Archive for the 'Security' Category

In yet another totally sensational and incorrect article by TIME Magazine, Confessions of a Wi-Fi Thief, Lev Grossman expounds on the illegality of accessing unprotected wireless networks. The mere concept of this being illegal absolutely enraged me. Enough so to actually do some real research on the subject.

First off, let’s actually read this law that Lev cites. Title 18, Part 1, Chapter 47 of the United States Code, it doesn’t even to begin to cover wireless piggybacking. What it actually covers is the theft of data, whether it be personal or financial from government computers or other data that the government deems to be sensitive or a matter of national secuity. It does not in any way whatsoever make it illegal to piggyback off Internet connections.

This law is all about what data you access from a computer you aren’t authorized to use. So yes, if you piggyback on someone else’s wireless connection, and you actually steal private data, or attempt to extort that person or install a virus that causes damage, you are committing a crime, as to be expected. But if you just check your own email or surf the web for any publicly available data, you have NOT committed a crime. 

No wonder TIME and Lev didn’t bother to actually link to this law or cite how it applies. Instead Lev quickly moves on to the unethical nature of this activity. Let’s address the ethical issues later on.

So it’s definitely not theft. You aren’t depriving someone else of the use of their wireless router or signal. If anything, it’s trespassing, which is not theft. And frankly, WiFi Trespass isn’t nearly as sexy and sensational of a headline as the phrase WiFi Theft.

But let’s examine this trespass idea. Some will argue that accessing an unprotected network is like entering a house where the door is unlocked. I see it more as entering a piece of land that is private property, not a house per-say. 

In an article on Tech Dirt on the same subject, a fascinating discussion has been taking place. Readers have been arguing both sides of the issue with amazingly concise statements. An ‘Anonymous Coward’ wrote:

There are laws stating that if you want to enforce a “no trespassing” law on your property you must post highly visible signs all over the place.

This is totally correct. In order to enforce no trespassing, the landowner is the responsible party for clearly notifying a passerby of the landowner’s right to prevent that passerby’s access to said land. It is not the responsibility of the passerby to contact the landowner and find out if that land is open for public use. 

If you leave your wireless access point open and unprotected and allow it to freely broadcast it’s SSID, you are inviting people in.  And you are definitely not posting keep out / no-trespassing signs.

In my research, I was only able to discover one state, Michigan, where wireless piggybacking actually resulted in an arrest and successful prosecution, however, this was done under a Michigan law not a Federal law. The man, Sam Peterson II, charged and sentenced with this ‘crime’ received a fine and community service for the activity.  I also found a case of a 21 year old Alaskan man being arrested for wireless piggybacking, here, but I could not find any evidence that he was convicted of a crime.

The independent research Wood TV8 did after the Michigan man was charged uncovered this:

New York’s Westchester County is trying a different tack. Their local government said it’s up to WiFi subscribers to protect themselves against piggybackers

To date, no one has been successfully prosecuted for wireless piggybacking with the Federal law Lev cites. The example Lev uses is the one I linked to above in Michigan, though Lev incorrectly states it’s Cedar Springs, Mich, when it is really Sparta, Mich, or so I assume since the TIME article lacks even basic citation or links.

In Briton, at least one person have been successfully prosecuted for piggybacking on wireless connections. However, that is Briton, not the United States.

Now, onto the ethical implications of wireless piggybacking. I for one don’t find it in the least bit unethical. Many people I know intentionally leave their wireless access points open in order to ’share the love’ of Internet access. I personally choose not to keep my network open because of security and connection speed concerns. For many years, I left my wireless router open, but too many individuals piggybacking on my network caused it to slow to a crawl. The connection speed became so intolerably slow I was forced to close my network off from the public and neighbors. 

Whether your wireless access point is left open because you choose to share or your incapable of protecting it, it’s an open network and both strangers and friends should feel free to hop on your network and surf away.

Many thanks to Cornell for providing US Code and law online.

Yet another case of big brother spying on your web traffic surfaced recently. Wired reported that British Telecom, an internet service provider, secretly partnered with Phorm to inject JavaScript into all pages served to 18,000 of their customers. The JS code was used to track users’ movements on the web and serve up ads accordingly. Some users believed their computers had been infected with adware when the JS code Phorm injected caused their browsers to crash.

The desire to better target ads to consumer use has been a long sought goal for many companies. Both AOL and Yahoo have purchased or constructed similar ad tracking software recently in order to better target ads to users. AOL calls their software Platform A. Yahoo calls their software Amp. Additionally, Google surfaces targeted ads in their search results based on the search terms, known as Google Ad sense / Ad words.

Internet users who ever believed their surfing was anonymous are naive. Any web developer knows that every connection to a server passes, at the bare minimum, an IP address. But has British Telecom gone too far? Unlike Google, Yahoo and AOL who can only track your movement on their sites, BT tracked all traffic regardless of destination.

As the web becomes even more social, the sense of anonymity once present in early days of the web is quickly fading. Google popularized email addresses that are your real name. Long gone are the days of obscured screennames once so common to Hotmail and AOL. This movement came with the loss of some privacy, but users could feel secure knowing that surfing from one random website to another didn’t mean seeing ads from the last style site you visited. If a user had just spent an two hours looking up travel destinations, they could rest assured that they wouldn’t see travel ads when surfing to a music site. But, as companies seek to improve ad revenues, they will all desire to garner higher click thru rates and higher profits to pay for the vast server farms needed to sustain their companies.

You can find the original leaked report on Wiki Leaks here.