Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Dutch Court Rules WiFi Hacking Not a Criminal Offense

timothy posted more than 3 years ago | from the firecrackers-drugs-wifi-cracking-oh-my dept.

Crime 234

loekessers writes "Breaking in to an encrypted router and using the WiFi connection is not an criminal offense, a Dutch court ruled. (Original article in Dutch; English translation.) WiFi hackers can not be prosecuted for breaching router security. The judge reasoned that the student didn't gain access to the computer connected to the router, but only used the router's internet connection. Under Dutch law, breaking into a computer is forbidden. A computer in The Netherlands is defined as a machine that is used for three things: the storage, processing and transmission of data. A router can therefore not be described as a computer because it is only used to transfer or process data and not for storing bits and bytes. Hacking a device that is no computer by law is not illegal, and can not be prosecuted, the court concluded. "

cancel ×

234 comments

Sorry! There are no comments related to the filter you selected.

Where is the line? (3, Interesting)

mordenkhai (1167617) | more than 3 years ago | (#35539630)

How many "bits and bytes" does a device have to store to be declared a computer? I mean, mine stores a password, those are a few bits, where is the limit? I don't know enough about the case to comment on the details, but it seems an odd thing to base a ruling on to me.

Re:Where is the line? (2)

Sir_Sri (199544) | more than 3 years ago | (#35539670)

ya, it stores all of the settings of the router, which determine where all the data is transmitted to...

Re:Where is the line? (1)

davester666 (731373) | more than 3 years ago | (#35539866)

So, to make it illegal, you need a router that you can connect a USB drive to, so it can serve files?

Re:Where is the line? (1)

FatdogHaiku (978357) | more than 3 years ago | (#35540058)

So, to make it illegal, you need a router that you can connect a USB drive to, so it can serve files?

Mine serves files, the config section is a series of internal web pages...

Re:Where is the line? (1)

halowolf (692775) | more than 3 years ago | (#35540420)

And mine has a hard drive connected to it for wireless network based backups.

Re:Where is the line? (-1)

Anonymous Coward | more than 3 years ago | (#35540510)

well at least it seems the Dutch Government has got a bit of common sense all i read so far is the wriggelers and whingers trying to justify their pathetic yankee ideals on a world that neither needs nor wants them grow up

it has got to be the most draconian nation on the planet , It takes people like the dutch to show just how stupid you yanks are

Re:Where is the line? (5, Informative)

cappp (1822388) | more than 3 years ago | (#35539708)

The court's ruling itself can be found here [googleusercontent.com] . It's a little wonky linguistically and the frames are messy, but scroll down and you'll find some really interesting details. For your question it seems the court considered two factors - was it a computerised device (which the translation makes difficult to establish...seemingly could be read either way) and second, was there an intrusion which exposed personal data. Since the latter didn't occur it doesn't matter if the former is true.

As for other details, the case involves a guy posting a threat - on 4chan - to commit a school shooting and apparantly hacked the Wifi as a little camo'.

Re:Where is the line? (5, Interesting)

Idefix97 (725474) | more than 3 years ago | (#35539746)

I've read the original article mentioned in Dutch, and the gist of it is really that it isn't illegal to simply use someone else's network (even when it is encrypted), but it would be illegal to start browsing electronic files in that network.

Re:Where is the line? (1)

jd (1658) | more than 3 years ago | (#35539890)

Wait, the router presumably has caches which are logical files, so even if the guy wasn't reading any files, he was writing to them.

Re:Where is the line? (0)

Anonymous Coward | more than 3 years ago | (#35540118)

He wasn't. The router was. Otherwise one could argue you are breaking into slashdot because slashdot is logging your connection in a log file.

Ruling aside, the law will most likely be augmented to include networks and network devices in addition to computers.

Re:Where is the line? (2)

turbidostato (878842) | more than 3 years ago | (#35540250)

"Ruling aside, the law will most likely be augmented to include networks and network devices in addition to computers."

Because?

What's the problem about breaking in someone's network that makes it a criminal offense instead of a civil one? This rule is quite a sensible one, why should it be overruled?

Re:Where is the line? (1)

wierd_w (1375923) | more than 3 years ago | (#35540526)

It endangers the foolish notion that IP==Identity.

If any random stranger can connect to your WiFi, even if you have secured it with a reasonably strong WPA2 password, then suddenly it becomes much more difficult for large corporations to finger you for whatever kind of digital content violation happens to be popular at the time, just because your router had leased that IP from the ISP at the time.

As such, large corporations with incentive to be litigious and to forcibly equate IP with Identity for the purposes of "enforcement" will bend over backwards to make sure that this ruling gets trashed.

IP protectionism isn't just for the US anymore you know.

Re:Where is the line? (1)

SilentChasm (998689) | more than 3 years ago | (#35540176)

Typically its the router that decides to cache stuff not the client/user, so that shouldn't really apply as he wouldn't be writing to them, the router would be.

Re:Where is the line? (1)

mwvdlee (775178) | more than 3 years ago | (#35540484)

Before this court ruling, I though it was illegal to access even unprotected WiFi routers, now it turns out it's legel to access protected ones.
So what does this mean for all the people (both owners of routers and users) who want to enable free WiFi access; is it legal again?

Re:Where is the line? (1)

AvitarX (172628) | more than 3 years ago | (#35539900)

Mine is plugged into an external HDD and stores half a TiB or so.

