joegratz.net

July 7, 2005

Florida Man Arrested For Using Open WiFi Network

According to this AP story, a Florida man was arrested and charged with “unauthorized access to a computer network”, a third-degree felony, for sitting in his car and using somebody’s open WiFi access point.

The relevant Florida statute appears to be section 815.06(1)(a), which says that anyone who does the following is guilty of a third-degree felony:

willfully, knowingly, and without authorization … [a]ccesses or causes to be accessed any computer, computer system, or computer network

The AP story doesn’t give all of the facts, so I’ll assume hypothetically that the defendant drove up in front of the house, opened his laptop looking for free WiFi, took affirmative action to connect to the network, and used the network to access the internet.

The defendant in my hypo probably accessed the network “willfully” and “knowingly” because accessing the network was his purpose. The real action seems likely to come when the court has to determine what “authorization” means. The defendant in my hypo could probably claim that he reasonably believed his use to be authorized, since leaving a WiFi network open and unsecured is generally understood to authorize passers-by to access the internet using that network.

Certainly, there could be good facts and bad facts on this issue; if the complaining witness had a big sign in his front window saying “Free WiFi! Enjoy!”, or if the complaining witness set his network name to “PleaseUseSparingly” (as I do), the prosecution would have a tough time. If the SSID was hidden or the network was encrypted and the defendant had cracked the encryption, the prosecution would have a very easy time proving lack of authorization.

But let’s say the complaining witness just took his wireless router out of the box, plugged it in, and let it sit there. Is there authorization now? Should it matter whether the complaining witness knew he was opening his network up to the world? Is access “without authorization” if the complaining witness acted in a way that he did not intend as authorization but that nonetheless was interpreted by the defendant, reasonably and in good faith, as authorization?

Criminal law isn’t my area of expertise, but this case seems to raise some very interesting questions related to the widespread operation of computer networks by people with little expertise in the operation of computer networks and little knowledge of the social and technical norms surrounding those networks.

UPDATE: Computer crime expert Jennifer Granick comments below, arguing that courts should read a statute like Florida’s to require that the defendant knew that his access was unauthorized to avoid this problem. A brief she filed on the subject is available here.

UPDATE 2: The St. Petersburg times has this story on the arrest.

3 Comments

  1. Another interesting question is what the prosecution must prove about the defendant’s state of mind at the time of use. The Florida statute requires the use to be made “willfully”. (California only requires that the use be made knowingly and without permission.) Clearly, the prosecution has to show that the defendant intended to use the network. But does the prosecution have to show that the defendant knew that his use was without permission, or is an honest mistake on the part of the user a defense? I have argued under California law that, despite the plain language of the statute, the government must prove that the defendant knew that his use was without permission. Anything less criminalizes acts done with an innocent purpose and state of mind, which is rarely and sparingly done in the criminal law. If anyone is interested in the brief, its posted in edited format on my website.

    This makes a big difference at trial. If the router owner just sets the device up out of the box and has no filtering or encryption or security for the network, the prosecutor can still trot the owner into court to testify that the owner never gave defendant permission to use the wireless. At that point, the defense has to say that the owner is wrong, he gave implied permission for the reasons Joe stated above. A jury might have trouble with this. But if you have to show a guilty state of mind for the defendant, then even if the owner did not give permission, the user can point to all the reasons he thought that his access would be acceptable to the owner. This is a much better state of affairs because it allows the trivial de minimus uses that many of us make every day of other people’s wireless service, while still reaching those who circumvent security, ignore warnings or banner or hog bandwidth.

    Comment by Jennifer Granick — July 7, 2005 @ 3:14 pm

  2. Man Charged With Stealing Wi-Fi Signal

    via Nipper: “Police have arrested a man for using someone else’s wireless Internet network in one of the first criminal cases involving this fairly common practice.” [yahoo] update: more here…

    Trackback by Tech Law Advisor — July 7, 2005 @ 7:04 pm

  3. [...] tions. It would be nice if people used the SSID to indicate their preference. (Joe Gratz says he uses the SSID “PleaseUseSparingly&#82 [...]

    Pingback by Freedom to Tinker » Blog Archive » WiFi Freeloading Now a Crime in U.K. — August 1, 2005 @ 8:05 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Linkblog Atom Feed

Disclaimer Haiku:
West wind seems to say,
"This is not legal advice;
I'm not your lawyer."

(And if you're a client with whom I have a preexisting attorney-client relationship, this still isn't legal advice.)

In case you're wondering, this blog is also not intended as advertising, as a representation of anything but my personal opinion, or as an offer of representation.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 2.5 License.
[powered by WordPress.]
[generated in 0.299 seconds.]