back to article Broadbandit nabbed in Wi-Fi bust

A laptop user was collared by police community support officers in west London yesterday for allegedly pilfering someone else's Wi-Fi. Local rag The Richmond and Twickenham Times reports that the 39-year-old man was spotted on Tuesday morning working outside a house in Prebend Gardens, in leafy Chiswick. After admitting using …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Collared?

    "A laptop user was collared by police community support officers in west London yesterday for allegedly pilfering someone else's Wi-Fi."

    Sorry to be picky but Police Community Support Officers (PCSO's) have no power of arrest. If he was taken down to the station it would definitely have been by a constable.

    Gentlemen, start your flames...

  2. Silas

    Surely

    *Having* an unsecured Wi-Fi network should be the offence, not pointing it out to someone by using it.

  3. WarrenG

    What a load of...

    BALLS. How is some thick copper going to even know how you are accessing the web? What if you have an internal 3g modem, or what if your just editing something in word? This seems totally ludicrous. What about all the gits out there with high gain antennas who can use wifi from the other end of a street let alone the house next door. This article is just to scare people, dont be afraid.

  4. David Haworth

    asking permission

    I wonder if a case could be made when using open networks that you've asked and received permission to use them.

    surely the act of your computer sending out a DHCP request can be considered as a request to make use of the service, and the router's DHCP reply could be considered as approval, along with the details you need to gain access?

    for people trying to crack WEP/WPA passwords, then I agree, that's going to far, but I would imagine an enterprising lawyer could make a case for using an open network with the above... am I wrong?

    The owner of the router may not have approved you explicitly, but his equipment has done so on his behalf.

  5. mahoney

    Check, and... mate

    You Brit's are amatures when it comes to getting arrested for stealing bandwith. In Toronto, we go all out:

    "In Toronto, a man was arrested with a WiFi-enabled laptop in his car - and his pants down. He was tapping into unprotected wireless networks. Ultimately, however, he was charged not for that, but for the child pornography he was in the process of downloading."

  6. Anonymous Coward
    Anonymous Coward

    Daft law...

    It's a daft law... If someone leaves a front door open, and you walk in, can you be charge with breaking in? No you can't. Maybe criminal damage if you didn't wipe your muddy feet.

    If someone leaves a wifi point open, and I'm a bit lost, am i going to pay a fortune to pull up google map slowly on my PDA via my bluetooth phones gsm connection, or am I going to jump onto the open wifi and pull up the map in a couple of seconds... I'm gonna use the open wifi aren't I!

    If it doesn't have a lock on it (encryption) and doesn't have a keep out sign SSID=BuggerOff, how are you supposed to know it's private, and not just a free community hotspot?

    Hopefully plod doesn't know much about mobiles, and my N95 will be a good covert wifi pinching tool for a few years.

  7. Anonymous Coward
    Anonymous Coward

    'Police Community Support Officers'

    "This arrest should act as a warning to anyone who thinks it is acceptable to illegally use other people's broadband connections."

    Actually he was arrested by 'Police Community Support Officers' and it wasn't in response to a complaint, they were walking around looking for people to arrest. There's no indication they even bothered to ask the WiFi owner if he minded.

    It's best to stay in doors when that lot are walking around, if it wasn't him, they'd have arrested someone with a careless sprinkler, or the owner of a dog without a leash or something.

  8. Mark

    Open wireless connections

    David Haworth seems to have openly spotted the flaws in the argument.

    Open wireless connections are "public" in my view. Breaking a password or encryption system is the standard for it to openly qualify as misuse.

    I leave my wireless connection open and fence off the rest of the network. I really don't mind if some yuppie in the pub down the road wants to send a few emails.

    Besides, it gives me an excuse for all my porn downloads "it was my open connection officer"....

  9. Hywel Thomas

    Waste of police time

    Is this really a big problem ?

    Can the police not be charged in this case for wasting their own time ? I'm sure people would rather they tried to catch some burglars or rapists rather than nicking a bit of bandwidth from some numpty who failed to protect it.

    Having one's unprotected Wifi nicked isn't like leaving your door open and then finding all your stuff gone. This is like leaving your door open, having someone come in, sitting on your sofa and watching your Sky for a bit before leaving.

  10. Anonymous Coward
    Anonymous Coward

    Huh?

    "Using even an unsecured Wi-Fi network is an offence under the Communications Act 2003"

    Given that there is no definitive way of telling an unsecured private wireless router from a (deliberately) unsecured public wireless router, I imagine that the "I thought it was public" defence should push it below the "beyond reasonable doubt" threshold.

    An unsecured WiFi router broadcasting its SSID is precisely like leaving your door open and posting a big sign outside saying "come on in and look around", and should be treated so in law.

  11. Adrian Jones

    Re: Daft Law

    "It's a daft law... If someone leaves a front door open, and you walk in, can you be charge with breaking in? No you can't. Maybe criminal damage if you didn't wipe your muddy feet."

    Not a very good analogy.

    So it'd be alright to plug in your mobile and start charging it from their electricity too?

    Just as it'd be alright to use the bandwidth they're paying for, for your own use? Even if they've got a limit

    Wander into my house after I leave the door open and I'll arrest you for trespass. You can be charged with that.

  12. Mark Allen

    Laptop default settings

    With the way this law is worded, doesn't that mean the laptop companies and Microsoft are "aiding and abetting"?

    The average MS laptop is setup as default to just jump onto the first network it sees. So the average, non-technical user, turns on the laptop and without them doing anything - the laptop jumps onto the nearest WiFi connection.

    So how is the user at fault?

    (I have had a client like this.... she had broadband supplied by a big name ISP. They had supplied a non-wireless router. So her conversations with their support were "interesting" as she would access the Internet without ever plugging in the cables.... THAT wasn't on the support scripts. LoL (She was using the unsecured neighbours network without anyone realising))

    And what about "town wide" WiFi networks? Brighton has a mad plan to WiFi enable the town... so how does one know when it is a "legal" open network or an "illegal" open network?

  13. Anonymous Coward
    Anonymous Coward

    re asking permission

    Nice piece of thinking David. Got to say that - given the prominence of the WEP/WPA/WPA2/etc options in the installation notes, (and in some cases in the setup-programs/drivers), a good barrister should be able to claim the "the 'victim' had ample chances to properly secure their network, but chose not to". Hey, there's an idea - countersue the dumba** with the unsecured WLAN for deliberate entrapment!

    That said, I've accidentally used someone else's unsecured WLAN in the past - mainly because a neighbours kit was transmitting at higher power than my USR WLAN router, and the (also USR brand) WLAN card in my PC automatically locked onto it, rather than *my* WLAN, (and it was a bitch to stop it doing this). So am I going to have the "rozzers" at the door?

    In common with most other of the other posters here, I'd differentiate between using an "open" network (accidentally or otherwise) and break-in to a WEP/WPA protected one. The former is fine (imho) whereas the latter is clearly an illegal activity and therefore one that deserves the full weight of the law against it.

  14. ian

    Better than the ICO

    Is this more potential crims than the ICO has ever caught, in its entire useless history?

  15. Anonymous Coward
    Anonymous Coward

    how shameful, for the police that is..

    This is not like entering someone's house at all. The man was in his own car, using his own laptop. The toy police (PCSO) had no right to search him at all*.

    In fact its more like you happen to be overhearing someone's playing their CDs and enjoying the music. How dare you! You didn't pay for that CD, just because the owner had his window open allowing you to hear the music, you shouldn't be allow to enjoy it at all. What a load of bollocks.

    I'm still getting 419 Spam, from UK IPs, why don't the police's computer crime squad have a go at doing something about that, instead of looking for easy arrests (no doubt to populate their DNA database) of someone not causing any harm at all.

    When I say no harm, I'm referring to using the open WiFi not what ever the person was doing on the laptop, which I'm fairly sure would have benign. If it had been anything more serious we would have heard about it, because the present charge is just too lame and they know it.

    *If these guys come up to you, don't entertain them at all, they have no right to search you or even question you, they are there to observe and call in real police if needed. (having said that, get proper legal advice if you need to find out how to deal with these little wannabes)

  16. Misha Gale

    Puiblic vs private networks

    I'd say it's pretty simple to figure out whether it's a public network or not actually. For one thing, public networks have SSIDs like "STARBUCKS" or "BRIGHTONFREEWIFI", rather than "NETGEAR" or "31SMITHSTREET". But more importantly, if there is a large free WiFi network in your city you'd probably know about it. And there aren't any in the UK that I know of. If you are in a residential street, the networks are probably private. If you are sitting in Starbucks it's probably public. Apply a little common sense, it's not rocket science.

    Ok, if you are a non-technical person it's easy to make a mistake, but for a professional to claim "I didn't know" would be a bit much.

  17. TEQ

    @ Adrian

    Trespass is a civil, not criminal offence. You can't have someone arrested for trespass (unless it is aggravated trespass), neither can you impede their egress off the property. All you can do is ask them to leave/call the police who will ask them to leave.

  18. Anonymous Coward
    Anonymous Coward

    What victim?

    "a good barrister should be able to claim the "the 'victim' had ample chances to properly secure their network, but chose not to"

    What victim? That law as worded makes the *act* a crime, there doesn't need to be a victim, or even a problem that needs to be fixed. The 'victim' can't even say 'well I'm fine with it' to fix this crime.

    It just has to be *unauthorized* for it to be a crime under this law.

    In this case the guy admitted he didn't get permission to use it, so he was arrested.

    He should have said, his computer requested the connection and was granted it, and then he'd have a defense, because it would be like him selecting a service on his phone and it connecting. He didn't ask permission in that case either, his phone did, just as his computer did in this case.

    But the dumb sod didn't realize he needs to choose his words carefully.

    There's lots of cases like that, if in doubt say nothing.

  19. Anonymous Coward
    Anonymous Coward

    re: how shameful, for the police that is..

    sorry, I was getting the story mixed up with some other WiFi bust. He wasn't in his car, just sitting on the wall outside the place (the fool). Apologies if I mislead anyone. My other comments still stand. :)

    That'll teach me for not checking out the original story first.

  20. Anonymous Coward
    Anonymous Coward

    Open Broadband

    London & Norwich now have large accessible WiFi networks. Norwich's is free. This sort of thing is going to cause huge amounts of discussion over the next few years. Although I agree that owners of WiFi routers and AP's should have a responsibility to secure them. If you leave your phone in the street and someone uses it, is that a crime? I secure my network, and alot of manufacturers are doing it as default now, e.g. BT, Orange, Linksys, but many aren't my Netgear router didn't come secured!

  21. Trevor Watt

    Title

    A friend has just found that he has been using his next door neighbour's WiFi, he set his own up 18 months ago and clicked the first network that came up, they both have the same make of access point. It was only when the neighbour WEPed his that the penny dropped.

