Originally posted by: smack Down
I don't see why you keep making that same comparison. Put up or shut up show a law that makes it illegal to access a computer network without explicit permission. You will not find one. It makes sense that a user is allowed to connect to any services that does not deny him access because connecting to that services is the only means of communication the user and service have.
Online services that can only be accessed indirectly work a little differently. You can't really 'ask permission' before sending a request for an HTTP page; by design, the server will respond to all such requests in some way. Unfortunately, the way 802.11 works -- if you do not want to set up encryption (which is not the simplest thing to do for non-technically-inclined people, and puts a burden on all authorized users of the network as well as the operator), there's no good way to inform people when they connect that it is not truly a 'public' network. The router just shuttles packets back and forth to OTHER systems, unlike a web server where it can directly reply with an HTTP page that explains that it is not meant for public use. But it's no different than, say, accessing an open proxy server without permission. The proxy server may not ask for authentication (in fact, unless it was set up specifically for this purpose its existence is almost certain unintentional), but you still are not allowed to use it unless the owner OKs it. I don't know where people are coming up with this "anything I'm not explicitly prevented from accessing is fair game" idea, but that is just not the way it works legally.
But even talking about HTTP web servers -- if I host a website on my own computer, and on the main/start page I put a notice saying "do not access this website without my express permission", you're not allowed to access anything else on that website even if it's not explicitly secured with passwords or other security measures (or if the measures in place are trivial to bypass; for instance, if the link on the main page requests authorization but you can access the files another way without a password).
Here is the relevant federal law:
http://www.usdoj.gov/criminal/cybercrime/cclaws.html#fedcode
http://www.usdoj.gov/criminal/cybercrime/1030NEW.htm
Someone who...
(snip -- things specifically about accessing government/financial instituation systems)
(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
(5)(A)(i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and
(B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused)--
(i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;
(ii) the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals;
(iii) physical injury to any person;
(iv) a threat to public health or safety; or
(v) damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defense, or national security;
(emphasis added; the relevant subsection is bolded)
Note that you are 'causing damage' in this case by stealing a service from the owner/operator of the network.
You can't be charged with a felony if the access cost someone less than $5,000 (although they could, in theory, file civil charges against you, as explained later in the statute).
However, individual states may have stricter laws (and a number of them do).
At the heart of a number of these arguments is the idea of whether simply by setting up an unsecured wireless network (either unintentionally because it is the default setting, or on purpose for convenience of yourself or your customers) you are implicitly giving anyone around you permission to use that service. To me, this seems in the same area as leaving your front door unlocked (either by mistake or just because you're going in and out all the time and don't bother locking it every time). Doing that doesn't give anyone implicit permission to enter your private property, and IMO access to a computer you own shouldn't be any different.
More generally speaking, you don't need a specific law saying you can't access someone else's computer without their permission, since it is treated like any other kind of private property. If someone leaves their car unlocked and with the keys in the ignition, you can't assume they intended to let anyone who walks by drive it just because there
isn't a big sign on the window saying "DO NOT DRIVE THIS CAR". This isn't some revolutionary new idea, it's how private property works.
It's true that there's no easy way to tell through the 802.11 protocol itself whether you have permission or not to use an 'open' network -- but there isn't an easy way to tell if the unlocked car is for public use or not either. If you want to let anyone who walks by use your car, it's up to you to inform people of that fact, and it's up to the people walking by to make sure they have permission before trying to drive it. By extension, someone who wants to access a computer network should make sure they have the owner/operator's permission first.
Several states either have adopted or have considered adopting different viewpoints, and are putting the burden on operators of wireless networks to secure them. However, I don't think that such laws also give you permission to attach to an unsecured network without the owner's permission.