Tuesday, January 27, 2009

"Steal More WiFi!"

"I also believe there should be a renewed focus here on professional development [of FCC staff]. Speaking and writing opportunities should be encouraged whenever practicable . . ." Ch. Copps, Jan. 26, 2009

-----

Released Monday evening: Cannon, Robert,'Steal More Wifi!'(January 26, 2009). Cybertelecom Research Paper No. 8. Available at SSRN: http://ssrn.com/abstract=1333404

----

This paper is released as version 0.9, a discussion draft. Your comments, reviews, opinions, corrections, and objections are encouraged and welcome. Please direct your comments to the author at rcannon100@yahoo.com, and please indicate whether you would like to be recognized as a reviewer of this paper and how you should be recognized. After comments have been received and considered, a final version of this paper will be released.

This paper is partly the result of preexisting research on the Cybertelecom website. Individual sections of this paper have been released as separate blog posts on the Cybertelecom blog. The survey of state law was posted on the Cybertelecom website. Comments and feedback have been incorporate into this draft.

Cybertelecom welcomes inquiries from journals that would be interested in publishing this paper.

----

Introduction

There has arisen a small litany of criminal prosecutions of nefarious dudes in long black trench coats that congregate outside coffee houses with their laptops, piggy backing on open WiFi networks in order to play World of Warcraft. The way in which these cases have unfolded demonstrates discomfort within the courts and amongst the public concerning the handling of these perpetrators.

Amongst the differing jurisdictions there is a lack of continuity of jurisprudence. How can something be stolen when it is offered to the public openly for free? If I use some of the wireless access, and it does not interfere with the owner's use of the access, how can this be a problem? Can there be a criminal violation where neither the perpetrator, nor the network owner, nor the police officer, were aware that anything wrong was transpiring? Of the dozen networks that show up in my WiFi scanner, how can I know which are okay to use and which are restricted? If something wrong is transpiring, what rules apply: theft of service, unauthorized access to a computer network, loitering? Can one steal unlicensed Part 15 spectrum?

Reacting against what appears to be an absurd scenario, many in the public and the legal community grapple with the appropriate metaphor for open WiFi. Generally these metaphors follow a spill-over paradigm that goes as follows: the network owner is provisioning something on the owner's real property, the excess of that thing spills outside the property, and an individual outside takes advantage of this excess. For example, a property owner provisions a light at night, the light spills outside of the owner's property, and an individual passing by uses the light in order to read a map; can it be said that the individual has "stolen" the light. Likewise, a property owner waters a yard, some of the water spills outside the property onto the neighbor's roses, and the neighbor uses that water to help care for the roses; has the neighbor stolen the water?

Arguments by metaphor, while well loved by the legal profession, are indirect and always contain some limitation that permits distinction. A direct argument that argues, not that WiFi is "like something else," but rather that WiFi cannot be stolen because of the regulatory classification of WiFi, is (hopefully) more compelling.

Previous attempts to contemplate the conundrum of open wireless access have approached the question from a criminal law point of view: is access to a computer network "unauthorized" and therefore criminal. The assumption is that this network is just like every other network, and therefore cybercrime precedent informs outcome. Communications policy, however, informs that this network is not like every other network. This network is unlicensed. This network is not owned. This network does not permit exclusion of, or interference with, others. It is a "commons." Because communications policy informs that the thing accessed cannot be owned, the cybercrime analysis of unauthorized access flounders.

There are two distinct discussions transpiring: a criminal law discussion of whether use of open wireless access points (WAPs) is unauthorized and theft, and, a communications policy discussion on how to deploy broadband to all Americans in a reasonable and timely basis, a policy which includes the use of unlicensed wireless services. This paper seeks to bring these two discussions together.

Fifteen years ago, the Federal Communications Commission set aside some radio frequencies for unlicensed use. To understand the significance of this change of rules, this paper will look back in history to review the policy objectives for licensing radio, and how the FCC could conclude that the licensing regime was no longer necessary for this swath of spectrum. This paper will note how the use of an unlicensed wireless commons fits within the FCC's larger broadband policy objectives.

With a better understanding of the object that is being alleged to be stolen, this paper will then explore the ramifications for the rules of authorized access. This recognition reframes the question from, "am I allowed to access the network," to a recognition that there are two conceptual networks at issue - an open wireless network that broadband policy informs one is authorized to access, and another network attached to the wireless network, that I must now ask, "am I allowed to access." I know I am allowed to access one space; I do not know whether I am allowed to access the next space.

The answer to the question of the "theft" of open wireless networks must satisfy both the objectives of cybercrime and also of communications policy. It must be consistent with the notions that unauthorized access to a private network is criminal, and that the federal government has the policy objective of increased deployment of broadband networks. A cybercrime law which seeks to slam the door shut on open wireless networks collides with a communications policy which seeks to promote broadband deployment through intermodal broadband deployment, including open wireless networks.

When one is in a commons space, and needs to know the boundary of that space and whether one can access the next space, trespass law helps. Trespass law informs that the owner of private property that wishes to restrict access to that property must provide notice that access is restricted; lacking such notice, a claim that one's access is unauthorized does not stand.

Finally this paper returns to the state prosecutions and state law. State law can generally be divided into two: those states which require network owners to provide notice that access is restricted, and those states which require an individual to learn whether access is restricted. A few states affirmatively follow the trespass model that explicit notice of restricted access must be provided. On the other hand, the reported prosecutions for unauthorized access to WiFi networks have occurred in states where the burden is on the individual to learn whether access is restricted.

The concept of theft assumes property. While theft (cybercrime) of a wireless service (communications policy) might have meaning where that service is licensed (a property right of a type), a disconnect between these two bodies of law becomes transparent with unlicensed networks (no property right).