Unintentional is ambiguous ... the response would be that you should have configured *your* device (ie the item that *you* have control over and is *your* responsibilty) not to automatically connect. The equivalent of ensuring you have the safety catch on when carrying loaded small arms to prevent accidents (which can lead to manslaughter charges). Yep, connection is not illegal, but use is. However, you may inadvertently *use* the connection once connected (backgrounds service such as DNS or things like MSN messenger) so *your* responsibility is to ensure that your machine is not configured to automatically connect.In any criminal act apart from a few special cases, (as far as I'm aware the communications act does not have what is known as strict liability) there is the act (the actus reus) and the intention (the mens rea, no really!) without both parts proved beyond a reasonable doubt there is no conviction. If you unintentionally connect to a ap with the same SSID and default password as your own there would not be intent and therefore no crime has been committed.
Remember that ignorance of the law is not admissible as defence in criminal cases (but can be used to seek leniency).
(I only know this due to having it explained, in detail, by my solicitor and a barrister).
So, in this case, you could have mens rea with a laptop that is set to autoconnect to any open wireless network. If it is just a case of one having the same name as your own then it would be a defense. Automatic actions don't necessarily remove culpability.
Is connection not the same as "securing access" as per the terms of the act?
They dont actually seem to differentiate between use and connection on the act. You gain unauthorised access knowingly its a crime but access does not mean use, I thought it would mean having the ability to use (aka plugging the ethernet wire in)
When you connect you gain access to said resources regardless of use thus have committed the crime.
almost tempting to get into the router config page(probably also insecure). Get their email address and password. Take some screenshots of their config settings, annotate them to let them know how to secure their network, log into their webmail with their email and password and send an email to the user from their own account saying "you been hacked" along with screenshots, then disconnect sit back and see what happens...
apart from the authorities would probably take a dimmer view of this than if you just stole the bandwidth. "But I was being civic minded officer" would be fun to be a fly on the wall when they checked their email though
There's a car park in the centre of a town not far from here with a good, unsecured network connection. The location of the unsecured access point?? The council offices next to it
There's a BTBusiness Hub next door to the school that recently got upgraded to a BTOpenZone hotspot - the wireless controller picked it up and told Nagios. Turns out that the owner of the business didn't actually know (or comprehend) that it had been enabled.
Were I a BT customer, I would expect unlimited hours (though possibly limited bandwidth) on any BT OpenZone hotspot in exchange for them taking advantage of my (already paid for) service in my home/business as an additional revenue stream for BT.
Fair enough you may have only accessed google and your email or things that do not take up bandwidth etc.
Not like you gave the person who pays for the net connection much of a choice as you and possibly others just connect to it and use it as each of you sees fit ( which is a grey area from person to person )
Connection of a wireless network which is open is the negotiation of the connection. Anything else is use. People have tried to equate it as trespass and this is not quite there ... possibly it is standing on the street and opening somebody's gate but not going up the path. Going through the gate and picking up stones to take away would be theft, but having a look around is trespass (but could be backed up with harassment laws ... which is why it gets hard to deal with stalkers, as trespass is hard to deal with in a criminal court unless used to back up things like harassment)
Opening up the browser config window (if the router is default for everything) starts to come under the computer misuse act as it is no longer traffic that is the important thing but the action of looking at or making use of systems configurations.
The use of the word 'gain' refers to an action taking place, either through intent or through negligence, in most acts. In the communications act this can be taken to be where access is gained to the service or system, not a connection between two devices. If that was the case then negotiation of connection between two devices, such as cast messages to blue tooth devices that leave their device status as discoverable, would be illegal.
So ... 'gain access' refers to service or system, connection refers to negotiation between two devices. IIRC this was actually described in the technical references for the mentioned case as negotiation between devices at layer 1, but I wondered about this as some connections require layer 2 or 3 of the OSI model, depending on the kit connecting ...
The question of intent is usually the point around which barristers dance their merry game. It is pivotal to a conviction being secured.Unintentional is ambiguous
but ignorance of IT is, if you are an IT pro it is unlikely that you could claim that you are ignorant of leaving your laptop on autoconnect and it just so happened to to connect to a neighbors (assuming you had the same unsecured hardware) Take your average teacher and I would say they could play the ignorance card pretty reliably!"Ignorance of the law is no excuse"
The firearm/safety catch example is not a close comparison as a "reasonable person" would know that the likelyhood of death or injury to occur simply handling a firearm was possible, With IT there is less of an awareness of action and consequence in the "reasonable person."I would have thought that there would be sufficient grounds for a defence. Of course the implication is that IT pros are not reasonable people!
Last edited by Hacksawbob; 6th March 2009 at 11:48 AM.
Some rich people own airplanes but it does not mean to say that they should have to take it apart and repair it themselves and know every thing that a plane has and how to take it apart and put it back together blind folded - they pay someone else for that to take care of all the technical bits n pieces and if you are not aware of wireless security for whatever reasons ( lack of RTFM ) or just wanting wireless to work and it just works so why fix it if it aint broke kind of approach and no one else tells them then how are they meant to know.
I deal with end users a lot as I am sure most ( to all ) people on here do and its amazing how many times you just want to --> go doh
There are currently 1 users browsing this thread. (0 members and 1 guests)