Jump to content

Legality of piggybacking: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
Legislation: - fix, again, see talk page
mNo edit summary
 
(132 intermediate revisions by 95 users not shown)
Line 1: Line 1:
{{Short description|none}} <!-- This short description is INTENTIONALLY "none" - please see WP:SDNONE before you consider changing it! -->
Laws regarding "unauthorized access of a computer network" exist in many locales, including the U.S. federal government, all 50 [[U.S. state]]s, and other countries, though the wording and meaning differ from one to the next. However, the interpretation of terms like "access" and "authorization" is not clear, and there is no general agreement on whether [[piggybacking]] (intentional access of an open [[Wi-Fi]] network without harmful intent) falls under this classification.<ref name="Bierlein">{{Cite journal
Laws regarding "unauthorized access of a [[computer network]]" exist in many legal codes, though the wording and meaning differs from one to the next. However, the interpretation of terms like "access" and "authorization" is not clear, and there is no general agreement on whether [[piggybacking (Internet access)|piggybacking]] (intentional access of an open [[Wi-Fi|Wi-Fi network]] without [[intention (criminal law)|harmful intent]]) falls under this classification.<ref name="Bierlein">{{Cite journal
| volume = 67
| volume = 67
| issue = 5
| issue = 5
Line 8: Line 9:
| accessdate = 2007-09-01
| accessdate = 2007-09-01
| year = 2006
| year = 2006
| url = https://moritzlaw.osu.edu/lawjournal/issues/volume67/number5/bierlein.pdf
| format = [[PDF]]
| url = http://moritzlaw.osu.edu/lawjournal/issues/volume67/number5/bierlein.pdf
}}</ref> Some jurisdictions prohibit it, some permit it, and others are not well-defined.
}}</ref> Some jurisdictions prohibit it, some permit it, and others are not well-defined.


For example, a common but untested argument is that the [[802.11]] and [[Dynamic Host Configuration Protocol|DHCP]] protocols operate on behalf of the owner, implicitly authorizing use of the network. (This would not apply if the user has other reason to know that their use is unauthorized, such as a verbal or written notice.)
For example, a common but untested argument is that the [[802.11]] and [[Dynamic Host Configuration Protocol|DHCP]] protocols operate on behalf of the owner, implicitly requesting permission to access the network, which the [[wireless router]] then authorizes. (This would not apply if the user has other reason to know that their use is unauthorized, such as a written or unwritten notice.)


In addition to laws against unauthorized access on the user side, there are the issues of [[breach of contract]] with the [[Internet service provider]] on the network owner's side. Many [[terms of service]] prohibit bandwidth sharing with others, though others allow it. The [[Electronic Frontier Foundation]] maintains [http://www.eff.org/Infrastructure/Wireless_cellular_radio/wireless_friendly_isp_list.html a list of ISPs] that allow sharing of the Wi-Fi signal.
In addition to laws against unauthorized access on the user side, there are the issues of [[breach of contract]] with the [[Internet service provider]] on the network owner's side. Many [[terms of service]] prohibit bandwidth sharing with others, though others allow it. The [[Electronic Frontier Foundation]] maintains a list of ISPs<ref>{{cite web|url=https://www.eff.org/Infra/Wireless_cellular_radio/wireless_friendly_isp_list.html|title=Wireless-Friendly ISPs|date=7 November 2011|publisher=}}</ref> that allow sharing of the Wi-Fi signal.


=== Australia ===
== Australia ==
Under Australian Law, "unauthorized access, modification or impairment" of data held in a computer system is a federal offence under the Criminal Code Act 1995.<ref>{{cite web|url=http://www.legislation.gov.au/Details/C2011C00123/Html/Text|title=Criminal Code Act 1995|website=www.legislation.gov.au}}</ref> The act refers specifically to ''data'' as opposed to network resources (connection).


== Canada ==
Under Australian Law, "unauthorised access, modification or impairment" of data held in a computer system is a federal offence under the Cybercrime Act 2001.[http://209.85.173.104/search?q=cache:216Ja3jDaXoJ:www.offi.gov.au/agd/www/Justiceministerhome.nsf/Page/245B439E57048428CA256B6B0082A1FB] The act refers specifically to ''data'' as opposed to network resources (connection).
In [[Canadian law]], unauthorized access is addressed the ''[[Criminal Code (Canada)|Criminal Code]]'', s 342.1, which provides that "Every one who, fraudulently and without [[colour of right]]" obtains "computer services" from an access point is subject to criminal charges.<ref>{{cite web|url=https://www.canlii.org/ca/sta/c-46/sec342.1.html|archiveurl=https://web.archive.org/web/20080307063609/http://www.canlii.org/ca/sta/c-46/sec342.1.html|url-status=dead|title=''Criminal Code'', RSC 1985, c C-46, s 342.1 (1) (a)|archivedate=March 7, 2008}}</ref>


Section 326(1) of the ''Criminal Code'' may also be used to address unauthorized access of a computer network: '(1) Every one commits theft who fraudulently, maliciously, or without [[colour of right]]', '(b) uses any telecommunication facility or obtains any telecommunication service.'
In the state of Western Australia it could be construed as "Unlawful operation of a computer system".{{Fact|date=March 2008}} The use of bandwidth or other resources could also be construed as theft if it involves deception then fraud.{{Fact|date=March 2008}}


In [[Morrisburg, Ontario]] in 2006, a man was arrested under section 326 of the ''Criminal Code''. Ultimately the arrest was poorly reported, there does not seem to be any information available with regards to conviction.<ref>{{cite web
=== Canada ===
| last = Geist
| first = Michael
| title = Ontario Police Arrest Man for War Driving
| date = 2006-03-08
| url = http://www.michaelgeist.ca/index.php?option=com_content&task=view&id=1150&Itemid=85
| accessdate = 2010-03-01
}}</ref>


== European Union ==
In Canadian law, unauthorized access is addressed by Section 342.1 of the ''Criminal Code of Canada''. According to Section 342.1, "Every one who, fraudulently and without [[colour of right]]" obtains "computer services" from an access point is subject to criminal charges. (See [http://www.canlii.org/ca/sta/c-46/sec342.1.html Criminal Code of Canada, RSC 1985, c. C-46, s. 342.1 (1) (a)])
In September 2016, the [[European Court of Justice]] decided in "McFadden"<ref>{{cite web|url=http://curia.europa.eu/juris/liste.jsf?num=C-484/14|title=CURIA - List of results|website=curia.europa.eu}}</ref> C-484/14 that "a businessman providing a public wifi network is not responsible for copyright infringement incurred by users. But he can be ordered to protect the network with a password, to prevent copyright infringement".<ref>{{cite web|url=http://curia.europa.eu/jcms/upload/docs/application/pdf/2016-09/cp160099de.pdf |title=Info |publisher=curia.europa.eu |date= |accessdate=2019-12-26}}</ref> The [[Electronic Frontier Foundation]] had lobbied for not requiring passwords.<ref>{{cite web|url=https://www.eff.org/files/2015/07/20/closedwifiasanobstacletolegitimatetrade-4.pdf |title=Closed wifi |publisher=www.eff.org |date= |accessdate=2019-12-26}}</ref>

In [[Toronto]], a man was arrested with a WiFi-enabled laptop in his car, partially undressed. He was tapping into unprotected wireless networks to download [[child pornography]]. Ultimately, however, he was charged not for piggybacking, but for the pornography instead.<ref>{{cite web
| last = Shim
| first = Richard
| title = Wi-Fi arrest highlights security dangers
| work =
| publisher = [[CNet]] News.com
| date = [[2003-11-28]]
| url = http://news.com.com/Wi-Fi+arrest+highlights+security+dangers/2100-1039_3-5112000.html
| accessdate = 2007-04-09
}}</ref>


=== Hong Kong ===
== Germany ==
{{Main|de:Störerhaftung}}


== Hong Kong ==
Under HK Laws. Chapter 200 ''Crimes Ordinance'' Section 161 ''Access to computer with criminal or dishonest intent'':
Under HK Laws. Chapter 200 ''Crimes Ordinance'' Section 161 ''Access to computer with criminal or dishonest intent'':
{{quote|(1) Any person who obtains access to a computer-
{{quote|(1) Any person who obtains access to a computer–
: (c) with a view to dishonest gain for himself or another; or
: (c) with a view to dishonest gain for himself or another; or
: (d) with a dishonest intent to cause loss to another,
: (d) with a dishonest intent to cause loss to another,
: whether on the same occasion as he obtains such access or on any future occasion, commits an offence and is liable on conviction upon indictment to imprisonment for 5 years.}}
: whether on the same occasion as he obtains such access or on any future occasion, commits an offence and is liable on conviction upon indictment to imprisonment for 5 years.}}


