Running An Unsecured WiFi Network Is Still Not Negligent

Bleiberg Entertainment was unsuccessful in its argument that running a WiFi network without password protection is negligent in tort law. Bleiberg was aiming to force disclosure of ISP subscriber information to launch copyright infringement actions against those connected to the disclosed IP addresses. Not knowing if those subscribers were directly connected with the infringement, Bleiberg attempted to argue they were nonetheless responsible for negligence.



Why a Negligence Claim?

The issue with many internet piracy claims is that it is difficult to prove who actually committed the wrongful act. Pirating activities can usually only be traced back to a unique IP address. That IP address identifies a single modem, which may provide countless users access to the Internet. Without knowing which of those users performed the piracy, rights holders cannot pursue an action. This issue is exasperated when an unsecured wireless network is involved, as any number of uses may connect without the operator’s consent or even their knowledge.

In these cases of unprotected WiFi networks, rights holders are attempting to argue that leaving them unsecured is negligent, and as a result want to hold network operators responsible for pirating activities which occur on their network.

Negligence in a Nutshell

The tort of negligence continues to evolve, but essentially requires proof of four key elements. First, the defendant must have a special relationship to the plaintiff, known as a duty of care. Only when a legal duty exists can a defendant be found to breach it. Second, the defendant must have acted or failed to act in a way that breaches the standard of care he owed to the plaintiff. What standard the legal duty imparts on the defendant is often heavily debated, but some form of a reasonable person is usually considered in its determination. The last two elements are that the defendant’s failure to meet that standard of care caused damage to the plaintiff and there must be measurable damage which was caused by the breach of duty.

All of the unsecured WiFi cases so far have focused on the first two elements, a duty of care between the defendant and the rights holder, and what standard of care the defendant owed if there was such a duty.

The Case For Negligence

One key tenet of negligence law is the compensatory principle that losses incurred should be made up for. When the defendant solely caused the loss, it is clearly just to impart those costs on the defendant. It becomes more difficult when the defendant did not directly cause the loss, but only created a situation which allowed for the potential of a third party to inflict a loss. A real dilemma comes when the third party is unknown, or unable to compensate the victim. Then the court must choose which of two parties will bear the loss; the victim who is completely innocent, or the party who created the situation enabling the third party to subsequently inflict the loss. In these cases, courts have sometimes held the party who created the situation liable for the loss inflicted by the third party. This still requires a special relationship where the defendant had a duty to act without negligence, and that they acted in breach of that duty by creating such a situation for a loss to be imposed by a third party.

To find negligence in the case of an unsecured WiFi network which a third party used to pirate copyright-protected content, there must be a duty that was breached. Plaintiffs in cases involving these situations have argued that since the network operator is creating an opportunity for a loss to be inflicted by a third party, that leaving a WiFi network unsecured is negligence. They suggest that operators of WiFi networks have a duty to content owners to avoid facilitating the infringement of copyright-protected content and as such should ensure that their networks are secured, and thus only accessible by themselves and other authorized parties. They view having an unsecured WiFi network as below the standard of care expected of WiFi network operators.

The Case Against Negligence

Two strong issues have so far hindered these negligence claims, both discussed in New Sensations Inc. v Does 1-426. The first is that every network operator does not have a legal duty to every rights holder. The courts have found this would be a vast expansion of the duty of care. The second is that even if there was a duty of care, leaving a WiFi network unsecured is not negligent. The courts have found many cases where it is reasonable and even encouraged to have an open WiFi network. Considering public areas like airports, coffee shops and schools, along with the practice of most private individuals, the court has not seen it prudent to set the standard of care as requiring WiFi networks be secured.

Future Claims?

While the courts have set a clear stance in the cases above, one wonders if negligence might gain traction in other instances of technology usage. Could it be seen as negligent to use weak passwords, or leave login credentials in plain sight? What about failures to use anti-virus software, or the transmission of sensitive data over unencrypted networks? As technology and its use continues to permeate our lives, I think those who suffer losses may increasingly look to negligence law for compensation, and answers to these difficult questions.

Alex Buonassisi is an IPilogue Editor and a JD Candidate at the University of British Columbia.