Is it a crime if I open up my laptop and use whatever open wifi network I detect to access the Internet. According to some state laws, the answer is sometimes "yes," sometimes "no."
Wifi networks can be open or closed. Closed networks are secured either at the WiFi access point through the use of an encrypted Network Key or through the use of an authentication server.
At the wireless access point (WAP), closed networkscan be secured with either WiFi Protected Area (WPA) or Wired Equivalency Point (WEP) encryption. When an individual attempts to connect with an WiFi access point, the individual must provide a network key in order to establish a connection. Once connected, transmissions are encrypted. Securing a WAP is relatively easy. [Preston p 30][Cohen] According to Onguard Online:
Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your computer, router, and other equipment must use the same encryption. WPA2 is strongest; use it if you have a choice. It should protect you against most hackers. Some older routers use only WEP encryption, which may not protect you from some common hacking programs. Consider buying a new router with WPA2 capability.
Alternatively, closed networks may utilize an authentication server. Individuals can establish a connection with a wireless access point, but all they may be able to reach is the authentication server where they must login. This is like going to a coffee house, logging on to the network and reaching the coffee house sign in page where you pay for Internet access by the hour or by the day. This also gives the WAP owner the ability to keep a record of who has been accessing the network (useful for responding to subpoenas and establishing defenses). [Dvorak] Once authenticated, the individual can access the Internet, however, the transmissions are not encrypted.
Open networks are ones where individuals can freely establish a connection to the access point and the Internet. There is no need for a network key, password, or authentication. Many coffee houses, libraries, and other hot spots provide free access in this manner. Individuals simply need to know the SSID of the network, and generally laptops have software built in that enables the laptop to detect the SSIDs of the available networks in range. [Cohen (accidentally using neighbor's WiFi)]
A controversy has brewed over the situation where an individual accesses an openWiFi network, but for some reason a claim is made that the access was unauthorized. This is sometimes known as Piggy Backing. The owner of the wireless network has not closed the network nor required either a network key or a password. In certain noteworthy cases, someone's access is considered "unauthorized." Many individuals take advantage of whatever open WAPs their laptops happen to detect when they open them. [Hargreaves] Some devices such as reportedly Skype phones automatically detect open WiFi access points and establish connections. [Bangeman]
According to one study conducted by Accenture, 12 percent of respondent's in the US and UK have "borrowed" someone else'sWiFi access; in the US alone, according to the study, that figure goes up to 14 percent. [PC World 041608][ZDNET 0408] Some wonder whether that is a gross under-estimate, and whether many people, when they flip open their Internet enabled device, even know they are "borrowing" WiFi.
Crime: Many pundits express the opinion that accessing the Internet through an open WiFi access point should not be considered illegal. While they have opinions on the propriety of this conduct, few offer direct arguments explaining their rational but instead resort to indirect analogies such as water from sprinklers falling on neighbor's yards or light from light fixtures being borrowed by a neighbor to read a book. [Bandeman] [AKMA 082204 (connecting to open WiFi is like stealing someone's cable TV connection, according to a police officer)][McMillan, Network World 041608 (Anonymous commentor April 20, 2008 asking "
If I sit upon a garden wall, reading a map in the glow of a porch light, am I stealing that light?")][Compare Cohen (Time Warner argues "that while you may have a glass of water at a neighbor's, you may not run a pipe from his place to yours."]
Proponents argue that this is a victimless crime, that those that piggy back are taking a replenishable supply and have little to no impact on the Internet access account owner.
Opponents argue that those that consume significant amount of bandwidth, such as P2P users or gamers, do in fact harm the owner of the Internet access account by degrading the connection.
Proponents reply that if their is any bandwidth issue, they can simply turn off or secure access to the pipe, and the piggy backer can no longer deplete the resource. [Cohen] Proponents also note that most piggy backers simply hop online to check email or check a quick bit of information and are not bandwidth hogs. [Bandeman]
Opponents to open WAPs make several criminal or risk arguments on why open APs are bad:
The bad activity will be traced back to the IP number of an individual's computer, presenting a risk of liability. [Preston p. 30] However, there have been courtcases where an open WAP has been a successful defense to liability - in other words, the defendant argues that while a copyright infringement may have been traced to the defendant's WAP, the WAP was open and anyone could have done it - there is no proof of the defendant's guilt.
One version is for someone to appear in the middle as an open WAP, intercepting transmissions (known as a man-in-the-middle attack). [Preston p. 30]
to hack into computers, and possibly inflect them or steal data, including the risk of identity theft. [Sophos 111507] [Preston p. 29]
Some individual owners of WAPs affirmatively choose to leave their WAP open and are willing to share as a matter of courtesy. [Schneier]
In response to the litany of problems, some argue that WAPs should be shipped in the default secured mode, and others have suggested that all WAPs ought to be required to operate only in secured mode. [Preston p. 30]
The purpose of this chart is to diagram out the posited problems and indicate whose problem this is. In other words, if we assume that access to the network is authorized, then illegal activity over that WAP by a third party is not a problem for the WAP owner* or the ISP.* For most of the posited problems, securing the WAP does not really solve the problem - in particular, the requirement of securing WAP may solve almost no problems for the WAP owner.
Note that this table could be more complex reflecting scenarios where access is authorized by the AP owner, but not the ISP - or authorized by the ISP but not by the AP owner.
* Illegal activity over an open WiFi point such as transmitting pirated copyrighted material, where the AP owner has no part or knowledge in the pirating, the AP owner would not be liable - this doesn't mean that a copyright association will not try to subpoena the AP owners records and might even sue the AP owner. But, as has been seen, AP owners arguing that they operate an open AP has been a defense to prosecution - there is no proof that the AP owner was engaged in the activity.
** Bandwidth hogs can be an issue for authorized or unauthorized use. On the one hand, AP owners and ISPs may have an arrangement that permits for heavy use; on the other, they may have an arrangement that heavy users are throttled as necessary.
*** Some ISPs authorize subscribers to share service; other ISPs have an service level priced to account for more intensive usage where the subscriber wishes to share the access. For example, a coffee house may acquire a business level access service that permits sharing.
**** The mere fact that access is unauthorized does not mean that it is problematic, particularly where the piggy backer is not engaged in illegal activity and is not a bandwidth hog. Some ISPs permit sharing; Some AP owners who are not explicitly sharing service may simply be indifferent to piggy backers. Where there may be a problem is where the AUP between the AP owner and the ISP does not permit sharing and therefore piggy backers could constitute a breach of the AUP.
***** A bandwidth hog may slow down service for the AP owner. However, if the ISP permits sharing, a bandwidth hog may not be a problem for the ISP.
Best Tech Guy caller EVER with Leo Laporte
Nuisance: This discussion assumes that the third party wants to piggy back on the open WAP; there is a flip scenario of unwanted open WAPs which become a nuisance, as argued by Prof. Preston. In this scenario, for some reason, open Internet access is undesired. It could be parents trying to responsibly raise their kids with limited access to objectionable material (see First Amendment arguments which reject government censorship on grounds that parental involvement is the best and least intrusive solution), or it could be a secure environment where the nature of the work requires strict network security. In these scenarios, a WAP owner providing open WAP internet access wafting over the border of the WAP owners space and into the third party's space, creates, according to Prof. Preston, a nuisance.
Proponents for legitimate use of open WAPs argue (weakly) by analogy: where a neighbor waters a lawn and this water spills over on the next door neighbor's yard, the use of the water by the next door neighbor would not be theft; where a neighbor has a light on, and the light spills over on the next door neighbor's property, the use of the light by the next door neighbor to read a book would not be theft. These analogies, however, can be reversed in terms of nuisance law. Where a neighbor is over watering his yard, and this water spills over and damages the next door neighbor's yard (erosion, rot, mildew, water in the basement), the next door neighbor can have a claim in tort nuisance. Where a neighbor has excessive lights on and those lights disturb the next door neighbor, the next door neighbor likewise has a claim in tort nuisance. So it follows, where a neighbor is permitting open WAP Internet to waft on to the property of a next door neighbor, and that open Internet access causes a harm, the next door neighbor could have a tort nuisance argument. [See Preston].
Communications Law: The use of the spectrum itself is lawful pursuant to FCC regulation. This is Part 15 unlicensed spectrum and anyone can use it without a license, as long as they have an FCC certified device like a WiFi card. No one owns the spectrum. No one gains a priority to use the spectrum from being the first one their. There is no property right in this spectrum. The mere transmission of a signal does not make it legally "yours." [Compare Rasch (stating "using someone else's [WiFi] signal... could constitute a felony")]. There is no such thing as "unauthorized use of WiFi" as WiFi is a commons to which all people have equal access. [Compare Hale p 550 (discussing "unauthorized use of WiFi")] Just because you own the WAP, does not mean that you own the spectrum. [Compare Rasch (stating "There is little doubt that when you "piggyback" the WiFi signal you are "accessing" -- or "using the resources of" -- the device that is providing the Internet connection.")].
Permission to use Part 15 spectrum is not the same as permission to use the network proximate to the Part 15 wireless network. The Part 15 network is unlicensed; no one can own it and no one can exclude others from it. The proximate network, the network connected to the Part 15 spectrum with an access point, is unknown. It may be public or private, open or restricted. If access to the proximate network is restricted, the legal authority to access the Part 15 spectrum does not provide authority to access the proximate network. Note well that when a network owner secures an access point, they are not restricting access to the Part 15 spectrum; they are shutting the door of the access point and not permitting anyone to go from the Part 15 spectrum, through the Access Point, and into the Proximate Network. It is the proximate network, not the Part 15 spectrum, that becomes secure. Access to the proximate network could constitute a violation of other state or federal laws, such as the Computer Fraud and Abuse Act.
Furthermore, as noted above, the WiFi service cannot be stolen and an individual has authority to access it by law. Since access to the WiFi is authorized, it cannot be (or should not be) a violation of the CFAA. [Bierlein p 1133 (discussion of authorized access)] Remember that for the moment we are talking about access to the WiFi Spectrum, not to the proximate network - a discussion of whether access from the commons network to the proximate network is authorized will require review of Trespass law.
Note also that these provisions require that the unauthorized access be "intentional." [Bierlein p 1133] That's a problem when someone sitting next to a library utilizes a public WiFi network from a public institution. The piggy backer believes that the access is clearly authorized. [AKMA]
Some argue that piggy backing might be a violation of another provision of the CFAA 18 U.S.C. § 1030(a)(2)(A)&(C), Swiping Information from a Protected Computer. [Rasch ("
access necessarily shares some data -- IP, routing, etc -- between the computers, and the statute does not specify exactly what information must be obtained
")] [Hale p 548 ("access to any WLAN involves some exchange of information that
typically passes between computers (IP address, data packets, etc.) as a means of gaining access to the Internet")].WiFi is a protocol specifically designed to operate in the unlicensed spectrum, permitting devices to handshake and establish a communications link. Where the spectrum is unlicensed and cannot be swiped, nor can the protocol developed for establishing communications in that commons. This argument is without merit. [Bierlein p 1159 ("the exchange of networking protocols inherent to access
does not rise to the level of obtaining information because it involves no “readable” information—users do not “read” the information exchanged")]
Michigan: In 2004, a man was convicted of piggy backing onto a Lowe's open WiFi network in order to steal the credit card numbers that the store was transmitting over the open network. Man was charged with violating the federal Computer Fraud and Abuse Act.
United States v. Salcedo
Bill of Indictment at 1–2, United States v. Salcedo, (W.D.N.C. Nov. 19, 2003) (No. 5.03cr53-MCK)
Press Release, U.S. Department of Justice, Western District of North Carolina, Hacker Sentenced to Prison for Breaking into Lowe’s Companies’ Computers with Intent to Steal Credit Card Information (Dec. 15, 2004)
Kevin Poulsen, Long Prison Term for Lowe's WiFi Hacker, SecurityFocus (Dec. 16, 2004) (sentenced to nine years in federal prison, a reduce sentenced based on the assistance he provided to Lowe's to "help them understand the vulnerabilities in their system.")
Texas: Defendant who demonstrated ease of accessing county's wireless network was arrested and charged under CFAA, with prosecutor claiming that $5k threshold was met by needed staffing changes, etc. Jury took 15 minutes of deliberation to reject charges. [Bierlein p 1159 n 187]
Rosanna Ruiz, Computer Expert Indicted in Alleged Hacking, HOUSTON CHRON., July 25,
2002, at 26A.
Rosanna Ruiz, Federal Trial Starts for Man Who Hacked County Computer,
HOUSTON CHRON., Feb. 19, 2003, at 16A
Rosanna Ruiz, Jurors Acquit Man of Hacking System at District
Clerk’s Office, HOUSTON CHRON., Feb. 21, 2003, at 26A
Some would like the use of open wifi networks to be illegal for fear of violations of other criminal statutes. [AKMA 082204 (Police officer justifying harassing a wifi user on the grounds that someone could download child pornography, claiming that he had been briefed by a Secret Service agent)]
Copyright owners have attempted to argue that having an open WiFi access point is negligent. The argument is that if some third party walks up to an open access point and downloads a whole bunch of pirated copyrighted material, it is the fault of the access point owner who allowed this.
