The fight for free wireless connectivity
Unfortunately, being Managing Online Editor means that my job doesn’t really stop once the paper’s uploaded in the morning. I have to yell at New Digital Group, our server’s administrators, when things go down, and I also have to keep up on my e-mail from various reporters and other editors from within the Daily. Due to my on-call status, I almost always have my iBook with me to check email and update the Daily’s website accordingly. Monday evening was one of those days when I had a lot of administrative email to answer, so my iBook accompanied me and my friends to dinner at Grizzly Peak on Washington. How’d I check my e-mail from Grizzly Peak? With wireless, of course. When I opened my iBook, my Airport card detected – and was able to connect to – seven different wireless access points, free of charge and free of any protection whatsoever.
There are many in legal circles that consider this unauthorised wireless access a computer crime, since the wireless user is technically freeloading on someone else’s bandwidth; at the same time, many enthusiasts believe that the wireless access points were left unprotected either for public use, or by users that shouldn’t be ignorant enough to keep it unprotected if they cared so much.
There’s actually quite a case on both sides of the argument, and it was just last April when the first wireless hijacker, a man named Benjamin Smith, was arrested in Florida after stealing someone else’s wireless access from an SUV outside a residence. While this is rather different- and much less targeted- than me sitting at a restaurant downtown to check e-mail, the action of connecting to an unprotected wireless network is entirely the same.
For those unfamiliar with the minutiae of wireless access, “wireless�? is a general term for a technology which has a full name of Institute of Electrical and Electronics Engineers 802.11 Wireless Local Area Network Specification, generally shortened to IEEE 802.11, or simply 802.11. The 802.11a, 802.11b, and 802.11g that some are familiar with are revisions and changes to the original 802.11 specification. Since calling something by its number is best reserved for those on North Campus, marketers and support groups have been quick to give wireless networking catchier names, such as WiFi and AirPort. Regardless of what you call it – 802.11, WiFi, or AirPort – we’re all talking about some variation of the same standard.
Most wireless access points (or, in many cases, wireless “routers�? for residential broadband use) broadcast their name in what is technically called the SSID, or Service Set Identifier. The actual technical details are rather unimportant; the SSID simply allows your computer an easy-to-find access point. The University wireless routers use “wireless�? as their SSID; you may have also been on networks with Manufacturer names such as “linksys�? or “Netgear�?, usually a sign that the user hasn’t changed default SSID. If you’re a geek like me, you probably changed yours (or shut off SSID broadcast altogether for security reasons.)
When your computer is disconnected from a wireless network, most will attempt to find all wireless access points within range. These SSIDs are usually displayed in a Window on a Windows XP computer, with your choice of connection. On an Apple computer, OS X will automatically choose one it thinks is the best for you, and ask you if you’d like to connect to the network. If the network is unprotected, that is, not password protected by either the WEP or WPA authentication standards, you’ll be able to connect – and use the network – without any authentication necessary whatsoever.
According to the State of Florida where Smith was caught, as well as our own state, this is technically unauthorised access to a computer network. After all, you didn’t get permission to access it, and it’s also neither very easily traceable back to your computer once you’re gone nor detectable when you’re on the network. In April, Smith was caught outside the house of Richard Dinon, a veterinarian, in Saint Petersburg, Florida, with a laptop in his SUV. After Smith wouldn’t leave after being approached twice by Dinon, Dinon called the police. Smith was eventually arrested under Florida statute 815.06, for “wilfully, knowingly, and without authorisation… [accessing a] computer network�?, a third-degree felony. (The State of Michigan has a similar law, MCL 752.795, a misdemeanour.)
On a technical level, this is exactly what happened on my computer at Grizzly Peak – I certainly didn’t have any written permission to use the access point - and is also what happens to thousands of computer users each day; many wireless drivers automatically connect you to unprotected networks. According to the law, it’s illegal; after all, criminals could use the unprotected connections to download pirated software, credit card numbers, child pornography, or whatever else they found in the Internet’s massive underground; however, I’ve certainly never – and I doubt any of us have – used someone else’s wireless connection for such things.
The standards are in place for protecting your wireless access points, which leaves the question of whether or not the network was intentionally left open, a question that is not easily answered in the courtroom. After all, many of us use the wireless access at coffee shops such as Espresso Royale and Rendezvous daily, free of charge; although it’s free for public use, we’ve never signed any contract with them asking for their express permission to use their networks. It’s implied. How, then, can’t we say that those other open access points weren’t open for public use? The SSID was advertising the access point’s existence and its unprotected state. As far as I’m concerned, enforcing a network security law for unprotected access points in this manner is much like setting a sign on your front lawn that states “Free Parking�?, letting people park their vehicles on your property, and then arresting them for trespassing charges.
Of course, we can always solve the intrusion issue on a community level, which many communities are doing, by building citywide “mesh�? networks, which literally entail the scattering of truly public access points around the city. Many municipalities have begun building these networks for both private and public use with varying amounts of success. (The University has a large-scale wireless network much like this, allowing wireless access throughout the Diag for its own students, faculty, and staff to use.)
My personal favourite solution to the problem is simply this: don’t do anything. All unprotected access points should be considered implied as free of use and within the public domain. This is the way many of us treat those networks when we use them, so we should treat our own that way as well.
What if you don’t want to deal with the liability of having unknown users mooch off your bandwidth bill? Please, by all means, stop the ignorance. Very few people read the owner’s manuals of the devices that they own, which clearly state the ways – usually through step-by-step tutorials – to turn on password protection and configuration of the wireless access point if you don’t want people accessing it publicly. Having no manual is also no excuse; a search for “protect linksys access point�? (Linksys being a prominent access point manufacturer) yields over 210,000 results on Google, not to mention the manuals downloadable on Linksys’s site. If you want to keep your network private, make it so. Do not broadcast your SSID and then fret when someone uses a network you had advertised as unprotected. If you do care this much and have decidedly left your network open out of ignorance or sloth, remind me when I come over to your place. I’ll be sure to park my car in a municipal structure as well.
Type a Comment
Incoming Links
There are currently no links incoming to this article.
Comments
Liz
posted 3 years, 4 months ago
If you’re interested in learning more about how unsecure wifi really is - you might want to check our http://www.lucidlink.com - there’s this demo on wifi hackers. I found it pretty interesting - its worth a look.
Zach
posted 3 years, 4 months ago
The way I see it, an open wireless network is a lot like a jewelry store. It’s there for people to “use.” However, if a jewelry store didn’t arm it’s alarm or didn’t bother having security cameras around the ensure security, would it be any less illegal if you robbed the store? Wireless networks have security measures – WPA, WEP, MAC address filtering, disabling SSID broadcasting – the owner’s negligence in using them does not and cannot imply that anyone has free access to those resources.
I have no problem with people connecting, and only connecting, to wireless networks. They can do that as long as the want. The trouble starts when they use network resources such as bandwidth and other computers connected to that network. It’s already illegal to that through wires (hacking in to a remote server and using it as an FTP dump, as an example). How would you feel if someone hacked into your network and started using your bandwidth for their own purposes, illegal or not?
Also, don’t forget that the only person affected here isn’t the person broadcasting the wireless. Say you live in a city where the only broadband provider is Comcast. Someone broadcasting “free” internet that Comcast is leasing to that person causes Comcast to lose money and potential business whenever someone else uses it.
Any enthusiast that claims that there is nothing wrong with using open access points without express (not implied) permission is living in a fantasy world. That’s my 2¢.
eston
posted 3 years, 4 months ago
If Comcast or an ISP is decidedly worried about it, Comcast should make sure that their clients’ routers are secured. I think they have more than enough clients to where they aren’t worried about it. SBC, on the other hand, seems to care, and they send out their 2Wire home portals with 128-bit WEP enabled from the beginning.
Your jewelry store analogy is great, but at the same time I think you’re trying to exaggerate the issue. There is no larceny or grand theft of something that’s extremely valuable (most of these lines cost minimal monthly fees; they’re not OC3s) involved in using an unprotected network, and, at the same time, it also requires minimal (and sometimes no- the drivers on my last wireless card would automatically connect to the strongest unprotected signal-) effort in a lot of cases to connect to an unprotected network. In fact, there isn’t any “hacking” involved at all.
If you sat around with AirSnort and cracked WEP keys, then, as far as I’m concerned, you’re doing something malicious. You’re connecting to a network by force and not by any easy means; it actually took some sort of effort to enter the network. A user can easily play the “my computer connected automatically” game in court, and I’d say they’d most likely win. After all, it’d be mutual ignorance on both the owner of the AP and the connecting 802.11 card.
Also, if someone hacked my network and was using my bandwidth for checking email or browsing the Internet, I’d honestly not be very frustrated. I’d sit back and say “well, I lost that war,” and figure out where I went wrong in computer security. If they were using my bandwidth for illegal purposes, well, then it’s an entirely different matter altogether. Your 2¢ are a valuable contribution to this article and while I respect your opinion, I don’t think your points are relevant to my own experiences.
Once again, I’ll go back to my original point: I’d say that most of the users are honestly too lazy or ignorant to protect their access points, so I believe it’s just as much their fault for not doing anything to make their access exclusive as it is the user’s for connecting.