The wrong side of the equation

Thanks to numerous thoughtful and helpful comments from readers over the last couple of weeks, I’m taking a different look at casually using an open wireless network without the owner’s knowledge or permission.

I’m still not comfortable with the “it’s stealing” argument, nor with the contention that it’s the equivalent of a home invasion. I’m also unconvinced by the “economic argument,” the notion that if someone stops for a few minutes to check their e-mail on the sidewalk in front of your house that your ISP is going to collapse into a pool of red ink. The ISP may do that, but it probably won’t be because of warchalkers.

I have a great deal of difficulty with the idea of “owning” electromagnetic radiation, but I feel I’m on more solid ground — as I think many people are — when talking about ownership and control of actual physical objects. And I think this holds the key to an answer.

Many people pointed out to me, and I tend to agree with them, that although ownership of the airwaves is problematic, there’s no doubt the access point that is the hub of the wireless network belongs to the owner. It is a physical piece of equipment and the owner is entitled to have full use and control over it. Taking control of that piece of equipment and using it, no matter how briefly or how benignly, infringes on the right of the owner to maintain control at all times.

It really doesn’t matter whether that control is done hands-on or remotely. It’s somewhat akin to the situation in which my neighbor could use a remote control to adjust the volume on my stereo — although I often wished for such a device when I lived as an adult in a student neighborhood. It would be wrong and it seems to deprive me of some basic right to control my own belongings.

I’m not claiming that this is the one and only answer to the question. I wouldn’t go to the stake for it, and I just might change my mind after thinking about it a little more. But it seems to do the job right now. I’m still left with several unanswered questions, chief among which is just how serious a violation it really is. Not every ethical infringement is equal. Some are trivial and some are much more serious.

I think in this case a lot might hinge on what the actual situation is. If it is a brief, unintrusive, and transparent use, then it might fall on the “rude” end of the ethics scale. If it involves inconvenience, privacy, or illicit behavior, then it can move rapidly toward the other end. That remains to be seen.

However, as I was reading the replies and thinking about the situation, it became apparent that people are concerned mostly with two things: the possibility of someone using the open connection to perform illegal acts — terrorism, child porn, Internet scams, etc. — or increasing the bandwidth demands beyond what the ISP has calculated in its pricing structure. This got me thinking along different lines. Maybe I was looking at the wrong side of the equation. What are the ethical responsibilities of the network owner?

Without engaging in a great deal of argument, it would seem that the owner of the network would have some responsibility for how that network was used — and would have some obligation to ensure that unauthorized persons didn’t use it to do things that were criminal or unethical in themselves. Merely to leave a network open and accessible to anyone passing by seems reckless, and while the perpetrator would bear the full blame for what he or she did, the network owner is, in a sense, an accomplice, if only by default.

As far as the effect on the ISP, it is the network owner, not the casual passerby, who has a relationship with the ISP. It is the owner who contracts with the ISP for the bandwidth. If the owner is negligent with that bandwidth, leaving it available for anyone with a moderate knowledge of wireless technology, then the ISP’s complaint about diminishing resources would be primarily with the owner. It’s not far different from a scenario in which the owner installs a wired hub and leaves an outlet in the front yard unprotected.

As far as business installations, it would seem that the burden falls on whoever is responsible for installing or maintaining the network. Businesses rely on their IT staff to protect company data, and leaving a network unprotected isn’t really any different than leaving a briefcase full of company secrets on a park bench while you go to get a beer.

The main objection to my position would be that securing networks is beyond the ability of the average home user, is too expensive, or — as one IT person told me — too time-consuming. I don’t think any of those are supportable objections. If you can’t figure out how a technology works properly, perhaps it’s best not to use it at all. In almost any field of endeavor, ignorance of the important technology is dangerous. This is no different. People who can’t figure out how to drive a car, for example, probably shouldn’t do it — although many do.

If securing the network has an added cost, then this should be seen as part of the cost of the network. After all, you don’t install a swimming pool in your back yard unless you can also afford the fence that goes around it. Trying to tell people that a child has drowned in your pool because you could afford the pool, but not the fence, isn’t going to get you very far.

With enterprise networks, the time and expense of securing them is minuscule compared to the cost of losing sensitive company data or suffering other intrusions into the network. Network managers have a fiduciary obligation to the company to ensure that data and systems stay secure. This isn’t a nice-to-have add-on that they can get to when and if they have time. This is a must-do part of the job.

I don’t think placing some obligation on the network owner removes an ethical burden from the unauthorized user, but it would seem that the obligation on the owner is stronger. Without the open network, the casual unauthorized user is powerless, unless he or she is willing to break into the network. In that case, the ethical calculus is different and the owner might be blameless if prudent steps were in place to protect the network.

Interestingly, while the ethical evaluation of the unauthorized user may change according to the exact circumstances, the ethical obligation on the owner — or administrator — to secure the network is fairly consistent, because it always has to account for the worst-case possibility.

Write to Carlton Vogt at ethics_matters@infoworld.com. To discuss any of these issues, you can go to the Ethics Matters forum at www.infoworld.com/forums/ethics .