[sllug-members]: Bill to restrict open wireless access

[Scott K]

On Jan 23, 2008 1:40 PM, Adam Barrett <dragen at gmail.com> wrote:

> Given that war driving is legal (isn't it?) wouldn't that make the
> owner of the network free and clear or the offense? I am no lawyer,
> but it sounds good.


War driving isn't generally illegal until you bother someone. Once you are
loitering, sucking down bandwidth or using the anonymity of random access
points to carry out threats, spam, slander or attacks, you can be prosecuted
for "hacking into" /"illegally accessing" /"trespassing"/ a "network" or
"computer system" in addition to any other crimes you commit, including the
loitering charge. You may even be jailed for "unauthorized access to a
computer network", a felony. Britain and some US communities have more
specific laws specifically prohibiting access to open networks without
permission. It is pretty ridiculous how they will sometimes charge people
with trespassing/"illegally accessing a computer system" when all they have
done is access the public internet. War driving shouldn't be a crime if your
taking care of personal business, just don't bother people or sit
suspiciously in your car so that you bother the neighbors, and you should be
fine.
http://wireless.engadget.com/2005/07/06/beware-the-wardriving-menace/2

Providing an open wireless access point is frequently against ISP policies
since they want more subscribers to pay their flat access rates. While ISP's
may claim you are stealing by sharing bandwidth, legally there isn't much
they can do, and they probably would just cancel your service over breach of
contract if your offense were particularly egregious. If however, someone
cruelly repays your generosity of sharing your wifi by cracking, spamming or
other illegal activities, you could possibly be visited by law enforcement
or RIAA lawyers, and it might take some work to prove you are not involved.

Another concern is the security of your data. As a war driver, you are open
to complete snooping of unencrypted traffic, including stealing session ID's
with webmail providers and other less secure institutions. If a sufficiently
advanced cracker owned an access point(the easy part since few have changed
the default password), and had a website with a security certificate, they
could produce  Man in the middle attacks by forwarding most any website you
visited, collecting your login attempts and hitting your account themselves.
Who honestly checks the registration every time they visit their bank or
stock site. This is generally the best reason to have the highest level of
WPA set up on your personal wireless use. A well designed VPN client should
protect you from such interceptions and safely place you on your VPN'd
network. These concerns are especially strong for the public places targeted
by this bill since a malicious hacker could gather the most personal data in
a non-suspicious place like a starbucks or a hotel lobby.

I personally would prefer to have more open friendly networks, and that
people would be respectful in using them. Some would also call it necessary
for free anonymous speech and whistleblowing in a surveillance society. In
some cases, older equipment and operating systems lack support for newer
encryption systems and protocols, and you have little choice about the
security level of your network. The sad truth is that my friend had her
access temporarily disabled by her ISP when a spammer abused it in her
complex. Just think if her abusive neighbor had threatened the government. .
. Like all parts of life you need to make security trade offs when you use
any network (wired or wifi) or open access to your personal network.

Scott K.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://sllug.org/pipermail/sllug-members/attachments/20080124/1ae14bfd/attachment.html