On Mon, Jul 11, 2005 at 09:23:19AM -0500, Jeremy Fowler wrote:
In the US, it is illegal to access ANY communication network without first getting permission.
Fair enough.
That's the law and that's exactly what he was doing.
Really?
Come on, we know how these access points work: They ANNOUNCE their SSIDs and they GIVE OUT IP numbers via DHCP. They don't have to do this, and there are options to have them not do this. Your mileage clearly varies on this point, but I think a reasonable interpretation is that the machine was, indeed, configured to convey that permission.
This may be a case where the factory-installed defaults should be changed, just as when, back in the day, a default install of Redhat or whatever would have all these unnecessary and often vulnerable services running. Eventually, practices changed and the suppliers required explicit steps to turn on these features. This can't be that hard for companies like Cisco and Nortel and Linksys to do for their consumer-level stuff.
If you don't think broadcasting an SSID and offering DHCP leases (to say nothing of leaving off the encryption) constitutes permission, what form of permission would you require? And how would you contrast that form with the other types of announcements and invitations that have been mentioned in this thread already (eg, garage sale signs being a cover against trespassing charges, that sort of thing)?
If they find spam sending software, viruses/worms/trojans, or kiddy porn on his system I think they should throw the book at him. If all he was doing was checking his email, then they can be a bit more lenient.
Not sure how I feel about sitting in a car using a laptop as being probably cause for a search. Whether the guy looked "suspicious" or not is pretty subjective.
But yeah, that's bad stuff. Something tells me if he had any of that stuff, we'll hear about it, since it's the kind of salacious detail the news loves. That we haven't heard about it makes me think they looked and didn't find anything like that.
Also, if the guy had viruses/worms/trojans, they could be ones his system just happened to catch, like the zillion other vulverable machines running ${PROPRIETARY_OS}. He could be as much a "victim" of poorly-maintained systems as the person with the misconfigured AP.
However, if you ask me, sitting in a residential area was just asking for trouble.
<*shrug*> I <ahem> know of someone who was going to a meeting at a house in a residential neighborhood, and had forgotten to bring along the address or a map or something like that, and who did a short bit of wardriving, found an open access point, checked the online mailing list archive for the details, and then went to the meeting, which as it happens was about a block away.
He should of just drove to a business district, or a coffee house, and avoid this situation all together.
Yeah, probably.