It's my file-server too (though I'm torn between crappy transfer rates and low power usage),

I also regularly use it via SSH for IRC (on the HTPPS port from work...)

Re:Where is the line? (1)

icebike (68054) | more than 3 years ago | (#35540486)

Oddly enough, most routers run some form of linux these days. Sounds like a computer to me.
Seems odd that just because it stores only a small amount of data it doesn't qualify as a computer.

But aren't the Dutch one of the same countries that came down hard on google for just accidentally intercepting data, and not even trying to crack a router?

Re:Where is the line? (0)

Anonymous Coward | more than 3 years ago | (#35540556)

How many "bits and bytes" does a device have to store to be declared a computer? I mean, mine stores a password, those are a few bits, where is the limit? I don't know enough about the case to comment on the details, but it seems an odd thing to base a ruling on to me.

Don't forget that lots of the routers now have usb ports included. So you can turn your "router" into a "computer" just by plugging in a usb memory stick.

Flash drives (0)

Anonymous Coward | more than 3 years ago | (#35539634)

So what happens when you hack into my fancy router with the flash drive dock and I've got a memory card in there?

So Dutch routers dont have log/config files? (1)

Kenja (541830) | more than 3 years ago | (#35539636)

Every router I've seen for years has storage for log and configuration files. My current has four Gigabytes.

Re:So Dutch routers dont have log/config files? (-1)

Anonymous Coward | more than 3 years ago | (#35539654)

Every router I've seen for years has storage for log and configuration files. My current has four Gigabytes.

yes but that's incidental to its actual function, you nigger.

YOU are not storing YOUR data there that you created. YOU are not using it for information storage YOU are using it for routing.

YOU are NOTHING!

Re:So Dutch routers dont have log/config files? (1)

anomaly256 (1243020) | more than 3 years ago | (#35539714)

And you are ignorant. Not every router on the internet is a tiny SOHO cheap piece of crap. Some routers are indeed actual PC boxes with multiple network cards acting as routers and filters and such. And yes some have large hard drives and act as file servers too, I've seen it before. There is no line between router and computer, it just happened that this judge was as ignorant as you are.

Re:So Dutch routers dont have log/config files? (0)

Anonymous Coward | more than 3 years ago | (#35539790)

And you are ignorant. Not every router on the internet is a tiny SOHO cheap piece of crap.

Some routers are indeed actual PC boxes with multiple network cards acting as routers and filters and such. And yes some have large hard drives and act as file servers too, I've seen it before. There is no line between router and computer, it just happened that this judge was as ignorant as you are.

that's easy. the router and the PC are just two logical devices occupying one physical package. make it legal to hop on the router to use it as a middleman for wireless net access. make it illegal to deliberately access the contents of a file on the hard drive or to use any servers on the PC not necessary for getting a wireless connection. that means nothing but DHCP really.

you're still a dumb bastard.

Re:So Dutch routers dont have log/config files? (0)

Anonymous Coward | more than 3 years ago | (#35540300)

no fucking way. I pay to have a very limited number of bytes to use monthly, I don't want to share it with some douche bag who wants to use it as a way to: intimidate or frame others, download pirated media or conduct drug deals.

If there's a fucking password on the device it means I don't want others using it. Some people use WEP to maintain compatibility with older devices that don't support WPA and they don't want some 4chan anon fuckface to use it for whatever they want. This person isn't kick starting a revolution in some overtly oppressive nation, they just want to do random shit for "lulz" or dicks ... whatever it means in dutch. I have no sympathy for this newfag.

"make it legal to hop on the router to use it as a middleman for wireless net access." If it's open it's fair game, if it has a password on it and it is not yours, no fucking way. The law in any nation needs to understand this.

From the article:

"The ruling is linked to a case of a student who threatened to shoot down everyone at the Maerlant College in The Hague, a high school. He posted a threat on the internet message board 4chan.org using a WiFi connection that he broke into. The student was convicted for posting the message and sentenced to 20 hours of community service, but he was acquitted of the WiFi hacking charges."

20 hours of community service after publically threatening to shoot everyone at a high school? What a joke.

Re:So Dutch routers dont have log/config files? (1)

mwvdlee (775178) | more than 3 years ago | (#35540514)

20 hours of community service after publically threatening to shoot everyone at a high school? What a joke.

20 hours is a bit short, but we're not talking about the US where typical children have easy access to guns and are anti-social enough to go through with it.
What WOULD be a good punishment for a kid who made an idle threat on the internet?

Re:So Dutch routers dont have log/config files? (0)

Anonymous Coward | more than 3 years ago | (#35539658)

Just another case of judges being techologically illiterate. No big surprises there.

Re:So Dutch routers dont have log/config files? (1)

Mitsoid (837831) | more than 3 years ago | (#35539856)

Not the case here

http://yro.slashdot.org/comments.pl?sid=2044540&cid=35539746

Their courts already ruled using another persons internet is not illegal. This law is broken specifically when you try to go the next step (try to access personal information)

If the hacker tried to take log files, or go into another computer, or browse through files... He would likely have been covered. Since he sniffed the key and used it.. without doing gathering any personal information (except maybe "god" "password" "admin" or the router owner's pets name...).. he was not hacking into a computer system.... and since piggybacking on peoples internet connections is already legal in the country, he didn't apply for this specific law the lawyer wanted to throw at him. Perhaps another law applied that better fit the crime

Re:So Dutch routers dont have log/config files? (1)

AvitarX (172628) | more than 3 years ago | (#35539978)

Pet name is high security for banking in the USA...