The elements of a negligence cause of action are: (1) Duty, (2) Breach, (3) Causation, and (4) Harm. In the case of an open WiFi access point, the argument of the copyright owner is that the WiFi Access Point owner failed to act - the access point owner failed to take steps necessary to secure the access point. In a case where a defendant has "failed to act," this is nonfeasance; in cases of nonfeasance, for a failure to act to give rise to a cause of action, there must be a special relationship between the plaintiff and the defendant. To say it a different way, there is not legal (tort) obligation to be a good samaritan to just anybody; for there to be an obligation to act, there must be something special about that relationship between the two parties that would so require it.
In AF HOLDINGS, LLC v. Doe, NDCA 2012, a California court found that no special relationship exists between the owner of a WiFi access point and copyright owners. In other words, it isnt the job of a WiFi access point owner to protect the assets of a copyright owner - and no cause of action lies in negligence. According to the Court,
Plaintiff has not articulated any basis for imposing on Defendant a legal duty to prevent the infringement of Plaintiff's copyrighted works, and the court is aware of none. Defendant is not alleged to have any special relationship with Plaintiff that would give rise to a duty to protect Plaintiff's copyrights, and is also not alleged to have engaged in any misfeasance by which he created a risk of peril.
The allegations in the complaint are general assertions that in failing to take action to "secure" access to his Internet connection, Defendant failed to protect Plaintiffs from harm. Thus, the complaint plainly alleges that Defendant's supposed liability is based on his failure to take particular actions, and not on the taking of any affirmative actions. This allegation of non-feasance cannot support a claim of negligence in the absence of facts showing the existence of a special relationship.
There are a few other problems with the attempt to create a negligence cause of action. First, according to the courts, attempting to impose liability on a WiFi access point owner based on the theft of copyrighted material over that access point is an attempt to rebrand a copyright cause of action. Such attempts to rebrand a copyright cause of action in order to reach further than the copyright law permits is specifically preempted by the copyright law. 17 U.S.C. § 301(a).
Plaintiff is seeking to protect its "exclusive rights" from "copying and sharing." Simply recharacterizing the claim as one of "negligence" does not add a legally cognizable additional element. See, e.g., Dielsi v. Falk, 916 F.Supp. 985, 992-93 (C.D. Cal. 1996). Thus, because Plaintiff alleges that Defendant's action or inaction constituted interference with its "exclusive rights in the copyrighted work," the negligence claim is preempted by § 301 of the Copyright Act.
Second, an open of an open WiFi access point is arguably a provider of an interactive computer service to third parties using that access point, and would be immune from liability under the Good Samaritan provisions of the Communications Decency Act, 47 USC 230. AF HOLDINGS, LLC v. Doe, NDCA 2012.
This bill would require a device that includes an integrated and enabled wireless access point, if the device is manufactured on or after October 1, 2007, for use in a small office, home office, or residential setting, and that is used in a federally unlicensed spectrum, to either include a warning advising the consumer how to protect his or her wireless network connection, a warning sticker, or provide other protection that, among other things, requires affirmative action by the consumer prior to use of the device.
(f) There is disagreement as to whether it is legal for someone to use another person's WiFi connection to browse the Internet if the owner of the WiFi connection has not put a password on it. While Section 502 of the Penal Code prohibits the unauthorized access to computers, computer systems, and computer data, authorized use is determined by the specific circumstances of the access. There are also federal laws, including the Computer Fraud and Abuse Act (18 U.S.C. Sec. 1030 et seq.), that prohibit the intentional access to a computer without authorization.
