When Cops Go Fishing

Story Here. And here and here and here and here and here and here and here and here

Sam Peterson is a man in a hurry. So during his busy day he takes time out to park next to a coffee shop offering free wi-fi, open up his laptop and grab his e-mail before going off on his merry way.

Unfortunately, he lives in Sparta, Michigan, where the police seem to have little grasp of technology and even less of a sense of humor.

Here’s how it went down. One day, he is checking his e-mail when the local Police Chief spots him in the parking lot. Concerned that he might be stalking a local hairdresser the cop asks him what he is doing. Sam tells him. Cop says “ok” and lets him go.

Later, the cop had a change of heart. He later said “I had a feeling a law was being broken, but I didn’t know exactly what

**Ahem**A cop didn’t know what law was being broken? So what was he arrested for – thoughtcrime? Did he feel something in his water? Was there a grave disturbance in the force?

This has “fishing expedition” written all over it – without a bass boat or even the obligatory six-pack of beer.

This is wrong on so many levels.

They charged him under Michigan’s “Fraudulent access to computers, computer systems, and computer networks” law. That’s right: They used an anti-hacking law to prosecute someone for checking his e-mail in the parking lot. Sam was the first person to be charged under that law, which dates back to 1979 and was revised in 2000.

He could have fought the charge – and would probably have won – but the legal fees would have been more than he could afford, and the penalty had he been found guilty would have been severe.

And don’t even think of using the “theft of services” defense;  the monetary value of the “theft” was less than a discarded sandwich-wrapper in the parking lot. And if there was a theft, it is a civil matter, not a criminal one – and the coffee-shop should sue, which is a completely different legal process.

The “crime” was not what he did, but where he was sitting when he did it. He could have been sending porn span while downloading movies, but if he had been in the coffee shop while he did it, that would have been ok.

Over the past few years, there have been several cases where people who have been piggybacking on someone else’s wi-fi – even for innocent purposes – have been subjected to similar draconian treatment.

The two best analogies that I can think of are reading a newspaper by someone else’s porch-light, and reading over someone else’s shoulder. Both are easily preventable. Neither are criminal offense – at least in places other than Sparta, Michigan.

The prosecution stands on the premise that Sam “did not have permission to use the network“. From an engineering standpoint that’s simply not true. A client’s laptop sends out a request for wireless service, and the Access Point (AP) grants it. It is also not always possible to determine which AP you have connected to. In an airport, your laptop might connect to a restaurant’s “for-customers-only” AP instead of the airport’s “public” one. It is therefore possible to be committing a felony without intending to or even being aware of it. It is therefore simply inappropriate to use a “no-permission” defense in this situation.

As things stand, the law does not put any requirement on the owner of a network to secure it. It ain’t hard, even in a coffee shop. Use a password. Change it daily or weekly, put up a sign or print the password on receipts.

Paradoxically, if someone connected to my AP and started downloading music, and the RIAA caught wind of it, I would be on the receiving end of their ire; they would not accept a “someone hacked my network” defense, because (they say) I am legally responsible for what happens on my network, and I am expected to do my due diligence to ensure that no illegal activity occurs on it. Yet here, the AP owner is not held responsible in any shape form or fashion.

Looks like a double standard to me – one law for businesses, one law for people.

I do not believe that it is the purpose of these laws to serve as a refuge for idiots who are too lazy and sloppy to take even the most basic steps to protect themselves. The law should be amended so that unprotected networks are fair game. It is easy enough to put up the equivalent of a “Private Beach – Keep Out sign”

I find it amusing that a coffee shop will spend hundreds or thousands of dollars getting trained professionals to install a state-of-the-art burglar alarm system, but can’t be bothered with the hassle of taking the most rudimentary steps to secure their network.

Any road up, Sparta MI is high on the list of places I don’t want to go.

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: