back to article Finland mulls legalizing use of unsecured Wi-Fi

When it comes to the unauthorized use of open Wi-Fi networks, the Finnish government may say: If you can't beat them, join them. At least, that's our interpretation of this badly garbled Google translation of a YLE.fi article. It says the country's Ministry of Justice is investigating the decriminalization of using unsecured …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Is it actually illegal?

    At least my town has a free urban wifi network (obviously unsecured) covering the center of town, the airport and the university. It is run by the town council, the university, VTT, DNA etc. Never noticed the polis making any attempt to shut it down or arrest the town council.

    1. Lottie
      Badgers

      Well

      In england it's certainly not illegal to use the free wifi if it's there for public use as the public has permission to use it.

      However, it's considered illegal to use unsecured home or private wifi connections as they are seen as a private computer network that you are accessing without permission and therefore hacking.

      I'm sure there was a case in the USA a couple of years ago where someone who'd been using the free wifi from a local shop (starbucks I think) was done for hacking as he wasn't a customer which meant he didn't have explicit permission from the network owners to be on there.

    2. Andus McCoatover

      Same town, sunshine!

      Oulu.

  2. Andus McCoatover

    Don't get it...

    Legalise what's already legal??

    Oulu city has it's own open WiFi network, free, open and unencrypted for anyone in the city*. Even some buses have a Cisco repeater, so you can surf on the bus. The green sign on the brochure (see first link) is ubiquitous around the city, as are the base-stations..

    Mine is unprotected by MY CHOICE, as is the pub's - again by the owner's choice. I did offer to secure it, but no - he wants anyone to be able to use it, and it's 24Mb, so it's usually where I write this drivel from).

    I don't mind or care who uses mine. It costs me nothing as I'm usually at school, or out. For the pub, because it's just out of range of PanOulu.

    My 'community attitude' I guess. We don't need to worry about turds like ACS:law and other 'ambulance-chasers'.

    *http://www.panoulu.net/ (It's in English)

    And for the techies: http://www.65degreesnorth.com/content/view/1349/73/

    (The bit on the pop-up in the original article says "Connection unsuccessful. Check settings and try again)

    1. Anonymous Coward
      Anonymous Coward

      Not quite legal

      The city network in Oulu and your private network are both intentionally open. There has been at least one prosecution when a person used someone's unsecured network without permission. Presumably the "victim" hadn't secured the supposedly private network.

      http://www.hs.fi/kotimaa/artikkeli/Naapurin+langattoman+verkon+k%C3%A4ytt%C3%B6+luvatta+laitonta/1135235577447

      It's high time they made this change. It's even possible to use an unsecured network accidentally, whether it's because your WLAN supplicant is overzealous (oblig: http://xkcd.com/416/) or you've configured your device to use a default SSID in some other context.

      1. mmiied

        re not quite legal

        "or you've configured your device to use a default SSID in some other context"

        true story

        I had my computer setup to access the defult name for a netgear routers SSID "netgear" for some tests when I took it to my frends flat it automaticley conected to his nabours wifi who had left it as the defult I only relised when I got msn messages

  3. gautam
    Happy

    Brilliant

    Now isnt that what free WiFi for all project was all about by the local Municipalities (started in USA)?

    Or the Femto cells bogey intended the same?

    Wonder which vested interests are behind no adoption of this policy citing security and terrorism!

    Something stinks here.

  4. Disco-Legend-Zeke
    Pint

    Or Even...

    ..."man in the middle" attacks.

  5. Matt_W

    And when...

    You get done for illegal downloads of music/movies/worse (records of which your ISP has handed over) you can happily blame it on someone else using your bandwidth?

  6. Anonymous Coward
    Anonymous Coward

    Phones?

    While they are at it, why bother with telephones, A couple of large megaphones will do the trick.

  7. Kelvari
    Happy

    Makes sense to me....

    After all, most router configurations nowadays only take a matter of minutes to set up properly. I don't see any reason why someone who wants their router to be secured wouldn't be able to secure it. If you want to leave it open, then that's like leaving your car parked with the windows rolled down and the keys in the ignition.

  8. Jason Bloomberg Silver badge
    Unhappy

    A freetard's wet dream?

    It's an interesting approach, putting the onus on people to secure if they want protection and take the consequences if they don't.

    A parallel is nipping out and on coming back finding you'd left your front door un-locked and now have someone in your house watching your TV and eating your biscuits. There's no 'breaking and entering' but there remains an issue of 'theft' in consumption (which equates to cost and thus harm).

    The question then is what does de-criminalisation amount to and how consistent is that with other principles of law?

    If 'connection' is allowed but not 'use' (which remains 'theft' through unauthorised consumption) then nothing much has changed. If unauthorised consumption is allowed then where does it leave 'theft' in the parallel example?

    The laws on accessing unsecured networks are there to prevent a disparity in legal principles; how is eating someone else's biscuits really any different to using their electricity? Having a disparity helps no one.

