Jailtime For Leeching Wireless? 587
jginspace writes "A 17-year-old from Singapore is is facing three years' jailtime for accessing his neighbor's wireless network.
His neighbor complained and now the unfortunate Tan Jia Luo is facing charges under the computer misuse act and is scheduled to appear in court on Wednesday."
Pretty open and shut (Score:5, Insightful)
I just hope the conviction isn't too harsh. A fine would be more appropriate than jail time.
[1] And yes, I have told him to fix it. Even did the neighbourly thing and secured his network for for him. The following day he removed my configuration because "he didn't like entering a password". He'll learn the hard way eventually.
Re:Pretty open and shut (Score:1, Insightful)
But if it was unsecured, it wasn't possible to break in.
Re:More info (Score:3, Insightful)
Besides, it's possible to open a typical house lock in about 30 seconds with a lockpick. This does not make it OK to break into someone's house. It's possible to snoop on someone's cordless phone. This is illegal. Using a wireless network without permission is the same thing.
Yet another useless comment (Score:3, Insightful)
The only real solution I see to this is to secure ALL wireless networks out of the box. It would keep windows from auto-attaching, and would make anyone logging into one liable if someone complained. The argument "well I didn't know I wasn't supposed to be there" goes right out the window. Then, if you decide to unlock your network, everyone knows that you meant to, and not that you're some fool that said "I want a wireless network! yay!" without knowing what that really means.
Re:This is absolutely right. -- Is it? (Score:3, Insightful)
When I first turned on a new mac notebook recently, it auto searched for networks and found one. Would using that network be wrong?
Yes, it is wrong. The user agreement for virtually all ISPs does not allow their users to share their internet connection wirelessly, no matter how generous your neighbors feel. Permission is not theirs to give. If a friend of mine had 1 Bears football ticket and tried to sneak me in with him, we would both be in the wrong.
--
Re:This is absolutely right. -- Is it? (Score:5, Insightful)
False. Yes, most consumer ISP service agreements forbid this. There are significant exceptions. And almost any ISP that has any non-consumer operations will sell you a connection that you can share if you're willing to give them enough money. I have a "legal" open wireless network, with the permission of my ISP, and so do lots of other people. There is no reason my users should assume my network isn't legitimate.
If you leave a network wide open, you are doing the only thing you can to invite people to use it. Absent information to the contrary, there's no reason it should be forbidden to assume the good faith of such an invitation. If your ISP service agreement doesn't permit you to share the bandwidth, then you need to close down the network, or somehow put people on notice that they can't use it. Only you, not the users, are in the wrong if you don't.
Re:There's a saying... (Score:2, Insightful)
Re:More info (Score:5, Insightful)
That said, radio devices are not homes, WEP is not a lock, and accessing a device which sole purpose by design is sharing access is not invading private property. Metaphors are not real. Radio is not "yours", ideas are not "yours". Such semantic confusion -- intentional confusion -- leads to things like 17 year old kids going to prison for a crime that only exists in the the minds of hornswoggled. The thing to look out for in the years ahead is the first execution of a person for "stealing" a metaphor. Probably going to happen a lot sooner than even I believe it will.
Re:More info (Score:5, Insightful)
That being said....with open wireless access points? Jail time? I mean, c'mon!! AS I posted on the story about 5-10 yrs. in prison for Dos attackers....let the sentence reflect the severity of the crime!!
Violent offenders can and do get off for less than 3 years!!!
If someone leaves an AP on and open...I think that is pretty much a free invite to join in...
And if not...well, for sure it isn't worth imprisoning someone 3 years!!
Re:Pretty open and shut (Score:1, Insightful)
While this may be cut and dried by Singapore legal standards, it is murky at best in most western countries. He clearly didn't break and enter in the physical or electronic sense as there was no security. Trespassing is also quite murky, as the completely unsecured signal reached into his residence as much as he reached back into the unsecured residence. So if he was trespassing why wasn't the signal's owner? Also, in no sense would the signal's owner have a reasonable expectation of privacy without even paying the slightest lip-service to security. The signal was being openly broadcast; how is anyone to know that something looking like a free wireless hotspot was in fact the network of an private citizen when they made no attempt to restrict public access? The accused does not have ESP. (To correct your analogy, this is like someone running their phone line into your house and mounting the phone on your wall.) Further, depending on the alleged criminal's operating system, it is quite possible that he had no knowledge of what was happening. This are but a few of the tracks I would use to argue the case were I still practicing.
Before firing back more analogies, perhaps a letter to your congresscritter urging modernization of computer criminal statutes would be more useful. We can debate ad infinitum, but that will change nothing in the real world. Until there is recognized legal standing upon which precedence can be built, these types of activities will not be addressed in anything approaching a consistent manner.
Re:open on purpose or not? (Score:1, Insightful)
How is this a crime? (Score:3, Insightful)
An open network is OPEN.
A password-protected network is CLOSED, but open to those who have the password.
If anyone hacks the password-protected network and bypasses the password protection, this is trespassing and misuse.
I live in a large house with lots of apartments with many neighbors who possess such unprotected networks. What if my router is down and my laptop connects to one of these networks? Am I then going to prison, because I never noticed it? Hell no.
Re:More info (Score:2, Insightful)
Re:remember, this is SINGAPORE (Score:3, Insightful)
Why not just name it "JoeSchmoe" or whatever your name is and use strongest encryption? "GetOut" seems like waving a red flag in front of every 1337 script kiddie that wants to impress its friends by hax0ring.
-b.
Re:remember, this is SINGAPORE (Score:5, Insightful)
Re:Unsecured Wireless should be open access (Score:1, Insightful)
1.) _Most_ people who run an open wireless access point are doing so because they don't know it should be secured, or how to make it so,
--and--
2.) _Most_ ISPs providing connectivity to these people have within their TOS restrictions on "subletting" access;
the ethical approach is to assume that any open wireless access point is private, and refrain from using it, unless there is some specific indication that it is intended for open, public use (perhaps the SSID could be something like "FREEWIRELESS").
An approach of this sort would take most, if not all, of the second-guessing out of the situation. My take on the reaction to this, however, is that this would not satisfy most of those here who would rather have free access anywhere thay can find it, rather than having to actually purchase it.
Re:Nope (Score:1, Insightful)
Re:This is absolutely right. -- Is it? (Score:5, Insightful)
So, I assume that you call the operator of every Web server and get permission before you connect to it, right?
No. You don't. You don't because setting up a Web server, and not doing anything to restrict access to it, implicitly authorizes people to use it, at least in any "normal" way.
You also don't look around for an "OK to drink" sign before you use a public drinking fountain. Not even when that fountain is on private property. Also, by the way, you don't go around inquiring whether the drinking fountain operator has an agreement with the water company that permits her to give away the water. You just drink the damned water.
We're talking about what norms should be established in a relatively new case. I claim that the norms should be consistent (meaning that the same norms that apply to T-Mobile should apply to me), that they should be practical (meaning that there's a reasonable way to have an open network and an reasonable way to have a closed one), and that they should comport with the way the installed technology behaves (meaning that, since the default configuration of practically every computer is to connect with any available open network, that behavior should be expected).
The people who want closed networks already have methods available to them. It's trivial to mark a network as not being available-- don't beacon the SSID, or turn on MAC filtering, or turn on authentication or encryption. Those are simple, reasonable ways of marking the network as closed, and they work within the technological framework. Asking me to talk to every user or post a sign goes outside the technological framework and is an unreasonable burden.
Re:Nope (Score:3, Insightful)
So, can you point to a subway system where blocking a door doesn't prevent the subway from moving???
Also, some evidence of your claim about the reason for the ban on chewing gum would be appreciated. 'Cause I think you might be wrong.
Missing Information (Score:2, Insightful)
Re:More info (Score:4, Insightful)
I agree . If someone doesn't wont you to use their wireless , there are many ways to prevent it .
It's even possible to use their wireless unintentionally . if the signal is strong enough , your computer may decide to use that one . So you can go to jail because your computer screwed you over .
Re:There's a saying... (Score:4, Insightful)
In short, it's a mistake to force Western notions of freedom and morality on a culture that already has its own conceptions of both.
Dear Cisco... (Score:2, Insightful)
Mr. Cheo, I have an Idea.
How about making those Linksys WRT54G routers, which can be found in every house including dog houses doll houses and outhouses, secure?
Why is it I can find an "unsecured wireless network" named "linksys" on any neighborhood street in America? And why would Cisco claim to be concerned with the matter - or are you simply more concerned with the matter that securing your boxes out-of-the-box would drive up support costs and drive down sales? (Rhetorical question.)
Re:More info (Score:5, Insightful)
Yeah, it's called your router's software.
My old 802.11b wireless router died a few years back. I didn't have a laptop at the time, but my girlfriend did. It was literally 6 months before we noticed that her laptop wasn't connecting to our router, but rather a unsecured wireless router in the building. It was just automatically connecting to what's available.
This is not "stealing" network access, or "breaking in" to your house. This is a device, available for everyone nearby, which is constantly broadcasting packets saying quite literally "Hey, I'm here! Does anyone want to connect to me?" Your computer then says "Hey, I'm a laptop. This is my network card identification. Can I get on your network?" The router then says "Sure, hop on. I'll route your packets."
