the Irish for rights

No such thing as a free lunch, even at BarCamp

antoin-at-barcamp.jpgOver coffee at BarCamp last Saturday with Marie Boran (of Silicon Republic) and Antoin Ó Lachtnáin, conversation turned to last week’s news reports (BBC | OUT-LAW.com | The Register) that two people (let’s call them the leeches) were arrested in the UK and cautioned for using other people’s (let’s call them the routers’) wifi without permission. There are interesting questions of legal liability here, both for the leech and for the router, and they came up again in the context of Antoin’s presentation later that day about fon. That’s Antoin preaching the fon gospel in the photo on the left. Here, I want to discuss some of the legal issues, before turning to Antoin’s presentation.

Let’s look first at the liability of the leech. Last week’s case, and another similar one two years ago (BBC | OUT-LAW.com | The Register) in which a leech was fined £500, concerned section 125 of the Communications Act 2003, relating to dishonestly obtaining electronic communications services. Section 125(1) provides

A person who-
(a) dishonestly obtains an electronic communications service, and
(b) does so with intent to avoid payment of a charge applicable to the provision of that service,
is guilty of an offence.

This seems clear enough; unfortunately, however, Irish law on the point isn’t as lucid. In an idle moment, I emailed a few lawyers asked them for their opinions. TJ McIntyre pointed to section 99(1) of the Postal and Telecommunications Act, 1983 (also here) which provides:

A person who wilfully causes the company to suffer loss in respect of any rental, fee or charge properly payable for the use of the telecommunications system or any part of the system or who by any false statement or misrepresentation or otherwise with intent to defraud avoids or attempts to avoid payment of any such rental, fee or charge shall be guilty of an offence.

But, as Daithí Mac Síthigh points out on his WiFi Odyssey (a tremendous post, well worth reading), the patchwork of subequent amendments has made such a mess of this section that it has become terribly obscure, and the best that can be said is that it is, in Daithí’s words, “sort of” an Irish version of the UK’s section 125. As a consequence, Steve Hedley suggested “unlawful use of a computer” (in section 9 of the Criminal Justice (Theft and Fraud Offences) Act, 2001 (also here)) and “criminal damage” (in section 5 of the Criminal Damage Act, 1991 (also here)) instead (both of these Acts are discussed with characteristic insight and flair by TJ McIntyre in “Computer Crime in Ireland. A critical assessment of the substantive law” (2005) 15 (1) Irish Criminal Law Journal 1). The conclusion to be drawn from all of this is that the leech will probably be liable, but it’s not as clear as perhaps it ought to be.

Even more interesting questions arise, though, when we turn to consider the potential liability not of the leech but of the router. Let us assume that the leech is piggybacking on the router’s wifi for the purposes of committing a criminal offence or causing harm to a third party (the victim). There is always the risk, of course, that the router will be found guilty of having actually committed the criminal offence in his or her own right (as happened in USA v Perez (US Court of Appeals for the 5th Circuit; 11 April 2007; (pdf)); hat tip The Register via OUT-LAW.com); but these cases will very often run into significant evidential difficulties. More common will be arguments that the router should be made criminally liable for facilitiating the leech’s commission of the criminal offences.

We fear the new. And, in many ways, the internet is still new, wifi newer still. As Lilian Edwards observes (in “The internet and security: do we need a man with a red flag walking in front of every computer?” (2007) 4 (1) SCRIPT-ed 1 (March 2007)), rather like those who feared cars so much that early models had to be preceded by a man walking ahead with a red flag to warn people of the approach of the new-fangled invention, there are now those who would red-flag everything about the internet. And those who fear the new would say that it’s obvious that the router should be liable for the activities of the leech. But is it?

I don’t think so. If you walk up my garden path and then shoot my neighbour over garden wall, I have no legal liability, even/especially if you were trespassing on my garden path at the time. Or, if I lend you my hammer, and you use it not only for some DIY but also to break a window for a robbery, or an assault, or worse. It may have been my hammer, but I am not liable for your criminal acts. Still less would I be liable if you had stolen my hammer (even if I keep it in my toolbox in my garden shed, but neither has a lock, and it’s easy to jump the wall into my garden). Or, say I lend you my car, and you use it as a getaway vehicle from a crime; I am not liable for your crime. Still less if you steal it. Let me labour the point with one more example, closer to this issue: say you steal my mobile phone and commit an offence, say of making threatening phone calls – I am most certainly not liable for that. In all of these examples, when you trespass on my garden path, or steal my hammer or car or phone, I am not liable, just as I would not be if you were to leech my wifi.