    Personally I have an access point named 3KBSFree which will let you download your email from the street at a whoppingly slow yes, 3KB/S. But hell, free is better than nothing.

  22. Oscar

    Not true at all ...

    "I'd say it's pretty simple to figure out whether it's a public network or not actually. For one thing, public networks have SSIDs like "STARBUCKS" or "BRIGHTONFREEWIFI", rather than "NETGEAR" or "31SMITHSTREET"."

    I've seen an ALARMING amount of machines set to accept all incoming Wi-Fi connections with SSID names like "Free public Wifi". Whats that all about? Im fairly sure its some default setting from some manufacturer, though ... cos im seeing it everywhere. Mind anyone in the know can spot the difference between a wireless card and an access point (that little image is handy). The average Joe isn't going to realise this. It would also be a very easy way to hack someone's machine. They connect to YOU and then you hack them. Bet it'd be dead hard to trace as well ...

  23. Anonymous Coward
    Anonymous Coward

    Re: WiFi theft

    It's difficult to lampoon the police when they do it so effectively themselves.

  24. Kevin Crisp

    Community Support Officers

    The problem here is surely the pettifogging PCSOs, or Gauleiters as they should be called.

  25. Joseph Boren

    Better analogy

    The "open front door" analogy really doesn't work in this situation. Even if the door is wide open you have to physically move your carcass onto Private property thereby committing the crime of Trespass. It's not like that with WIFI.

    Now, IANAL but, an open access point that is broadcasting it's SID is BROADCASTING an open invitation to connect, over PUBLIC frequencies, and at least in this case, well beyond the Physical boundries of the Private property, onto PUBLIC property.

    Broadcast;

    http://dictionary.reference.com/search?q=broadcast&x=0&y=0

    NOT

    http://en.wikipedia.org/wiki/Broadcast_(band) :-)

    The act of broadcasting the SID of an open access point could be considered an invitation to join the network and the DHCP process could be considered the act of asking for and receiving permission to join the network. Remember even if you connect to the access point, you can't use the internet connection without the IP information supplied by DHCP. Using the internet connection is the "theft of services", right? Not just connecting to the AP and doing nothing.

    In US law (roughly based on UK law, right?) there is a concept called "attractive nuisance". This basically means that if you have something on your private property that is visible from public property and everyone who sees it is going to want to use and you make no effort to secure it or prevent access to it, you give up to some degree, some of your property rights to that thing and possibly the piece of property it is on. Here's an example; you are a single person with no children and you live alone in a house with a large unfenced backyard that borders a public park. One day you build a children's playset at the back of your property, easily visible from the park. some children playing in the park notice your new playset and wander over and start using it. One of the children falls off the slide and breaks his arm. His parents sue you. They will probably win even though the child trespassed and used your property without permission. You intentionally created an "attractive nuisaunce" and made no attempt to control access to it. You could have built a fence, you could have posted signs that said "Private Property - keep off - this means you little brats" But you didn't, so you accept some responsibility. It's probably different in the UK so somebody correct me if i'm wrong. But there are ridiculous laws like this in the US that need knocked down too.

    The best analogy i could come up with in this situation is this;

    I'm walking down the sidewalk to work one morning. I walk by the front of your house and notice that your garden hose is hanging over your fence spouting water onto the Public sidewalk. Since I'm thirsty, i lean over and *without physically touching your hose* (that's garden hose, pervs) i take a drink of water.

    Now have i tresspassed? No. Have i stolen your water? Maybe, would it matter if I had let the water hit the sidewalk first and then lapped it up from there? The water was going down the gutter anyway, at what point does it change from private to public property?

    As previous posters have mentioned, the guy made a huge mistake admitting to anything. The proper response when the Neighborhood Nazis walked up and asked what he was doing would have been either to say something like "I'm sitting in my private car, legally parked in public place working on my private laptop, not that it's any of your business - now fuck off", or, simply winding up the window and ignoring them. If/when an actual cop shows up you have to deal with him but the same rule applies. "My name is so and so, I live at x address, I'm sitting in my car working on my laptop. Period. If you have any more questions i'm going to need my lawyer present."

    It seems to me that these kind of laws have only existed so far because they've only been applied to the uneducated. The first time someone tries this on a reasonably well funded IT professional, with a bad attitude about authority, I can't see it holding up. All it's going to require is the right expert witnesses to explain the situation in layman's terms to the jury in a way they can understand and no reasonable person would convict. And at least in the US these laws are pretty vulnerable to constitutional challenges, the problem is that it's so very expensive to take a case far enough on constitutional grounds, that it's going to take someone with a ton of money, a professional understanding of the subject, lots of endurance, and a strong enough feeling of Civic responsibility to not just take the settlement and make the whole thing go away.

    Begin mini-rant:

    At least in the US, it's government OF the People, BY the People, not just For the people. If you don't like the way things are going in your govt, Get your fat asses off the couch and DO something. Just voting for the lesser of two evils ain't enough. They're both obviously in the pocket of the global corps. If you're not willing to fight and suffer for your freedom, you don't deserve it. Maybe start by learning your actual rights under the constitution and federal and local laws and the proper way to deal with law enforcement, so you don't make it so goddamn easy to take away those rights.

    End rant:

    Best,

    Joe

  26. Joel

    @David Haworth

    Really good argument.. if that happened to myself, I'd definitely try and use that.

    Also, October?? That gives plenty of time for the hacker to sell his laptop and get a new one, does it not?

