WI-FI Owner Not Obligated to Secure WI-FI

Bokeh

According to the courts, an owner of open wifi cannot be held responsible for data downloaded over their connection. I see this one going to cause a lot of issues: Federal Judge: Wi-Fi Network Owner Not Obligated to Secure Network to Stop Illegal File-Sharing | GamePolitics

demonfurbie

thats not good ... even the isps eula states they are

veritas_libertas

I don't see why an owner should be. Is a business liable for someone using their driveway for a drug deal at night? Now if they KNOW it's being used for something illegal than that's something different.

I'm not required to lock my house, right? If you walk into my house and the door isn't locked you are still trespassing.

kevozz

veritas_libertas wrote: »

I don't see why an owner should be. Is a business liable for someone using their driveway for a drug deal at night? Now if they KNOW it's being used for something illegal than that's something different.

I'm not required to lock my house, right? If you walk into my house and the door isn't locked you are still trespassing.

I agree, but is it worth going to court or getting arrested to prove this? I doubt giving the officers kicking down your door a copy of the ruling will change anything.

Small town police mount over-the-top SWAT raid on unsuspecting woman¿s home¿ after teenage neighbour made threats using her unprotected WiFi | Mail Online

veritas_libertas

I'm not suggesting that individuals should not secure their wireless networks. All I was trying to say was that the people who commit the crimes should be prosecuted, not the collateral victims. These individuals who have their Internet used are victims. Should they be using more commonsense? absolutely, but not everyone is as technically savvy as us. I would hasten to say that most are not and the devices do not make it easy to secure.

Here is another thought. How many of you have seen devices reset to their default settings? I had a cheap Netgear (I think it was Netgear) wireless router that would keep resetting to it default settings. When this happened I was offering free Wi-Fi to all my neighbors. Not cool. Should the average user be responsible for not knowing how to update their firmware?

erpadmin

I see where this judge was going was this.

If I leave the keys in my car's ignition, and the door is open, who is at fault? The thief who steals my car, or me, the idiot, who left my keys in the car?

Common sense dictates I am at fault.

The law, however, says the thief is still held liable and will prosecuted to the fullest extent of the law. (That's the premise of those "bait car" shows you might have seen on TV.)

Personally, I would love to have my Wi-fi open and let anyone access Internet. HOWEVER...I won't, for the simple fact that I want to prevent illegal activity (and I'm not talking about torrents) and then have the feds break down my door. When faced with that reality, I have no choice but to lock down my Wi-fi as best as I'm able. If someone cracks it, then I can at least show that I did my best to lock down my Wi-fi.

Zartanasaurus

demonfurbie wrote: »

thats not good ... even the isps eula states they are

Then that's a contract issue between the ISP and the customer, not a criminal issue.

historian1974

This sort of rings T.J. Hooper.

zrockstar

We talked about this in one of my networking class. I guess there was some instances for a while where meth dealers and child pornographers were accessing peoples unsecured internet and putting ads on craigslist with secret code words to sell their stuff. When the cops cracked down on it, it was on the shoulders of the owner to prove that their wifi had been accessed without their authorization. My teacher was working as a private analyst at the time and was hired to testify for some of them as some sort of subject matter expert. I don't see how people still have unsecured wireless despite all the warnings and horror stories these days.

sratakhin

I haven't seen an unsecured network for a while... However, there are still many routers that use WEP

veritas_libertas

zrockstar wrote: »

I don't see how people still have unsecured wireless despite all the warnings and horror stories these days.

I think those that are not tech knowledgeable, aren't following the same news feeds that we do. The family members that I know just buy them and plug them in. I have to come behind them and get them to secure them. It's more work for them and they don't understand how far the signal can reach. This will change as they get easier to setup.

bermovick

I have a wifi analyzer on my phone and it's fun driving around town seeing who has what (the wife drives while I watch the phone). You'd be surprised what you find. One of the local realtors has a completely open network even.

Roguetadhg

Thankfully there are people with open wifi networks. Not really for the illegal stuff. But it's nice to be able to get online and not use data.