=== Singapore ===
== Italy ==
Unauthorized access to a protected system is illegal.<ref name="WifiITA">{{cite web
| last = Savy.uhf
| title = Normativa Attuale sul Wireless
| publisher = www.wifi-ita.com
| date = 2003-05-28
| url = http://www.wifi-ita.com/index.php?option=com_content&task=view&id=23&Itemid=46
| accessdate = 2009-08-22|language=it}}</ref>


== Japan ==
In [[November 2006]], a 17-year-old man, Garyl Tan Jia Luo, was arrested for tapping into his neighbour's wireless Internet connection.<ref>{{cite news |url=http://www.iht.com/articles/ap/2006/11/11/asia/AS_GEN_Singapore_Internet_Charges.php |title=Singapore teen faces 3 years' jail for tapping into another's wireless Internet |publisher=[[International Herald Tribune]] |date=2006-11-10 |accessdate=2007-08-31}}</ref> He faced up to three years' imprisonment and a fine under the [[Computer Misuse Act (Singapore)|Computer Misuse Act]].<ref>{{Singapore Statute | title=Computer Misuse Act | cap=50A | ed=1998}}</ref> On [[19 December]], Tan pleaded guilty to the charge,<ref>{{cite news|author=Chua Hian Hou |title=Wi-Fi Thief Pleads Guilty: 17-Year-Old Piggybacked on Neighbour's Network |publisher=[[The Straits Times]] |date=2006-12-20}}</ref> and on [[16 January]] [[2007]] he became the first person in Singapore to be convicted of the offense. He was sentenced by the [[Community Court (Singapore)|Community Court]] to 18 months' probation, half of which was to be served at a boys' home. For the remaining nine months, he had to stay indoors from 10:00 pm to 6:00 am. He was also sentenced to 80 hours of community service and banned from using the Internet for 18 months; his parents risked forfeiting a [[Singapore dollar|S$]]5,000 bond if he failed to abide by the ban. Tan was also given the option of enlisting early for [[National Service in Singapore|National Service]]. If he did so, he would not have to serve whatever remained of his sentence.<ref>{{cite news|author=Chua Hian Hou |title=18-Month Net Ban, Community Service for PC Game Addict |publisher=The Straits Times |date=2007-01-17}}</ref><ref>{{cite news|author=Ansley Ng |url=http://www.todayonline.com/articles/166274.asp |title=Illegal Wireless-Network User Sentenced to 18 Months' Probation |publisher=[[Today (Singapore newspaper)|Today]] |date=2007-01-17}}</ref>
On 28 April 2017 the [[Tokyo District Court]] ruled that accessing a wireless LAN network without authorization is not a crime, even if the network is protected with a password. In a case brought before the court involved a man named Hiroshi Fujita, who was accused of accessing a neighbors wi-fi network without authorization and sending virus-infected emails, and then using that to steal internet banking information and send funds to his own bank account without authorization. Hiroshi was found guilty of most of what he was accused of and sentenced to 8 years in prison. Regarding the unauthorized access of wireless networks, prosecutors argued that wi-fi passwords fall under the category of "secrets of wireless transmission" (無線通信の秘密) and that therefore obtaining and using passwords without permission of the network operator would fall under the category of unauthorized use of wireless transmission secrets, which is prohibited by law. However, the court ruled that the defendant is not guilty, stating in their ruling that wi-fi passwords do not fall under that category and therefore the unauthorized obtainment of passwords and subsequent accessing of protected wireless networks is not a crime.<ref>{{cite news|url=http://www.yomiuri.co.jp/national/20170427-OYT1T50095.html |title=無線LANただ乗り、電波法は「無罪」…懸念も |publisher=[[Yomiuri Shimbun]] |date=2017-04-28|language=ja}}</ref>


== Russia ==
On [[4 January]] [[2007]], Lin Zhenghuang was charged for using his neighbour's unsecured wireless network to post a bomb hoax on-line. In [[July 2005]], Lin had posted a message entitled "Breaking News – [[Toa Payoh]] Hit by Bomb Attacks" on an on-line forum managed by [[HardwareZone]]. Alarmed by the message, a forum user reported it to the authorities through the [[Government of Singapore]]'s [http://www.ecitizen.gov.sg eCitizen] website. Lin faced an additional 60 charges for using his notebook computer to illegally access the wireless networks of nine people in his neighborhood repeatedly.<ref>{{cite news |author=Chua Hian Hou |title=21-Year-Old in Second Wi-Fi Case: The Charge: Using Neighbour's Network to Make Bomb Threat |publisher=The Straits Times |date=2007-01-05}}</ref><ref name=youthpleadsguilty>{{cite news|author=Chua Hian Hou |title=Online Bomb Hoax: Youth Pleads Guilty: Then-Poly Student Made the Posting Because he was 'Sleepless and Bored' |publisher=The Straits Times |date=2007-02-01}}</ref> Lin pleaded guilty to one charge under the Telecommunications Act<ref>{{Singapore Statute | title=Telecommunications Act | cap=323 | ed=2000}}</ref> and another nine under the Computer Misuse Act on [[31 January]]. He apologised for his actions, claiming he had acted out of "stupidness" and not due to any "malicious or evil intent".<ref name=youthpleadsguilty /> On [[7 February]] he was sentenced by District Judge Francis Tseng to three months' jail and a S$4,000 fine. The judge also set sentencing guidelines for future 'mooching' cases, stating that offenders would be liable to fines and not to imprisonment unless offences were "committed in order to facilitate the commission of or to avoid detection for some more serious offence", as it was in Lin's case.<ref>{{cite news|author=Chua Hian Hou |title=Bomb Hoax Youth Gets 3 Months' Jail, $4,000 Fine |publisher=The Straits Times |date=2007-02-08}}</ref><ref>{{cite news |author=Leong Wee Keat |url=http://www.todayonline.com/articles/170699.asp |title=Bomb-Hoax Youth Gets 3 Months' Jail |publisher=[[Today (Singapore newspaper)|Today]] |date=2007-02-08}}.</ref>
Although Russian criminal law does not explicitly forbid access to another person's network, there is a common judicial practice to qualify these cases as an "unauthorized access to an information" (a broadly interpreted concept in Russian law regarding computer crimes) according to Article 272 of the Criminal Code. To construct the accusation, one considers ISP's billing data the information which has been accessed.


In addition, if the defendant have used any program (network scanner, for example) to access the network, he may also be charged by Article 273 (creation, usage and distribution of malware).
=== United Kingdom ===


== Singapore ==
The [[Computer Misuse Act 1990]], section 1 reads:<ref>[http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm Unauthorised access to computer material] - Computer Misuse Act 1990 (c. 18)</ref>
Piggybacking another person's unsecured wireless network is illegal in Singapore under section 6(1)(a) of the Computer Misuse and Cybersecurity Act.<ref name=st17apr>{{cite news|last1=Thor|first1=Venessa|title=5 little-known laws of Singapore|url=http://www.straitstimes.com/the-big-story/explainers/story/5-little-known-laws-singapore-20140414|accessdate=17 February 2015|work=Straits Times|date=14 April 2014}}</ref><ref name=cma-sg>{{Singapore legislation | title=Computer Misuse Act | cap=50A | ed=1998}}</ref> The offender is liable to a fine of $10,000, imprisonment for up to 3 years, or both.<ref name=st17apr /><ref name=cma-sg />

