CFAA Overbreadth: Wireless “Leeching” and Open Wireless Networks

A few years ago, if you were lucky and lived in a densely populated area, you could leech wireless internet from a neighbor. Now most wireless networks that do pop up seem to have password protection. But can the rather innocuous act of “borrowing” a open wireless network to check email constitute a violation under the CFAA?

Subsection (a)(2)(C) crops up again as it prohibits “unauthorized access” – certainly the owner did not expressly permit access, but then it poses the question of whether he or she implicitly grants it by having an open network as opposed to a closed network? The definition of “protected computer” favors an interpretation that an open network is still “closed” as protected computers are defined in (e)(2)(B) as “used in or affecting interstate or foreign commerce or communication,” which makes virtually all computers “protected.” Subsection (a)(5)(C) also could apply as it punishes intentional access that causes “damage” and loss. Since “damage” is defined in (e)(8) as “any impairment to the integrity or availability of data, a program, a system, or information,” leeching someone’s wireless could be viewed as “damaging” that person’s access to the internet because of shared (and decreased) bandwidth, especially if it creates some sort of loss. Also, it is almost impossible to access a wireless network  without intending to do so since a user must select to join a network he/she has never connected to before.

In U.S. v Salcedo, the Defendant was charged and convicted under the CFAA for accessing an open wireless network operated by Lowe’s and intending to steal credit card numbers through it. Although the main factor for his sentence isn’t the access of the wireless network but the possible damage he could have caused had he stolen the credit card numbers. [1] Prosecutors estimated the damage at over 2.5 million dollars, even though the program the Defendant used only actually collected six credit card numbers and FBI agents arrested the Defendant and his roommates before they actually used said credit card numbers. (id.) One of the Defendant’s roommates was dropped as a co-conspirator, yet he plead guilty to a misdemeanor for “checking his email over the Lowe’s network.” (id.) This is the first case that produced a conviction, yet in an earlier case Stefan Puffer revealed how easily he could access data from a local district county clerk’s office via its open wireless network.[2] at 28. Even though he did not access any actual files, the County spent $5,000 in fixing the security issue and a charge was filed against Puffer. (id.) Thankfully, a jury acquitted him of the charges, finding no damage caused and that the money spent was unrelated to Puffer’s actions. (id.)

Now, with most wireless networks that are intended to be closed secured, it seems unlikely that individuals can access sensitive data through open networks. However, the flip side of wireless leeching, providing a wireless access point, can still be problematic. Having an open network that a third party uses to commit a wrongful act could place the owner of the network in a position of having vicarious liability. (Hale, Robert V., II. “Wi-Fi liability: potential legal risks in accessing and operating wireless internet.” Santa Clara Computer & High Technology Law Journal 21.3 (March 2005): 543 at 556). Additionally, many internet service providers have terms of service provisions that limit providing internet to third parties. (id.)


~ by alyssaufl on January 11, 2010.

One Response to “CFAA Overbreadth: Wireless “Leeching” and Open Wireless Networks”

  1. […] has now expanded, with each amendment, to reach employees accessing files on company computers and accessing of open wireless access points without express permission. However, despite its ability to reach far and wide, the CFAA does not fully address issues that […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: