Public WiFi Networks Come with Liability Headaches

Published January 1, 2006

The relatively low start-up costs and technical availability of spectrum for wireless Internet make the idea attractive to civic leaders with an itch to “be digital.” Officials in the Ohio cities of Cleveland, Dayton, and Dublin are seeking public funds for WiFi networks in their cities. Unfortunately, the liability risks associated with public networks are often overlooked.

Welcoming Criminals

Internet access available to all law-abiding citizens is equally available to lawbreakers. When criminals can choose between Internet access from firms that demand detailed billing information or anonymous access from the city, is there any doubt they will flock to the municipal network?

In August, Florida officials held a pre-trial hearing in the case of an alleged wireless hacker. The accused parked his car outside a private residence armed with a laptop computer and is alleged to have hijacked the use of a home-based WiFi network. If the hacker were engaged in malicious or illegal activities, it is not clear the homeowner would be free of liability.

This is not the first case of uninvited use of WiFi networks, and it should sound the alarm for officials who aim to offer a public network.

There are at least two federal laws that apply to the question of liability, and potentially many more state laws and local ordinances.

Under the Computer Fraud and Abuse Act, the default rule is an “implicit lack of authorization” for access to wireless, even when such networks are not affirmatively protected by passwords or encryption.

Presumably, a municipality could offer Internet access to anyone but require agreement to its terms of use, which may include prohibitions on illegal activity such as spamming, the exchange of child pornography, or illicit trading of copyrighted material. In such a situation, the legal liability would be on the bad actor, not the municipality … but the public relations mess would be entirely in the lap of public officials.

Napster-Type Liability

While all 50 states have laws complementary to the federal Electronic Communications Privacy Act–which attaches civil and criminal penalties to anyone who “intentionally intercepts” any electronic communication–liability does not always end there.

A 2003 case in North Carolina, where a WiFi network was hijacked to steal credit card information, suggests the network provider–potentially a city near you–has contributory liability for crimes committed over its network. The same principle, under the name “vicarious liability,” applied in the music industry’s successful legal claim against Napster.

In essence, Internet providers are at risk of being an accessory to Internet crimes. Typically, the network provider must have a direct financial interest in the crime–as Napster had an interest in illegal downloaders using its system–for liability to attach.

But this should be small comfort to municipalities. A basic “job” of municipalities is to promote public safety and the health and welfare of a community. So even though cities would not make a profit from criminals who use their networks, it is not unthinkable for courts to demand higher standards of security for municipal providers relative to private firms, and assess stiffer penalties for failures.

City officials should avoid pushing their communities toward the municipal provision of wireless services solely on the basis of vague economic development goals or a desire to be on the “cutting edge.” Leadership requires the full consideration of what it means to venture into an area that remains in legal limbo.

Kent Lassman ([email protected]) is an adjunct scholar of The Buckeye Institute for Public Policy Solutions and a research fellow at The Progress & Freedom Foundation in Washington, DC.