If Joe Freeloader Checks His Email over an Open Wifi Connection, Is He a Felon? A Survey of State Computer Crime Law

This post was researched for the academic purpose of contrasting state legal approaches to authorized access, and their potential applicability to use of open WiFi networks. I seek to get at least a superficial answer to the following made up fictitious scenario:

Joe Freeloader stumbles upon an open WAP and seeks to use the Internet connection in order to engaged in some benign activity such as checking email. There is no malicious intent and no use of the network that interferes with or degrades the network.

Has Joe Freeloader violated state law? Is he a felon headed for the can? Who has the burden regarding information that network access is restricted; is the burden on the network user (aka Joe Freeloader) to acquire information that access is restricted - or is the burden on the network owner to provide notice of restricted access?

The outcome of the state legal analysis appears to fall into three buckets:

• The network user (Joe Freeloader) must know that access is unauthorized for access to be criminal (burden is on the network owner to provide notice).
  • The laws frequently state "an individual knowingly accesses a computer network without authorization." Here "knowingly" modifies "accesses a computer network" and "without authorization." It would therefore be a defense on the part of Joe Freeloader that he simply did not know whether there was a restriction or not. For the conditions of the statute to be satisfied, the individual has to affirmatively have actual knowledge that network access is restricted.
  • This creates a burden on the network owner to provide notice if network access is restricted.
  • This is consistent with the law of trespass to real property which requires the property owner to provide notice.
  • Some states place a burden on the network owner to secure a network that has restricted access. Other states place a burden on the network owner to provide actual or constructive notice that network access is restricted.
  • This category is marked as Burden on Network Owner
• No applicable law
  • Many state laws require malicious intent or harm to the network.
  • As my factual scenario assumes no malicious intent and no harm to the network, these laws are not applicable - and no further provision of the statute was found that covers our made up fictitious situation.
    • Text in red is the additional requirement that makes the statute "not applicable."
  • Where the only relevant law curtails only malicious behavior, it could be supposed that access to an open WAP that poses no network interference is permissible. But this is merely conjecture.
• Unauthorized access is prohibited (burden is on the network user to obtain information (to know) that access is authorized)
  • These state laws do not impose a "knowledge" condition. Access to a network is prohibited "without authorization" regardless of what the individual knows.
  • Where statutes frequently contain the important conjunction and read "an individual knowingly accesses a computer network and without authorization." These are two independent conditions; "knowingly" does not modify "without authorization" as above and therefore the network user cannot argue, "Well, I did not know it was not authorized."

One clear take away is that, in most states, it is not clear from a plain reading of the statute whether an individual using an open WAP to check email (and for no nefarious reason) is in violation of the law.

NB This chart is an academic exercise to contrast differing approaches to our made up fictitious legal scenario and explore how an effective law might be constructed. This chart does not provide legal answers or advice. Nor is this chart guaranteed to be an accurate reflection of the law of individual states; this chart does not explore state caselaw interpretation of statutory law nor legislative history. This list is by no means exhaustive, accurate, nor up to date. See disclaimer. This is just an exercise of sound and fury. If you know of better information that can improve this chart, drop CT a note.

State	Statute (emphasis added) [Editor's comments]	Open Network?
Alabama	Alabama Code Title 13A Article 5 Alabama Computer Crime Act. Section 13A-8-100 Short title. Section 13A-8-102 Offenses against intellectual property. (a) Whoever willfully, knowingly, and without authorization or without reasonable grounds to believe that he or she has such authorization, attempts or achieves access, communication, examination, or modification of data, computer programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network commits an offense against intellectual property. (b) Whoever willfully, knowingly, and without authorization or without reasonable grounds to believe that he or she has such authorization, destroys data, computer programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network commits an offense against intellectual property. (c) Whoever willfully, knowingly, and without authorization or without reasonable grounds to believe that he or she has such authorization, discloses, uses, or takes data, computer programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network commits an offense against intellectual property.	Not Applicable
Alaska	Alaska Statutes Sec. 11.46.200. Theft of services. (a) A person commits theft of services if. (3) the person obtains the use of computer time, a computer system, a computer program, a computer network, or any part of a computer system or network, with reckless disregard that the use by that person is unauthorized . Sec. 11.46.484. Criminal mischief in the fourth degree. (a) A person commits the crime of criminal mischief in the fourth degree if, having no right to do so or any reasonable ground to believe the person has such a right. (3) the person knowingly accesses a computer, computer system, computer program, computer network, or part of a computer system or network; Sec. 11.46.740. Criminal use of computer. (a) A person commits the offense of criminal use of a computer if, having no right to do so or any reasonable ground to believe the person has such a right, the person knowingly accesses, causes to be accessed, or exceeds the person's authorized access to a computer, computer system, computer program, computer network, or any part of a computer system or network, and, as a result of or in the course of that access, (1) obtains information concerning a person; (2) introduces false information into a computer, computer system, computer program, or computer network with the intent to damage or enhance the data record or the financial reputation of a person; (3) introduces false information into a computer, computer system, computer program, or computer network and, with criminal negligence, damages or enhances the data record or the financial reputation of a person; (4) obtains proprietary information of another person; (5) obtains information that is only available to the public for a fee; (6) introduces instructions, a computer program, or other information that tampers with, disrupts, disables, or destroys a computer, computer system, computer program, computer network, or any part of a computer system or network; or (7) encrypts or decrypts data. (b) In this section, "proprietary information" means scientific, technical, or commercial information, including a design, process, procedure, customer list, supplier list, or customer records that the holder of the information has not made available to the public. (c) Criminal use of a computer is a class C felony. [This turns on the definition of "reckless disregard" - however, as this appears to impose the burden on the network user who either has or lacks this recklessness, it goes in the "Burden on the Network User" bucket]	Burden on network user
Arizona	Ariz. Rev. Stat. § 13-2301(E) Definitions § 13-2316 Computer Tampering, Venue, Forfeiture, Classification A. A person who acts without authority or who exceeds authorization of use commits computer tampering by: 1. Accessing, altering, damaging or destroying any computer, computer system or network, or any part of a computer, computer system or network, with the intent to devise or execute any scheme or artifice to defraud or deceive, or to control property or services by means of false or fraudulent pretenses, representations or promises. 2. Knowingly altering, damaging, deleting or destroying computer programs or data. 3. Knowingly introducing a computer contaminant into any computer, computer system or network. 4. Recklessly disrupting or causing the disruption of computer, computer system or network services or denying or causing the denial of computer or network services to any authorized user of a computer, computer system or network. 5. Recklessly using a computer, computer system or network to engage in a scheme or course of conduct that is directed at another person and that seriously alarms, torments, threatens or terrorizes the person. For the purposes of this paragraph, the conduct must both: (a) Cause a reasonable person to suffer substantial emotional distress. (b) Serve no legitimate purpose. 6. Preventing a computer user from exiting a site, computer system or network-connected location in order to compel the user's computer to continue communicating with, connecting to or displaying the content of the service, site or system. 7. Knowingly obtaining any information that is required by law to be kept confidential or any records that are not public records by accessing any computer, computer system or network that is operated by this state, a political subdivision of this state or a medical institution. 8. Knowingly accessing any computer, computer system or network or any computer software, program or data that is contained in a computer, computer system or network.	Not Applicable
Arkansas	Ark. Code 5-41-104. Computer trespass. (a) A person commits computer trespass if the person intentionally and without authorization accesses, alters, deletes, damages, destroys, or disrupts any computer, computer system, computer network, computer program, or data. (b) Computer trespass is a: (1) Class C misdemeanor if it is a first violation that does not cause any loss or damage; (2) Class B misdemeanor if it is a: (A) Second or subsequent violation that does not cause any loss or damage; or (B) Violation that causes loss or damage of less than five hundred dollars ($500); (3) Class A misdemeanor if it is a violation that causes loss or damage of five hundred dollars ($500) or more, but less than two thousand five hundred dollars ($2,500); and (4) Class D felony if it is a violation that causes loss or damage of two thousand five hundred dollars ($2,500) or more.	Burden on Network User
California	CAL. PENAL CODE § 502 (c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense: (1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data. (2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network. (3) Knowingly and without permission uses or causes to be used computer services. (4) Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network. (5) Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. (6) Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section. (7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network. (8) Knowingly introduces any computer contaminant into any computer, computer system, or computer network. (9) Knowingly and without permission uses the Internet domain name of another individual, corporation, or entity in connection with the sending of one or more electronic mail messages, and thereby damages or causes damage to a computer, computer system, or computer network.	Burden on Network User
Colorado	COLO. REV. STAT. § 18-5.5-102 (1) A person commits computer crime if the person knowingly: (a) Accesses a computer, computer network, or computer system or any part thereof without authorization; exceeds authorized access to a computer, computer network, or computer system or any part thereof; or uses a computer, computer network, or computer system or any part thereof without authorization or in excess of authorized access; or (b) Accesses any computer, computer network, or computer system, or any part thereof for the purpose of devising or executing any scheme or artifice to defraud; or (c) Accesses any computer, computer network, or computer system, or any part thereof to obtain, by means of false or fraudulent pretenses, representations, or promises, money; property; services; passwords or similar information through which a computer, computer network, or computer system or any part thereof may be accessed; or other thing of value; or (d) Accesses any computer, computer network, or computer system, or any part thereof to commit theft; or (e) Without authorization or in excess of authorized access alters, damages, interrupts, or causes the interruption or impairment of the proper functioning of, or causes any damage to, any computer, computer network, computer system, computer software, program, application, documentation, or data contained in such computer, computer network, or computer system or any part thereof; or (f) Causes the transmission of a computer program, software, information, code, data, or command by means of a computer, computer network, or computer system or any part thereof with the intent to cause damage to or to cause the interruption or impairment of the proper functioning of or that actually causes damage to or the interruption or impairment of the proper functioning of any computer, computer network, computer system, or part thereof. 18-5.5-101. Definitions. (1) "Authorization" means the express consent of a person which may include an employee's job description to use said person's computer, computer network, computer program, computer software, computer system, property, or services as those terms are defined in this section.	Burden on Network Owner
Connecticut	CONN. GEN. STAT. Sec. 53a-251. Computer crime. (a) Defined. A person commits computer crime when he violates any of the provisions of this section. (b) Unauthorized access to a computer system. (1) A person is guilty of the computer crime of unauthorized access to a computer system when, knowing that he is not authorized to do so, he accesses or causes to be accessed any computer system without authorization. (2) It shall be an affirmative defense to a prosecution for unauthorized access to a computer system that: (A) The person reasonably believed that the owner of the computer system, or a person empowered to license access thereto, had authorized him to access; (B) the person reasonably believed that the owner of the computer system, or a person empowered to license access thereto, would have authorized him to access without payment of any consideration; or (C) the person reasonably could not have known that his access was unauthorized. (c) Theft of computer services. A person is guilty of the computer crime of theft of computer services when he accesses or causes to be accessed or otherwise uses or causes to be used a computer system with the intent to obtain unauthorized computer services.	Burden on Network Owner
Delaware	Del. Code § 932. Unauthorized access. A person is guilty of the computer crime of unauthorized access to a computer system when, knowing that the person is not authorized to do so, the person accesses or causes to be accessed any computer system without authorization. § 933. Theft of computer services. A person is guilty of the computer crime of theft of computer services when the person accesses or causes to be accessed or otherwise uses or causes to be used a computer system with the intent to obtain unauthorized computer services, computer software or data. (64 Del. Laws, c. 438, § 1; 70 Del. Laws, c. 186, § 1.) § 934. Interruption of computer services. A person is guilty of the computer crime of interruption of computer services when that person, without authorization, intentionally or recklessly disrupts or degrades or causes the disruption or degradation of computer services or denies or causes the denial of computer services to an authorized user of a computer system. (64 Del. Laws, c. 438, § 1.) § 935. Misuse of computer system information. A person is guilty of the computer crime of misuse of computer system information when: (1) As a result of accessing or causing to be accessed a computer system, the person intentionally makes or causes to be made an unauthorized display, use, disclosure or copy, in any form, of data residing in, communicated by or produced by a computer system; (2) That person intentionally or recklessly and without authorization: a. Alters, deletes, tampers with, damages, destroys or takes data intended for use by a computer system, whether residing within or external to a computer system; or b. Interrupts or adds data to data residing within a computer system; (3) That person knowingly receives or retains data obtained in violation of paragraph (1) or (2) of this section; or (4) That person uses or discloses any data which that person knows or believes was obtained in violation of paragraph (1) or (2) of this section. (64 Del. Laws, c. 438, § 1; 70 Del. Laws, c. 186, § 1.) § 936. Destruction of computer equipment. A person is guilty of the computer crime of destruction of computer equipment when that person, without authorization, intentionally or recklessly tampers with, takes, transfers, conceals, alters, damages or destroys any equipment used in a computer system or intentionally or recklessly causes any of the foregoing to occur. (64 Del. Laws, c. 438, § 1.) § 937. Unrequested or unauthorized electronic mail or use of network or software to cause same. A person is guilty of the computer crime of unrequested or unauthorized electronic mail: (1) When that person, without authorization, intentionally or recklessly distributes any unsolicited bulk commercial electronic mail (commercial E-mail) to any receiving address or account under the control of any authorized user of a computer system. This section shall not apply to electronic mail that is sent between human beings, or when the individual has requested said information. This section shall not apply to the transmission of electronic mail from an organization to its members or where there is a preexisting business relationship. No Internet/interactive service provider shall be liable for merely transmitting an unsolicited, bulk commercial electronic mail message in its network. No Internet/interactive service provider shall be held liable for any action voluntarily taken in good faith to block the receipt or transmission through its service of any unsolicited, bulk electronic mail which it believes is, or will be, sent in violation to disconnect or terminate the service of any person that is in violation of this article; or (2) When a person uses a computer or computer network without authority with the intent to: Falsify or forge electronic mail transmission information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers; or (3) When a person sells, gives or otherwise distributes or possesses with the intent to sell, give or distribute software which: a. Is primarily designed or produced for the purpose of facilitating or enabling the falsification of electronic mail transmission information or other routing information; b. Has only limited commercially significant purpose or use other than to facilitate or enable the falsification of electronic mail transmission information or other routing information; or c. Is marketed by that person or another acting in concert with that person's knowledge for use in facilitating or enabling the falsification of electronic mail transmission information or other routing information. (4) For the purposes of this section, conduct occurring outside of the State shall be sufficient to constitute this offense if such conduct is within the terms of § 204 of this title, or if the receiving address or account was under the control of any authorized user of a computer system who was located in Delaware at the time the authorized user received the electronic mail or communication and the defendant was aware of circumstances which rendered the presence of such authorized user in Delaware a reasonable possibility. (72 Del. Laws, c. 135, § 1; 70 Del. Laws, c. 186, § 1.) § 938. Failure to promptly cease electronic communication upon request. (a) A person is guilty of the computer crime of failure to promptly cease electronic communication upon request when that person intentionally, recklessly or negligently, fails to stop sending commercial electronic mail to any receiving address or account under the control of any authorized user of a computer system after being requested to do so. All commercial electronic mail sent to any receiving address within the State shall have information to the recipient on how to unsubscribe or stop further receipt of commercial electronic mail from the sender. (b) For the purposes of this section, conduct occurring outside of the State shall be sufficient to constitute this offense if such conduct is within the terms of § 204 of this title, or if the receiving address or account was under the control of any authorized user of a computer system who was located in Delaware at the time the authorized user received the electronic mail or communication and the defendant was aware of circumstances which rendered the presence of such authorized user in Delaware a reasonable possibility. § 939. Penalties. (a) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the first degree when the damage to or the value of the property or computer services affected exceeds $10,000. Computer crime in the first degree is a class D felony. (b) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the second degree when the damage to or the value of the property or computer services affected exceeds $5,000. Computer crime in the second degree is a class E felony. (c) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the third degree when: (1) The damage to or the value of the property or computer services affected exceeds $1,000; or (2) That person engages in conduct which creates a risk of serious physical injury to another person. Computer crime in the third degree is a class F felony. (d) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the fourth degree when the damage to or the value of the property or computer services affected exceeds $500. Computer crime in the fourth degree is a class G felony. (e) A person committing any of the crimes described in §§ 932-938 of this title is guilty in the fifth degree when the damage to or the value of the property or computer services, if any, is $500 or less. Computer crime in the fifth degree is a class A misdemeanor. (f) Any person gaining money, property services or other consideration through the commission of any offense under this subpart, upon conviction, in lieu of having a fine imposed, may be sentenced by the court to pay an amount, fixed by the court, not to exceed double the amount of the defendant's gain from the commission of such offense. In such case, the court shall make a finding as to the amount of the defendant's gain from the offense and, if the record does not contain sufficient evidence to support such a finding, the court may conduct a hearing upon the issue. For the purpose of this section, "gain" means the amount of money or the value of property or computer services or other consideration derived. (g) Amounts included in violations of this subpart committed pursuant to 1 scheme or course of conduct, whether from the same person or several persons, may be aggregated in determining the degree of the crime. (h) For the purposes of this subpart, the value of property or computer services shall be: (1) The market value of the property or computer services at the time of the violation; or (2) If the property or computer services are unrecoverable, damaged or destroyed as a result of a violation of this subpart, the cost of reproducing or replacing the property or computer services at the time of the violation. When the value of the property or computer services or damage thereto cannot be satisfactorily ascertained, the value shall be deemed to be $250. (i) Notwithstanding this section, the value of private personal data shall be deemed to be $500.	Burden on Network Owner