  27. PC User

    What the?!? OMG what a dumb/lame law.

    WTF, what if the owner of the wireless router WANTS to share it? This is a prime example of an overarching stupid law. I am not proud of the assinine pandering politicians we've had for the last few years here in the US, but I'm sooo glad I don't live in the UK which seems to be the king of lame laws passed recklessly, without regard for how STUPID they are.

  28. Morely Dotes

    @ Oscar

    "I've seen an ALARMING amount of machines set to accept all incoming Wi-Fi connections with SSID names like "Free public Wifi""

    Windows is designed to default to connect to *any* wireless connection it can find; it's the operating system of choice for idiots, and therefor it's meant to help idiots do what they want to do, no matter how stupid that thing they want to do may be.

    Take a look here http://blogs.chron.com/techblog/archives/2006/09/free_public_wif.html for a more in-depth (and less rabidly anti-morons) description of the problem.

    The first thing I do after a Windows install is check the "connect only to access points" box in the wifi control settings, thus eliminating the problem of my field people finding themselves connected via a "man in the middle" when they're trying to VPN back into Corporate HQ.

  29. Sean Healey

    If an offence was committed, who was the victim?

    I'd love to know who exactly was the 'victim' of this blokes supposed crime. If he's being charged with unauthorised use of a network, how did these 'PCSO' goons determine that his network access was in fact unauthorised?

    Presumably the wardriving geek dropped himself in it when questioned - I can't see any other way that this could stick legally.

  30. Dave

    @ Trevor Watt

    "Personally I have an access point named 3KBSFree which will let you download your email from the street at a whoppingly slow yes, 3KB/S. But hell, free is better than nothing."

    And I'm sure all the usernames/ passwords/ credit card nos. that are transmitted via your network are not being collected ;)

  31. Tom

    Just to muddy the waters a little further.

    Wasn't there a case in the US a while back where a guy was charged with sitting outside a coffee shop and plugging in to their "free" network. IIRC the coffee shop owner did not want to press charges, but the guy was done anyway.

  32. Anonymous Coward
    Anonymous Coward

    ISP Contract

    Most ISP's have small print in their contracts that state that you will not share your connection beyond the limits of your property (to stop people getting a 8mb/s connection and running cat 5 to the next dor neighbour and splitting the cost)

    If this is still the case (My info is years old now) then the owner of the router could also be in trouble for breach of contract...

  33. Anonymous Coward
    Anonymous Coward

    PCSOs?

    Just a thought on PCSOs not having power of arrest - if I can make a citizens arrest, and I'm an average Joe, why can't they? Hmm..that just makes them Guardian Angels (remember them?) in a stab vest.

    However, in terms of a police state, it's little wonder folks are leaving the country in droves - what a shit hole, and I was born here. The '97 vintage Tories were pillocks for sure, but what would the place have been like if they'd stayed in power? Same/better/worse? - it's ciggie paper time.

  34. James Butler

    Hee hee ...

    "I've seen an ALARMING amount of machines set to accept all incoming Wi-Fi connections with SSID names like "Free public Wifi". Whats that all about?"

    No guesses? It's pretty easy to figure out:

    1) Joe Dingbat pops open his laptop to check his email from his car

    2) He is offered a number of "available" wireless access points

    3) He chooses the one labeled "Free public Wifi" ... *DOH* mistake #1

    4) He logs into his email account ... *DOH* mistake #2

    5) After responding to a few, he decides to buy a book from Amazon.com

    6) He goes there, chooses and pays with his credit card ... *DOH* mistake #3

    7) He logs off, and goes about his day

    Meanwhile, he is unaware that he has just handed over his email account information and his credit card information to a gleeful criminal who not only set up the access point for the express purpose of scraping such information from unsuspecting passersby who are lured in by the "free" connection, but who has also used the opportunity to dump a teeny-weeny rootkit onto his laptop.

    Hee hee. Sorry, Joe Dingbat. You been p0wnt! Not so "free" now, is it?

    Anyone who uses an unknown "available" access point is foolish, at best. Maybe that will change as time goes on, but it exemplifies the biggest problem facing cities that want to establish a wide-range free municipal wifi system: How to tell the fakes from the real thing.

  35. Anonymous Coward
    Anonymous Coward

    The main thing ...

    The main thing is they got his DNA. Whether he is charged or not is irrelevant. The DNA is the target.

  36. abigsmurf

    SSID isn't permission

    Broadcasting an SSID to an unsecured network isn't permission.

    Permission is something that has to actively be given, permission isn't there by default. The default for a wireless network is no encryption and something along the lines of "BELKIN" as the SSID. You have to take action to change that, so default values indicate no action has been taken, therefore you can assume no permission has been granted.

    Looking at it from a different by the commonly used metaphor. An unsecured wireless network is an unlocked door and an SSID is a sign in public view saying the door is unlocked.

    This is the equilivant of leaving a door unlocked and hanging a sign outside saying "The lock on the door is broken". Although a stupid thing to do and insurance wouldn't pay, anyone entering would still be trespassing.

  37. James Butler

    It gets you thinking ...

    My wireless router is my property.

    I leave it "open".

    I give it a generic name like "Free public Wifi"

    I log everything that runs through the box.

    Some shmoe decides to tap into my "Free public Wifi"

    I collect his email login info.

    I collect his credit card info.

    Is there a problem here?

    It's my box, and he's illegally tapped into it. I can grab whatever I want, and he has willfully passed that data on to me. Kinda like the guy who walked through the open door and hung out on the couch to watch your big screen ... and then dropped his wallet on the way out the door. Found goodies, and no legal obligation to either tell the trespasser that the wallet was dropped nor to return it to them. They left it as a token of their appreciation for using your paid-for services for free.

    I'd say the router-piggybacker's actions have granted me explicit approval to grab his data. He has therefore implicitly given me the right to store his data. He gave me his login info, and I could maybe even argue that he has also given me approval to use it. He handed it right over to me!

    It's a little grey around the "useage" area, but I've definitely been given permission to grab and store any data, in much the same way as some argue that a non-secured box provides permission to use it, and DHCP request/assignment provides a mutually-permissive transaction.

    Oops ... some crook stole my router ... I hope all that data doesn't get used illegally ...

  38. Anonymous Coward
    Anonymous Coward

    PCSOs? power of arrest.

    Just a bit off topic, but the way I see it is that the PCSOs don't have the same power of arrest as the police. They can make a citizens arrest but it's outside the power of the PCSO remit. Therefore if they make an improper arrest, sue the little shite, and make a complaint for assault. The police would love to have the little shite's DNA when they are arrested.

  39. Stephen Stagg

    @James Butler

    Welcome to the joyful world of SSL. Amazon, and most Webmail providers use HTTPS servers to handle all passwords/Credit information. So you *should* be perfectly safe submitting your details over a public WIFI connection.

    That is assuming, of course, that he isn't infected with malware on his computer.

  40. Nick

    Did el fuzzo...

    ...ask the owner of the AP if they wanted the user prosecuted?

    Although I use security mechanisms, if some geeza/gal was clever enough to penetrate my defenses, provided they wern't doing anything illegal RE dodgy downloads e.t.c, I'd invite them in, shake their hand, make them a cup of the finest caffeine and find out how they did it. I wouldn't do the same thing if the local twoc'er was trying to jack my motor. Funny old world isn't it?

    I did use to leave my AP open for all, but then realized that a) no-one ever used it and b) if they did, they could do all sorts of naughty things in my name, so it got locked down.

  41. Anonymous Coward
    Anonymous Coward

    Sharing your wifi with a proper invitation

    If you really want to share your bandwidth, and have permission from your ISP to do that, you can set up your own hotspot.

    Such as this supplied by Solwise:

    http://www.solwise.co.uk/wireless-hotspot-was-102r.htm

    Or subscribe to a Hotspot network such as "The Cloud" or "Openzone" as a supplier of service (you get a miserable return, though - even though it is you providing the service really).

    This intercepts all calls to your LAN and Internet connection. You're explicitly giving permission to use the network, and your network can remain encrypted - because if you wish, you can make the user collect a ticket with pertinent details.

    Without such a device, it is hard to prove that the owner has explicitly granted access to his/her network and hence the Internet, even if you SSID says so.

    Why is this? Well, any novice who sets up a wireless network may not have taken the trouble to set up the router correct, and the devices have default settings. A knowledgeable person would be able to reconfigure the Router and therefore the SSID.

    As someone else said, most PCs are set up to use the strongest signal - so a novice may not even notice that the SSID has changed.

    The laws are, I agree, antiquated and were designed for the protection, mainly, of military & government communications and systems, and large corporate networks - such as the railway & banking networks.

    Until the laws are changed/updated (and there's no guarantee they ever will be), then accessing ANY computer and network device (ie a wireless Router - even if it is just to get an IP number and routing onto another network) without explicit permission is a CRIMINAL offence. It could even result in a custodial sentence.

    Because of the sensitivity of Corporate and Military networks and equipment, the law will always have to ensure it protects those networks and the wording for such laws to differentiate between public, private and common ownership will always be a bit hazy.

    If the guy is guilty of accessing the Internet through someone elses network, then there will be no option but for the judge to impose at least the minimum sentence he can.

    Rob

  42. This post has been deleted by its author

  43. Rob

    RE: Daft law & Trespassing & Muddy waters

    "It's a daft law... If someone leaves a front door open, and you walk in, can you be charge with breaking in? No you can't. Maybe criminal damage if you didn't wipe your muddy feet."

    You could be charged with criminal trespassing. Contrary to some places it is not always a civil offense.

    " 635:2 Criminal Trespass. –

    I. A person is guilty of criminal trespass if, knowing that he is not licensed or privileged to do so, he enters or remains in any place.

    II. Criminal trespass is a misdemeanor for the first offense and a class B felony for any subsequent offense if the person knowingly or recklessly causes damage in excess of $1,000 to the value of the property of another. "

    Also regarding this:

    "Wasn't there a case in the US a while back where a guy was charged with sitting outside a coffee shop and plugging in to their "free" network. IIRC the coffee shop owner did not want to press charges, but the guy was done anyway."

    Here in the United States not every state is just a 'state' meaning some are commonwealth states. In the commonwealth state of Pennsylvania the state has the right to charge offenders regardless if the victims do not wish to press charges. I believe the other few commonwealth states are the same in that aspect.

  44. Cliff

    Free Public WiFi SSID

    A point to remember here amidst the paranoia in this thread about joining a free public wifi point is HTTPS, a sensibly set up site like Amazon, most email providers, etc, will encrypt the data en-route, and it's far far tougher to Man-In-The-Middle when certs are involved...

  45. Dan Goodin (Written by Reg staff)

    Re: Free Public WiFi SSID

    Cliff,

    You wrote: "A point to remember here amidst the paranoia in this thread about joining a free public wifi point is HTTPS, a sensibly set up site like Amazon, most email providers, etc, will encrypt the data en-route, and it's far far tougher to Man-In-The-Middle when certs are involved.."

    That kind of assumption is dangerous. HTTPS MAY prevent someone from siphoning your login credentials, but as an Errata Security researcher demonstrated at Black Hat, the vast majority of websites (hotmail, Yahoo mail,) make it trivially easy to steal session IDs transmitted over Wi-Fi - even when the wireless user has chosen the SSL URL.

    For more on this, see: http://www.theregister.com/2007/08/02/public_wifi_hack/

  46. James Butler

    Re: HTTPS

    Would an unsuspecting user who connected to a rogue open router realize that when they clicked their bookmark for GMail, it displayed http://mail.googlie.com instead of https://mail.google.com?

    Unfortunately, newbies and unsophisticated users would be hard-pressed to use the techniques that might keep them "safe", like running Tor/Privoxy with their own DNS resolution or PGP or similar security tools.

  47. Jason Clery

    @ various

    "It's a daft law... If someone leaves a front door open, and you walk in, can you be charge with breaking in? No you can't. Maybe criminal damage if you didn't wipe your muddy feet."

    If you take their stuff, its still theft.

    "An unsecured WiFi router broadcasting its SSID is precisely like leaving your door open and posting a big sign outside saying "come on in and look around", and should be treated so in law."

    How? Blaming the victim again. What next? She was wearing a short skirt, she wanted to be raped? He was black in a white area, he wanted to be murdered?

    "Found goodies, and no legal obligation to either tell the trespasser that the wallet was dropped nor to return it to them. They left it as a token of their appreciation for using your paid-for services for free.

    "

    wrong. you need to make a reasonable attempt to return found chattels.

    £5 on the street you keep if no-one is around. A rolex you hand in.

  48. Daniel Ballado-Torres

    Wi-Fi 0wnage @ Black Hat

    ... and that's the main reason I have switched to https://gmail.com since reading that article. Mind you, I already have taken measures to avoid someone tapping on my wi-fi; not only 128-bit WEP, but also using an SSH tunnel and pumping all my http(s) traffic through that tunnel (that goes to my squid proxy on the other end).

    Except my https://gmail.com practice applies to even my wired access too. Wi-Fi may be the easiest way to leak information, but there is a reason we use SSL for anything involving money...

  49. Michael

    It's like...

    Using someone else's unsecured WiFi without their permission is like walking by someone's yard and enjoring the view of their beautiful garden. If you place something in public view, you cannot reasonably expect them to NOT look at it. If you don't want your neighbors looking at your garden, build a fence around it.

    If you don't want you neighbors using your insecure WiFi, secure it, or stop beaming it into public space.

    In order for me to be trespassing on my neighbor's wireless, while I'm in my own house, the assumption is that the wireless signal belongs to him, regardless of where it is. If that is the case, then I want to file a trespassing complaint, for my neighbor projecting his wireless signal into my house. Such a case would certainly highlight how ridiculous these things are.

  50. James Butler

    Lost Wallet

    "wrong. you need to make a reasonable attempt to return found chattels.

    £5 on the street you keep if no-one is around. A rolex you hand in."

    Mmmm ... not quite so clear cut, at least in the USA. The lost wallet was on my property and was left behind during the course of a trespass, either criminal or civil. Therefore I, as the property owner, may lay superior claim to the wallet. I could satisfy a "good faith" effort to return it by posting a notice in the local paper and waiting a couple of weeks before I spent the money as my own.

    £5 or a Rolex on a public street is different. Data flowing illegally through my (admittedly rigged) router is still trespassing, and is left behind during the course of that trespass. Perhaps I would post a notice in the local paper anyway, though:

    "Found: GMail login information and credit card data. Left on my router by someone who decided to use the bandwidth I pay for. To claim these credentials, please contact ..."

  51. AllGonePeteTong

    This Law is Completely Re-dick-ularse

    I'm sure my fellow Brit's are now sleeping soundly at night knowing that their WiFi Networks and bandwidth are being protected by the Gestapo. Didn't we fight a war 60 odd years ago over perversions like this?

    These are the types of law's that make the UK government look uneducated and behind the times with regards to technology. The country's legal system is stuck in the 18th Century - if the doddering 85 year old judge who's half deaf with a serious case of piles and gout doesn't understand it (which he won't), then it's "off to the gallows with you".

    If you have not taken adequate measures to ensure the security of the transmission, then it implies that you don't care about the security of the signal. It would take someone with only a limited amount of Tech Savvy to laugh this one out of court.

    I saw the light and left that bloody country 20 years ago because of BS like this.

    What's next? Arresting some for wearing a loud shirt in a built up area?

  52. Danny Thompson

    In Corfu ....

    town all of the WiFi networks are Open and unsecured. When I asked a local why this was, he replied that it was "normal" for them to share their resource like that for the good of everyone.

    Moving swiftly across to our particular Police State and see that we can't even give away our bandwidth if we wanted to. Did the local Nazis even bother asking the person who's wireless network it was whether or not they minded.

    Reminds me of the story in yesterday's paper where a father who's 21-year old son was beaten to a pulp by a local yob was told to write to his MP rather than bother the local Plod.

    Gives yer that right warm feeling, dunnit?

  53. Mark

    Priorities

    What a warped sense of priorities. Kick the crap out of someone on a Friday night and get an £80 on the spot fixed penalty (as seen on TV so it must be true); pilfer a bit of bandwidth and get marched off to the station for a serious investigation.

    I'm surprised the PCSOs even noticed; round here they are only seen standing in groups of 5 or 6 outside the local shopping centre having a cosy chat.

  54. Anonymous Coward
    Anonymous Coward

    Dishonest access *and* intent to avoid payment?

    The relevent part of the Communications Act 2003 goes:-

    "Offences relating to networks and services

    125 Dishonestly obtaining electronic communications services

    (1) A person who

    (a) dishonestly obtains an electronic communications service, and

    (b) does so with intent to avoid payment of a charge applicable to the provision of that service,

    is guilty of an offence."

    So he would have to have gained access dishonestly (which is worth arguing about if the wifi access was unsecured) *and* intended to avoid applicable payment (which is difficult if the wifi access was unsecured; ie free to all).

    The CPS ought to be a bit wary of prosecuting him if he seems able to afford a court case.

  55. William Bronze badge

    Some real idiots here.

    If I leave my door unlocked (by accident or on purpose) this does not give you the right to enter my property and sit on my couch or even use my phone to call 0800 numbers. I am quite positive that those people who are comparing an open wireless network to an open house would not be happy if they came home to find someone in their house watching really dodgy porn on their DVD/TV. So stop talking BS that its ok to use another persons network because there is no lock on it. Or leave your front door open so that I can come round and help myself to your facilities, you don't have a problem with this - remember.

  56. Anonymous Coward
    Anonymous Coward

    Just dishonest access.

    "(b) does so with intent to avoid payment of a charge applicable to the provision of that service"

    Did the man with the open router charge for the service? I don't think so, and leaving his router free to use indicates no charge. That doesn't seem to prevent prosecution, they just look for someone along the route that DOES charge and use that instead.

    "If I leave my door unlocked (by accident or on purpose) this does not give you the right to enter my property "

    If I knock on the door and ask to come in, and you give me permission I can enter. His computer asked and his computer was given permission. He can't tell the difference between WiFi intentionally free and unintentially free. Just like his mobile phone asks to use Vodaphone roaming and is given permission, he doesn't have a special contract with Vodaphone, he just assumes it's OK because Vodaphone's router lets him connect.

    Would it be OK to lock up every delivery men?

  57. Anonymous Coward
    Anonymous Coward

    Title

    Anon: If it doesn't have a lock on it (encryption) and doesn't have a keep out sign SSID=BuggerOff

    That's a disturbing coincidence, have you been wardriving in my area? At least my SSID makes a change from all the SKYxxxxx / WANADOO-xxxxxx crap that is clogging up the channels.

  58. Scoot

    So what about people who do secure their wi-fi?!

    @William: Do/would you leave your wireless network unsecured? Or even your front door open? If so, I'm popping round to watch your Debbie Does Dallas DVD! :-P

    This is a stupid, poorly thought law - I worked in central government for a few years, and many of them (ie. usually the ones in power) have no clue about technology whatsoever. How anyone can advocate ignoring security functionality/features on a device which can be publicly visible must be a moron. It's just licence to be lazy and careless. Oh, and no wonder identity fraud and debit/credit card fraud is so high in the UK!!!

    Even worse than an unsecured wireless router is an unsecured wireless router with the factory-default administrator username and password!!!

  59. Kevin Smith

    Injection...

    "Would an unsuspecting user who connected to a rogue open router realize that when they clicked their bookmark for GMail, it displayed http://mail.googlie.com instead of https://mail.google.com?"

    An attacker wouldn't even need to redirect the user like that - if they connect through the attacker's equipment then any request the user makes can be misrepresented as whatever the hell the attacker likes - mail.google.com can be a fake-but-otherwise-identical page hosted on the attacker's own machine, which stores login details and then uses those details to return the real page from google.

    The computer-illiterate consultants at my (UK local government)workplace are currently engaged in a project to get wireless access enabled across the organisation - this was originally disabled as it was correctly deemed impossible to ensure the security of our data when connected to an external network. As ever in local government, the popularity/political vote won out over common sense, so if you live in the UK you may want to check on YOUR local government's policy regarding public network access - they're only too happy to trade the security of your personal data for the marginal political gain of allowing staff the convenience of connecting to unsecured networks in public places.

  60. Anonymous Coward
    Anonymous Coward

    Legal Situation

    Looking at the Communications Act - section 125 states:

    "(1) A person who—

    (a) dishonestly obtains an electronic communications service, and

    (b) does so with intent to avoid payment of a charge applicable to the provision of that service,

    is guilty of an offence."

    so the question here is all about intent. If your laptop is set to access your wireless at home, and its SSID is NETGEAR, then opening up your laptop near someone's house (say working in the park) and being automatically connected to someone elses NETGEAR access point is likely to not be an offence. there was no intent.

    However, deliberately targeting a wireless access point in someone's house, might be seen as 'dishonest intent'. Of course, all bets are off if you sit in a place where you might expect a free hotspot (such as a cafe) and pick up a not-free one across the road in someone's flat with a non-obvious name.

    Advice to people wanting free access? Choose AP's with common 'default' names so you can claim you didn't mean to connect. Sit somewhere you could claim to expect free access (cafe, bus station etc). Oh, and don't do anything suspicious like MAC address spoofing, WEP hacking etc :)

  61. Mark McGuire

    BOFH to the rescue

    Now all we need to do is to some how bribe/get the number 1 BOFH to work in central government. Sure some tax dollars would be spent on computer parts for him, but you wouldn't get bad tech laws passed (He would block them by killing relevant emails and such...).

