If you use someone else's WiFi signal without permission, you're a thief. That's the conclusion of a bill introduced into the Maryland General Assembly last week. Sponsored by Delegate LeRoy E. Myers, Jr., the legislation would criminalize the unauthorized use of a wireless access point in the state; it has since received an "unfavorable report" by the House Judiciary Committee, which all but dooms its prospects of passage.

The bill's purpose is to prohibit anyone from accessing a wireless access point "intentionally, willfully, and without authorization." It appears to ban both everyday WiFi leeching and using an open access point for more nefarious activities. And if you live in a Maryland neighborhood with broadband usage caps, it would be illegal to deliberately cause someone to overuse their bandwidth allotment. Violators would be subject to fines of up to $1,000 and three years in jail, unless they tried to hack into a password-protected system or used their unauthorized access for mischief. Then the penalties could climb to $10,000 and 10 years in prison.

With 802.11b/g/n technology becoming widespread over the past several years, there has been a corresponding rise in cases of people being arrested for using open access points without permission. One of the first cases came in 2005 when a Florida man was convicted of accessing a computer network without authorization. He was arrested and charged with the third-degree felony after the WAP's owner discovered him surfing in an SUV outside of their home.

There have been other cases, including an Illinois man who pleaded guilty to remotely accessing a computer system without permission in 2006 and a Michigan man who parked his car in front of a café and used its free WiFi service—without even ordering so much as a latte. When combined, it's a troubling trend of law enforcement and politicians overreacting to what is generally a harmless activity.

In the case of Delegate Myers, the legislation was prompted by his neighbor's use of Myer's WiFi connection without permission, according to Maryland newspaper The Herald-Mail. Apparently, Myers hadn't bothered to password-protect his WAP or use rudimentary security precautions. The proposal of the bill suggests that Myers would rather see this legislated than learn how to set up wireless security.

Sanity appears to reign in Maryland, however. The Maryland public defender's office is opposing the bill, noting the widespread availability of WiFi networks. "A technically unsophisticated user, such as a visiting parent, or simply a houseguest unfamiliar with the home's Internet could and probably would choose the first available network," the office noted in a filing. The public defender makes the obvious point (one that seems to have escaped Myers) that those wanting to prevent unauthorized access should enable routers' built-in security functions. It's so easy that there's no excuse for not doing it.

Of course, some people don't mind sharing their WiFi connections. In a piece I did earlier this year on the ethics of using unprotected wireless access points, I mentioned a friend who left his WAP unsecured as a public service. If people don't bother to protect their networks, there's no way of telling whether or not they want others to use it. Using an open WAP to cause harm should be punished in the same way as other nefarious hacking activities, using one to check e-mail, surf the 'Net, or read RSS should not be punished at all. Thankfully, the Maryland House Judiciary Committee appears to have more common sense than Del. Leroy Myers. That said, we probably haven't see the last of such bills.

Further reading