Re:So Dutch routers dont have log/config files? (0)

Anonymous Coward | more than 3 years ago | (#35540496)

The Dutch government does it for you.

IF this passed in the US... (2)

Ambvai (1106941) | more than 3 years ago | (#35539650)

Speaking as though this passed in the US, I'm mildly concerned. There are plenty of extra costs that may be incurred, such as metered bandwidth or access of illegal materials. If this were to fly, it would also necessitate that other people using your network without authorization would not come back to bite the network holder.

Re:IF this passed in the US... (0)

Anonymous Coward | more than 3 years ago | (#35539678)

I'd be concerned too if I was too much of a fucktard to secure my router properly.

Re:IF this passed in the US... (0)

Anonymous Coward | more than 3 years ago | (#35539706)

But they're in the Netherlands, not a technological backwater where people might actually have to worry about metered bandwidth.

Re:IF this passed in the US... (2)

Opportunist (166417) | more than 3 years ago | (#35539750)

Then you better start to learn how to secure your router. Sorry, but sympathy for those unable to secure their systems and unwilling to learn how to do it is not forthcoming.

Re:IF this passed in the US... (0)

Anonymous Coward | more than 3 years ago | (#35539820)

yeah, we shouldn't make any stealing illegal. Learn to lock your house more if you dont want burgers.

Re:IF this passed in the US... (2)

freakmn (712872) | more than 3 years ago | (#35540066)

yeah, we shouldn't make any stealing illegal. Learn to lock your house more if you dont want burgers.

This makes me want to leave my door unlocked, with the hope that the reverse hamburglar deposits burgers in my house.

Re:IF this passed in the US... (1)

AK Marc (707885) | more than 3 years ago | (#35540412)

In many places in the US, it's illegal to leave your car running unattended. The reason for that is that it makes it too easy for people to steal it.

Re:IF this passed in the US... (0)

Anonymous Coward | more than 3 years ago | (#35539836)

The summary and article indicate the router had encryption enabled; what more can the owner of the router reasonably do? This is like complaining that the victim of a theft didn't use a strong enough lock.

Re:IF this passed in the US... (2)

Duradin (1261418) | more than 3 years ago | (#35540276)

Sorry, but sympathy for those unable to wear body armor capable of stopping a .50 BMG AP round is not forthcoming.

Re:IF this passed in the US... (4, Insightful)

cortesoft (1150075) | more than 3 years ago | (#35540322)

How is this different than stealing your car, taking it for a spin, and then putting it back in your driveway?

Would you respond "Learn to install a better alarm and not allow your car to be hot-wired so easy"?

You don't have to install an unbreakable lock to be protected from theft in the eyes of the law.

Re:IF this passed in the US... (1)

mwvdlee (775178) | more than 3 years ago | (#35540522)

If you truely believe in 100% secure routers, you are a fool.

Re:IF this passed in the US... (2)

micheas (231635) | more than 3 years ago | (#35540190)

The issue is "should this be subject of Civil or Criminal proceedings?"

Civil litigation could include tortuous interference on the grounds of directly, or indirectly causing the network owner to incur costs from bandwidth usage or inappropriate network usage.

With small claims court having a $5,000 limit and the much lower standards of proof required for civil litigation vs criminal litigation, it seems likely that you would be more likely to get compensated for a few thousand dollars out of civil litigation than to actually see a dime out of criminal prosecution. Further more, if you factor your increased taxes locking up someone that decrypted a wifi signal, you might actually find out that you lost money by having the person sent to jail.

The moral? Make sure your log files are easy to prepare and annotate for shipment to your attorney or court.

Re:IF this passed in the US... (0)

Anonymous Coward | more than 3 years ago | (#35540340)

If this issue were addressed in the United States, the punishment for hacking a network would be death. I'll take the Dutch version -- and whatever legal issues come along with it -- any day.

Niiiiice (0)

Anonymous Coward | more than 3 years ago | (#35539668)

So this means effectively that any network equipment is fair game for hackers in holland? This judge obviously does not understand that data storage doesn't require a hard drive (just ask my iPhone or my iPad or my routers, etc.). Also last I checked most network equipment has buffers that store data in transit (no different than an email transfer agent would, like sendmail or postfix which I'm guessing he would have ni trouble classifying as a server). All of this is especially ironic to me since I just finished an article on buffer bloat (the exact problem is that network devices are storing to much network data which impacts network performance).

Re:Niiiiice (2)

Mitsoid (837831) | more than 3 years ago | (#35539768)

It seems the law, as the judge rules, is that you have to "Browse" through the personal information. If you hack the router and gain access, but stop there and only use it for connecting, you are not breaking the law they have. It appears "Intrusion" requires you view the information on the device...

I suppose a poor analogy would be picking the lock on a house, but not opening the door... when no law against 'lock picking' exists... which in this case also did not share the key with anyone else, nor leave the house vulnerable to another person with ill intent

Theft of service (2)

tepples (727027) | more than 3 years ago | (#35539902)

It appears "Intrusion" requires you view the information on the device...

Do they have a "theft of service" law in the Netherlands? If so, running up a big Internet bill might be grounds for that.

