Because many cities and towns around the world have begun providing publicly-accessible wireless APs, how is a reasonable computer user supposed to know that an unprotected network is not there specifically to allow him to access the Internet? All stores in the Panera Bread chain offer Wifi Internet access that’s as free as the air. A visitor to downtown Albany will find himself in a brightly- “lit” environment which has so many free wireless access points that it’s hard to find an area in which you can not connect.
So imagine the surprise in early July, 2005 when police in St Petersburg, FL, picked up a man for accessing an AP on a residential street, connecting to the Internet and checking his email. Benjamin Smith III was arrested and charged with unauthorized access to a computer network.
He might well get off. After all, if all he did was access the Internet to check his email, who’s to say it’s unreasonable for Smith to assume this was kosher? The AP was wide open. If Smith didn’t attack any of the other machines on the local network, he may have been perfectly reasonable to assume that the network was meant for him to use.
While not endorsing the practice of the unauthorized use of someone else’s wireless signal, in this day and age, it can be hard to tell when you’re not supposed to log on and surf the web.
We believe that anyone who sets up a Wireless Access Point and does not follow the installation wizard’s advice to change the ESSID and password and set up encryption should be presumed to be providing publicly accessible wireless at no cost.
There is, however, a vast difference between hopping on an open access point and intruding into someone else’s network for nefarious purposes.
Also in this series…
A proposal for Reasonable Wireless Security for law firms