An open wireless network is like a TV facing your front window with the blinds open. You could close the blinds, or move it away from the front window, but if you choose not to, you shouldn’t be surprised if people on the sidewalk start watching TV through your window.
Any reasonable person should know that if he can connect to his wireless network simply by turning on his laptop, anyone else will be able to do the same. A wireless access point’s security features and range are advertised on the box; anyone who is unaware of them is simply negligent.
At a technical level, the situation is even less sympathetic for the ignorant network owner. Open wireless access points advertise their presence by broadcasting a network identifier (which can be turned off), they allow anyone to connect to the network (which can be turned off via encryption or MAC filtering), and they assign an IP address to anyone who asks (which can also be turned off). It’s like putting a sign in front of your house saying “Keg party inside!”, leaving the front door open, having a friendly robot inside handing out cups… and then complaining that strangers are drinking your beer.
Depends a little on the details of the case (which weren’t given in the link.) The main issue being whether this guy had got into an encrypted network or if it was open access.
I agree, if he actually broke into a secured network, then throw the book at him. But it seems unlikely - unless he actually knew the homeowner or had some reason to use his network specifically, he could easily have kept driving until he found one that was open. And while the articles don’t actually state that the network was unsecured, quotes like “For as worrisome as it seems, wireless mooching is easily preventable by turning on encryption or requiring passwords” hint that it was.
Except that the law directly addresses the unauthorized use of computer networks, and explicitly makes it illegal.
If the above is an argument that the law should be changed, I have no comment. If your words are intended as an argument that the current law does NOT prohibit such access, you’re simply wrong.
In Squink’s link the owner says he hadn’t bothered securing his network. I wonder if they may have persued the charge more because of what he was using the connection for rather than the fact he was using someone’s wireless connection.
Probably a good thing to get a few test cases out of the way.
Please bear with me as I stretch out that keg party scenario even more. Suppose I buy the “friendly robot”, a Barmaster 3000, to act as a bartender for my private parties. I leave for work in the morning, and find that when I get home, all my beer is gone because the robot threw a kegger in my absence, setting the sign out front, opening the front door, and handing cups out to everyone who walked in. The robot comes preset to kegger mode, and I should have known this because it’s mentioned on the packaging and in the manual, but I (like the ignorant wireless network owner) chose not to learn about it before turning it on.
Would it be incorrect to say that I had implicitly authorized the use of my beer by setting this process in motion? After all, some people buy the robots explicitly for the purpose of throwing public keg parties (just as many open wireless networks are meant for public use), and there’s not really a way that a stranger would know I didn’t intend to do so.
If the law allows for the possibility of implicit authorization, then I believe this is exactly the kind of case where it should be used. If not, it should be changed.
While “authorization” is going to end up being a question of fact for a jury to decide, there is absolutely no guarantee that a jury will buy the concept of “implicit” authorization. In other words, a jury might decide to let a guy off the hook – but if they didn’t, he’d have no recourse; on the record, he’s guilty.
I am not a lawyer, so let this be my disclaimer that anything in the following post may or may not make any kind of sense whatsoever.
It seems to me that the question of implicit authorization is an important one here. Florida Statute 815.06 provides that anyone who accesses (or causes to be accessed) a computer system without “authorization” is guilty of a third-degree felony. This seems rather vague, especially considering that chapter 815 (the chapter specifically for computer-related crimes) does not define what constitutes “authorization”.
So just what is “authorization,” then? In the case of an unprotected wireless access point, the device will happily grant access to anyone who requests it. This is a form of implicit authorization; there are no protective measures in place, no screening, no authentication, nothing. Ask and ye shall receive. However, if they’re charging this Benjamin Smith under this statute, the prosecutor is clearly asserting that implicit authorization does not constitute authorization under the provisions of 815.06.
Where, then, does that leave all the people who use a browser to view pages on the World Wide Web? None of these have explicit authorization to access those networks from the owners of those networks themselves. They have only the implicit authorization granted to them by the networks and protocols.
So, what I’m saying is, wouldn’t this strict reading of 815.06 make everyone who uses a web browser in the state of Florida a felon? If you know more about the law in this case than I do, feel free to laugh at me now.
(Also, I recall reading earlier in the thread somebody saying that there was a federal law against this sort of thing; that’s actually not the case. Check 18 USC 119.2511 (subsection 2g) - it specifically exempts access to devices that are configured to be available to the public, such as an unsecured wireless router.)
