News

Ontario Police Arrest Man for War Driving

Ontario police have arrested a 25 year old man under Section 326 of the Criminal Code which covers theft of communications.  The alleged crime? Theft of Internet connectivity by unauthorized access to a wireless network.

12 Comments

  1. Your summary says the man was arrested for “unauthorized access to a wireless network,” but your headline says he was arrested for war driving. Let’s be clear: war driving and accessing a wireless network are not the same thing. War driving is a passive, “listening” activity and accessing the network is not. There is already enough confusion among the general public and within the media, please don’t contribute to it.

  2. Unprotected != unauthorised
    If I were to leave at the end of your driveway, the likelyhood that someone will pick it up and make use of it is high (in my neibourhood). Is that stealing? What if I put a sign on it that says “FREE”, is that stealing?

    In my view, an open, unencrypted, and unprotected wireless is equivalent to the latter. You (your AP actually) are (is) saying “HERE I AM! I’M OPEN”. At which point I say thank you and check my email. There was no authorisation, so no unauthorised access.

    Now if I were to packet sniff the air to determine the password or encryption key, then I am actively doing something I should not be… like jimmying a lock to open a door.
    That is obtaining unauthorised access.

    The definition of Internet Theft must be redefined, and educating the police force about the details surrounding the technology.

  3. what is theft?
    I agree with mhp’s philosophy but I’m not sure the law agrees. If I don’t lock the door of my car, that doesn’t mean it’s legal to use it to pick up groceries for yourself, even if you return it quickly and undamaged. I think you’re right, though, the law needs to be clarified.

  4. Public Air Waves
    WiFi runs on a publicly accessable frequency. If you don’t want anyone using your bandwidth, lock it down. If there was no encryption, there should be no theft as the network runs on a public frequency.

  5. authentication != authorisation
    mhp, from an information security point of view, you are confusing authentication with authorisation. Also, what about the concept of ‘trespass’? Do I have to put a lock on the gate to my yard before I can expect people won’t just wander into my back yard looking for something that might be useful to them?

    I also have the same question as Mike N. What was the act that got hime arrested? Did he connect to the access point or was he just wardriving?

  6. Public vs Private space
    I would like to know if the access point was open or not, and where the accused was when accessing the network. If you are on public property and communicating with an open access point, then that should not be construed as a crime, regardless of whether you were invited by the access point owner or not. As a previous poster pointed out, an open access point advertises itself and hands out the information people need to connect. In technical terms, it is an invitation.

    If the access point was using an authorization scheme like WEP or WPA, then that is a pretty clear message that the access point owner is attempting to restrict access. I can see why the police would think that deriving access to the device in that instance is a crime. Plotting the location of the device certainly should not be. Again, it is sending a signal out to public property where the public should have the right to document what it is capable of perceiving.

    I saw some results of early war driving in downtown Ottawa and saw info collected from all sorts of open access points that probably shouldn’t have been open given who’s networks they were plugged into. But if the access point invites your computer to join, and the Windows machines on the network broadcast information on how to access their openly shared folders… where’s the criminal intent?

    P.S. About tresspass, I believe the law requires the person to be notified of the fact that they are tresspassing before they are criminally considered as having done so. That’s why you see “private property/no tresspass” signs and it’s also why you would be the one in trouble if you, without giving a person the opportunity to leave, arrested someone on your property. I’m not a lawyer though… so you should look that one up before you take my word for it.

  7. “If you are on public property and communicating with an open access point, then that should not be construed as a crime, regardless of whether you were invited by the access point owner or not. […]

    But if the access point invites your computer to join, and the Windows machines on the network broadcast information on how to access their openly shared folders… where’s the criminal intent?”

    Please tell me you’re joking. How does where the person is located figure in to this? The fact that my neighbor’s access point broadcasts a signal that crosses my property line and comes into my living room does not mean I own the access point or have any entitlement to the service provided by that access point.

    By your argument, it should be perfectly acceptable for me to access any computer on the internet. If they didn’t want me to then they should not have had that port open on their firewall or they should have applied that patch or they should have used a better password, etc. ad nauseam.

    This isn’t that hard of a concept. You don’t own the equipment providing the service, you don’t pay for the service, why do you feel you are entitled to the service?

    And by the way, please don’t construe anything I am saying to mean that I don’t think people should protect their wireless networks. I just don’t believe that because someone lacks the knowledge to do it, that they are authorizing you to access their network.

  8. Harold Jarche says:

    Who’s the criminal?
    Given Lakehead University’s recent banning of wifi on campus due to health concerns, shouldn’t people with wireless routers that emit radio waves into public spaces be charged for putting the rest of us in danger 😉

    Taking this further, would this make make FON illegal in Canada? http://en.fon.com/

  9. War Driving or Stupidity
    Really how hard is it to set a password to a network. People have to take responability of thier own networks…
    G

    Darksky Alaskan Malamutes

  10. Not stupid
    “By your argument, it should be perfectly acceptable for me to access any computer on the internet. If they didn’t want me to then they should not have had that port open on their firewall or they should have applied that patch or they should have used a better password, etc. ad nauseam. ”

    Yes, this is how HTTP works. Port is open, it answers to an active “GET” request, and dishes out data. This is also how DNS works. Port is open, it answers to a query from an anonymous source, and dishes out data. How would I honestly know you did not intend for your open HTTP or DNS service to be used?

    By the same argument, how could I possibly know your SSID of “default” with no password was not intended to be used?

  11. Open is free
    If your running a access point with no security you are inviting others to join in my opinion. Your running a hotspot. A free hotspot. You may not be putting up a sign saying use me but your access point certainly is advertising free access. If you don’t want people to access your network then protect it. Maybe they should make a law that sais you need to do some kind of basic course to own a computer and another course if you want to use the internet along with another course if you wish to have a home network, especially wireless. Anyone running a open network should should be charged with enticement or accessory to a crime. The provided the tools and temptation.

  12. @ Mike N
    well, he was arrested for “Wardriving” as the title states…… which also encompasses not only finding the signal, but using it…..

    —-War Driving: Using a laptop’s wireless card to pick up unsecured LAN signals, using them for anonymous and free high-speed Internet access.

    soooo, ignore your post… anddddd

    I think the problem lies in knowing what is free and what is not encrypted. Right now I am downtown Toronto. There are about 30 WiFi access points that I could choose from. 25 of them are password protected. One of them is the Free wiFi from ontario hydro, and the others unprotected home users.

    If my computer booted up, and logged into the closest most powerful wifi (as it does) it would not pick the Free Hydro account… but rather some persons personal account they did not protect. The onus therefore lies on the owner of the internet and signal being broadcast from their device/home.