According to this AP story, a Florida man was arrested and charged with “unauthorized access to a computer network”, a third-degree felony, for sitting in his car and using somebody’s open WiFi access point.
The relevant Florida statute appears to be section 815.06(1)(a), which says that anyone who does the following is guilty of a third-degree felony:
willfully, knowingly, and without authorization … [a]ccesses or causes to be accessed any computer, computer system, or computer network
The AP story doesn’t give all of the facts, so I’ll assume hypothetically that the defendant drove up in front of the house, opened his laptop looking for free WiFi, took affirmative action to connect to the network, and used the network to access the internet.
The defendant in my hypo probably accessed the network “willfully” and “knowingly” because accessing the network was his purpose. The real action seems likely to come when the court has to determine what “authorization” means. The defendant in my hypo could probably claim that he reasonably believed his use to be authorized, since leaving a WiFi network open and unsecured is generally understood to authorize passers-by to access the internet using that network.
Certainly, there could be good facts and bad facts on this issue; if the complaining witness had a big sign in his front window saying “Free WiFi! Enjoy!”, or if the complaining witness set his network name to “PleaseUseSparingly” (as I do), the prosecution would have a tough time. If the SSID was hidden or the network was encrypted and the defendant had cracked the encryption, the prosecution would have a very easy time proving lack of authorization.
But let’s say the complaining witness just took his wireless router out of the box, plugged it in, and let it sit there. Is there authorization now? Should it matter whether the complaining witness knew he was opening his network up to the world? Is access “without authorization” if the complaining witness acted in a way that he did not intend as authorization but that nonetheless was interpreted by the defendant, reasonably and in good faith, as authorization?
Criminal law isn’t my area of expertise, but this case seems to raise some very interesting questions related to the widespread operation of computer networks by people with little expertise in the operation of computer networks and little knowledge of the social and technical norms surrounding those networks.
UPDATE: Computer crime expert Jennifer Granick comments below, arguing that courts should read a statute like Florida’s to require that the defendant knew that his access was unauthorized to avoid this problem. A brief she filed on the subject is available here.
UPDATE 2: The St. Petersburg times has this story on the arrest.
Sorry, the comment form is closed at this time.