The Legality of Accessing Someone Else’s Wi-Fi

9 Aug ’05

A lot of ink has been spilled on this topic in the U.S. lately – I’m not sure why – perhaps it’s just one story ricocheting across the ‘net, perhaps many writers are coming to the topic at the same time. It’s most likely the latter, with everyone driven to the keyboard by the recent Florida and UK cases involving arrests for unauthorized access to wifi signals or the recent California case of the illegal cantenna.

We seem to be accelerating towards fear and loathing on this topic, and I’m not sure why – perhaps it’s a sign of the times, with all of our concerns about security these days. Sharing access seems an entirely sensible thing to do, assuming adequate precautions are taken (this of course is the reason for the many muniwifi projects springing up across North America). But in the meantime, a lot of angst is being generated in the media, generally using words like “hack”, “threat”, “security risk” and the like. For my part, I think wireless is good; free wireless is very good, and free wireless everywhere – well, that’s heaven. To my mind, connectivity ought to be a resource as ubiquitous and free as the air it passes through.

Oddly enough, it appears that the wifi signals in the Florida and UK cases were unprotected. Consider, for example, that wi-fi driver software will often connect you automatically to the strongest available unprotected signal. Is this criminal behaviour? If it isn’t, what does it matter if someone intentionally accesses the unprotected signal? Does it matter if the operator of the access point does not know enough to conceal the SSID to prevent inadvertent access? With flat rate pricing, and more than enough bandwidth generally to go around, what exactly is being “taken”? One has to wonder whether all of this doesn’t raise enough of an argument about what it means for access to be authorized or not to keep the courts befuddled for long enough for public policy to weigh in …

We have laws in Canada that appear to be on point, though I’m not aware of any case where they’ve been used to prosecute unauthorized access to a wi-fi signal, protected or otherwise.

I’m hoping that what we see first, before a rush to legislate, is clear policy on how to manage the spectrum. For example, there’s good reason to argue that if one turns on a wireless access point, one ought to be responsible for that signal, and wherever it happens to leak, outside of one’s house, for example. Essentially, the argument goes, if you transmit the signal, you should have to protect it, and if you don’t, anyone else should be able to access it to connect to the internet. It’s not necessarily the case, from a policy perspective, that strangers to an unprotected signal ought to be automatically shut out of it, and criminalized for accessing it.

Sharing is not ideal for the telcos (and their terms of service generally do not permit this), but hopefully this will not drive policy. There’s a slight analogy here, perhaps, to the use of celphones on airplanes. I’ve been convinced for a while that there is in fact no safety hazard to their use, and that the reason for the ban (quite apart from the very sensible goal of not annoying passengers into senseless acts of interpassenger violence) is (i) because celphones used inflight can access the network for free, essentially, because of peculiarities in the way the signal is transmitted to the network from an altitude, and (ii) to protect the airlines’ revenue streams from the (wildly overpriced) inflight telephone services they operate. All of which is to say that I’ve always been suspicious that the ban was there to serve established commercial interests who are most able to lobby legislators for special treatment.

For a sometimes raucous and always provocative and entertaining debate on some of these ideas, see the TWiT Podcast #16, available here, particularly the comments of John C. Dvorak.

Update: for more on setting up a shared wifi connection, see the TWiT Podcast #17 Q&A session, available here.

Previous post:

Next post: