Myths and Facts: Running Open Wireless and liability for what others do

Some people do not run open wireless networks because they believe it is legally risky to do so. On the other hand, millions and millions of people have run open wireless for years without running into legal trouble. What's going on?

In the United States, there are strong arguments that the significant legal protections that already apply to ISPs also apply to open wireless operators. We believe these laws greatly reduce the risk of being held liable for the activities of neighbors and passersby. However, some risks do still exist. This page discusses the protections, the risks, and what you can do to minimize them.

Open Wireless, file sharing, and copyright infringement

Operators of open wireless networks may worry that they could be liable if people use their networks to engage in copyright infringement. As we explain in our "Open Wi-Fi and Copyright" whitepaper, however, network providers generally are simply passive conduits for Internet traffic and, absent some additional action (such as encouraging users to use their network to infringe), should not be found legally responsible if the packets passing through happen to contain infringing material.

That being said, some network operators in the United States choose to invoke the additional protections of
Section 512 of the DMCA, which gives service providers a "safe harbor" from liability for infringement by their users. "Service providers" includes open wireless providers, since they are "providers of... network access," and they are also providing routers for "connections for digital online communications, between or among points specified by a user." An Open Wireless access point provides both network access and routing functions, much like any other service provider.

Section 512(i) says that, to qualify for safe harbor protections, a service provider must have a repeat infringer policy—specifically that they must have "adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers." The statute also clarifies the outer limits of a service providers' obligations are by, for example, including that you do not have to monitor your users in order to enjoy the safe harbor. The application of this section to open wireless access points has not been interpreted by a court, but it may be helpful to have a written policy for your open wireless network.

To help, we have created an Open Wireless Movement policy. If you want to use it, please inform subscribers and account holders of your system that you have adopted (and will reasonably implement) this policy by using the SSID "openwireless.org" or post this policy where it can been seen by your subscribers and account holders.

Remember: even without a Section 512(a) safe harbor, network operators have significant protections against liability for infringement that they themselves did not commit. Our creation of this policy is intended to provide a convenient way to obtain additional protection, but we do not intend to suggest such protections are needed in most cases.

Open Wireless and Six Strikes

In early 2013, ISPs teamed up with the content industry to roll out a copyright surveillance machine known as the Copyright Alert System—or "Six Strikes"—a system of escalated penalties against users for alleged copyright infringements. Six Strikes does not recognize the benefits of open wireless; indeed, it is designed to discourage open networks. For example, the website for the system urges users to password-protect their networks, and the process for identifying allegedly infringing activity will inevitable result in notices targeting open wireless network operators who have done nothing unlawful. For more information, check out our Copyright Alert System FAQ.

If you receive a notice, or “alert,” alleging that your network was used to infringe copyright, and you believe you have been targeted erroneously, you may be able to dispute the notice.

The review process is administered by the American Arbitration Association. To challenge a notice, you must apply no more than 14 days after your ISP offers you an independent review. The challenge will initially cost you $35. If you successfully challenge at least half of the notices you have received by then, your ISP will clear the record of the notices from your account, your connection will not be temporarily throttled or suspended, and you will receive a $35 refund.

Your challenge is limited to the following defenses:

  • Your account was incorrectly identified as the source of the file in question
  • The file was shared by an unauthorized user of your account, whose use you were not aware of and could not have prevented (e.g., you have an open wireless connection)
  • You had permission from the copyright owner to share the file
  • The file was mislabeled or misidentified and did not “consist primarily” of the alleged copyright work at issue, but rather contained other, non-infringing material
  • The work was published before 1923
  • Your peer-to-peer reproduction and distribution of the file was fair use under U.S. copyright law

You will not be allowed to raise any other defense. And if your defense is that you run an open wireless network, you can only raise it once. After that, the system assumes you will lock your system down.

The CAS’s private system of adjudication has no appeal process—the arbitrator’s decision is final.

What if I Get a DMCA Notice?

There is the possibility that, over the course of running an open wireless network, you may receive a Digital Millennium Copyright Act notice forwarded from your ISP for action over your network that may infringe copyright. The first thing to note is that you are not being accused of copyright infringement. Instead, the notice should allege that someone else is using your network to infringe copyright.

There are several ways of responding to a DMCA notice of this kind. First, you can ignore the notice. Second, if you have a repeat infringer policy and you have the ability to ban the MAC address or user associated with that activity from your network—and you believe such a ban is appropriate—you can do so. Third, if you don’t have a repeat infringer policy, the user in question hasn’t violated such a policy, and/or you aren’t capable of terminating the user (because, for example, you don’t have a record of the MAC address associated with the infringing activities), you can simply explain the issue to your ISP. A sample response is available here. However, please be aware that if your network violates your subscriber agreement, the service provider may not be as understanding.

Copyright Trolls

Open wireless providers may face another problem, however, in the form of copyright trolls. These companies try to use the threat of having to defend a copyright infringement suit and damages to extract settlements from people using file sharing networks. Copyright trolls often use flimsy evidence; they rely on the fact that the cost of fighting a lawsuit against them would normally be higher than the cost of just paying them a few thousand dollars to settle.

If you run an open wireless network, there is a small risk that you could be targeted by a copyright troll because of the actions of your guest users. If that happens, you could plan to hire a lawyer and fight the troll, which is righteous, but might be time consuming and expensive. EFF is occasionally able to represent wireless operators targeted by copyright trolls for free. (We have had some notable success.) Many people choose the less costly (but still costly) route of settling.

Open Wireless and police mistargeting

There have been a handful of media stories about police raiding houses during the investigation of various crimes, to eventually discover that the traffic had originated from a neighbor via a wireless network. Over the past few years, the press has reported only a few cases of misidentification through open wireless in the United States.

A couple of things that can be done that may reduce this risk: give your network a name that makes it clear that it's open ("openwireless.org"), and if you like, put a sticker up by your front door to the same effect. If you're willing to pay a bit more, get a privacy-friendly VPN account and a router that supports VPN tunneling.

Note to police departments: Some police departments have made public statements against open wireless networks, presumably because they never want to accidentally raid the homes of innocent parties. We do not believe that more passwords would fix the problem of mistargeted police investigations; even if nobody ran an open wireless network, it would be unsafe to categorically assume that an IP address maps to the subscriber's identity. Most password-protected networks are easily breakable, and criminals can use others' locked networks to cover their tracks if they wish to. Before launching a major raid based on IP address evidence, a better answer than reducing open wireless is for police officers to be trained to check for open networks as well as anonymizing technologies such as proxies and Tor exit relays.

If law enforcement comes knocking, what are my rights?

If you are in the United States, the Constitution guarantees you certain rights when the government comes to your door. Even if you feel like you have nothing to hide, we suggest you do not consent to a search and politely refuse to answer questions before you consult with a lawyer. EFF can help you find an attorney.

For more information, EFF has created a Know Your Rights guide and a Surveillance Self-Defense guide to help you understand your options if the police are trying to search your electronic devices.

JavaScript license information