Wireless Squatters, Please Stand Up
By Joe Reiss
How many fellow law students have been in this situation:
It’s finals week, and you are sitting in the library researching for a final paper that’s due in a couple of days. Suddenly, you lose your Internet connection. You try to re-connect, but the school’s wireless network is overcrowded with users. Instead, your Macbook has located signals from a number of different wireless networks not affiliated with your school. Since the school’s network could be jammed for hours, and you must plow ahead with your research, you innocently connect to one of these unknown wireless networks to continue your work. This action, known as “wireless squatting”, may seem harmless, but has developed into a controversial area of intellectual property law, with many states going as far as to deem wireless squatting a felony.
This hypothetical law student is not alone. In fact, an Accenture conducted survey found that almost a third of those between the ages of 18 and 34, and one in seven Americans overall, admits to having wirelessly piggybacked onto another person’s network.1 So just who can be criminally charged for wireless squatting? Well, that depends on a number of factors, ranging from the mentality of the user, to the jurisdiction in which they are squatting.
The legality of wireless squatting is governed by federal statute 10 U.S.C. § 1030, which covers “[f]raud and related activity in connection with computers.”2 Section 1030(a)(2)(C) makes it a crime to “intentionally access a computer without authorization or exceeds authorization access, and thereby obtains — information from any protected computer.”3 Under Section 1030(a)(5)(B), one doesn’t even have to obtain information, rather, the squatter just needs to “intentionally access a protected computer without authorization, and as a result of such conduct, recklessly cause damage.”4
The statute has a very low threshold; a squatter need only cause “damage affecting 10 or more protected computers during any 1-year period,” to meet the statutory minimum.5 Certainly, damage affecting ten people sounds like a lot of harm, but when the statute defines damage as broadly as “any impairment to the integrity or availability of data, a program, a system, or information,”6 it seems evident that simply accessing a network and using its bandwidth affects the “integrity of the system.”
State statutes also struggle with establishing the clear legal bounds of wireless squatting. First, as is problematic with the federal statute,7 each state takes a different approach to the mens rea requirement.8 On one hand, Utah has no mens rea requirement, making wireless squatting a culpable offense regardless of whether the offender knew that they had accessed a network, nor whether they knew that their access was unauthorized.9 At the other end of the spectrum, New Hampshire requires that the offender both know that they have accessed a system, and know that they were not authorized to do so.10
Additionally, each state has their own interpretation of the term “authorization.”11 Colorado requires the express consent of the owner,12 New Jersey looks at whether a “reasonable person would believe that the act was authorized,”13 while Tennessee allows for implicit authorization.14 The states that require express authorization don’t adequately address the problem, as there is no way for a network provider to expressly authorize access on their system when the squatter is picking up the wireless signal over a thousand feet away.
Matthew Bierlein offers a proposal that clarifies these ambiguous terms while delicately striking a balance between the interests of those Wi-Fi users who believe that the Internet should be open to everyone and those users who want to protect their own wireless networks.15 In pertinent part, Bierlein’s model statute clearly dictates the mens rea of “knowingly”, and applies it exclusively to the term “access” in the phrase “accesses without authorization.” Thus, in order to be convicted, the state must prove that the squatter knew they were accessing the network, but the state does not also need to show that the squatter knew their access was unauthorized. More importantly, Bierlein would adopt the former New York stance towards authorization; a lack of security on the network implies that the squatter is authorized to gain access.16
Under the former New York Penal Code Rule 156.05, the network provider must take affirmative steps to protect their own system.17 In the absence of these steps, the squatter could assume implied authorization to access this network.18 However, this New York law left a number of questions unanswered.19 Bierlein diverges from the New York rule, stating that “the model statute . . . allows the principal to rebut (subject to a [clear and convincing] standard) the presumption created by the lack of security.”20 Thus, if the network user accesses a network where they should have known their access was forbidden, then the state may still establish a lack of authorization, subject to a clear and convincing evidentiary standard.
Bierlein’s model statute offers a considerable improvement to the fifty variations that each state adopts towards this problem. However, technology is already adapting faster than the state legislatures. Companies like Verizon and Sprint already offer EVDO cards, which allow a user to connect their laptop to their cell phone provider’s phone network.21 Additionally, WiMax is a new form of technology with the potential to allow for entire cities to be covered in wireless internet.22 Of course, these technologies will come at a price to the user, but they do address a root cause for wireless squatting: not being able to access any other wireless signal.
Ultimately, the current mess of the multitude of wireless squatting laws leaves the vast majority of computer users unsure as to whether their actions are illegal. If the legislatures want the wireless squatter to “stand up” and refrain from such actions, then they ought to draft a uniform statute that offers clearer guidance on the law.
1 Ben Worthen, Getting Away with Wi-Fi Squatting, THE WALL STREET JOURNAL, Apr. 18, 2008.
2 18 U.S.C. 1030 (2008).
3 18 U.S.C. § 1030(a)(2)(C). Note that computer is defined as “an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device…” 18 U.S.C. § 1030(e)(1) (emphasis added). Thus, wireless routers fall within the statutes definition of “computer”.
4 18 U.S.C. § 1030(a)(5)(B).
5 18 U.S.C. § 1030(c)(4)(A)(i)(VI).
6 18 U.S.C. § 1030(e)(8).
7 “It is unclear whether the [mens rea] language applies solely to the word ‘access’ or if it extends to encompass the whole phrase ‘access a computer without authorization.’” Matthew Bierlein, Note, Policing the Wireless World: Access Liability in the Open Wi-Fi Era, 67 OHIO ST. L.J. 1123, 1134 (2006).
8 See id. at 1138-41. Mens Rea is the “state of mind that the prosecution, to secure a conviction, must prove that a defendant had when committing a crime.” BLACK’S LAW DICTIONARY 1006 (8th ed. 2004).
9 UTAH CODE ANN. 1953 § 76-6-703(1) (West 2008).
10 N.H. REV. STAT. § 638:17 (West 2008).
11 See Bierlein, supra note 7, at 1141-43.
12 COLO. REV. STAT. § 18-5.5-101(1) (2005).
13 NJ STAT. ANN. § 2C:20-23(Q) (West 2009).
14 TENN. CODE ANN. § 39-14-601(2) (West 2008).
15 Bierlein, supra note 7, at 1178-85.
16 Bierlein, supra note 7, at 1178-80.
17 N.Y. PENAL LAW § 156.05 (McKinney 2004) (amended 2006). The statute now reads, “[a] person is guilty of unauthorized use of a computer when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization.”?N.Y. PENAL LAW § 156.05 (McKinney 2008).
18 See id.
19 See Mark Rasch, WiFi High Crimes, SECURITYFOCUS, May 3, 2004. In discussing the New York State law, Rasch poses the questions, “If the door is open, I can come in. But what if it’s not open, but is unlocked? Or if it is locked, but locked poorly? Can I still come in?” Id.
20 Bierlein, supra note 7, at 1182 n.276.
21 What is EVDO, EVDOINFO.COM, Feb. 12, 2005.
22 Ben Worthen, Wi-Fi Squatting and You, THE WALL STREET JOURNAL, Aug. 22, 2007.