Busted for drinking from the font of open WiFi

So Benjamin Smith III parks his car, sucks down some free WiFi bandwidth coming from an unsecured home network, and promptly finds himself busted by the local cops (called in by Richard Dinon, the owner of the aforementioned wireless network).

Here's my take on it - if your WiFi network spills out onto public property and is not secured then its fair game. Its like leaving your hosepipe spewing water onto the sidewalk on a hot day. If someones comes along and drinks some of the water should they be arrested for stealing the water? Here's another example - you errect your big screen TV by the window, put on a DVD and leave the drapes open for all to see from outside. Or maybe you crank up the hifi and leave the window open and your neighbors sit outside and listen to your music. All these are instances of someone polluting a public commons (sidewalk, visual spectrum, audio spectrum) with their private paid for resource (water, video, music), yet none would normally get a second thought, certainly not a call to the local cops. If not enjoyed or utilized by people outside of their private space the resource goes to waste, and regardless its prescence in common space is basically a nuisance.

Now I'm sure someone is going to suggest that this is different because the guy didn't just passively "enjoy" the WiFi, he actively utilized it and in effect caused the network owners router and ISP to do work for him. I have three answers to this.

Firstly I would say that would be difficult to prove. For one the default WiFi configuration for Windows XP would be to automatically associate with a strong open WiFi network and automatically get an IP address assigned by that network. Did Smith actively use the network - is there a log of packets sent and received beyond automatic behavior of any PC turned on in the area.

Secondly even if Smith did actively use the network rather than just "enjoying it" passively, couldn't one argue that an open network is effectively entrapment? It is the WiFi access point setting that by default means "let anyone join my network with no restrictions". No encryption, no authorization and its usually labelled clearly as "Open". All WiFi setup programs produced in the last few years make this abundantly clear and strongly encourage people who don't want to share their network to use WEP or better encryption and access control.

Thirdly, and most importantly, I look at an open WiFi network like a computer that is hooked up to the network and then the owner runs a webserver on it. If you don't explicity add access control to your webserver your machine is then considered fair game for HTTP requests which cause packets to go onto your local network, cause your machine to expend CPU cycles and use up some of your ISP bandwidth allocation. Indeed if your IP address gets onto Slashdot your machine will probably go flatline as it is bombarded by requests. If such access was deemed illegal then it would, for instance, become illegal for search engines to index web sites by iterating over the entire IP address space, and domain name space looking for web servers. They would actually have to be granted permission to send a HTTP request to my server. But the reality is, that on the internet if you service has no access control it is considered open. It is my understanding that unless the accessor actively employs techniques to defeat security controls, e.g. password cracking, then they are not actually hacking.

Smith could also use the argument that he had no idea that he was using someone elses network, especially if it had a default name like "linksys" or "netgear". You might be surprised but a good number of people by WiFi clients and WiFi enabled devices thinking that WiFi is just "out there" and is free and freely available. That's often how its sold - "oh, WiFi is everywhere - coffee shops, airports, libraries - everywhere!". Its basically like giving people P2P software and telling them music downloads are everywhere. For Smith ignorance is bliss. It may not put him in the right, but it sure gives him some class action clout. Although wireless routers and access points always labor points about securing your network from unwanted external access I've yet to see one that had a warning about not accessing open networks.

Finally, anyone running a WiFi network in the neighborhood of any other WiFi enabled device will cause that device to do work at the media access level. This is how WiFi devices cooperate to share limited bandwidth of a common resource. So if Smith is busted then can I be busted for running a very busy WiFi network with a number of access points in my neighborhood and so precluding others of some access to that WiFi bandwidth? What if my network is stronger than all others and eats up all the bandwidth and causes other access points and devices all around to be doing lots of busy work ignoring my packets?

Basically I say unless Smith was truely trying to gain access to unsecured resources on the owners network then really he's not doing anything more illegal than looking into your neighbors yard, or enjoying the smell of their BBQ on a summers day. But once you walk into the yard, jimmy open the garden shed and take their lawnmower - well that's another story!