Saturday, March 18, 2006

WHY OH WIRELESS?

A few weeks ago I wrote about readers who had tapped into wireless Internet connections that were not their own -- perhaps belonging to a neighbor or to an institution that didn't block out nonmembers.

I received a huge response from readers, and the column was the launching pad for discussions on many blogs -- including my own -- about the rights and wrongs of such tapping-in. My take was that it was the responsibility of wireless-connection owners to set up a secure connection if they didn't want others to tap in.

The response was so great and varied that I've decided to put the question directly to all my readers: Do you believe that it is wrong to tap into someone else's wireless connection if it's not password-protected or otherwise secured? And, whether you do or not, why?


Please post your thoughts here by clicking on "COMMENTS" or e-mail them to me at rightthing@nytimes.com. Please remember to include your name and location, in the body of your response.

18 comments:

Anonymous said...

I think it's okay to use someone else's non-secured connection to access the Internet.

* This case is interesting because the agreed acceptable behavior in our society defines right and wrong behavior. Is it okay to feed the neighbor's cat when it meows at the door, let it into your home? Yes. (I suppose unless there's a tag on its collar saying, Don't feed me. I'm on a diet.) Is it okay to "borrow" a car with the keys left in the ignition without express permission? No.

* Computers are so new we haven't come to terms with all the agreements yet. Like it or not, the computer-savy geeks define what's accceptable and they generally tend to be very liberal. Free Internet, freeware, open-source software, etc. are new, radical innovations of our age that has come from their liberal thinking.

* By not securing the connection the owners have implied that it's okay to use their connection. Some people I've spoken to have openly said so, confirming my belief that this is an acceptable thing to do. (Okay, they were geeks. Who else talks about this stuff?)

* If the owners wanted the connection to be secure it's assumed they would have done it. It's relatively easy and covered in the set-up manual and installation software.

* Often, we don't know who the owner is to ask permission. A poor excuse? Yes, perhaps. But in today's fast-paced world why bother people with foolish questions?

* I recognize that some people may not be aware of the technology, the implications of not making a secure network connection. They may be open to other security problems with their PC as well. Who's job is it to educate the ignorant? Wouldn't it be arrogant of someone to knock on their door and educate them without an invitation? They need to take the initiative to attend a class or ask for help, and are free to do so. Many resources are available.

* Once on any open connection, it is NOT acceptable to access someone's PC or hard drive without express permission, with or without hacking software. It's a clear invasion of privacy. Some, perhaps many, software geeks think it's okay to access an unsecured PC, but I differ and draw the line because: 1. It's not as obvious how to secure a PC, 2. Because the implications of taking someone else's private data could have severe consequences, and 3. I don't want to take responsibility for it. (The R word came up here.)

* Note: If you have an unsecured WiFi system at home or use an open system in a small office, at hotels, or other public places... at least learn how to unshare your disk drives and how to log into your PC as a non-Administrator. (Administrator is default.) Look for the "s" in your browser's URL bar (https://...) before entering sensative account numbers or passwords. Failure to do these is like leaving your keys in your car with your wallet, bank books, and SSN.

-Ron

Anonymous said...

I have read your articles on this subject with interest. I have taken the position that there is nothing "wrong", "unethical", or "illegal" about accessing the internet through an unsecured wireless connection.

In my area there are several cities and internet cafes that provide unsecured wireless connections. As I often travel, I will often check to see if there is a wireless access available so I can check my e-mail and search local conditions, activities, etc. Several hotels and motels are now advertising on their marquees that they provide wireless internet access. Obviously they are attempting to "lure" people to staying at their facility. Several of these hotels secure their site and provide occupants with the access codes necessary, however, others do not secure their site and anyone can sit in near vicinity to their location and also access the internet.

As others have indicated, it is up to the person having the access device to secure it if they do not want others using it. And, I personally have never figured out how to locate who owns the device that I am able to access when I do a general search, unless it is identified by name. The "linksys" and "default" devices do not provide me any information so I could seek permission.

I would note that it is a benefit to me when I am in a strange area to be able to briefly access the internet without hard-wire connections and having to find a local access number for my provider.

Thank you to those who CHOSE to not secure their sites!!!

Richard
Brea, CA
Orange County Register

Anonymous said...

I believe it is not unethical to use an unsecured wireless network when you are either in your own home or in a public place. The wireless signal is something transmitted to you, and if a neighbour is broadcasting a signal into your home then you have every right to tap into it, although the more ethical thing would be to buy your own Internet access if you are a heavy bandwidth user. While the signal remains in your home, you can do what you wish with it.

