Kismet Wireless

Kismet Forums

 

Posted by:Dutch
Subject:set and forget config for a boat?
Date:08:40:58 03/03/2006

> > You better rethink the above scenario.
> > Just because an accesspoint isn't using encryption, doesn't mean it is a public hotspot that anybody can use.
> > If you plan on using any and all unencrypted accesspoint that you detect, even if the intention is a honorable one like reporting the position of your boat in case of theft, you are going to commit a federal felony. Theft of service as a minimum will be applicable, and harsher IT crimes related charges might also apply.
>
> It is most certainly NOT a felony, and I challenge you to cite where in the CFR you think it'd apply. This is unlicensed air. I have no intention of stealing anyone's service so please, spare me the hype.

*sigh* Sorry God, another one is about to loose his innocence..

Look here for the various states in the US : http://www.ncsl.org/programs/lis/cip/hacklaw.htm

For various articles detailing convictions in various aspects, including just using an unencrypted accesspoint to send mails : http://www.netstumbler.org/showthread.php?t=8712

USC section in effect :
http://www.usdoj.gov/criminal/cybercrime/1030_new.html

The members of the EU has in most cases similar laws in effect, pending the EU parliament putting out an overall law on the subject. Some of the EU membercountries, among those Denmark and Sweden, has used existing theft of service laws (Brugstyveri), besides specific computercrimes laws to charge and convict people on unauthorised usage of networks.

And AFAIR there's also a judicial analysis made by a lawfirm in PDF format available on the net, but the link to it has eluded my memory right now. In that document you can read more in depth about various aspects of cybercrime including the unauthorized usage of WiFi accesspoint.
EDIT: Found the link : http://papers.ssrn.com/sol3/papers.cfm?abstract_id=692881
Title of article by Robert V. Hale "Wi-Fi Liability: Potential Legal Risks in Accessing and Operating Wireless Internet". Santa Clara Computer and High Technology Law Journal, Vol. 21, p. 543, 2005

So the general consensus, both among the lawmakers, lawinterpreters and among the wardriving community is : If you haven't got EXPLICIT autorization to use a detected WiFi accesspoint, and you associate to that accesspoint, then you are committing a federal offence, whether you want to send or download your email, hack into the owners network, download kiddieporn, or as in your case - send a locationreport to your server.
As for theft of service charges, they would apply in the same manner as if you hooked up a cable to your next door neighbours satelitte dish/cable-tv box, without his and his cabletv suppliers explicit permission.

Finally the general consensus among wardrivers (wigle.net/netstumbler.org/and probably also the majority here including dragorn himself : As soon as you associate to an accesspoint without an explicit permission to do so, you are no longer wardriving, you are just a criminal.

So my statement stands : Unless you somehow manage to get your client to distinguish between real public hotspots, and JoeAverage's default configured Linksys accesspoint, you are heading into trouble.

Dutch


Reply to this message