    A better approach IMO would be to keep the law fundamentally as it is is but add a means of identifying deliberately opened and public access points, perhaps by SSID naming convention. That allows an opt-in to sharing resources and a decent legal framework for potential users.

    1. M Gale

      I'll say what I've said before..

      ..if you know how to adjust a service set identifier, you know how to encrypt your router. No SSID naming convention required.

      And the house analogy really fails, every time someone suggests it. For a start, this is bandwidth not biscuits. Unless you're on some stone-age ISP, you're paying for access and not per-megabyte. Second, if you're going to use awful analogies, a router is less like a house and more like a pub. If you want to turn that pub into a club, you put a member list down and employ a bouncer. That would be.. err.. a MAC address filter.

      And if you don't want people looking through the windows, get some net curtains. Or encrypt your connection, if you like.

      You're right that putting the onus on the router owner to "protect" themselves is interesting. It's the first commonsense approach I've seen over this issue in years, and should mean that in Finland at least, when you see an open wifi point it really means open!

  9. Lou Gosselin

    Sounds good to me.

    If it's not secured from anonymous connections, then let them connect. No laws needed here.

    People worried about wiretapping should be using encryption already anyways. (What, people trust their ISP?)

    In a technological utopia, wifi access points would be open everywhere so one could get a decent (high bandwidth, low latency) connection where ever one happens to be. Regular people, using off the shelf equipment (see FON), could build a more powerful and scalable wireless network than any cell phone technology, for much cheaper than phone companies can offer.

    Of course the major issue today being that wifi owners are liable for the actions of other users instead of being protected like an ISP.

  10. Gannon (J.) Dick
    Thumb Up

    In a more innocent time ...

    People used to graze their livestock on The Boston Common or in Central Park.

    All the Finns have to do is make it illegal for anyone to re-sell identifying data. Tell Google and the Windfall Theory of Targeted Advertising they have no place on the Finnish Commons. All those Finns who are famous for being famous will need extra sympathy and Aquavit, of course.

    You have to get the idea out of your head that the Commons is run for the benefit of the people when it is sufficient that it be run from the point of view of the calf.

  11. tkioz
    Thumb Up

    Makes Sense

    Makes sense really, if you can't be arsed spending 5mins when you set up your WAP you deserve to be leached off.

  12. Anonymous Coward
    Anonymous Coward

    Kudos

    This is the first intelligent take I've seen on the issue.

  13. Leeroy
    WTF?

    I wonder .....

    how this would stand up in court if the owner of the net connection was accused of sharing copyright material. Would they then start trying to track mac addresses of the infringing pc's (or printers:)

    If letting others use your connection is legal then you could use that as an easy excuse. I believe if you do it in the uk you are required to keep records of users etc.

  14. Anonymous Coward
    Go

    A great idea

    If only our own government was as sensible (read: not pandering to big business all the time) as the Finnish Gov. Hmm, maybe if EVERYONE is doing it and most people see no problem with it, then we should make it legal becuase it is WHAT THE PUBLIC WANTS. remember that, UK/USAGOV? I know it's been a while but surely you can take to this concept eventually...

  15. Steven Dey

    Finland

    Finland, Finland, Finland,

    The country where WIFI is free

    Wonder if Python foresaw this?

  16. Alan Thompson
    Go

    Unsecured Wi-Fi Standard Needed

    A new required standard should be submitted as an Internet RFC and/or as part of the Wi-Fi alliance - in order to be certified "Wi-Fi" compliant.

    The MANDATORY standard should require 2 additional SSIDs (in addition to the standard, secured, private network SSID) to be simultaneously available and active on ALL WiFI routers and access points. Both additional SSIDs would be enabled by default and optionally be disabled by the owner of the access point. A warning and opportunity to disable them should be presented during the initial configuration wizard.

    #1: PUBLIC - this SSID would be open with no encryption or authentication of any kind, would only have access to the Internet (direct to the Internet on a router/firewall or via IPSEC/SSL tunnel to the router/firewall for access points/routers used internally), with no internal network access. By default the bandwidth would be limited to (for example) 512kbps or a amount specified by the owner. Times of day could also be configured (optional)

    #2: GUEST: this SSID would be secured either with WPA and a guest key or open/no key and authentication via a login web page. It should be configurable for either internal & Internet or only Internet access (like PUBLIC). Also like PUBLIC it could be limited to a specific maximum bit rate and hours of operation by the owner.

    This allows the OWNER to decide if they want to share their WiFi with friends and/or neighbors without impacting the internal network or business/family network access. This feature should be required in order to maintain WiFi alliance certification.

    1. Anonymous Coward
      Anonymous Coward

      wrong way round

      The default should be that manufacturers supply suitably secure equipment for the protection of their customers.

      Yes, and to that end, they should also make it easier to configure for the less gifted. simple options during setup like "do you want all and sundry to use your network to connect to the internet Yes/No?"