A man in an apartment complex was piggy backing on neighbors networks "in order to access bank information and pay for pornography sites." When purchases that he ordered were delivered to his apartment, he was uncovered. Police found an antenna sticking out his window in order to enhance his reception. Wifi cloaks a new breed of intruder , Tampabay.com (July 4, 2005)
A person may not knowingly:
(1) possess, use, manufacture, distribute, transfer, sell, offer, promote, or advertise for sale, use, or distribution, an unlawful telecommunication device or access code:
(i) to commit a theft of telecommunication service; or
(ii) to receive, disrupt, transmit, decrypt, acquire, or facilitate the receipt, disruption, transmission, decryption, or acquisition of a telecommunication service without the express consent or express authorization of the telecommunication service provider;
This statute is not applicable. Wifi is unlicensed spectrum held as a common where all individuals have equal rights of use; it cannot be stolen. (Conversely, if this law did apply, wouldn't it be illegal to make any wifi enabled device?) Under federal law, Wifi would not even be classified as a "telecommunications service." Apparently under Maryland Code, Wifi may be considered a "telecommunications service." MD Code, Crim L § 7-313 Definitions.
AKMA's Blog (An account of sitting on a bench outside a library, and being approached by a police officer who told AKMA to stop and move on, on the grounds of theft of service, informing AKMA that the police department had just been briefed on the issue by the Secret Service).
A guy reported sat outside a the Re-Union Street Café coffee shop checking his email. When the cop asked him what he was doing, he told him. Neither he, nor the cop, nor the coffee shop owner of the network knew that what he was doing violated state law - yet he was criminally charged. He was reportedly fined $400 and required to do 40 hours of community service.
Law: NY State Penal Code § 156.00(8) (defining "without authorization" such that a user must have actual notice that access was without permission for it to be "without authorization." The law applies only where the network“is equipped or programmed with any device or coding system, a
function of which is to prevent the unauthorized use of said computer or
computer system.” § 156.05)
Westchester County directed its businesses to secure their networks or they would be fined. A wireless felony , WOOD TV 8 (June 18, 2007)
Man reportedly repeatedly returned to a coffee house Brewed Awakenings to piggy back on open wifi network. Coffee house owner grew wearisome, asked him to stop, and then called the police. The police told the man to move on, but he later returned. He was charged with "theft of services" under the criminal trespass statute, but not unauthorized access to computer network under the state's computer trespass statute.
One article notes that the defendant was a registered sex offender. [Saracevic] [Galla]
[Bierlein p 1160 n 188]
Gregg Keizer, WiFi user charged for not buying coffee, EETimes (June 22, 2006) ("The charge, which covers such crimes as bypassing a utility meter, stealing cable, and leaving a restaurant without paying, has been used in the past to prosecute hackers who have accessed a computer or network without paying for it.
Police authorities argue that open wifi networks are problematic because they create an untraceable opportunity for criminals. When an individual visits a website on the Internet, that website generally records the IP address number of the individual. If the individual is doing something illegal, then that activity can be traced back to that IP number. If the police can trace the IP number to an individual subscriber, they can attempt to arrest the individual. When an individual gains Internet access using an open wifi network at a coffee house, then the IP number of that coffee house is recorded in the server log and investigators are unable to tell which person at the coffee house it was that visited that site. Likewise, if the individual gains Internet access through an open network in residential neighborhood, say that of the Jones', then the police will trace the IP number back on the Jones' and come knocking at the Jones' door accusing them of, for example, dealing in illegal knock-off Beanie-Babies. [Stockwell (concern that Child Pornographers are using open wireless networks)]
Open WAP owners have argued as a defense to prosecutions that while a crime may have been traced to their IP number, there is no further evidence that they committed the crime and that it must of been someone else who tapped into their access point. This argument is essentially that while an IP number may map to a computer or a WAP, it does not map well to humans. [Stockwell] [WLTL] [Fisher]
Notice: The question is begged however. If the wireless network is open, how can the access be unauthorized. [Bierlein p 1133 ("few states define what constitutes authorization")] How would an individual know that they are, or are not, allowed on a network. There are open networks everywhere for all sorts of reasons. How is an individual to determine which open network is not open and which open network truly is open... other than through the signal of the "open" or "closed" network itself. Some wireless devices automatically log onto detected open wifi networks with no action required by the individual (reportedly Skype WiFi phones, for example, will log onto any open network detected).
If network owners want to restrict access to their networks, this is easy to do. See OnGuardOnline.Gov for information on how to secure a wireless network. A password on a WAP is a good signal that the network is closed. [EFCultural at 63] Compare Rasch (asking the rhetorical question: "
you end up on a slippery slope. How much security must you have on a system in order to be able to prosecute someone for accessing it without authorization?") Any security would provide sufficient notice that the network is closed. See NY State Penal Code § 156.00(8) (defining "without authorization" such that a user must have actual notice that access was without permission for it to be "without authorization.")
