’s broadband connections.”

The worry is that the police seem to have decided what the TOS of the connection is for themselves. Bruce Schneier has said somewhat famously that his home wireless system is unprotected because he feels it is “neighborly.” Ross Anderson leaves his open because he feels it leaves doubt open as to who did what on his network. An RIAA fishing expedition, for example, would have a harder time sticking on either of them.

If, as DC Roberts seems to be saying, it is illegal to use any wireless that is not clearly marked as being open, how does someone declare their wireless as open? Do you need to put some statement in the SSID?

That is a fine answer, but it leads to a second question: would then, having an open wireless system with a generic name be an attractive nuisance? It’s a nuisance to have a swimming pool that is not fenced off, for example, because someone could stumble into it and fall in. In this case, an open wireless system is a nuisance because someone could stumble into it and commit a Computer Misuse without even realizing.

Could not then, there be civil or criminal penalties attached to putting up an unsecured wireless?

Or perhaps it be better for the police to only respond to complaints? That response could even include asking the complainer, “Have you put a password on your network?”

Photo courtesy of sholden.

2 comments on "Trespass and Forgiveness"

  • The problem is that the UK went overboard and made stuff in the grey area in the middle into criminal offences. Check out the RIP act that says you must hand over your keys. Or search on Cuthbert where someone who banged on a site that badly handling his credit card data got hit for hacking. It’s not entirely clear to me why the UK went so drastically to criminalise everything it could, but the chilling effect is quite tangible.
    The wider question is why the government thinks it understands such things well enough to control them. Once something goes criminal, it’s out of our hands, and theirs, whereas if there was a civil complaint, the onus is to show actual damages. So there’s little hope of any actual experience developing either.

  • Richard Johnson says:

    It’s sad to see the insanity spread like that about access to open wireless networks being somehow ‘forbidden’.
    I originally wrote this essay in 2002, after a special agent called the mistaken idea to my attention:
    http://www.river.com/users/rdump/community-wireless/

Comments are closed.