My friends have all done the seek free wifi. Not for the downloading, or illegal black stuff. Just to pay bills, do a little research on movies, etc. Internet is another bill, for most it's a bill that's optional - especially when you're starting out on a job, trying to save money for a wedding, or trying to just scrape by.

The footprint of a wireless signal is amazing, once you actually go around and measure the strength. Standing outside at the border of networks. It's really cool. Not because "Lol Hax". But because it's wireless networking! Now If there could be wireless power cords.

JDMurray

Open Wi-fi is also an enticement used by people who want to sniff connections for passwords, credit card numbers, etc.

al3kt.R***

JDMurray wrote: »

Open Wi-fi is also an enticement used by people who want to sniff connections for passwords, credit card numbers, etc.

I totally agree, Wi-Fi is an effective playground for sniffing stuff (a "honeypot" for users in the hands of the malevolent). So one shouldn't be too naive to indulge in every open access wi-fi one can come across.

sratakhin wrote: »

I haven't seen an unsecured network for a while... However, there are still many routers that use WEP

Even WPS-secured arrangements have proven security flaws.

MentholMoose

Personally I feel morally obligated to secure my Wi-Fi network, and my PCs, for that matter. I'm bothered by the possibility of someone using my network or PC resources for "evil". Getting "hacked" myself is less of a motivating factor than someone using my resources to hack others. I mean, could you imagine if the FBI showed up at your door because someone used your PC or network to shut down a power grid? Apparently you wouldn't get in any trouble as long as you could prove you didn't perpetrate the attacks, but IMO that doesn't make it "right".

Obviously this view is not widely held, and I wouldn't bother arguing about it. At my previous job we had a 100+ Mbit/s Internet connection and a wide open Wi-Fi network, with hundreds of APs spread over a 100+ acre campus. There was no interest from management to secure it, even though the equipment certainly allowed this to be done (we had modern, controller-managed APs, AD of course, and EDU pricing for Windows so a few VMs for the needed roles would be like $100). Someone had managed to get an IDS purchased at one point, but by the time I was hired it was no longer functional and there was no interest in fixing or using it, or replacing it (which I could have done with free software). I had no control over this at all (at best I could make suggestions which would be dismissed) so I didn't exactly lose sleep over this, but still it was bothersome.

My home Wi-Fi is secured with PEAP, with RADIUS and a CA running on Windows, and AD authentication. It could be improved but it is not too bad, and should at least discourage skiddies searching for low-hanging fruit. OTOH if someone did manage to break it and do some damage to someone/something important, it would be harder to prove my innocence.

al3kt.R***

MentholMoose wrote: »

My home Wi-Fi is secured with PEAP, with RADIUS and a CA running on Windows, and AD authentication. It could be improved but it is not too bad, and should at least discourage skiddies searching for low-hanging fruit. OTOH if someone did manage to break it and do some damage to someone/something important, it would be harder to prove my innocence.

Excellent point m8. You are a step too close to non-repudiation of actions on your system.
Why not enforce OTPs also and SSID cloaking just to make things even more complicated to use :lol??
Just joking, IMHO a great security effort you have shown there my friend . Keep updated and informed!!!

the_Grinch

It's actually funny that this has come up. I actually spoke with two FBI Agents who were investigating an identity theft ring in Philadelphia. They noted that one of the suspects would do all his hacking from a Starbucks. They put in the required paperwork to pull the records and found that the suspect had not used the wifi available at the Starbucks. They fired up a sniffer and found one unsecured access point within connecting distance. Guns drawn, they knock on the door ready for whatever would be behind it. Door opens up and here is a 90 year old woman. They spoke with her for about an hour (she offered them tea and cookies) and got some of the information they needed. I also believe they helped her secure her wifi after they got the required evidence.

WafflesAndRootbeer

Yeah, I see shady people hanging out in the parking lot by Starbucks all the time around the evening. Just sitting in their car with the lights off and the screen illuminating their face while there's hardly anyone in the store. It's creepy. I have yet to see anyone with a laptop at my McDonalds since it has WiFi.

sratakhin

I often go to McDonalds when I need access to the Internet when I'm away from work or home. The reason not many people surf in McDonalds is that they don't have enough outlets