I knew I'd read about this issue recently. The Priority Interrupt column in the July 2004 Circuit Cellar talks about it. This is the only discussion group I access where I can expect a decent percentage of the people to have access to that magazine :). As you say, it is unproven legal waters. The law does have a requirment for you to intend to do whatever was illegal to actually be guilty (whether or not you knew your actions were illegal, they had to be deliberate actions). So the original poster who was worried that if his router went down, he'd automatically connect to the other router without knowing should be safe. The other issue we're talking about is a lot more diffucult. I would argue that using bandwidth is not a denial of service attack if your intention is not to deny service and you don't try to consume all the person's bandwidth. Most of the time, most of the bandwidth is going unused anyway. With cablemodems your bandwidth is shared among all the people on your subnet. If a few people download a big file, it will slow everyone else's connections. Are they engaged in a denial of service attack? Spam/hack/whatever is illegal so then you are committing a computer crime, and if you make it look like the owner is guilty, that's also impersonation. None of that makes accessing the network itself illegal. Same issue if you gain access to his own computers. Presumably, that would require defeating protective measures which is illegal. Accessing an unsecured router doesn't requre defeating protective measures. I access free WiFi spots all the time (at the public library, several restauarants and cafes that offer it, etc). It seems like leaving access open should be considered an invitation, even a personal router. Jason From: "Steve Willoughby" Sent: Friday, August 13, 2004 1:28 PM > Depends on where you live. Many states in the USA are adopting > computer crime laws which make it a felony to alter a computer > without permission or to interfere with its operation. Using > bandwidth could be considered a denial of service attack if > you're degrading their performance. If, on top of that, you > gained access to their own computers or did something inappropriate > on the net using their connection (making it look like they were > the source of the spam/hack/whatever), that would be a much more > likely indictment, but even so... these are largely untested, > unproven legal waters with little in the way of precedent. > > I'd err on the side of caution on this one and not use any network > which isn't made explicitly public or licensed for your use. -- http://www.piclist.com hint: To leave the PICList mailto:piclist-unsubscribe-request@mitvma.mit.edu