This is not someone coming to your house and attaching alligator clips to your phone line. This is YOUR router, working in YOUR stead, behaving exactly as YOU have configured it to. This is like a secretary whom you've told to let anyone into your building. If you can't be bothered to train the secretary in the simplest of fashions (and putting a password on a network isn't exactly rocket science), you shouldn't envoke the police when you find they have let random people into the building.
If you can't spend the ten fucking minutes to put a password on your network, you shouldn't waste the judicial system's time when people access it.
Re:Nope (Score:3, Insightful)
Here are some other references to the chewing gum [expatsingapore.com] ban [usatoday.com].
Re:remember, this is SINGAPORE (Score:4, Insightful)
How do I tell people it's free and available, without them connecting to me first?
I run a web site. I want customers to access it. How can I let people know it's free and open, without them connecting to me first (and potentially "tresspassing" in the process).
The answer to both is simple, and should be handled similarly to how physical property is handled. A front door is an invitation to tresspass, long enough to state your business (it has to be so, or you could never visit anyone). Trespass is when you extend your stay once you have been told to leave. With computer systems on publically accessible networks (internet), or publically accessable airways (wifi), the only sensible solution is to have a password or other authentication on things which shouldn't be public. When you get a big "Access Denied" message, it should be a hint that what you are accessing is considered private.
Do you really want to live in a world where you need prior written permission to visit a neighbor, visit slashdot, or use the wifi at starbucks?
Re:More info (Score:3, Insightful)
Somewhere, some company lobbied for "tough penalties for data theft".
This made their security somewhat easier to implement - as opposed to actually, you know, doing something credible to mitigate security risks - but you end up with crap like this. You can bet it's not homeowners lobbying for these laws.
So, you can kill a man and get off in 3 years, but annoy a corporation and they will cripple you for life.
Hey ho, it's a funny old world, eh?
Re:remember, this is SINGAPORE (Score:5, Insightful)
Yes. An unsecured wireles access point is constantly sending out an invitation to every device nearby. It's broadcasting "Hey, I'm here, connect to me!" to every device nearby.
So yes, leaving a wireless access point unsecured means it's constantly and actively inviting everyone to connect to it. It's not just sitting there waiting for connections (like a HTTP server, for example), it's like a spammer sending e-mails with connection instructions to everyone nearby.
This is not an opinion. This is how the Wi-Fi protocol works. Leaving an access point unsecured means it's constantly sending invitations to connect to every device nearby. Maybe that's not what the owner meant, but it's what his actions (or inaction) amount to anyway. And I, for one, am starting to get a bit tired on having to walk on eggshells because some morons can't be bothered to RTFM.
Re:More info (Score:5, Insightful)
What I find most interesting is that an open accesspoint is actually broadcasting invitations - if accepting an invitation is considered illegal, how is accessing a web server legal? I mean, a web server doesn't broadcast it's presence so you have to actively try and connect.
How can I tell the difference between an accesspoint that is intentionally open and one that has been set up by an idiot? Should I assume that everyone's an idiot? The next time I want to go to the pub, am I to assume that the building I'm about to enter isn't really a pub and the "Bar" sign hanging outside the door was put there accidentally?
When you associate with an open network, it's not as if you're going down the road trying doors to see if they're open - you're actually getting invitations broadcast to you and many devices will connect without asking - are you responsible for your computer connecting to a random access point without asking you first?
Re:More info (Score:3, Insightful)
Re:More info (Score:4, Insightful)
Can't you get a jail sentence there for littering a cigarette bud, or something of that or similar "severeness"?
If things continue as they are in US, this may come here too.
Ever seen a new law or regulation coming out recently which gives more freedom or is sensible instead of making things tighter?
This whole mechanism and attitude of people pulling the strings goes towards more control and punishment. Totally senseless and idiotic!
Re:More info (Score:3, Insightful)
3 years for joining a WiFi network that was wide open to the world, and NOT doing any harm (this guy)?
6 or more years for breaking into networks but NOT causing harm, and reporting the vulnerabilities (mitnick)?
280+ years for not evading taxes, but structuring withdrawls to avoid dealing with complicated invasive paperwork (Kent Hovind), and using an IRS-appointed jury and disallowing the defense's evidence?
20+ years for dealing cocaine (one of my idiotic cousins)?
MURDER someone in cold blood, sometimes get out in 5 months (many assholes)?
Molest 40+ kids in Virginia causing irreparable mental anguish, get nothing but home arrest and possibly six months' probation (some fucking pervert in Vermont)?
There is no justice in this world.
Re:remember, this is SINGAPORE (Score:5, Insightful)
Its a trap?! (Score:5, Insightful)
Internet access through a wireless network that is probably connected to a ADSL modem has fixed costs. The guy really didn't lose anything. So he just doesn't want anyone else to benefit from something he has paid for.