District of Columbia	None Found	Not Applicable
Florida	FLA. STAT. § 815.06 (1) Whoever willfully, knowingly, and without authorization: (a) Accesses or causes to be accessed any computer, computer system, or computer network; (b) Disrupts or denies or causes the denial of computer system services to an authorized user of such computer system services, which, in whole or part, is owned by, under contract to, or operated for, on behalf of, or in conjunction with another; (c) Destroys, takes, injures, or damages equipment or supplies used or intended to be used in a computer, computer system, or computer network; (d) Destroys, injures, or damages any computer, computer system, or computer network; or (e) Introduces any computer contaminant into any computer, computer system, or computer network, commits an offense against computer users.	Burden on network user
Georgia	GA. CODE § 16-9-92 (18) "Without authority" includes the use of a computer or computer network in a manner that exceeds any right or permission granted by the owner of the computer or computer network. § 16-9-93. Computer crimes defined; exclusivity of article; civil remedies; criminal penalties (a) Computer theft. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of: (1) Taking or appropriating any property of another, whether or not with the intention of depriving the owner of possession; (2) Obtaining property by any deceitful means or artful practice; or (3) Converting property to such person's use in violation of an agreement or other known legal obligation to make a specified application or disposition of such property shall be guilty of the crime of computer theft. (b) Computer Trespass. Any person who uses a computer or computer network with knowledge that such use is without authority and with the intention of: (1) Deleting or in any way removing, either temporarily or permanently, any computer program or data from a computer or computer network; (2) Obstructing, interrupting, or in any way interfering with the use of a computer program or data; or (3) Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alteration, damage, or malfunction persists shall be guilty of the crime of computer trespass.	Not Applicable
Hawaii	HAW. REV. STAT. §708-890 Definitions. As used in this part, unless the context otherwise requires: "Access" means to gain entry to, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system, or computer network. . . . . . "Without authorization" means without the permission of or in excess of the permission of an owner, lessor, or rightful user or someone licensed or privileged by an owner, lessor, or rightful user to grant the permission. [§708-891] Computer fraud in the first degree. (1) A person commits the offense of computer fraud in the first degree if the person knowingly, and with intent to defraud, accesses a computer without authorization and, by means of such conduct, obtains or exerts control over the property of another. (2) In a prosecution for computer fraud in the first degree, it is a defense that the object of the fraud and the property obtained consists only of the use of the computer and the value of such use is not more than $300 in any one-year period. (3) Computer fraud in the first degree is a class B felony. [L 2001, c 33, pt of §1] [§708-891.5] Computer fraud in the second degree. (1) A person commits the offense of computer fraud in the second degree if the person knowingly, and with the intent to defraud, transfers, or otherwise disposes of, to another, or obtains control of, with the intent to transfer or dispose of, any password or similar information through which a computer, computer system, or computer network may be accessed. (2) Computer fraud in the second degree is a class C felony.	Not Applicable
Idaho	Idaho Code title 18-2202. COMPUTER CRIME. (1) Any person who knowingly accesses, attempts to access or uses, or attempts to use any computer, computer system, computer network, or any part thereof for the purpose of: devising or executing any scheme or artifice to defraud; obtaining money, property, or services by means of false or fraudulent pretenses, representations, or promises; or committing theft; commits computer crime. (2) Any person who knowingly and without authorization alters, damages, or destroys any computer, computer system, or computer network described in section 18-2201, Idaho Code, or any computer software, program, documentation, or data contained in such computer, computer system, or computer network commits computer crime. (3) Any person who knowingly and without authorization uses, accesses, or attempts to access any computer, computer system, or computer network described in section 18-2201, Idaho Code, or any computer software, program, documentation or data contained in such computer, computer system, or computer network, commits computer crime. (4) A violation of the provisions of subsections (1) or (2) of this section shall be a felony. A violation of the provisions of subsection (3) of this section shall be a misdemeanor.	Burden on Network User
Illinois	Illinois Compiled Statutes 720 ILCS 5/16D-3 Computer Tampering (a) A person commits the offense of computer tampering when he knowingly and without the authorization of a computer's owner, as defined in Section 15-2 of this Code, or in excess of the authority granted to him: (1) Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data; (2) Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data, and obtains data or services; (3) Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data, and damages or destroys the computer or alters, deletes or removes a computer program or data; (4) Inserts or attempts to insert a "program" into a computer or computer program knowing or having reason to believe that such "program" contains information or commands that will or may damage or destroy that computer, or any other computer subsequently accessing or being accessed by that computer, or that will or may alter, delete or remove a computer program or data from that computer, or any other computer program or data in a computer subsequently accessing or being accessed by that computer, or that will or may cause loss to the users of that computer or the users of a computer which accesses or which is accessed by such "program"; (5) Falsifies or forges electronic mail transmission information or other routing information in any manner in connection with the transmission of unsolicited bulk electronic mail through or into the computer network of an electronic mail service provider or its subscribers; . . . . . (a-10) For purposes of subsection (a), accessing a computer network is deemed to be with the authorization of a computer's owner if: (1) the owner authorizes patrons, customers, or guests to access the computer network and the person accessing the computer network is an authorized patron, customer, or guest and complies with all terms or conditions for use of the computer network that are imposed by the owner; or (2) the owner authorizes the public to access the computer network and the person accessing the computer network complies with all terms or conditions for use of the computer network that are imposed by the owner. [One of the few statutes that anticipates network access as a service offered to patrons - specifically addressing the Wifi Cafe or Wifi in a hotel type situation - this statute still appears to place the burden on the user to ascertain knowledge that the user is authorized]]	Burden on Network User
Indiana	Indiana Code IC 35-43-2-3 (b) A person who knowingly or intentionally accesses: (1) a computer system; (2) a computer network; or (3) any part of a computer system or computer network; without the consent of the owner of the computer system or computer network, or the consent of the owner's licensee, commits computer trespass, a Class A misdemeanor. ["Knowingly" does not modify "without consent"]	Burden on Network User
Iowa	Iowa Code § 716.6B Unauthorized computer access - penalties - civil cause of action. 1. A person who knowingly and without authorization accesses a computer, computer system, or computer network commits the following: a. An aggravated misdemeanor if computer data is accessed that contains a confidential record, as defined in section 22.7 , operational or support data of a public utility, as defined in section 476.1 , operational or support data of a rural water district incorporated pursuant to chapter 357A or 504 , operational or support data of a municipal utility organized pursuant to chapter 388 or 389 , operational or support data of a public airport, or a trade secret, as defined in section 550.2 . b. A serious misdemeanor if computer data is copied, altered, or deleted. c. A simple misdemeanor for any access which is not an aggravated or serious misdemeanor.	Burden on Network Owner
Kansas	Kansas Statute 21-3755 (b) (1) Computer crime is: (A) Intentionally and without authorization accessing and damaging, modifying, altering, destroying, copying, disclosing or taking possession of a computer, computer system, computer network or any other property; (B) using a computer, computer system, computer network or any other property for the purpose of devising or executing a scheme or artifice with the intent to defraud or for the purpose of obtaining money, property, services or any other thing of value by means of false or fraudulent pretense or representation; or (C) intentionally exceeding the limits of authorization and damaging, modifying, altering, destroying, copying, disclosing or taking possession of a computer, computer system, computer network or any other property. (2) Computer crime is a severity level 8, nonperson felony.	Not Applicable
Kentucky	Kentucky Revised Statute 434.845 Unlawful access to a computer in the first degree. (1) A person is guilty of unlawful access to a computer in the first degree when he or she, without the effective consent of the owner, knowingly and willfully, directly or indirectly accesses, causes to be accessed, or attempts to access any computer software, computer program, data, computer, computer system, computer network, or any part thereof, for the purpose of: (a) Devising or executing any scheme or artifice to defraud; or (b) Obtaining money, property, or services for themselves or another by means of false or fraudulent pretenses, representations, or promises. (2) Unlawful access to a computer in the first degree is a Class C felony 434.850 Unlawful access to a computer in the second degree. (1) A person is guilty of unlawful access to a computer in the second degree when he or she, without the effective consent of the owner, knowingly and willfully, directly or indirectly accesses, causes to be accessed, or attempts to access any computer software, computer program, data, computer, computer system, computer network, or any part thereof, which results in the loss or damage of three hundred dollars ($300) or more. (2) Unlawful access to a computer in the second degree is a Class D felony 434.851 Unlawful access in the third degree. (1) A person is guilty of unlawful access in the third degree when he or she, without the effective consent of the owner, knowingly and willfully, directly or indirectly accesses, causes to be accessed, or attempts to access any computer software, computer program, data, computer, computer system, computer network, or any part thereof, which results in the loss or damage of less than three hundred dollars ($300). (2) Unlawful access to a computer in the third degree is a Class A misdemeanor 434.853 Unlawful access in the fourth degree. (1) A person is guilty of unlawful access in the fourth degree when he or she, without the effective consent of the owner, knowingly and willfully, directly or indirectly accesses, causes to be accessed, or attempts to access any computer software, computer program, data, computer, computer system, computer network, or any part thereof, which does not result in loss or damage. (2) Unlawful access to a computer in the fourth degree is a Class B misdemeanor.	Burden on the Network User
Louisiana	Louisiana Revised Statutes § 14: 73.5. Computer fraud A. Computer fraud is the accessing or causing to be accessed of any computer, computer system, computer network, or any part thereof with the intent to: (1) Defraud; or (2) Obtain money, property, or services by means of false or fraudulent conduct, practices, or representations, or through the fraudulent alteration, deletion, or insertion of programs or data. B. Whoever commits computer fraud shall be fined not more than ten thousand dollars, or imprisoned with or without hard labor for not more than five years, or both. §14:73.7. Computer tampering A. Computer tampering is the intentional commission of any of the actions enumerated in this Subsection when that action is taken knowingly and without the authorization of the owner of a computer: (1) Accessing or causing to be accessed a computer or any part of a computer or any program or data contained within a computer. (2) Copying or otherwise obtaining any program or data contained within a computer. (3) Damaging or destroying a computer, or altering, deleting, or removing any program or data contained within a computer, or eliminating or reducing the ability of the owner of the computer to access or utilize the computer or any program or data contained within the computer. (4) Introducing or attempting to introduce any electronic information of any kind and in any form into one or more computers, either directly or indirectly, and either simultaneously or sequentially, with the intention of damaging or destroying a computer, or altering, deleting, or removing any program or data contained within a computer, or eliminating or reducing the ability of the owner of the computer to access or utilize the computer or any program or data contained within the computer. B. For purposes of this Section: (1) Actions which are taken without authorization include actions which intentionally exceed the limits of authorization. (2) If an owner of a computer has established a confidential or proprietary code which is required in order to access a computer, and that code has not been issued to a person, and that person uses that code to access that computer or to cause that computer to be accessed, that action creates a rebuttable presumption that the action was taken without authorization or intentionally exceeded the limits of authorization. (3) The vital services or operations of the state, or of any parish, municipality, or other local governing authority, or of any utility company are the services or operations which are necessary to protect the public health, safety, and welfare, and include but are not limited to: law enforcement; fire protection; emergency services; health care; transportation; communications; drainage; sewerage; and utilities, including water, electricity, and natural gas and other forms of energy. C. Whoever commits the crime of computer tampering as defined in Paragraphs (A)(1) and (2) of this Section shall be fined not more than five hundred dollars or imprisoned for not more that six months, or both. D. Whoever commits the crime of computer tampering as defined in Paragraphs (A)(3) and (4) of this Section shall be fined not more than ten thousand dollars or imprisoned, with or without hard labor, for not more that five years, or both. E. Whoever violates the crime of computer tampering as defined in Paragraphs (A)(3) and (4) of this Section with the intention of disrupting the vital services or operations of the state, or of any parish, municipality, or other local governing authority, or of any utility company, or with the intention of causing death or great bodily harm to one or more persons, shall be fined not more than ten thousand dollars or imprisoned at hard labor for not more that fifteen years, or both.	Burden on network user
Maine	ME. REV. STAT. tit. 17-A, § 431(11) " "Not authorized" and "unauthorized" mean not having consent or permission of the owner, or person licensed or authorized by the owner to grant consent or permission, to access or use any computer resource, or accessing or using any computer resource in a manner exceeding the consent or permission. " §432. Criminal invasion of computer privacy 1. A person is guilty of criminal invasion of computer privacy if the person intentionally accesses any computer resource knowing that the person is not authorized to do so. 2. Criminal invasion of computer privacy is a Class D crime.	Burden on network owner
Maryland	Maryland Code § 7-302. Unauthorized access to computers and related material. (c) Prohibited.- (1) A person may not intentionally, willfully, and without authorization access, attempt to access, cause to be accessed, or exceed the person's authorized access to all or part of a computer network, computer control language, computer, computer software, computer system, computer services, or computer database. (2) A person may not commit an act prohibited by paragraph (1) of this subsection with the intent to: (i) cause the malfunction or interrupt the operation of all or any part of a computer, computer network, computer control language, computer software, computer system, computer services, or computer data; or (ii) alter, damage, or destroy all or any part of data or a computer program stored, maintained, or produced by a computer, computer network, computer software, computer system, computer services, or computer database. (3) A person may not intentionally, willfully, and without authorization: (i) possess, identify, or attempt to identify a valid access code; or (ii) publicize or distribute a valid access code to an unauthorized person.	Burden on the network user
Massachusetts	MASS. GEN. LAWS Ch. 266 Crimes Against Property, Sec. 120F Unauthorized access to computer system; penalties "Whoever, without authorization, knowingly accesses a computer system by any means, or after gaining access to a computer system by any means knows that such access is not authorized and fails to terminate such access, shall be punished by imprisonment in the house of correction for not more than thirty days or by a fine of not more than one thousand dollars, or both. "The requirement of a password or other authentication to gain access shall constitute notice that access is limited to authorized users."	Burden on network owner
Michigan	Michigan Law 752.794 Prohibited access to computer program, computer, computer system, or computer network. Sec. 4. A person shall not intentionally access or cause access to be made to a computer program, computer, computer system, or computer network to devise or execute a scheme or artifice with the intent to defraud or to obtain money, property, or a service by a false or fraudulent pretense, representation, or promise. 752.795 Prohibited conduct. Sec. 5. A person shall not intentionally and without authorization or by exceeding valid authorization do any of the following: (a) Access or cause access to be made to a computer program, computer, computer system, or computer network to acquire, alter, damage, delete, or destroy property or otherwise use the service of a computer program, computer, computer system, or computer network. (b) Insert or attach or knowingly create the opportunity for an unknowing and unwanted insertion or attachment of a set of instructions or a computer program into a computer program, computer, computer system, or computer network, that is intended to acquire, alter, damage, delete, disrupt, or destroy property or otherwise use the services of a computer program, computer, computer system, or computer network. This subdivision does not prohibit conduct protected under section 5 of article I of the state constitution of 1963 or under the first amendment of the constitution of the United States.	Burden on network user
Minnesota	MINN. STAT. § 609.87 "Subd. 2a. Authorization. "Authorization" means with the permission of the owner of the computer, computer system, computer network, computer software, or other property. Authorization may be limited by the owner by: (1) giving the user actual notice orally or in writing; (2) posting a written notice in a prominent location adjacent to the computer being used; or (3) using a notice displayed on or announced by the computer being used." § 609.891 Subd. 1 " Subdivision 1. Crime. A person is guilty of unauthorized computer access if the person intentionally and without authorization attempts to or does penetrate a computer security system. " [While the definition of "authorization" sets forth how the network owner may provide notice of limited authorization, "may" is permissive not obligatory - the network owner could limit authorization in other ways, or not at all. If it were obligatory (ie "must") then the burden would be on the network owner. This statute reads as if this is a really warm suggestion on how notice of limited authorization could be provided.]]	Burden on Network User
Mississippi	Mississippi Code § 97-45-1 § 97-45-3. Computer fraud; penalties. (1) Computer fraud is the accessing or causing to be accessed of any computer, computer system, computer network or any part thereof with the intent to: (a) Defraud; (b) Obtain money, property or services by means of false or fraudulent conduct, practices or representations; or through the false or fraudulent alteration, deletion or insertion of programs or data; or (c) Insert or attach or knowingly create the opportunity for an unknowing and unwanted insertion or attachment of a set of instructions or a computer program into a computer program, computer, computer system, or computer network, that is intended to acquire, alter, damage, delete, disrupt, or destroy property or otherwise use the services of a computer program, computer, computer system or computer network.	Not applicable
Missouri	Tampering with computer users, penalties. Missouri Code § 569.099. 1. A person commits the crime of tampering with computer users if he knowingly and without authorization or without reasonable grounds to believe that he has such authorization: (1) Accesses or causes to be accessed any computer, computer system, or computer network; or (2) Denies or causes the denial of computer system services to an authorized user of such computer system services, which, in whole or in part, is owned by, under contract to, or operated for, or on behalf of, or in conjunction with another. 2. The offense of tampering with computer users is a class A misdemeanor unless the offense is committed for the purpose of devising or executing any scheme or artifice to defraud or to obtain any property, the value of which is five hundred dollars or more, in which case tampering with computer users is a class D felony.	Burden on network user
Montana	Montana Code § 45-6-311. Unlawful use of a computer. (1) A person commits the offense of unlawful use of a computer if the person knowingly or purposely: (a) obtains the use of any computer, computer system, or computer network without consent of the owner; (b) alters or destroys or causes another to alter or destroy a computer program or computer software without consent of the owner; or (c) obtains the use of or alters or destroys a computer, computer system, computer network, or any part thereof as part of a deception for the purpose of obtaining money, property, or computer services from the owner of the computer, computer system, computer network, or part thereof or from any other person. (2) A person convicted of the offense of unlawful use of a computer involving property not exceeding $1,000 in value shall be fined not to exceed $1,000 or be imprisoned in the county jail for a term not to exceed 6 months, or both. A person convicted of the offense of unlawful use of a computer involving property exceeding $1,000 in value shall be fined not more than 2 1/2 times the value of the property used, altered, destroyed, or obtained or be imprisoned in the state prison for a term not to exceed 10 years, or both.	Burden on the network owner
Nebraska	NEB. REV. STAT. § 28-1343.01. Unauthorized computer access; penalty. (1) A person commits the offense of unauthorized computer access if the person intentionally and without authority penetrates a computer security system. (2) A person who violates subsection (1) of this section in a manner that creates a grave risk of causing the death of a person shall be guilty of a Class IV felony. (3) A person who violates subsection (1) of this section in a manner that creates a risk to public health and safety shall be guilty of a Class I misdemeanor. (4) A person who violates subsection (1) of this section in a manner that compromises the security of data shall be guilty of a Class II misdemeanor.	Burden on network user
Nevada	NRS 205.477 Unlawful interference with or denial of access to or use of computers; unlawful use or access of computers; affirmative defense. 1. Except as otherwise provided in subsections 3 and 4, a person who knowingly, willfully and without authorization interferes with, denies or causes the denial of access to or use of a computer, system or network to a person who has the duty and right to use it is guilty of a misdemeanor. 2. Except as otherwise provided in subsections 3 and 4, a person who knowingly, willfully and without authorization uses, causes the use of, accesses, attempts to gain access to or causes access to be gained to a computer, system, network, telecommunications device, telecommunications service or information service is guilty of a misdemeanor. 3. If the violation of any provision of this section: (a) Was committed to devise or execute a scheme to defraud or illegally obtain property; (b) Caused response costs, loss, injury or other damage in excess of $500; or (c) Caused an interruption or impairment of a public service, including, without limitation, a governmental operation, a system of public communication or transportation or a supply of water, gas or electricity, the person is guilty of a category C felony and shall be punished as provided in NRS 193.130 , and may be further punished by a fine of not more than $100,000. In addition to any other penalty, the court shall order the person to pay restitution. 4. It is an affirmative defense to a charge made pursuant to this section that at the time of the alleged offense the defendant reasonably believed that: (a) He was authorized to use or access the computer, system, network, telecommunications device, telecommunications service or information service and such use or access by the defendant was within the scope of that authorization; or (b) The owner or other person authorized to give consent would authorize the defendant to use or access the computer, system, network, telecommunications device, telecommunications service or information service. 5. A defendant who intends to offer an affirmative defense described in subsection 4 at a trial or preliminary hearing must, not less than 14 days before the trial or hearing or at such other time as the court may direct, file and serve on the prosecuting attorney a written notice of that intent.	Burden on network user
New Hampshire	N.H. REV. STAT. Chapt. 638 § 638:16 II ""Authorization'' means the express or implied consent given by a person to another to access or use said person's computer, computer network, computer program, computer software, password, identifying code, or personal identification number. § 638:17 I. A person is guilty of the computer crime of unauthorized access to a computer or computer network when, knowing that the person is not authorized to do so, he or she knowingly accesses or causes to be accessed any computer or computer network without authorization. It shall be an affirmative defense to a prosecution for unauthorized access to a computer or computer network that: (a) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, had authorized him or her to access; or (b) The person reasonably believed that the owner of the computer or computer network, or a person empowered to license access thereto, would have authorized the person to access without payment of any consideration; or (c) The person reasonably could not have known that his or her access was unauthorized.	Burden on Network Owner
New Jersey	N.J. STAT. § 2C:20-23(q) "Authorization" means permission, authority or consent given by a person who possesses lawful authority to grant such permission, authority or consent to another person to access, operate, use, obtain, take, copy, alter, damage or destroy a computer, computer network, computer system, computer equipment, computer software, computer program, computer storage medium, or data. An actor has authorization if a reasonable person would believe that the act was authorized. 2C:20-25 Computer criminal activity; degree of crime; sentencing. 4. A person is guilty of computer criminal activity if the person purposely or knowingly and without authorization, or in excess of authorization: a. Accesses any data, data base, computer storage medium, computer program, computer software, computer equipment, computer, computer system or computer network; b. Alters, damages or destroys any data, data base, computer, computer storage medium, computer program, computer software, computer system or computer network, or denies, disrupts or impairs computer services, including access to any part of the Internet, that are available to any other user of the computer services; c. Accesses or attempts to access any data, data base, computer, computer storage medium, computer program, computer software, computer equipment, computer system or computer network for the purpose of executing a scheme to defraud, or to obtain services, property, personal identifying information, or money, from the owner of a computer or any third party; d. (Deleted by amendment, P.L.2003, c.39). e. Obtains, takes, copies or uses any data, data base, computer program, computer software, personal identifying information, or other information stored in a computer, computer network, computer system, computer equipment or computer storage medium; or f. Accesses and recklessly alters, damages or destroys any data, data base, computer, computer storage medium, computer program, computer software, computer equipment, computer system or computer network. g. A violation of subsection a. of this section is a crime of the third degree. A violation of subsection b. is a crime of the second degree. A violation of subsection c. is a crime of the third degree, except that it is a crime of the second degree if the value of the services, property, personal identifying information, or money obtained or sought to be obtained exceeds $5,000. A violation of subsection e. is a crime of the third degree, except that it is a crime of the second degree if the data, data base, computer program, computer software, or information: (1) is or contains personal identifying information, medical diagnoses, treatments or other medical information concerning an identifiable person; (2) is or contains governmental records or other information that is protected from disclosure by law, court order or rule of court; or (3) has a value exceeding $5,000.	Burden on Network User
New Mexico	New Mexico Statute 30-45-5. Unauthorized computer use. A person who knowingly, willfully and without authorization, or having obtained authorization, uses the opportunity the authorization provides for purposes to which the authorization does not extend, directly or indirectly accesses, uses, takes, transfers, conceals, obtains, copies or retains possession of any computer, computer network, computer property, computer service, computer system or any part thereof, when the: A. damage to the computer property or computer service has a value of two hundred fifty dollars ($250) or less, is guilty of a petty misdemeanor; B. damage to the computer property or computer service has a value of more than two hundred fifty dollars ($250) but not more than five hundred dollars ($500), is guilty of a misdemeanor; C. damage to the computer property or computer service has a value of more than five hundred dollars ($500) but not more than two thousand five hundred dollars ($2,500), is guilty of a fourth degree felony; D. damage to the computer property or computer service has a value of more than two thousand five hundred dollars ($2,500) but not more than twenty thousand dollars ($20,000), is guilty of a third degree felony; or E. damage to the computer property or computer service has a value of more than twenty thousand dollars ($20,000), is guilty of a second degree felony.	Burden on Network User
New York	NY State Penal Code § 156.00(8) "Without authorization" means to use or to access a computer, computer service or computer network without the permission of the owner or lessor or someone licensed or privileged by the owner or lessor where such person knew that his or her use or access was without permission or after actual notice to such person that such use or access was without permission. It shall also mean the access of a computer service by a person without permission where such person knew that such access was without permission or after actual notice to such person, that such access was without permission. Proof that such person used or accessed a computer, computer service or computer network through the knowing use of a set of instructions, code or computer program that bypasses, defrauds or otherwise circumvents a security measure installed or used with the user's authorization on the computer, computer service or computer network shall be presumptive evidence that such person used or accessed such computer, computer service or computer network without authorization. § 156.05 Unauthorized use of a computer. A person is guilty of unauthorized use of a computer when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization. Unauthorized use of a computer is a class A misdemeanor. People v. Angeles, 180 Misc. 2d 146, 148–49 (N.Y. Crim. Ct. 1999) "The statute, however, on its face does not make criminal the mere use or accessing of a computer system without permission or authority. The Legislature has imposed the additional requirement that the computer be “equipped or programmed with any device or coding system, a function of which is to prevent the unauthorized use of [the] computer or computer system. The legislative history of the statute makes clear that this requirement was included on the ground that “[s]uch protective devices" provide the first line of defense against unauthorized intrusion into a computer system.”	Burden on network owner
North Carolina	North Carolina Statutes § 14-454 . Accessing computers. (a) It is unlawful to willfully, directly or indirectly, access or cause to be accessed any computer, computer program, computer system, computer network, or any part thereof, for the purpose of : (1) Devising or executing any scheme or artifice to defraud, unless the object of the scheme or artifice is to obtain educational testing material, a false educational testing score, or a false academic or vocational grade, or (2) Obtaining property or services other than educational testing material, a false educational testing score, or a false academic or vocational grade for a person, by means of false or fraudulent pretenses, representations or promises. A violation of this subsection is a Class G felony if the fraudulent scheme or artifice results in damage of more than one thousand dollars ($1,000), or if the property or services obtained are worth more than one thousand dollars ($1,000). Any other violation of this subsection is a Class 1 misdemeanor. (b) Any person who willfully and without authorization , directly or indirectly, accesses or causes to be accessed any computer, computer program, computer system, or computer network for any purpose other than those set forth in subsection (a) above, is guilty of a Class 1 misdemeanor. (c) For the purpose of this section, the phrase "access or cause to be accessed" includes introducing, directly or indirectly, a computer program (including a self-replicating or a self-propagating computer program) into a computer, computer program, computer system, or computer network. § 14-453 . Definitions. As used in this Article, unless the context clearly requires otherwise, the following terms have the meanings specified: (1a) "Authorization" means having the consent or permission of the owner, or of the person licensed or authorized by the owner to grant consent or permission to access a computer, computer system, or computer network in a manner not exceeding the consent or permission.	Burden on network user
North Dakota	North Dakota Code 12.1-06.1-08 . Computer fraud - Computer crime - Classification - Penalty. 1. A person commits computer fraud by gaining or attempting to gain access to , altering, damaging, modifying, copying, disclosing, taking possession of, or destroying any computer, computer system, computer network , or any part of the computer, system, or network, without authorization , and with the intent to devise or execute any scheme or artifice to defraud, deceive, prevent the authorized use of, or control property or services by means of false or fraudulent pretenses, representations, or promises. A person who commits computer fraud is guilty of a class C felony. 2. A person commits computer crime by intentionally and either in excess of authorization given or without authorization gaining or attempting to gain access to , altering, damaging, modifying, copying, disclosing, taking possession of, introducing a computer contaminant into, destroying, or preventing the authorized use of any computer, computer system, or computer network , or any computer software, program, or data contained in the computer, computer system, or computer network. A person who commits computer crime is guilty of a class A misdemeanor. 3. In addition to any other remedy available, the owner or lessee of a computer, computer system, computer network, or any part of the computer, computer system, or computer network may bring a civil action for damages, restitution, and attorney's fees for damages incurred as a result of the violation of this section.	Burden on network user
Ohio	OHIO REV. CODE Chapt 2913 § 2913.04 (B) No person, in any manner and by any means, including, but not limited to, computer hacking, shall knowingly gain access to, attempt to gain access to, or cause access to be gained to any computer, computer system, computer network, cable service, cable system, telecommunications device, telecommunications service, or information service without the consent of, or beyond the scope of the express or implied consent of, the owner of the computer, computer system, computer network, cable service, cable system, telecommunications device, telecommunications service, or information service or other person authorized to give consent . (D) "The affirmative defenses contained in division (C) of section 2913.03 of the Revised Code are affirmative defenses to a charge under this section." § 2913.03 (C) The following are affirmative defenses to a charge under this section: (1) At the time of the alleged offense, the actor, though mistaken, reasonably believed that the actor was authorized to use or operate the property. (2) At the time of the alleged offense, the actor reasonably believed that the owner or person empowered to give consent would authorize the actor to use or operate the property.	Burden on Network User
Oklahoma	Oklahoma §21 -1953. Prohibited acts. A. It shall be unlawful to: 1. Willfully, and without authorization , gain or attempt to gain access to and damage, modify, alter, delete, destroy, copy, make use of , disclose or take possession of a computer, computer system, computer network or any other property; 2. Use a computer, computer system, computer network or any other property as hereinbefore defined for the purpose of devising or executing a scheme or artifice with the intent to defraud, deceive, extort or for the purpose of controlling or obtaining money, property, services or other thing of value by means of a false or fraudulent pretense or representation; 3. Willfully exceed the limits of authorization and damage, modify, alter, destroy, copy, delete, disclose or take possession of a computer, computer system, computer network or any other property; 4. Willfully and without authorization , gain or attempt to gain access to a computer, computer system, computer network or any other property; 5. Willfully and without authorization use or cause to be used computer services ; 6. Willfully and without authorization disrupt or cause the disruption of computer services or deny or cause the denial of access or other computer services to an authorized user of a computer, computer system or computer network; 7. Willfully and without authorization provide or assist in providing a means of accessing a computer, computer system or computer network in violation of this section; 8. Willfully use a computer, computer system, or computer network to annoy, abuse, threaten, or harass another person; and 9. Willfully use a computer, computer system, or computer network to put another person in fear of physical harm or death. B. Any person convicted of violating paragraph 1, 2, 3, 6, 7 or 9 of subsection A of this section shall be guilty of a felony punishable as provided in Section 1955 of this title. C. Any person convicted of violating paragraph 4, 5 or 8 of subsection A of this section shall be guilty of a misdemeanor.	Burden on network user
Oregon	Oregon 164 .377 Computer crime (2) Any person commits computer crime who knowingly accesses, attempts to access or uses, or attempts to use, any computer, computer system, computer network or any part thereof for the purpose of: (a) Devising or executing any scheme or artifice to defraud; (b) Obtaining money, property or services by means of false or fraudulent pretenses, representations or promises; or (c) Committing theft, including, but not limited to, theft of proprietary information. (3) Any person who knowingly and without authorization alters, damages or destroys any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime. (4) Any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network , or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime.	Burden on network user
Pennsylvania	Pennsylvania Statute Title 18 § 3933 . Unlawful use of computer. (a) Offense defined.-- A person commits the offense of unlawful use of a computer if he, whether in person, electronically or through the intentional distribution of a computer virus: accesses , exceeds authorization to access, alters, damages or destroys any computer, computer system, computer network , computer software, computer program or data base or any part thereof, with the intent : to interrupt the normal functioning of an organization or to devise or execute any scheme or artifice to defraud or deceive or control property or services by means of false or fraudulent pretenses, representations or promises; intentionally and without authorization accesses , alters, interferes with the operation of, damages or destroys any computer, computer system, computer network , computer software, computer program or computer data base or any part thereof; intentionally or knowingly and without authorization gives or publishes a password, identifying code, personal identification number or other confidential information about a computer, computer system, computer network or data base. intentionally or knowingly engages in a scheme or artifice, including, but not limited to, a denial of service attack, upon any computer, computer system, computer network, computer software, computer program, computer server or data base or any part thereof that is designed to block, impede or deny the access of information or initiation or completion of any sale or transaction by users of that computer, computer system, computer network, computer software, computer program, computer server or data base or any part thereof.	Burden on network user
Rhode Island	§ 11-52-1 Definitions (15) (v) A person is "without authority" when: (A) he or she has no right or permission of the owner to use a computer, or, he or she uses a computer in a manner exceeding his or her right or permission or (B) he or she uses an Internet service e-mail system offered by a Rhode Island based Internet service provider in contravention of the authority granted by or in violation of the policies set by the Internet service provider. § 11-52-3 Intentional access, alteration, damage, or destruction. - Whoever, intentionally, without authorization, and for fraudulent or other illegal purposes, directly or indirectly, accesses, alters, damages, or destroys any computer, computer system, computer network, computer software, computer program, or data contained in a computer, computer system, computer program, or computer network shall be guilty of a felony and shall be subject to the penalties set forth in § 11-52-5.	Not Applicable
South Carolina	S.C. CODE § 16-16-10(l) "Unauthorized access" means access of a computer, computer system, or computer network not explicitly or implicitly authorized by the appropriate principal of the computer, computer system, or computer network. 16-16-20 (1) It is unlawful for a person to wilfully, knowingly, maliciously, and without authorization or for an unauthorized purpose to: (a) directly or indirectly access or cause to be accessed a computer, computer system, or computer network for the purpose of: (i) devising or executing a scheme or artifice to defraud; (ii) obtaining money, property, or services by means of false or fraudulent pretenses, representations, promises; or (iii) committing any other crime. (b) alter, damage, destroy, or modify a computer, computer system, computer network, computer software, computer program, or data contained in that computer, computer system, computer program, or computer network or introduce a computer contaminant into that computer, computer system, computer program, or computer network.	Not Applicable
South Dakota	43-43B-1. Unlawful uses of computer system. A person is guilty of unlawful use of a computer system, software, or data if the person: (1) Knowingly obtains the use of, accesses or exceeds authorized access to, a computer system, or any part thereof, without the consent of the owner; (2) Knowingly obtains the use of, accesses, or exceeds authorized access to, a computer system, or any part thereof, without the consent of the owner, and the access or use includes access to confidential data or material; (3) Knowingly copies or obtains information from a computer system, or compromises any security controls for the computer system, or uses or discloses to another, or attempts to use or disclose to another, the numbers, codes, passwords, or other means of access to a computer system without the consent of the owner; (4) Knowingly disrupts, denies, or inhibits access to software or data without the consent of the owner; (5) Knowingly disrupts, denies, or inhibits access to a computer system, without consent of the owner; (6) Knowingly modifies, changes, or alters software or data, without the consent of the owner; (7) Knowingly obtains use of, alters, accesses, or exceeds authorized access to, destroys, disables, or inhibits access to a computer system, as part of a deception for the purpose of obtaining money, property, or services from the owner of a computer system, or any third party; (8) Knowingly destroys or disables a computer system, without consent of the owner; or (9) Knowingly destroys or disables software or computer data, without consent of the owner.	Burden on Network User
Tennessee	Tennessee Code § 39-14-601. Part definitions. - As used in this part, unless the context otherwise requires: (1) "Access" means to approach, instruct, communicate, or connect with, store data in, retrieve or intercept data from, or otherwise make use of any resources of a computer, computer system, or computer network, or information exchanged from any communication between computers or authorized computer users and electronic, electromagnetic, electrochemical, acoustic, mechanical, or other means; (2) "Authorization" means any and all forms of consent, including both implicit and explicit consent; Tennessee Code § 39-14-602. Violations - Penalties. - (b) Whoever intentionally and without authorization, directly or indirectly: (1) Accesses any computer, computer system, or computer network commits a Class C misdemeanor. Operating a computer network in such a way as to allow anonymous access to that network shall constitute implicit consent to access under this part;	Burden on Network Owner
Texas	Title 7 Chapter 33 Sec. 33.02. BREACH OF COMPUTER SECURITY. (a) A person commits an offense if the person knowingly accesses a computer, computer network, or computer system without the effective consent of the owner. Sec. 33.01. DEFINITIONS (12) "Effective consent" includes consent by a person legally authorized to act for the owner. Consent is not effective if: (A) induced by deception, as defined by Section 31.01, or induced by coercion; (B) given by a person the actor knows is not legally authorized to act for the owner; (C) given by a person who by reason of youth, mental disease or defect, or intoxication is known by the actor to be unable to make reasonable property dispositions; (D) given solely to detect the commission of an offense; or (E) used for a purpose other than that for which the consent was given.	Burden on network owner
Utah	76-6-703 . Computer crimes and penalties. (2) (a) Except as provided in Subsection (2)(b), a person who intentionally or knowingly and without authorization gains or attempts to gain access to a computer, computer network, computer property, or computer system under circumstances not otherwise constituting an offense under this section is guilty of a class B misdemeanor. 76-6-702 . Definitions. As used in this part: (1) "Access" means to directly or indirectly use, attempt to use, instruct, communicate with, cause input to, cause output from, or otherwise make use of any resources of a computer, computer system, computer network, or any means of communication with any of them. (2) "Authorization" means having the express or implied consent or permission of the owner, or of the person authorized by the owner to give consent or permission to access a computer, computer system, or computer network in a manner not exceeding the consent or permission.	Burden on Network User
Vermont	§ 4102. Unauthorized access A person who knowingly and intentionally and without lawful authority, accesses any computer, computer system, computer network, computer software, computer program, or data contained in such computer, computer system, computer program, or computer network shall be imprisoned not more than six months or fined not more than $500.00, or both. (Added 1999, No. 35, § 1.)	Burden on Network User
Virginia	§ 18.2-152.3 . Computer fraud; penalty. Any person who uses a computer or computer network, without authority and: 1. Obtains property or services by false pretenses; 2. Embezzles or commits larceny; or 3. Converts the property of another; is guilty of the crime of computer fraud. If the value of the property or services obtained is $200 or more, the crime of computer fraud shall be punishable as a Class 5 felony. Where the value of the property or services obtained is less than $200, the crime of computer fraud shall be punishable as a Class 1 misdemeanor. § 18.2-152.6 . Theft of computer services; penalties. Any person who willfully obtains computer services without authority is guilty of the crime of theft of computer services, which shall be punishable as a Class 1 misdemeanor. If the theft of computer services is valued at $2,500 or more, he is guilty of a Class 6 felony. [What does "willfully" mean?]	Burden on Network Owner
Washington	RCW 9A.52.110 Computer trespass in the first degree. (1) A person is guilty of computer trespass in the first degree if the person, without authorization, intentionally gains access to a computer system or electronic database of another; and (a) The access is made with the intent to commit another crime; or (b) The violation involves a computer or database maintained by a government agency. (2) Computer trespass in the first degree is a class C felony. RCW 9A.52.120 Computer trespass in the second degree. (1) A person is guilty of computer trespass in the second degree if the person, without authorization, intentionally gains access to a computer system or electronic database of another under circumstances not constituting the offense in the first degree. (2) Computer trespass in the second degree is a gross misdemeanor.	Burden on Network User
West Virginia	W. VA. CODE §61-3C-3. Definitions. As used in this article, unless the context clearly indicates otherwise: (a) "Access" means to instruct, communicate with, store data in, retrieve data from, intercept data from or otherwise make use of any computer, computer network, computer program, computer software, computer data or other computer resources. (b) "Authorization" means the express or implied consent given by a person to another to access or use said person's computer, computer network, computer program, computer software, computer system, password, identifying code or personal identification number. §61-3C-4. Computer fraud; access to Legislature computer; criminal penalties. (a) Any person who, knowingly and willfully, directly or indirectly, accesses or causes to be accessed any computer, computer services or computer network for the purpose of (1) executing any scheme or artifice to defraud or (2) obtaining money, property or services by means of fraudulent pretenses, representations or promises is guilty of a felony, and, upon conviction thereof, shall be fined not more than ten thousand dollars or imprisoned in the penitentiary for not more than ten years, or both fined and imprisoned.	Not Applicable
Wisconsin	Wisconsin Statutes 943.70 (3) Offenses against computers, computer equipment or supplies. (a) Whoever willfully, knowingly and without authorization does any of the following may be penalized as provided in par. (b) : 2. Destroys, uses, takes or damages a computer, computer system, computer network or equipment or supplies used or intended to be used in a computer, computer system or computer network.	Burden on Network User
Wyoming	Wyoming Statute 6-3-502. Crimes against intellectual property; penalties. (a) A person commits a crime against intellectual property if he knowingly and without authorization: (i) Modifies data, programs or supporting documentation residing or existing internal or external to a computer, computer system or computer network; (ii) Destroys data, programs or supporting documentation residing or existing internal or external to a computer, computer system or computer network; (iii) Discloses or takes data, programs, or supporting documentation having a value of more than seven hundred fifty dollars ($750.00) and which is a trade secret or is confidential, as provided by law, residing or existing internal or external to a computer, computer system or computer network. (b) A crime against intellectual property is: (i) A felony punishable by imprisonment for not more than three (3) years, a fine of not more than three thousand dollars ($3,000.00), or both, except as provided in paragraph (ii) of this subsection; (ii) A felony punishable by imprisonment for not more than ten (10) years, a fine of not more than ten thousand dollars ($10,000.00), or both, if the crime is committed with the intention of devising or executing a scheme or artifice to defraud or to obtain property.	Not Applicable