Re:Theft of service (1)

j_sp_r (656354) | more than 3 years ago | (#35540602)

Almost any connection is really unlimited here. Starting at about 20-25 euro's a month for a 20mbits/1mbits connection.

Re:Niiiiice (2)

c6gunner (950153) | more than 3 years ago | (#35539926)

I suppose a poor analogy would be picking the lock on a house, but not opening the door... when no law against 'lock picking' exists... which in this case also did not share the key with anyone else, nor leave the house vulnerable to another person with ill intent

A better analogy would be picking the lock, walking in, kicking your feet up on the coffee table, turning on the TV, and using their phone to call up the local pizza and/or beer delivery place. Might not be illegal, but it certainly should be.

Re:Niiiiice (1)

TubeSteak (669689) | more than 3 years ago | (#35540528)

A better analogy would be picking the lock, walking in, kicking your feet up on the coffee table, turning on the TV, and using their phone to call up the local pizza and/or beer delivery place. Might not be illegal, but it certainly should be.

The GP is wrong.
In many states, merely walking around with a lockpick set is illegal.
AFAIK, in all states, putting a lockpick into a keyhole is considered "entering" even if you fail to successfully pick the lock or do, but don't go inside.

Interesting, but (1)

alvinrod (889928) | more than 3 years ago | (#35539674)

Interesting, but don't routers have buffers, which store information, albeit only temporarily? Not to mention RAM for various things.

Honestly, this kind of action should have its own set of laws to cover it rather than relying on existing laws that weren't designed to cover such activities.

Re:Interesting, but (1)

Mitsoid (837831) | more than 3 years ago | (#35539828)

The judge ruled, if I'm reading it correctly, that the router did not store "personal" information, and/or the hacker did not attempt to access it.. its a bit vague

I think their laws, or previous court cases, ruled or created 'definitions' of devices that lead the judge to rule it's not a computer as it's intent is not to store a person's private information... All "computerized devices" have bits and bytes stored...

As for previous cases, the article referenced a 2008 article where 'piggybacking' on internet connections was not an offense, but that was likely unsecure networks

My router does all three. (1)

Lord Kano (13027) | more than 3 years ago | (#35539692)

My router stores configuration data. My router processes DHCP requests. My router transfers packets between the internet and my network.

This judge fucked up.

LK

Re:My router does all three. (1, Interesting)

Anonymous Coward | more than 3 years ago | (#35539898)

My washing machine stores configuration data. My washing machine processes washing requests. My washing machine transfers data between internal sensors and the control panel.

You are advocating a law against unauthorized use of a washing machine.

You fucked up.

Re:My router does all three. (0)

Anonymous Coward | more than 3 years ago | (#35540046)

Worst analogy ever, seriously, don't post anymore.

Re:My router does all three. (0)

Anonymous Coward | more than 3 years ago | (#35540088)

You are advocating a law against unauthorized use of a washing machine.

You fucked up.

Remember that when I'm washing my underpants at your house.

Re:My router does all three. (1)

Lord Kano (13027) | more than 3 years ago | (#35540182)

What you speak of is called "theft of services".

LK

My Airport Base Station with a Time Machine drive (1)

dgatwood (11270) | more than 3 years ago | (#35539694)

would beg to differ.

However, it still isn't a computer. Embedded devices might be functionally capable of doing many of the same things, but what distinguishes a computer is whether it provides the ability to install and run arbitrary software (not just whatever the manufacturer installed) that allows the user to create and store significant amounts of information without hacking the device in any way.

In layman's terms, the question can generally be worded as, "Can I install apps on it, write a term paper with it, then use it to browse the web." If the answer is, "yes," it's a computer.

Re:My Airport Base Station with a Time Machine dri (1)

dgatwood (11270) | more than 3 years ago | (#35539716)

Just to clarify, cracking access to the disk should be criminal trespass in that you are accessing a resource (disk) that is effectively a part of my computer even though it happens to be physically attached using the network.

Seriously? Five minutes between posts for logged in users? What's wrong with this site? That's okay. I'll just click every second until it lets me post.

Re:My Airport Base Station with a Time Machine dri (1)

tepples (727027) | more than 3 years ago | (#35539934)

Seriously? Five minutes between posts for logged in users?

I think you need 25 posts modded in-something to get fast posting privileges.

Re:My Airport Base Station with a Time Machine dri (1)

anomaly256 (1243020) | more than 3 years ago | (#35539744)

So an internet kiosk is not a computer since you can't perform word processing or install arbitrary applications on it? I don't buy that. Also your definition doesn't account for big iron mainframes, or smaller classes of commodity servers, or automotive telematics, or industrial controllers, or in fact a majority of the actual computers in existence. Like this judge, your definition is too narrow to be realistic

Re:My Airport Base Station with a Time Machine dri (1)

dgatwood (11270) | more than 3 years ago | (#35540002)

By computer, I'm using the term to mean "general purpose computer", which is how the term has been used by the vast majority of the public for at least a couple of decades. By loose enough definitions, my wristwatch is a computer. That doesn't mean it is what people intended to protect when they wrote laws protecting against computer break-ins.

An Internet kiosk either can meet those definitions but has been specifically limited by the owner (a user) by installing software so that other users cannot do those things or it cannot, in which case it is not a computer. It's not my definition of computer that's wrong here, but your definition of user. Any administrator is also a user.

