Wireless Hotspots and the Law

The following article appeared in the Feb 13/06 issue of Law Times in the monthly Bits & Bytes column that I have been writing for the past 12 years.

Not long ago wireless Internet access was mostly of use to laptop users. Now an increasing number of electronic devices are “Internet enabled” and capable of utilizing publicly accessible hotspots. For example, many PDAs have Web browsers that can be used to access the Internet or built-in e-mail clients that can synchronize over a wireless connection.

A number of Voice-over-IP telephone providers, such as Vonage, are beginning to provide wi-fi enabled handsets. There are also a number of handheld game consoles that have wireless Internet functionality that can be used to play multiplayer games against other people. Even some digital cameras now include wi-fi functionality that can be used to upload photographs to online photo services.

Many of these devices, once configured, may automatically attempt to establish an Internet connection using any open access point. As a person with such device moves from one physical location to another, the device may rescan the environment from tijme to time and then re-establish a new connection on its own.

An interesting question that arises is when is use of publicly accessible wireless access points is lawful and when is it not. There have been a few isolated examples of individuals being charged with certain offenses as a result of accessing private wi-fi access points although this has typically occurred in conjunction with other activity that was clearly illegal. In other words, the wireless connection was being utilized as a tool to further a different activity, such as hacking into computer systems or downloading child pornography, as opposed to simply pursuing an otherwise lawful purpose such as downloading some information or a map from the Internet.

Some organizations operate free hotspots as a community services. Libraries, more so in the United States than Canada, are a good example. In addition to providing public access to computers, many American libraries now also operate wireless access points for the convenience of their patrons. In some cases, municipalities may also operate free wireless “zones” in order to support their downtown commercial areas. For example, in Los Angeles, such zones have been set up in downtown Santa Monica, Culver City, West Hollywood and Burbank. A number of individual businesses may also operate free access points. These currently include select food establishments, certain fitness clubs, and retailers such as Sony and Apple.

In some cases, it is clear whether or not a particular access point is intended for public access. For instance, many hotspots utilize a redirected web page that can display terms of use. Such terms may indicate that access is free and unrestricted, or can be used to indicate that access, while free, may be restricted to only a certain class of users (such as hotel guests) or for only a specified purpose.

The name of the access point (known as the SSID) may also be used to convey whether or not free access is intended. For example, the Lasik clinic at Toronto’s First Canadian Place utilizes an identifier that includes “Free Access” in its name. However, in many cases, it is simply not possible to tell whether the operator of the access point is intending to provide public access or has simply been negligent in not putting in place technical restrictions on access. Sony and Apple operate “open” access points in their stores but don’t actually put up signs advertising that those access points are open for public use.

There are also certain individuals that are likely intentionally not locking up access to their home wireless access points because they believing in sharing, either with the world at large or with other similarly situated individuals. For example, a network called FON has sprung up where individual members can freely access each other’s wireless access points.

It should be clear that certain activities are (or should be) illegal. For example, any attempt to obtain unauthorized access to a wireless facility where an owner has put in place any technical restriction (even if weak or easy to break), any attempt to interfere with the legitimate use by other users (for example, by mounting “denial of service” attacks) or any attempt to intercept wireless communications of other users (whether or not encryption is being utilized) should trigger criminal liability. Also, any attempt to use even an “open” wireless to further an illegal purpose should be prosecutable.

However, it is submitted that simply accessing an otherwise open access point without any reasonable notice that such use is prohibited should not result in a prosecutable offense. Maybe, just like standards have been developed to embed a “broadcast flag” into television programs that are subject to digital rights management, someone should invent a “public access” flag for wireless access points.