Experience with DTV Converter Boxes

As you may know, on February 17, 2009, analogy TV broadcast signals will be turned off by the TV stations, and all TV broadcasts will go digital. This effects the 56 of us who still get TV reception over the air with our rabbit ears. Our TVs can still work as long as we get a converter box to convert the signals from digital to analog. The government has program to facilitate the migration. We can request two $40 coupons (they look just like gift cards) to purchase two converter boxes (you can of course buy as many as you want with your own money). You can get more information about the program here.

I decided to be one of the first guinea pigs to get my DTV converter boxes. As soon as they were released, I signed up to get my two free DTV gift cards from NTIA - a $40 value each. When they arrived, I promptly put them in the drawer and forgot about them.

And then I was at some conference where a very kind lady from NTIA pointed out that the cards expire in 90 days. Oops. Gotta use those cards.

Being an educated consumer, I first searched for reviews of the different converter boxes. Bupcus. Nada. No Reviews. I guess I was in front of the buying-wave and there weren't reviews yet. So I decided to buy a brand name I liked.

I checked my favorite ecommerce sites. Some had boxes, but they were built by companies I had never heard of before. Others listed boxes, but you could not use your DTV gift card online. So I had to rediscover where the local electronics box store was - boy it had been a long time since I had been there.

I went into the box store - I am the type of person who doesn't like the store salesman-buy-the-extended-warranty help - so I tried to find the DTV converter myself. No dice. Not to be found.

So I conceded and asked a salesman. He had no idea what I was talking about, and tried to sell me a DTV tuner. Finally he resorted to ask a fellow salesperson -- sales guy #2 knew where the boxes were, and showed me where they were, when he was done with his first customer. And then he walked away. I am guessing there is no commission on DTV converter boxes.

Having accomplished my quest, I marched to the checkout line and presented my coupons. The checkout guy was not too sure, but the cards authorized, so he asked that I sign for the charge. I thought this was odd because the cards did not have my name on them, and I was paying for the excess price over the $40 card in cash. Whatever.

The DTV box was extremely complicated and involved an extensive installation. There is an in-jack from the rabbit ears and an out-jack to the tv. Very complicated.

