[CWN-Summit] BBC Story: Wireless hijacking under scrutiny

David Young dyoung at pobox.com
Thu Jul 28 21:45:41 CDT 2005 

On Thu, Jul 28, 2005 at 10:47:15AM -0500, Sascha Meinrath wrote:
> The recent arrests of people for "hijacking" open wireless access points 
> also begs the question -- why should _I_ (a random laptop user) be held 
> solely responsible for broadcasting to an open access point?  Shouldn't 
> the open access point be held equally responsible for "leeching" my CPU 
> cycles and my battery power by communicating with my laptop?

The AP's and the laptop's responsibilities are not the same.  The AP does
not initiate communication with specific laptops.  It merely broadcasts
a beacon.  The beacons are not specifically addressed to any laptop, and
if your laptop activates the powersaving features of your 802.11 card,
then the CPU will rarely be troubled to "read" one.  If reading beacons
does "leech" our CPUs and batteries, it seems to me that problem is part
of the Part 15 bargain. (It is a problem that technology can solve.)

The BBC story says, "In Straszkiewcz's case, he was prosecuted under the
Communications Act and found guilty of dishonestly obtaining an electronic
communications service."  I doubt (hope) that Mr. Straszkiewicz was not
prosecuted for obtaining the service of "WiFi to ethernet bridging"
or "WiFi repeater service," but for something that actually costs,
like Internet service.  The story does not go into the details, and the
details matter a great deal!

> I find the 
> entire precedent of liability for utilizing an open access point 
> extremely dangerous -- both because of the conundrum Harold mentions 
> below (that it's often impossible to know whether the access point was 
> left open purposefully or not), and because one is not "trespassing" in 
> any traditional sense (in fact, one is using an unlicensed band of the 
> _public airwaves_).

It may not be a question of "trespassing."  The basis of
Mr. Straszkiewicz's prosecution may be denial (or theft) of service,
which I think is a legitimate basis for prosecution if service really
is denied or stolen.  One cannot tell from the BBC's story.

> Given that the WAP is also collecting data from my laptop (e.g., my MAC 
> address), shouldn't the owners of these open networks be held liable for 
> "hacking" my laptop?

No.  The MAC is out in the open, you don't need to "breach" the laptop
to find it out.  To re-(ab)use the auto analogy in the article: you may
write down all of the license plate numbers on your block, but you may
not take all of those cars for a spin. :-)

Dave

-- 
David Young             OJC Technologies
dyoung at ojctech.com      Urbana, IL * (217) 278-3933

More information about the CWN-Summit mailing list