      Your ideas are more complex - not less.

      I may recall wrongly, but the terms of service of some ISP's may limit "free" use by others.

  17. Anonymous Coward
    Thumb Up

    But the point is...

    That the people then have a choice.

    If they want to allow strangers to use their wifi then so be it. Truth is, the Finns are generally pretty decent and there wont be the alarmist reactions when someone uses a free wifi hot spot to download donkey porn.

    Unlike here.... Someone think of the donkeys.

  18. Anonymous Coward
    Thumb Up

    How forward thinking

    Now if only they'd do the same everywhere

  19. compton
    Big Brother

    Fingering Net Criminals

    If you have an open wireless network accessible to any passer by, how can you be held responsible for activity on that network?

    Say for instance a recording company monitors your IP and downloads copyrighted material from your IP. What grounds would they have to demand unreasonable amounts of money from you if anyone could have been connected and performing said criminal act using that IP?

    I think this has always been the reason for laws like this, rather than protecting bandwidth of unsecured WiFi networks.

    Also it is possible to encrypt a WiFi signal but not use authentication, this article appears to confuse the two concepts in places.

  20. Adam 38

    Hybrid WiFi

    This causes a number of problems for owners of the WiFi access point:

    1. Contract with ISP says they can't share connection with 3rd party

    2. Illegal activities commited on said WiFi

    3. Owner of WiFi ends up paying per-GB for excessive usage.

    Personally I have a relatively unlimited internet connection. I think it would be good if people were able to offer an unpassworded DMZ on their internet connection (with minimum QoS priority) for guests to use. This would be especially useful in metro areas.

  21. Anonymous Coward
    Thumb Up

    common sense

    it's only common sense and we should follow suit here, after all for every person who isn't clever enough to secure their network there's a person who's not clever enough to realise they are connected to an unsecured network without permission. why should one be a criminal and not the other?

  22. Henry Wertz 1 Gold badge

    sensible

    this is perfectly sensible. If the user cannot trouble themselves to at least put on wep, i think they are de facto signalling they have an open access point.

    i disagree that it's hard to monitor for unauthorized users though. My wrt54g with dd-wrt lists clients right out of the box, and a lot of stock aps do too. But of course if the user can't even trouble themselves to set a password, they won't be looking.

  23. Chris Hatfield

    clarify, please

    What, so it's illegal to NOT encrypt or password protect your router, if you are a Fin? And they're dropping the leglislation because no-one really pays any attention to it?

    1. foo_bar_baz

      No

      It's currently illegal to use someone else's wireless network without their permission, regardless of whether it's encrypted or not.

  24. Winkypop Silver badge
    Thumb Up

    My goodness

    A government with common sense!

    Who'd a thunk it?

  25. Anonymous Coward
    Anonymous Coward

    Unlocked doors?

    I wonder if they will legalise burglary if someone leaves the door to their house unlocked.

    1. M Gale

      Sure..

      ..when TVs are downloadable for free and cost nothing to replicate. Like 1s and 0s.

      1. Anonymous Coward
        FAIL

        "They're paying for access ..."

        Remember saying that? *They're* paying. not the tapeworms like you. The house analogy works perfectly for people who look at principle rather than try to rationalise being cheapskates. Moron. Cost nothing to replicate. What a complete plonker you are.

        1. M Gale
          Troll

          They've got a cave troll

          Yes, they are paying. And spewing it out into the street for everyone to take part in.

          Analogies like this are awful, and comparing a router set up for public access to a private house is even worse. "Moron".

          Spend five minutes to set your encryption up and you won't have a problem. Don't bother, and you'll get people taking advantage of what you freely give them. Campaign to make it so connecting to a publically-available wifi point is illegal, and you cut off the revenue of any small wireless ISP who isn't called "BTOpenZone".

          Got anything other than insults, or is that your best?

  26. Henry Wertz 1 Gold badge

    Too complicated...

    @Alan Thompson, you're making it too complicated. If APs shipped from the factory with a "PUBLIC" SSID, you'd just have clueless lawmakers claiming "Well, they didn't mean it, they just didn't set up their access point", just as they claim now (although not in Finland apparently.) I've seen so many buggy as hell APs, I'd rather companies focus on making sure the AP works than trying to do 3 SSIDs at once, traffic shaping, captive web portals, etc. DD-WRT does all of this if the user wants it.

  27. HonestM

    legal, ok - illegal, huh? SECURE - YES!!! stay private use SwissDisk FREE!!

    the bottom line is if you are brave enough to transmit any personal data over an unsecure link then you just might pay the price of a breach of personal privacy... OR... if you need to access sensative docs or sync your contacts, calendar, etc. then try a FREE account over the always secure, end-to-end encrypted webDAV servers at www.SwissDisk.com ... enjoy and please someone point out the WiFi police when they are headed my way!! Please! I don't think so?

This topic is closed for new posts.

Other stories you might like