That is a question posed by Kris Nelson on his blog, in propria persona. As usual, the answer is that “it depends”. I’ve already had a look at the issue from the perspective of potential criminal or civil liability if a user’s wifi is shared by a third party; and Daithí has taken the discussion several steps further. Now, Kris adds an additional consideration, directing the analysis to the terms of any contract between the ISP and the customer: he looks at
the “acceptable use policies” and “subscriber agreements” that you agree to when you sign up for broadband service
and he concludes that
sharing with Whisher or FON is likely tolerated by an ISP with an agreement like Comcast‘s [he chose Comcast, as they are his ISP] but they have full rights to cut you off if they don’t like it, or don’t like your particular sharing, or don’t like what others you share with are doing … so keep that in mind.
A similar exercise with Irish broadband providers’ terms and conditions doesn’t provide much comfort for those seeking an affirmative answer to the question in the title to the post. For example, BT’s terms and conditions are here; they provide:
2.5 The Customer shall have sole responsibility for ensuring that the security settings on any wireless router (whether purchased from BT or a third party) used in connection with the Service are activated and configured correctly. The Customer shall ensure that all manufacturer instructions are followed correctly in relation to the wireless router security settings. BT shall have no liability for any unauthorised access by a third party to the wireless router, the Customer Equipment or the internet or any other loss arising from the Customer’s failure to correctly configure the security settings on the wireless router. ..
6. USE OF THE SERVICE
6.1 The Customer undertakes not to use the Service or the Equipment:(i) for any improper, immoral or unlawful purpose, nor cause any nuisance by the use of the Service, nor allow others to use the Service for any of the foregoing purposes or in a way that may cause degradation of service levels to other customers as determined by BT or put the BT network at risk; …
6.2 You shall ensure that all persons having access to the Service or the Equipment comply with the terms and conditions herein stated. …
6.4 You shall observe the provisions of the Acceptable Usage Policy as amended from time to time.
6.11 The Services shall only be used for consumer, domestic and/or personal purposes and for the avoidance of doubt shall not be used for any business purposes. …
Moreover, the relevant Acceptable Usage Policy largely echoes the terms and conditions, but additionally provides:
1. BT services are provided for the customer and the customer therefore agrees to neither share the service, nor use the service to share BT sensitive information with others.
Not very helpful, is it? Eircom’s terms and conditions (pdf) aren’t really very different; they provide:
5.10 … the Facility may only be used by Customers in accordance with eircom net’s Acceptable Usage Policy available at www.eircom.net.
7.10 … The Facility is provided solely for the Customer’s own use and the Customer shall not resell the Facility (or any part of the Facility) to any third party.
Again, that Acceptable Useage Policy (AUP) largely echoes the terms and conditions, but additionally provides:
2.2 eircom net’s services are provided to the Customer and the Customer therefore agrees to neither share the service, nor use the service to share eircom net sensitive information with any other person or body.
3.1 eircom net will use its reasonable endeavours to prevent unauthorised access to the Service by third parties, but shall have no liability to the Customer for any unauthorised access to the Customer’s computer system. The Customer is responsible for selecting and properly using any security procedures made available by eircom net as well as other procedures and measures necessary to safeguard and back-up the Customer’s files, data and programs or any other form of information.
So, the eircom terms and conditions, as amplified by the AUP, aren’t very helpful either.
Update (08 July 2007): As for Clearwire, Kris Nelson on his blog, in propria persona conducts a similar exercise for Clearwire‘s US terms, which seem materially identical to their Irish operation’s terms, and concludes:
… if you are sharing with responsible people you trust, Clearwire may well not bother you, but they have every right to terminate your service once you start sharing with “third parties” like your neighbors …
Anyway, everyone must know some terms and rules to protect themselves. Famous company Agnitum gives some recommendations about WiFi security: WiFi Security Basics
Microsoft, the UK Department of Trade and Industry and a number of other industry parties have recently launched the Get Safe Online web site. This is particularly useful since it contains a good deal of useful computer security related information aimed at both business and home users, but unusually it is well written and readable, easy to follow for both IT professionals and lay people alike.
http://www.getsafeonline.org
Another one bites the dust…
http://www.theregister.co.uk/2007/08/22/chiswick_wardriver/