Is it a crime if I open up my laptop and use whatever open wifi network I detect to access the Internet. According to some state laws, the answer is "yes."

Wifi networks can be open or closed. Closed networks are secured either at the WiFi access point through the use of an encrypted Network Key or through the use of an authentication server.

At the wireless access point (WAP), closed networks can be secured with either WiFi Protected Area (WPA) or Wired Equivalency Point (WEP) encryption. When an individual attempts to connect with an WiFi access point, the individual must provide a network key in order to establish a connection. Once connected, transmissions are encrypted. Securing a WAP is relatively easy. [Preston p 30] [Cohen]

Alternatively, closed networks may utilize an authentication server. Individuals can establish a connection with a wireless access point, but all they may be able to reach is the authentication server where they must login. This is like going to a coffee house, logging on to the network and reaching the coffee house sign in page where you pay for Internet access by the hour or by the day. This also gives the WAP owner the ability to keep a record of who has been accessing the network (useful for responding to subpoenas and establishing defenses). [Dvorak] Once authenticated, the individual can access the Internet, however, the transmissions are not encrypted.

Open networks are ones where individuals can freely establish a connection to the access point and the Internet. There is no need for a network key, password, or authentication. Many coffee houses, libraries, and other hot spots provide free access in this manner. Individuals simply need to know the SSID of the network, and generally laptops have software built in that enables the laptop to detect the SSIDs of the available networks in range. [Cohen (accidentally using neighbor's WiFi)]

A controversy has brewed over the situation where an individual accesses an open WiFi network, but for some reason a claim is made that the access was unauthorized. This is sometimes known as Piggy Backing. The owner of the wireless network has not closed the network nor required either a network key or a password. In certain noteworthy cases, someone's access is considered "unauthorized." Many individuals take advantage of whatever open WAPs their laptops happen to detect when they open them. [Hargreaves] Some devices such as reportedly Skype phones automatically detect open WiFi access points and establish connections. [Bangeman]

According to one study conducted by Accenture, 12 percent of respondent's in the US and UK have "borrowed" someone else'sWiFi access; in the US alone, according to the study, that figure goes up to 14 percent. [PC World 041608] [ZDNET 0408] Some wonder whether that is a gross under-estimate, and whether many people, when they flip open their Internet enabled device, even know they are "borrowing" WiFi.

Crime: Many pundits express the opinion that accessing the Internet through an open WiFi access point should not be considered illegal. While they have opinions on the propriety of this conduct, few offer direct arguments explaining their rational but instead resort to indirect analogies such as water from sprinklers falling on neighbor's yards or light from light fixtures being borrowed by a neighbor to read a book. [Bandeman] [AKMA 082204 (connecting to open WiFi is like stealing someone's cable TV connection, according to a police officer)] [McMillan, Network World 041608 (Anonymous commentor April 20, 2008 asking " If I sit upon a garden wall, reading a map in the glow of a porch light, am I stealing that light?")] [Compare Cohen (Time Warner argues "that while you may have a glass of water at a neighbor's, you may not run a pipe from his place to yours."]

Proponents argue that this is a victimless crime, that those that piggy back are taking a replenishable supply and have little to no impact on the Internet access account owner.

Opponents argue that those that consume significant amount of bandwidth, such as P2P users or gamers, do in fact harm the owner of the Internet access account by degrading the connection.

Proponents reply that if their is any bandwidth issue, they can simply turn off or secure access to the pipe, and the piggy backer can no longer deplete the resource. [Cohen] Proponents also note that most piggy backers simply hop online to check email or check a quick bit of information and are not bandwidth hogs. [Bandeman]

Opponents to open WAPs make several criminal or risk arguments on why open APs are bad:

• Piggy backing takes revenue from the ISP [Bandeman] [Sophos 111507] [McMillan, Network World 041608 (Anonymous commentor April 18, 2008)] [Cohen]
• Open WAPs create the opportunity for bad people
  • to anonymously access bad stuff. [McMillan, Network World 041608 (Anonymous commentor April 18, 2008)] [Hall (child pornography)] [Preston p. 29 (pedophiles)]
    • Open WAPs mean children can access bad stuff, evading parental or school attempts to limit access. [Preston p. 29] See CIPA.
  • to do bad things (including criminal activity, copyright infringement, distributing pornography or child pornography, launching spam or DOS) anonymously over that WAP. [Preston p. 29]
    • The bad activity will be traced back to the IP number of an individual's computer, presenting a risk of liability. [Preston p. 30] However, there have been courtcases where an open WAP has been a successful defense to liability - in other words, the defendant argues that while a copyright infringement may have been traced to the defendant's WAP, the WAP was open and anyone could have done it - there is no proof of the defendant's guilt.
  • to intercept transmissions over your network. [Sophos 111507]
    • One version is for someone to appear in the middle as an open WAP, intercepting transmissions (known as a man-in-the-middle attack). [Preston p. 30]
  • to hack into computers, and possibly inflect them or steal data, including the risk of identity theft. [Sophos 111507] [Preston p. 29]

Some individual owners of WAPs affirmatively choose to leave their WAP open and are willing to share as a matter of courtesy. [Schneier]

In response to the litany of problems, some argue that WAPs should be shipped in the default secured mode, and others have suggested that all WAPs ought to be required to operate only in secured mode. [Preston p. 30]

The purpose of this chart is to diagram out the posited problems and indicate whose problem this is. In other words, if we assume that access to the network is authorized, then illegal activity over that WAP by a third party is not a problem for the WAP owner* or the ISP.* For most of the posited problems, securing the WAP does not really solve the problem - in particular, the requirement of securing WAP may solve almost no problems for the WAP owner.

