BookRags.com Literature Guides Literature
Guides		 Criticism & Essays Criticism &
Essays		 Questions & Answers Questions &
Answers		 Lesson Plans Lesson
Plans		 My Bibliography Periodic Table U.S. Presidents Shakespeare Sonnet Shake-Up
Research Anything:        
History | Encyclopedias | Films | News | Create a Bibliography | More... Login | Register | Help

Piggybacking (internet access)

 Print-Friendly
About 16 pages (4,655 words)

Bookmark and Share Know this topic well? Help others and get FREE products!
This article is about using someone else's wireless Internet access. For other uses see Piggybacking (disambiguation).

Piggybacking is a term used to refer to access of a wireless internet connection by bringing one's own computer within the range of another's wireless connection, without that subscriber's explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary in jurisdictions around the world. While completely outlawed in some jurisdictions, it is permitted in others. A customer of a business providing hotspot service, such as a hotel or cafe, is generally not considered to be piggybacking, though non-customers or those outside the premises may be. Many such locations provide wireless Internet access as a courtesy to their patrons, either with or without an extra charge, or simply to draw people to the area.[1] Piggybacking is distinct from wardriving, which involves only logging or mapping of access points' existence.

Contents

Background

Piggybacking has become a widespread practice in the 21st century due to the advent of wireless internet connections and wireless routers. Computer users either who do not have their own connections or who are outside the range of their own might find someone else's by wardriving or luck and use that one. However, those residing near a hotspot or another residence with the service have been found to have the ability to piggyback off such connections without patronizing these businesses, which has led to more controversy. While some may be in reach from their own home or nearby, others may be able to do so from the parking lot of such an establishment, from another business that generally tolerates the user's presence, or from the public domain. Others, especially those living in apartments or town houses, may find themselves able to use a neighbor's connection.

Reasons for piggybacking

There are many reasons why internet users piggyback on other's networks. For some, the cost of internet service is a motivating factor. Many computer owners who cannot afford a monthly subscription to an internet service, who only use it occasionally, or who otherwise wish to save money and avoid paying, will routinely piggyback this access from a neighbor or a nearby business, or they will visit a location providing this service without being a paying customer. If the business is large and frequented by many people, those who use the business for this purpose may go largely unnoticed. Yet other piggybackers are regular subscribers to their own service, but they are away from home when they wish to gain internet access, and they do not have their own connection available at all or at an agreeable cost. Often, a user will access a network completely by accident, as the network access points and computer's wireless cards and software are designed to connect easily by default. This is common when away from home or when the user's own network is not behaving correctly. Such users are often unaware that they are piggybacking, and the subscriber has not noticed the breech. Regardless, piggybacking is difficult to detect unless the user can be viewed by others using a computer under suspicious circumstances. Less often, a user will piggyback in order to mask illegal activity, such as downloading child pornography or engaging in identity theft. This, in particular, has raised a lot of concern regarding the practice. Network owners leave their networks unsecured for a number of reasons. They may desire to share their Internet access with their neighbors or the general public, or they may be intimidated by the knowledge required to secure their network. They may be unaware or unconcerned about the risks they incur by not securing their network, or of the need or option to protect their network.

Legality

Laws regarding unauthorized access of a computer network exist in many locales, including the U.S. federal government, all 50 U.S. states, and other countries, though the wording and meaning differ from one to the next. However, the interpretation of terms like "access" and "authorization" is not clear, and there is no general agreement on whether piggybacking (intentional access without harmful intent) falls under this classification.[2] For example, a common but untested argument is that the 802.11 and DHCP protocols operate on behalf of the owner, giving consent to use the network, but this would not apply if the user has other reason to know that there is no consent. In addition to laws against unauthorized access on the user side, there are the issues of breach of contract with the Internet service provider on the network owner's side. Many terms of service prohibit bandwidth sharing with others. The Electronic Frontier Foundation maintains a list of ISPs that allow sharing of the Wi-Fi signal.