James Bone
London, Ontario, Canada

Anonymous said...

To whom it may concern regarding the use of another person's wireless internet connection.

Since the use of a wireless internet connection has a value, using someone's connection without permission is theft.

How could a person draw any other conclusion.

Ed Chenal
Placentia, Ca
Orange County Register

Anonymous said...

I enjoyed reading your article on use of an open wireless Internet connection that appeared in the Columbus Dispatch on Sunday, February 26, 2006. The sentiments you expressed match my own beliefs on this topic. However, you stopped short of pointing out one particular aspects to this concept of "fair use" that I think is worth noting.

While I agree that piggybacking on an open wireless connection for access to the Internet at large is acceptable, just because it is open does NOT give one the right to attack or otherwise explore the systems that are on that network. In other words, just because someone leaves their front door unlocked, it does not give you the right to wander through their house, damage things, or take things. An open wireless connection does not give you the right to attach to computers in your neighbor's house, dig through their financial data, etc.

Sincerely,

David Crone

Anonymous said...

I truly read your article on using a neighbor’s connection with horror and dismay. I’ll use the analogy I use with so many others: if your gate was open and the pool wasn’t being used, would it still be ok for me to just come on over? If the keys were in your car, I could drive away without concern on your part? Using your phone line to call phone sex operators is just ducky?

Why is the notion that using something that someone else pays for NOT OK if the object is tangible and somehow ‘alright’ if it’s ethereal? In any of the examples I cited, people would be up in arms, declaring trespassing, theft and potential liability for the use of their belongings / services. In the case of unsecured wi-fi however, it seems to be ok. Your supposedly benign activity, allowable because someone was lax on security, isn’t without true penalties for the unsuspecting victim. You forget that ISPs are now closely monitoring downloads and aggressively applying caps / disconnecting customers if they go over their limit, a real danger when the leeching you endorse takes place. Homeland Security, ISPs and other law enforcement agencies are actively tracking the online activities of people who visit porn / pedophelia / terrorist related sites. Officials go after the account holder for these activities, so the victim could be jailed over a poacher’s predilections. And how about the RIAA, which has made a habit of suing just about any one who’s got music on their machine? Ms. Santangelo’s legal battle with the RIAA should be sobering in that regard, since as they can’t actually prove she did anything, yet she’s in court defending herself.

But finally, I come down to the notion that you don’t take what you haven’t paid for. My parents called that stealing. What did yours call it?

Dorothy Sasscer

Anonymous said...

Mr. SEGLIN,

So what you’re saying is this: if I don’t lock my house’s door, you have the right to come in and live in my house until I return? Or, if I have an outside faucet, you have the right to hook your hose up to it and siphon off my water? In one case, it’s trespassing. In the other case, it’s outright theft.

This kind of ethics is what drives me nuts about advertisers. “You didn’t tell us we couldn’t, so we flooded your mail box with junk mail, slammed your e-mail inbox with SPAM, and called you everyday for weeks as you sat down to dinner, just so we could make sure that you knew our product was yours for the asking.”

At least now I know where they get their ethics from, take a look in the mirror!

Of course it’s wrong!

Mike Head
Indianapolis, Indiana

Anonymous said...

Mr. Seglin's recent column on unsecured WiFi access had one thing right: that
those who set up wireless connections and want to keep them private should
take the time to do so. Unfortunately, almost everything else was wrong.

Mr. Seglin states that today, "most institutions or individuals" configuring
wireless access will know how to secure it. I completely disagree. If that
were true, how could there be so many opportunities to access unsecured WiFi
access points?

Internet connections are a paid service, a public utility in many places. If
Mr. Seglin were to connect a hose to my outside water tap, he would certainly
be stealing my water. Why is it not stealing to use my internet connection
without permission? Is there a requirement to post a sign on all outside
electrical outlets that "users must agree to certain conditions before
proceeding" otherwise there is no ethical mandate to be breached if a
stranger were to plug into my corner of the power grid?

As to the argument that leaving a WiFi access point unprotected grants
permission for its surreptitious use, suppose I were to, through my own
carelessness, leave my keys in the ignition of my car. Does that grant
permission for Mr. Seglin to joyride through the streets, especially if he
will "only use a tiny, really unnoticeable amount of gas"?

How would Mr. Seglin respond to the unfortunate person whose ISP metered the
amount downloaded each month? (Many ISPs do, check your Terms of Service).
If several neighbors each downloaded large files, the person paying for the
service may be shut out of downloading a file they desire.

Finally, identification of criminal activity is placed on the IP address of
the internet connection, not the final user of the file/information. Would
it be ethical to use an unguarded wireless access point to infiltrate a
poorly secured credit card database? By Mr. Seglin's logic, if the database
security is insufficient to keep him out, it would be "courteous, but not
essential to inform the owner he is able to enjoy the largess" of the credit
card information stored in the database. Certainly a corporation would never
have a security failure resulting in the inadvertent exposure of personal
information to unauthorized individuals! After all, they're professionals.

Tim
Laguna Niguel

Anonymous said...

In response to whether or not it is kosher to steal net access from someone, what is not clear here.

Most WiFi manufacturers ship their equipment configured to work with basic services right from the box. And because their customer wants the benefits of wireless but is not a LAN engineer does not set aside the theft performed by someone outside the system. If this was so, then if the intruder could break the encryption, it would be alright for them to use it also. (Ask the government how they feel about individuals "jumpin in" on their systems.)

The bottom line is personality. If it is not yours and you take it or use it, THIS IS STEALING. It seems that in today's society it is okay for some people to put aside their personal ethics, morals, and values if it can be blamed on someone else. This has been tried many times over the years and still does not pass muster. Examples of this are; Blaming the bartender because a drunk is a drunk, blaming the gun manufacturer because someone got shot, or blaming the teacher because the student is unruly and undisciplined.

There is only one way to keep your personal values straight and true. If you did it - it is your fault and if it is not yours - IT IS NOT YOURS!


Ken McCandless
Madison, NC

Anonymous said...

Regarding your Feb 27th article on accessing unrestricted Wi-Fi connections:

I disagree with your opinion that "they have not breeched any ethical mandate". Maybe they haven't breached any legal mandate, but I believe it is unethical. Just because someone is ignorant of their lack of security measures, they are entitled to privacy and what is theirs shouldn't be used without permission.

Similar examples:
Say you buy a cordless phone and before you connect it to your phone line, you find you has a dial tone? You obviously have connected to your neighbor's phone line. It is not right for you to make calls on their phone line, even if you believe they have unlimited long distance and wont be charged extra. You live in a Condo and notice that a former tenant wired a plug into the "house" lights that are paid by the association. It is not right for you to plug your electric heater into the circuit that someone else pays for. You look out your second floor window and notice that the neighbor's wife is undressing. Because it is dark, she assumes that it is private. It is not right for you to look at her. The view was not expressly offered to you. The view is your neighbor's. In polite society, we turn away and pretend we didn't notice. Your neighbor's chicken stray's into your yard. You should return it if you know where it came from. It is not right for you to eat it.

Your responsibility begins when you realize that what you are using belongs to someone else, and just like when you inadvertently see someone undressing, you should quickly look away and pretend you didn't notice. In an ethical society, access does not give us license to take advantage of someone else, even if they don't know it and even if we didn't expressly break a law.

Say I am your neighbor, and I find your wireless access is unrestricted. It would be wrong for me to take advantage of this fact and hack into other peoples computers, or download child pornography, using your internet. It would also be wrong for me to spend all my time downloading songs from Morpheus and using your bandwidth and possibly exposing you to liability from the music industry.

The right thing for me to do is to look away and get my own internet connection.

I also disagree with your premise that "most institutions or individuals who establish wireless internet connection know how to set them up so that a login and access password is required". Most wireless routers come with security disable and most people have no clue about how they work. A great number of wireless routers are also installed by internet providers and they frequently take the quickest and easiest route by installing them with unrestricted access. The people who buy the services never even knew they were exposed.

John Brown
Costa Mesa, California

Anonymous said...

According to you, the "ethics guy" it is the responsibility of people who set up wireless networks to ensure that others don't use it. If they don't meet that responsibility then it is ok for me to come park on their street, download (or upload) kiddie porn then sit back and watch the police bust them. That's ok, according to you.

Its also ok for me to come over and set up my picnic table and volleyball net on your front lawn because you haven't installed a chain mail fence around the front lawn keeping me out.

Its also ok for me to hop in to your car at a traffic light because you didn't lock your doors.

Its also ok for me to pursue your daughter/son on the internet and convince them to have sex with me because you brought the internet in to your house (wired or not) and therefore it makes it ok for me to prey upon them.

Its also ok for me to tap in to your television cable and phone wires because, hey, you're not using them all the time.

YOU HAVE TO BE KIDDING!