Of course, according to section 7(1) of the Criminal Law Act, 1997 (also here):

Any person who aids, abets, counsels or procures the commission of an indictable offence shall be liable to be indicted, tried and punished as a principal offender.

But the cases establish that this secondary liability depends on knowledge by the accessory not only that a crime was going to be, or had been, committed, but also that his or her action assisted in its preparation, commission, or aftermath. It it therefore only where the leech knows that the router wishes to use the wifi for criminal purposes that the router will also be liable under section 7(1) for the leech’s criminal offence.

Nor is the router likely to be directly liable to the victim in private law. It may very well be “an act of folly to leave one’s motor car in the public street, even for a short time, with the keys in the ignition” so that the theft of the car would be reasonably foreseeable, nevertheless the Supreme Court in Breslin v Corcoran [2003] 2 IR 203, [2003] 2 ILRM 189, [2003] IESC 23 (27 March 2003) held that the car owner would not usually owe a duty of care to someone injured by the thief’s negligent driving. Similarly, even if it is an act of folly for the router to leave wifi open, unprotected even by password, the router will not owe a duty of care to the victim of the leech’s activities.

Moreover, I don’t think it is an act of folly for the router to leave wifi open and unprotected. I don’t even think that it is naughty to have an open wireless router. On the contrary, if I have paid for it, I don’t mind others using it too, just as I would allow hillwalkers to the right to roam over hills, if I had any. That is why I found Antoin’s presentation at BarCamp last week so fascinating.

fon logo, via the fon homepageHe wondered whether there could be a free lunch (even though, poularly, there ain’t no such thing), or at least free – or even cheap – wifi; and he introduced us to fon, the world’s largest wifi community. Its philosophy is beautifully simple:

At home, with your wireless broadband, you’re a wifi king; but on the road, you’re a wifi beggar. So, share some wifi at home, and get free fon wifi around the world.

Foneros (members of the fon community) use the fonera (a router with two channels) to allow some external access to an open second channel, and in turn have access to such open channels on other foneras on the road. There are various ways to become a member of the community or to pay for access to its open wifi; they have just done a deal for a signficant US roll-out (hat tip: Rebecca MacKinnon); and there are now 100,000 active hotspots on the fon maps. Indeed, some cities are now using fon for municipal wifi (contrast Daithi’s analysis of the situation in Dublin).

I think this is a wonderful idea. Moreover, many of the possible legal problems discussed above fall away with this model. Everyone on fon is registered, and all of the external traffic goes through a second channel, so the evidential issues with anonymous use of open wifi fall away. I look forward to becoming a fonero very soon; and eating lots of free (or at least paid-for-at-home) lunches on the road!

Related Tags: [ ]

11 Responses to “No such thing as a free lunch, even at BarCamp”

  1. Daithí says:

    Thanks for the honourable mentions. Something I’m still wondering about (and didn’t answer on my own post) is that if the offence is one that is ‘against’ the ISP – which it would seem to be, certainly in the case of s 99 of the P&T Act, and perhaps also so in the case of s 125 of the British Act – what is the position of the (e.g. broadband) subscriber who chooses to use an open router?

    One view of the provisions (which I would not take, but a judge might) is that using open wifi to make use of a broadband subscription without paying for it is a crime. Therefore if I am into Fon (which I would be, if I didn’t access the Web through an academic connection rather than a commercial one!), am I assisting others to evade payment of charges etc and thus also breaking the law? I would hope not – but as I said (in a different context) on my own post, we need clear, flexible statutory language on these points.

    (Query: if A is a BT customer and a Fonero and B is using A’s connection, but BT forbids A from sharing by contract, are both A and B rising to the level of dishonesty under s 125 CA 2003?)

  2. Eoin says:

    Not sure. I’ll have to think about that. Or, I could wait until you’ve worked it out, and then I’ll simply adopt that! An article in the Register tells me both that US law is equally unclear on all of this, and that California has introduced legislation which will force makers of wireless internet equipment to include, from 1 October 2007, guidance on keeping data secure on wireless connections. Oh dear.

  3. Ross Wynne says:

    Sorry for being slightly tangential but as a follow up to your comment…

    I’m sure you’re well aware of the BBC news article on the issue of WEP encryption used in wireless hubs. However if you look into the issue that BT’s wireless hubs that they supply to customers when they signup for broadband is actually defaulted to using the insecure WEP encryption algorithm. This does not bode well when modern laptops can break that form of encryption in under a minute. Surely the legal onus in this case is for the broadband provider to default the wireless setup to a stronger common encryption standard (WPA or WPA2) since they would be otherwise leaving the customer’s connection open for abuse.

