I agree Listing these Laws in a central location would help. The only issue would be to keep on top of them as they are changing with the whim of the state legislature and what judges say during a case.. I currently host a site that lists were the state laws are. I would be more than willing to start collecting this information.

Here's a start based on the states I suggested:
NY
Penal Code Section 156.05 Unauthorized use of a computer
A person is guilty of unauthorized use of a computer when he knowingly uses or causes to be used a computer or computer service without authorization and the computer utilized is equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of said computer or computer system.

NH - This is a Bill that has passed, but not signed into law... Its still open for discussion.
The owner of a wireless computer network shall be responsible for securing such computer network. It shall be an affirmative defense to a prosecution for unauthorized access to a wireless computer network if the unauthorized access complies with the conditions set forth [in (a) to (c)].

On 11/30/2012 02:36 PM, grarpamp wrote:

Only regarding home Wireless access in the US I was involved in a case with just this situation. According to my lawyer there is no consensus on who is responsible for wifi. Every State has different laws each one is just a vague. In NY, if your wireless is secured (pw protected) you are ok. In NH, you are responsible for all data that passes your wifi point secured or not. In MA(my state) there is no specific law

Putting links to such laws on the Tor wiki would be useful for operators and users to know. It would seem hard to believe that there are 'must secure' laws [1] in the US or elsewhere. Even harder that anyone would be sentenced... regardless of whether their AP is open, 12345, or dR;$8w@G... merely for traffic traversing their AP/node that was not theirs, or that cannot be proven was theirs. Not that you wouldn't be questioned, charged or held before the case was dropped. [1] There are 'must secure' civil ISP contracts. They are only meant to 'secure' more revenue (no account/line sharing) for the ISP and save revenue from dealing with whatever headaches your open AP/node creates. And criminal 'theft of service' laws for the same reasons.

This (and links to the actual laws) are much easier to believe. Because if someone here took the NY example above literally and did illegal deeds via their secured wifi thinking that example was the law (and thus their immunity), they be jailed pretty quickly. And what does being forced to secure or responsible mean? If you hit a bug, exploit, or get cracked, and can show it, you're jailed? What if there is no proof either way but the existence of traffic, is the user then jailed by default? What if no evidence but crypted disk, or questions as to character/belief? In those crazy places even 100% lily white users would seem better off running an open AP/node and risking that lone lesser charge [2] than attempting to be rather secure, risking a crack, and being held responsible for some major crime. [2] If the major wasn't dropped, at least they'd be jailed with evidence the access was open, which looks a lot better than if it wasn't. The crazy is why you're supposed to visit, write, call and email your lawmakers, educate your executive, and hang your jury. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays