Legality of piggybacking

Laws regarding "unauthorized access of a computer network" exist in many locales, including the U.S. federal government, all 50 U.S. states, and other countries, though the wording and meaning differ from one to the next. However, the interpretation of terms like "access" and "authorization" is not clear, and there is no general agreement on whether piggybacking (intentional access of an open Wi-Fi network without harmful intent) falls under this classification.Cite journal
volume = 67
issue = 5
last = Bierlein
first = Matthew
title = Policing the Wireless World: Access Liability in the Open Wi-Fi Era
journal = Ohio State Law Journal
accessdate = 2007-09-01
year = 2006
format = PDF
url = http://moritzlaw.osu.edu/lawjournal/issues/volume67/number5/bierlein.pdf] Some jurisdictions prohibit it, some permit it, and others are not well-defined.

For example, a common but untested argument is that the 802.11 and DHCP protocols operate on behalf of the owner, implicitly authorizing use of the network. (This would not apply if the user has other reason to know that their use is unauthorized, such as a verbal or written notice.)

In addition to laws against unauthorized access on the user side, there are the issues of breach of contract with the Internet service provider on the network owner's side. Many terms of service prohibit bandwidth sharing with others, though others allow it. The Electronic Frontier Foundation maintains [http://www.eff.org/Infrastructure/Wireless_cellular_radio/wireless_friendly_isp_list.html a list of ISPs] that allow sharing of the Wi-Fi signal.

Australia

Under Australian Law, "unauthorised access, modification or impairment" of data held in a computer system is a federal offence under the Cybercrime Act 2001. [http://209.85.173.104/search?q=cache:216Ja3jDaXoJ:www.offi.gov.au/agd/www/Justiceministerhome.nsf/Page/245B439E57048428CA256B6B0082A1FB] The act refers specifically to "data" as opposed to network resources (connection).

In the state of Western Australia it could be construed as "Unlawful operation of a computer system".Fact|date=March 2008 The use of bandwidth or other resources could also be construed as theft if it involves deception then fraud.Fact|date=March 2008

Canada

In Canadian law, unauthorized access is addressed by Section 342.1 of the "Criminal Code of Canada". According to Section 342.1, "Every one who, fraudulently and without colour of right" obtains "computer services" from an access point is subject to criminal charges. (See [http://www.canlii.org/ca/sta/c-46/sec342.1.html Criminal Code of Canada, RSC 1985, c. C-46, s. 342.1 (1) (a)] )

In Toronto, a man was arrested with a WiFi-enabled laptop in his car, partially undressed. He was tapping into unprotected wireless networks to download child pornography. Ultimately, however, he was charged not for piggybacking, but for the pornography instead. [cite web
last = Shim
first = Richard
title = Wi-Fi arrest highlights security dangers
work =
publisher = CNet News.com
date = 2003-11-28
url = http://news.com.com/Wi-Fi+arrest+highlights+security+dangers/2100-1039_3-5112000.html
accessdate = 2007-04-09]

Hong Kong

Under HK Laws. Chapter 200 "Crimes Ordinance" Section 161 "Access to computer with criminal or dishonest intent":quote|(1) Any person who obtains access to a computer-: (c) with a view to dishonest gain for himself or another; or: (d) with a dishonest intent to cause loss to another,: whether on the same occasion as he obtains such access or on any future occasion, commits an offence and is liable on conviction upon indictment to imprisonment for 5 years.

Singapore

In November 2006, a 17-year-old man, Garyl Tan Jia Luo, was arrested for tapping into his neighbour's wireless Internet connection. [cite news |url=http://www.iht.com/articles/ap/2006/11/11/asia/AS_GEN_Singapore_Internet_Charges.php |title=Singapore teen faces 3 years' jail for tapping into another's wireless Internet |publisher=International Herald Tribune |date=2006-11-10 |accessdate=2007-08-31] He faced up to three years' imprisonment and a fine under the Computer Misuse Act. [Singapore Statute | title=Computer Misuse Act | c
ed=1998] On 19 December, Tan pleaded guilty to the charge, [cite news|author=Chua Hian Hou |title=Wi-Fi Thief Pleads Guilty: 17-Year-Old Piggybacked on Neighbour's Network |publisher=The Straits Times |date=2006-12-20] and on 16 January 2007 he became the first person in Singapore to be convicted of the offense. He was sentenced by the Community Court to 18 months' probation, half of which was to be served at a boys' home. For the remaining nine months, he had to stay indoors from 10:00 pm to 6:00 am. He was also sentenced to 80 hours of community service and banned from using the Internet for 18 months; his parents risked forfeiting a S$5,000 bond if he failed to abide by the ban. Tan was also given the option of enlisting early for National Service. If he did so, he would not have to serve whatever remained of his sentence. [cite news|author=Chua Hian Hou |title=18-Month Net Ban, Community Service for PC Game Addict |publisher=The Straits Times |date=2007-01-17] [cite news|author=Ansley Ng |url=http://www.todayonline.com/articles/166274.asp |title=Illegal Wireless-Network User Sentenced to 18 Months' Probation |publisher=Today |date=2007-01-17]

