The popularity of wireless Internet connections is growing at an incredible pace. And because so many users fail to secure those connections, the question arises as to whether it is legal (and/or ethical) to connect to a wireless account that hasn't been protected properly. Alternately, we can pose the question like this: If a network doesn't require authorization, then how can there be unauthorized access?
The more users you ask this question, the more opinions you'll find. "I can't yet find a specific case law that would make it totally illegal, but one analogy would be, 'If someone leaves their front door open, is it OK to help yourself to their TV?'" says Ken M. Shaurette, an information systems security specialist at Jefferson Wells International. I'm guessing that most people would answer "absolutely not" to Shaurette's question, but a few others might observe that although the theft might not be right, the owner of the TV is at least partially at fault for making it easy. And then there are those who suggest that using an unprotected wireless network is more like watching the TV than stealing it.
"From what I've heard, the actual point of where [unauthorized use] becomes illegal is the actual use of the, in this case wireless, router's processing power," says Shaurette. "So if you can sniff the air without connecting to the router, that's OK. At the time of connection to the router and the router needing to provide you services, it can be construed as trespassing."
There's no denying that, whether you consider unauthorized use legal or not, leaving your wireless network unsecured is a reckless decision. Even if you don't mind the idea of unauthorized users gaining access to your network, you should be aware that any illegal activity they engage in could be traced back to your computer.
Serious consequences can arise from malevolent users piggybacking on wireless connections, carrying out illegal activities and then disappearing. Any number of misdeeds can be carried out. Shaurette cites a potential nightmare scenario: "What if someone sent an e-mail from a free e-mail service threatening the life of the president, using your unsecured wireless?" Or what if piggybackers use your connection to download illicit materials? If the illegal activity is traced to an IP address, law enforcement will confront that address's owner. Imagine trying to explain your innocence (and ignorance) when the evidence clearly tracks back to your IP address.
There's no question that wireless is becoming ubiquitous: More than 10 million homes in the U.S. are equipped with access points or routers that transmit high-speed wireless Internet connections to computers, and on top of that, many commercial businesses, organizations, coffee shops and even entire cities have set up wireless access.
How often wireless connections are secured adequately (or secured at all) is at the heart of the unauthorized usage dilemma. We need to determine what exactly entails permission. For example, when I'm visiting a coffee shop and proceed to open my laptop or fire up my wireless PDA and I find a connection available, am I expected to check for a hot spot sign, or should I run around knocking on doors to ask the connection host's permission? "It is probably worth noting that almost all criminal offenses require some kind of criminal intent," Shaurette says. "A truly accidental connection would likely not be a crime."
Most IT professionals would probably agree that if you come across an unexpected and unsecured wireless hot spot, you should assume it's private unless it's explicitly advertised otherwise -- for instance, posted clearly that access is freely available to all users. Says Shaurette, "I think the law that catches it as unauthorized access to a computer network' is defined as a third-degree felony [in some jurisdictions], which I don't believe most people realize when they sit in their office, and the office across the street is broadcasting their wireless unsecured and they connect to it."
Many people consider that an unprotected wireless access point is tantamount to an implied invitation to connect. Whether users will be prosecuted will depend upon each case's prevailing state and/or national law. Since new statutes vary considerably, it will be interesting to see how different courts interpret them under various circumstances.