The charged teenager is 17 years old. The neighbor could have told his parents what he was doing and they could have told him to stop or take away his computer...
Sounds like the neighbor wanted someone to use his network, so he could sue them.
Re:More info (Score:3, Insightful)
IANAL but I do realize there is a difference of intent in these cases but intent is very difficult to establish and the courts have not been very forgiving WRT people who's networks have downloaded naughty things pr0n, music, videos their conculsion has been lately that if you are the one that owns the account unless you can come up with a better suspect you are guilty. The result is that people have become very protective of their wifi. Personally I use WPA which while not perfect gives me some feeling of security and if I were to find a chronic abuser would give me cause to have him/her arrested as it would be clear that they did not accidently associate.
Re:An analogy since some don't like metaphors.. :P (Score:4, Insightful)
A wireless access point that is *announcing* itself as being open could be considered implied permission to use it. Note that the access point doesn't just have a sign on it that says "open". It is actively beaconing its "openness" to solicit users. This is all defined as part of the 802.11 "contract" between computer systems, and just because some owners don't understand what they're doing when they set up an 802.11 access point doesn't mean it's unreasonable for others to assume they do.
Of course, when the owner of the access point tells someone to stop using it, that implied permission no longer exists, just like a business owner can tell someone to leave their store. You've been asked not to use it, so any continued use is legally actionable (though it still may not be illegal, depending on the laws in your area).
Re:There's a saying... (Score:3, Insightful)
Re:There's a saying... (Score:2, Insightful)
I'm sure it wasn't meant to be, but in a way that seems like a condescending attitude. It's as if to say that we should apply lower standards of freedom or morality to Singapore, because some of their attitudes are different from mainstream Western attitudes, the implication being that Singapore is somehow inferior.
If it's worth 3 years (Score:3, Insightful)
Yes, what the guy did was wrong, yes he should be punished, but 3 years for the next best thing to entrapment?
If you reported your car stolen after leaving it unlocked with the engine running and the keys in the ignition in a bad part of town you'd be laughed out of the police station.
Stealing the car is still wrong, but surely you can't expect it not to be stolen under those circumstances. Doesn't that make it entrapment?
Why is it that the IT equivalent of exploiting such gross stupidity is demonized?
Re:There's a saying... (Score:3, Insightful)
Your attempt to be "culturally open" in this example ignores the fact that someone who likes to chew gum isn't doing anything wrong and is having his right to do so taken away simply because other people might spit it out on a sidewalk. If that society agrees that spitting gum on the sidewalk is just too unacceptable the only proper way to stop it is too inflict an extreme harsh penalty on the act of spitting gum.
For further reading see here: http://en.wikipedia.org/wiki/Majoritarianism [wikipedia.org]
Re:Don't Blame the Newbies (Score:3, Insightful)
Yes, I realize that sometimes people will accidently end up on an unsecured network that's not theirs -- but that's more like shooting the 4 year old who ends up playing 'doctor' with the 3 year old... He should get a firm talking-to, but throwing the 4-year old in jail for statutory rape is just a stupid as telling the 3 year old that it's all her fault.
Re:An analogy since some don't like metaphors.. :P (Score:3, Insightful)
If my house had a "Fastolfe's Widgets and More!" sign above it, and a reasonable person would think my home looks like a business. Bear in mind that in many older cities, buildings have been converted from homes and apartments into shops and businesses with little change in the appearance of the building. In these areas, it's the signs that make it clear.
That's just stealing, and you'd get in trouble for it even if my home were a legitimate business. When it's snowing outside and you walk into a store, you're "taking" their heat and shelter. They have to pay money to keep you warm and dry. Are you leeching off someone else's dollar? Let's assume you entered the store specifically for that reason, and you have no intention of shopping there. Even that isn't illegal, or even legally actionable by itself. They're free to ask you to leave, however, if/when they discover that you aren't a real customer.
The difference between someone leeching and someone making legitimate use of something legitimately shared rests entirely with the intent of the owner of the access point. Unfortunately, 802.11 does not distinguish between someone legitimately attempting to share their access point with little or no compensation, and an idiot plugging in an access point and bulldozing their way through every question/setting that prevents their wireless laptop from working, without reading the instructions or understanding the ramifications of their choices.
Think of a row house where someone puts a fake business sign on their door, and some fake "We accept Visa/MasterCard" stickers on the window, because they think it'd be funny. Do they have a right to call the cops on every person that walks through their front door thinking it's a business? A proper solution is to put up a sign that says "Not open to the public" or take down the signs that make it look like it is. In 802.11 terms, this means securing the access point.