SCOTUS Looks at File Sharing by John Brewer April 2005 SCOTUS is the Supreme Court of the United States

Legal Bytes: Trolling for Wi-Fi - Is It Legal?
         by John Brewer   October 2005

       Local area networking has experienced a profound change in recent years. Wired networks are still the norm but wireless networking is popular at homes and businesses. There are several issues worthy of exploration regarding this topic and this column will explore these issues in some detail in this and future columns. One issue is the legality of accessing an “open” wireless network and the other issue is the necessity to protect a wireless network.
       Wikipedia states that “wardriving” involves the use of an automobile and a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect Wi-Fi wireless networks. It is also known as "WiLDing" (Wireless Lan Driving), originating in the U.S. with the Bay Area Wireless Users Group (BAWUG). It is similar to using a scanner for radio. Many wardrivers use GPS devices to measure the location of the network, find and log it on a website. For better range, antennas are built or bought, and vary from omnidirectional to highly directional. Software for wardriving is freely available on the Internet, notably, NetStumbler for Windows, KisMac for Macintosh, and Kismet for Linux.
       Wardrivers make identification and access of wireless networks a sport, but is the sport legal? Is there a clear-cut answer or does it depend on the facts?
       A recent Florida case provides some guidance. A Florida man, sitting in his SUV and using a laptop, was accessing wireless networks in a residential neighborhood. The St. Petersburg Times reported the matter and made the observation that “a drive through downtown St. Petersburg shows how porous networks can be. In less than five minutes, a Times reporter with a laptop found 14 wireless access points, six of which were wide open. I'll guarantee there are tons of people out there who have their wireless network being exploited but have no idea. And as we see more people utilizing wireless, we'll see more people being victimized." The Florida man was indicted and convicted.
      “Wireless fidelity, or ‘Wi-Fi,’ has enjoyed prolific growth since catching on in 2000. More than 10-million U.S. homes are equipped with routers that transmit high-speed Internet to computers using radio signals. The signals can extend 200 feet or more, giving people the ability to use the Web in the back yard of his Crescent Heights home, but also reaching the house next door, or the street.”
       The expansion of Wi-Fi hot spots is part of this phenomenon. With a wireless-capable laptop, it is possible to access the Internet at places called “hot spots,” and they are everywhere. Some charge for access but many provide free access. There is an inherent risk in this technology. The router that provides the wireless access point has an identifiable internet protocol (IP) address. Anyone accessing the Internet through that router will appear to be authorized to use that IP address. Someone with a nefarious intent can create a possible legal nightmare for the person responsible for that IP address. The ability to look through the IP address and identify the computer behind the DHCP server is more difficult.
       A recent case in Michigan involved the unauthorized access of an unsecured Wi-Fi network at a Lowe's home improvement store to steal credit card numbers. A 20-year-old and a friend stumbled across the network while cruising around in a car in search of wireless Internet connections – wardriving. He was convicted.
       An emerging threat is the "evil twin" attack. A person with the proper equipment sets up a local hot spot and overpowers the Wi-Fi network. Any computer user who accesses the bogus Wi-Fi network is then at risk by the evil twin. The Wall Street Journal has reported an evil twin setup at a technology conference in London. Hackers set up evil twins that infected other computers with viruses and gathered information on the users.
       It is apparent that security is an important issue in a wireless network. The original standard was called WEP (wired equivalent privacy). WEP is a form of encryption, but the level of encryption is relatively weak. An improved form of encryption for wireless networks uses AES (advanced encryption standard). AES is strong encryption.
      There are ethical issues in accessing a wireless network unless one has specific authority. Is it similar to a form of electronic trespass? Does it constitute a form of theft from the internet service provider? One can argue both sides of these questions easily.
      The next column will investigate the legal issues of these questions in more depth. In the interim, owners of wireless networks should consider the security of their networks. Improvements can be made to the wireless network fairly easily. A company by the name of Force Field Wireless has some excellent suggestions regarding wireless security. See www.forcefieldwireless.com. Some of the tips are:
       Enable WEP. Make sure you use the largest WEP key size that the equipment supports.
       Change the SSID (Service Set Identifier) to something non-descriptive. Do not give a name, address, or any other useful information to potential hackers. Do not use the default SSID.
       Change the default password(s) on the access point. The default passwords of most network equipment are well known and could allow an intruder to gain access to the access point.
       Disable Broadcast SSID. If the access point supports "closed system" or allows one to "disable broadcast SSID," use this feature. This will make the network essentially invisible to almost all scanning methods.
       Update the firmware and drivers on access points and wireless cards. It is always wise to use the latest firmware and drivers on access points and wireless cards. Manufacturers commonly fix known issues, security holes, and enable new features with these updates.
       Enable MAC-based filtering. This feature limits access to unique wireless cards.
       Turn off access points when not in use.
       Try to position access points in the center of the house or building. This will minimize the signal leak outside of its intended range.
       Prudent use of security features in a wireless network can prevent misfortune.

John Brewer practices law in Oklahoma City, is a member of the Governor’s and Legislative Task Force for E-Commerce, and enjoys issues relating to eBusiness and cyberspace. Comments and questions are welcome and can be emailed to johnb@jnbrewer.com.

In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. The article may contain sources for content as attributed within the article.