It is each person's responsibility to only use those resources that they have been told they may, or which are available for the common good (ie streets, etc.)

Never is it ok to just tap in to someone else's network just because they were foolish and didn't set it up securely.

I cannot believe that either a) you dare to pronounce yourself as an ethics guy or b) that this is the state at which our world now lives in!

Adrian Smith

Anonymous said...

I think you are entirely off base on the ethics of piggy-backing on
an unprotected wireless node. If someone has a picnic on my property
and cleans up after themselves, THEY ARE STILL TRESPASSING. If they
lay in my lawn furniture and use the pool or spa, they're
trespassing. The evidence of use would be insignificant but it's
still not authorized. If they cross my property as a shortcut to
where they want to go, it's still trespassing. A piggybacker knows
damn well it isn't his and knows where he can get free service (maybe
the Starbucks or another business) where the open node is a business
incentive.

Gordon Langston
Huntington Beach CA

Anonymous said...

using a non-secured wifi connection is wrong. This is unethical, and is considered legally stealing.
Using someonelses connection always degrades their internet and network performance, and that is something that they pag for!
Wifi is a growing thing as well. I used to pass through maybe 5 wireless access points, and now I pass through 250 of them. And that is in 3 years time. Only 30% of them appear to be secured in any way.



Matthew
Fullerton, Ca

Anonymous said...

There are those who have been prosecuted for attaching to an unsecured wireless network.

This is good news for the owner of any webpage, since we now have something to point to when we need an extra buck and decide to sue people who view our site.

Anyone who understands networking should be able to see that a wide open DHCP server is identical to a wide open HTTP server, FTP server or any other server for that matter. So, who cares if I don't enable HTTPS and close port 80? If you come view my webpage, that's freely advertized, that's identical, not an analogy, identical to connecting to my freely advertized wireless DHCP server that has no security enabled, therefore you may be prosecuted.

Anonymous said...

If I access this webpage via HTTP am I breaking the law? How is requesting and receiving an IP address via DHCP any different?

As there's no password protection I assume this page is public. Anyone would laugh at the insinuation that I was breaking the law by downloading it's content, using bandwith the site owner has paid for, regardless of the fact that (verbally) I "didn't ask permission". That is because the web is considered a public place and people understand the protocol. What's so different about WiFi? Once the radio waves leave your house they have entered the public space. Anyone complaining about "leeching" of non-secured connections is simply not technical enough to understand the protocol, and I think it's ludicrous to criminalize those who do "speak the language".

Let me spell it out: By BROADCASTING an SSID you are ADVERTISING the fact that you have a network connection. By not encrypting the signal you are allowing any computer with a wireless card to REQUEST a connection from your router. If that connection is then GRANTED, who's fault is that???

Anonymous said...

Some cities are setting up city-wide hotspots. How would somebody differentiate between one of these and a poorly configured personal router?

One aspect of this debate that everybody has missed is that malicious people have set up hotspots, somtimes overriding public ones, specifically to acquire personal information. Just as people setting up wireless networks need to READ THE MANUAL or hire somebody to set things up securely, those who use public (intentional or not) hotspots need to be very careful about their activities.

For those who equate this to borrowing a car or pool, that's why cars and pools are locked. If you want to keep others out of your computer or wi-fi, lock it and do not use the default accounts and passwords. Additionally, cars and pools are not broadcast.

Some of us take time to learn to protect ourselves in other parts of life, this is no different.


Aaron

Anonymous said...

People that would just take use of someone else's network at no cost are probably the same types that have no guilt about swiping anything from anyone when they weren't looking. My home network includes a laptop (I'm old school) with a Centrino Technology processor. It keeps grabbing a neighbors network and I find it annoying. Thanks to this article I will not only secure my network but advise them that they are open to snoops. Being in a semi-rural helps because we are not close to many, or any, other wireless set-ups.

Anonymous said...

I own a bookstore and newsstand/coffee shop which offer wireless connectivity because each entity is in a different bulding. My staff uses the Internet everyday to look up titles, help customers find what they need, and to communicate to others via e-mail. As this is the case, it seemed foolish not to offer customers wireless access to the Internet. There is laptop computer available or the customer can bring his/her own. The emphasis here is "customer" because we ask that anyone who wishes to use the wireless Internet purchase something from either store. We also charge for any printing that is done through the network. The purchase of items and charge for printing does not cover the costs of the access, but it helps and makes the access more valuable to the user. It is also a simple case of "supply and demand" for the coffee shop part of the business. If the Internet access were not offered, the number of customers would be greatly reduced.