In November 2006, the 17-year-old Garyl Tan Jia Luo, was arrested for tapping into his neighbour's wireless Internet connection.<ref>{{cite news |url=http://www.iht.com/articles/ap/2006/11/11/asia/AS_GEN_Singapore_Internet_Charges.php |title=Singapore teen faces 3 years' jail for tapping into another's wireless Internet |publisher=International Herald Tribune |date=2006-11-10 |accessdate=2007-08-31}}</ref> On 19 December, Tan pleaded guilty to the charge,<ref>{{cite news|author=Chua Hian Hou |title=Wi-Fi Thief Pleads Guilty: 17-Year-Old Piggybacked on Neighbour's Network |publisher=[[The Straits Times]] |date=2006-12-20}}</ref> and on 16 January 2007 he became the first person in Singapore to be convicted of the offense. He was sentenced by the [[Community Court (Singapore)|Community Court]] to 18 months' probation, half of which was to be served at a boys' home. For the remaining nine months, he had to stay indoors from 10:00 pm to 6:00 am. He was also sentenced to 80 hours of community service and banned from using the Internet for 18 months; his parents risked forfeiting a [[Singapore dollar|S$]]5,000 bond if he failed to abide by the ban. Tan was also given the option of enlisting early for [[National Service in Singapore|National Service]]. If he did so, he would not have to serve whatever remained of his sentence.<ref>{{cite news|author=Chua Hian Hou |title=18-Month Net Ban, Community Service for PC Game Addict |publisher=The Straits Times |date=2007-01-17}}</ref><ref>{{cite news |author=Ansley Ng |url=http://www.todayonline.com/articles/166274.asp |title=Illegal Wireless-Network User Sentenced to 18 Months' Probation |publisher=[[Today (Singapore newspaper)|Today]] |date=2007-01-17 |url-status=dead |archiveurl=https://web.archive.org/web/20070926221850/http://www.todayonline.com/articles/166274.asp |archivedate=2007-09-26 }}</ref>

On 4 January 2007, Lin Zhenghuang was charged for using his neighbour's unsecured wireless network to post a bomb hoax online. In July 2005, Lin had posted a message entitled "Breaking News – [[Toa Payoh]] Hit by Bomb Attacks" on a forum managed by [[HardwareZone]]. Alarmed by the message, a user reported it to the authorities through the [[Government of Singapore]]'s eCitizen<ref>{{cite web|url=http://www.ecitizen.gov.sg|title=eCitizen|website=www.ecitizen.gov.sg|access-date=2020-02-25|archive-url=https://web.archive.org/web/20180916083012/https://www.ecitizen.gov.sg/|archive-date=2018-09-16|url-status=dead}}</ref> website. Lin faced an additional 60 charges for having used his notebook computer to repeatedly access the wireless networks of nine people in his neighborhood.<ref>{{cite news |author=Chua Hian Hou |title=21-Year-Old in Second Wi-Fi Case: The Charge: Using Neighbour's Network to Make Bomb Threat |publisher=The Straits Times |date=2007-01-05}}</ref><ref name=youthpleadsguilty>{{cite news|author=Chua Hian Hou |title=Online Bomb Hoax: Youth Pleads Guilty: Then-Poly Student Made the Posting Because he was 'Sleepless and Bored' |publisher=The Straits Times |date=2007-02-01}}</ref> Lin pleaded guilty to one charge under the Telecommunications Act<ref>{{Singapore legislation | title=Telecommunications Act | cap=323 | ed=2000}}</ref> and another nine under the Computer Misuse Act on 31 January. He apologised for his actions, claiming he had acted out of "stupidness" and not due to any "malicious or evil intent".<ref name=youthpleadsguilty /> On 7 February he was sentenced by District Judge Francis Tseng to three months' jail and a S$4,000 fine. The judge also set sentencing guidelines for future 'mooching' cases, stating that offenders would be liable to fines and not to imprisonment unless offences were "committed in order to facilitate the commission of or to avoid detection for some more serious offence", as it was in Lin's case.<ref>{{cite news|author=Chua Hian Hou |title=Bomb Hoax Youth Gets 3 Months' Jail, $4,000 Fine |publisher=The Straits Times |date=2007-02-08}}</ref><ref>{{cite news |author=Leong Wee Keat |url=http://www.todayonline.com/articles/170699.asp |title=Bomb-Hoax Youth Gets 3 Months' Jail |publisher=[[Today (Singapore newspaper)|Today]] |date=2007-02-08 |url-status=dead |archiveurl=https://web.archive.org/web/20070929120544/http://www.todayonline.com/articles/170699.asp |archivedate=2007-09-29 }}</ref>

== United Kingdom ==
The [[Computer Misuse Act 1990]], section 1 reads:<ref>[https://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm Unauthorised access to computer material] – Computer Misuse Act 1990 (c. 18)</ref>


{{quote|(1) A person is guilty of an offence if—
{{quote|(1) A person is guilty of an offence if—
: (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
: (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
: (b) the access he intends to secure is unauthorised; and
: (b) the access he intends to secure is unauthorised; and
: (c) he knows at the time when he causes the computer to perform the function that that is the case.}}
: (c) he knows at the time when he causes the computer to perform the function that is the case.}}


In [[London]], 2005, Gregory Straszkiewicz was the first person to be convicted of a related crime, "dishonestly obtaining an electronics communication service". Local residents complained that he was repeatedly trying to gain access to residential networks with a laptop from a car. There was no evidence that he had any other criminal intent.<ref>{{Cite news
In [[London]], 2005, Gregory Straszkiewicz was the first person to be convicted of a related crime, "dishonestly obtaining an electronics communication service" (under s.125 [[Communications Act 2003]]). Local residents complained that he was repeatedly trying to gain access to residential networks with a laptop from a car. There was no evidence that he had any other [[Intention (criminal law)|criminal intent]].<ref>{{Cite news
| last = Leyden
| last = Leyden
| first = John
| first = John
Line 66: Line 84:
| work = [[The Register]]
| work = [[The Register]]
| accessdate = 2007-09-02
| accessdate = 2007-09-02
| date = [[2005-07-25]]
| date = 2005-07-25
| url = http://www.theregister.co.uk/2005/07/25/uk_war_driver_fined/
| url = https://www.theregister.co.uk/2005/07/25/uk_war_driver_fined/
}}</ref> He was fined £500 and given a 12-month conditional discharge.<ref>{{Cite news
}}</ref> He was fined £500 and given a 12-month [[conditional discharge]].<ref>{{Cite news
| title = Wireless hijacking under scrutiny
| title = Wireless hijacking under scrutiny
| publisher = [[BBC]]
| publisher = BBC
| accessdate = 2007-09-02
| accessdate = 2007-09-02
| date = [[2005-07-28]]
| date = 2005-07-28
| url = http://news.bbc.co.uk/2/hi/technology/4721723.stm
| url = http://news.bbc.co.uk/2/hi/technology/4721723.stm
}}</ref>
}}</ref>
Line 80: Line 98:
| first = Peter
| first = Peter
| title = Two cautioned over wireless "piggy-backing"
| title = Two cautioned over wireless "piggy-backing"
| work =
| publisher = Reuters
| publisher = [[Reuters]]
| date = 2007-04-18
| url = https://www.reuters.com/article/internetNews/idUSL1848090220070418
| date = [[2007-04-18]]
| url = http://www.reuters.com/article/internetNews/idUSL1848090220070418
| accessdate = 2007-04-18
| accessdate = 2007-04-18
}}</ref><ref>{{Cite news
}}</ref><ref>{{Cite news
Line 89: Line 106:
| work = [[BBC]]
| work = [[BBC]]
| accessdate = 2007-09-02
| accessdate = 2007-09-02
| date = [[2007-04-17]]
| date = 2007-04-17
| url = http://news.bbc.co.uk/2/hi/uk_news/england/hereford/worcs/6565079.stm
| url = http://news.bbc.co.uk/2/hi/uk_news/england/hereford/worcs/6565079.stm
}}</ref>
}}</ref>


=== United States ===
== United States ==
There are federal and state laws (in all 50 states) addressing the issue of unauthorized access to wireless networks.<ref name=Bierlein/> The laws vary widely between states. Some criminalize the mere unauthorized access of a network, while others require monetary damages for intentional breaching of security features. The majority of state laws do not specify what is meant by "unauthorized access". Regardless, enforcement is minimal in most states even where it is illegal, and detection is difficult in many cases.<ref name="Bierlein"/><ref>{{cite web

|last = Goodwin
Laws vary widely between states. Some criminalize the mere unauthorized access of a network, while others require monetary damages or intentional breaching of security features. The majority of state laws do not specify what is meant by "unauthorized access". Regardless, enforcement is minimal in most states even where it is illegal, and detection is difficult in many cases.<ref>{{cite web
| last = Goodwin
|first = Janna
|title = Computer Hacking and Unauthorized Access Laws
| first = Janna
|work = Telecommunications & Information Technology
| title = Computer Hacking and Unauthorized Access Laws
|publisher = National Conference of State Legislatures
| work = Telecommunications & Information Technology
|date = 2006-03-10
| publisher = National Conference of State Legislatures
|url = http://www.ncsl.org/programs/lis/cip/hacklaw.htm
| date = [[2006-03-10]]
|accessdate = 2007-04-09
| url = http://www.ncsl.org/programs/lis/cip/hacklaw.htm
|url-status = dead
| accessdate = 2007-04-09
|archiveurl = http://webarchive.loc.gov/all/20090429232149/http://www.ncsl.org/programs/lis/cip/hacklaw.htm
}}</ref><ref name="Bierlein"/>
|archivedate = 2009-04-29
}}</ref>


Some portable devices, such as the Apple [[iPod touch]], allow casual use of open Wifi networks as a basic feature, and even use it for user [[geolocation]].{{Specify|date=March 2008}}
Some portable devices, such as the Apple [[iPad]] and [[iPod Touch]], allow casual use of open Wi-Fi networks as a basic feature, and often identify the presence of specific access points within the vicinity for user [[geolocation]].


