For many years, we’ve had ongoing debates about whether or not it’s ethical or legal to use open WiFi connections. It’s one of those debates that never seem to stop. Unfortunately, in a ruling yesterday, the Third Circuit appeals court suggested that merely using an open WiFi network may be a criminal act. This is hugely problematic for a variety of reasons.
The case is mainly about the question of whether or not police need a warrant to track down someone connecting to a neighbor’s open WiFi. In fact, on first reading it, I had thought that I’d lump it in with yesterday’s big victory for the 4th Amendment in the 11th Circuit, saying that police need to get a warrant for mobile phone location. The main thrust of this new ruling is that police do not need a warrant to use a tool called “MoocherHunter” to track down who is likely using someone else’s WiFi. While I’m a big 4th Amendment fan, this ruling actually makes a fair bit of sense on that front, as I’ll explain below. But eventually, it runs into serious trouble with some offhand comments towards the end.
In this case, police were trying to track down someone downloading and sharing child pornography via a P2P setup, and were able to track down the IP address. After visiting the residence associated with the IP address, the police quickly realized that no one in the house was the likely person involved with child porn (there was no child porn on the computers, nor the file sharing software with a matching user ID). From there, the police asked the residents to cooperate by installing “MoocherHunter” to try to track down who was actually connecting to their open router. It’s worth noting that the police actually had a “lengthy discussion” with federal prosecutors over whether or not a warrant was needed for MoocherHunter first, and they concluded it wasn’t needed.
Eventually, the results were narrowed down to the likely culprit, Richard Stanley, and the police then got a warrant to search that guy’s apartment, leading him to confess (after first trying to run away). Stanley’s computer also contained the child porn. Stanley tried to suppress the evidence, arguing that the use of MoocherHunter required a warrant, not unlike the Kyllo ruling that found that police needed a warrant to use a thermal imaging device from outside someone’s house to detect if there was enough heat inside to support probable cause for growing marijuana. The court here notes that while, superficially, these may look similar (a device pointed at someone’s residence), the reality is that they were quite different, because Kyllo was about looking inside someone’s house to see what they were doing in the privacy of their own home, whereas MoocherHunter was about identifying someone who had reached out of their own home into someone else’s space to make use of their WiFi connection.
Critical to Kyllo’s holding, however, was the fact that the defendant sought to confine his activities to the interior of his home. He justifiably relied on the privacy protections of the home to shield these activities from public observation. See Kyllo, 533 U.S. at 34 (characterizing the thermal imaging scan as a “search of the interior of [Kyllo’s] home,” which it considered to be “the prototypical . . . area of protected privacy”). See 13 also id. at 37 (“In the home, our cases show, all details are intimate details, because the entire area is held safe from prying government eyes.”) (emphasis in original).
Stanley can make no such claim. Stanley made no effort to confine his conduct to the interior of his home. In fact, his conduct—sharing child pornography with other Internet users via a stranger’s Internet connection—was deliberately projected outside of his home, as it required interactions with persons and objects beyond the threshold of his residence. In effect, Stanley opened his window and extended an invisible, virtual arm across the street to the Neighbor’s router so that he could exploit his Internet connection. In so doing, Stanley deliberately ventured beyond the privacy protections of the home, and thus, beyond the safe harbor provided by Kyllo….
The court further emphasizes that since MoocherHunter only revealed the path, but not the content, Stanley has even less privacy interest. That all makes some amount of sense. The court then has an interesting discussion about the third party doctrine, and whether or not Smith v. Maryland applies to Stanley’s signals. In this case, it concludes it does not. And while the reasoning is a bit convoluted, this seems important:
Were we to hold that Stanley exposed his “signal” under Smith by transmitting it to a third-party router, we might open a veritable Pandora’s Box of Internet-related privacy concerns. The Internet, by its very nature, requires all users to transmit their signals to third parties. Even a person who subscribes to a lawful, legitimate Internet connection necessarily transmits her signal to a modem and/or servers owned by third parties. This signal carries with it an abundance of detailed, private information about that user’s Internet activity. A holding that an Internet user discloses her “signal” every time it is routed through third-party equipment could, without adequate qualification, unintentionally provide the government unfettered access to this mass of private information without requiring its agents to obtain a warrant. We doubt the wisdom of such a sweeping ruling, and in any event, find it unnecessary to embrace its reasoning.
That’s a very good ruling. But, then, suddenly, the ruling goes off the rails, saying that merely connecting to the open WiFi itself may have been a criminal act:
The presence of Stanley’s signal was likely illegal. A large number of states, including Pennsylvania, have criminalized unauthorized access to a computer network. A number of states have also passed statutes penalizing theft of services, which often explicitly include telephone, cable, or computer services. We need not decide here whether these statutes apply to wireless mooching, but the dubious legality of Stanley’s conduct bolsters our conclusion that society would be unwilling to recognize his privacy interests as “reasonable.”
Yikes. While the court acknowledges in a footnote that this issue is somewhat contested, it’s incredibly problematic in general. Just the idea that this is unauthorized access is a big problem, because it’s not unauthorized. The neighbors left their WiFi open, and thus, by default, it is sending out signals that effectively say “welcome, feel free to connect to this network.” It is authorized by the very nature of the setup of the network. Thus, it’s quite questionable to argue that this is either unauthorized access or “theft of services.” The court doesn’t even seem to consider this. And while this part is not central to the overall ruling, it is still quite troubling to have that on the record in an appeals court ruling.