Thomas Nybergh’s pages

A recent decision by a court in Salo (link target is in Finnish), which implies that it’s illegal to use open Wi-Fi-networks without permission, is yet another fine example of the asshattery and uninformed lack of reasoning that automatically appears when anything related to information technology is on the agenda in today’s society under its current baby boomer overlords.

If I understand the situation correctly, some fines for using an open Wi-Fi access point was the only sentence that the court could give a person who allegedly gained access to data on a previous employer’s servers without permission, so it remains to be seen what weight this will have as a precedent (no, I don’t know what I’m talking about in anything related to legal issues).

It makes no sense to penalize the use of radio waves. I couldn’t put this better than Janne J. of ButtUgly:

“…you cannot apply the simplistic logic of WiFi network being private property any more than you can consider the light coming out of my windows private property. I know some people like to say that using an open WiFi is just like walking into someone’s kitchen and eating all food “just because the front door was open”, but this is not a valid analogy. A WiFi signal can be heard for hundreds of meters around - I could equally well argue that your WiFi signal is trespassing in the privacy of my living room.”

The only sensible way of deciding what’s permitted in networking situations would be to follow the communication protocols: If something on a computer network, or the network itself is available without authentication or trespassing, it’s available to the public. There’s no breaking into a room, or entering a staff only area with an RJ-45 plug in the wall involved in using open access points. Besides, standards making authentication and strong security possible while using Wi-Fi are available.

At this point, there are very few real arguments against allowing people to use any unprotected networks. One of them is that there still is legacy hardware, and even new systems with crappy software making it impossible or difficult for owners to use WPA, making unprotected Wi-Fi a necessity. A good, non-obvious example of this would be something like that even the Jesus-phone of that evil fruit company suffers from: missing copy/paste and other text handling functionality on some portable devices makes it a frustrating task to enter secure 25+ character WPA keys.

Another, in my mind much stronger argument against more or less including Wi-Fi in the proud Finnish tradition of Freedom to roam, is today’s computer security situation. Having someone with a zombified machine using someone else’s connectivity to participate in DDoS activity, is not exactly what you’d want. There is also the possibility of the network owner having internal, unprotected machines accessible from the unprotected Wi-Fi, but honestly, if that’s the case, chances are that the owner already has managed to infect his own machines. Anyone who knows jack shit would isolate an open Wi-Fi router from any machines that are not to be exposed to untrusted networks. Luckily, Windows machines running XP SP2 or Vista have a software firewall on by default and therefore don’t expose any potentially vulnerable services to the network, so normal people’s machines are slowly getting to a point where direct Internet access isn’t a recipe for instant zombification.

I haven’t checked what the situation with popular Wi-Fi hardware and their default encryption settings is right now, but my preferred basic Wi-Fi router model, the Linksys WRT54GL creates open networks by default, but is relatively easily configured to use encryption using the included installer disc (my opinion is that opening “http://192.168.1.1” in a browser is easy enough, but apparently, that’s not what other people think). I’ve seen more elegant solutions, like using the unit’s serial number as a default WPA key, which is what the Fonera does.

Nonetheless, letting some open questions regarding immature and fast-moving technologies create unnecessary cruft of dangerously clumsy, impossible to follow legislation, would be a very bad idea. For crying out loud, many devices connect to open Wi-Fi networks automatically - their owners are breaking the law by default if using such infrastructure is illegal without first acquiring explicit permission.

[via: Tietokone's Tietoja koneesta-blog]