In 2005 an individual was fined £500 and sentenced to 12 months conditional discharge for use of a private wireless internet connection without consent. In August 2007 the legal and occasionally philosophical debate on the topic was revived following the arrest of an individual on suspicion of similar use. Whilst these cases are often rather isolated incidents, they do have legal foundation and raise broader questions as to the security of wireless connections.
These incidents have provoked debate as to whether it is acceptable to use a network another individual has paid for yet, such use (at least on a one off, casual basis) has a minimal affect on the network. The legal arguments focus on section 125 of the Communications Act 2003, which provides that "a person who (a) dishonestly obtains an electronic communications service and (b) does so with intent to avoid payment of the charge applicable to obtaining that service, is guilty of an offence". This avenue has been preferred to the Computer Misuse Act 1990, which states that a person is guilty of an offence if "he causes a computer to perform any function with intent to secure access to any program or data held in any computer". A successful application of this provision would require a wireless router to be deemed a computer for the purposes of the Act, the breadth of the Communications Act wording has lead to its emergence as the preferred route for prosecution.
Clearly the key issue under the Communications Act wording is intent, and whether the person gaining access is doing so (i) dishonestly and (ii) with intent to avoid payment of the charge. Most modern laptops immediately search for wireless networks upon being switched on and it has been contended that the fact that wireless networks actively broadcast themselves is a mitigating factor. However, overall there appears to be limited scope to argue that the avoidance of a charge which an individual is aware of would not be dishonest.
Earlier issues relating to wi-fi intrusions were often based on a lack of basic network security, however, such issues of casual unpermitted use have however abated as network security has improved, with networks equipped with, at least, password protection and encryption ("WEP" (1) , and its successor, the generally more secure "WPA" (2) ) as standard. Unsecured wireless internet access and transactions (i.e. networks requiring no user or password entry) in public places such as cafés remains common, and it should be borne in mind that users of such networks are exposed to a greater risk of data interception than home users benefiting from the latest security protection.
(1) Wired Equivalent Privacy
(2) Wi-Fi Protected Access