Subscribe with Bloglines The Privacy Lawyer: Wi-Fi freeloading...war driving...and netnapping - other people's wireless access - what's the law?

Friday, August 19, 2005

Wi-Fi freeloading...war driving...and netnapping - other people's wireless access - what's the law?

The Privacy Lawyer: Wireless Freeloaders Are Breaking The Law

You can try to justify it, but there's no way around the fact. And if you fear it's your wireless connection that's being stolen, it's time to get proactive about securing that network.


By Parry Aftab, InformationWeek
Aug. 15, 2005
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=167100929



I love my Sony Vaio PCG-4C1L computer. I bought it for myself as a Christmas gift. People notice it wherever I go. It has a DVD burner, is tiny, and weighs next to nothing. One of the best things about this computer is that it has built-in wireless. Before this, I had to insert a wireless card. But this little powerhouse lets me connect everywhere all the time. I don't need or want Internet access on my handheld. My little computer fits in my purse and weighs less than a bottle of water. I can surf and check E-mail on my main laptop everywhere as easily as on my Treo. More easily, in fact. And that's part of the problem.

I've complained before that I needed one device that would do E-mail, Internet access, cell phone, and organizing. I bought the Treo 600. Now I'm convinced that surfing using a little handheld device isn't the way to go. Connecting wirelessly, while using a computer small and light enough to carry around, is. But there's a small problem ... to be able to connect almost everywhere, at any time, you need to use Wi-Fi networks. And that means other people's unsecured wireless networks.

Last year, someone wrote me a question, asking me about using his father's neighbor's wireless networks when visiting his father. I pontificated that it was wrong to do so, and he should arrange for high-speed access at his father's apartment or go to a Wi-Fi hub to surf. But that was before. Before my new little laptop and my newfound freedom to surf everywhere, whenever I want.

I was doing this happily. Free at last! Like Pinocchio, I have no wires! I am a live girl! And one day, the head Teenangel (from Teenangels.org, the group I founded to help educate kids on online safety, privacy, and security) noticed that I was connected while sitting over a cup of coffee. I proudly showed off my new computer and explained that you can find an open access point just about everywhere. She just looked at me and frowned. "After everything you taught us about cyberethics, you are stealing Internet access?" she charged. (I hate when kids do that!) I stumbled around explaining that no one was being hurt by it and if anyone wanted to lock us out, they could easily do it by securing their wireless network. Her frown didn't alter. "It's stealing!" she pointed out.

I then did what every self-respecting parent and Internet lawyer would do ... I back-pedaled. I explained the legal concept of "any port in a storm" that we learned in law school the first week. Patiently, I taught her that in England a long time ago, wealthy landowners often would refuse to allow people to tie up to their docks. But when a hurricane hit, the courts decided that if it was the choice between people drowning and the property rights of the landowner, the need to preserve life wins. That's where the saying "any port in a storm" came from. I looked up triumphantly. "Understand?"

As only an FBI-trained teen could do, she looked me straight in the eye and say, "You're kidding, right? You aren't really equating Internet access whenever you want it with someone dying in a hurricane? Are you?" (My triumphant smile faded. And I was tempted to explain that to some of us Internet addicts, access is life. But I could see it on the front page of the National Enquirer and instead I racked my brain for a better response. I had learned enough in law school to turn the question back on the student while I took the time to think. "Would it make a difference if it were a life and death Internet emergency?" (OK, I was grasping at straws, and by the look on her face, she knew it.)

"Like what?" She obviously had watched a movie or two about law school, and used the turnabout-is-fair-play Socratic method, asking the teacher a question when responding to the one the teacher had asked her while seeking time to think. I knew I was working with a master here. So, I grasped for the ultimate response. Rarely used, except in the most dire situations, I said "I'll look into it and maybe write an article about it for InformationWeek." She sat back, satisfied. I still needed time to think, and my coffee was cold by now. I logged off and drank it. I hate when that happens.

So, what's the law? What are the ethics? And is being denied Internet access for a few hours really the equivalent of death by drowning? (I knew I'd find some sympathetic readers at InformationWeek.)

The legal theories fall under "trespass" (used to fight spammers), intrusion (used to fight hackers and malicious code attacks), and unauthorized access (usually part of intrusion). It's wrong and technically illegal.

But. ("But" is the lawyers' response when they know the legal answer and don't like it, such as when you want to use your little computer everywhere to check E-mail and do research.) But, who's really hurt? If it's during the day and the person has an open Wi-Fi network and isn't home to miss a few bits and bytes, is anyone really hurt? Isn't it like the tree falling in the cyberforest when there is no one to hear it? If no one notices that you're using their access, is it really a crime? Unfortunately for me and my Sony Vaio--yes.

We can argue until we're blue in the face, but the answer doesn't change. It's wrong and illegal. As Wi-Fi users, we should be careful to lock up our networks to avoid tempting drive-by access poachers. But using unsecured networks as an excuse for accessing free wireless connections is like saying it's OK to enter someone's house and watch TV if they haven't locked his doors. It's smart to secure your network, but it shouldn't be a condition to protecting your rights and property.

Any doubts you may still have about the legality of wireless trespass should have been dissolved at the news earlier this year that a Florida man was arrested for accessing someone else's wireless connection. Benjamin Smith III was arrested in April for sitting outside the home of Richard Dinon and accessing his wireless Internet connection, according to press reports. Dinon called police after noticing Smith using a laptop in a vehicle outside Dinon's home. Dinon was wise to call. When someone is piggybacking off your wireless access, it's called "war driving" after the movie War Games, with Matthew Broderick. And often, cybercriminals, knowing that they could be traced back to their accounts using IP addresses, sit in their car on your street using your open access. When the FBI comes looking for the person downloading movies or child pornography, or luring children or sending denial-of-service attacks, they come looking for the person whose account was used, not the war driver. While you may be able to prove that your computer wasn't used for these illegal activities, or that no one was home at the time the activities occurred, it can be very tricky. It's far easier to secure your network with a passphrase.

And when you do, I may have to find other ways of logging on using my new cute little computer... or even pay for access.

Parry Aftab is a cyberspace lawyer, specializing in online privacy and security law, and she's also executive director of WiredSafety. She hosts the Web site aftab.com and blogs regularly at theprivacylawyer.blogspot.com.



--------------------------------------------------------------------------------