And my definition works just fine for mainframes and servers, too, for the same reason. The sysadmin can install apps (and in many cases, all users can compile and install apps, though again, that's a site-specific policy), you can browse the web (even servers typically have lynx, and even CICS can telnet to port 80...), and you can write a term paper on them.

Embedded electronics in your car, however, are not computers in any meaningful sense of the word. They are embedded devices. Industrial controllers are certainly not general purpose computers, either. That said, breaking into an industrial controller should fall under other laws, like any other form of sabotage of industrial equipment. That should have significantly steeper penalties than breaking into a general purpose computer, and there's no reason for the same set of laws to cover both.

Re:My Airport Base Station with a Time Machine dri (1)

Nemyst (1383049) | more than 3 years ago | (#35539816)

So servers aren't computers?

Honestly, I know people who use Linux boxes as routers. I also know of routers that can be configured to run small web servers (not just the configuration pages, mind you).

This decision is really, really weird.

Citation for how you define "computer" (1)

tepples (727027) | more than 3 years ago | (#35539922)

but what distinguishes a computer is whether it provides the ability to install and run arbitrary software (not just whatever the manufacturer installed) that allows the user to create and store significant amounts of information without hacking the device in any way.

This is true of a "general purpose computer". Have you a citation that "computer" necessarily means "general purpose computer"?

Re:My Airport Base Station with a Time Machine dri (1)

VortexCortex (1117377) | more than 3 years ago | (#35539944)

would beg to differ. However, it still isn't a computer. Embedded devices might be functionally capable of doing many of the same things, but what distinguishes a computer is whether it provides the ability to install and run arbitrary software (not just whatever the manufacturer installed) that allows the user to create and store significant amounts of information without hacking the device in any way.

Keep begging, I'm not letting you "differ"; Not with that bogus argument anyhow.

I SSH into my WRT54GL router w/ Tomato Linux firmware. [polarcloud.com] My router runs Linux from the factory and has a "firmware upgrade" option that I used to install the aforementioned Tomato Linux.

I write my own small C programs, cross compile them for the router scp (copy) them into and run them in the router. It is every bit as much a computer as a web server is -- Hint: you use the HTTP web server interface to configure most every router. My "embedded" router IS a computer. It stores data & programs that processes my data, and transmits information.

Hell, my wired "router" that is connected to the actual modem is a Linux box with 5 NICs -- each of my WIFI routers (one for my devices only, the other for friends / relatives) are plugged into one of the NICs on the Linux box. This Y router configuration prevents devices on the "friends" router from being able to ARP poison machines on the other wireless router (my small programs running in the wifi router can detect and report ARP poisoning and other funny business, disable the WIFI and alert me).

Anyone who gains access to my "friends" WIFI router can ARP poison anyone connected to that router, MiTM attack & DoS attack them as well -- This judge is misinformed. Hacking into the "friends" router can actually allow someone to "steal" my own copyrighted software that it STORES and RUNS.

Anyone who gains access to my wired "firewall" router can subvert the whole system, and screw with my public GIT repositories (thankfully PGP signing exists).

Something you can do on a computer is play a Tetris clone against multiple live opponents and add to or view the stored high score tables. Well, I created a terminal application that uses Ncurses to do just this -- I run it inside the "embedded" WIFI router (4 players at once actually doesn't kill the router performance too much). Hell, search Ncurses games [google.com] to find games you can run in your Linux based router and play via SSH. Also checkout OpenWRT [openwrt.org] , you may prefer it to Tomato Linux.

Rule of thumb: If you can play & create games on it and it can keep a persistent high score table its a damn computer.

Re:My Airport Base Station with a Time Machine dri (1)

dgatwood (11270) | more than 3 years ago | (#35540048)

And you've hacked the router to do all of this. That's not the way a router was intended to be used. By that same definition, my laptop is a dinner plate, and a few of my old LEDs are firecrackers.

The purpose of laws against cracking computers is to prevent data and/or identity theft. To the extent that your router contains enough data to steal... maybe... but that's *really* a stretch.

Besides, nobody is talking about cracking into the device itself anyway, but rather cracking access keys to gain access to the network. I'm sure even you would agree that doing so does not constitute accessing a computer.

Re:My Airport Base Station with a Time Machine dri (1)

VortexCortex (1117377) | more than 3 years ago | (#35540324)

And you've hacked the router to do all of this. That's not the way a router was intended to be used. By that same definition, my laptop is a dinner plate, and a few of my old LEDs are firecrackers.

Define "hacked". I used the router's own firmware upgrade feature. My point is that "router" doesn't have to mean embedded device -- Hell, take any computer with more than 2 nics on it and you've got a router. Some of the "factory" firmware upgrades add additional features -- Clearly the functionality is PROGRAMMABLE -- Guess what, that makes it GENERAL PURPOSE.

Your problem is that you are defining a "computer" by the software that it comes with -- from the factory. I'll have you know that none of the "General Purpose Computers" in my house came assembled from any "factory" I build them from parts -- The Hard Disk Drives I purchased came WITHOUT SOFTWARE. By your definition I "hacked" them into being "general purpose computers" and even "routers" by installing Windows & Linux on them... That's a really rediculous view. All of my PC and (embeded) router HARDWARE are capable, from the "factory", of installing additional 3rd party applications & OSs.

