From the Security Wire Digest:
Lawmakers appear poised to make New Hampshire the first state to protect computer users who get free rides on wireless networks by passing a bill saying corporations are responsible for keeping the networks secure.
The legislation was written to protect accidental bandwidth jumping, which occurs when laptop and mobile device users using WiFi to connect to one wireless access node actually find another, private access point. But it would also legalize “war driving,” in which laptop users scan airwaves for open wireless local area network (WLAN) ports.
The Electronic Frontier Foundation (EFF) and groups such as FreeNetworks back the legislation, which shifts the onus of keeping unauthorized users off networks squarely to their owners.
To simplify setup, WLANs are shipped with minimal security features, a fact that last year prompted the Department of Homeland security to label them a terrorism risk.
The actual text of the bill is as follows:
I.(a) A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that:
(1) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or
(2) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or
(3) The person reasonably could not have known that his or her access was unauthorized.
(b) The owner of a wireless computer network shall be responsible for securing such computer network. It shall be an affirmative defense to a prosecution for unauthorized access to a wireless computer network if the unauthorized access complies with the conditions set forth in subparagraph I(a)(1)-(3).
So the gist of the bill is that WiFi networks in New Hampshire must be secured against random access. Subparagraph (3) seems to be the most important of the affirmative defenses to unauthorized access in the case of WiFi. Given the insecurity of WiFi networks (even with WEP enabled) there is sure to be some legal tests regarding the owners responsibility for securing the wireless network.
Enabling WEP should protect a network owner from affirmative defenses for unauthorized access, since an unknown user would have to use a tool like AirSnort to capture your encryption key. While it is already been proven that the security in 8011.B networks provided by WEP is easily crackable, it should protect a network owner from the “I didn’t know it was wrong” defense. You cannot accidentally crack and encryption key. The more interesting case would be an open network that uses a identifying ESSID. In this case you as the war driver or casual user would have to take the proactive step of changing your ESSID to match. But what if the ESSID was PRIVATE NETWORK, and you changed yours to match. Is the network owner giving you enough warning that even though this is an open network you are not autorized in any way that could be covered in subparagrah’s I(a)(1)-(3)?
My judgement is that unless you enable WEP you will have no claim to the unauthorized access provisions of the New Hampshire law. I suspect there is a wide variety of opinion on this topic…