If network owners want their networks to be open, having no restriction on access is a pretty good signal of this intention. [Dvorak ("Since it doesn't really take much to secure a network, you can assume that people do not mind you taking their Wi-Fi signals to do your e-mail.")][See R2oT § 892] [Hale p 553 ("Lack of log-in procedures, encryption, or other forms of security may
create a privilege in the would-be trespasser of apparent consent to use another’s Wi-Fi network.")]
WAPs are shipped to customers in a default open configuration. It is common for new broadband Internet access service orders to be bundled with a WAP, although where the service provided does an install, they generally will turn the security on. Laptops and some desktop computers are now shipped with WiFi as a standard feature. [Hargreaves]
Some ISPs permit the sharing of broadband Internet access over a WAP. Some do not. [Dvorak] Subscribers that wish to share the broadband may need to purchase a business broadband account that permits such sharing.
Many pundits believe that these prosecutions are inappropriate. [Gibbs][Dietrich] It is argued that it is up to a property owner whether their property is open or closed. There should be no presumption in law otherwise. Where it is the intention of a property owner that the property is closed, then it should be the responsibility of the property owner to take easy steps of signaling this intention. This is consistent with the jurisprudence principles that the individual with the burden is the individual with the information (in this case, the information of whether the network is open or not) and it is consistent with the law-and-economics theory that the burden should be placed on the party for whom the cost of compliance is the lowest (the cost to the network owner to signal whether the network is truly open or not is de minimis where the cost to the laptop guy, able to detect open networks but needing to confirm whether they are truly open, can be almost impossible in some cases as the laptop guy may not know where the signal is coming from, who owns the network, and how communicate with the network owner).
Alternatively, the ability of those that wish to have open WAPs could find it quite difficult. Alternatively, everyone at a coffee house who has used an open WAP is a guilty as the guy sitting in the parking lot using the same WAP, for what is the factual distinction. Those inside the coffee house have no more knowledge of who owns the WAP and whether it is open that the person in the parking lot. The coffee house owner loses the value of the loss-leader free wifi service, if none of there customers can use the service without fear of arrest.
Others believe that piggy backing should be illegal.
Other WiFi Security Issues
IP Number Liability
Your computer on the Internet has an Internet address, an IP number. Everything that is done on your computer leaves that IP number like a bread crumb trail across the Internet. If you visit a site, you IP number is left in the server log, and anyone looking at that log can see that IP number. That IP number belongs to a block of IP numbers assigned to your ISP. In order to trace that IP number back to you, the RIAA and other groups use DMCA to subpoena ISPs for the subscriber information associated with that IP number. What is provided to the RIAA is the name of the individual who subscribed to the ISP; not necessarily the person who visited that Internet site. In the case of home Internet accounts that have open WiFi access points attached to them, the person who visited the site in question can be anyone who wandered in range of the WiFi signal and piggy backed on the account. Even those who have secured Internet access at home, the person who visited the site in question could be any friend, guest, or relative that happened to visit that house and used that computer. Defendants having open WiFi access points have successfully used the argument that an IP number is not a human being and is not proof that the account owner did the bad deed; it could have been anyone who piggy backed onto the network. In a few other cases, cases have been improperly filed where the plaintiffs had the IP number misidentified. Nevertheless, a number of copyright litigations and criminal charges have been brought simply based on the identification of an IP number.
Open wifi networks also create an open door to computers on your network. Depending on the configuration of your computers and your access point, hackers can get access, steal information and upload malicious software.
Data sent between computers over WiFi is out in the open and can be intercepted by anyone within range. Data sent between computers using security will be encrypted and if intercepted is difficult to read (WiFi encryption has reportedly been cracked, but still creates a substantial barrier to reading intercepted traffic). Transmissions over open WiFi access points is not encrypted and is easy to read.
Acceptable Use Policies
The AUP that a subscriber has with its Internet access provider may (or may not) prohibit sharing of Internet access outside the household (or whomever the AUP restricts it to. If you have an open WiFi access point, you may be in breach of contract. Note that there have been Internet access providers that actively support sharing of access, and will even set up a billing system to enable you to do it for a fee. Also, if your a coffee house and you want to share as a loss-leader, you may be able to acquire a hirer tiered service (one that assumes greater bandwidth consumption) that permits sharing.
