The wireless network in my home is not connecting properly right now. The signal is transmitting and being received, but my wife’s computer, in a different part of the house, is still unable to connect to the Internet.
I suspect that when Vonage recently sent me a replacement router, the new setup between the DSL, the wireless router, my computer, and the telephone and fax lines got fouled. Surely once I spend the time to dig through all of the settings and endure a call to the help desk, we’ll be up and running again in no time.
But conspiracy theory took over and I got to thinking: We’re probably smack dab in the middle of a target-rich environment for malicious war-drivers. What if someone is hijacking our Internet connections to spam the world or download and distribute illegal content?
As municipalities move into the wireless space, some even building wireless networks of their own, I wonder if they have anticipated the liability and commons problems Wi-Fi networks are sure to create. Robert V. Hale II, a San Francisco attorney and advisor to the Cyberspace Committee of the California Bar, took up the liability question in a paper published in March in Santa Clara Computer & High Tech Law Journal.
At least one court has interpreted the Computer Fraud and Abuse Act (CFAA) to say there is an “implicit lack of authorization” for access to wireless hotspots, even for hotspots that are not affirmatively protected by passwords or encryption. The court rejected the view that there exists a presumption of open access on the Internet and absent some sort of agreement to use a node, access is probably illegal under the CFAA.
If interlopers simply use the node to check email or browse the news and if a case were brought, Hale believes it would be a misdemeanor violation of section 1030(a)(2) of the CFAA. Once the infraction involves commercial advantage or private financial gain, it is criminal. The statute also has a provision to address a network invasion that “recklessly causes damage” such as frequent, large file transfers that degrade the quality or speed.
Hale also tackles the Wiretap Law (Electronic Communications Privacy Act), which attaches civil and criminal penalties to anyone who “intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication.”
What to do about all of this? Hale’s article discusses the applicability of the common law doctrine of trespass to chattels and despite the legal language, makes for a good read on the subject.
How does it relate to municipal Wi-Fi networks? For one thing, all 50 states have laws complementary to the federal wiretap law. It is not difficult to imagine a situation where unauthorized use of a municipal network–virtually any use that is not agreed to with the provider–facilitates the use of a VoIP client to commit a crime in more than one state. Who prosecutes? Does the municipality have contributory liability?
Hale seems to suggest that a line of reasoning could be extended from United States v. Salcedo to implicate municipalities. Salcedo is a 2003 case successfully prosecuted in the Western District of North Carolina when the war-driving defendant and his accomplice used an unsecured network from the parking lot of a Lowe’s home improvement store with the intent of stealing credit card information.
And finally, consider this from Hale:
“Wireless access operators could also incur liability to the extent that they make access available, and in doing so, facilitate activities that damage others. Continuing the earlier hypothetical, if someone downloads unauthorized copies of music files using another’s [wireless local area network], and thereby commits copyright infringement, vicarious liability for the infringement may attach to the WAP [wireless access point] operator. As demonstrated in the A&M Records, Inc. v. Napster, Inc. decision, which involved vicarious copyright infringement liability of a peer-to-peer network provider, courts limit such liability to cases where the peer-to-peer network has ‘the right and ability to supervise the infringing activity and also has a direct financial interest in such activities.'”
The latter component of the liability test, a direct financial interest, would not likely apply to municipalities. Cities don’t usually make money from pirates. But one must wonder, will the test hold? Should public entities offering network access be held to higher standards than private entities for the protection of commerce? If I were an advocate for municipal Wi-Fi networks, one concern would be the risk of changing liability standards.
All in all, it makes me more convinced that the risks associated with uncertainty–in this particular case, legal uncertainty–are best when shouldered by private actors and not public entities.
Kent Lassman ([email protected]) is a research fellow and director of the Digital Policy Network at the Progress & Freedom Foundation. This article is adapted from the PFF blog.
For more information …
The paper by Robert V. Hale II, published in March in Santa Clara Computer & High Tech Law Journal, is available through PolicyBot™, The Heartland Institute’s free online research database. Point your Web browser to http://www.heartland.org, click on the PolicyBot™ button, and search for document #17422.