The box installed great. It took a few minutes, turned the tv to channel 3, and boom, the converter box detected all of the digital channels. The picture was crisp. The remote had a nice zoom button that toggled through framed, cropped, squeezes, and “set by program” choices.

Now the bottom line - reception. This chart compares the channels I could receive before the digital box, and the channels I can receive after the box. With digital, if you can get signal, you get a great picture. But if you can't get enough signal, instead of getting your program with some static or snow, you get nothing. This means channels you use to receive sort of okay before, you may not receive at all with digital.

Channel	Analog	Digital
4 NBC	Good	4-1 Good 4-2 Good Weather
5 Fox	Good	Good
7 ABC	Good	7-1 Good 7-2 Good Weather 7-3 Good
9 CBS	Good	9-1 Good 9-2 Good Weather
14 Uni	Good	Good
20 My20	Good	Good
22 MPT	Fair	None
26 WETA	Good	26-1 Fair 26-2 Fair Create 26-3 Fair WETAKids 26-4 Fair
32 WHUT	Good	None
45 Fox	Poor	None
50 CW	Good	Good
54 CW	Poor	None

I can receive MPT 22 with a little bit of snow over analog; I do not receive it with digital. I receive a hand full of Baltimore stations poorly; on my upstairs TV the reception can actually be quite fair. But when I switch to digital none of these stations are received.

The big surprise is WETA 26. The station is not far from me and the digital tower shows up through Wikipedia/Google as quite near also. The picture, however, pixelates and regularly freezes. On occasion, I get a “no signal” screen. I could not get a confirmation of the problem from other online forums. Not sure what the deal is.

Bottom line: Even on an analog TV, when I get the picture, it is a much better picture; but I receive fewer stations and am having trouble with a station I should be getting.

What Arlington Public Schools Get Wrong About Email Privacy

Someone in Arlington Public School has woken up to the fact that email is a marvelously insecure way of communicating. Email is an application that moves a text file from one computer to another. A text file requires no special application to be read. It’s kind of like sending a postcard, and anyone who handles the postcard can read the postcard. Worst yet, everyone who handles the postcard can retain a copy of the postcard. Worst yet, anyone who receives the postcard can forward it on to 50 over their closest friends. Not very private or secure.

APS handles a lot of messages between parents, teachers, students, and administrators. A good bit of those messages personal content and sensitive information.

[Paragraph One] + [Paragraph Two] = An APS Disclaimer:

"This communication was sent via the Arlington Public Schools mail system. Please be advised that email is not a secure form of communication. There should be no expectation of right to privacy in anything sent via electronic mail."

Excuse me? Did you just say I have no right to privacy?!?

Let’s go back to the chalk board. Simple because something is technically insecure does not mean that it is legally insecure. Just because I leave an apple out on a table does not mean that the government can legally swipe it.

The APS disclaimer uses two legal terms of art: “Expectation of Privacy” and “Rights.” An “Expectation of Privacy” and our Rights come from the US Constitution, and specifically here the 4^th Amendment. You will recall from public school social studies that the 4^th Amended states,

The right of the people to be secure in their persons, houses, papers, an effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

This right has been elaborated in wiretap law and the Electronic Communications Privacy Act (ECPA), which have developed the concept of an “Expectation of Privacy.” Where one has an Expectation of Privacy, the 4^th Amendment dictates that the government must have proper authority to search and seize our communications. ECPA specifically sets forth the subpoenas and warrants the government needs in order to access and read our email.

Add all this up: we have a Constitutional Expectation of Privacy in email, protected by the 4^th Amendment. It does not matter that it is woefully technically insecure. This is an Expectation of Privacy as against the government, and the government – this time APS – cannot take that away from us.

In other words, five years down the road, when FBI Agent Fox Mulder believes my kid is an alien, Agent Mulder may not simply go through APS email records related to my child. The emails may be insecure - but Mulder is barred by the Constitution from search and seizure without proper authority.

The US Supreme Court has time and again articulated the fundamental nature of privacy to our American experience:

The makers of our constitution undertook to secure conditions favorable to the pursuit of happiness... They sought to protect Americans in their beliefs, their thoughts, their emotions and their sensations. They conferred, as against the government, the right to be let alone – the most comprehensive of the rights and the right most valued by civilized men. – Justice Louis D Brandeis

APS gets it wrong. I would never put any sensitive information in an email; but that does not mean I don’t have an Expectation of Privacy in email or that the government can read it lacking proper authority.

Oh they have the Internet on Computers now! – Homer Simpson

Somethings you get around to only when you get a "roundtoit." I finally got a "roundtoit" for this one. Subscribers to Cybertelecom News know that I am quote junky and love to decorate newsletters with pithy pontifications. Someone asked about them recently, which led me to wasting an entire evening uploading the quotes to the Cybertelecom website. Hope you enjoy and here is a sample:

"If, while traveling, I send a turn-yourself-off message to my stove and it replies 'Unable to respond due to fire wall,' should I send my garden hose a spray-the-house message?" Steve Cummings, quoted in Journal of the Hyperlinked Organization, June 4, 1998 Source: Isen

"It's important for us to explain to our nation that life is important. It's not only life of babies, but it's life of children living in, you know, the dark dungeons of the Internet."—George W Bush, Arlington Heights , Ill. , Oct. 24, 2000

"What, exactly, is the internet? Basically it is a global network exchanging digitized data in such a way that any computer, anywhere, that is equipped with a device called a 'modem', can make a noise like a duck choking on a kazoo" – Dave Barry

Oh they have the Internet on Computers now! – Homer Simpson

Kids are the best, Apu. You can teach them to hate the things you hate. And they practically raise themselves, what with the internet and all. – Homer Simpson

"We could put it on the Internet!"
"No, we have to reach people whose opinions actually matter."
-Bart Simpson

"Will the Highways on the Internet become more few" George W Bush, -CONCORD, N.H., JAN. 29, 2000

The internet is a great way to get on the net. - Bob Dole

Spending an evening on the World Wide Web is much like sitting down to a dinner of Cheetos... two hours later your fingers are yellow and you're no longer hungry, but you haven't been nourished. ~Clifford Stoll

"The Internet is a giant international network of intelligent, informed computer enthusiasts, by which I mean, "people without lives." We don't care. We have each other..." - Dave Barry

Wife: Have you got anything without spam?
Waitress: Well, there's spam egg sausage and spam, that's not got much spam in it.
Wife: I don't want ANY spam!
Man: Why can't she have egg bacon spam and sausage?
Wife: THAT'S got spam in it!
Man: Hasn't got as much spam in it as spam egg sausage and spam, has it?
Vikings: Spam spam spam spam... (Crescendo through next few lines...)
-Monty Python

"If I taught a class, on my final exam I would take an Internet company and ask [my students], 'How much is this company worth?' Anyone who would answer, I would flunk." Warren Buffett, quoted in the Industry Standard Media Grok, May 5, 1998. Source: http://isen.com/quotes.html

My top men tell me the Internet is going to be big! Daguerreotype big! I've decided to buy this Internet, one domain at a time. -Charles Montgomery Burns

“While you are destroying your mind watching the worthless, brain-rotting drivel on TV, we on the Internet are exchanging, freely and openly, the most uninhibited, intimate and, yes, shocking details about our "CONFIG.SYS" settings." – Dave Barry

Words to live by!

Part 3: Where We Explore Some Philosophy of Law Drivel That Supports this Twaddle

In Episode One, A New Dope, we explored how Part 15 spectrum is an unlicensed commons that cannot be stolen, and how WiFi is a protocol designed to operate in the commons and it itself (as a protocol) can also not be stolen.

In Episode Two, The Lawyers Strike Back, we explored how, where a commons property is proximate to another property, it is incumbent on the owner of the proximate property to provide notice that access is unauthorized. Lacking such notice, an individual accessing the proximate property could not be said to be unauthorized.

Now, in Episode Three, The Return of the Lawyers, we explore some philosophy of law drivel that supports all this twaddle.

The legal question before us is, when a commons network is proximate to another network, and the owner of the proximate network wishes to restrict access to the proximate network, who has the duty: the proximate network owner to disclose this information or the individual seeking access to discover this information. The conclusion in Part II, based on precedent, was that the proximate network owner has the duty to provide notice both of the restriction to access and the boundary between the commons network and the proximate network. Now we will explore two areas of philosophy of law that support this conclusion.

Theory one: Burden on the Holder of Information: Procedural rules generally place the burden of moving on the party with information. If one party has the relevant information and the other party is dependent on that information, then either (a) procedure places the burden on the information holder or (b) procedure provides a means for the first party to obtain the information. The burden may be the burden to move in a proceeding, or it may be the burden to make the persuasive argument. The procedure that provides the ability to obtain the information may be litigation discovery, it could be regulatorily required corporate filings, or it could be the Freedom of Information Act.

There are situations where the burden and the location of information are not in alignment, and this does not work very well. An example of this may be consumer claims where the burden of making the claim lies with the consumer, but the information about an alleged violation lies with a corporation. Without the information, the consumer cannot proceed with a claim, and without a claim, the judiciary can do little. This is a philosophical underpinning of why agencies are given the task of consumer protection, where they are in a better position vis-a-vis the corporation, in requiring information disclosures and building cases thereon.

In our situation, the information is held by the owner of the proximate network: is it public or private – is access restricted or open? Information jurisprudence looks to the network owner to either disclose the information or to have the burden (in this case, the burden would pretty much be the same as disclosing the information; it would be the burden to prove that the individual knew that access to the network was unauthorized).

Theory two: law and economics: Law and economics addresses issues of tort in order to answer - not who is at fault - but who has responsibility. The classic example is a steam train going down the tracks in farm land, with sparks emanating from the engine. Who is responsible for damages caused by crop fire? Is it the train engine which is throwing the sparks, or is it the farmer who built the farm right up to the edge of the tracks? Law and Economics answers this question by asking, which party can most efficiently mitigate the harm? Which would cost less: the train company not throwing sparks… which basically means not running… which basically would not be good for public welfare – or the farmers who could either move the crops back or build a fence? Which ever party can do this more economically is the party blessed with responsibility. After all, the performance of both parties benefits public welfare, and the cheapest solution maximizes welfare where a more costly solution would detract from it.

Just like we economically like trains and farms, we also like networks and end users. Communications networks carry the raw stuff of the new economy: information. The issue before us concerns the information regarding whether the individual’s access to the proximate network is authorized or not. The Law and Economics question asks which party could satisfy this need most efficiently.