    That’s my two cents…

  4. […] Eoin O’Dell writes about the legal risks of sharing wi-fi and about my presentation about FON …. I was amazed to hear that a couple of people have been prosecuted for wi-fi sharing in the UK. This might not seem to make much sense, but it makes FON an even better idea. […]

  5. Simon McGarr says:

    In what was probably my first ever attempt to address a legal question online, I examined whether using somebody else’s wifi was a crime.

  6. […] in propria persona. As usual, the answer is that “it depends”. I’ve already had a look at the issue from the perspective of potential criminal or civil liability if a user’s wifi […]

  7. Eoin says:

    Update (1 August 2007) from The Register via OUT-LAW:

    Wi-Fi spam man avoids can

    A US man who sent out pornographic spam while driving around Venice, California, has escaped imprisonment for his misdeeds. … Nicholas Tombros, 40, was sentenced to three years’ probation and six months’ home detention after he was convicted of emailing out thousands of advertisements for pornographic websites. The spam emails were sent from Tombros’s laptop using unsecured, unencrypted wireless internet access points he discovered while driving around in his car. … Tombros was, however, ordered to pay a $10,000 fine over his wrongdoing as part of a plea-bargaining agreement. …

    Tombros can consider himself more than fortunate to have escaped a tougher punishment, especially in comparison with other recent prosecutions for similar offences.

    For example, Singapore teenager Garyl Tan Jia Luo was given 18 months probation and an internet ban simply from hopping on his neighbour’s internet connection without permission, while a Michigan man who parked outside a local Wi-Fi cafe every day to check his email has been fined $400 and sentenced to 40 hours’ community service. Sam Peterson’s actions would have been perfectly lawful if he’d simply stepped inside the cafe to buy a coffee while he surfed the net. …

  8. Daithí says:

    Following up on the mention of Singapore, I read an interesting overview recently that mentioned the case mentioned in your last paragraph above, and also another case, that of Lin Zhenghuang (AP Report).

    The relevant law (Computer Misuse Act) says in s 6(1): “any person who knowingly … secures access without authority to any computer for the purpose of obtaining, directly or indirectly, any computer service” which is apparently based on what is now s 342 of the Criminal Code in Canada (and duplicated across a lot of the Commonwealth). It’s a slightly different trend than either the Comms Act 2003 or the Irish mishmash.

    I read reports of these two cases, by the way, in this note on Asian developments in Computer Law & Security Report (v 23 p 238 at 245, for anyone following at home).

  9. […] have mused on previous occasions on this blog (here and here) as to whether it really is the case that piggybacking on someone else’s open wi-fi […]

  10. […] (see also here and here, to which Bernie links), though (as I have said before on this blog, here, here and here) there are deep legal waters […]

  11. […] is human nature to fear the new. And for many of us, the internet is still new. I have pointed out before that Lilian Edwards observes (in “The internet and security: do we need a man with a red flag […]

Leave a Reply



Me in a hatHi there! Thanks for dropping by. I'm Eoin O'Dell, and this is my blog: Cearta.ie - the Irish for rights.

"Cearta" really is the Irish word for rights, so the title provides a good sense of the scope of this blog.

In general, I write here about private law, free speech, and cyber law; and, in particular, I write about Irish law and education policy.

Academic links


  • RSS Feed
  • RSS Feed
  • Subscribe via Email
  • Twitter
  • LinkedIn

Archives by month

Categories by topic

My recent tweets

Blogroll (or, really, a non-blogroll)

What I'd like for here is a simple widget that takes the list of feeds from my existing RSS reader and displays it here as a blogroll. Nothing fancy. I'd love a recommendation, if you have one.

I had built a blogroll here on my Google Reader RSS subscriptions. Google Reader produced a line of html for each RSS subscription category, each of which I pasted here. So I had a list of my subscriptions as my blogroll, organised by category, which updated whenever I edited Google Reader. Easy peasy. However, with the sad and unnecessary demise of that product, so also went this blogroll. Please take a moment to mourn Google Reader. If there's an RSS reader which provides a line of html for the list of subscriptions, or for each RSS subscription category as Google Reader did, I'd happily use that. So, as I've already begged, I'd love a recommendation, if you have one.

Meanwhile, please bear with me until I find a new RSS+Blogroll solution




Creative Commons License

This blog is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. I am happy for you to reuse and adapt my content, provided that you attribute it to me, and do not use it commercially. Thanks. Eoin

Credit where it’s due

The image in the banner above is a detail from a photograph of the front of Trinity College Dublin night taken by Melanie May.

Others whose technical advice and help have proven invaluable in keeping this show on the road include Dermot Frost, Karlin Lillington, Daithí Mac Síthigh, and Antoin Ó Lachtnáin.

Thanks to Blacknight for hosting.