Wardriving--the practice of driving around with a portable computing device and a Wi-Fi antenna, looking for open Wi-Fi networks--is not new. In fact, wardialing, or calling up random phone numbers looking for modem connections, has been going on for at least 20 years. There is, however, a new ethical debate surrounding wardriving, whether it's legal, and whether it serves a larger purpose.

Courts haven't exhaustively tested the concept, but the common assumption is that simply discovering open wireless networks is legal. Trespassing is not. In fact, Patrick Ryan, assistant lecturer and PhD candidate at Katholieke Universiteit Leuven, sees many benefits from wardriving, arguing in a recent paper published in the Virginia Journal of Law & Technology that by codifying the principles of wardriving, we may also help to define a code of ethics for contemporary computer hackers (that's hackers in the tinkerer sense).

There is a new ethical debate surrounding wardriving, whether it's legal, and whether it serves a larger purpose.

Laws already exist
Ryan argues that by exposing unencrypted, open wireless access points, wardrivers often help owners to make their networks more secure--which is good. Ruling out the potential for abuse, he argues that existing laws, which vary from state to state, already cover cybercrime abuses, such as using a purloined wireless network for downloading child pornography or broadcasting spam. For example, last week, a Los Angeles man accused of using other people's Wi-Fi networks to broadcast adult-themed spam content, entered a plea agreement. The charges against the individual all related to violations of the CAN-SPAM Act of 2003 and not to his wardriving activities. Thus, curious individuals should be able to view open wireless networks, but only a criminal would bother to trespass.

This sentiment has been echoed by FCC chairman Michael Powell, who has encouraged the proliferation of free wireless networks (click here for the PDF) that are within service plans and do not harm the service provider's networks or enable theft. Ryan also cites an FBI memo that basically agrees that seeing a network isn't the same as accessing a network.

Wardriving as a valid security tool
Fact is, organized wardriving has provided valuable computer security statistics. Speaking at this year's Black Hat Briefing in Las Vegas, Chris Hurley of the WorldWide WarDrive organization found the number of new wireless networks has grown exponentially, from 9,374 networks in September 2002, when the first survey was taken, to 228,537 networks this year, although it should be noted that the survey does not take into consideration intentionally public wireless networks, such as those from wireless cafes. Within the last year, the percentage of those using wireless encryption protocol (WEP) has gone up, from 32 percent one year ago to 38 percent this year, as many companies have started to lock down their wireless networks. However, the number of those using the default wireless settings has actually gone up, from 27 percent last year to 31 percent this year. Hurley said this conflicting piece of information is probably the result of low wireless equipment costs, giving more home users the opportunity to buy a wireless router, then get it running in their homes later that evening. The challenge now is to get them to secure their networks.

Warchalking
One way to find and alert owners of vulnerable wireless networks is to wardrive your own neighborhood, then talk about wireless security to those neighbors with insecure networks. In London, a group of wardrivers has taken this a step further. They borrowed a technique from WWII and chalked urban sidewalks, indicating not where you could get a meal or a bed during wartime, but where you could find open wireless networks and whether those networks were encrypted.

Act responsibly, do the right thing, and please don't trespass onto private Wi-Fi networks.

While the warchalkers are also not breaking any laws, I think they are tempting others to break laws. Why use this passive-aggressive method of exposing open networks? Why not just tell the company or homeowner that their wireless network is bleeding all over the street? I think this is where Ryan's call for self-regulation and ethics becomes necessary.

These days, wardrivers don't use just ordinary wireless cards to find open networks. They carry special Yagi-style antennas, often shrouded in Pringles cans, which give them greater distance and accuracy. Thus, we've seen war kayaking around Lake Union in Seattle and war flying around Perth, Australia. These active wardrivers are withholding specific address information and publishing only stats, but a few rogues still haven't gotten the memo.

Do the right thing
In his article, Ryan analyzes the 1983 film WarGames, provides a short history of hacking (in all senses of that word), and offers a short history of recent attempts by hackers to self-police. He concludes that computer tinkerers today have evolved from their anarchistic roots and have begun to articulate codified policies, which may someday lead to the kind of self-regulation seen in other professions (say, an International Society of Professional Hackers).

I do think we can all agree that a tolerant society should not punish wardrivers for pointing out that someone's door is unlocked; in other words, don't shoot the messenger. But it's up to you to preserve the right to wardrive. How? Act responsibly, do the right thing, and please don't trespass onto private Wi-Fi networks.

Do you agree that wardriving should be legal? Why or why not? Talk back to me.