Municipalities should be prepared to investigate legal issues that could impact their Public Wi-Fi project. This document is not intended as a substitute for legal advice. Issues from our perspective will be classified below in terms of 1) the Regulatory Landscape and 2) Organizational Responsibilities.
Broadband technologies are regulated by several bodies. In the United States, at the national level, the Federal Communications Commission (FCC) has oversight of broadband systems and companies and has the authority to create and enforce regulations that may impact Public Wi-Fi deployments. While commercially available enterprise Wi-Fi systems use unlicensed spectrum (e.g., 2.4 GHz and 5.0 GHz) many wireless technologies use licensed spectrum, which is regulated by the FCC. Certain public safety systems can be exempted from license fees, which may be important in a municipal project. 18
Regulations also occur at the state level. For example, half the states in the nation have some form of broadband law that applies to municipalities. 19 Agencies operating in these states should take the time to review these laws prior to deploying Public Wi-Fi.
Finally, cities have their own local laws and policies that may apply to Public Wi-Fi projects, especially those that are located outdoor, in the public right-of-way. These typically require permits, such as encroachment and/or building permits. Depending on the level of construction required, there may also be labor laws associated with the project. Each municipality is different, but those Public Wi-Fi projects will be best served by conferring with their Building, Planning, and Engineering Division and Public Works teams before breaking ground.
While there are many laws and regulations at all levels of government that can impact Public Wi-Fi deployments, there are also several important topics, which, regardless of whether they are legal or now, agencies should be aware of. Some of these topics involve the potential for liability. These include 20 :
- Use of the network to exchange copyrighted material.
- Illegal activity on the network.
- Privacy concerns and use of end-user data.
Exchange of Copyrighted Material
Unfortunately, it is common for end-users to download and access illegal content while using Public Wi- Fi networks. While there are technical systems that can be installed to eliminate and/or limit this ability (e.g., firewalls with traffic inspection software or content filtering software), there is not an easy way to completely block end-users from accessing programs like BitTorrent to download content illegally. This becomes a complex issue, because BitTorrent has legitimate uses. A 100% reliable method to block a torrent site requires complicated and expensive hardware and complex software configuration. 21
When an end-user downloads content illegally, the ISP will often receive a notice of copyright infringement from the content owner and/or their legal counsel with corresponding public IP addresses. The ISPs will then, in turn, forward these notices to the customers identified by the public IP address (i.e., the agency). At this point, the agency must choose whether to respond to the inquiry or not. Such notices can range from small fines (US$200-US$300) to threats of large penalties in the thousands.
Along with downloading copyrighted content, another potential problem is the use of the network for more serious illegal activities. These perhaps occur less often, but can be even more problematic. For example, if a person utilizes a public network to launch a cyberattack, the agency operating the public network could be held responsible. Likewise, an end-user on an unsecured, open public network may be “hacked” by a sophisticated user on the network using snooping and spoofing techniques to gain illegally gain access to data and files on the network. In this case, agencies might be liable for the damages to affected users, although in many cases the courts have not established definitive precedent to these liability questions. 22
Mitigation includes having an end user agreement or terms of service and/or using system logging to detect the system used to perform the illegal activity, in order to aid with criminal investigations.
End User Data (Data Privacy)
Along with the question of whether the Public Wi-Fi provider is responsible for protecting end-user data, comes the question of what agencies collecting end-user data should do with it. Wi-Fi usage on public networks may be used to target advertising, which allows monetizing anonymized end-user information. While this anonymized data might be valuable enough to generate revenue for the agency or municipality, which would help offset costs of building and maintaining a Public Wi-Fi network, end- users may rightfully be concerned that they’re being tracked. In reality any user of a smartphone or other device is already being tracked and their data is monetized by the device vendor and their network provider, but agencies and municipalities are often held to different standards. If a decision is made to monetize end-user data, this should be openly disclosed in council meetings and other means to ensure transparency and avoid public opinion backlash.
Likewise, a municipality that collects end-user data on the Public Wi-Fi system may be asked to cooperate with law enforcement agency requests to hand over end-user data. Disclosure could create privacy concerns and resident backlash. These are questions about privacy that each agency must determine on their own, in conjunction with sound legal advice based on constitutional principles. In a best practices deployment these policies will be made clear to the public up-front so that end-users connect to the network with explicit knowledge of how their data may or may not be used.