On 4 January 2007, Lin Zhenghuang was charged for using his neighbour's unsecured wireless network to post a bomb hoax on-line. In July 2005, Lin had posted a message entitled "Breaking News – Toa Payoh Hit by Bomb Attacks" on an on-line forum managed by HardwareZone. Alarmed by the message, a forum user reported it to the authorities through the Government of Singapore's [http://www.ecitizen.gov.sg eCitizen] website. Lin faced an additional 60 charges for using his notebook computer to illegally access the wireless networks of nine people in his neighborhood repeatedly. [cite news |author=Chua Hian Hou |title=21-Year-Old in Second Wi-Fi Case: The Charge: Using Neighbour's Network to Make Bomb Threat |publisher=The Straits Times |date=2007-01-05] cite news|author=Chua Hian Hou |title=Online Bomb Hoax: Youth Pleads Guilty: Then-Poly Student Made the Posting Because he was 'Sleepless and Bored' |publisher=The Straits Times |date=2007-02-01] Lin pleaded guilty to one charge under the Telecommunications Act [Singapore Statute | title=Telecommunications Act | c
ed=2000] and another nine under the Computer Misuse Act on 31 January. He apologised for his actions, claiming he had acted out of "stupidness" and not due to any "malicious or evil intent". On 7 February he was sentenced by District Judge Francis Tseng to three months' jail and a S$4,000 fine. The judge also set sentencing guidelines for future 'mooching' cases, stating that offenders would be liable to fines and not to imprisonment unless offences were "committed in order to facilitate the commission of or to avoid detection for some more serious offence", as it was in Lin's case. [cite news|author=Chua Hian Hou |title=Bomb Hoax Youth Gets 3 Months' Jail, $4,000 Fine |publisher=The Straits Times |date=2007-02-08] [cite news |author=Leong Wee Keat |url=http://www.todayonline.com/articles/170699.asp |title=Bomb-Hoax Youth Gets 3 Months' Jail |publisher=Today |date=2007-02-08.]

United Kingdom

The Computer Misuse Act 1990, section 1 reads: [ [http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm Unauthorised access to computer material] - Computer Misuse Act 1990 (c. 18)]

quote|(1) A person is guilty of an offence if—: (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;: (b) the access he intends to secure is unauthorised; and: (c) he knows at the time when he causes the computer to perform the function that that is the case.

In London, 2005, Gregory Straszkiewicz was the first person to be convicted of a related crime, "dishonestly obtaining an electronics communication service". Local residents complained that he was repeatedly trying to gain access to residential networks with a laptop from a car. There was no evidence that he had any other criminal intent. [Cite news
last = Leyden
first = John
title = UK war driver fined £500
work = The Register
accessdate = 2007-09-02
date = 2005-07-25
url = http://www.theregister.co.uk/2005/07/25/uk_war_driver_fined/] He was fined £500 and given a 12-month conditional discharge. [Cite news
title = Wireless hijacking under scrutiny
publisher = BBC
accessdate = 2007-09-02
date = 2005-07-28
url = http://news.bbc.co.uk/2/hi/technology/4721723.stm]

In early 2006, two other individuals were arrested and received an official caution for "dishonestly obtaining electronic communications services with intent to avoid payment." [cite web
last = Griffiths
first = Peter
title = Two cautioned over wireless "piggy-backing"
work =
publisher = Reuters
date = 2007-04-18
url = http://www.reuters.com/article/internetNews/idUSL1848090220070418
accessdate = 2007-04-18] [Cite news
title = Two cautioned over wi-fi 'theft'
work = BBC
accessdate = 2007-09-02
date = 2007-04-17
url = http://news.bbc.co.uk/2/hi/uk_news/england/hereford/worcs/6565079.stm]

