Only regarding home Wireless access in the US I was involved in a case with just this situation.
According to my lawyer there is no consensus on who is responsible for wifi. Every State has different laws each one is just a vague. In NY, if your wireless is secured (pw protected) you are ok. In NH, you are responsible for all data that passes your wifi point secured or not. In MA(my state) there is no specific law
Putting links to such laws on the Tor wiki would be useful for operators and users to know.
It would seem hard to believe that there are 'must secure' laws [1] in the US or elsewhere. Even harder that anyone would be sentenced... regardless of whether their AP is open, 12345, or dR;$8w@G... merely for traffic traversing their AP/node that was not theirs, or that cannot be proven was theirs. Not that you wouldn't be questioned, charged or held before the case was dropped.
[1] There are 'must secure' civil ISP contracts. They are only meant to 'secure' more revenue (no account/line sharing) for the ISP and save revenue from dealing with whatever headaches your open AP/node creates. And criminal 'theft of service' laws for the same reasons.
you just need a good lawyer :)
This (and links to the actual laws) are much easier to believe.
Because if someone here took the NY example above literally and did illegal deeds via their secured wifi thinking that example was the law (and thus their immunity), they be jailed pretty quickly.
And what does being forced to secure or responsible mean? If you hit a bug, exploit, or get cracked, and can show it, you're jailed? What if there is no proof either way but the existence of traffic, is the user then jailed by default? What if no evidence but crypted disk, or questions as to character/belief?
In those crazy places even 100% lily white users would seem better off running an open AP/node and risking that lone lesser charge [2] than attempting to be rather secure, risking a crack, and being held responsible for some major crime. [2] If the major wasn't dropped, at least they'd be jailed with evidence the access was open, which looks a lot better than if it wasn't.
The crazy is why you're supposed to visit, write, call and email your lawmakers, educate your executive, and hang your jury.
I agree Listing these Laws in a central location would help. The only issue would be to keep on top of them as they are changing with the whim of the state legislature and what judges say during a case.. I currently host a site that lists were the state laws are. I would be more than willing to start collecting this information.
Here's a start based on the states I suggested: NY /*Penal Code Section 156.05 Unauthorized use of a computer* // // A person is guilty of unauthorized use of a computer when he //knowingly http://wings.buffalo.edu/law/bclc/web/NewYork/ny15_05.htm//uses or causes to be used a computer or computer service without authorization _and the computer utilized is equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of said computer or computer system. _/
NH - This is a Bill that has passed, but not signed into law... Its still open for discussion. The owner of a wireless computer network shall be responsible for securing such computer network. It shall be an affirmative defense to a prosecution for unauthorized access to a wireless computer network if the unauthorized access complies with the conditions set forth [in (a) to (c)].
On 11/30/2012 02:36 PM, grarpamp wrote:
Only regarding home Wireless access in the US I was involved in a case with just this situation.
According to my lawyer there is no consensus on who is responsible for wifi. Every State has different laws each one is just a vague. In NY, if your wireless is secured (pw protected) you are ok. In NH, you are responsible for all data that passes your wifi point secured or not. In MA(my state) there is no specific law
Putting links to such laws on the Tor wiki would be useful for operators and users to know.
It would seem hard to believe that there are 'must secure' laws [1] in the US or elsewhere. Even harder that anyone would be sentenced... regardless of whether their AP is open, 12345, or dR;$8w@G... merely for traffic traversing their AP/node that was not theirs, or that cannot be proven was theirs. Not that you wouldn't be questioned, charged or held before the case was dropped.
[1] There are 'must secure' civil ISP contracts. They are only meant to 'secure' more revenue (no account/line sharing) for the ISP and save revenue from dealing with whatever headaches your open AP/node creates. And criminal 'theft of service' laws for the same reasons.
you just need a good lawyer :)
This (and links to the actual laws) are much easier to believe.
Because if someone here took the NY example above literally and did illegal deeds via their secured wifi thinking that example was the law (and thus their immunity), they be jailed pretty quickly.
And what does being forced to secure or responsible mean? If you hit a bug, exploit, or get cracked, and can show it, you're jailed? What if there is no proof either way but the existence of traffic, is the user then jailed by default? What if no evidence but crypted disk, or questions as to character/belief?
In those crazy places even 100% lily white users would seem better off running an open AP/node and risking that lone lesser charge [2] than attempting to be rather secure, risking a crack, and being held responsible for some major crime. [2] If the major wasn't dropped, at least they'd be jailed with evidence the access was open, which looks a lot better than if it wasn't.
The crazy is why you're supposed to visit, write, call and email your lawmakers, educate your executive, and hang your jury. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
In NH, you are responsible for all data that passes your wifi point secured or not.
Where is this codified?
NH - This is a Bill that has passed, but not signed into law...
https://www.gencourt.state.nh.us/rsa/html/LXII/638/638-17.htm https://www.gencourt.state.nh.us/legislation/2003/HB0495.html
Use the full text. This bill attempts to clarify/legalize using someone else's wifi when I(a)(1)-(3) are reasonable assumptions... commonly such as when the operator has not 'secured' their wifi... the "it's open, so it must be ok" defense. (Defense to a charge by an annoyed operator, a "look, a user in their car!" charge by the police, or an accessory charge to a greator crime of the defendant.) It tries to make 'know/belief' easy for the lay user to assume by using the word 'secure' and attempting to create some kind of obvious 'security' wall but it doesn't define what that boundary is. What about the day when there is some popular 'click here to go online' tool that does WEP guessing in the background behind a pretty GUI? Your belief may have just changed, and not in a good way. Next, note that 'shall be responsible for securing' does not mandate any given security level... be it open, at any other level, or by any given means. While you could seemingly document your 'security' choice as open, closed, or whatever (to satisfy whatever action this clause is trying to make you do)... the choice itself makes no difference to us because: It doesn't say anything about the operators culpability for what traverses their wifi/node. The context of that clause, and the bill and code as a whole, appears to be regarding users and is of no use or affect regarding operators. Which is what this list cares about and would like to know. That's one interpretation, call a lawyer and make your own.
Other interpretations and background... http://www.wired.com/gadgets/wireless/news/2003/04/58651?currentPage=all
In NY, if your wireless is secured (pw protected) you are ok.
Where is this codified?
Penal Code Section 156.05 Unauthorized use of a computer A person is guilty of unauthorized use of a computer when he knowingly uses or causes to be used a computer or computer service without authorization and the computer utilized is equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of said computer or computer system.
Again, this applies to the user. Every state has similar laws. I won't bother to link or pick at this one. Other than to laugh at how the operator's "'equipped' but disabled" choice might make open access a crime. So if you're used to leeching in NH, stay the hell away from NY :)
tor-relays@lists.torproject.org
-
grarpamp -
Webmaster