MD lawmaker moves to make accessing open WiFi illegal

I thought this would make a fitting inaugural entry, as it involves a lawmaker who is pushing a law on what appears to be an questionable position. The idea at stake here is that it is illegal (or should be) to access a wireless network that is left open.

The first problem here is the lack of specificity. If the law is worded in such a way, there is no difference between someone sitting on the side of the road next to your house (off your property) and checking his email, and someone who maliciously accesses your system in order to exploit your identity, glean information off of other computers connected to the same network, or otherwise purposely use that connection to take advantage of you.

There are several people, like me, who leave their wireless router open (at least in part) as a community service. I take some fairly elaborate measures to secure my internal network, and to make sure that anonymous users are not able to use my connection to commit illegal acts. However the point is that there are some people, (and it does not even have to be a large number) that choose to keep their network open.

The (first) problem here is ambiguity of intent. Some people keep their network open on purpose. Therefore it is flawed logic to assume that anyone who has an open wireless network has it that way because they don't know any better. This leads to the next problem, that there are many people out there that deploy wireless access points without knowing how to properly secure them. These people are unknowingly putting themselves at risk to not just unauthorized internet access, but to malicious attack to (only slightly) more savvy users with the intent to break the law.

The analogy I see most often is usually something along the line of "if I broke into your house and used your phone, it would be illegal". Well, that's a little faulty. Let's adjust that analogy so it applies here. To say your house is unlocked in this scenario would still not cover it, since an unauthorized wireless user is presumably doing so from outside your property. Let's say your phone line ran out of your house, and onto the sidewalk. Now, an open wireless network has an SSID broadcast tagging along with every radio wave identifying it, and giving out all the necessary information needed to connect to it. In the phone scenario, this would be like putting a large sign on the sidewalk, next to your phone that says "phone" in big letters, and an arrow pointing down to your actual phone. Also, for the sake of the analogy, let's assume your phone plan has multiple lines, and unlimited minutes, in such a way that someone coming by and using your phone would have little or no financial effect on you, and would not bar you from using the phone as needed.

In this analogy, I have a feeling you would have a hard time convincing anyone that the person using your phone that you have effectively made freely available is at any sort of fault. You could argue that, despite the fact that the phone line was accessible from a public location, you did not want anyone to use it. However, you made no effort to tell anyone that you didn't want this phone to be used. Would you expect someone to create legislation to protect you from people using this phone, or would it be easier to take precautions to make sure everyone knows it's off limits? You could put a password on the phone line (encrypt the network), you could write "Private, do not use" on the sign (turn off the SSID broadcast), or you could just reel the whole thing inside where no one has access to it (turn off the wireless portion of the network).

To assume that anyone who accesses these open networks is a criminal is a backward step, legislatively. It leads to numerous cases of the wrong people being penalized. For example, the default SSID (network name) from any wireless access point or router bought from a store shelf from, say, the brand Linksys, is simply "Linksys". If you live in a large metro area, there is a good chance, as the number one dealer in home networking gear, that there will be other is your immediate area that have also purchased a Linksys access point. If no one in this area has the technical knowledge (really, it's not that hard. And furthermore, the directions are included in a bright, colorful guide right inside the box) to secure their access point, the only way to differentiate your access point from the other Linksys access points is to examine the MAC address (a twelve digit alpha numeric code unique to your network hardware). This procedure is (in most cases) MANY times more difficult than the simple steps to set up your router ONE TIME to be encrypted. While setting up what is considered a "secure" wireless connection by today's standards might take a slightly larger grasp of the technology, setting up the very minimum will at least rule out whether or not you welcome access to your network.

This, I think might be where the issue really needs to be heading. Not to legislate the entire act as criminal, but to separate the criminals from the people who are using the equipment exactly as it is intended. To introduce even a basic means of "closing" this network, one can determine the people that access a free network, from those that must take further (illegal) action in order to gain access.

There are a few ways of doing this that won't land half of the apartment-dwelling public behind bars. First would be to require access point manufacturers to set the wireless network to closed by default. This would rule out all those people who are theoretically being victimized because they don't possess the technical knowledge to close their own network. This can be done by either enabling a default password to access the network, or requiring a mandatory setup session when the device is first set up (kind of like how Internet Explorer has a 'one time' screen that comes up the first time you launch the program).
The next way would be simply to put the onus on the network owners. If a city park wants to keep people off the grass, they put up a "Keep off the Grass" sign. Otherwise, they have no reason to be upset if people walk on the grass. I am seeing a lot of people advocating parental responsibility in the case of school shootings, (a severe analogy, I know) but then saying it's not the owner's responsibility to spend 10 minutes reading a reasonably simple guide and setting up their network properly. This does not make sense to me. If you do not designate your network as private, it is impossible to separate you out from a person who runs an open network on purpose. To look at this another way, this legislation would, in a sense, make it illegal to operate an open network, as those who accessed it would be immediately punishable by law, in the strictest sense. This means coffee shops and restaurants who offer free WiFi too.
I suppose, in closing, that I am not necessarily against some sort of legislation regulating, or really, defining the terms when it comes to WiFi access. I just think that lawmakers need to understand all the angles here. This bill is not the answer. If you live in MD and you have the means to contact your lawmaker. Do so, and tell them that there are other, better ways of making sure people are made safe from unauthorized attempts to access their wireless networks.