You do not have permission to edit this page, for the following reason:
The action you have requested is limited to users in the group: Users.
Image: Upload an image that represents the content of the chapter. This should be a jpg or png image 600x200 pixels.
Point of Contact: Enter the name of the point of contact for this chapter. This field will autocomplete with the names of people known to the system. If not known add them.
Authors: enter all the authors and contributors to this chapter separated by comas.
David WitkowskiAnton BatallaEssam El-BeikBenny LeeBill PughSteve Wimsatt
Blueprint: enter the blueprint under which this chapter is listed
BuildingsCybersecurity and PrivacyDataEducationPublic SafetyRuralSmart RegionTransportationUtilityWellbeingWirelessAgricultureBroadbandResilienceIntroductionInformationalCybersecurityPrivacyEnergyWasteWater
NIST Sectors: list all the NIST sectors where this chapter is relevant
Buildings Cybersecurity and Privacy Data Education Public Safety Rural Smart Region Transportation Utility Wellbeing Wireless Agriculture Broadband Resilience Introduction Informational Cybersecurity Privacy Energy Waste Water
Summary: Provide a summary of the chapter
Municipalities should be prepared to investigate legal issues that could impact their Public Wi-Fi project.
This document is not intended as a substitute for legal advice. Issues from our perspective will be
classified below in terms of 1) the Regulatory Landscape and 2) Organizational Responsibilities.
Free text: Write the chapter using Mediawiki markup language.
Broadband technologies are regulated by several bodies. In the United States, at the national level, the
Federal Communications Commission (FCC) has oversight of broadband systems and companies and has
the authority to create and enforce regulations that may impact Public Wi-Fi deployments. While
commercially available enterprise Wi-Fi systems use unlicensed spectrum (e.g., 2.4 GHz and 5.0 GHz)
many wireless technologies use licensed spectrum, which is regulated by the FCC. Certain public safety
systems can be exempted from license fees, which may be important in a municipal project. 18
Regulations also occur at the state level. For example, half the states in the nation have some form of
broadband law that applies to municipalities. 19 Agencies operating in these states should take the time
to review these laws prior to deploying Public Wi-Fi.
Finally, cities have their own local laws and policies that may apply to Public Wi-Fi projects, especially
those that are located outdoor, in the public right-of-way. These typically require permits, such as
encroachment and/or building permits. Depending on the level of construction required, there may also
be labor laws associated with the project. Each municipality is different, but those Public Wi-Fi projects
will be best served by conferring with their Building, Planning, and Engineering Division and Public
Works teams before breaking ground.
While there are many laws and regulations at all levels of government that can impact Public Wi-Fi
deployments, there are also several important topics, which, regardless of whether they are legal or
now, agencies should be aware of. Some of these topics involve the potential for liability. These
include 20 :
#Use of the network to exchange copyrighted material.
#Illegal activity on the network.
#Privacy concerns and use of end-user data.
==Exchange of Copyrighted Material==
Unfortunately, it is common for end-users to download and access illegal content while using Public Wi-
Fi networks. While there are technical systems that can be installed to eliminate and/or limit this ability
(e.g., firewalls with traffic inspection software or content filtering software), there is not an easy way to
completely block end-users from accessing programs like BitTorrent to download content illegally. This
becomes a complex issue, because BitTorrent has legitimate uses. A 100% reliable method to block a
torrent site requires complicated and expensive hardware and complex software configuration. 21
When an end-user downloads content illegally, the ISP will often receive a notice of copyright
infringement from the content owner and/or their legal counsel with corresponding public IP addresses.
The ISPs will then, in turn, forward these notices to the customers identified by the public IP address
(i.e., the agency). At this point, the agency must choose whether to respond to the inquiry or not. Such
notices can range from small fines (US$200-US$300) to threats of large penalties in the thousands.
Along with downloading copyrighted content, another potential problem is the use of the network for
more serious illegal activities. These perhaps occur less often, but can be even more problematic. For
example, if a person utilizes a public network to launch a cyberattack, the agency operating the public
network could be held responsible. Likewise, an end-user on an unsecured, open public network may be
“hacked” by a sophisticated user on the network using snooping and spoofing techniques to gain
illegally gain access to data and files on the network. In this case, agencies might be liable for the
damages to affected users, although in many cases the courts have not established definitive precedent
to these liability questions. 22
Mitigation includes having an end user agreement or terms of service and/or using system logging to
detect the system used to perform the illegal activity, in order to aid with criminal investigations.
==End User Data (Data Privacy)==
Along with the question of whether the Public Wi-Fi provider is responsible for protecting end-user data,
comes the question of what agencies collecting end-user data should do with it. Wi-Fi usage on public
networks may be used to target advertising, which allows monetizing anonymized end-user information.
While this anonymized data might be valuable enough to generate revenue for the agency or
municipality, which would help offset costs of building and maintaining a Public Wi-Fi network, end-
users may rightfully be concerned that they’re being tracked. In reality any user of a smartphone or
other device is already being tracked and their data is monetized by the device vendor and their
network provider, but agencies and municipalities are often held to different standards. If a decision is
made to monetize end-user data, this should be openly disclosed in council meetings and other means
to ensure transparency and avoid public opinion backlash.
Likewise, a municipality that collects end-user data on the Public Wi-Fi system may be asked to
cooperate with law enforcement agency requests to hand over end-user data. Disclosure could create
privacy concerns and resident backlash. These are questions about privacy that each agency must
determine on their own, in conjunction with sound legal advice based on constitutional principles. In a
best practices deployment these policies will be made clear to the public up-front so that end-users
connect to the network with explicit knowledge of how their data may or may not be used.