United States

Laws vary widely between states. Some criminalize the mere unauthorized access of a network, while others require monetary damages or intentional breaching of security features. The majority of state laws do not specify what is meant by "unauthorized access". Regardless, enforcement is minimal in most states even where it is illegal, and detection is difficult in many cases. [cite web
last = Goodwin
first = Janna
title = Computer Hacking and Unauthorized Access Laws
work = Telecommunications & Information Technology
publisher = National Conference of State Legislatures
date = 2006-03-10
url = http://www.ncsl.org/programs/lis/cip/hacklaw.htm
accessdate = 2007-04-09]

Some portable devices, such as the Apple iPod touch, allow casual use of open Wifi networks as a basic feature, and even use it for user geolocation.Specify|date=March 2008

Arrests

In St. Petersburg, 2005, Benjamin Smith III was arrested and charged with "unauthorized access to a computer network", a third-degree felony in the state of Florida, after using a resident's wireless network from a car parked outside. [Cite news
last = Leary
first = Alex
title = Wi-Fi cloaks a new breed of intruder
work = St. Petersburg Times
accessdate = 2007-09-02
date = 2005-07-04
url = http://www.sptimes.com/2005/07/04/State/Wi_Fi_cloaks_a_new_br.shtml] [Cite web
last = Bangeman
first = Eric
title = Florida man charged with felony for wardriving
work = Ars Technica
accessdate = 2007-09-02
date = 2005-07-07
url = http://arstechnica.com/news.ars/post/20050707-5068.html]

An Illinois man was arrested in January 2006 for piggybacking on a Wi-Fi network. David M. Kauchak was the first person to be charged with "remotely accessing another computer system" in Winnebago County. He had been accessing the Internet through a nonprofit agency's network from a car parked nearby and chatted with the police officer about it. He pleaded guilty and was sentenced to a fine of $250 and one year of court supervision. [cite web
last = Gonsalves
first = Antone
title = Illinois Man Fined For Piggybacking On Wi-Fi Service
work = TechWeb Technology News
publisher = TechWeb
date = 2006-03-24
url = http://www.techweb.com/wire/183702832
accessdate = 2007-04-09] [Cite news
last = Green
first = Chris
title = Man fined $250 in first area case of Internet piracy
work = The Rockford Register Star
accessdate = 2007-09-03
date = 2006-03-23
url = http://www.mail-archive.com/isn@attrition.org/msg05482.html]

In Sparta, Michigan, 2007, Sam Peterson was arrested for checking his email each day using a cafe's wireless Internet access from a car parked nearby. A police officer became suspicious, stating, "I had a feeling a law was being broken, but I didn't know exactly what". The man explained what he was doing to the officer when asked, as he did not know that the act was illegal. The officer found a law against "unauthorized use of computer access", leading to an arrest and charges that could result in a five year felony and $10,000 fine. The cafe owner was not aware of the law, either. "I didn't know it was really illegal, either. If he would have come in [to the coffee shop] it would have been fine." He was eventually sentenced to a $400 fine and 40 hours of community service. [Cite web
last = Cheng
first = Jacqui
title = Michigan man arrested for using cafe's free WiFi from his car
work = Ars Technica
accessdate = 2007-09-02
date = 2007-05-22
url = http://arstechnica.com/news.ars/post/20070522-michigan-man-arrested-for-using-cafes-free-wifi-from-his-car.html] [Cite news
last = Center
first = Patrick
title = A wireless felony
work = WOOD-TV
accessdate = 2007-09-02
date = 2007-06-18
url = http://www.woodtv.com/Global/story.asp?S=6546307] This case was featured on the Colbert Report. [http://blog.wired.com/27bstroke6/2007/10/stephen-colbert.html Video on Wired.com]

In 2007, Palmer, Alaska, 21-year old Brian Tanner was charged with "theft of services" and had his laptop confiscated after accessing a gaming website at night from the parking lot outside the Palmer Public Library, as he was allowed to do during the day. He had been asked to leave the parking lot the night before by police, which he had started using because they had asked him not to use residential connections in the past. He was not ultimately charged with theft, but could still be charged with trespassing or not obeying a police order. The library director said that Tanner had not broken any rules, and local citizens criticized police for their actions. [Cite news
last = Wellner
first = Andrew
title = Using free wireless at library described as theft
work = Anchorage Daily News
accessdate = 2007-09-03
date = 2007-02-24
url = http://www.adn.com/news/alaska/story/8667098p-8559268c.html] [Cite web
last = West
first = Jessamyn
title = Man using library wifi after hours gets laptop confiscated
work = librarian.net
accessdate = 2007-09-03
date = 2007-02-26
url = http://www.librarian.net/stax/1983/man-using-library-wifi-after-hours-gets-laptop-confiscated/] [Cite news
title = Man Busted for After-hours Library Wireless Use Won't Be Charged with Theft
work = Library Journal
accessdate = 2007-09-03
date = 2007-03-12
url = http://www.libraryjournal.com/article/CA6423269.html]

