Skip to content

Wireless hotspots and the law

Not long ago wireless Internet access was mostly of use to laptop users. Now an increasing number of electronic devices are "Internet-enabled" and capable of utilizing publicly accessible hotspots. For example, many PDAs have web browsers that can be used to access the Internet or built-in e-mail clients that can synchronize over a wireless connection.

Some Voice-over-IP telephone providers, such as Vonage, are beginning to provide wi-fi-enabled handsets. There are also a number of handheld game consoles with wireless Internet functionality that can be used to play multiplayer games against other people. Even some digital cameras now include wi-fi functionality that can be used to upload photographs to online photo services.
Many of these devices, once configured, may automatically attempt to establish an Internet connection using any open access point. As a person with such device moves from one physical location to another, the device may rescan the environment from time to time and then re-establish a new connection on its own.
An interesting question that arises is when use of publicly accessible wireless access points is lawful and when is it not.
There have been a few isolated examples of individuals being charged with certain offences as a result of accessing private wi-fi access points, although this has typically occurred in conjunction with other activity that was clearly illegal. In other words, the wireless connection was being used as a tool to further a different activity, such as hacking into computer systems or downloading child pornography, as opposed to simply pursuing an otherwise lawful purpose such as downloading some information or a map from the Internet.
Some organizations operate free hotspots as a community service. Libraries, more so in the United States than Canada, are a good example. In addition to providing public access to computers, many American libraries now also operate wireless access points for the convenience of their patrons.
In some cases, municipalities may also operate free wireless "zones" in order to support their downtown commercial areas. For example, in Los Angeles, such zones have been set up in downtown Santa Monica, Culver City, West Hollywood, and Burbank.
Individual businesses may also operate free access points. These currently include select food establishments, certain fitness clubs, and retailers such as Sony and Apple.
In some cases, it is clear whether or not a particular access point is intended for public access. For instance, many hotspots use a redirected web page that can display terms of use.  Such terms may indicate that access is free and unrestricted, or can that access, while free, may be restricted to a certain class of users (such as hotel guests) or for only a specified purpose.
The name of the access point (known as the SSID) may also be used to convey whether or not free access is intended. For example, the Lasik clinic at Toronto's First Canadian Place uses an identifier that includes "Free Access" in its name.  However, in many cases it is simply not possible to tell if the operator of the access point is intending to provide public access or has simply been negligent in not putting in place technical restrictions on access.
Sony and Apple operate "open" access points in their stores but don't actually put up signs advertising that those access points are open for public use.
There are also certain individuals who are likely intentionally not locking up access to their home wireless access points because they believe in sharing, either with the world at large or with other similarly situated individuals. For example, a network called FON has sprung up where individual members can freely access each other's wireless access points.
It should be clear that certain activities are (or should be) illegal. For example, any attempt to obtain unauthorized access to a wireless facility where an owner has put in place any technical restriction (even if weak or easy to break), any attempt to interfere with the legitimate use by other users (for example, by mounting "denial of service" attacks), or any attempt to intercept wireless communications of other users (whether or not encryption is being utilized) should trigger criminal liability. Also, any attempt to use even an "open" wireless to further an illegal purpose should be prosecutable.
However, simply accessing an otherwise open access point with no reasonable notice that such use is prohibited should not result in a prosecutable offence.
Maybe, just as standards have been developed to embed a "broadcast flag" into television programs that are subject to digital rights management, someone should invent a "public access" flag for wireless access points.

Alan Gahtan is a Toronto-based technology lawyer. His web site is

cover image


Subscribers get early and easy access to Law Times.

Law Times Poll

It's unknown how widely police in Ontario utilize controversial surveillance techniques that can capture private data from non-targets in criminal investigations. Do you think there should be formal requirements to release this information?