Monday, July 11, 2005

The Case of the Wardriver

Last April, in Florida (why does almost every news story these days happen in Florida?), a man was arrested for accessing a residential wireless network without the permission of the owners. He will soon be going to trial, and I am interested to find out how this case turns out.

On one hand, the guy admits to using network resources that did not belong to him. The owner of the network that he connected to had paid for the network hardware, internet connection, and other associated maintenance costs. Depending on the wording of the law, the guy may be unarguably guilty of unauthorized access to a computer network.

That said, I do not expect him to be found guilty. Aside from the unfairness of punishing one person for an act that is so ubiquitous these days, it is not altogether clear that he was an unauthorized user of the network. If an individual makes some extraordinary effort to connect to a network (splicing wires, stealing passwords, circumventing security measures), then the access would clearly be unauthorized. In this case, the network connection was being broadcast to anyone within range of it. The man charged in this case was in a public place (on the street), and (most likely) had not circumvented any security measures to access the network.

My point is that having an unsecured wireless network is an open invitation for anyone within range to connect to it. In fact, most wireless enabled computers will automatically connect to an unsecured network within range, with little or limited action from the user, making such “illegal” activity unavoidable. It is akin to having something on a web page that doesn’t require authentication to log on (most web pages are like this), except that the range from which it can be accessed is much, much smaller (100 feet, versus world wide).

I worry that this will create an undue state of paranoia among the technically illiterate. Already people are talking about how people use unsecured networks to perpetrate terrible things, like distributing child pornography or sending threatening emails. While this certainly happens, it is unlikely for any specific wireless network to be so abused. The limited physical range of a Wi-Fi network makes it difficult for malicious users to take advantage of it. But most people don’t know enough to realize this, and are likely to be driven by fear of prosecution for something they didn’t do.

I fear that, instead of leading people to be more diligent about securing their wireless connections, this will drive people to create legislation making innocuous war driving a specifically criminal offense. This will not make the naïve technophobes, or their data, any safer, but it will occasionally save them from having people leech indiscernible amounts of bandwidth from their high speed web connections that they barely use. (Seriously, what good is a connection faster than 256 Mb/s if you never download any big files?)

For the record, I have a wireless network, and have at times been responsible for another one. I am very careful about making sure that my networks are secure. As long as most people don’t secure their wireless networks, passing people looking for an easy Wi-Fi fix will not bother with my network. It’s not worth the trouble of breaking into Fort Knox when the bank next door doesn’t ever lock it’s vault or post any guards.

No comments: