Tuesday, June 14, 2005 - The Progress & Freedom Foundation Blog

Assessing Liability? Trespass on (Municipal) Wi-Fi Networks

The wireless network in my home is not connecting properly right now. The signal is going out and being received, but my wife's computer in a different part of the house is unable to connect to the Internet. I suspect that when Vonage recently sent me a replacement router, the new setup between the DSL, the wireless router, my computer and the telephone and fax lines got fouled. Surely once I spend the time to dig through all of the settings and endure a call to the helpdesk, we'll be up and running again in no time.

But conspiracy took over and I got to thinking: Maybe there is something sinister afoot. Several neighbors also have a wireless home network. In fact, we can pick up a strong signal for a network named after Cosmo, my neighbor's dog. In fact, we're probably smack dab in the middle of a target rich environment for malicious war drivers. What if someone is hijacking our Internet connections to spam the world or download and distribute illegal content?

In this post, I ask if municipalities have anticipated the liability and commons problems Wi-Fi networks are sure to create. My hunch is that bad guys will flock to the easiest networks to use (sorry Cosmo) and then to the networks that have the murkiest liability and enforcement regimes. In this paperby Robert V. Hale II, published in the Santa Clara Computer & High Tech Law Journal, some of the liability implications under current federal law are examined for Wi-Fi technologies.

At least one court has interpreted the Computer Fraud and Abuse Act (CFAA) to say that the default rule is an "implicit lack of authorization" for access to wireless hotspots, even for hotspots that are not affirmatively protected by passwords or encryption. The court rejected the view that there exists a presumption of open access on the Internet and absent some sort of agreement to use a node, access is probably illegal under the CFAA. If interlopers simply use the node to check email or browse the news and if a case were brought, Hale believes it would be a misdemeanor violation of section 1030(a)(2) of CFAA. Once the infraction involves commercial advantage or private financial gain, it is criminal. The statute also has a provision to address a network invasion that "recklessly causes damage" such as frequent, large file transfers that degrade the quality or speed of my wireless network.

Hale also tackles the Wiretap Law (Electronic Communications Privacy Act) which attaches civil and criminal penalties to anyone who "intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication." What to do about all of this? Hale's article discusses the applicability of the common law doctrine trespass to chattels and despite the legal language, makes for a good read on the subject.

How does it relate to municipal Wi-Fi networks? For one thing, all fifty states have laws complementary to the federal wiretap law. It is not hard to imagine a situation where unauthorized use of a municipal network - virtually any use that is not agreed to with the provider - facilitates the use of a VoIP client to commit a crime "in" more than one state. Who prosecutes? Does the municipality have contributory liability? Hale seems to suggest that a line of reason could be extended from United States v. Salcedo to implicate municipalities. Salcedo is a 2003 case successfully prosecuted in the Western District of North Carolina when the war driving defendant and his accomplice used an unsecured network from the parking lot of a Lowe's home improvement store with the intent of stealing credit card information.

And finally, consider this from Hale:

Wireless access operators could also incur liability to the extent that they make access available, and in doing so, facilitate activities that damage others. Continuing the earlier hypothetical, if someone downloads unauthorized copies of music files using another's WLAN, and thereby commits copyright infringement, vicarious liability for the infringement may attach to the WAP [wireless access point] operator. As demonstrated in the A&M Records, Inc. v. Napster, Inc. decision, which involved vicarious copyright infringement liability of a peer-to-peer network provider, courts limit such liability to cases where the peer-to-peer network has "the right and ability to supervise the infringing activity and also has a direct financial interest in such activities."

The latter component of the liability test, a direct financial interest, would not likely apply to municipalities. Cities don't usually make money from pirates. But one must wonder, will the test hold? Should public entities offering network access be held to higher standards than private entities for the protection of commerce? If I were an advocate for municipal Wi-Fi networks, one concern would be the risk of changing liability standards.

All in all, it makes me more convinced that the risks associated with uncertainty - in this particular case, legal uncertainty - are best when shouldered by private actors and not public entities.

posted by @ 11:09 AM | Municipal Ownership , State Policy , Wireless