Just when are wardriving and piggybacking illegal?

I have mused on previous occasions on this blog (here and here) as to whether it really is the case that piggybacking on someone else’s open wi-fi connection is a criminal offence. I’m still not sure. Two months ago, the BBC reported Man arrested over wi-fi ‘theft’ and The Register reported Broadbandit nabbed in Wi-Fi bust.

The BBC report began: “A man has been arrested in connection with using a wi-fi broadband connection without permission”; whilst the Register‘s report began “A laptop user was collared by police community support officers in west London yesterday for allegedly pilfering someone else’s Wi-Fi”.

The BBC report continued: “He was initially detained by two Police Community Support Officers in Chiswick, west London, on Tuesday. They became suspicious when they saw the 39-year-old using his laptop outside a house in Prebend Gardens”; whilst the Register‘s report continued “Local rag The Richmond and Twickenham Times reports that the 39-year-old man was spotted on Tuesday morning working outside a house in Prebend Gardens, in leafy Chiswick” (the local newspaper’s report is here).

The BBC report explained “When questioned he admitted to using someone else’s unsecured wi-fi broadband connection. He has been bailed pending further inquiries. The case is now being handled by the Metropolitan Police’s computer crime unit”; whilst the Register‘s report explained ” After admitting using the broadband connection he was taken to the nearest cop shop and bailed until October pending further investigation by the Met’s computer crime unit [slow time of the year, eh, lads?]” (the Met’s Computer Crime Unit’s website is here).

The BBC report concluded “Det Con Mark Roberts said: ‘This arrest should act as a warning to anyone who thinks it is acceptable to illegally use other people’s broadband connections.’ Dishonestly obtaining free internet access is an offence under the Communications Act 2003 and a potential breach of the Computer Misuse Act’;” whilst the Register‘s report concluded “Using even an unsecured Wi-Fi network is an offence under the Communications Act 2003 and could be a breach of the Computer Misuse Act in some circumstances. Despite not having secured a conviction yet or even charged the man, DC Mark Roberts of the computer crime unit said: ‘This arrest should act as a warning to anyone who thinks it is acceptable to illegally use other people’s broadband connections’;” (section 125 of the Communications Act, 2003 is here; the Computer Misuse Act, 1990 is here).

Now, I don’t want to compare and contrast journalistic styles between the BBC and The Register, though of course, you may draw your own conclusions. Instead, I want to raise the question, yet again, of whether such piggybacking is indeed automatically illegal, or otherwise wrong. We don’t need a recent survey, though we’ve got one, to tell us that it happens all the time. You know how it goes. You’re sitting in a cafe, and several connections are open; or you’ve moved into a new neighbourhood or apartment block and haven’t arranged your broadband yet (or it will take a month or six weeks before it’s connected and live), and several connections are open, and you need to work; or you’re just too mean to pay (or even join fon) and there are lots of open connections, just sitting there, waiting for you; or you’re malevolent, and want to get up to all sorts of nefarious purposes on someone else’s open connection. Of course, many internet service providers seek to prevent their customers from having open wireless routers, but that doesn’t make it a crime. Only a statute can do that, and the Irish statutory position is unclear and obscure. The UK’s statues would seem to be clearer. For example, section 125(1) of the 2003 Act provides

A person who-
(a) dishonestly obtains an electronic communications service, and
(b) does so with intent to avoid payment of a charge applicable to the provision of that service,
is guilty of an offence.

However, suppose I pay my isp’s charge, so that they are not out of pocket; and suppose also that I have left my wifi open, so that you can wardrive and find it, and then piggyback on it; have you actually committed an offence under this section? By hypothesis, the charge applicable to the provision of the service has been paid. So, this section might not do what it is widely assumed that it does. On the other hand, section 1 of the 1990 Act provides

(1) A person is guilty of an offence if–
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.

This would seem more expansive, and more likely to catch such wardriving and piggybacking. And it’s the clause on which most prosecutions for various species of illegal hacking are likely are to be based. So, for example, if someone tries to break into the security (see, eg, here and here, from the BBC website) around a closed wifi network, they will almost certainly be guilty of an offence under s1 of the 1990 Act.

Perhaps the case of the Chiswick wardriver, who was bailed until October (ie, now), will clarify exactly when wardriving and piggybacking are illegal in the UK. It will take an Act of the Oireachtas to sort out the Irish statutory mess.