Think Free Wi-Fi Is Simple? You Could Be Sued For Negligence

Written by Frank Hayes
February 9th, 2012

Are you legally liable for what customers do over your store’s free Wi-Fi? A Massachusetts lawsuit is backing into that question with a novel legal theory: If illegal activity uses someone else’s unsecured Wi-Fi, then the Wi-Fi owner can be sued for negligence for allowing it to happen.

To be clear, the Massachusetts plaintiff is not going after any retailers—in fact, the plaintiff’s lawyer says he’d hate to try winning a case like that against a retailer. Unfortunately, that doesn’t mean some other lawyer won’t chase the same theory, with results that could put a chain in court.

The Massachusetts lawsuit is against Internet users who allegedly copied a pornographic movie and shared it with each other using a system called BitTorrent. The movie’s producers tracked down the accused pirates by way of their IP addresses. The novel twist: Even if the owner of one of those IP addresses claims he didn’t steal the movie, and that someone must have stolen it by connecting to an unsecured Wi-Fi access point, the lawsuit claims those IP-address owners are still guilty of negligence.

“By virtue of this unsecured access, Defendants negligently allowed the use of their Internet access accounts to perform the above-described copying and sharing of Plaintiff’s copyrighted Motion Picture,” the complaint says. “Had Defendants taken reasonable care in securing access to their Internet connections, such infringements as those described above would not have occurred by the use of their Internet access accounts. Defendants’ negligent actions allowed others to unlawfully copy and share Plaintiff’s copyrighted Motion Picture, proximately causing financial harm to Plaintiff and unlawfully interfering with Plaintiff’s exclusive rights in the Motion Picture.”

It’s a reach—there is no law that requires Wi-Fi to be secured, and this particular theory of negligence has yet to be tested in court. A judge will have to decide whether a Wi-Fi owner has a duty to keep other people off his wireless, and whether he has failed in that duty with the result that someone was harmed. That’s the legal definition of negligence.

But if the theory holds up, are retailers who offer Wi-Fi at risk, too? Marc Randazza, who came up with the theory, doesn’t think so. He believes the Digital Millennium Copyright Act (the law that shields Internet service providers from lawsuits like this) would probably also give immunity to retailers who offer free Wi-Fi. And if it turns out the DMCA doesn’t protect retailers, they could probably argue that free Wi-Fi was a competitive necessity and that securing it would put them at a disadvantage, which might overcome a plaintiff’s argument about negligence and damages.

“Let’s say that my theory on statutory immunity is wrong,” Randazza said. “I still think Starbucks wins. It’s a competitive necessity with a low likelihood of nefarious acts. But at home you really ought to know better.”

That’s a reasonable argument. But it’s still an argument a retailer would have to be making in court.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.