If this law is interpreted to mean you can only connect to a network with the explicit permission of its owner, then what’s left to stop any webmaster from suing people he doesn’t like who happen to have visited his site, claiming he didn’t authorize them to connect to his web server?
It seems to me that the fact that the network is set up to allow connections from the public is authorization enough. According to Squink’s link, the person running the network knew that his network was set up for open access and decided not to do anything about it. How can he possibly claim this use was unauthorized when he chose to allow it?
Even if he told the guy to stop using his network–which it doesn’t sound like he did–I still question whether it counts as unauthorized use, since he didn’t take any steps to actually prevent him from using it. I suspect I’d be laughed out of court if I said “Bricker, I forbid you to visit my web site” and then sued Bricker for unauthorized use of my network if he ever visited it.
I’m a big fan of the trespassing analogy with this topic. You don’t need to put up a fence, you DO need to put up signs that say “no trespassing” or tell the person directly to not walk on your land. The law doesn’t seem to require a no trespassing sign for computer networks, it requires a “trespassing allowed” sign. Note that you are always allowed to enter property that is designated public, like a restaurant or website, it’s “private” property that is the sticky point.
I think that this is going to be a situation where the exceedingly vast majority of offences will just go unpunished, as the authorities don’t really worry about it. They’ll tack it on to other crimes or arrest someone if they are exceedingly stupid about it, like our buddy Smith in FL. He’s sitting outside a guy’s house for hours, late at night, of course the cops are going to be called.
Are you serious? Someone has gone to the expense and effort to set up a service and is charging people for it – this is like the air or the sun? Someone is controlling this service. It can be turned on and off.
Despite all the theorifying going on in this thread, I’m fairly confident that courts are not going to have much trouble deciding that people know or should know that they are not authorized to use a service that is generally offered for a fee unless they’ve paid that fee.
Do people have to post notices on their cars that say “prior authorization required for use” because otherwise you just wouldn’t know whether you have authorization or not to drive off in it?
When someone sets his suitcase down at the airport, must he hang a sign on it saying “this is private property; do not use without express authorization from John Doe” or else anyone would be justified in walking away with it?
If I show a movie in my backyard on a big screen projector, and my next door neighbors sit in their backyard and watch it too, without my express permission, are they stealing from me? Could I legally chase them from their back yard, since I ‘own’ the right to view that movie?
An unlocked door handle does not discriminate between those who should be opening it and those that shouldn’t. That does not mean that a mechanical device implicitly grants consent to enter to whomever dares twist the knob. If I leave my front door unlocked, and someone opens the door and walks in, it is lunacy to believe that the door gave “authorization” to the person to enter; moreover, that the “authorization” of a mechanical object somehow overrides the will of the person who owns it. The simple functioning of a mechanical device ought never be viewed as an intelligent process capable of decision, especially for the purposes of the law.
Same thing with wifi. Authorization is what the owner says it is, not what the device might do in response to computerized instructions from any party who might come along.
Authorized clearly should mean authorized by a human.
I’m not sure why a web site would be considered public if a wireless network isn’t.
If one of my computers is running a web server, because I haven’t bothered to turn it off or secure it (even though I don’t want other people using it), then what’s the difference between someone connecting to my server and someone connecting to this guy’s wireless network?
Do you run a commercial theatre in your back yard? Do you customarily charge people for it and are your neighbours aware of this fact? Is it common for people to charge people to watch movies in their back yards? Would your neighbours have to go out of their way to avoid seeing the movie?
Being unable to avoid seeing a movie being projected just beyond your property’s borders is not comparable to actively logging on to a computer network service that you are fully aware that you haven’t subscribed to.
There’s a huge difference. Only one computer can transmit at a time, so having someone else use the network potentially means that legitimate users would be unable to use the network for a short period. Obviously that would only be a problem on a busy network, but it still goes to show that the analogy doesn’t fit at all.
Yes, because the whole point of a website is to serve pages to the public. It’s a reasonable assumption on my part that an unsecured website is meant to be used by the public. That assumption simply doesn’t hold for a unsecured private network. Again, it doesn’t matter if I leave my front door wide open, with a big neon sign pointing to it saying “Hey look, this door is open!”, it still doesn’t give someone the right to walk in and help themselves to what’s in my fridge.
Unfortunately, while you propose clever theoretical problems, you are going to find that judges take custom and common sense into account. It is the custom that when someone posts something on the Web that he or she expects that people will access it and if controlled access is desired, controls will be installed. On the other hand, it is the custom that Internet access service providers allow only those who have obtained prior authorization in order to use their services.
