Unprotected free wifi connections - are these still subject to hacking offences?

AnthonyUK

If someone is receiving for free, a unprotected unsecured WiFi signal and getting their internet for free i.e. such as a free WiFi signal for a cafe a takeaway or public venue like a market hall or town hall or a sports centre for example and the businesses and / or individual's connection isn't password protected or encrypted to restrict access, then is this still subject to a law offence and a charge of illegal hacking ?

A solicitor and a policeman that I have found out the facts from perhaps suggest otherwise : if the person or business doesn't password protect or encrypt it or control who gets onto it, then that is their problem apparently, but if it's a free public wifi connection, then public venues and places that make it free, presumably wouldn't go calling individuals using it tell them to stop using it would they ?

It's a bit of a potentially grey area. A lot of businesses do take the sensible step of protecting their wifi connections and password encrypting their connections and unless you work for the place or are on official business, then you don't get access or a password and you don't get in.

However, if it's intended for free access with no password, then presumably there shouldn't be a problem. Does anyone know?

S0litaire

*IANAL*

But think the principle of "Even if the door is unlocked, you're still entering without permission."

From wiki:
https://en.wikipedia.org/wiki/Legality_of_piggybacking:

The Computer Misuse Act 1990, section 1 reads:[19]

(1) A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that is the case.

In London, 2005, Gregory Straszkiewicz was the first person to be convicted of a related crime, "dishonestly obtaining an electronics communication service" (under s.125 Communications Act 2003). Local residents complained that he was repeatedly trying to gain access to residential networks with a laptop from a car. There was no evidence that he had any other criminal intent.[20] He was fined £500 and given a 12-month conditional discharge.[21]
In early 2006, two other individuals were arrested and received an official caution for "dishonestly obtaining electronic communications services with intent to avoid payment."[22][23]

DoaM

I'm not sure that example is related to what OP is asking ... in the example the person was "trying to gain access". In the case of a shop/cafe etc. then they're making the WiFi network free to access - nobody has to "try" to gain access.

It would have to be a real curve-ball interpretation of the law (IMHO) to correlate use of freely-provided WiFi with hacking. (It would be different if it was residential WiFi where the householder wasn't aware there was no security enabled ... the "Even if the door is unlocked, you're still entering without permission" principle would likely apply).

S0litaire

DoaM wrote: »

I'm not sure that example is related to what OP is asking ... in the example the person was "trying to gain access". In the case of a shop/cafe etc. then they're making the WiFi network free to access - nobody has to "try" to gain access.

You still have to initiate a connection either manually or automatically. That IS trying to gain access to an unsecured WiFi.

If the owner has not given "explicit permission" to access WiFi it's accessing a computer network without permission.

But if they do give permission, they are solely responsible for any activity which results from the free access unless they have a way to track the offending device/user.

marvin

AnthonyUK wrote: »

If someone is receiving for free, a unprotected unsecured WiFi signal and getting their internet for free i.e. such as a free WiFi signal for a cafe a takeaway or public venue like a market hall or town hall or a sports centre for example and the businesses and / or individual's connection isn't password protected or encrypted to restrict access, then is this still subject to a law offence and a charge of illegal hacking ?

A solicitor and a policeman that I have found out the facts from perhaps suggest otherwise : if the person or business doesn't password protect or encrypt it or control who gets onto it, then that is their problem apparently, but if it's a free public wifi connection, then public venues and places that make it free, presumably wouldn't go calling individuals using it tell them to stop using it would they ?

It's a bit of a potentially grey area. A lot of businesses do take the sensible step of protecting their wifi connections and password encrypting their connections and unless you work for the place or are on official business, then you don't get access or a password and you don't get in.

However, if it's intended for free access with no password, then presumably there shouldn't be a problem. Does anyone know?

I take it you live above a Costa or something similar and are getting your home wifi for free.

If so...
It will all be down to their T&C if they are offering access to wifi for free.

If it is a place intending to offer free wifi I cannot see them coming after anyone what would they have lost what could they claim?

If it is a place that does not intend to offer wifi free and has simply not closed and locked the door then it is probably a bit naughty to take without asking.

Chino

S0litaire wrote: »

But if they do give permission, they are solely responsible for any activity which results from the free access unless they have a way to track the offending device/user.

This is nonsense; the account holder is not responsible for users' actions.

Undervalued

marvin wrote: »

I take it you live above a Costa or something similar and are getting your home wifi for free.

If so...
It will all be down to their T&C if they are offering access to wifi for free.

If it is a place intending to offer free wifi I cannot see them coming after anyone what would they have lost what could they claim?

If it is a place that does not intend to offer wifi free and has simply not closed and locked the door then it is probably a bit naughty to take without asking.

With your Costa analogy, the WiFi is presumably only free to their customers? Using it otherwise would be like walking in and helping yourself to packets of sugar without buying any coffee!

I agree if you live next door or in a flat above it is very unlikely to be policed but don't they turn it off when the shop closes?

Equally, are you happy that a public network is secure enough for all your WiFi needs? I certainly wouldn't use one for banking etc.

S0litaire

Chino wrote: »

This is nonsense; the account holder is not responsible for users' actions.

They are. the connection terminates at the Account holders address/router, they are ultimately responsible for any action they can't account for.

If it's Civil infringement then the complainant requires proof that the account holder is responsible. (thats why it's hard to enforce illegal torrenting letters.)

If it's criminal then the account holder has to prove their innocence or indicate the responsible parties.

Roger1

Interesting topic.

When staying at hotels, I sometimes see a message to the effect that the connection is not secure and others may see what I'm doing. Discussing this with the hotel, I'm met with confusion and the comment that nobody's complained before.

I've continued on the basis that my bank (or whatever) connection is secure. Reassurance would be great.

I'm think especially of you, Hilton hotels.

DoaM

Free WiFi simply means there's one less hurdle a hacker has to jump before trying to hack someone's computer. Once they're on the network then they'll (probably) be able to access any Shared folders on any other PC connected to that network. (They may even be able to access the C drive of PCs that have no login credentials).

As regards websites ... if you connect to the website via HTTPS then that's a more significant hurdle for the hacker to jump; if the initial login is via HTTP (like it currently is for this forum) then they'll be able to quite easily "sniff" such details.

mr_fishbulb

S0litaire wrote: »

If it's criminal then the account holder has to prove their innocence or indicate the responsible parties.

The accused never has to prove their innocence in a criminal matter. Burden of proof is on the prosecution.

The prosecution would need to convince a jury that the owner of the Internet Connection had either committed the offence themselves, or were aware of it happening (and thus an accessory). They would bring in expert witnesses that explain the jury about IP addresses, and how they can be tracked to a particular owner of an Internet connection.

On cross examination, the defence solicitor would ask the witness if they can be 100% confident (from the IP evidence) that the accused was the one performing the action. Under oath, they would have to say no.

The defence would bring in their own expert witness who would explain the IP address does not tie to a person, rather the network equipment making the Internet connection. They will also explain that there have been instances where the network equipment has been hacked in the past, and that someone else could have been performing the actions of which the defendant is accused. They would probably also talk about open wifi access points and make reference to a coffee shop, and explain that it is impossible to tie an internet action to one specific person.