No such thing as a free lunch, even at BarCamp

antoin-at-barcamp.jpgOver coffee at BarCamp last Saturday with Marie Boran (of Silicon Republic) and Antoin Ó Lachtnáin, conversation turned to last week’s news reports (BBC | | The Register) that two people (let’s call them the leeches) were arrested in the UK and cautioned for using other people’s (let’s call them the routers’) wifi without permission. There are interesting questions of legal liability here, both for the leech and for the router, and they came up again in the context of Antoin’s presentation later that day about fon. That’s Antoin preaching the fon gospel in the photo on the left. Here, I want to discuss some of the legal issues, before turning to Antoin’s presentation.

Let’s look first at the liability of the leech. Last week’s case, and another similar one two years ago (BBC | | The Register) in which a leech was fined St£500, concerned section 125 of the Communications Act 2003, relating to dishonestly obtaining electronic communications services. Section 125(1) provides

A person who-
(a) dishonestly obtains an electronic communications service, and
(b) does so with intent to avoid payment of a charge applicable to the provision of that service,
is guilty of an offence.

This seems clear enough; unfortunately, however, Irish law on the point isn’t as lucid. In an idle moment, I emailed a few lawyers asked them for their opinions. TJ McIntyre pointed to section 99(1) of the Postal and Telecommunications Act, 1983 (also here) which provides:

A person who wilfully causes the company to suffer loss in respect of any rental, fee or charge properly payable for the use of the telecommunications system or any part of the system or who by any false statement or misrepresentation or otherwise with intent to defraud avoids or attempts to avoid payment of any such rental, fee or charge shall be guilty of an offence.

But, as Daithí Mac Síthigh points out on his WiFi Odyssey (a tremendous post, well worth reading), the patchwork of subsequent amendments has made such a mess of this section that it has become terribly obscure, and the best that can be said is that it is, in Daithí­’s words, “sort of” an Irish version of the UK’s section 125. As a consequence, Steve Hedley suggested “unlawful use of a computer” (in section 9 of the Criminal Justice (Theft and Fraud Offences) Act, 2001 (also here)) and “criminal damage” (in section 5 of the Criminal Damage Act, 1991 (also here)) instead (both of these Acts are discussed with characteristic insight and flair by TJ McIntyre in “Computer Crime in Ireland. A critical assessment of the substantive law” (2005) 15 (1) Irish Criminal Law Journal 1). The conclusion to be drawn from all of this is that the leech will probably be liable, but it’s not as clear as perhaps it ought to be.

Even more interesting questions arise, though, when we turn to consider the potential liability not of the leech but of the router. Let us assume that the leech is piggybacking on the router’s wifi for the purposes of committing a criminal offence or causing harm to a third party (the victim). There is always the risk, of course, that the router will be found guilty of having actually committed the criminal offence in his or her own right (as happened in USA v Perez (US Court of Appeals for the 5th Circuit; 11 April 2007; (pdf)); hat tip The Register via; but these cases will very often run into significant evidential difficulties. More common will be arguments that the router should be made criminally liable for facilitiating the leech’s commission of the criminal offences.

We fear the new. And, in many ways, the internet is still new, wifi newer still. As Lilian Edwards observes (in “The internet and security: do we need a man with a red flag walking in front of every computer?” (2007) 4 (1) SCRIPT-ed 1 (March 2007)), rather like those who feared cars so much that early models had to be preceded by a man walking ahead with a red flag to warn people of the approach of the new-fangled invention, there are now those who would red-flag everything about the internet. And those who fear the new would say that it’s obvious that the router should be liable for the activities of the leech. But is it?

I don’t think so. If you walk up my garden path and then shoot my neighbour over our shared garden wall, I have no legal liability, even/especially if you were trespassing on my garden path at the time. Or, if I lend you my hammer, and you use it not only for some DIY but also to break a window for a robbery, or an assault, or worse. It may have been my hammer, but I am not liable for your criminal acts. Still less would I be liable if you had stolen my hammer (even if I keep it in my toolbox in my garden shed, but neither has a lock, and it’s easy to jump the wall into my garden). Or, say I lend you my car, and you use it as a getaway vehicle from a crime; I am not liable for your crime. Still less if you steal it. Let me labour the point with one more example, closer to this issue: say you steal my mobile phone and commit an offence, say of making threatening phone calls – I am most certainly not liable for that. In all of these examples, when you trespass on my garden path, or steal my hammer or car or phone, I am not liable, just as I would not be if you were to leech my wifi.

Of course, according to section 7(1) of the Criminal Law Act, 1997 (also here):

Any person who aids, abets, counsels or procures the commission of an indictable offence shall be liable to be indicted, tried and punished as a principal offender.

But the cases establish that this secondary liability depends on knowledge by the accessory not only that a crime was going to be, or had been, committed, but also that his or her action assisted in its preparation, commission, or aftermath. It it therefore only where the leech knows that the router wishes to use the wifi for criminal purposes that the router will also be liable under section 7(1) for the leech’s criminal offence.

Nor is the router likely to be directly liable to the victim in private law. It may very well be “an act of folly to leave one’s motor car in the public street, even for a short time, with the keys in the ignition” so that the theft of the car would be reasonably foreseeable, nevertheless the Supreme Court in Breslin v Corcoran [2003] 2 IR 203, [2003] 2 ILRM 189, [2003] IESC 23 (27 March 2003) held that the car owner would not usually owe a duty of care to someone injured by the thief’s negligent driving. Similarly, even if it is an act of folly for the router to leave wifi open, unprotected even by password, the router will not owe a duty of care to the victim of the leech’s activities.

Moreover, I don’t think it is an act of folly for the router to leave wifi open and unprotected. I don’t even think that it is naughty to have an open wireless router. On the contrary, if I have paid for it, I don’t mind others using it too, just as I would allow hillwalkers to the right to roam over hills, if I had any. That is why I found Antoin’s presentation at BarCamp last week so fascinating.

He wondered whether there could be a free lunch (even though, popularly, there ain’t no such thing), or at least free – or even cheap – wifi; and he introduced us to fon, the world’s largest wifi community. Its philosophy is beautifully simple:

At home, with your wireless broadband, you’re a wifi king; but on the road, you’re a wifi beggar. So, share some wifi at home, and get free fon wifi around the world.

Foneros (members of the fon community) use the fonera (a router with two channels) to allow some external access to an open second channel, and in turn have access to such open channels on other foneras on the road. There are various ways to become a member of the community or to pay for access to its open wifi; they have just done a deal for a signficant US roll-out (hat tip: Rebecca MacKinnon); and there are now 100,000 active hotspots on the fon maps. Indeed, some cities are now using fon for municipal wifi (contrast Daithí’s analysis of the situation in Dublin).

I think this is a wonderful idea. Moreover, many of the possible legal problems discussed above fall away with this model. Everyone on fon is registered, and all of the external traffic goes through a second channel, so the evidential issues with anonymous use of open wifi fall away. I look forward to becoming a fonero very soon; and eating lots of free (or at least paid-for-at-home) lunches on the road!