Nicholas Jackson of the Atlantic has a quite interesting blogpost up entitled “What’s Yours Is Mine: Using a Wireless Network You Don’t Own.” Is that theft? Or is it simply OK, no big deal?

The immediate impetus to his post is a recent ruling in the Netherlands, to the effect that that is in fact just no big deal, even if the wireless network you’re using happens to be secured, so that you have succeeded in breaking that security to use it! A controversial point-of-view, to be sure, which has also set off a mini-firestorm of discussion over on Slashdot.

Many of the legal issues here are somewhat subtle, meaning that reliance on machine-translation of the original Dutch report on the judge’s ruling is likely to be misleading. But that is where EuroSavant can step in; what follows is my own human-translated version of that piece, as a contribution to the discussion.

Judge: It’s OK to Hack the Neighbors’ WiFi Network

Published: Monday, 14 March 2011
Author: Loek Essers

The Court in The Hague establishes that it is not punishable to hitchhike on the wifi-network of others, even if that network is secured. There’s no question of breach of cyberpeace.

That arises from an appeals-court ruling from the Hague Court. It has to do with a case in which a student posted on-line an announcement of a shooting episode at the Maerlant School in The Hague. The announcement was placed on-line by means of someone else’s network. The student did end up being punished for placing such a threat on-line with a sentence of 120 hours of community service. But there is no issue of breach of cyperpeace by using someone else’s Internet connection.

The person in question did manage to acquire access to someone else’s router, but could thereby only make use of another’s Internet connection. In this approach there was no breaking into the computer of the network’s owner. According to the judge, the interests of the network’s owner were therefore not harmed in any legal sense. But the court did maintain: “This behavior may very well be socially unacceptable insofar as third parties ‘hitchhike’ for free on an Internet connection ordinarily paid for by the authorized user, who thereby as a rule loses bandwidth, but it is not relevant in any criminal sense.”

But it is unlawful
The judge thus ruled that hitchhiking on someone else’s Internet connection is not punishable. In the ruling he explicitly speaks repeatedly of an “Internet connection in any case not secured.” Neither is breaking into the neighbor’s router in order to make use of his Internet connection punishable, according to the court.

That doesn’t mean that it’s a free-for-all. “From the standpoint of civil law, it is simply unlawful,” says criminal lawyer Mathieu van Linde of the firm Blokzijl Advocaten.” You would be able to press charges against someone and say: I suffered damages because my bandwidth was reduced. . . . Then you have to demonstrate exactly what that damage is. But from a criminal point of view, someone like that, according to the Hague Court, is in any case untouchable.”

No breach of cyberpeace
Van Linde finds the case particularly interesting because it also explicitly has to do with secured networks. According to him, concerning unsecured networks you could still say that no sort of security was broken through. “But even if it’s a case of a non-secured network, it’s the same – as long as it’s a matter of making use of an Internet connection via the router – not punishable,” the lawyer explains.

According to the Court it is only punishable at the moment that someone, besides using the Internet connection, also starts snooping around into that person’s computer. Then there can arise “intrusion into automated works,” as it is described in Dutch law. There is only breach of cyberpeace if there is such intrusion into “automated works.”

Router no computer
Automated works are defined according to Van Linde as follows: “There must be, if you want to talk about such automated works, a situation whereby the device is designed for cumulative functions: storage, processing and data-transfer.” Only if those three conditions are fulfilled can there be talk of breach of cyberpeace.

With a router that is not the case. A piece of equipment that only functions to transfer data and/or store them falls outside that legal description. “And so they say that a router is therefore nothing more than a switching-device or connection-point for a network,” says Van Linde. For a router, according to the Court, it’s much more a matter of a password or user-code and providing a means to send data. And for that reason the router does not fall under the term automated works, because the router doesn’t store any data but only only sends them.

Hacking the neighbor’s router in order to then make use of the secured Internet connection is therefore allowed, Van Linde confirms. He notes that the ruling is based upon certain legal history. The Court cites two articles, of which one comes from 1990 and one from 1998. According to Van Linde those are “probably” a bit out-of-date. But: “As long as you don’t go snooping around the neighbor’s storage, then it is not punishable.”

A Dutch judge had already ruled in 2008 that secretly hitchhiking on the neighbor’s Internet is not theft. Data and bandwidth are not goods and can thus not be stolen, according to the ruling. Prior to this pronouncement someone had once been arrested for making use of another’s WiFi-network from an auto. Also after this pronouncement people have been arrested for the same reason.

Posted on Tuesday, March 29th, 2011. Trackback

Tags: Cybercrime, Netherlands, The Atlantic, Webwereld, WiFi