Legislation

In 2003, the New Hampshire [http://gencourt.state.nh.us/legislation/2003/HB0495.html House Bill 495] was proposed, which would clarify that the duty to secure the wireless network lies with the network owner, instead of criminalizing the automatic access of open networks. [Cite news
last = McWilliams
first = Brian
title = Licensed to War Drive in N.H.
work = Wired
accessdate = 2007-09-03
date = 2003-04-29
url = http://www.wired.com/gadgets/wireless/news/2003/04/58651?currentPage=all] [Cite web
last = Professor Orin Kerr
title = Would a New Hampshire bill really legalize war driving?
work = The Volokh Conspiracy
accessdate = 2007-09-01
date = 2003-04-30
url = http://www.volokh.com/2003_04_27_volokh_archive.html#200223941] It was passed by the New Hampshire House in March 2003, but was not signed into law. The current wording of the law provides some affirmative defenses for use of a network that is not explicitly authorized: [ [http://www.gencourt.state.nh.us/rsa/html/LXII/638/638-17.htm Text of Section 638:17 Computer Related Offenses] ]

quote|I. A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that: : (a) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or : (b) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or : (c) The person reasonably could not have known that his or her access was unauthorized.

New York law is the most permissive. The statute against unauthorized access only applies when the network "is equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of said computer or computer system". [http://law.onecle.com/new-york/penal/PEN0156.05_156.05.html] [http://wings.buffalo.edu/law/bclc/web/NewYork/ny3(a)(1)-.htm#156.05] [http://ypdcrime.com/penal.law/article156.htm#156.05] [http://www.internetlibrary.com/statuteitem.cfm?Num=11#05] In other words, the use of a network would only be considered unauthorized and illegal if the network owner had enabled encryption or password protection and the user bypassed this protection, or when the owner has explicitly given notice that use of the network is prohibited, either orally or in writing. ["Thus, open wireless access would only be actionable under this statute if the network operator has enabled encryption or password protection on the network, and users usurped this protection." - Bierlein] [Cite web
last = Rasch
first = Mark
title = WiFi High Crimes
work = SecurityFocus
accessdate = 2007-09-18
date = 2004-05-03
url = http://www.securityfocus.com/columnists/237 "In fact, the companion New York State computer crime law, NY Penal Code Section 156 (6), requires that, for using a computer service without authorization, the prosecutor must prove that the owner has given actual notice to potential hackers or trespassers, either in writing or orally. In the absence of such notice in New York, the hacker can presume that he or she has authorization to proceed, under state law."] Westchester County passed [http://www.westchestergov.com/idtheft/wifilaw.htm a law] , taking effect in October 2006, that prohibits commercial networks from being operated without a firewall, SSID broadcasting disabled, and a non-default SSID, in an effort to fight identity theft. Businesses that do not secure their networks in this way face a $500 fine. The law has been criticized as being ineffectual against actual identity thieves and punishing businesses like coffee houses for normal business practices. [Cite web
title = Wi-Fi Safety - Wireless Protection
work = Westchestergov.com
accessdate = 2007-09-18
url = http://www.westchestergov.com/idtheft/Wifiinfo.htm] [Cite web
last = Spiegel
first = Dana
title = Westchester County Law Requiring Secured Wi-Fi Networks
work = Wireless Community
accessdate = 2007-09-18
date = 2005-11-08
url = http://www.wirelesscommunity.info/2005/11/08/westchester-county-law-requiring-secured-wi-fi-networks/#comment-311] [Cite web
last = Spiegel
first = Dana
title = Westchester County Law Requiring Secured Wi-Fi Networks (again)
work = Wireless Community
accessdate = 2007-09-18
date = 2006-04-24
url = http://www.wirelesscommunity.info/2006/04/24/westchester-county-law-requiring-secured-wi-fi-networks-again/]

References