A WiFi Odyssey

What is the position under Irish law of access to the Internet via unsecured Wifi?

This is an issue that has arisen in the UK (with a conviction under the Communications Act), but Eoin asked me to do some work on this (supervisors get to do that), and has kindly given me permission to publish my preliminary findings here. I do have my doubts on the intepretation of the UK act and its application to using someone else’s broadband but I’ll touch on that later on.

The key question is whether there is an Irish version of s 125 of the (UK) Communications Act 2003, which provides that:

A person who- (a) dishonestly obtains an electronic communications service [ECS], and (b) does so with intent to avoid payment of a charge applicable to the provision of that service, is guilty of an offence.

(ECS elsewhere defined as: “a service consisting in, or having as its principal feature, the conveyance by means of an electronic communications network of signals, except in so far as it is a content service”)

And the answer is ‘sort of’.

We start with the Postal and Telecommunications Services Act 1983 (which I’ll call the P&T Act): this is the law that set up An Post and Telecom Éireann (TÉ) as monopoly semi-states for post and telecoms respectively. The Act provides (s 99(1)) that:

A person who wilfully causes the company to suffer loss in respect of any rental, fee or charge properly payable for the use of the telecommunications system or any part of the system or who by any false statement or misrepresentation or otherwise with intent to defraud avoids or attempts to avoid payment of any such rental, fee or charge shall be guilty of an offence.

(“The company” being TÉ). All we have from the Dáil record on why we got this section is that the section “penalises the fraudulent or attempted fraudulent use of the telecommunications system. This closes a gap in existing laws.” Thanks.

After a whole series of amendments/rereadings, I conclude that the section currently stands like this:


A person who wilfully causes an authorised undertaking to suffer loss in respect of any rental, fee or charge properly payable for the use of something (see below) or who by any false statement or misrepresentation or otherwise with intent to defraud avoids or attempts to avoid payment of any such rental, fee or charge shall be guilty of an offence.


which is similar to (but not the same as) the UK provision, and thus preventing a clear answer. In this post, I cover what operators are protected, what services are referred to, what cases have been taken, and the background to the UK provisions.

1. What is an authorised undertaking?

First of all, the Postal and Telecommunications Services (Amendment) Act 1999, s 7 amended the section, changing ‘the company’ to ‘a licensed operator’. This Act was the law that put various things in place for the floatation/privatisation of Eircom – and of course, telecoms competition was starting to take off at that stage. This section was added in the Dáil at the very last minute, after issues came up in committee.

Then, under the EU’s new regulatory framework for electronic communications, one of the statutory instruments that transposed the directive (SI 306/2003, for the Authorisation Directive) provided in s 4(5) that:

A reference in any enactment to a person licensed under section 111 of the Act of 1983 [the P&T Act] is to be construed as a reference to an undertaking deemed to be authorised under these Regulations.

S. 111 of the P&T Act (as amended many times, now repealed) is the basic provision dealing with the licensing of telecoms services. Now, however, licensing is replaced with authorisation – i.e. you fill out a fairly basic form, Comreg rubberstamps and authorises you by default, and Bob’s your uncle (no licence required). Therefore, the provision on a licensed operator now means an authorised undertaking.

2. What sort of service?

Above, I said that ‘the telecommunications system’ now means ‘something’. But what? The answer is not an easy one.

The original definition (“the telecommunications system or any part of the system”) is narrow, and is grammatically absurd even after the 1999 amendment (changing to any licensed operator) – there being no longer something even at that time that we could call “the system”.

There is certainly the possibility that a court would distinguish between ‘the telecommunications system’ (public) and the vague modern understanding of telecommunications/electronic communications (and refuse to construe as it changes the nature of the offence).

On the other hand, the Oireachtas intention of 1999 was certainly to apply s 99 to Eircom and its competitors (albeit in the context of limit licensing rather than virtually-blanket authorisation) so it could be argued in response that the 1999 Act, and the context of the amendments, was to make an offence of things ‘against all companies’ which used to be ‘against the publicly owned TÉ’.

What I mean is that the Oireachtas changed the law in 1999 (when there was clearly more than “the telecommunications system” and thus there is (in part) some legislative intention to mean, in essence, “a telecommunications system or any part of a system”. However, the more recent definitions are of electronic communications ‘services’ and ‘networks’ (with telecoms included alongside other stuff) and thus without a clear amendment, it’s unclear what a/the ‘telecommunications sytem’ actually is or isn’t.

Is Internet access included? I’m going to chance it and say it might be (especially for ‘full’ broadband networks as opposed to virtual ISPs), but not with much conviction. As it happens, we don’t really have a clear definition of ‘telecommunciations system’ in Ireland – the best I can find is that used in the Copyright Act (of advisory value only and for a specific purpose there):

“telecommunications system” means a system for conveying sounds, data or information or any combination of sounds, images or information, or the representations thereof, by means of a wire, beam or any other conducting device through which electronically generated programme-carrying signals are guided over a distance

For the record, I’ve included the full definitions of services and networks in the comments.

3. Cases

According to Kelleher and Murray’s 1997 IT Law in Ireland book (second edition due this year), s 99(1) been used in a mid-90s case against someone who was cloning sim cards (Eircell being the unlucky company), but the summary seems to indicate that the fact that TÉ (then-parent of Eircell) were at a loss (as they had to refund the also-unlucky customers) and thus it was ‘loss’ for the purpose of s 99 P&T Act. The ‘mere’ use of a Web connection (or other non-traditional bits of electronic comms servicces) may be difficult to use in a s 99 prosecution, especially given that while you can figure out a per-call rate for phone hacking, it’s less easy to do so for mere web access (especially when someone already has unlimited unmetered access).

In the UK, other than the recent controversy, we have a sprinkling of cases but they seem to relate to questions of intent and conspiracy rather than the definition of the offence.

Personally I am not convinced that there was a strong case in the current controversy, and that access to someone’s Wifi hotspot is not necessarily dishonest use of an electronic communications service (the offence may be between the sniffer and the subscriber but not between the sniffer and the broadband provider!) – otherwise there is probably no difference between accessing someone’s Wifi with their consent and without it, if the fact that you are getting to the Internet (thus the e-communications service) is the legal issue.

4. The British legal history

The current provision in the UK is based on s 42 of the 1984 Telecommunications Act (the first deregulation act, setting up private BT), which is clear enough:

A person who dishonestly obtains a service to which this subsection applies with intent to avoid payment of any charge applicable to the provision of that service shall be guilty of an offence and liable ….

(‘a service to which this subsection applies’ is a licensed telecommunications service, excluding certain broadcast-related services)

Apparently this was originally passed as the use of laws on ‘theft of electricity’ wasn’t working out (remember those attempts to control hacking through leckytheft?)

Conclusion

The Irish law is unclear. As a policy question, I’m not sure whether establishing criminality for access to unsecured Wifi should be an offence (it has the potential to be horribly overbroad and preventing Fon-type sharing); but as a legal question, the more general issue of what s 99 actually means must be addressed. Indeed, even outside of the Wifi question, the ‘dishonesty’ or ‘loss’ question must be dealt with. Of course, we do have the general provisions of the criminal law (excellently summarised by TJ in this 2005 article) on ‘unauthorised access’ and on ‘dishonest use of a computer’: in particular,

A person who dishonestly, whether within or outside the State, operates or causes to be operated a computer within the State with the intention of making a gain for himself or herself or another, or of causing loss to another, is guilty of an offence (s 9 of the Criminal Justice (Theft and Fraud Offences) Act 2001)

seems similar to s 99 and could certainly (in my opinion) be used against a Wifi freerider (although again I’d say that the ‘loss’ question is a big unanswered question).

My personal view is that the law is a mess, and should be clarified, subject to having a proper debate about Wifi sharing and so on first. What’s yours?

16 comments

  1. Daithí says:

    “electronic communications service” means a service normally provided for remuneration which consists wholly or mainly in the conveyance of signals on electronic communications networks, including telecommunications services and transmission services in networks used for broadcasting, but excludes – (a) a service providing, or exercising editorial control over, content transmitted using electronic communications networks and services, and (b) an information society service, as defined in Article 1 of Directive 98/34/EC, which does not consist wholly or mainly in the conveyance of signals on electronic communications networks [basically, services delivered online rather than ISPs];

    “electronic communications network” means transmission systems and, where applicable, switching or routing equipment and other resources which permit the conveyance of signals by wire, by radio, by optical or by other electromagnetic means, including satellite networks, fixed (circuit- and packet-switched, including Internet) and mobile terrestrial networks, electricity cable systems, to the extent that they are used for the purpose of transmitting signals, networks used for radio and television broadcasting, and cable television networks, irrespective of the type of information conveyed

  2. Tom Young says:

    Daithi check the wireless telegraphy act of 1926. I jest not. http://www.irishstatutebook.ie/front.html

    Wifi and Wimax are unlicenced in Ireland and as such, fall between the stools. The Telegraphy Act (which is subject to change and future repeal under the Communications Act 2002 and the Broadcasting Bill) provides certain protection for terminal users to the best of my knowlegde.

    I would also suggest that the Burden and Standard (s) of proof required to ground a case of malicious usage under the TFA 2001 or indeed some other act would be a problem.

    Quaere: Do property owners in UK and Ireland not have rights to use the air and space above their dwellings to a certain level? (Which could create further consequences).

    Tom

  3. Tom Young says:

    See also USO Directive, Art. 2 Ss. (e) for defintion of an NTP – Network Termination Point. In this instance the router. My take is that WEP and user ignorance is a problem. Then again, ignorance of the law is not a defense.

  4. Tom Young says:

    I’d have thought that S. 9 of the 2001 CJ Theft and Fraud Offences would have captured this offence here.

  5. Tom Young says:

    By the way, for clarity. The Internet is not included in the Regulatory Framework (or Relevant Markets Recommendation) or ancillary directives (USO, Auth, Access and ICT). It seems the UK definition of Telecommunications System causes me daily problems at the moment.

  6. Daithí says:

    Thanks for all of that, Tom. Greatly appreciate it. I did quote (but without full citation) s 9 of the 2001 CJ Act, and will edit to to make that clear. As for the Wireless Telegraphy Act (a wonderful piece of legislation, thankfully consolidated (in part, as I recall) in a recent book, that has some impact – although I think the UK prosecutions and cautions have been about (essentially) the theft of (fixed) bandwith between the router and the ISP/Internet, rather than the (wireless) leg between the router and the drive-by user!

    However I’m not sure what you mean about the Internet and the NRF: the EU’s own non-legal summary is that electronic communications are “services or networks that transmit communications electronically, whether it is wireless or fixed, carrying data or voice, Internet based or circuit switched, broadcasting or personal communication [,] all covered by a set of EU rules that became applicable on 25 July 2003″ (http://ec.europa.eu/information_society/policy/ecomm/index_en.htm). Obviously content services are dealt with seperately, and the British definition is odd (do fill us in on the UK definition, as I’m curious to know, given the different wording, what impact it has), but I think certainly at the level of broadband providers etc it does apply?

  7. Tom Young says:

    Well I’d debate that at length. The issue is that the 2003 Framework espouses Technology Neutrality and the Transfer of Technology Neutrality (THIS IS NOT NET NEUTRALITY) so seeks to regulate access only (See relevant markets recommentation outlining 18 relevant markets). I can firmly comment that the Internet is unregulated save for applications which might touch it e.g., telephone numbers, ENUM, VoIP and certain access etc.

