by Derek Kerton

Filed Under:
free-riding, security, wifi


Security Firm Sophos Calls WiFi Piggybacking 'Stealing'

from the mischaracterizations dept

It should come as no surprise that a security firm, in this case Sophos, is casting the act of using a neighbor's unsecured Wi-Fi access point as a crime. The bigger the threat, the more money there is for security solution vendors and consultants. In the latest research, Sophos found that 54% of wireless users surveyed had "stolen" access at one time or another. The report then frames these casual users as thieves by lumping them in with the epithet "cybercriminals". Techdirt's position has been steady: If a hosting Wi-Fi owner transmits a signal into your property or public area, and that signal proactively announces an SSID which functions like an invite, yet the host has left the network unlocked, then the host's DHCP server actively accommodates the guest and offers an IP address for them to use... then why would any casual user suppose the host's intention is not to share that Wi-Fi? Certainly the host's actions indicate an intent to share. There is no lock breached, there is no violation of private property. There is no trespass. But forget these technical arguments, let's look at the Sophos data: a 54% majority of Wi-Fi users have shared someone's Wi-Fi (and I'd say more have but weren't aware). Are the majority of people really cybercriminals? Also, if victims need to be told that they were "robbed" by Sophos research and a press release, and sensationalist news stories, just how victimized were they? Yes, there are real risks to offering an open AP, so we advise most people to lock down their Wi-Fi. That doesn't make criminals of cybervisitors.

Obviously, the situation can be very different if just a few parameters are changed:
  • If ANY kind of hack or bypass is needed to get through some form of security, then the innocence of the visitor is highly dubious. Even the easily hacked WEP is 100% functional as a signal that the host does not want "visitors".
  • Any kind of viewing, or messing around inside the host's LAN, PCs, and other equipment is illegal through existing laws. Doing so is no longer a victimless activity.
What do Techdirters do? We would advise turning on some form of security for most people out there. It's damned easy, so check your manual. But, calling people who use open WiFi criminals is just wrong.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Nic, 15 Dec 2007 @ 7:31pm

    Let's just say, for a moment,I agree that the airwaves are entirely public, is the information contained on those waves public? Who owns the information?

    Most of the unsecured communication I do over wifi is chat and web surfing. (I use otherwise secured media for other uses). If I happen to be doing some web shopping and don't realize that I am providing my visa number to an unsecured server, does my number now belong to the public?

    I think not. I may have been stupid but using it is still a crime. Being stupid may well invite crime, but, it neither excuses it, nor, makes it legal.

    All sorts of radio transmitted data is done so with the assumption of ownership. You cannot redistribute broadcast television, for example.

    The HAM argument only goes so far. HAM radio is meant to be open -- and non-commercial -- communication. WiFi doesn't have those requirements, and, it's reasonable for a non-technical (say someones grandmother as used in an example previously) to assume that, like many other areas they see as protected radio communication, their WiFi protected against unauthorized use. (like their radio, television, cell phone, etc.)

    Also HAM operators may not use their gear until they are licensed to do so -- and such licensing implies agreement on standards and rules. WiFi doesn't have that arrangement. I would caution, however, that requiring WiFi users to be licensed, another medium would replace it.

    In my state you can be arrested for using unsecured wifi (and it has been done) as "Theft of Services".

    To use the open door analogy, the open door doesn't authorize use of the stuff inside.

    But the problem is not going to be solved by legislation and law enforcement alone, nor is it going to be solved by waggling a finger at people who know the technology.

    The problem, and it sounds like this is happening, needs to be addressed by the hardware mfgrs, by making their devices default to, at least, WEP.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.