I have mused on previous occasions on this blog (here and here) as to whether it really is the case that piggybacking on someone else’s open wi-fi connection is a criminal offence. I’m still not sure. Two months ago, the BBC reported Man arrested over wi-fi ‘theft’ and The Register reported Broadbandit nabbed in Wi-Fi bust.
The BBC report began: “A man has been arrested in connection with using a wi-fi broadband connection without permission”; whilst the Register‘s report began “A laptop user was collared by police community support officers in west London yesterday for allegedly pilfering someone else’s Wi-Fi”.
The BBC report continued: “He was initially detained by two Police Community Support Officers in Chiswick, west London, on Tuesday. They became suspicious when they saw the 39-year-old using his laptop outside a house in Prebend Gardens”; whilst the Register‘s report continued “Local rag The Richmond and Twickenham Times reports that the 39-year-old man was spotted on Tuesday morning working outside a house in Prebend Gardens, in leafy Chiswick” (the local newspaper’s report is here).
The BBC report explained “When questioned he admitted to using someone else’s unsecured wi-fi broadband connection. He has been bailed pending further inquiries. The case is now being handled by the Metropolitan Police’s computer crime unit”; whilst the Register‘s report explained ” After admitting using the broadband connection he was taken to the nearest cop shop and bailed until October pending further investigation by the Met’s computer crime unit [slow time of the year, eh, lads?]” (the Met’s Computer Crime Unit’s website is here).
The BBC report concluded “Det Con Mark Roberts said: ‘This arrest should act as a warning to anyone who thinks it is acceptable to illegally use other people’s broadband connections.’ Dishonestly obtaining free internet access is an offence under the Communications Act 2003 and a potential breach of the Computer Misuse Act’;” whilst the Register‘s report concluded “Using even an unsecured Wi-Fi network is an offence under the Communications Act 2003 and could be a breach of the Computer Misuse Act in some circumstances. Despite not having secured a conviction yet or even charged the man, DC Mark Roberts of the computer crime unit said: ‘This arrest should act as a warning to anyone who thinks it is acceptable to illegally use other people’s broadband connections’;” (section 125 of the Communications Act, 2003 is here; the Computer Misuse Act, 1990 is here).
Now, I don’t want to compare and contrast journalistic styles between the BBC and The Register, though of course, you may draw your own conclusions. Instead, I want to raise the question, yet again, of whether such piggybacking is indeed automatically illegal, or otherwise wrong. We don’t need a recent survey, though we’ve got one, to tell us that it happens all the time. You know how it goes. You’re sitting in a cafe, and several connections are open; or you’ve moved into a new neighbourhood or apartment block and haven’t arranged your broadband yet (or it will take a month or six weeks before it’s connected and live), and several connections are open, and you need to work; or you’re just too mean to pay (or even join fon) and there are lots of open connections, just sitting there, waiting for you; or you’re malevolent, and want to get up to all sorts of nefarious purposes on someone else’s open connection. Of course, many internet service providers seek to prevent their customers from having open wireless routers, but that doesn’t make it a crime. Only a statute can do that, and the Irish statutory position is unclear and obscure. The UK’s statues would seem to be clearer. For example, section 125(1) of the 2003 Act provides
A person who-
(a) dishonestly obtains an electronic communications service, and
(b) does so with intent to avoid payment of a charge applicable to the provision of that service,
is guilty of an offence.
However, suppose I pay my isp’s charge, so that they are not out of pocket; and suppose also that I have left my wifi open, so that you can wardrive and find it, and then piggyback on it; have you actually committed an offence under this section? By hypothesis, the charge applicable to the provision of the service has been paid. So, this section might not do what it is widely assumed that it does. On the other hand, section 1 of the 1990 Act provides
(1) A person is guilty of an offence if–
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
This would seem more expansive, and more likely to catch such wardriving and piggybacking. And it’s the clause on which most prosecutions for various species of illegal hacking are likely are to be based. So, for example, if someone tries to break into the security (see, eg, here and here, from the BBC website) around a closed wifi network, they will almost certainly be guilty of an offence under s1 of the 1990 Act.
Perhaps the case of the Chiswick wardriver, who was bailed until October (ie, now), will clarify exactly when wardriving and piggybacking are illegal in the UK. It will take an Act of the Oireachtas to sort out the Irish statutory mess.
Eoin,
I had been thinking the same thing over the weekend. I was reading Prof Ian O’Donnell’s exposé on CP on the Internet and the issues with proofs for the DPP. Would and act even clear it up?
Ronan
Well, an Act could clear up the issue of wardriving and piggybacking; but I didn’t see Ian’s exposé, so I don’t know whether an Act would clear that up.
Eoin,
Ian who you probably know from the UCD parish has just finished extensive work on the issue of CP in Ireland and the problems with proofs for the DPP. I believe similarly that an Act would not resolve the CP proof issue.
Does property law not come into this matter in Ireland, in re. airspace above ones house and ownership of same up to a certain point? Perhaps Paul Coughlan might be able to comment. Apart from the criminal aspects of accessing over wireless where ownership or a right to use is not in existence I feel that its hardly a crime to access something that is openly available on ones own property? Lets call that a devils advocate position on the matter in Ireland.
So a charge under criminal statute CJ (Theft and Fraud Offences) Act, 2001 SS. 4(1),(2) or 9 maximum penalty 10 years in prison or S.12 under burglary (max sentence 14 years) if the property right can be proven and indeed issues with the 1989 Child Pornography and Trafficking Act for various matters.
Wifi and WiMax are unlicensed spectrum in Ireland (and most other places) which makes matters worse. Couple that with a pile of dodgy Wifi routers and flaky WEP settings and we have a pile of work for some lawyers given time.
I apologise for the the typo above, I meant ‘an Act’ rather than ‘and Act’.
Ronan
Link to article: http://www.sbpost.ie/post/pages/p/story.aspx-qqqt=INSIDE+STORY-qqqs=agenda-qqqid=27665-qqqx=1.asp
This whole issue needs to go away, how am I supposed to know that unsecured Wi-Fi automatically means that the person who set it up is too dumb to know how to secure it? How am I supposed to know that the person doesn’t WANT me to use his Wi-Fi because he wants to share it with the community?
Suppose I have a sprinkler and it’s watering my lawn but it’s also spraying water out onto the street. So you park your car in front of my house and start soaping it up. Should I call the police and complain that you’re “stealing” my water? I was spraying it out into the street, how important can it be to me? It’s ridiculous to expect people who are spraying Wi-Fi internet access out onto the street to somehow be the victims if someone uses it.
And how the hell are the police alleging that accessing people’s unsecured Wi-Fi is “unauthorized?” The authorization takes place when the Wi-Fi router/adapter sends out the signal saying “Hello, I’m here, no password required.”