wardriving a crime in Florida?

D. Joe kclug at etrumeus.com
Mon Jul 11 10:46:54 CDT 2005 

On Mon, Jul 11, 2005 at 09:23:19AM -0500, Jeremy Fowler wrote:
> In the US, it is illegal to access ANY communication
> network without first getting permission. 

Fair enough.

> That's the law and that's exactly what he was doing.

Really?

Come on, we know how these access points work:  They ANNOUNCE
their SSIDs and they GIVE OUT IP numbers via DHCP.  They don't
have to do this, and there are options to have them not do this. 
Your mileage clearly varies on this point, but I think a
reasonable interpretation is that the machine was, indeed,
configured to convey that permission.  

This may be a case where the factory-installed defaults should
be changed, just as when, back in the day, a default install of
Redhat or whatever would have all these unnecessary and often
vulnerable services running.  Eventually, practices changed and
the suppliers required explicit steps to turn on these features. 
This can't be that hard for companies like Cisco and Nortel and
Linksys to do for their consumer-level stuff.  

If you don't think broadcasting an SSID and offering DHCP leases
(to say nothing of leaving off the encryption) constitutes
permission, what form of permission would you require? And how
would you contrast that form with the other types of
announcements and invitations that have been mentioned in this
thread already (eg, garage sale signs being a cover against
trespassing charges, that sort of thing)?

> If they find spam sending software, viruses/worms/trojans, or
> kiddy porn on his system I think they should throw the book at
> him. If all he was doing was checking his email, then they can
> be a bit more lenient.

Not sure how I feel about sitting in a car using a laptop as
being probably cause for a search.  Whether the guy looked
"suspicious" or not is pretty subjective.  

But yeah, that's bad stuff.  Something tells me if he had any of
that stuff, we'll hear about it, since it's the kind of
salacious detail the news loves.  That we haven't heard about it
makes me think they looked and didn't find anything like that.

Also, if the guy had viruses/worms/trojans, they could be ones
his system just happened to catch, like the zillion other
vulverable machines running ${PROPRIETARY_OS}.  He could be as
much a "victim" of poorly-maintained systems as the person with
the misconfigured AP.

> However, if you ask me, sitting in a residential area was just
> asking for trouble. 

<*shrug*>  I <ahem> know of someone who was going to a meeting
at a house in a residential neighborhood, and had forgotten to
bring along the address or a map or something like that, and who
did a short bit of wardriving, found an open access point,
checked the online mailing list archive for the details, and
then went to the meeting, which as it happens was about a block
away.


> He should of just drove to a business district, or a coffee
> house, and avoid this situation all together.

Yeah, probably.


-- 
D. Joe Anderson         http://www.etrumeus.com/~deejoe
"DRM [...] is to copyright law as a machine gun on                                          
a motion detector is to real estate law"  -- Don Marti

More information about the Kclug mailing list