to Wireless Network, Go Directly to Jail?
networking presents some special security challenges.
In order for data communications to take place without
cables, those communications travel across the airwaves
using radio frequencies, much as AM/FM programming transmissions
do. And just as anyone who has the proper equipment
can pick up an AM or FM broadcast, anyone with the proper
equipment can pick up wireless data transmissions.
Wireless networking has become tremendously popular
for both business and home networks. Most use the 802.11b
or 802.11g (which is backwards-compatible with b) technologies,
referred to as wi-fi. Many new laptops and handheld
computers come with wi-fi network cards built in, and
Windows XP and Windows Mobile (Pocket PC) operating
systems support wireless networking "out of the
If you're in range of a wireless network, just configure
a few simple settings and you're in business. You can
connect to public wi-fi "hotspots," your company's
wireless network, or even the wireless home network
that your next door neighbor set up so he could move
around the house with his laptop and still connect to
the Internet. If the wireless network you connect to
is connected to the Internet, you can surf the Web or
send e-mail through that Internet connection.
Setting up your own wireless network is not much more
difficult. Just buy an inexpensive wireless access point
(WAP) from D-Link or Linksys and plug it into your cable
or DSL modem or your home network's router. You can
use your wireless equipped computer to access your network
from anyplace within range of the WAP's antenna - typically
about 300 feet, but you can boost the signal with a
repeater or by replacing the WAP's built in antenna
with an external high-gain antenna.
The problem is that someone sitting in a car in front
of your house, or your neighbor next door (especially
if you live in an apartment or condo) may also be able
to pick up your signal, use your bandwidth to surf the
'Net and, if you don't have the proper access controls
in place, even access the files on your computer.
There are security mechanisms that you can enable to
help prevent this. You can turn on encryption on the
WAP, which will require that all wireless users know
the password to be able to connect (if your WAP and
wireless computers support it, use WPA encryption instead
of WEP, as it's stronger). You can turn off SSID broadcasting,
which will prevent your WAP from sending out its network
name (Service Set Identifier) over the air to show up
in others' list of available networks. You can enable
MAC filtering, which allows you to specify that only
computers with the physical addresses (an address that's
programmed into each network interface card) you list
are allowed to connect.
But many people who set up wireless networks don't do
any of these things, and the network is wide open for
anyone to connect. If you've ever traveled with your
wireless-equipped laptop, you've probably seen other
people's networks pop up in your list of available networks.
What happens if you click the Connect button? Well,
in some places, you might go to jail.
Last week in St. Petersburg, Florida, a man was arrested
for connecting to someone else's wireless home network.
You can read
about it here. He was charged with unauthorized
access to a computer network.
This case is likely to set a legal precedent; legal
opinions vary as to whether the government have a case.
Some attorneys argue that connecting to an unsecured
wireless network is somewhat like walking across someone's
yard when they haven't posted a "no trespassing"
sign or otherwise given notice that you're not allowed.
There are hundreds or thousands of "freenets"
all over the country - wireless networks people set
up with the intent to share them with the public. Can
the defendant reasonably claim that by choosing not
to use encryption or other security mechanisms, the
network owner gave implicit consent for members of the
public to use his signal?
Some others say it's more like intercepting someone's
cell phone conversation. There are federal laws (specifically,
the Counterfeit Access Device Law) that make it illegal
to use a radio scanner to knowingly eavesdrop on cell
phone conversations. Some states also have laws prohibiting
intercepting telephone conversations of any kind without
the consent of all parties involved.
What do you think? Should it be illegal to connect to
a wireless network when that network's signal is available
in a place where you're legally entitled to be? Should
the burden be on the network owner to "give notice"
that access is prohibited by enabling security? Is "war
driving" (looking for open wireless networks and
connecting to them to use their Internet connections)
a harmless practice or theft of network bandwidth? Does
it make a difference whether the network owner's ISP
charges by the kilobyte for access or provides unlimited
access for a set fee?
Let us know what you think at:
If you are thinking of installing a wireless network
or think your wireless network may be unsecure, we will
help you protect yourself if you call us!
Thanks to WinXPnews for the details of this story.