MassCops - Massachusetts Law Enforcement Network, A Mass Police Web Portal

Massachusetts Law Enforcement Network

Massachusetts Police News, Information and Discussions on MassCops

Pages: 1

Main Page Recent Mass Appeals Court decision - unauthorized access to computer system
(Click here to view the original thread on the MassCops Message Board)

Posted by: SOT

FYI -
The Massachusetts Appeals court ruled in Commonwealth v. Piersall (issued August 30, 2006)
that a violation of Chapter 266, section 120F (the crime of unauthorized access to a computer system) can occur each time there is an unauthorized login. It also holds, however, that the accessing of several individual documents, emails, etc., during a single log-in session do NOT
constitute separate offenses.

Example:
If defendant illegally log-ins to a computer account ten different times there would be ten different offenses/counts ...

however, if defendant logs in to a computer only once, but downloads ten files, e-mails, etc., only one offense has occurred.

You can read/print a copy of this decision at http://www.socialaw.com/slip.htm?cid=16442&sid=119

Posted by: Curious EMT

Forget that, I want clarification if Power Driving is
*Unauthorized Computer Access (im not accessing a computer COMPUTER, just using a unrestricted broadcast of internet)
or
* Using a disgarded resource

Posted by: Curious EMT

I mean War Driving sooooory

Posted by: SOT

From that it would seem no unless there is a password required.
"By "login," we refer to the statutory language of using a "password or other authentication to gain access" to a computer system."

So if you do not need a password to gain access, then no foul in this case, however I think federal law might be different.

Posted by: Wolfman

Quote:

"Whoever, without authorization, knowingly accesses a computer system by any means, or after gaining access to a computer system by any means knows that such access is not authorized and fails to terminate such access, shall be punished by imprisonment in the house of correction for not more than thirty days or by a fine of not more than one thousand dollars, or both.
"The requirement of a password or other authentication to gain access shall constitute notice that access is limited to authorized users."(1) G. L. c. 266, § 120F, inserted by St. 1994, c. 168, § 3.

Passwords are just one example of kowledge of limited access. It is by no means exclusive. Ask yourself: Would a reasonable person, having such a network in their residence, knowingly allow any and all persons in the public to use their network to access the Internet? I don't know of any case law on it yet, but you can be pretty sure most (if not all) people would not want complete strangers parking in front of their houses and leeching off their internet connection.

With that in mind I would argue that wardriving is unlawful access to a system and an account. At an absolute minimum, it's morally questionable.

You are deliberately accessing the internet by way of someone else's router, which is part of their computer system. Their router is assigning your wardriving PC an IP address. It is using NAT to route the packets to and from your computer over the network. You are accessing the WAN via someone else's account, over a negotiated login that is designated solely for them, be it a PPPoE DSL connection or a designated cable IP. You may not be accessing their data but you are using their system.

If someone leaves their car unlocked and running, that doesn't mean you can take it for a drive around the block - even if you do fill the tank.

Posted by: texdep

However, the airwaves have traditionally been free public domain and barring legislation to the contrary are open to all.

In addition it only takes a minute or two to place a password onto a wireless network and give at least minimum protection.

Posted by: Crvtte65

I would count internet as Telecommunications

MGL 266/30 Larceny:

Chapter 266: Section 30. Larceny; general provisions and penalties

Section 30. (1) Whoever steals, or with intent to defraud obtains by a false pretence, ... , the property of another as defined in this section, whether such property is or is not in his possession at the time of such conversion or secreting, shall be guilty of larceny, and shall, ..., if the value of the property stolen exceeds two hundred and fifty dollars, be punished by imprisonment in the state prison for not more than five years, or by a fine of not more than twenty-five thousand dollars and imprisonment in jail for not more than two years; or, if the value of the property stolen ... does not exceed two hundred and fifty dollars, shall be punished by imprisonment in jail for not more than one year or by a fine of not more than three hundred dollars; ...

(2) The term “property”, as used in the section, shall include ... electronically processed or stored data, either tangible or intangible, data while in transit, telecommunications services, ...

Posted by: texdep

Quote:

Originally Posted by Crvtte65

I would count internet as Telecommunications

MGL 266/30 Larceny:

Chapter 266: Section 30. Larceny; general provisions and penalties

You may very well count it as that, BUT... the point of diffferance is that the wireless router is broadcasting the internet access to the airwaves where the public has right of access.

A similiar situation was with cell phones when conversations could be listened to on scanners. It was legal until specific legislation prohibited it.

Posted by: Crvtte65

I think I get what you're saying... damn technical

Posted by: SOT

I would disagree, the very bright line difference between the cell phone/scanner example and wireless network is as follows:

In the cell phone/scanner instances, they were receiving the signal and the conversation (one side or sometimes both). They people listening in were not interactively using the cell phone service, (IE getting dial tone and then making calls - which was illegal at the time anyway).

In the wireless router, no one is saying that seeing a wireless router come up on your screen is illegal. It is the next step of connection, obtaining an IP, and then using the TCP/IP to gain service (all very overt actions). To make the cell phone cases become direct comparisons, the scanner user would have had to then somehow gain access to the service and use it to place calls.

It would be the same if you captured the SIC and NAM broadcast of a cell phone, no harm no foul UNTIL you used said identifying information to gain access surreptitiously to the actual transport (dial tone) and use the services while under someone else’s ID.