==== Arrests ====
=== Arrests ===
In [[St. Petersburg, Florida|St. Petersburg]], 2005, Benjamin Smith III was arrested and charged with "unauthorized access to a computer network", a third-degree felony in the state of [[Florida]], after using a resident's wireless network from a car parked outside.<ref>{{Cite news
In [[St. Petersburg, Florida|St. Petersburg]], 2005, Benjamin Smith III was arrested and charged with "unauthorized access to a computer network", a third-degree felony in the state of [[Florida]], after using a resident's wireless network from a car parked outside.<ref>{{Cite news
| last = Leary
| last = Leary
| first = Alex
| first = Alex
| title = Wi-Fi cloaks a new breed of intruder
| title = Wi-Fi cloaks a new breed of intruder
| work = [[St. Petersburg Times]]
| work = [[St. Petersburg Times]]
| accessdate = 2007-09-02
| accessdate = 2007-09-02
| date = [[2005-07-04]]
| date = 2005-07-04
| url = http://www.sptimes.com/2005/07/04/State/Wi_Fi_cloaks_a_new_br.shtml
| url = http://www.sptimes.com/2005/07/04/State/Wi_Fi_cloaks_a_new_br.shtml
}}</ref><ref>{{Cite web
}}</ref><ref>{{cite web
| last = Bangeman
| last = Bangeman
| first = Eric
| first = Eric
Line 123: Line 142:
| work = [[Ars Technica]]
| work = [[Ars Technica]]
| accessdate = 2007-09-02
| accessdate = 2007-09-02
| date = [[2005-07-07]]
| date = 2005-07-07
| url = http://arstechnica.com/news.ars/post/20050707-5068.html
| url = https://arstechnica.com/news.ars/post/20050707-5068.html
}}</ref>
}}</ref>


An [[Illinois]] man was arrested in January 2006 for piggybacking on a [[Wi-Fi]] network. David M. Kauchak was the first person to be charged with "remotely accessing another computer system" in [[Winnebago County, Illinois|Winnebago County]]. He had been accessing the Internet through a nonprofit agency's network from a car parked nearby and chatted with the police officer about it. He pleaded guilty and was sentenced to a fine of $250 and one year of court supervision.<ref>{{cite web
An [[Illinois]] man was arrested in January 2006 for piggybacking on a [[Wi-Fi]] network. David M. Kauchak was the first person to be charged with "remotely accessing another computer system" in [[Winnebago County, Illinois|Winnebago County]]. He had been accessing the Internet through a nonprofit agency's network from a car parked nearby and chatted with the police officer about it. He pleaded guilty and was sentenced to a fine of $250 and one year of court supervision.<ref>{{cite web
| last = Gonsalves
|last = Gonsalves
| first = Antone
|first = Antone
| title = Illinois Man Fined For Piggybacking On Wi-Fi Service
|title = Illinois Man Fined For Piggybacking On Wi-Fi Service
| work = TechWeb Technology News
|work = TechWeb Technology News
| publisher = [[TechWeb]]
|publisher = TechWeb
| date = [[2006-03-24]]
|date = 2006-03-24
| url = http://www.techweb.com/wire/183702832
|url = http://www.techweb.com/wire/183702832
| accessdate = 2007-04-09
|accessdate = 2007-04-09
|url-status = dead
|archiveurl = https://web.archive.org/web/20070525103850/http://www.techweb.com/wire/183702832
|archivedate = 2007-05-25
}}</ref><ref>{{Cite news
}}</ref><ref>{{Cite news
| last = Green
| last = Green
Line 142: Line 164:
| work = [[The Rockford Register Star]]
| work = [[The Rockford Register Star]]
| accessdate = 2007-09-03
| accessdate = 2007-09-03
| date = [[2006-03-23]]
| date = 2006-03-23
| url = http://www.mail-archive.com/isn@attrition.org/msg05482.html
| url = http://seclists.org/isn/2006/Mar/0098.html
}}</ref>
}}</ref>


In [[Sparta, Michigan]], 2007, Sam Peterson was arrested for checking his email each day using a cafe's wireless Internet access from a car parked nearby. A police officer became suspicious, stating, "I had a feeling a law was being broken, but I didn't know exactly what". The man explained what he was doing to the officer when asked, as he did not know that the act was illegal. The officer found a law against "unauthorized use of computer access", leading to an arrest and charges that could result in a five year felony and $10,000 fine. The cafe owner was not aware of the law, either. "I didn't know it was really illegal, either. If he would have come in [to the coffee shop] it would have been fine." He was eventually sentenced to a $400 fine and 40 hours of community service.<ref>{{Cite web
In [[Sparta, Michigan]], 2007, Sam Peterson was arrested for checking his email each day using a café's wireless Internet access from a car parked nearby. A police officer became suspicious, stating, "I had a feeling a law was being broken, but I didn't know exactly what". When asked, the man explained to the officer what he was doing, as he did not know the act was illegal. The officer found a law against "unauthorized use of computer access", leading to an arrest and charges that could result in a five-year felony and $10,000 fine. The café owner was not aware of the law, either. "I didn't know it was really illegal, either. If he would have come in [to the coffee shop] it would have been fine." They did not press charges, but he was eventually sentenced to a $400 fine and 40 hours of community service.<ref>{{cite web
| last = Cheng
| last = Cheng
| first = Jacqui
| first = Jacqui
Line 152: Line 174:
| work = [[Ars Technica]]
| work = [[Ars Technica]]
| accessdate = 2007-09-02
| accessdate = 2007-09-02
| date = [[2007-05-22]]
| date = 2007-05-22
| url = http://arstechnica.com/news.ars/post/20070522-michigan-man-arrested-for-using-cafes-free-wifi-from-his-car.html
| url = https://arstechnica.com/news.ars/post/20070522-michigan-man-arrested-for-using-cafes-free-wifi-from-his-car.html
}}</ref> This case was featured on ''[[List of The Colbert Report episodes (2007)#October|The Colbert Report]]''.<ref>{{cite news
}}</ref><ref>{{Cite news
| url=http://www.colbertnation.com/the-colbert-report-videos/104580/october-02-2007/nailed--em---cyberrorists
| last = Center
| title=Nailed 'Em - Cyberrorists
| first = Patrick
| work=The Colbert Report, Comedy Central
| title = A wireless felony
| author=
| work = [[WOOD-TV]]
| accessdate = 2007-09-02
| date=2007-10-02
| accessdate=2011-05-02 }}
| date = [[2007-06-18]]
</ref>
| url = http://www.woodtv.com/Global/story.asp?S=6546307
}}</ref> This case was featured on the [[List_of_The_Colbert_Report_episodes_%282007%29#October|Colbert Report]].<ref>http://blog.wired.com/27bstroke6/2007/10/stephen-colbert.html Video on Wired.com</ref>