So, if you're granting that my "hacked" (firmware upgraded) router is a "general purpose computer", and is no longer an "embedded device", and my PC can also be a "router" -- We've just established that the terms "router", "embedded device", and "general purpose computer" all depend on what SOFTWARE is running on the programmable computer... Hint: It's programmable == It has software == It is general purpose, not tied to a set of tasks by the hardware == Yep, routers can be computers. Computers can be routers, some routers are computers, however, not all routers are capable of "general purpose" computing -- Just any that have a "firmware upgrade" option... (that's nearly all consumer routers; Very few are hard-coded non-programmable silicon -- Security flaws can't be updated, bad idea).

Your "install & run arbitrary applications" definition of a computer does not hold water.

The purpose of laws against cracking computers is to prevent data and/or identity theft. To the extent that your router contains enough data to steal... maybe... but that's *really* a stretch.

Perhaps you missed the whole part of my comment about how having access to a router gives you the ability to do a man-in-the-middle attack and thereby STEAL ALL OF MY WEB DATA. (Which is why I had to set up the Y config -- because anyone gaining access to a router can steal all of your web data traversing it via ARP poisoning/spoofing.)

Besides, nobody is talking about cracking into the device itself anyway, but rather cracking access keys to gain access to the network. I'm sure even you would agree that doing so does not constitute accessing a computer.

The NETWORK is made of COMPUTERS. Accessing the network gives you access to data that my computers are transmitting -- What, at your house you just have a bunch of "routers" with no "computers" attached? (What's the purpose of a router again? To connect COMPUTERS to other COMPUTERS.

Even if someone hacks the WIFI and only uses my Internet connection, they are unlawfully accessing the web service that I pay for -- I have a usage cap. If they fill up jugs with my water hose, they are stealing the water I pay for -- If they use my bandwidth they are stealing the service I pay for. I suppose you wouldn't care if someone just siphoned off the fuel in your car -- They didn't actually gain entry to the vehicle itself, they left it right where it was -- It's not stealing then, right? WRONG, it's illegal because they took something (fuel) that was yours.

If it's not illegal to steal my network bandwidth then it shouldn't be illegal to pull your electric meter can out, and close the gap with copper bars to use free electricity right? You're just using the electrical grid (aka network)... not actually compromising the power relay stations, transformers, or any other devices not on your property...

If the police come knocking on your door because some 4chan prankster "only used your network connection" to download tons of child porn, or HACK INTO / GAIN ACCESS TO someone else's COMPUTER, I hope that you can prove it wasn't you.

Re:My Airport Base Station with a Time Machine dri (1)

c6gunner (950153) | more than 3 years ago | (#35539962)

However, it still isn't a computer. Embedded devices might be functionally capable of doing many of the same things, but what distinguishes a computer is whether it provides the ability to install and run arbitrary software (not just whatever the manufacturer installed) that allows the user to create and store significant amounts of information without hacking the device in any way.

Ever hear of DD-WRT? Optware? And no, before you say it, a firmware update is not "hacking the device" by any stretch of the imagination. By your logic, my Asus router would be a computer, but my linksys router wouldn't be.

Nonsense. Here's what Miriam Webster has to say on the issue:

computer
noun, often attributive \km-pyü-tr\
Definition of COMPUTER
: one that computes; specifically : a programmable usually electronic device that can store, retrieve, and process data

Any router I've ever seen would fit into that definition.

Re:My Airport Base Station with a Time Machine dri (0)

Anonymous Coward | more than 3 years ago | (#35540056)

The other question becomes is did actually access the router?
If I came along with my laptop and plugged it into your LAN (lets assume legally but without your knowledge) get an IP and start surfing the web, have I accessed any of your computers?

Re:My Airport Base Station with a Time Machine dri (0)

Anonymous Coward | more than 3 years ago | (#35540530)

DD-WRT/Tomato K26 builds with a USB Framebuffer + keyboard + XOrg Optware on a 1 TB external hard drive
Given, it's painful to do this on a RT-N16 with a MIPS32 processor, USB hub, and with only 128 MB of RAM, but it's entirely doable.

Did I mention that a lot of Broadcom routers run Linux out of the box?

Attached a USB Hard Drive (0)

Anonymous Coward | more than 3 years ago | (#35539698)

OK, so if my router can have a USB hard drive connected to it, am I safe then? Wait, is my computer a computer? Its hard drive doesn't process, its CPU doesn't store, and its ethernet card doesn't process? Is it a computer, or a Chinese Room?

Seriously people, technocracy NOW!

tag (0)

Anonymous Coward | more than 3 years ago | (#35539710)

suddenoutbreakofcommonsense

am i right?

Routers do store and process and transmit data... (1)

SwedishChef (69313) | more than 3 years ago | (#35539730)

Especially routing information. They store the results of ARP requests too. And they process information to decide how to forward packets. Apparently the judge wasn't too clear on how routers work.

Re:Routers do store and process and transmit data. (1)

compro01 (777531) | more than 3 years ago | (#35539788)

AFAICT, the law requires that a computer be accessed without authorization AND that "personal data" (I cannot find what their legal definition of this is exactly) must be exposed as a result.

Unless said router also has NAS capabilities in use or the log files can be considered personal data, the law does not apply.

Re:Routers do store and process and transmit data. (1)

slashdottedjoe (1448757) | more than 3 years ago | (#35539940)

Your passphrase is personal data. Unless, you accept that a secured wireless router can be routinely accessed without a passphrase, they have personal information at their disposal. They also will have access to all your traffic to and from your other PCs. Accessing a network is as bad as accessing a particular PC. Seems the judge just made it open season on all private networks if there is an AP on it.