The Proximate Network is owned by Network Owner who knows whether it is public or private, restricted or not. The Network Owner’s cost of announcing this information is de minimis and involves configuring the AP to either be open or secure (where “secure” would effectively provide notice that the network is not open).

Let’s make up some arguable facts. If the Network Owner wishes to maintain an open network, the Network Owner would need to configure the network AP to signal this intention. If we assume this will take 15 minutes at a salary of $40 an hour (I am picking this number out of the air, but I will make the salary of the network owner the same as the individual for comparison purposes), then it would cost the network owner $10. This cost is incurred once, regardless of how many people use the network. If the Network Owner wants to terminate access after hours, the network owner can simply turn off the AP. If the Network Owner wants to be more sophisticated, the Network Owner can insert a splash page that announces the terms of access. We will be generous and say that in total the owner had to dedicate an hour to this task during a month, for the cost of $40.

Now let’s examine the individual’s cost of obtaining the information regarding whether the network is open or shut, assuming that the information provided by the AP is insufficient. The individual opens a laptop and detects a network. The individual must then determine the owner of the network and whether it is restricted. If the SSID says “CoffeeShop,” then the individual has a clue that the network is owned by the Coffee Shop (although this is no guarantee). If the SSID says something generic like “Linksys,” then the individual has no clue and must resort to some other method of investigation. Depending on where the individual is sitting, this could be any number of potential network owners. The individual can stand up and walk around, attempting to triangulate the signal. This method could be aggravated where there are multiple networks with the same SSID, causing confusing results. It could also be aggravated by the environment of the individual that does not permit sufficient movement to permit triangulation (such as a doctor’s office waiting area). If the triangulation is successful and the Individual identifies a probable Network Owner, then the Individual must be able to approach the Network Owner. But that may not be possible. It could be a library after hours or a residence that has an open AP. It could be a municipal network with APs hidden in the infrastructure. It could be a busy coffee house where the manager is too busy speaking Pretalian. Next the Individual can attempt to research. If, for instance, the probable Network Owner is a public library, the Individual could get on the Internet, search for the library website, and search for information on the network AUP – hoping that it has been presented in a readily apparent manner. And this goes on. Now multiply this cost by every single user of this network. Let’s say the average time to obtain information about the network is 30 minutes at a cost of $40 per hour resulting in a cost of $20. Now multiple this by hundreds of potential users.

While it might be difficult to obtain a specific figure for this, it is easy to conclude that the cost to the individuals is higher than the cost to the Network Owner. Therefore, Law and Economics would conclude that the responsibility is placed on the Network Owner to announce the terms and restrictions, if any, on access.

This is a sound outcome. If the burden is placed on the individual to acquire the information, there are too many scenarios were the individual cannot reliably obtain that information. Network owners who want to make their networks open will not be able to do so because the individual cannot get that information from them (assume that the Network Owner’s signaling of this information through the AP is considered not sufficient notice). This will thwart any number of potential business models and decreases public welfare. If we start with the assumption that we like networks and end users (if we assume that the use of broadband increases the public welfare), then we will favor those solutions which favor broadband deployment and availability. Placing the burden on the owner through the use of the AP means that the owner can flip on and configure the AP, and the requirement is satisfied. Placing the burden on the individual means that there may be no practical means for owners to reliably get this information to individuals, therefore decreasing broadband availability and thwarting efforts at deployment.

In the end, we face two paradigm shifts. First, the judiciary must get over the notion that WiFi networks can be stolen – they cant be stolen. Second, the judiciary and law enforcement must get over the anxiety of how to keep people out of networks. Part 15 and WiFi were not designed to exclude individuals; they were designed to facilitate the spread of advanced telecommunications to all Americans.

When a Network Owner elects to place a network proximate to a commons network, then placing the burden on the proximate network owner to provide notice of boundary and restriction is sound in terms of legal precedent, philosophy of law, and broadband policy. You cant steal Wifi!

[Disclaimer]

Steal More Wifi, part 2.

See Part 1: Where It is Concluded that Part 15 Spectrum and Wifi are part of the Commons and Cannot be Stolen

We have two spaces. One is a commons; the other is . . . well, we don’t know. We’ll call it the proximate space. These two spaces exist next to each other. But where is the boundary? It’s not visible; it’s not detectable; there are no sign posts. As the individual moves from the commons space to the next space, how is the individual to know that a boundary has been crossed.

And this proximate space, the individuals lacks knowledge as to the nature of this space. Is it a public or a private space? Is access open or restricted?

The individual can move between the common space and the proximate space easily without knowledge that a boundary has been crossed. Indeed the Internet was designed not to announce boundaries between networks but to eliminate them.

What does it mean for an individual to move from the common space to proximate space? Specifically, what does it mean to say that the access to the proximate space is “unauthorized?”

It has been suggested that the proper way to analyze this is a Trespass to Chattels analysis. There is Trespass to Real Property where the issue is unauthorized access to land, and there is every other deprivation of property – such as “borrowing” someone’s Ferrari 250 GT California. Since computer networks aren’t real property (aka land), then, the argument goes, the analysis must be Trespass to Chattels.

But access to a network that is proximate to a commons network is not a deprivation issue; the individual is not backing a box truck up the back of a coffee house and hauling away the network equipment. This is an access issue and if the question is access, then the proper analysis is real property. We want to be able to answer the question, “I am here; am I allowed to be here?”

Real Property Law

In general, the owner of real property must provide notice to exclude would be trespassers. This notice can come through actual notice communicated directly to the individual (ie, “Hey, you kids! Getouttahere!”) or through posted notices (such as Piglet’s “Trespassers Will”).

The tort of trespass to real property is intentional; an individual generally cannot be said to be trespassing unless the individual has knowledge and intent. Lacking knowledge that one is on private land and that access is restricted, the individual generally is not trespassing.

These principals particularly come into play where an owner wishes to restrict access to private property which is somehow proximate to public or common property (for example, a public shopping mall with private offices attached). The boundary where the common space becomes restricted space generally must have clear notice such that the individual can identify the boundary and the restriction.

With WiFi networks, there is a network in a commons space where no one has ownership rights, no one can be excluded, and no one has supreme claims to anyone else - proximate to an unknown space - the same predicament as the real property situation.

When can it be said that crossing from this commons to this proximate space is “unauthorized?”

Presented in this framework, the answer is clear. The owner of the proximate space must provide notice of boundary and restriction. Lacking notice, the individual can soundly assume that access to the space is not unauthorized (oh no! a double negative!).

This might be difficult when using a network, the Internet, which by design eradicates boundaries. Fortunately, with the WiFi protocol, there is an easy means for the network owner to provide notice. WiFi Access Points can inform potential interacting individuals with the information of whether the network behind the AP is open or secure, and what the SSID is. If the AP informs the individual that it is secure (that while the individual and the AP can interact with each other, the individual cannot interact with the network on the other side of the AP which is outside of the commons space), then the individual knows that the AP is the boundary and that what lies beyond is restricted.

If the AP informs the individual that the network behind the AP is open, and here is the SSID, then the individual has not been informed that access is unauthorized, and the individual is not even sure that the AP is a boundary (the AP could simply be a node with both networks connected in the commons). The precedent establishes the sound policy that the owner must provide notice of boundary and restriction, and lacking notice, the individual’s access cannot be said to be unauthorized.

Based on the notice provided by the AP, the individual can now answer the question, “I am here; is my access authorized?”

Next: Part 3: Where We Explore Some Philosophy of Law Drivel That Supports this Conclusion

Photo: Wikipedia. [Disclaimer]

TPRC Call for Papers

TPRC Presents
The 36th Research Conference on Communication, Information, and Internet Policy
Hosted by the Center for Technology and the Law, George Mason University Law School, Arlington, Virginia
Friday, September 26, 2008 through Sunday, September 28
www.tprc.org



TPRC is an annual conference on communication, information, and internet policy that convenes international and interdisciplinary practitioners and researchers from academia, industry, government, and nonprofit organizations together with policy makers. The purpose of the conference is to acquaint policymakers with the best of recent research and to familiarize researchers with the knowledge requirements of policymakers and industry. The conference will consist of papers selected from reviewed, submitted abstracts, student posters, and selected panel submissions.

TPRC is now soliciting abstracts of papers, student papers, panel proposals, and student posters for presentation at the 2008 conference. Proposals should be based on current theoretical or empirical research relevant to communication and information policy, and may be from any disciplinary perspective. TPRC seeks submissions of disciplinary, comparative, multidisciplinary or interdisciplinary excellence.

Subject areas of particular interest include, but are not limited to the following (for more detailed descriptions see http://www.tprc.org):

1. Network Competition, Policy and Management
2. Next Generation and all-IP Networks: Policy, Regulatory, Architectural and Societal Issues
3. Spectrum Management and Wireless Futures: Anywhere, Anytime Communications and its Implications
4. Societal Issues: Universality and Affordable Access; ICTs for Development and Growth
5. The Transformation and Future of Media in an Age of User- and Community-Produced Creativity
6. The Transformation and Future of Intellectual Property and Digital Rights
7. Privacy, Security, Identity and Trust
8. Internet Governance and Institutional Strategies for Information Policy
9. Other Emerging Topics

Submissions are due by May 2, 2008. Please see the guidelines for authors for additional information.

Abstracts, panel proposals and poster submissions must be submitted electronically at http://www.tprc.org. For posters and abstract, please identify the methods, central ideas, and outcomes (obtained or expected) of the research. A secondary classification of the method used in the research will be requested upon submission to assure appropriate review. Abstracts are not to exceed 500 words. Poster sessions will be available to enable the display of current student work.

Responses will be made by May 30, 2008. Selected papers will be due to TPRC on August 15th and authors are expected to present the accepted submission.

Students are encouraged to submit papers for the student paper competition (see the Student Call for Papers for complete details). Full Student papers must be submitted by May 2, 2008. Students only are recommended to enter the poster competition.

We welcome industry-specific but not vendor-specific panels.

How a Bill Becomes a Law

"I'm Just a Bill, Up on Capitol Hill...." All us old farts know the song. Someone asked me how a Bill becomes a law. I looked for a good diagram. I assumed that there must be one. And did not find one. So with my great artistic talent, I gave it a go. Well, its something. I never claimed to be a great graphic artist.