What is the position under Irish law of access to the Internet via unsecured Wifi?
This is an issue that has arisen in the UK (with a conviction under the Communications Act), but Eoin asked me to do some work on this (supervisors get to do that), and has kindly given me permission to publish my preliminary findings here. I do have my doubts on the intepretation of the UK act and its application to using someone else’s broadband but I’ll touch on that later on.
The key question is whether there is an Irish version of s 125 of the (UK) Communications Act 2003, which provides that:
A person who- (a) dishonestly obtains an electronic communications service [ECS], and (b) does so with intent to avoid payment of a charge applicable to the provision of that service, is guilty of an offence.
(ECS elsewhere defined as: “a service consisting in, or having as its principal feature, the conveyance by means of an electronic communications network of signals, except in so far as it is a content service”)
And the answer is ‘sort of’.
We start with the Postal and Telecommunications Services Act 1983 (which I’ll call the P&T Act): this is the law that set up An Post and Telecom Éireann (TÉ) as monopoly semi-states for post and telecoms respectively. The Act provides (s 99(1)) that:
A person who wilfully causes the company to suffer loss in respect of any rental, fee or charge properly payable for the use of the telecommunications system or any part of the system or who by any false statement or misrepresentation or otherwise with intent to defraud avoids or attempts to avoid payment of any such rental, fee or charge shall be guilty of an offence.
(“The company” being TÉ). All we have from the Dáil record on why we got this section is that the section “penalises the fraudulent or attempted fraudulent use of the telecommunications system. This closes a gap in existing laws.” Thanks.
After a whole series of amendments/rereadings, I conclude that the section currently stands like this:
A person who wilfully causes an authorised undertaking to suffer loss in respect of any rental, fee or charge properly payable for the use of something (see below) or who by any false statement or misrepresentation or otherwise with intent to defraud avoids or attempts to avoid payment of any such rental, fee or charge shall be guilty of an offence.
which is similar to (but not the same as) the UK provision, and thus preventing a clear answer. In this post, I cover what operators are protected, what services are referred to, what cases have been taken, and the background to the UK provisions.
1. What is an authorised undertaking?
First of all, the Postal and Telecommunications Services (Amendment) Act 1999, s 7 amended the section, changing ‘the company’ to ‘a licensed operator’. This Act was the law that put various things in place for the floatation/privatisation of Eircom – and of course, telecoms competition was starting to take off at that stage. This section was added in the Dáil at the very last minute, after issues came up in committee.
Then, under the EU’s new regulatory framework for electronic communications, one of the statutory instruments that transposed the directive (SI 306/2003, for the Authorisation Directive) provided in s 4(5) that:
A reference in any enactment to a person licensed under section 111 of the Act of 1983 [the P&T Act] is to be construed as a reference to an undertaking deemed to be authorised under these Regulations.
S. 111 of the P&T Act (as amended many times, now repealed) is the basic provision dealing with the licensing of telecoms services. Now, however, licensing is replaced with authorisation – i.e. you fill out a fairly basic form, Comreg rubberstamps and authorises you by default, and Bob’s your uncle (no licence required). Therefore, the provision on a licensed operator now means an authorised undertaking.
2. What sort of service?
Above, I said that ‘the telecommunications system’ now means ‘something’. But what? The answer is not an easy one.
The original definition (“the telecommunications system or any part of the system”) is narrow, and is grammatically absurd even after the 1999 amendment (changing to any licensed operator) – there being no longer something even at that time that we could call “the system”.
There is certainly the possibility that a court would distinguish between ‘the telecommunications system’ (public) and the vague modern understanding of telecommunications/electronic communications (and refuse to construe as it changes the nature of the offence).
On the other hand, the Oireachtas intention of 1999 was certainly to apply s 99 to Eircom and its competitors (albeit in the context of limit licensing rather than virtually-blanket authorisation) so it could be argued in response that the 1999 Act, and the context of the amendments, was to make an offence of things ‘against all companies’ which used to be ‘against the publicly owned TÉ’.
What I mean is that the Oireachtas changed the law in 1999 (when there was clearly more than “the telecommunications system” and thus there is (in part) some legislative intention to mean, in essence, “a telecommunications system or any part of a system”. However, the more recent definitions are of electronic communications ‘services’ and ‘networks’ (with telecoms included alongside other stuff) and thus without a clear amendment, it’s unclear what a/the ‘telecommunications sytem’ actually is or isn’t.
Is Internet access included? I’m going to chance it and say it might be (especially for ‘full’ broadband networks as opposed to virtual ISPs), but not with much conviction. As it happens, we don’t really have a clear definition of ‘telecommunciations system’ in Ireland – the best I can find is that used in the Copyright Act (of advisory value only and for a specific purpose there):
“telecommunications system” means a system for conveying sounds, data or information or any combination of sounds, images or information, or the representations thereof, by means of a wire, beam or any other conducting device through which electronically generated programme-carrying signals are guided over a distance
For the record, I’ve included the full definitions of services and networks in the comments.
According to Kelleher and Murray’s 1997 IT Law in Ireland book (second edition due this year), s 99(1) been used in a mid-90s case against someone who was cloning sim cards (Eircell being the unlucky company), but the summary seems to indicate that the fact that TÉ (then-parent of Eircell) were at a loss (as they had to refund the also-unlucky customers) and thus it was ‘loss’ for the purpose of s 99 P&T Act. The ‘mere’ use of a Web connection (or other non-traditional bits of electronic comms servicces) may be difficult to use in a s 99 prosecution, especially given that while you can figure out a per-call rate for phone hacking, it’s less easy to do so for mere web access (especially when someone already has unlimited unmetered access).
In the UK, other than the recent controversy, we have a sprinkling of cases but they seem to relate to questions of intent and conspiracy rather than the definition of the offence.
Personally I am not convinced that there was a strong case in the current controversy, and that access to someone’s Wifi hotspot is not necessarily dishonest use of an electronic communications service (the offence may be between the sniffer and the subscriber but not between the sniffer and the broadband provider!) – otherwise there is probably no difference between accessing someone’s Wifi with their consent and without it, if the fact that you are getting to the Internet (thus the e-communications service) is the legal issue.
4. The British legal history
The current provision in the UK is based on s 42 of the 1984 Telecommunications Act (the first deregulation act, setting up private BT), which is clear enough:
A person who dishonestly obtains a service to which this subsection applies with intent to avoid payment of any charge applicable to the provision of that service shall be guilty of an offence and liable ….
(‘a service to which this subsection applies’ is a licensed telecommunications service, excluding certain broadcast-related services)
Apparently this was originally passed as the use of laws on ‘theft of electricity’ wasn’t working out (remember those attempts to control hacking through leckytheft?)
The Irish law is unclear. As a policy question, I’m not sure whether establishing criminality for access to unsecured Wifi should be an offence (it has the potential to be horribly overbroad and preventing Fon-type sharing); but as a legal question, the more general issue of what s 99 actually means must be addressed. Indeed, even outside of the Wifi question, the ‘dishonesty’ or ‘loss’ question must be dealt with. Of course, we do have the general provisions of the criminal law (excellently summarised by TJ in this 2005 article) on ‘unauthorised access’ and on ‘dishonest use of a computer': in particular,
A person who dishonestly, whether within or outside the State, operates or causes to be operated a computer within the State with the intention of making a gain for himself or herself or another, or of causing loss to another, is guilty of an offence (s 9 of the Criminal Justice (Theft and Fraud Offences) Act 2001)
seems similar to s 99 and could certainly (in my opinion) be used against a Wifi freerider (although again I’d say that the ‘loss’ question is a big unanswered question).
My personal view is that the law is a mess, and should be clarified, subject to having a proper debate about Wifi sharing and so on first. What’s yours?