In 2007, [[Palmer, Alaska]], 21-year old Brian Tanner was charged with "theft of services" and had his laptop confiscated after accessing [[Risk_(game)#Computer_implementations_and_video_games|a gaming website]] at night from the parking lot outside the Palmer Public Library, as he was allowed to do during the day. He had been asked to leave the parking lot the night before by police, which he had started using because they had asked him not to use residential connections in the past. He was not ultimately charged with theft, but could still be charged with trespassing or not obeying a police order. The library director said that Tanner had not broken any rules, and local citizens criticized police for their actions.<ref>{{Cite news
In 2007, in [[Palmer, Alaska]], 21-year-old Brian Tanner was charged with "theft of services" and had his laptop confiscated after accessing [[Risk (game)#Computer implementations and video games|a gaming website]] at night from the parking lot outside the Palmer Public Library, as he was allowed to do during the day. The night before, the police had asked him to leave the parking lot, which he had started using because they had asked him not to use residential connections in the past. He was not ultimately charged with theft, but could still be charged with trespassing or not obeying a police order. The library director said that Tanner had not broken any rules, and local citizens criticized police for their actions.<ref>{{Cite news
| last = Wellner
|last=Wellner
| first = Andrew
|first=Andrew
| title = Using free wireless at library described as theft
|title=Using free wireless at library described as theft
| work = [[Anchorage Daily News]]
|work=[[Anchorage Daily News]]
| accessdate = 2007-09-03
|accessdate=2007-09-03
| date = [[2007-02-24]]
|date=2007-02-24
| url = http://www.adn.com/news/alaska/story/8667098p-8559268c.html
|url=http://www.adn.com/news/alaska/story/8667098p-8559268c.html
|archiveurl=https://web.archive.org/web/20070403031107/http://www.adn.com/news/alaska/story/8667098p-8559268c.html
}}</ref><ref>{{Cite web
|archivedate=2007-04-03
|url-status=dead
}}</ref><ref>{{cite web
| last = West
| last = West
| first = Jessamyn
| first = Jessamyn
Line 178: Line 202:
| work = librarian.net
| work = librarian.net
| accessdate = 2007-09-03
| accessdate = 2007-09-03
| date = [[2007-02-26]]
| date = 2007-02-26
| url = http://www.librarian.net/stax/1983/man-using-library-wifi-after-hours-gets-laptop-confiscated/
| url = http://www.librarian.net/stax/1983/man-using-library-wifi-after-hours-gets-laptop-confiscated/
}}</ref><ref>{{Cite news
}}</ref><ref>{{Cite news
| title = Man Busted for After-hours Library Wireless Use Won't Be Charged with Theft
|title = Man Busted for After-hours Library Wireless Use Won't Be Charged with Theft
| work = Library Journal
|work = Library Journal
| accessdate = 2007-09-03
|accessdate = 2007-09-03
| date = [[2007-03-12]]
|date = 2007-03-12
| url = http://www.libraryjournal.com/article/CA6423269.html
|url = http://www.libraryjournal.com/article/CA6423269.html
|url-status = dead
|archiveurl = https://web.archive.org/web/20070930210610/http://www.libraryjournal.com/article/CA6423269.html
|archivedate = 2007-09-30
}}</ref>
}}</ref>


==== Legislation ====
=== Legislation ===
In 2003, the [[New Hampshire]] [http://gencourt.state.nh.us/legislation/2003/HB0495.html House Bill 495] was proposed, which would clarify that the duty to secure the wireless network lies with the network owner, instead of criminalizing the automatic access of open networks.<ref>{{Cite news
In 2003, the [[New Hampshire]] House Bill 495<ref>{{cite web|url=http://gencourt.state.nh.us/legislation/2003/HB0495.html| title= House Bill 495|website=Gencourt.state.nh.us}}</ref> was proposed, which would clarify that the duty to secure the wireless network lies with the network owner, instead of criminalizing the automatic access of open networks.<ref>{{Cite magazine
| last = McWilliams
| last = McWilliams
| first = Brian
| first = Brian
| title = Licensed to War Drive in N.H.
| title = Licensed to War Drive in N.H.
| work = [[Wired (magazine)|Wired]]
| magazine = [[Wired (magazine)|Wired]]
| accessdate = 2007-09-03
| accessdate = 2007-09-03
| date = [[2003-04-29]]
| date = 2003-04-29
| url = http://www.wired.com/gadgets/wireless/news/2003/04/58651?currentPage=all
| url = https://www.wired.com/gadgets/wireless/news/2003/04/58651?currentPage=all
}}</ref><ref>{{Cite web
}}</ref><ref>{{cite web
| last = Professor Orin Kerr
| last = Professor Orin Kerr
| title = Would a New Hampshire bill really legalize war driving?
| title = Would a New Hampshire bill really legalize war driving?
| work = The Volokh Conspiracy
| work = The Volokh Conspiracy
| accessdate = 2007-09-01
| accessdate = 2007-09-01
| date = [[2003-04-30]]
| date = 2003-04-30
| url = http://www.volokh.com/2003_04_27_volokh_archive.html#200223941
| url = http://www.volokh.com/2003_04_27_volokh_archive.html#200223941
}}</ref> It was passed by the New Hampshire House in March 2003, but was not signed into law. The current wording of the law provides some [[affirmative defense]]s for use of a network that is not explicitly authorized:<ref>[http://www.gencourt.state.nh.us/rsa/html/LXII/638/638-17.htm Text of Section 638:17 Computer Related Offenses]</ref>
}}</ref> It was passed by the New Hampshire House in March 2003 but was not signed into law. The current wording of the law provides some [[affirmative defense]]s for use of a network that is not explicitly authorized:<ref>{{cite web| website=Gencourt.state.nh.us| url=http://www.gencourt.state.nh.us/rsa/html/LXII/638/638-17.htm |title=Text of Section 638:17 Computer Related Offenses}}</ref>


{{quote|I. A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that:
{{quote|I. A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that:
: (a) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or
: (a) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or
: (b) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or
: (b) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or
: (c) The person reasonably could not have known that his or her access was unauthorized.}}
: (c) The person reasonably could not have known that his or her access was unauthorized.}}


There are additional provisions in the NH law, Section 638:17 Computer Related Offenses, as found by searching NH RSA's in December 2009. They cover actual use of someone else's computer rather than simply "access":
[[New York]] law, until a few years ago, was the most permissive. The section of NYS Penal Code which covered unauthorized access, previously only making piggybacking illegal when encryption or passworded security was bypassed, was quietly revised to reclassify piggybacking without the network owner's authorization as a class A misdemeanor. [[Westchester County, New York|Westchester County]] passed [http://www.westchestergov.com/idtheft/wifilaw.htm a law], taking effect in October 2006, that prohibits commercial networks from being operated without a firewall, [[Service set identifier|SSID]] broadcasting disabled, and a non-default SSID, in an effort to fight [[identity theft]]. Businesses that do not secure their networks in this way face a $500 fine. The law has been criticized as being ineffectual against actual identity thieves and punishing businesses like [[coffee house]]s for normal business practices.<ref>{{Cite web

| title = Wi-Fi Safety - Wireless Protection
{{quote|
| work = Westchestergov.com
II. A person is guilty of the computer crime of theft of computer services when he or she knowingly accesses or causes to be accessed or otherwise uses or causes to be used a computer or computer network with the purpose of obtaining unauthorized computer services.

III. A person is guilty of the computer crime of interruption of computer services when the person, without authorization, knowingly or recklessly disrupts or degrades or causes the disruption or degradation of computer services or denies or causes the denial of computer services to an authorized user of a computer or computer network.

IV. A person is guilty of the computer crime of misuse of computer or computer network information when:
: (a) As a result of his or her accessing or causing to be accessed a computer or computer network, the person knowingly makes or causes to be made an unauthorized display, use, disclosure, or copy, in any form, of data residing in, communicated by, or produced by a computer or computer network; or
: (b) The person knowingly or recklessly and without authorization:
:: (1) Alters, deletes, tampers with, damages, destroys, or takes data intended for use by a computer or computer network, whether residing within or external to a computer or computer network; or
:: (2) Intercepts or adds to data residing within a computer or computer network; or
: (c) The person knowingly receives or retains data obtained in violation of subparagraph (a) or (b) of this paragraph; or
: (d) The person knowingly uses or discloses any data he or she knows or believes was obtained in violation of subparagraph (a) or (b) of this paragraph.

V. A person is guilty of the computer crime of destruction of computer equipment when he or she, without authorization, knowingly or recklessly tampers with, takes, transfers, conceals, alters, damages, or destroys any equipment used in a computer or computer network, or knowingly or recklessly causes any of the foregoing to occur.

VI. A person is guilty of the computer crime of computer contamination if such person knowingly introduces, or causes to be introduced, a computer contaminant into any computer, computer program, or computer network which results in a loss of property or computer services.}}

[[New York (state)|New York]] law is the most permissive.<ref name="Bierlein"/> The statute against unauthorized access only applies when the network "is equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of said computer or computer system".<ref>{{cite web|url=http://law.onecle.com/new-york/penal/PEN0156.05_156.05.html|title=New York Penal Section 156.05 - Unauthorized Use Of A Computer. - New York Attorney Resources - New York Laws|website=law.onecle.com}}</ref><ref>{{Cite web |url=http://wings.buffalo.edu/law/bclc/web/NewYork/ny3(a)(1)-.htm#156.05 |title=Ny3(a)- |access-date=2008-09-20 |archive-url=https://web.archive.org/web/20130629211807/http://wings.buffalo.edu/law/bclc/web/NewYork/ny3%28a%29%281%29-.htm#156.05 |archive-date=2013-06-29 |url-status=dead }}</ref><ref>{{cite web|url=http://ypdcrime.com/penal.law/article156.htm#156.05|title=Article 156 - Penal Law - Offenses Involving Computers|website=ypdcrime.com}}</ref><ref>{{cite web|url=http://www.internetlibrary.com/statuteitem.cfm?Num=11#05|title=New York Offenses Involving Computers - Internet Library of Law and Court Decisions|website=www.internetlibrary.com}}</ref> In other words, the use of a network would only be considered unauthorized and illegal if the network owner had enabled encryption or password protection and the user bypassed this protection, or when the owner has explicitly given notice that use of the network is prohibited, either orally or in writing.<ref name="Bierlein"/><ref>"Thus, open wireless access would only be actionable under this statute if the network operator has enabled encryption or password protection on the network, and users usurped this protection." – [[#cite note-Bierlein-0|Bierlein]]</ref><ref>
{{cite web
| last = Rasch
| first = Mark
| title = WiFi High Crimes
| work = SecurityFocus
| accessdate = 2007-09-18
| accessdate = 2007-09-18
| date = 2004-05-03
| url = http://www.westchestergov.com/idtheft/Wifiinfo.htm
| url = http://www.securityfocus.com/columnists/237
}}</ref><ref>{{Cite web
}} "In fact, the companion New York State computer crime law, NY Penal Code Section 156 (6), requires that, for using a computer service without authorization, the prosecutor must prove that the owner has given actual notice to potential hackers or trespassers, either in writing or orally. In the absence of such notice in New York, the hacker can presume that he or she has authorization to proceed, under state law."</ref> [[Westchester County, New York|Westchester County]] passed a law,<ref>{{cite web|url=http://www.westchestergov.com/idtheft/wifilaw.htm|title=In the Spotlight|date=18 November 2007|url-status=bot: unknown|archiveurl=https://web.archive.org/web/20071118123541/http://www.westchestergov.com/idtheft/wifilaw.htm|archivedate=18 November 2007}}</ref> taking effect in October 2006, that requires any commercial business that stores, utilizes or otherwise maintains personal information electronically to take some minimum security measures (e.g., a firewall, [[Service set identifier|SSID]] broadcasting disabled, or using a non-default SSID) in an effort to fight [[identity theft]]. Businesses that do not secure their networks in this way face a $500 fine. The law has been criticized as being ineffectual against actual identity thieves and punishing businesses like [[coffee house]]s for normal business practices.<ref>{{cite web
|title=Wi-Fi Safety - Wireless Protection
|work=Westchestergov.com
|accessdate=2007-09-18
|url=http://www.westchestergov.com/idtheft/Wifiinfo.htm
|archiveurl=https://web.archive.org/web/20070905192057/http://www.westchestergov.com/idtheft/Wifiinfo.htm
|archivedate=2007-09-05
|url-status=dead
}}</ref><ref>{{cite web
| last = Spiegel
| last = Spiegel
| first = Dana
| first = Dana
Line 222: Line 280:
| work = Wireless Community
| work = Wireless Community
| accessdate = 2007-09-18
| accessdate = 2007-09-18
| date = [[2005-11-08]]
| date = 2005-11-08
| url = http://www.wirelesscommunity.info/2005/11/08/westchester-county-law-requiring-secured-wi-fi-networks/#comment-311
| url = http://www.wirelesscommunity.info/2005/11/08/westchester-county-law-requiring-secured-wi-fi-networks/#comment-311
| archive-url = https://web.archive.org/web/20071112055708/http://www.wirelesscommunity.info/2005/11/08/westchester-county-law-requiring-secured-wi-fi-networks/#comment-311
}}</ref><ref>{{Cite web
| archive-date = 2007-11-12
| last = Spiegel
| first = Dana
| url-status = dead
}}</ref><ref>{{cite web
| title = Westchester County Law Requiring Secured Wi-Fi Networks (again)
|last = Spiegel
| work = Wireless Community
|first = Dana
| accessdate = 2007-09-18
|title = Westchester County Law Requiring Secured Wi-Fi Networks (again)
| date = [[2006-04-24]]
|work = Wireless Community
| url = http://www.wirelesscommunity.info/2006/04/24/westchester-county-law-requiring-secured-wi-fi-networks-again/
|accessdate = 2007-09-18
|date = 2006-04-24
|url = https://www.wirelesscommunity.info/2006/04/24/westchester-county-law-requiring-secured-wi-fi-networks-again/
|url-status = dead
|archiveurl = https://web.archive.org/web/20071112055717/http://www.wirelesscommunity.info/2006/04/24/westchester-county-law-requiring-secured-wi-fi-networks-again/
|archivedate = 2007-11-12
}}</ref>
}}</ref>


==References==
== See also ==
* [[Piggybacking (Internet access)]]
* [[Wardriving]]

== References ==
{{reflist}}
{{reflist}}


[[Category:Wireless networking]]
[[Category:Wireless networking]]
[[Category:Wireless access points]]
[[Category:Computer law|Piggybacking]]

Latest revision as of 00:26, 25 January 2024

Laws regarding "unauthorized access of a computer network" exist in many legal codes, though the wording and meaning differs from one to the next. However, the interpretation of terms like "access" and "authorization" is not clear, and there is no general agreement on whether piggybacking (intentional access of an open Wi-Fi network without harmful intent) falls under this classification.[1] Some jurisdictions prohibit it, some permit it, and others are not well-defined.

For example, a common but untested argument is that the 802.11 and DHCP protocols operate on behalf of the owner, implicitly requesting permission to access the network, which the wireless router then authorizes. (This would not apply if the user has other reason to know that their use is unauthorized, such as a written or unwritten notice.)

In addition to laws against unauthorized access on the user side, there are the issues of breach of contract with the Internet service provider on the network owner's side. Many terms of service prohibit bandwidth sharing with others, though others allow it. The Electronic Frontier Foundation maintains a list of ISPs[2] that allow sharing of the Wi-Fi signal.

Australia

[edit]

Under Australian Law, "unauthorized access, modification or impairment" of data held in a computer system is a federal offence under the Criminal Code Act 1995.[3] The act refers specifically to data as opposed to network resources (connection).

Canada

[edit]

In Canadian law, unauthorized access is addressed the Criminal Code, s 342.1, which provides that "Every one who, fraudulently and without colour of right" obtains "computer services" from an access point is subject to criminal charges.[4]

Section 326(1) of the Criminal Code may also be used to address unauthorized access of a computer network: '(1) Every one commits theft who fraudulently, maliciously, or without colour of right', '(b) uses any telecommunication facility or obtains any telecommunication service.'

In Morrisburg, Ontario in 2006, a man was arrested under section 326 of the Criminal Code. Ultimately the arrest was poorly reported, there does not seem to be any information available with regards to conviction.[5]

European Union

[edit]

In September 2016, the European Court of Justice decided in "McFadden"[6] C-484/14 that "a businessman providing a public wifi network is not responsible for copyright infringement incurred by users. But he can be ordered to protect the network with a password, to prevent copyright infringement".[7] The Electronic Frontier Foundation had lobbied for not requiring passwords.[8]

Germany

[edit]

Hong Kong

[edit]

Under HK Laws. Chapter 200 Crimes Ordinance Section 161 Access to computer with criminal or dishonest intent:

(1) Any person who obtains access to a computer–

(c) with a view to dishonest gain for himself or another; or
(d) with a dishonest intent to cause loss to another,
whether on the same occasion as he obtains such access or on any future occasion, commits an offence and is liable on conviction upon indictment to imprisonment for 5 years.