Restatement (Second) of Torts § 892 (“If words or conduct are reasonably understood by another to be intended as consent, they
constitute apparent consent and are as effective as consent in fact.”)
The Restatement (Second) of Torts § 217 “[a] trespass to a chattel may be committed by intentionally (a) dispossessing another of the chattel, or (b) using or intermeddling with a chattel in the possession of another.”
Sophos Press Release, Wi-Fi piggybacking widespread, Sophos research reveals (Nov. 15, 2007) ("
The research, carried out by Sophos on behalf of The Times , shows that 54 percent of computer users have admitted breaking the law, by using someone else's wireless internet access without permission. " Conjecturing that "stealing wifi" deprives the ISP of revenue and slows down your neighbor's connection, without actual data to substantiate these guesses)
A Wardriving We Will Go!, The Register Aug 23, 2007 (one in three mobile workers "routinely hijack wireless connections")
Ken Fisher, The RIAA, IP Addresses, and evidence, ARS Technica (Aug. 3, 2006) (reporting on woman with open WAP, who was not a significant computer user, but who argued that multiple other people had access to the network and could have engaged in the alleged illegal downloading)
Movie Company Files Federal Piracy Suit Against Tri-State Man, WLWT Cincinnati (Dec. 12, 2005) (reporting that Paramount had brought a federal law suit against a man for uploading a movie to a P2P network, but the man claimed he had nothing to do with it and that it must have been down over his open WAP).
Jamie Stockwell, WiFi Turns Internet Into Hideout for Criminals, Washington Post, p. C01 (Feb. 11, 2007) (recounting story of policy attempting to raid an apartment in Arlington, Va in order to arrest a suspected pedophile, only to find an elderly woman with an open wifi access point).
Cheryl Preston, WiFi in Utah: Legal and Social Issues, Utah Bar Journal, Vol. 20 No. 5, p. 29 (Sept./Oct. 2007) (arguing that "Allowing one's wireless to invade the neighbor's property without a filter or password is not First Amendment speech," it is a nuisance and should be prohibited by regulation).
HALE, ROBERT V., "Wi-Fi Liability: Potential Legal Risks in Accessing and Operating Wireless Internet" . Santa Clara Computer and High Technology Law Journal, Vol. 21, p. 543, 2005 Available at SSRN: http://ssrn.com/abstract=692881
Benjamin D. Kern, Whacking, Joyriding and War-Driving: Roaming Use of Wi-
Fi and the Law, 21 SANTA CLARA COMPUTER & HIGH TECH. L.J. 101 (2004)
Eric Bandeman, The Ethics of "Stealing" a WiFi Connection, ARS TECHNICA (Jan. 3, 2008) (" It's time to put an end to this silliness. Using an open WiFi network is no more "stealing" than is listening to the radio or watching TV using the old rabbit ears. If the WiFi waves come to you and can be accessed without hacking, there should be no question that such access is legal and morally OK. If your neighbor runs his sprinkler and accidentally waters your yard, do you owe him money? Have you done something wrong? Have you ripped off the water company? Of course not. So why is it that when it comes to WiFi, people start talking about theft? ")
Finlo Rohrer, Is Stealing Wireless Wrong?¸ BBC News (Aug. 23, 2007), (quoting philosopher Julian Baggini who compared it to reading a book by the light of someone else's window or eating someone's leftovers).
Alan Graham, You Simply Can't Steal WiFi . . . , O'Reilly Mac DevCenter Blog (Jul. 25, 20005) (comparing borrowing of WiFi to sprinkler water running off of someone's and being collected in a bucket).
"Two main types of encryption are available: Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your computer, router, and other equipment must use the same encryption. WPA2 is strongest; use it if you have a choice. It should protect you against most hackers. Some older routers use only WEP encryption, which may not protect you from some common hacking programs. Consider buying a new router with WPA2 capability. "
Vulnerabilities to Wired Equivalent Privacy (WEP) have been well documented. [Wiley] While it is better than no security, it is still vulnerable. The WiFi Alliance specifically states "using WEP security is not sufficient" [WiFi Alliance Evil Twin]
In response to WEP vulnerabilities, the Wi-Fi Alliance developed Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access II (WPA2). The Wi-Fi Alliance recommends that consumers "only buy products that are WiFi Certified for WPA and WPA2 security." [WiFi Alliance Evil Twin]