Note that this table could be more complex reflecting scenarios where access is authorized by the AP owner, but not the ISP - or authorized by the ISP but not by the AP owner.

Problem for -> Access Situation:	WAP Owner	ISP	Law Enforcement
Authorized Access	No	No***	No
Legal Activity	No	No	No
Illegal Activity	No*	No*	Yes
Bandwidth Intensive	Maybe**	Maybe**	No
Bandwidth Non Intensive	No	No	No
Unauthorized Access ****	Maybe	Maybe	Maybe
Legal Activity	No	No	No
Illegal Activity	No*	No*	Yes
Bandwidth Intensive	Yes	Maybe*****	No
Bandwidth Non-Intensive	No	No	No

* Illegal activity over an open WiFi point such as transmitting pirated copyrighted material, where the AP owner has no part or knowledge in the pirating, the AP owner would not be liable - this doesn't mean that a copyright association will not try to subpoena the AP owners records and might even sue the AP owner. But, as has been seen, AP owners arguing that they operate an open AP has been a defense to prosecution - there is no proof that the AP owner was engaged in the activity.

** Bandwidth hogs can be an issue for authorized or unauthorized use. On the one hand, AP owners and ISPs may have an arrangement that permits for heavy use; on the other, they may have an arrangement that heavy users are throttled as necessary.

*** Some ISPs authorize subscribers to share service; other ISPs have an service level priced to account for more intensive usage where the subscriber wishes to share the access. For example, a coffee house may acquire a business level access service that permits sharing.

**** The mere fact that access is unauthorized does not mean that it is problematic, particularly where the piggy backer is not engaged in illegal activity and is not a bandwidth hog. Some ISPs permit sharing; Some AP owners who are not explicitly sharing service may simply be indifferent to piggy backers. Where there may be a problem is where the AUP between the AP owner and the ISP does not permit sharing and therefore piggy backers could constitute a breach of the AUP.

***** A bandwidth hog may slow down service for the AP owner. However, if the ISP permits sharing, a bandwidth hog may not be a problem for the ISP.

Nuisance: This discussion assumes that the third party wants to piggy back on the open WAP; there is a flip scenario of unwanted open WAPs which become a nuisance, as argued by Prof. Preston. In this scenario, for some reason, open Internet access is undesired. It could be parents trying to responsibly raise their kids with limited access to objectionable material (see First Amendment arguments which reject government censorship on grounds that parental involvement is the best and least intrusive solution), or it could be a secure environment where the nature of the work requires strict network security. In these scenarios, a WAP owner providing open WAP internet access wafting over the border of the WAP owners space and into the third party's space, creates, according to Prof. Preston, a nuisance.

Proponents for legitimate use of open WAPs argue (weakly) by analogy: where a neighbor waters a lawn and this water spills over on the next door neighbor's yard, the use of the water by the next door neighbor would not be theft; where a neighbor has a light on, and the light spills over on the next door neighbor's property, the use of the light by the next door neighbor to read a book would not be theft. These analogies, however, can be reversed in terms of nuisance law. Where a neighbor is over watering his yard, and this water spills over and damages the next door neighbor's yard (erosion, rot, mildew, water in the basement), the next door neighbor can have a claim in tort nuisance. Where a neighbor has excessive lights on and those lights disturb the next door neighbor, the next door neighbor likewise has a claim in tort nuisance. So it follows, where a neighbor is permitting open WAP Internet to waft on to the property of a next door neighbor, and that open Internet access causes a harm, the next door neighbor could have a tort nuisance argument. [See Preston].

Federal Law

Communications Law: The use of the spectrum itself is lawful pursuant to FCC regulation. This is Part 15 unlicensed spectrum and anyone can use it without a license, as long as they have an FCC certified device like a WiFi card. No one owns the spectrum. No one gains a priority to use the spectrum from being the first one their. There is no property right in this spectrum. The mere transmission of a signal does not make it legally "yours." [Compare Rasch (stating "using someone else's [WiFi] signal... could constitute a felony")]. There is no such thing as "unauthorized use of WiFi" as WiFi is a commons to which all people have equal access. [Compare Hale p 550 (discussing "unauthorized use of WiFi")] Just because you own the WAP, does not mean that you own the spectrum. [Compare Rasch (stating "There is little doubt that when you "piggyback" the WiFi signal you are "accessing" -- or "using the resources of" -- the device that is providing the Internet connection.")].

Permission to use Part 15 spectrum is not the same as permission to use the network proximate to the Part 15 wireless network. The Part 15 network is unlicensed; no one can own it and no one can exclude others from it. The proximate network, the network connected to the Part 15 spectrum with an access point, is unknown. It may be public or private, open or restricted. If access to the proximate network is restricted, the legal authority to access the Part 15 spectrum does not provide authority to access the proximate network. Note well that when a network owner secures an access point, they are not restricting access to the Part 15 spectrum; they are shutting the door of the access point and not permitting anyone to go from the Part 15 spectrum, through the Access Point, and into the Proximate Network. It is the proximate network, not the Part 15 spectrum, that becomes secure. Access to the proximate network could constitute a violation of other state or federal laws, such as the Computer Fraud and Abuse Act.

Criminal Law: It has been argued that there could be a violation of the federal Computer Fraud and Abuse Act, 18 USC 1030. (CFAA) [Hale p 544]

The CFAA states that it is illegal to have unauthorized access to a protected computer. 18 U.S.C. § 1030(a)(5). This provision, however, has a $5,000 damage requirement that is probably not met by some guy outside a coffee shop checking his email. It is not clear what if any harm or damage is caused by someone using an open WAP. [Compare Nat'l Health Care Disc p 1274 (degrading network service constitutes damage)] [Bierlein p 1132 (extensive discussion of CFAA and WiFi) & 1135 (discussing harm) & 1147 n 128 (noting that the CFAA was drafted at a time when there was no notion of publicly available open networks)]

Furthermore, as noted above, the WiFi service cannot be stolen and an individual has authority to access it by law. Since access to the WiFi is authorized, it cannot be (or should not be) a violation of the CFAA. [Bierlein p 1133 (discussion of authorized access)] Remember that for the moment we are talking about access to the WiFi Spectrum, not to the proximate network - a discussion of whether access from the commons network to the proximate network is authorized will require review of Trespass law.

Note also that these provisions require that the unauthorized access be "intentional." [Bierlein p 1133] That's a problem when someone sitting next to a library utilizes a public WiFi network from a public institution. The piggy backer believes that the access is clearly authorized. [AKMA]

Some argue that piggy backing might be a violation of another provision of the CFAA 18 U.S.C. § 1030(a)(2)(A)&(C), Swiping Information from a Protected Computer. [Rasch (" access necessarily shares some data -- IP, routing, etc -- between the computers, and the statute does not specify exactly what information must be obtained ")] [Hale p 548 ("access to any WLAN involves some exchange of information that typically passes between computers (IP address, data packets, etc.) as a means of gaining access to the Internet")]. WiFi is a protocol specifically designed to operate in the unlicensed spectrum, permitting devices to handshake and establish a communications link. Where the spectrum is unlicensed and cannot be swiped, nor can the protocol developed for establishing communications in that commons. This argument is without merit. [Bierlein p 1159 ("the exchange of networking protocols inherent to access does not rise to the level of obtaining information because it involves no “readable” information—users do not “read” the information exchanged")]

Michigan: In 2004, a man was convicted of piggy backing onto a Lowe's open WiFi network in order to steal the credit card numbers that the store was transmitting over the open network. Man was charged with violating the federal Computer Fraud and Abuse Act.

• United States v. Salcedo
  • Bill of Indictment at 1–2, United States v. Salcedo, (W.D.N.C. Nov. 19, 2003) (No. 5.03cr53-MCK)
  • Criminal Docket for Case #: 03-CR-53-ALL
  • Press Release, U.S. Department of Justice, Western District of North Carolina, Hacker Sentenced to Prison for Breaking into Lowe’s Companies’ Computers with Intent to Steal Credit Card Information (Dec. 15, 2004)
• Wifi cloaks a new breed of intruder , Tampabay.com (July 4, 2005)
• Kevin Poulsen, Long Prison Term for Lowe's WiFi Hacker, SecurityFocus (Dec. 16, 2004) (sentenced to nine years in federal prison, a reduce sentenced based on the assistance he provided to Lowe's to "help them understand the vulnerabilities in their system.")

Texas: Defendant who demonstrated ease of accessing county's wireless network was arrested and charged under CFAA, with prosecutor claiming that $5k threshold was met by needed staffing changes, etc. Jury took 15 minutes of deliberation to reject charges. [Bierlein p 1159 n 187]

• Rosanna Ruiz, Computer Expert Indicted in Alleged Hacking, HOUSTON CHRON., July 25, 2002, at 26A.
• Rosanna Ruiz, Federal Trial Starts for Man Who Hacked County Computer, HOUSTON CHRON., Feb. 19, 2003, at 16A
• Rosanna Ruiz, Jurors Acquit Man of Hacking System at District Clerk’s Office, HOUSTON CHRON., Feb. 21, 2003, at 26A

Some would like the use of open wifi networks to be illegal for fear of violations of other criminal statutes. [AKMA 082204 (Police officer justifying harassing a wifi user on the grounds that someone could download child pornography, claiming that he had been briefed by a Secret Service agent)]

Interception / Eavesdropping There is a problem with the concept that receiving wifi signals from an open WAP could be a violation of the Electronic Communications Privacy Act. [18 USC § 2511(2)(g)(i)]. [See also 47 CFR § 15.9 Prohibition Against Eavesdropping ("Except for the operations of law enforcement officers conducted under lawful authority, no person shall use, either directly or indirectly, a device operated pursuant to the provisions of this part for the purpose of overhearing or recording the private conversations of others unless such use is authorized by all of the parties engaging in the conversation.")] Wifi is a commons; it is unlicensed spectrum where all users have the same rights to receive and transmit. There is nothing about this spectrum that gives a transmitter a superior right to other users of the spectrum, where the transmitter could stand up and say, "hey, I'm transmitting therefore you cant be receiving." In other words, when one uses wifi, one is shouting one's transmission to everyone else using wifi as well. That's pretty clearly a transmission made to be accessible to the general public. If the transmission is accessible to the general public, then receiving the signal cant really be said to be an interception. [Compare Hale p 550 (arguing ECPA could apply to the interception of a WiFi signal)] [Compare Rasch (arguing that ECPA applies to WFI signals; "by reading e-mail, or even just DHCP or ARP packets, you are potentially violating that law")

Recall that both Wifi WAPs and walkie talkies operate in the same spectrum pursuant to the same rules. One who uses a walkie talkie is unable to object to the fact that others can hear the transmissions. Likewise, those who transmit using WiFi protocols can not object that other devices can hear it.

Note that it is another thing to go from simply hearing what you are saying (intercepting your transmission), to using the spectrum to go through your WAP and get onto your computer network that is closed. It is one matter to be using the spectrum; it is another matter what you do when you connect to something off of the spectrum (like a computer network or a garage door).

State Laws:

Individuals who have been prosecuted for unauthorized access to an open WAP have largely been prosecuted under state criminal statute.

• Alaska
  • Another guy who sitting outside a library and using a public open network after library hours so that he could play World of Warcraft was charged.
    • Gamer Busted For After Hours WiFi Leeching, DSLReports.com Feb 26 2007
    • Wellner, Andrew. " Using free wireless at library described as theft ", Anchorage Daily News , 2007 - 02-24 .
    • "Man Busted for After-hours Library Wireless Use Won't Be Charged with Theft ", Library Journal , 2007 - 03-12 .
• California
  • AB 2415:
    • This bill would require a device that includes an integrated and enabled wireless access point, if the device is manufactured on or after October 1, 2007, for use in a small office, home office, or residential setting, and that is used in a federally unlicensed spectrum, to either include a warning advising the consumer how to protect his or her wireless network connection, a warning sticker, or provide other protection that, among other things, requires affirmative action by the consumer prior to use of the device.
    • (f) There is disagreement as to whether it is legal for someone to use another person's WiFi connection to browse the Internet if the owner of the WiFi connection has not put a password on it. While Section 502 of the Penal Code prohibits the unauthorized access to computers, computer systems, and computer data, authorized use is determined by the specific circumstances of the access. There are also federal laws, including the Computer Fraud and Abuse Act (18 U.S.C. Sec. 1030 et seq.), that prohibit the intentional access to a computer without authorization.
  • Governor Schwarzenegger Signs Legislation to Protect Consumers Using Wireless Devices, Office of the Governor, September 2006 (" requires wireless home networking equipment manufactures after October 1, 2007 to provide a warning that advises consumers on how to protect their personal information. ")
• Florida
  • In April 2005, a man found sitting in his car in a residential neighborhood piggy backing on wireless networks was arrested after a neighbor grew suspicious.
    • FLA. STAT. ANN. § 815.06 (2006) prohibits unauthorized access to computer network, classified as a third degree felony
    • Dave Gussow, Wireless ‘Mooching’ Raises Issues of Security, Ethics, ST. PETERSBURG TIMES, Aug. 1, 2005
    • Man Arrested for Stealing WiFi, CBS News July 7, 2005
    • Rob Kelley, Man Charged with Wireless Trespassing, MONEY, July 7, 2005,
    • Wifi cloaks a new breed of intruder , Tampabay.com (July 4, 2005);
    • The case of the stolen Wi-Fi: What you need to know, CW 8/9/2005
    • Floridian Faces Wireless Trespassing Charges, Ecommerce Times 7/8/2005
    • Florida Man Charged With Felony for wardriving, Ars Technica (July 7, 2005)
  • A man in an apartment complex was piggy backing on neighbors networks "in order to access bank information and pay for pornography sites." When purchases that he ordered were delivered to his apartment, he was uncovered. Police found an antenna sticking out his window in order to enhance his reception. Wifi cloaks a new breed of intruder , Tampabay.com (July 4, 2005)
• Illinois
  • A guy piggy backed onto the network of a non-profit in the middle of the night and was charged under an Illinois statute. Sentence: One year court supervision and a $250 fine.
    • Mark Gibbs, Open WiFi Stupidity, Network World (March 29, 2006)
    • Illinois WiFi Freeloader Fined $250 , ARS Technica (March 23, 2006)
    • Dale Dietrich, Illinois WiFi Freeloader Fined US$250, iMedia Law Blog (March 23, 2006)
• Maryland
  • MD Code, Crim L § 7-315 Prohibited:
    • A person may not knowingly: (1) possess, use, manufacture, distribute, transfer, sell, offer, promote, or advertise for sale, use, or distribution, an unlawful telecommunication device or access code: (i) to commit a theft of telecommunication service; or (ii) to receive, disrupt, transmit, decrypt, acquire, or facilitate the receipt, disruption, transmission, decryption, or acquisition of a telecommunication service without the express consent or express authorization of the telecommunication service provider;
  • This statute is not applicable. Wifi is unlicensed spectrum held as a common where all individuals have equal rights of use; it cannot be stolen. (Conversely, if this law did apply, wouldn't it be illegal to make any wifi enabled device?) Under federal law, Wifi would not even be classified as a "telecommunications service." Apparently under Maryland Code, Wifi may be considered a "telecommunications service." MD Code, Crim L § 7-313 Definitions.
• Massachusetts
  
  • Nantucket
    • AKMA
      • AKMA's Blog (An account of sitting on a bench outside a library, and being approached by a police officer who told AKMA to stop and move on, on the grounds of theft of service, informing AKMA that the police department had just been briefed on the issue by the Secret Service).
        • So Weirdly Wrong (Aug 22, 2004)
        • For Clarity Sake (Aug 23, 2004)
        • Ironies Never Cease (Aug 24, 2004)
        • End of Story (Aug 25, 2004)
        • Case Closed! Closed? (Sept 7, 2004) : Photo of Article :
        • Flickr PhotosAtheneum Exterior : Facade : Plan of Building : Bench :
      • Busted for Using Library Wifi outside Library, Slashdot Sept 1, 2004
      • Rogue Cop Invents Anti Wifi Laws Shakes Down Man of Cloth, Boing Boing (Aug 24, 2004)
      • Weirdly Wrong thread: Stealing a library's Wifi, LibraryLaw Blog (Aug 26, 2004)
• Michigan
  • Law: Michigan Fraudulent Access To Computers, Computer Systems, And Computer Networks (Excerpt) Act 53 of 1979
  • A guy reported sat outside a the Re-Union Street Café coffee shop checking his email. When the cop asked him what he was doing, he told him. Neither he, nor the cop, nor the coffee shop owner of the network knew that what he was doing violated state law - yet he was criminally charged. He was reportedly fined $400 and required to do 40 hours of community service.
    • A wireless felony , WOOD TV 8 (June 18, 2007);
    • Michigan Man Fined for Using Coffee Shop's Wifi Network, Fox News (Jun 5, 2007) (an excellent account of the story)
    • Michigan man dodges prison in theft of Wi-Fi, CNET 5/30/2007
    • Wi-Fi Freeloading Felony - First arrest and prosecution in Michigan, Broadband Reports 5/22/2007;
    • Michigan Man arrested for using cafe's free wifi from his car, ARS TECHNICA (MAy 22, 2007)
• New York
  • Law: NY State Penal Code § 156.00(8) (defining "without authorization" such that a user must have actual notice that access was without permission for it to be "without authorization." The law applies only where the network“is equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of said computer or computer system.” § 156.05)
  • Westchester County directed its businesses to secure their networks or they would be fined. A wireless felony , WOOD TV 8 (June 18, 2007)
• Utah
  • Utah requires ISPs to offer a filtered content service to consumers. Utah Code 76-10-1231. This would appear to also fall upon ISPs offering free WiFi service. [Preston p 30]
• Washington
  • Man reportedly repeatedly returned to a coffee house Brewed Awakenings to piggy back on open wifi network. Coffee house owner grew wearisome, asked him to stop, and then called the police. The police told the man to move on, but he later returned. He was charged with "theft of services" under the criminal trespass statute, but not unauthorized access to computer network under the state's computer trespass statute. One article notes that the defendant was a registered sex offender. [Saracevic] [Galla] [Bierlein p 1160 n 188]
    • WASH. REV. CODE § 9A.52.120 (2006) (Washington’s computer trespass statute);
    • WASH. REV. CODE§ 9A.52.080 (2006) (Washington’s criminal trespass statute).
    • Stephanie Rice, Accused Wi-Fi Thief Pleads to Trespass, COLUMBIAN, Aug. 16, 2006, at A1.
    • Al Saracevic, In a Froth Over Wifi Theft, San Francisco Chronicle (June 23, 2006)
    • Preston Gralla, No Latte with your WiFi, TechSearch Blog (June 22, 2006)
    • Gregg Keizer, WiFi user charged for not buying coffee, EETimes (June 22, 2006) ("The charge, which covers such crimes as bypassing a utility meter, stealing cable, and leaving a restaurant without paying, has been used in the past to prosecute hackers who have accessed a computer or network without paying for it. ")
    • WiFi Freeloader Arrested in Washington, Ars Technica (June 22, 2006)
    • Evan Blass, Wardriver arrested for snagging coffee shop signal, Engadget June 23, 2006

Police authorities argue that open wifi networks are problematic because they create an untraceable opportunity for criminals. When an individual visits a website on the Internet, that website generally records the IP address number of the individual. If the individual is doing something illegal, then that activity can be traced back to that IP number. If the police can trace the IP number to an individual subscriber, they can attempt to arrest the individual. When an individual gains Internet access using an open wifi network at a coffee house, then the IP number of that coffee house is recorded in the server log and investigators are unable to tell which person at the coffee house it was that visited that site. Likewise, if the individual gains Internet access through an open network in residential neighborhood, say that of the Jones', then the police will trace the IP number back on the Jones' and come knocking at the Jones' door accusing them of, for example, dealing in illegal knock-off Beanie-Babies. [Stockwell (concern that Child Pornographers are using open wireless networks)]

Open WAP owners have argued as a defense to prosecutions that while a crime may have been traced to their IP number, there is no further evidence that they committed the crime and that it must of been someone else who tapped into their access point. This argument is essentially that while an IP number may map to a computer or a WAP, it does not map well to humans. [Stockwell] [WLTL] [Fisher]

Notice: The question is begged however. If the wireless network is open, how can the access be unauthorized. [Bierlein p 1133 ("few states define what constitutes authorization")] How would an individual know that they are, or are not, allowed on a network. There are open networks everywhere for all sorts of reasons. How is an individual to determine which open network is not open and which open network truly is open... other than through the signal of the "open" or "closed" network itself. Some wireless devices automatically log onto detected open wifi networks with no action required by the individual (reportedly Skype WiFi phones, for example, will log onto any open network detected).

If network owners want to restrict access to their networks, this is easy to do. See OnGuardOnline.Gov for information on how to secure a wireless network. A password on a WAP is a good signal that the network is closed. [EFCultural at 63] Compare Rasch (asking the rhetorical question: " you end up on a slippery slope. How much security must you have on a system in order to be able to prosecute someone for accessing it without authorization?") Any security would provide sufficient notice that the network is closed. See NY State Penal Code § 156.00(8) (defining "without authorization" such that a user must have actual notice that access was without permission for it to be "without authorization.")

If network owners want their networks to be open, having no restriction on access is a pretty good signal of this intention. [Dvorak ("Since it doesn't really take much to secure a network, you can assume that people do not mind you taking their Wi-Fi signals to do your e-mail.")] [See R2oT § 892] [Hale p 553 ("Lack of log-in procedures, encryption, or other forms of security may create a privilege in the would-be trespasser of apparent consent to use another’s Wi-Fi network.")]

The question is further begged, what does "unauthorized" mean. The Computer Fraud and Abuse Act does not define "unauthorized." [Hale p 545]

WAPs are shipped to customers in a default open configuration. It is common for new broadband Internet access service orders to be bundled with a WAP, although where the service provided does an install, they generally will turn the security on. Laptops and some desktop computers are now shipped with WiFi as a standard feature. [Hargreaves]

Some ISPs permit the sharing of broadband Internet access over a WAP. Some do not. [Dvorak] Subscribers that wish to share the broadband may need to purchase a business broadband account that permits such sharing.

Many pundits believe that these prosecutions are inappropriate. [Gibbs][Dietrich] It is argued that it is up to a property owner whether their property is open or closed. There should be no presumption in law otherwise. Where it is the intention of a property owner that the property is closed, then it should be the responsibility of the property owner to take easy steps of signaling this intention. This is consistent with the jurisprudence principles that the individual with the burden is the individual with the information (in this case, the information of whether the network is open or not) and it is consistent with the law-and-economics theory that the burden should be placed on the party for whom the cost of compliance is the lowest (the cost to the network owner to signal whether the network is truly open or not is de minimis where the cost to the laptop guy, able to detect open networks but needing to confirm whether they are truly open, can be almost impossible in some cases as the laptop guy may not know where the signal is coming from, who owns the network, and how communicate with the network owner).

Alternatively, the ability of those that wish to have open WAPs could find it quite difficult. Alternatively, everyone at a coffee house who has used an open WAP is a guilty as the guy sitting in the parking lot using the same WAP, for what is the factual distinction. Those inside the coffee house have no more knowledge of who owns the WAP and whether it is open that the person in the parking lot. The coffee house owner loses the value of the loss-leader free wifi service, if none of there customers can use the service without fear of arrest.

Others believe that piggy backing should be illegal.

Other WiFi Security Issues

IP Number Liability

• Your computer on the Internet has an Internet address, an IP number. Everything that is done on your computer leaves that IP number like a bread crumb trail across the Internet. If you visit a site, you IP number is left in the server log, and anyone looking at that log can see that IP number. That IP number belongs to a block of IP numbers assigned to your ISP. In order to trace that IP number back to you, the RIAA and other groups use DMCA to subpoena ISPs for the subscriber information associated with that IP number. What is provided to the RIAA is the name of the individual who subscribed to the ISP; not necessarily the person who visited that Internet site. In the case of home Internet accounts that have open WiFi access points attached to them, the person who visited the site in question can be anyone who wandered in range of the WiFi signal and piggy backed on the account. Even those who have secured Internet access at home, the person who visited the site in question could be any friend, guest, or relative that happened to visit that house and used that computer. Defendants having open WiFi access points have successfully used the argument that an IP number is not a human being and is not proof that the account owner did the bad deed; it could have been anyone who piggy backed onto the network. In a few other cases, cases have been improperly filed where the plaintiffs had the IP number misidentified. Nevertheless, a number of copyright litigations and criminal charges have been brought simply based on the identification of an IP number.
  • RIAA Attacks Open Wi-Fi Hotspots - Wants ISP account holder liable for all activity via Wi-Fi, Broadband Reports 2/23/2007

Network Security

• Open wifi networks also create an open door to computers on your network. Depending on the configuration of your computers and your access point, hackers can get access, steal information and upload malicious software.

Eavesdropping

• Data sent between computers over WiFi is out in the open and can be intercepted by anyone within range. Data sent between computers using security will be encrypted and if intercepted is difficult to read (WiFi encryption has reportedly been cracked, but still creates a substantial barrier to reading intercepted traffic). Transmissions over open WiFi access points is not encrypted and is easy to read.

Acceptable Use Policies

• The AUP that a subscriber has with its Internet access provider may (or may not) prohibit sharing of Internet access outside the household (or whomever the AUP restricts it to. If you have an open WiFi access point, you may be in breach of contract. Note that there have been Internet access providers that actively support sharing of access, and will even set up a billing system to enable you to do it for a fee. Also, if your a coffee house and you want to share as a loss-leader, you may be able to acquire a hirer tiered service (one that assumes greater bandwidth consumption) that permits sharing.

Other Law

• Computer Fraud and Abuse Act (requiring something more than mere access - such as $5000 worth of damages)
• Computer Hacking and Unauthorized Access Laws, National Conference of State Legislatures
• Restatement (Second) of Torts § 892 (“If words or conduct are reasonably understood by another to be intended as consent, they
  constitute apparent consent and are as effective as consent in fact.”)
• The Restatement (Second) of Torts § 217 “[a] trespass to a chattel may be committed by intentionally (a) dispossessing another of the chattel, or (b) using or intermeddling with a chattel in the possession of another.”

Statistics

• Sophos Press Release, Wi-Fi piggybacking widespread, Sophos research reveals (Nov. 15, 2007) (" The research, carried out by Sophos on behalf of The Times , shows that 54 percent of computer users have admitted breaking the law, by using someone else's wireless internet access without permission. " Conjecturing that "stealing wifi" deprives the ISP of revenue and slows down your neighbor's connection, without actual data to substantiate these guesses)
• A Wardriving We Will Go!, The Register Aug 23, 2007 (one in three mobile workers "routinely hijack wireless connections")
• Is Using Your Neighbor's wireless Internet connection stealing?, CNN Money (accessed January 13, 2008) (62% Yes; 38% No. 36938 Votes Cast).

Criminal Activity / Prosecution

• Defense
  • Capital Records, Inc., v Foster, Civ No 04-1569-W (WDOk Jul 13 2006)
  • Ken Fisher, The RIAA, IP Addresses, and evidence, ARS Technica (Aug. 3, 2006) (reporting on woman with open WAP, who was not a significant computer user, but who argued that multiple other people had access to the network and could have engaged in the alleged illegal downloading)
  • Movie Company Files Federal Piracy Suit Against Tri-State Man, WLWT Cincinnati (Dec. 12, 2005) (reporting that Paramount had brought a federal law suit against a man for uploading a movie to a P2P network, but the man claimed he had nothing to do with it and that it must have been down over his open WAP).
  • Jamie Stockwell, WiFi Turns Internet Into Hideout for Criminals, Washington Post, p. C01 (Feb. 11, 2007) (recounting story of policy attempting to raid an apartment in Arlington, Va in order to arrest a suspected pedophile, only to find an elderly woman with an open wifi access point).

Papers

• Cheryl Preston, WiFi in Utah: Legal and Social Issues, Utah Bar Journal, Vol. 20 No. 5, p. 29 (Sept./Oct. 2007) (arguing that "Allowing one's wireless to invade the neighbor's property without a filter or password is not First Amendment speech," it is a nuisance and should be prohibited by regulation).
• Matthew Bierlein, Policing the Wireless World: Access Liability in the Open WiFi Era, 67 Ohio St. L.J. 1123 (2006)
• HALE, ROBERT V., "Wi-Fi Liability: Potential Legal Risks in Accessing and Operating Wireless Internet" . Santa Clara Computer and High Technology Law Journal, Vol. 21, p. 543, 2005 Available at SSRN: http://ssrn.com/abstract=692881
• Benjamin D. Kern, Whacking, Joyriding and War-Driving: Roaming Use of Wi- Fi and the Law, 21 SANTA CLARA COMPUTER & HIGH TECH. L.J. 101 (2004)
• Patrick S. Ryan, War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics, 9 VA. J.L. & TECH. 7, 20 (2004)

News

• Bruce Schneier, Steal This WiFi, WIRED (Jan. 10, 2008)
• Robert McMillan, Survey: 12 Percent of Consumers 'borrow' Free Wi-Fi, PC World (April 16, 2008)
• Robert McMillan, Survey: 12 Percent of Consumers 'borrow' Free Wi-Fi, Network World (April 16, 2008)
• Rik Fairlie, Study finds that 14 percent of U.S. consumers "borrow" free Wi-Fi, ZDNET (April 22, 2008)
• Wi-Fi security still too complicated, expert claims, CW 3/13/2008
• Is Wi-Fi Bandwidth Theft A Real Problem? - What exactly can you be arrested for?, DSLreports 8/28/2007
• Can We Please Stop Arresting WiFi Users Using Open Networks?, Techdirt 8/24/2007
• Kevin G Hall, Wi-Fi Helps Child Porn Exchanges Thrive: The Proliferation of Easy Internet Access has given Traders of Child Pornography the Shelter of Anonymity, Miami Herald (July 17, 2007), at A1.
• Slurpr! Slurpr! For Fun Legal Questions, It's A Wonderful Toy., Tales from the Sausage Factory 6/8/2007
• Slurp! Stealing Broadband Just Got Easier - Hungry to get your hands on your neighbor's internet?, Broadband Reports 5/30/2007
• Mac Wi-Fi hijack demonstrated, CNET 3/1/2007
• Wi-Fi Theft Victims Lament - Apparently unaware of password protection, Broadband Reports 4/14/2006
• Hey Neighbor, Stop Piggy Backing on my Wireless, NYT Mar 5 2006
• Wifi Users Piggyback on Free Signals, Pittsburgh Tribune Review Mar 2006
• Declan McCullagh, FAQ: Wi-Fi mooching and the law, CNET 7/8/2005
• Wifi cloaks a new breed of intruder , Tampabay.com (July 4, 2005)
• Mark Rasch, WiFi High Crimes, Security Focus (May 3, 2004)
• How to Steal Wifi, Slate Nov 18 2004
• (Wifi) Bandwidth bandit faces jail term, Sydney 1/3/2007
• Warnings on woeful wi-fi security, BBC 3/11/2005
• Rany Cohen, The Way We Live Now: 2-8-04: The Ethicist; Wi-Fi Fairness, The New York Times, Feb. 8, 2004
• Take my Wi-Fi, please., USA Today 7/21/03
• Sniffing, war-chalking and more: A wireless vocabulary evolves, IDG 9/18/02
• Sharing Wi-Fi, CNET 7/31/02
• When The FCC Knocks On Your Door, ISP Planet 5/17/02
• Piggybacking as a Crime
  • Helen Nugent & Michael Sims, Hidden Crime of ‘Wi-Fi Tapping’, THE TIMES, Nov. 15, 2007
  • A wireless felony , WOOD TV 8 (June 18, 2007)
  • Police blotter: Open Wi-Fi blamed in child porn case, CNET 4/18/2007
  • The case of the stolen Wi-Fi: What you need to know, CW 8/9/2005
  • Steve Hargreaves, Stealing Your Neighbor's Net, CNN Money (Aug. 10, 2005)
  • Warning: Your Wi-Fi Is Vulnerable to Attack, BWO 8/8/2006
  • Wardriving Extortionist, Wifi Networking News 8/9/2005
  • Wardrivers Plead Guilty, Sentenced To Jail Time, CRN 8/9/2004
  • Stopping War Drivers In Their Tracks, TechTV 10/9/02
• Metaphors
  • Eric Bandeman, The Ethics of "Stealing" a WiFi Connection, ARS TECHNICA (Jan. 3, 2008) (" It's time to put an end to this silliness. Using an open WiFi network is no more "stealing" than is listening to the radio or watching TV using the old rabbit ears. If the WiFi waves come to you and can be accessed without hacking, there should be no question that such access is legal and morally OK. If your neighbor runs his sprinkler and accidentally waters your yard, do you owe him money? Have you done something wrong? Have you ripped off the water company? Of course not. So why is it that when it comes to WiFi, people start talking about theft? ")
  • John Dvorak, The Right Analogy for Wireless Spill Over, PC Magazine (Aug 1, 2005)
  • Finlo Rohrer, Is Stealing Wireless Wrong?¸ BBC News (Aug. 23, 2007), (quoting philosopher Julian Baggini who compared it to reading a book by the light of someone else's window or eating someone's leftovers).
  • Alan Graham, You Simply Can't Steal WiFi . . . , O'Reilly Mac DevCenter Blog (Jul. 25, 20005) (comparing borrowing of WiFi to sprinkler water running off of someone's and being collected in a bucket).

Securing Wireless Access Points

Consumer Information

• Securing Your Wireless Network, FTC Facts for Consumers (Mar. 2006) (PDF)
• Bradley Mitchell, 10 Tips for Wireless Home Networking Security, About.com (n.d.)
• Tips for Securing your Wireless Connection, Sophos
• WiFi Alliance Secure your WiFi
• US CERT Securing Wireless Networks
• On Guard Wireless Security

News

• Don't fall victim to the "Free WiFi" scam, CW 1/19/2007
• Wi-Fi concerns prompt new security laws, CW 1/9/2007
• How to protect yourself at wireless hot spots, CW 1/5/2007
• NIST 802.11 Wireless LAN Security Workshop December 4-5, 2002 Falls Church, Virginia

Papers

• Richard Hu, Pius Uzamere, Fei Xing, PARANOIA Security Standard for Wireless Networks MIT
• UM Study: Password Protecting Your Wireless Network is Not Enough; Clark School Issues Guidelines for Fending Off Wireless "Parasites," Harm from Unauthorized Access Points, Media, A. James Clark School of Engineering, University of Maryland (Aug. 22, 2007)
• Benjamin Fryson, Study: Passwords Alone Not Enough to Keep Wireless Networks Secure, Associated Content (Aug. 23, 2007), (discussing security risks of wireless networks)

Fraud

Evil Twins

• Wifi Alliance: How can Wi-Fi users protect themselves from Evil Twin threats?
• Does Your Wi-Fi Hotspot Have an Evil Twin? PC World
• 'Evil twin' fear for wireless net BBC