Italy

[edit]

Unauthorized access to a protected system is illegal.[9]

Japan

[edit]

On 28 April 2017 the Tokyo District Court ruled that accessing a wireless LAN network without authorization is not a crime, even if the network is protected with a password. In a case brought before the court involved a man named Hiroshi Fujita, who was accused of accessing a neighbors wi-fi network without authorization and sending virus-infected emails, and then using that to steal internet banking information and send funds to his own bank account without authorization. Hiroshi was found guilty of most of what he was accused of and sentenced to 8 years in prison. Regarding the unauthorized access of wireless networks, prosecutors argued that wi-fi passwords fall under the category of "secrets of wireless transmission" (無線通信の秘密) and that therefore obtaining and using passwords without permission of the network operator would fall under the category of unauthorized use of wireless transmission secrets, which is prohibited by law. However, the court ruled that the defendant is not guilty, stating in their ruling that wi-fi passwords do not fall under that category and therefore the unauthorized obtainment of passwords and subsequent accessing of protected wireless networks is not a crime.[10]

Russia

[edit]

Although Russian criminal law does not explicitly forbid access to another person's network, there is a common judicial practice to qualify these cases as an "unauthorized access to an information" (a broadly interpreted concept in Russian law regarding computer crimes) according to Article 272 of the Criminal Code. To construct the accusation, one considers ISP's billing data the information which has been accessed.

In addition, if the defendant have used any program (network scanner, for example) to access the network, he may also be charged by Article 273 (creation, usage and distribution of malware).

Singapore

[edit]

Piggybacking another person's unsecured wireless network is illegal in Singapore under section 6(1)(a) of the Computer Misuse and Cybersecurity Act.[11][12] The offender is liable to a fine of $10,000, imprisonment for up to 3 years, or both.[11][12]

In November 2006, the 17-year-old Garyl Tan Jia Luo, was arrested for tapping into his neighbour's wireless Internet connection.[13] On 19 December, Tan pleaded guilty to the charge,[14] and on 16 January 2007 he became the first person in Singapore to be convicted of the offense. He was sentenced by the Community Court to 18 months' probation, half of which was to be served at a boys' home. For the remaining nine months, he had to stay indoors from 10:00 pm to 6:00 am. He was also sentenced to 80 hours of community service and banned from using the Internet for 18 months; his parents risked forfeiting a S$5,000 bond if he failed to abide by the ban. Tan was also given the option of enlisting early for National Service. If he did so, he would not have to serve whatever remained of his sentence.[15][16]

On 4 January 2007, Lin Zhenghuang was charged for using his neighbour's unsecured wireless network to post a bomb hoax online. In July 2005, Lin had posted a message entitled "Breaking News – Toa Payoh Hit by Bomb Attacks" on a forum managed by HardwareZone. Alarmed by the message, a user reported it to the authorities through the Government of Singapore's eCitizen[17] website. Lin faced an additional 60 charges for having used his notebook computer to repeatedly access the wireless networks of nine people in his neighborhood.[18][19] Lin pleaded guilty to one charge under the Telecommunications Act[20] and another nine under the Computer Misuse Act on 31 January. He apologised for his actions, claiming he had acted out of "stupidness" and not due to any "malicious or evil intent".[19] On 7 February he was sentenced by District Judge Francis Tseng to three months' jail and a S$4,000 fine. The judge also set sentencing guidelines for future 'mooching' cases, stating that offenders would be liable to fines and not to imprisonment unless offences were "committed in order to facilitate the commission of or to avoid detection for some more serious offence", as it was in Lin's case.[21][22]

United Kingdom

[edit]

The Computer Misuse Act 1990, section 1 reads:[23]

(1) A person is guilty of an offence if—

(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that is the case.

In London, 2005, Gregory Straszkiewicz was the first person to be convicted of a related crime, "dishonestly obtaining an electronics communication service" (under s.125 Communications Act 2003). Local residents complained that he was repeatedly trying to gain access to residential networks with a laptop from a car. There was no evidence that he had any other criminal intent.[24] He was fined £500 and given a 12-month conditional discharge.[25]

In early 2006, two other individuals were arrested and received an official caution for "dishonestly obtaining electronic communications services with intent to avoid payment."[26][27]

United States

[edit]

There are federal and state laws (in all 50 states) addressing the issue of unauthorized access to wireless networks.[1] The laws vary widely between states. Some criminalize the mere unauthorized access of a network, while others require monetary damages for intentional breaching of security features. The majority of state laws do not specify what is meant by "unauthorized access". Regardless, enforcement is minimal in most states even where it is illegal, and detection is difficult in many cases.[1][28]

Some portable devices, such as the Apple iPad and iPod Touch, allow casual use of open Wi-Fi networks as a basic feature, and often identify the presence of specific access points within the vicinity for user geolocation.

Arrests

[edit]

In St. Petersburg, 2005, Benjamin Smith III was arrested and charged with "unauthorized access to a computer network", a third-degree felony in the state of Florida, after using a resident's wireless network from a car parked outside.[29][30]

An Illinois man was arrested in January 2006 for piggybacking on a Wi-Fi network. David M. Kauchak was the first person to be charged with "remotely accessing another computer system" in Winnebago County. He had been accessing the Internet through a nonprofit agency's network from a car parked nearby and chatted with the police officer about it. He pleaded guilty and was sentenced to a fine of $250 and one year of court supervision.[31][32]

In Sparta, Michigan, 2007, Sam Peterson was arrested for checking his email each day using a café's wireless Internet access from a car parked nearby. A police officer became suspicious, stating, "I had a feeling a law was being broken, but I didn't know exactly what". When asked, the man explained to the officer what he was doing, as he did not know the act was illegal. The officer found a law against "unauthorized use of computer access", leading to an arrest and charges that could result in a five-year felony and $10,000 fine. The café owner was not aware of the law, either. "I didn't know it was really illegal, either. If he would have come in [to the coffee shop] it would have been fine." They did not press charges, but he was eventually sentenced to a $400 fine and 40 hours of community service.[33] This case was featured on The Colbert Report.[34]

In 2007, in Palmer, Alaska, 21-year-old Brian Tanner was charged with "theft of services" and had his laptop confiscated after accessing a gaming website at night from the parking lot outside the Palmer Public Library, as he was allowed to do during the day. The night before, the police had asked him to leave the parking lot, which he had started using because they had asked him not to use residential connections in the past. He was not ultimately charged with theft, but could still be charged with trespassing or not obeying a police order. The library director said that Tanner had not broken any rules, and local citizens criticized police for their actions.[35][36][37]

Legislation

[edit]

In 2003, the New Hampshire House Bill 495[38] was proposed, which would clarify that the duty to secure the wireless network lies with the network owner, instead of criminalizing the automatic access of open networks.[39][40] It was passed by the New Hampshire House in March 2003 but was not signed into law. The current wording of the law provides some affirmative defenses for use of a network that is not explicitly authorized:[41]

I. A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that:

(a) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or
(b) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or
(c) The person reasonably could not have known that his or her access was unauthorized.

There are additional provisions in the NH law, Section 638:17 Computer Related Offenses, as found by searching NH RSA's in December 2009. They cover actual use of someone else's computer rather than simply "access":

II. A person is guilty of the computer crime of theft of computer services when he or she knowingly accesses or causes to be accessed or otherwise uses or causes to be used a computer or computer network with the purpose of obtaining unauthorized computer services.

III. A person is guilty of the computer crime of interruption of computer services when the person, without authorization, knowingly or recklessly disrupts or degrades or causes the disruption or degradation of computer services or denies or causes the denial of computer services to an authorized user of a computer or computer network.

IV. A person is guilty of the computer crime of misuse of computer or computer network information when:

(a) As a result of his or her accessing or causing to be accessed a computer or computer network, the person knowingly makes or causes to be made an unauthorized display, use, disclosure, or copy, in any form, of data residing in, communicated by, or produced by a computer or computer network; or
(b) The person knowingly or recklessly and without authorization:
(1) Alters, deletes, tampers with, damages, destroys, or takes data intended for use by a computer or computer network, whether residing within or external to a computer or computer network; or
(2) Intercepts or adds to data residing within a computer or computer network; or
(c) The person knowingly receives or retains data obtained in violation of subparagraph (a) or (b) of this paragraph; or
(d) The person knowingly uses or discloses any data he or she knows or believes was obtained in violation of subparagraph (a) or (b) of this paragraph.

V. A person is guilty of the computer crime of destruction of computer equipment when he or she, without authorization, knowingly or recklessly tampers with, takes, transfers, conceals, alters, damages, or destroys any equipment used in a computer or computer network, or knowingly or recklessly causes any of the foregoing to occur.

VI. A person is guilty of the computer crime of computer contamination if such person knowingly introduces, or causes to be introduced, a computer contaminant into any computer, computer program, or computer network which results in a loss of property or computer services.

New York law is the most permissive.[1] The statute against unauthorized access only applies when the network "is equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of said computer or computer system".[42][43][44][45] In other words, the use of a network would only be considered unauthorized and illegal if the network owner had enabled encryption or password protection and the user bypassed this protection, or when the owner has explicitly given notice that use of the network is prohibited, either orally or in writing.[1][46][47] Westchester County passed a law,[48] taking effect in October 2006, that requires any commercial business that stores, utilizes or otherwise maintains personal information electronically to take some minimum security measures (e.g., a firewall, SSID broadcasting disabled, or using a non-default SSID) in an effort to fight identity theft. Businesses that do not secure their networks in this way face a $500 fine. The law has been criticized as being ineffectual against actual identity thieves and punishing businesses like coffee houses for normal business practices.[49][50][51]

See also

[edit]

References

[edit]
  1. ^ a b c d e Bierlein, Matthew (2006). "Policing the Wireless World: Access Liability in the Open Wi-Fi Era" (PDF). Ohio State Law Journal. 67 (5). Retrieved 2007-09-01.
  2. ^ "Wireless-Friendly ISPs". 7 November 2011.
  3. ^ "Criminal Code Act 1995". www.legislation.gov.au.
  4. ^ "Criminal Code, RSC 1985, c C-46, s 342.1 (1) (a)". Archived from the original on March 7, 2008.
  5. ^ Geist, Michael (2006-03-08). "Ontario Police Arrest Man for War Driving". Retrieved 2010-03-01.
  6. ^ "CURIA - List of results". curia.europa.eu.
  7. ^ "Info" (PDF). curia.europa.eu. Retrieved 2019-12-26.
  8. ^ "Closed wifi" (PDF). www.eff.org. Retrieved 2019-12-26.
  9. ^ Savy.uhf (2003-05-28). "Normativa Attuale sul Wireless" (in Italian). www.wifi-ita.com. Retrieved 2009-08-22.
  10. ^ "無線LANただ乗り、電波法は「無罪」…懸念も" (in Japanese). Yomiuri Shimbun. 2017-04-28.
  11. ^ a b Thor, Venessa (14 April 2014). "5 little-known laws of Singapore". Straits Times. Retrieved 17 February 2015.
  12. ^ a b Computer Misuse Act (Cap. 50A, 1998 Rev. Ed.)
  13. ^ "Singapore teen faces 3 years' jail for tapping into another's wireless Internet". International Herald Tribune. 2006-11-10. Retrieved 2007-08-31.
  14. ^ Chua Hian Hou (2006-12-20). "Wi-Fi Thief Pleads Guilty: 17-Year-Old Piggybacked on Neighbour's Network". The Straits Times.
  15. ^ Chua Hian Hou (2007-01-17). "18-Month Net Ban, Community Service for PC Game Addict". The Straits Times.
  16. ^ Ansley Ng (2007-01-17). "Illegal Wireless-Network User Sentenced to 18 Months' Probation". Today. Archived from the original on 2007-09-26.
  17. ^ "eCitizen". www.ecitizen.gov.sg. Archived from the original on 2018-09-16. Retrieved 2020-02-25.
  18. ^ Chua Hian Hou (2007-01-05). "21-Year-Old in Second Wi-Fi Case: The Charge: Using Neighbour's Network to Make Bomb Threat". The Straits Times.
  19. ^ a b Chua Hian Hou (2007-02-01). "Online Bomb Hoax: Youth Pleads Guilty: Then-Poly Student Made the Posting Because he was 'Sleepless and Bored'". The Straits Times.
  20. ^ Telecommunications Act (Cap. 323, 2000 Rev. Ed.)
  21. ^ Chua Hian Hou (2007-02-08). "Bomb Hoax Youth Gets 3 Months' Jail, $4,000 Fine". The Straits Times.
  22. ^ Leong Wee Keat (2007-02-08). "Bomb-Hoax Youth Gets 3 Months' Jail". Today. Archived from the original on 2007-09-29.
  23. ^ Unauthorised access to computer material – Computer Misuse Act 1990 (c. 18)
  24. ^ Leyden, John (2005-07-25). "UK war driver fined £500". The Register. Retrieved 2007-09-02.
  25. ^ "Wireless hijacking under scrutiny". BBC. 2005-07-28. Retrieved 2007-09-02.
  26. ^ Griffiths, Peter (2007-04-18). "Two cautioned over wireless "piggy-backing"". Reuters. Retrieved 2007-04-18.
  27. ^ "Two cautioned over wi-fi 'theft'". BBC. 2007-04-17. Retrieved 2007-09-02.
  28. ^ Goodwin, Janna (2006-03-10). "Computer Hacking and Unauthorized Access Laws". Telecommunications & Information Technology. National Conference of State Legislatures. Archived from the original on 2009-04-29. Retrieved 2007-04-09.
  29. ^ Leary, Alex (2005-07-04). "Wi-Fi cloaks a new breed of intruder". St. Petersburg Times. Retrieved 2007-09-02.
  30. ^ Bangeman, Eric (2005-07-07). "Florida man charged with felony for wardriving". Ars Technica. Retrieved 2007-09-02.
  31. ^ Gonsalves, Antone (2006-03-24). "Illinois Man Fined For Piggybacking On Wi-Fi Service". TechWeb Technology News. TechWeb. Archived from the original on 2007-05-25. Retrieved 2007-04-09.
  32. ^ Green, Chris (2006-03-23). "Man fined $250 in first area case of Internet piracy". The Rockford Register Star. Retrieved 2007-09-03.
  33. ^ Cheng, Jacqui (2007-05-22). "Michigan man arrested for using cafe's free WiFi from his car". Ars Technica. Retrieved 2007-09-02.
  34. ^ "Nailed 'Em - Cyberrorists". The Colbert Report, Comedy Central. 2007-10-02. Retrieved 2011-05-02.
  35. ^ Wellner, Andrew (2007-02-24). "Using free wireless at library described as theft". Anchorage Daily News. Archived from the original on 2007-04-03. Retrieved 2007-09-03.
  36. ^ West, Jessamyn (2007-02-26). "Man using library wifi after hours gets laptop confiscated". librarian.net. Retrieved 2007-09-03.
  37. ^ "Man Busted for After-hours Library Wireless Use Won't Be Charged with Theft". Library Journal. 2007-03-12. Archived from the original on 2007-09-30. Retrieved 2007-09-03.
  38. ^ "House Bill 495". Gencourt.state.nh.us.
  39. ^ McWilliams, Brian (2003-04-29). "Licensed to War Drive in N.H." Wired. Retrieved 2007-09-03.
  40. ^ Professor Orin Kerr (2003-04-30). "Would a New Hampshire bill really legalize war driving?". The Volokh Conspiracy. Retrieved 2007-09-01.
  41. ^ "Text of Section 638:17 Computer Related Offenses". Gencourt.state.nh.us.
  42. ^ "New York Penal Section 156.05 - Unauthorized Use Of A Computer. - New York Attorney Resources - New York Laws". law.onecle.com.
  43. ^ "Ny3(a)-". Archived from the original on 2013-06-29. Retrieved 2008-09-20.
  44. ^ "Article 156 - Penal Law - Offenses Involving Computers". ypdcrime.com.
  45. ^ "New York Offenses Involving Computers - Internet Library of Law and Court Decisions". www.internetlibrary.com.
  46. ^ "Thus, open wireless access would only be actionable under this statute if the network operator has enabled encryption or password protection on the network, and users usurped this protection." – Bierlein
  47. ^ Rasch, Mark (2004-05-03). "WiFi High Crimes". SecurityFocus. Retrieved 2007-09-18. "In fact, the companion New York State computer crime law, NY Penal Code Section 156 (6), requires that, for using a computer service without authorization, the prosecutor must prove that the owner has given actual notice to potential hackers or trespassers, either in writing or orally. In the absence of such notice in New York, the hacker can presume that he or she has authorization to proceed, under state law."
  48. ^ "In the Spotlight". 18 November 2007. Archived from the original on 18 November 2007.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  49. ^ "Wi-Fi Safety - Wireless Protection". Westchestergov.com. Archived from the original on 2007-09-05. Retrieved 2007-09-18.
  50. ^ Spiegel, Dana (2005-11-08). "Westchester County Law Requiring Secured Wi-Fi Networks". Wireless Community. Archived from the original on 2007-11-12. Retrieved 2007-09-18.
  51. ^ Spiegel, Dana (2006-04-24). "Westchester County Law Requiring Secured Wi-Fi Networks (again)". Wireless Community. Archived from the original on 2007-11-12. Retrieved 2007-09-18.