    Even though I don't live in the UK I feel aghast at seeing this law. Even though we have one of the stupidest leaders of all time (see No Child Left Behind), I don't think we have that many overly outrageous tech laws (if I am wrong let me know, I might be breaking a few). I always make sure I encrypt my network with WPA though I don't hide the SSID (any script kitty with a brain can see hidden SSIDs).

    Oh yes and I've seen so many unsecured routers with factory-default passwords and logins. I so should "help" them encrypt their network, don't you agree?

  62. Trevor Watt

    @ Dave

    Actually, no. The access point is connected to the modem/router with nothing in between. The rest of the network is behind a hardware firewall between it and the modem/router including a further access point with MAC filtering and WEP.

    I figure that if anyone with the skills wants to get in then they will, so I don't go overboard on protection, I am not the paranoid type.

  63. Anonymous Coward
    Anonymous Coward

    Easy to unintentionally grab an open connection.

    I work as a contractor, when working away from home I try and find a B&B with internet access so I can catch up on emails etc. and stay in touch with home via VOIP if connection is up to it.

    In one B&B, after a few days I happened to mention to the owner that the wifi connection was of low strength - his reply - "We have no wifi, I'm an ex BT engineer, it is all cabled in".

    ....I had been using his neighbours connection.

    My PC was set up to only log on to a wireless network with my approval, however with this one, because the name was not an obvious default i.e. NOT Netgear, Belkin etc but a name (the type of name you would give to a pet rather than a person) and it was unsecured I approved it. As the B&B owners had lots of pets I just assumed the router I had detected was named after one of their dogs and so used it thinking they were providing it..

  64. Anonymous Coward
    Anonymous Coward

    Analogy

    Screw the door on the house analogy:

    1. Having Internet access is like having a private party with beer kegs at your house

    2. Having WIFI is like having the same party, but out on your porch

    3. Not using encryption is like leaving the porch gate open

    4. Having your router broadcast your SSID is like hiring someone to stand on your porch with a megaphone telling people there is a party with beer

    5. Having DHCP assign addresses to anyone who asks is like hiring a door man to let everyone in and give them name tags and telling them to drink as much as they want.

  65. Jason Clery

    @analogy

    hmmm

    1). being a women

    2). wearing a dress

    3). wearing high heels

    4). wearing a short skirt

    5). asking to be raped.

    Don't blame the victim. Some people don't understand how to set these things up, don't blame them. So if you are mugged, its your fault for carry an mp3 player, cellphone and wallet

  66. Daniel Smith

    *Chucks another analogy into the mix (and ducks)

    (from Slashdot) Reader 4e617474 fired the next volley in this battle of analogies:

    >> So the router is "visible," with an option to make it invisible. Big deal. My garden is visible from the street, but I can put a tarp around it to obscure its existence. What you are saying is that, unless I put a tarp up around my garden, everyone has a right to use it.

    No, actually we're saying that if your garden pelts us with carrots and peas as we walk past on the public street, we're at liberty to catch them and consume them. Only if you place anti-vegetable-flight netting around your garden (or stop planting vegetables that lend themselves to comparison to an unsecured WAP) does it become incumbent upon us to behave as good citizens.

    Hey! Analogies are fun! Somebody compare Internet privacy law to hunting and fishing licenses!

  67. Daniel Smith

    Not so fast, goes an argument exemplified in another comment from R2.0:

    (again, via slashdot around this time last year... http://backslash.slashdot.org/article.pl?sid=06/07/28/187219 )

    Yes, the computer is "asking" the router "permission," and the router is "granting permission" — the only problem is, the words we use to describe these actions may appear to be descriptive of thinking and volition, but they really mean neither. Computers and routers simply CANNOT give "permission" in any legal or moral sense.

    To use the yard analogy that seems to be popular for these threads, lets supposed your neighbor's massively retarded child asks your massively retarded child for permission for his Daddy to use your yard, and your child agrees. Neighbor then comes over and stages a cookout on your lawn, or for that matter just walks across it.

    When you confront him, he says "But my kid asked your kid, and he said yes." This is binding? Common sense and the law would say no, yet you would allow devices with an order of magnitude less analytical power than a retarded child to give and receive similar permissions.

    Repeat after me folks: devices cannot give and receive permission for human actions without those permissions expressly being granted via some other means.

    A traffic light doesn't give you permission to cross the street; the government (that you studied to get your license) gives you permission to cross the intersection when a light is green, and denies it when red.

    Your ID badge doesn't ask permission to enter your building, and the security system doesn't grant permission; YOU ask for permission by presenting the badge, and your employer grants it by programming said system to accept your request.

  68. Daniel Smith

    While I'm here I'll post another slashdot gem from the same era :)

    Re:Enough with the analogies!

    (Score:5, Funny)

    by PCM2 (4486) on Friday July 28, @03:57PM (#15801475)

    (http://neilmcallister.com/)

    Your analogy misses the point entirely.

    The situation the GP was describing is a more like trying to sell yak's milk in a Bavarian beer garden. You can bring as many Nepalese sherpas as you want, each with their own entry visas, and the yak might clear customs, but unless the milk is pasteurized you're still going to run into problems. And who's to say the Germans have a taste for yak's milk anyway? It's shortsighted thinking like this that leads to posts like yours.

This topic is closed for new posts.