One could easily argue, based on the OSI model that capturing a broadcast of an SSID from a wireless router is by no means unauthorized access to a computer system as you have not actually accessed the actual system. There is no transaction nor is there a login in the most common sense. Once crossing the boundary of transport, network and application via issuance of an IP ala DHCP or trying to access the router itself, you are effectively and actually "login in" which constitutes illegal access.

Further extending the concept of login and transport; Consider PPPOE and how it interacts with DSL. PPOE is the authentication of a user to the private network which in turn is the gateway to the public Internet. How a cable modem uses a MAC address authentication system to provide and verify defender and ID so the end user may gain TCP/IP service and Internet access. As these devices have an inherent network "login" getting issues a public IP via DHCP over a private network, they are physical manifestations of a "login" bounding across them to a private intranet (LAN/WAN -whatever flavor) or the actual Internet constitutes and unauthorized login by the nature of the interaction all the layers of the OSI model.

CAS

Quote:

Originally Posted by texdep

Posted by: CJIS

Quote:

Originally Posted by Wolfman

Passwords are just one example of kowledge of limited access. It is by no means exclusive. Ask yourself: Would a reasonable person, having such a network in their residence,...

Most people are too stupid and know nothing about security issues related to computers, let alone how to manage, configure a network and add a password. I know many cases of people that have leeched of their neighbor’s wireless router because there was no WEP key, encryption etc. Many average users download sharing programs such as Kazza etc. and share their entire hard drive/s.

So if a user stupidly and unknowingly shares his or her hard drive through a public peer to peer application is it wrong for me to browse through their hard drive? The RIAA looks through thousands of shared hard drives a day looking for DMCA violations, are they too in the wrong for gaining access to a users hard drive without their permission?

It is a broad question and topic that still has yet to have many questions answered.

Posted by: Wolfman

Quote:

Originally Posted by npd_323

So if a user stupidly and unknowingly shares his or her hard drive through a public peer to peer application is it wrong for me to browse through their hard drive?

We're kind of getting into two different aspects of data access here.

Sharing through a P2P and leaving a wireless home network open are two different things. If you access their P2P shared data, ostensibly you are not accessing the internet through their connection, that they have paid a subscription for. A P2P program needs to be downloaded and installed deliberately for the purpose of exchanging data. A user needs to set up and configure the program to share (and not share) the files they choose. When they set up filesharing they are granting access to others to access their data that they make available. Just because I run a web server doesn't mean that you can park in front of my house and access my LAN. There are perfectly legal and acceptable uses for P2P sharing, and there are uses which violate copyright laws. If someone deliberately or accidentally shares the wrong file, it is their own fault if the RIAA finds it and spanks them. The purpose of P2P is to gain access to a WAN, let others access certain of your data, as you access certain of theirs. The purpose of a WLAN is to enable you to establish your own internal network for your own purposes in a manner more convenient that running Cat5 cables throughout the house.

Look at it this way: Your network is like a vehicle, your P2P is the throttle. Every motor vehicle is capable of speeding, the operator is trusted to not violate laws when opening the throttle. Many do not speed at all. Some speed "carefully" and do not get caught, but some just speed either deliberatly or ignorantly and are observed committing this violation and are brought to task for it by a regulatory authority. If a private citizen observes speeding, they may report it to the proper authority. It does not mean that the private citizen can go to a parking lot and take a car for a drive, operating the throttle, radio, air conditioning, and power windows just because it was left running and unlocked - even if they plan to put gas in it and return it before the owner finds out.

The RIAA has just as much right to scour shared data for violations and report them to an enforcement authority as any citizen or interested party can call in a dangerous driver. They are taking the steps they deem necessary to protect what is rightfully and legally theirs. AFAIK, they haven't started wardriving down the street and looking through unprotected local shared folders for MP3's - they are using the same methods as any other P2P user and looking for illegally shared MP3's over an intentionally-shared network.

ma police, boston ma police, massachusetts police, massachusetts police, mass state police, mass police, ma, mass, massachusetts, massachusetts, massachutes, massachusetts law, massachusetts polece, police, officer, police officer, cops, police gear, law enforcement, police duty gear, state police, sheriff, law, police supply, police agency directory, police agency, police department, traffic officer, police dept, state trooper, dispatcher, massachusetts county sheriff, massachusetts sheriff, massachusetts department of corrections, ma doc, doc, dept of corrections, police information, civil service, ma civil service, massachusetts crime, police training, police academy, ma police academy, massachusetts officers, masscop, masscops, mpa, bpa, ibpoa, police association, massachusetts police news, massachusetts crime news, mass most wanted, police career information, police patrol, police administration, police books, crime scene training, police discussion, crime discussions, cops

About MassCops, the home for Massachusetts law enforcement.

The Massachusetts Law Enforcement Network opened in 1998 and is now a part of the New England Police Network The site is a pro-police discussion forum intended for sworn police officers and civilian law enforcement officials as well as those interested in pursuing a career in law enforcement here in Massachusetts.

The goal of The Massachusetts Law Enforcement Network is to provide an informal network of law enforcement officials here in Massachusetts for educational and informational purposes.

The forum covers many topics such as Police Related News Articles, Agency & Profession Discussions, Police Training as well as Law Enforcement Career Information.

The Massachusetts Law Enforcement Network and The New England Police Network (NEPN) and it's network sites are privately owned websites/domains and are not affiliated with or endorsed by any government association or agency.

MassCops (masscops.com) and (masscop.com) are privately owned are not affiliated with or endorsed by the Massachusetts Coalition of Police (masscop.org)

3 4 5 6 7 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 49 50 53 54 55 56 57 58 59 60 61 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 98 99 100 101 102 103 104 105 106 107 108