Good job!! /s

Re:Routers do store and process and transmit data. (1)

Mitsoid (837831) | more than 3 years ago | (#35539850)

or the judge used a previous court ruling that determined routers do not store enough personal security information (SSN/Credit card numbers/etc.), are not used as a "Computer" (in the traditional sense), and are not designed to do so.. thus they are a "computerized device" and not a "Computer".. which pulls routers out of the "Computerized Intrusion" law -- perhaps this is covered in another law and the lawyer wanted to pin the hacker on the hardest offense he thought he could pull off

Questionable (1)

Kosi (589267) | more than 3 years ago | (#35539748)

Although I'd not say that someone using such a hacked WiFi should not be punished, I find their reasoning more than questionable. I run a dual core 400 MHz P-II as a router (WLAN AP with 63 chars WEP2 key), so hacking mine would be criminal. I don't see why hacking a - properly secured - usual WLAN router box should be treated differently. I'd decide that based on the intention - if it was just for regular internet usage - OK then just give the offender a slap on his ass, but if it was to commit serious crimes, then kick his balls.

Re:Questionable (2)

c6gunner (950153) | more than 3 years ago | (#35540006)

I run a dual core 400 MHz P-II as a router ...

Ouch.

Not that I have anything against hardware reuse ... but seriously, if you shelled out some cash to upgrade to an Atom-based box, the reduction in electrical usage would probably be enough to recoup the cost within a year.

Re:Questionable (1)

Kosi (589267) | more than 3 years ago | (#35540092)

I know, I know. A cigar-case sized box with 3* Gbit LAN and 1* 54 Mbit (or better) WLAN capable of running IPCop or similar would cost me a little over 200 Euros. Have some more urgent problems right now, but it's on my list.

But, then I have to fear the Dutch hackers, whom I'd rather not mess with. Fortunately I could sue them here in Germany, thanks to being in the EU. :)

Legalise everything (-1)

Anonymous Coward | more than 3 years ago | (#35539770)

If they decriminalize everything, there will be no more crime - great idea. Then they can close the jails, lay off the police and judges, and the government can save lots of money. They could lower taxes then, but they wouldn't need to (since tax evasion would be legal, so nobody would pay taxes.

We could call it A Netherlands Answer Reducing Crime HumanelY - I'm sure someone can come up with a good acronym for that

Judge is a fool (1)

slashdottedjoe (1448757) | more than 3 years ago | (#35539774)

The judge is a fool. Routers store data such as DHCP info and passwords created by the OWNERS.

Re:Judge is a fool (1)

91degrees (207121) | more than 3 years ago | (#35540436)

In law there's the concept of "a reasonable man". When a person talks about a computer, they're typically talking about a general purpose computing device. A desktop or laptop PC, a server, or possibly a mobile phone.

If someone asks you "do you own a computer", is your response "Why yes. It's a D-Link router. I also own a satnav, have a CPU in y television, and another in my bread maker" or would you simply mention the devices that people are typically referring to?

Technologically Ignorent (1)

BlueCoder (223005) | more than 3 years ago | (#35539808)

A switch isn't necessarily a computer but a router definitely is. Back in the day all routers were physical PC. Now they are embedded systems. And they store all sorts of information, most importantly routing information!

But a dunce cap on this guy and make him sit in the corner.

Thats inacceptable. (1)

drolli (522659) | more than 3 years ago | (#35539858)

A router is a computer and it stores information. Many routers have access logs. For me breaking into an encrypted WLAN is like mechanically removing the lock from an ethernet port on private property and plugging youerself in. In the normal case you still can log what is currently going on (Wireless can not be switched, so you see all packets), and in the worst case see logs or manipulate the router without any trace.

Should i move to the netherlands, i will use a VPN service to access the internet and a cabled lan to access my NAS (thats anyway my current config).

Storage of data? (0)

Anonymous Coward | more than 3 years ago | (#35539888)

Every router I've ever worked on has stored data, processed it and transmitted it.

Bad definition (0)

bill_mcgonigle (4333) | more than 3 years ago | (#35539952)

Or at least bad interpretation. Of course a router is a computer. This is what happens when you let lawyers write laws about technical things.

I guess the Dutch can have a system where privacy is the real deciding factor, but I prefer the property-rights approach. This freeloader unjustly confiscated the resources of the router's owner, resources his labor was spent to acquire. Is it OK in the same court if I just borrow an owner's car (without permission) for a couple hours, if I don't look at his info in the glove box?

Re:Bad definition (0)

Anonymous Coward | more than 3 years ago | (#35540286)

I have always defined a computer as a device that you can write software for. Dutch law however use a definition that is more like a PC.

Re:Bad definition (1)

91degrees (207121) | more than 3 years ago | (#35540474)

Technically, yes. But do you not see a slight difference between, say, a macbook pro, and an d-link router? Or a satnav for that matter?There is a difference. The thing is, I can't actually work out how to define the difference other than by intended use.

Property rights do matter. However, this sounds like a law protecting data. And there's no significant personal data stored on a router. If The Netherlands have a law regarding unauthorised network use, this is the law that should be used. If not, there should probably be one (although the harm done is typically fairly minor).