United States

Laws vary widely between states. Some criminalize the mere unauthorized access of a network, while others require monetary damages or intentional breaching of security features. The majority of state laws do not specify what is meant by "unauthorized access".[3][2] In St. Petersburg, 2005, Benjamin Smith III was arrested and charged with "unauthorized access to a computer network", a third-degree felony in the state of Florida, after using a resident's wireless network from a car parked outside.[4][5] An Illinois man was arrested in January 2006 for piggybacking on a Wi-Fi network. David M. Kauchak was the first person to be charged with "remotely accessing another computer system" in Winnebago County. He had been accessing the Internet through a nonprofit agency's network from a car parked nearby and chatted with the police officer about it. He pleaded guilty and was sentenced to a fine of $250 and one year of court supervision.[6][7] In Sparta, Michigan, 2007, Sam Peterson was arrested for checking his email each day using a cafe's wireless Internet access from a car parked nearby. A police officer became suspicious, stating, "I had a feeling a law was being broken, but I didn't know exactly what". The man explained what he was doing to the officer when asked, as he did not know that the act was illegal. The officer found a law against "unauthorized use of computer access", leading to an arrest and charges that could result in a five year felony and $10,000 fine. The cafe owner was not aware of the law, either. "I didn't know it was really illegal, either. If he would have come in [to the coffee shop] it would have been fine." He was eventually sentenced to a $400 fine and 40 hours of community service.[8][9] This case was featured on the Colbert Report.[10] In 2007, Palmer, Alaska, 21-year old Brian Tanner was charged with "theft of services" and had his laptop confiscated after accessing a gaming website at night from the parking lot outside the Palmer Public Library, as he was allowed to do during the day. He had been asked to leave the parking lot the night before by police, which he had started using because they had asked him not to use residential connections in the past. He was not ultimately charged with theft, but could still be charged with trespassing or not obeying a police order. The library director said that Tanner had not broken any rules, and local citizens criticized police for their actions.[11][12][13] In 2003, the New Hampshire House Bill 495 was proposed, which would clarify that the duty to secure the wireless network lies with the network owner, instead of criminalizing the automatic access of open networks.[14][15] It was passed by the New Hampshire House in March 2003, but was not signed into law. The current wording of the law provides some affirmative defenses for use of a network that is not explicitly authorized:[16]

I. A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that:

(a) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or
(b) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or
(c) The person reasonably could not have known that his or her access was unauthorized.

New York law is the most permissive. The statute against unauthorized access only applies when the network "is equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of said computer or computer system". In other words, the use of a network would only be illegal if the network owner had enabled encryption or password protection and the user bypassed this protection, or when the owner has explicitly given notice that use of the network is prohibited, either orally or in writing.[2][17] Westchester County passed a law, taking effect in October 2006, that prohibits commercial networks from being operated without a firewall, SSID broadcasting disabled, and a non-default SSID, in an effort to fight identity theft. Businesses that do not secure their networks in this way face a $500 fine. The law has been criticized as being ineffectual against actual identity thieves and punishing businesses like Starbucks for normal business practices.[18][19][20]

Australia

Under Australian Law, "unauthorised access, modification or impairment" of data held in a computer system is a federal offence under the Cybercrime Act 2001. The act refers specifically to data as opposed to network resources (connection). In the state of Western Australia it could be construed as "Unlawful operation of a computer system". The use of bandwidth or other resources could also be construed as theft if it involves deception then fraud.

Canada

In Canadian law, unauthorized access is addressed by Section 342.1 of the Criminal Code of Canada. According to Section 342.1, "Every one who, fraudulently and without colour of right" obtains "computer services" from an access point is subject to criminal charges. (See Criminal Code of Canada, RSC 1985, c. C-46, s. 342.1 (1) (a)) In Toronto, a man was arrested with a WiFi-enabled laptop in his car, partially undressed. He was tapping into unprotected wireless networks to download child pornography. Ultimately, however, he was charged not for piggybacking, but for the pornography instead.[21]

United Kingdom

In London, 2005, Gregory Straszkiewicz was the first person to be convicted of a related crime, "dishonestly obtaining an electronics communication service. Local residents complained that he was repeatedly trying to gain access to residential networks with a laptop from a car. There was no evidence that he had any other criminal intent.[22] He was fined £500 and given a 12-month conditional discharge.[23] In early 2006, two other individuals were arrested and received an official caution for "dishonestly obtaining electronic communications services with intent to avoid payment."[24][25] The Computer Misuse Act 1990, section 1 reads:[26]

(1) A person is guilty of an offence if—

(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.

Singapore

In November 2006, a 17-year-old man, Garyl Tan Jia Luo, was arrested for tapping into his neighbour's wireless Internet connection.[27] He faced up to three years' imprisonment and a fine under the Computer Misuse Act.[28] On 19 December, Tan pleaded guilty to the charge,[29] and on 16 January 2007 he became the first person in Singapore to be convicted of the offense. He was sentenced by the Community Court to 18 months' probation, half of which was to be served at a boys' home. For the remaining nine months, he had to stay indoors from 10:00 pm to 6:00 am. He was also sentenced to 80 hours of community service and banned from using the Internet for 18 months; his parents risked forfeiting a S$5,000 bond if he failed to abide by the ban. Tan was also given the option of enlisting early for National Service. If he did so, he would not have to serve whatever remained of his sentence.[30] On 4 January 2007, Lin Zhenghuang was charged for using his neighbour's unsecured wireless network to post a bomb hoax on-line. In July 2005, Lin had posted a message entitled "Breaking News – Toa Payoh Hit by Bomb Attacks" on an on-line forum managed by HardwareZone. Alarmed by the message, a forum user reported it to the authorities through the Government of Singapore's eCitizen website. Lin faced an additional 60 charges for using his notebook computer to illegally access the wireless networks of nine people in his neighborhood repeatedly.[31] Lin pleaded guilty to one charge under the Telecommunications Act[32] and another nine under the Computer Misuse Act on 31 January. He apologised for his actions, claiming he had acted out of "stupidness" and not due to any "malicious or evil intent".[33] On 7 February he was sentenced by District Judge Francis Tseng to three months' jail and a S$4,000 fine. The judge also set sentencing guidelines for future 'mooching' cases, stating that offenders would be liable to fines and not to imprisonment unless offences were "committed in order to facilitate the commission of or to avoid detection for some more serious offence", as it was in Lin's case.[34]

Views

Views on the ethics of piggybacking vary widely. Many support the practice, stating it is harmless, and that it benefits the piggybacker at no expense to others, while others criticize it with terms like "leeching", "mooching", or "freeloading". A variety of analogies are made in public discussions to relate the practice to more familiar situations. Advocates compare the practice to:

  • Sitting behind another passenger on a train, and reading their newspaper over their shoulder.[35]
  • Enjoying the music a neighbor is playing in their backyard.
  • Using a drinking fountain.
  • Sitting in a chair put in a public place.
  • Reading from the light of a porch light or streetlamp.
  • Eating another's leftovers abandoned at a restaurant.

Opponents to piggybacking compare the practice to:

  • Entering a home just because the door is unlocked
  • Hanging on the outside of a bus to obtain a free ride.
  • Connecting one's own wire to a neighbor's house to obtain free cable TV service when the neighbor is a subscriber.

The piggybacker is using the connection paid for by another without paying them compensation. This is especially of concern in an apartment complex where many residents live within the normal range of a single wireless connection. Some residents are able to gain free internet access while others pay. Many ISPs charge monthly rates, however, so there is no difference in cost to the network owner. Excessive piggybacking may slow down the host's connection, with the host typically unaware of the reason for the reduction of speed. This is more of a problem where a larger number of persons are engaging in this practice, such as in an apartment or near a business. The piggybacker has the ability to engage in illegal activity, such as identity theft or pornography, without much of a trail to their own identity, leaving the network owner a subject of investigation for a crime s/he did not commit or have any involvement in. While most persons engaging in piggybacking are generally honest citizens, a smaller number are breaking the law in this manner, making the discovery of their identity difficult or impossible for investigators. Most access points, when using default settings, are configured to provide wireless access to all who request it. Some argue that those who set up access points without adding security measures are offering their connection to the community. Many people intentionally leave their networks open to allow neighbors casual access, with some joining wireless community networks (often considered the future of the internet), to share bandwidth freely. It has largely become etiquette to leave access points open for others to use, just as someone expects to find open access points while on the road. Jeffrey L. Seglin, ethicist for the New York Times, recommends notifying the network owner if they are identifiable, but says there is nothing inherently wrong with accessing an open network and using the connection. "The responsibility for deciding whether others should be able to tap into a given access belongs squarely on the shoulders of those setting up the original connection."[36] Similarly, Randy Cohen, author of The Ethicist column for The New York Times Magazine and National Public Radio, says that one should attempt to contact the owner of a regularly-used network, and offer to contribute to the cost. But he points out that network owners can easily password protect their networks, and quotes attorney Mike Godwin, concluding that open networks likely represent indifference on the part of the network owner, and accessing them is morally acceptable, if not abused.[37][38] Policy analyst Timothy B. Lee writes in the International Herald Tribune that the ubiquity of open wireless points is something to celebrate. He says that borrowing a neighbor's Wi-Fi is like sharing a cup of sugar, and leaving a network open is just being a good neighbor.[39]

Preventing piggybacking

Laws do not have the physical ability to prevent such action from occurring, and piggybacking may be practiced with negligible detection. The owner of any wireless connection has the ability to block access from outsiders by engaging security measures. This is not practiced by all owners, and some security measures are more effective than others. More security-conscious network operators may choose from a variety of security measures to limit access to their wireless network, including:

  • Hobbyists, computer professionals and others who study Wired Equivalent Privacy (WEP) can apply it to many Access Points without cumbersome setup, but it offers little in the way of practical security against similarly studious piggybackers. It is cryptographically very weak, so an access key can easily be cracked. Its use is often discouraged in favor of other more robust security measures, but many users feel that any security is better than none or are unaware of any other. In practice, this may simply mean your neighbors' non-WEP networks are more accessible targets. WEP is sometimes known to slow down network traffic in the sense that the WEP implementation causes extra packets to be transmitted across the network. Some claim that "Wired Equivalent Privacy" is a misnomer, but it generally fits because wired networks are not particularly secure either.
  • Wi-Fi Protected Access (WPA) is more secure than WEP but is not as widespread. Many Access Points will support WPA after a firmware update.
  • MAC address authentication in combination with discretionary DHCP server settings allow a user to set up an "allowed MAC address" list. Under this type of security, the access point will only give an IP Address to computers whose MAC address is on the list. Thus, the network administrator would obtain the valid MAC addresses from each of the potential clients in their network. Disadvantages to this method include the additional setup. This method does not protect data from being stolen (there's no encryption involved). Methods to defeat this type of security include MAC address spoofing, detailed on the MAC address page, whereby network traffic is observed, valid MACs are collected, and then used to obtain DHCP leases.
  • IP security (IPsec) can be used to encrypt traffic between network nodes, reducing or eliminating the amount of plain text information transmitted over the air. This security method addresses privacy concerns of wireless users, as it becomes much more difficult to observe their wireless activity. Difficulty of setting up IPsec is related to the brand of Access Point being used. Some access points may not offer IPsec at all, while others may require firmware updates before IPsec options are available. Methods to defeat this type of security are computationally intensive to the extent that they are infeasible using readily-available hardware, or they rely on social engineering to obtain information (keys, etc) about the IPsec installation.
  • VPN options such as tunnel-mode IPSec or OpenVPN can be difficult to set up, but often provide the most flexible, extendable security, and as such are recommended for larger networks with many users.
  • Wireless intrusion detection systems can be used to detect the presence of rogue access points which expose a network to security breaches. Such systems are particularly of interest to large organizations with many employees.
  • RADIUS can be used on WRT54G router or similar not running the default firmware but firmware such as DD-WRT
  • Honeypot (computing) This involves setting up a computer on a network just to see who comes along and does something on the open access point.

