Most owners of wireless Internet networks, at home and in business, are not aware of the dangers stemming from neglecting to secure such networks. In extreme cases, you may be punished for actions carried out by others using your network connection. The correct solution to the problem is imposing the liability on the owners of the networks.
Wake up and smell the wi-fi
Wireless Internet connectivity can now be found almost everywhere, in airports, coffee shops, streets and private homes. With its proliferation, so grows the phenomenon known as "war driving" or "piggybacking", namely: searching for a close unsecured wireless network, connecting to it and surfing the web through it. If you check the "logs" of your wireless router you will probably find that quite a few attempts have been made to connect to the World Wide Web using your Internet connection. If your wireless access point (router) is unsecured, those attempts were probably successful.
Close the connection!
Surveys have shown that most domestic wireless access points are not secured. That is to say that one can connect to them automatically by double clicking on the "available wireless network" which one's computer has located. For this, one does not need to hit any button, or even to be aware that the connection was made. In some cases, the owners of wireless access points leave their connections unsecured purposely, as an expression of their beliefs in the sharing of resources and cooperation in the World Wide Web. However, mostly, the networks are left unsecured because the consumers are not aware of the dangers lurking behind leaving the network unsecured. This is because such dangers are mostly intangible, unlike the very tangible dangers in leaving the door of one's apartment unlocked.
The effects of war driving
"It's not theft," the war drivers claim, "because we do not take anything away from the owners of the networks". Is this really the case?
Those who object to the war-driving phenomenon warn of the dangers to which it may lead, including: unlawfully accessing files of the network owner, installing viruses and Trojan horses in their systems, storing files containing pedophilic content and distributing spam. However, most war drivers use the network for surfing the web and downloading files.
Like a benign tumor, the covert use of your wireless connection, itself, does not cause irreversible damage and does not shorten the computer's life as long as the computer is healthy and the tumor is not a demanding one (surfs the webs and downloads files in moderation). While the war driver's surfing at your expense does take away resources (bandwidth) from you, it does not always detract from your quality of life. However, once the "tumor" becomes demanding, downloading many large files, copyright-infringing files which draw the attention of copyright organizations or files with pedophilic content, the quality of life of the "host body" is severely damaged. This is expressed in disruptions in the Internet connectivity, until it is impossible to surf altogether, lawsuits and even arrests. By the way, it was recently published that in some cases, Internet service providers have started to collect an additional payment for heavy usage of the Internet or massive file downloading, so the host may also be required to pay more for another's Internet use.
Arrests and fines worldwide
Throughout the world the authorities have commenced taking criminal enforcement steps against unauthorized use of wireless networks. Approximately a year ago in England a man was sentenced to a fine of 500 British Pounds and a year of court supervision for such action. Similar punishments were handed over the passing year in Canada as well as in Florida and Illinois, where the enforcement of the case commenced with the arrest of the suspects.
Since there have only been a few cases to date, mostly in lower judicial instances, there is no guiding case law on this issue. Experts in the United States believe that sometimes, such use of an unsecured wireless network may be considered an "unauthorized access of a computer" which is prohibited under Federal law and even theft of communications. Legal causes of action which were cited include defrauding the Internet service provider and a breach of the Internet service agreement.
The crimes and torts
In Israel a case of unauthorized access has not come before the court. Under the Computers Law, the unauthorized use of another's wireless network may constitute a disruption of the use of the computer since the additional usage of the bandwidth interferes with some of the computer's applications which make use of the World Wide Web. In addition, such action may be deemed unlawful access of computer material. In previous cases the term "computer" was interpreted widely to include auxiliary systems to the computer, including wireless routers. Naturally, if the access to the wireless network is carried out to access computer files of the owner of the network or to execute other illegal actions, such actions will constitute additional and separate offenses.
Alternatively, such actions may be deemed trespass to chattel. In addition, under certain circumstances, including a massive use of the network in a manner which effectively prevents its operation for the owner, it may be deemed as the unauthorized performance of a telecommunications operation (the unauthorized operation of the router for the purpose of granting access to the Internet), harassment using a telecommunication device or the disruption of the conveyance of a telecommunications signal, under the Communications Law (Telecommunications and Broadcasting). The breach of such section is punishable by fines and prison sentences. Theoretically, this is similar to the unauthorized connection into cable television broadcasts or the neighbor's phone line and the causes of action cited in lawsuits in such cases would apply.
However, theory aside, in effect, in most cases it would be difficult to prove and quantify the damage caused due to the usage of the wireless network. It would also difficult to prove the mens rea, purpose, required in the said offenses. This is because in many cases the connection to the wireless network is carried out automatically by the computer and the user only discovers this after a while, if at all.
A law that requires reporting a breach of security
Westchester County in the State of New York decided to deal with this problem through enforcement against the owners of wireless networks, rather than against the users of those networks without authorization, by requiring them to secure the networks. The law, which went into effect on April 20, 2006, prohibits the provision of Internet service to which there is free access if such network is not protected by a firewall. The duty to secure the network also applies to businesses which store people's private information. In addition, the Internet service providers are required to post a notice warning of the dangers lurking online. The breach of these sections is punishable by fines. In other US states the law requires the owner of a network, who suspects that it has been breached, to inform the people whose private information is stored in such network and who may have been hurt due to such breach.
Appropriate judicial policy: The regulation of the host
Surfing the Internet using another's unsecured wireless networks is like a benign tumor: it is disturbing and disrupting, but treatable. As with the tumor, the host must "cure" or secure the network. This should be done through education and clarification of the dangers lurking behind an unsecured network. Internet service providers must encourage their customers to secure their computers. Vendors of wireless routers must change the default options to require security. And businesses that hold private client information must secure their networks.
Originally published in Hebrew in YNET on May 5, 2006 (http://www.ynet.co.il/articles/0,7340,L-3247756,00.html)
Ms. Kagan specializes in Internet and IT law. Her articles on these subjects are published regularly in professional publications of the American Bar Association and the New York State Bar Association as well as in national Israeli websites. Ms. Kagan authored the Israeli Chapter in the book "Cybercrime and Security" published worldwide by Oceana Publications, a division of Oxford University Press. A graduate of the Law Faculty of Tel Aviv University, Ms. Kagan is a member of the Israel and New York Bars, is qualified as a Solicitor in England & Wales and is also admitted as legal practitioner in New South Wales, Australia.
The Author's Name: Odia Kagan
The Author's Law Firm: Shavit Bar-On Gal-On Tzin Nov Yagur, Law Offices
City: Tel Aviv
Phone: + 972-3-791-2800
Fax: + 972-3-791-2801
Web Site: www.sbilaw.com