Open WIFI Access Points — Should you use them, or is that illegal?

You are away from home or you office yet you need the internet, and you need it fast.  Your smartphone has it, but your files and program are on your laptop.  No sweat, you’re downtown near a bunch of apartments.  You see there is an open WIFI access point called “linksys.”

But should you use it?  It’s not your internet access point.  You don’t even know who’s internet you’d be using.

Wired.com has a Burning Question article on this very issue.  It’s a good read, and a quick synopsis.  However, if you want a more in-depth look then read on.

The Short Answer

Maybe yes, maybe no.  There are laws that can be used to prosecute someone for accessing an open WiFi hotspot.  However, it is unclear whether the facts involved in accessing an open WiFi connection will sustain a conviction under these laws.  The key question is whether you can be said to have intended to access another’s WiFi hotspot without authorization if that other person’s hotspot is “open.”  Read on for the long answer.

A Quick Primer On Criminal Law

Wired’s article spoke with two legal scholars who focus on law and technology — Jennifer Granick and Orin Kerr.  Granick is quoted as saying : “You have to know it was unauthorized . . . [o]therwise, you are an accidental criminal, and generally we don’t allow that.”1

What Granick means by this is that criminal laws tend to carry what’s called a mens rea requirement.2  Mens rea is latin for guilty mind.  Granick’s reference to our criminal system not allowing for accidental criminals is a reference to this.

The basic elements of a crime

In order to be convicted of a crime there must be some showing that the accused has such a guilty mind.  In the United States, this is best summarized by the Model Penal code’s four types of guilty minds: purposeful, knowing, reckless, and negligent.3  So each crime breaks down to two basic elements: the (1) actus reas4 and (2) mens reas.

So Granick’s reference to accidental criminals refers to situations where someone’s guilty act was, more or less, unintentional.  Granick specifically refers to situations where you leave your smartphone’s WiFi radio on and, as you drive around, it hops on and off open networks.5  In such a case the potentially guilty act, accessing an open WiFi connection without permission, isn’t done intentionally.  Rather, it’s done by accident (because you left your WiFi radio on; in fact, you don’t even know it’s happening).

Ignorantia juris non excusat — Ignorance of the law

It is important to distinguish this from intending to do an act, but not thinking the act is illegal.  Mens rea only covers the intent to do the act.  In the WiFi/smartphone/driving example above, you don’t intend to access a specific WiFi hotspot.  It just happens.

However, assume you don’t think such access is illegal.  Imagine, however, that it is.  Yet you access an open WiFi hotspot without permission by clicking on that specific hotspot on your computer or smartphone.  You’ve intentionally accessed the hotspot in contrast to your unintentional access in the WiFi/smartphone/driving example.

So, even though you didn’t know it was a ‘guilty act,’ you still intentionally did said act.  Ignorance of the law in this case is no excuse; all citizens are presumed to know the law.  We legal scholars (and lawyers) like to throw about the latin term for this: ignorantia juris non excusat lex.  (It’s even one of the tags this blog has for its posts!)

Crimes that might relate to accessing open WiFi hotpsots

There are two basic types of crime that may apply to accessing open WiFi connections.  First, local criminal law may apply.  Second, federal criminal law may apply.  Each of these will have different approaches.

Local criminal law

Local criminal law includes anything from the municipal ordinance level up to the state felony level.  There is great variety in the types of criminal laws that exist throughout the United States.  Unlike many other nations, U.S. laws tend to be state, or even local community, specific.

Nevertheless, most U.S. criminal laws share a common background.  Most states developed their criminal laws based on the common law inherited from England.  Even many statutory-based crimes are modeled after common law crimes.

Even so, the criminal common law does not apply very well to situations where someone accesses another’s open WiFi access point.  Most crimes evolve to be a deterrent against harms suffered by the victim.  Open WiFi use, however, appears to cause minimal to no harm.  Further, those laws that might apply run up against Jennifer Granick’s points regarding mens rea — you can’t be an accidental criminal.

The chief reason is that an open WiFi connection is just that: OPEN.  We’re not talking about WiFi connections which use any number of technical means to remain closed and, therefore, require authorization of some party before use.  One might argue an open WiFi connection is similar to an open piece of property that contains no signs or other information that might lead someone to believe it was not for open use.

Local ordinances, however, tend to meet the particular needs of local community.  Accordingly, these ordinances may do away with the actus reas/mens reas model and impose strict liability for the act of access an open WiFi connection without explicit authorization.  Even so, these ordinances tend to be lesser crimes that impose fines rather than jail time.  Violating an city ordinance, while expensive, won’t be much different than getting a parking ticket.

Federal criminal law — the Computer Fraud and Abuse Act of 1986

The most relevant federal law that might apply to accessing an open WiFi connection is the Computer Fraud and Abuse Act of 1986. 6 (It has been amended since 1986.)  Subsection (a)(2)(C) prohibits anyone from intentionally accessing a computer without authorization (or exceeding authorized access) and thereby obtaining “information from any protected computer.”7  Subsection (e)(2)(B) defines a protected computer as any computer used in or affecting interstate or foreign commerce or communication.8

This is a fairly broad set of criminal definitions.  The broad definition of ‘protected computer’ likely covers the wireless hotspot devices or routers used to create open WiFi hotspots.  Further, the information your computer needs to then connect to the internet likely falls under the accessing information requirement.  The big questions comes down to whether accessing an open WiFi connection can constitute unauthorized access. (Note that the access must be intentional, so this still prevents the accidental criminals referenced by Jennifer Granick in the Wired.com article.)

There are really two logical ways to approach the argument of whether accessing an open WiFi hotspot is done with or without authorization.  The first view presumes that authorization is implicit in the WiFi hotspot being open.  The second presumes that accessing any computer, such as these WiFi hotspots (the router or other equipment creating them) is unauthorized unless otherwise explicitly stated.

Implicit versus Explicit authorization

No statutes or cases in the U.S. currently clarify which of these two approaches is correct.  Intuition might leave most technophiles to say the first presumption — that open WiFi access points imply authorization — is the appropriate view.  After all, most technophiles view securing a wireless access point with something like WEP or WPA encryption as trivial.  This would then remove the access point from the “open” category.

Others might counter that what is trivial for some is not for others.  Add to this that companies making consumer equipment for these wireless access points initially defaulted their devices to be open and you have a slew of non-technophiles, like grandma and grandpa, setting up open WiFi connections because they know no better.  Further, why should the law support a presumption that another’s property — the access point equipment — can be used by anyone unless explicitly stated otherwise.  Failure to put a fence up in your yard doesn’t imply that your neighbors can use your yard for whatever purposes they wish.9

Why we should all listen to Orin Kerr — the reason for lack of clarity on this issue10

The Wired.com article quotes Orin Kerr as saying one main reason we don’t have clarity on this issue is that these charges tend to piggyback other more serious charges.11  Think of it as the kitchen-sink approach to criminal indictment — charge the defendant with as many crimes possible to encourage an eventual plea deal.  Two things happen to these types of claims — 1) the prosecution’s plan works and the defendant accepts a deal and pleads guilty or 2) the charges are dropped prior to trial so the trial can focus on the more meaty, serious charges12.

This prevent legal clarity because judicial opinions in our common law system are what dictate how ambiguities in cases are resolved.  There is no precedent to turn to without a judge ruling on whether the implicit or explicit authorization view should be applied.  As Orin Kerr says, accessing open WiFi hotspots is “probably OK, but you can’t rule out a prosecution.”13

Of course, this is little comfort for someone facing the legal bills of a prosecution.

Further Reading

A number of scholars have gone into greater detail on this subject than I have or can in this space.  I encourage anyone with a real interest in the topic to check them out.

My former lecturer and thesis adviser, Daithí Mac Síthigh at the University of East Anglia, has written an article examining open WiFi titled “Law in the Last Mile: Sharing Internet Access through WiFi.”14  The article focuses on the European perspective, although it touches on U.S. law.  Daithí also approaches the liability question from the view of both open WiFi accessor and open WiFi provider.

Steal More Wifi! by Robert Cannon examines actual prosecuted cases.15 Mr. Cannon also goes into more detail on state crimes applicable to open WiFi access scenarios.

  1. Burning Question: Is Wi-Fi Squatting Illegal?, Wired.com. []
  2. Some laws don’t have mens rea requirements, but these tend to be low-level crimes.  For example, parking tickets don’t have mens rea requirements. []
  3. A fifth exists in the Model Penal Code — strict liability.  This is the absence of a mens rea requirement, as in the traffic citation cases referenced in the above note. []
  4. Actus reas is a guilty act. []
  5. Burning Question: Is Wi-Fi Squatting Illegal?, Wired.com. []
  6. Computer Fraud and Abuse Act of 1986, 18 U.S.C. § 1030. []
  7. Computer Fraud and Abuse Act of 1986, 18 U.S.C. § 1030(a)(2)(C). []
  8. Computer Fraud and Abuse Act of 1986, 18 U.S.C. § 1030(e)(2)(B). []
  9. It should be noted, however, that social norms and even some laws do allow communal access in some cases.  For example, in England people are allowed to cut across open fields free of worry from trespass claims as long as they leave the land the way it was. []
  10. Besides the fact that Mr. Kerr is a generally accurate legal scholar. []
  11. Burning Question: Is Wi-Fi Squatting Illegal?, Wired.com. []
  12. Similarly, the charge might not be dropped, but it might also not be raised at trial, effectively dismissing it. []
  13. Burning Question: Is Wi-Fi Squatting Illegal?, Wired.com. []
  14. Daithí Mac Síthigh, Law in the Last Mile: Sharing Internet Access through WiFi (August 15, 2009). SCRIPT-ed, Vol. 6, No. 2, 2009. Available at SSRN: http://ssrn.com/abstract=1456285. []
  15. Cannon, Robert, Steal More Wifi! (January 26, 2009). Cybertelecom Research Paper No. 8. Available at SSRN: http://ssrn.com/abstract=1333404. []

No Comments

Leave a Reply

Your email is never shared.Required fields are marked *