Alternatives

There are several alternatives to the need to piggyback. Internet access is available with data plans on many smart phones and PDAs. Although it may have browsing limitations compared with Internet access on a desktop or laptop computer, it can be accessed anywhere there is an adequately strong data signal in both directions (transmit and receive). Some mobile phone service providers, including Verizon, offer Wi-Fi access via a data connection from a laptop to a mobile phone to subscribers for around $60/month. This allows the computer internet access anywhere there is a signal. Some jurisdictions have been experimenting with state-wide, county-wide or Municipal wireless network access. The state of Rhode Island currently provides Wi-Fi service within its boundaries, and Baltimore County, Maryland has recently announced a plan to provide free Wi-Fi access throughout the entire county.[40] Currently, this service is being provided in the central business district of the county's seat Towson, and is gradually being expanded through the remainder of the county. These pilot programs may result in similar services being provided nationwide.

See also

References

  1. ^ Yi, Matthew. "Wi-Fi hits the spot", San Francisco Chronicle, 2003-08-25. Retrieved on 2007-09-03. 
  2. ^ a b c Bierlein, Matthew (2006). "Policing the Wireless World: Access Liability in the Open Wi-Fi Era" (PDF). Ohio State Law Journal 67 (5). Retrieved on 2007-09-01.
  3. ^ Goodwin, Janna (2006-03-10). Computer Hacking and Unauthorized Access Laws. Telecommunications & Information Technology. National Conference of State Legislatures. Retrieved on 2007-04-09.
  4. ^ Leary, Alex. "Wi-Fi cloaks a new breed of intruder", St. Petersburg Times, 2005-07-04. Retrieved on 2007-09-02. 
  5. ^ Bangeman, Eric (2005-07-07). Florida man charged with felony for wardriving. Ars Technica. Retrieved on 2007-09-02.
  6. ^ Gonsalves, Antone (2006-03-24). Illinois Man Fined For Piggybacking On Wi-Fi Service. TechWeb Technology News. TechWeb. Retrieved on 2007-04-09.
  7. ^ Green, Chris. "Man fined $250 in first area case of Internet piracy", The Rockford Register Star, 2006-03-23. Retrieved on 2007-09-03. 
  8. ^ Cheng, Jacqui (2007-05-22). Michigan man arrested for using cafe's free WiFi from his car. Ars Technica. Retrieved on 2007-09-02.
  9. ^ Center, Patrick. "A wireless felony", WOOD TV, 2007-06-18. Retrieved on 2007-09-02. 
  10. ^ http://blog.wired.com/27bstroke6/2007/10/stephen-colbert.html Video on Wired.com
  11. ^ Wellner, Andrew. "Using free wireless at library described as theft", Anchorage Daily News, 2007-02-24. Retrieved on 2007-09-03. 
  12. ^ West, Jessamyn (2007-02-26). Man using library wifi after hours gets laptop confiscated. librarian.net. Retrieved on 2007-09-03.
  13. ^ "Man Busted for After-hours Library Wireless Use Won't Be Charged with Theft", Library Journal, 2007-03-12. Retrieved on 2007-09-03. 
  14. ^ McWilliams, Brian. "Licensed to War Drive in N.H.", Wired, 2003-04-29. Retrieved on 2007-09-03. 
  15. ^ Professor Orin Kerr (2003-04-30). Would a New Hampshire bill really legalize war driving?. The Volokh Conspiracy. Retrieved on 2007-09-01.
  16. ^ Text of Section 638:17 Computer Related Offenses
  17. ^ Rasch, Mark (2004-05-03). WiFi High Crimes. SecurityFocus. Retrieved on 2007-09-18.
  18. ^ Wi-Fi Safety - Wireless Protection. Westchestergov.com. Retrieved on 2007-09-18.
  19. ^ Spiegel, Dana (2005-11-08). Westchester County Law Requiring Secured Wi-Fi Networks. Wireless Community. Retrieved on 2007-09-18.
  20. ^ Spiegel, Dana (2006-04-24). Westchester County Law Requiring Secured Wi-Fi Networks (again). Wireless Community. Retrieved on 2007-09-18.
  21. ^ Shim, Richard (2003-11-28). Wi-Fi arrest highlights security dangers. CNet News.com. Retrieved on 2007-04-09.
  22. ^ Leyden, John. "UK war driver fined £500", The Register, 2005-07-25. Retrieved on 2007-09-02. 
  23. ^ "Wireless hijacking under scrutiny", BBC, 2005-07-28. Retrieved on 2007-09-02. 
  24. ^ Griffiths, Peter (2007-04-18). Two cautioned over wireless "piggy-backing". Reuters. Retrieved on 2007-04-18.
  25. ^ "Two cautioned over wi-fi 'theft'", BBC, 2007-04-17. Retrieved on 2007-09-02. 
  26. ^ Unauthorised access to computer material - Computer Misuse Act 1990 (c. 18)
  27. ^ "Singapore teen faces 3 years' jail for tapping into another's wireless Internet", International Herald Tribune, November 10 2006. Retrieved on 2007-08-31. 
  28. ^ Cap. 50A, 1998 Rev. Ed.
  29. ^ Chua Hian Hou, "Wi-Fi Thief Pleads Guilty: 17-Year-Old Piggybacked on Neighbour's Network", The Straits Times (20 December 2006).
  30. ^ Chua Hian Hou, "18-Month Net Ban, Community Service for PC Game Addict", The Straits Times (17 January 2007); Ansley Ng, "Illegal Wireless-Network User Sentenced to 18 Months' Probation", Today (17 January 2007).
  31. ^ Chua Hian Hou, "21-Year-Old in Second Wi-Fi Case: The Charge: Using Neighbour's Network to Make Bomb Threat", The Straits Times (5 January 2007); Chua Hian Hou, "Online Bomb Hoax: Youth Pleads Guilty: Then-Poly Student Made the Posting Because he was 'Sleepless and Bored'", The Straits Times (1 February 2007).
  32. ^ Cap. 323, 2000 Rev. Ed.
  33. ^ Chua, "Online Bomb Hoax: Youth Pleads Guilty", op. cit.
  34. ^ Chua Hian Hou, "Bomb Hoax Youth Gets 3 Months' Jail, $4,000 Fine", The Straits Times (8 February 2007); Leong Wee Keat, "Bomb-Hoax Youth Gets 3 Months' Jail", Today (8 February 2007).
  35. ^ Marriott, Michel (2006-03-05). Hey Neighbor, Stop Piggybacking on My Wireless. The New York Times. Retrieved on 2007-04-09.
  36. ^ Seglin, Jeffrey L.. "If Internet connection is open, feel free to use it", The Columbus Dispatch, 2006-02-26. Retrieved on 2007-09-03. 
  37. ^ Cohen, Randy. "Wi-Fi Fairness", New York Times, 2004-02-08. Retrieved on 2007-09-03. 
  38. ^ "Stealing Thin Air". Randy Cohen (Director), Jennifer Ludden (Director). All Things Considered.
  39. ^ Lee, Timothy B.. "Wireless Internet: Hop on my bandwidth", International Herald Tribune, 2006-03-17. Retrieved on 2007-09-03. 
  40. ^ http://www.examiner.com/a-667352~Towson_gets_free_wireless_Internet.html

External links

  • Kern, Benjamin D. (December 2005). "Whacking, Joyriding and War-Driving: Roaming Use of Wi-Fi and the Law". CIPerati 2 (4). Retrieved on 2007-09-01.
  • Adam, A K M (2004-08-22). So Weirdly Wrong. AKMA's Random Thoughts. Retrieved on 2007-09-03. - An encounter in which a police officer tells a blogger he cannot use a public library's Internet access from a bench outside the library, and can't even use his laptop in the vicinity.

View More Summaries on Piggybacking (internet access)
 
View all | View only answered questions | View only unanswered questions
Ask any question on Piggybacking (internet access) and get it answered FAST!
Answer questions in BookRags Q&A and earn points toward
discounted or even FREE Study Guides and other BookRags products!
Learn more about BookRags Q&A
Copyrights
Piggybacking (internet access) from Wíkipedia. ©2006 by Wíkipedia. Licensed under the GNU Free Documentation License. View a list of authors or edit this article.

Article Navigation
Join BookRagslearn moreJoin BookRags
About BookRags | Customer Service | Report an Error | Terms of Use | Privacy Policy