    PATS is a controversial aspect of this, as outlined in the USO Directive, Art. 2 (c).

    Reading the entire NRF (If one can stay awake long enough) will not actually give a clear picture on this.

    So re. your quote ‘carrying’ is the operative word with relevance to the Internet and and indeed the mechanism of communication in question.

    The 2006 Framework review may contain more avenues into the Net Neutrality debate(s) but seeing as we are not as subject to the US regime for Competition and indeed HDTV and content service (Regulation) we may in fact have a less caring approach over here in YOU-rope.

    Mate Tom is involved in this: http://www.ofcom.org.uk/media/speeches/2007/02/net_neutrality

  8. Daithí says:

    Aye, I read (and really enjoyed) those Ofcom notes before. Tell Tom they’re very helpful. In fact I mentioned it in a talk at Birmingham last week. The other little bit of curiosity on the EU and NN is that the Content Online consultation (from DG Info Soc) asked whether the EU should do anything in relation to NN debates:

    The Internet is currently based on the principle of “network neutrality”, with all data moving around the system treated equally. One of the ideas being floated is that network operators should be allowed to offer preferential, high-quality services to some service providers instead of providing a neutral service. What is your position on this issue? (http://ec.europa.eu/avpolicy/other_actions/content_online/index_en.htm#consultation)

    Make of that what you will ;)

  9. Daithí says:

    Oh and although as you indicate the legal issues and reading any of the Framework documents will put grey hairs on you, would it be fair, as a non-legal summary to say that EU telecoms law regulates certain industries that provide access to ‘the Internet’ rather than ‘the Internet’ itself?

  10. Tom Young says:

    Yes, or just reduce to state regulates Access to Communications (omits work Internet, Video, Telephony, Frame, ATM etc.).

    There are aspects of the NN debate which are useful, but in general there are problems with other aspects. I think its less useful to dive directly into supporting the ‘academic sandal wearing’ NN debate before we place our environs into context (and that’s not a capitalist or personally aimed remark).

    There is nothing worse than politico’s engaging in debates because they are sexy or hot topics. The US is in important investor in the EU, so as such playing to the crowd is something that we have heard from Mme. Reding on this matter. The ’06 FW review will be of interest.

  11. Ross says:

    As an interesting aside about Wi-fi in Ireland… I recently bought Apple’s new Airport Extreme Base Station (www.apple.ie) which comes with two differing claims for speed of either 5x faster on the US site and 2.5x faster on the Apple UK site. This is due to the legislation in place in the UK that doesn’t allow for what is termed ‘wide-channels’ which is basically two adjacent frequencies working in parallel and hence boosting their throughput.
    The bit that’s relevant to here is that due to the Irish State not covering this issue like the Brits we get to experience a faster wifi lifestyle. Additionally it’s been noted repeatedly that when UK owners of the device are setting up their wifi points they now select their home country as Ireland to overcome the software (legally induced) limitation.
    Hope this is of some use…

  12. Tom Young says:

    Lex, see Copland v. UK. EHCR http://www.thegovernmentsays.com/cache/90069.html

    You might want to move this comment elsewhere.

    Ciao.

  13. [...] as Daithí Mac Síthigh points out on his WiFi Odyssey (a tremendous post, well worth reading), the patchwork of subequent amendments has made such a mess [...]

  14. [...] to using an open wifi connection (or ‘unauthorised access’ as some like to call it). I wrote about this in some detail a while back, and this case (albeit with different legislation) is a useful reminder that these [...]

  15. [...] or civil liability if a user’s wifi is shared by a third party; and Daithí has taken the discussion several steps further. Now, Kris adds an additional consideration, directing the analysis to the [...]

  16. [...] that doesn’t make it a crime. Only a statute can do that, and the Irish statutory position is unclear and obscure. The UK’s statues would seem to be clearer. For example, section 125(1) of the [...]

Leave a Reply