Re:Bad definition (0)

Anonymous Coward | more than 3 years ago | (#35540506)

Well, the problem is that this ruling will not result in increased privacy. Once stolen data is released, everyone can use it (including governments). This ruling weakens the confidentiality and integrity of the infrastructure entirely. They make bad law.

It goes like this:

1) break encryption on WAP;
2) run sniffer to collect personal data (which is also temporarily stored on the "computer" due to store and forward architecture/protocols);
3) *profit* at the expense of the users of the compromised system.

This ruling demonstrates the absence of understanding on so many levels. I think any logic behind this outcome is not evident, and this is a very bad thing for wifi users in The Netherlands.

HA! (0)

Anonymous Coward | more than 3 years ago | (#35539976)

Router Logs.

Case closed Bro.

You're welcome, America.

Sounds reasonable (0)

Anonymous Coward | more than 3 years ago | (#35539994)

A Judge is there to enforce the law not create or redefine it (exceptional circumstances excluded). From TFA the judge ruled the hacker did not gain access to the computer system only the network. The issue here is NOT the judges ruling, but the law.

What's a computer (1)

BlueWaterBaboonFarm (1610709) | more than 3 years ago | (#35540054)

I have an ASUS rt n16 with 128 MB RAM and a Broadcom4718A at 480 MHz, an external 2TB drive. By early 2000 standards that's a heck of a rig.
I was going to use an old p3 and use that as a router, but I guess it wouldn't work if I went to the Netherlands?

The Netherlands are awesome (0)

Anonymous Coward | more than 3 years ago | (#35540080)

I am from Germany and our goverment is a bunch of nazi-nitpickers when it comes to the rights of individuals but are ueber-liberal when it comes to the rights of huge corporates.

I welcome this example of how things in the netherlands, again, differ.

I love that small country.

dd-wrt (1)

Lehk228 (705449) | more than 3 years ago | (#35540184)

so if you want to ensure prosecutability of intruders install dd-wrt and store some docs on there

Re:dd-wrt (0)

Anonymous Coward | more than 3 years ago | (#35540296)

Just because you broke the wifi password doesn't mean you broke the router login password.

access to wifi != access to the router's settings and stored files.

Okay now, tell me about routers (1)

martin-boundary (547041) | more than 3 years ago | (#35540362)

Vincent: So what you want to know?
Jules: Well, hacking routers is legal there, right?
Vincent: Yeah, it's legal, but it ain't a hundred percent legal. I mean, you can't walk into a restaurant, roll out your netbook, and start wardrivin' away. They want you to hack routers in your home or certain designated places.
Jules: Those are router bars?
Vincent: Breaks down like this, okay: it's legal to hack a router, it's legal to own one, and if you're the proprietor of a router bar, it's legal to sell routers. It's illegal to steal one, but that doesn't really matter 'cause get a load of this, all right - if you get stopped by the cops in Amsterdam, it's illegal for them to search you. I mean, that's a right the cops in Amsterdam don't have.

DIY (0)

Anonymous Coward | more than 3 years ago | (#35540368)

Good. It should not be up to the government/justice system to deal with this. You get good security, or you share.

Some reasons I'm worried (1)

UBfusion (1303959) | more than 3 years ago | (#35540384)

a) Breaking into a password-protected router requires bypassing a security mechanism implemented by the owner of said router. It's the same as forcing the lock to my home's door, which last time I checked is 100% illegal (even if the burglar doesn't enter my premises).

b) Bypassing security mechanisms is the key idea behind the DMCA line of argumentation. Why is copying a DVD an illegal act and breaking into a router is not?

c) I spent considerable amount of time composing and testing a secure WPA key, which I keep to myself like my social security number or my ID card. Therefore, my WEP key is my private sensitive personal data that should be protected by law.

d) If I remember well, the contract and TOS of my ISP, who installed for me their ADSL wireless modem/router, specifically prohibits non-contractors (e.g. neighbours) accessing my router without my knowledge. In addition, in some countries, which escape me now (Germany?), it's quite illegal to operate an open (not password-protected) router.

e) If this type of activity (hacking routers) is declared legal (or at least not illegal), then everybody will be doing it and the security of ANY type of wireless networks will be seriously challenged. The incentive is huge and new idiot-proof hacking tools will no doubt be developed that will allow kiddies to effortlessly access their neighborhood's WiFi spots which have not blacklisted the .xxx TLD yet.

IANAL, but the only way I can explain how this horrendous ruling came about is by the combination of a very good defence lawyer and a 70 years old judge.

Router Log Files ARE Personal Data (0)

Anonymous Coward | more than 3 years ago | (#35540418)

And if you hack a routers wifi that happens to have logging enabled, then you'll know what sites users of the router have been at. Hence Personal Data hosted.

Wonder if this ruling is a back door for law enforcement or other entities cough* google cough* to snoop at their own whim or reason.

Will go to Supreme Court (1)

click ok (2020944) | more than 3 years ago | (#35540444)

Unfortunately for this court, they should not have defined a 'computer', the Dutch law speaks about an 'automated device'. In 2008 the Supreme Court defined an automated device as a computer or a network of computers. So the appeal to the Supreme Court could very well be successful.

Naive (0)

Anonymous Coward | more than 3 years ago | (#35540462)

I did not realize the Dutch were so naive.

my website (-1)

Anonymous Coward | more than 3 years ago | (#35540524)

http://www.pangnanren.com

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>