Every now and again a report flies across the network about the police breaking down someone's door and attempting to arrest the home owner for bad things online - assuming that whatever happened from that person's Internet connection is their fault. Now their are lots of problems with this - lots of problems. But one of the big ones is that anyone can access an open access point; there is no way of knowing who did what at an open access point or ascribing that activity to the owner. And all the police have to do is pull out the WiFi device they probably have in their pocket to determine whether an access point is open or secured.
Stories such as this generally results in a flurry of phobic posts by friends warning each other to lock down their access points. This is not necessarily the right solution. There are lots of legitimate reasons for having an open access points - and the technology was specifically designed to permit open access points. The right solution would be for the legal community to mature in its comprehension that what transpires on an open access point cannot be ascribed to anyone.
A federal court in California recently considered the question of whether the owner of an access point has a duty to secure it. In AF HOLDINGS, LLC v. Doe, NDCA 2012, plaintiff sued John Doe for illegally downloading plaintiff's copyright protected video, and sued Defendant Hatfield for Defendant's negligent failure to secure the access point.
Okay first year law students, what are the elements of negligence? Duty, breach, cause, and damage. Does Defendant have a duty to Plaintiff?
Plaintiff is arguing that Defendant failed to act - failed to secure his network. A failure to act is called "non-feasance." To have a duty that is breached by inaction, says the court, requires Defendant to have a special relationship to Plaintiff. Or, to say it another way, you are not required to be a Good Samaritan - you are not required to act - unless there is a special relationship. The court states
Plaintiff has not articulated any basis for imposing on Defendant a legal duty to prevent the infringement of Plaintiff's copyrighted works, and the court is aware of none. Defendant is not alleged to have any special relationship with Plaintiff that would give rise to a duty to protect Plaintiff's copyrights, and is also not alleged to have engaged in any misfeasance by which he created a risk of peril.
The allegations in the complaint are general assertions that in failing to take action to "secure" access to his Internet connection, Defendant failed to protect Plaintiffs from harm. Thus, the complaint plainly alleges that Defendant's supposed liability is based on his failure to take particular actions, and not on the taking of any affirmative actions. This allegation of non-feasance cannot support a claim of negligence in the absence of facts showing the existence of a special relationship.
It aint Defendant's job (or anyone else for that matter) to protect Plaintiff's copyrights.
The court further notes that Plaintiff has attempted to recharacterize a copyright claim as a negligence claim. Such attempts to recharacterize copyright claims are preempted by the copyright act. Either someone is liable under the copyright act or not; recharacterizing such a claim as negligence doesnt work.
Finally, Defendant argues that he is immune from liability pursuant to 47 USC 230, the Good Samaritan Provision of the Communications Decency Act, which states that no provider of an interactive computer service shall be liable for the actions of a third party. In this case, Defendant arguably was a provider of Internet service to John Doe - the alleged downloader - and is not liable for whatever John Doe might have done. The court appeared persuaded by this argument, but concluded that since there was no negligence cause of action, and since the negligence cause of action was preempted, it was unnecessary to rule on the question of Sec. 230 immunity.
In short, according to this court:
- No duty to secure a WiFi access point;
- Any claim of breach of such duty resulting in copyright infringement would be preempted by copyright law; and
- Any attempt to impose liability on the WiFi access point owner would likely be defeated by Sec. 230 immunity.
Of course, there are good reasons to secure your WiFi access point. For one thing, it encrypts your communications from your computer to your WiFi access point, protecting against main-in-the-middle attacks or someone intercepting your communications. The Federal Trade Commission's Onguard Online project provides some helpful advice.