Think Free Wi-Fi Is Simple? You Could Be Sued For Negligence

Are you legally liable for what customers do over your store's free Wi-Fi? A Massachusetts lawsuit is backing into that question with a novel legal theory: If illegal activity uses someone else's unsecured Wi-Fi, then the Wi-Fi owner can be sued for negligence for allowing it to happen.

To be clear, the Massachusetts plaintiff is not going after any retailers—in fact, the plaintiff's lawyer says he'd hate to try winning a case like that against a retailer. Unfortunately, that doesn't mean some other lawyer won't chase the same theory, with results that could put a chain in court.

The Massachusetts lawsuit is against Internet users who allegedly copied a pornographic movie and shared it with each other using a system called BitTorrent. The movie's producers tracked down the accused pirates by way of their IP addresses. The novel twist: Even if the owner of one of those IP addresses claims he didn't steal the movie, and that someone must have stolen it by connecting to an unsecured Wi-Fi access point, the lawsuit claims those IP-address owners are still guilty of negligence.

"By virtue of this unsecured access, Defendants negligently allowed the use of their Internet access accounts to perform the above-described copying and sharing of Plaintiff's copyrighted Motion Picture," the complaint says. "Had Defendants taken reasonable care in securing access to their Internet connections, such infringements as those described above would not have occurred by the use of their Internet access accounts. Defendants' negligent actions allowed others to unlawfully copy and share Plaintiff's copyrighted Motion Picture, proximately causing financial harm to Plaintiff and unlawfully interfering with Plaintiff's exclusive rights in the Motion Picture."

It's a reach—there is no law that requires Wi-Fi to be secured, and this particular theory of negligence has yet to be tested in court. A judge will have to decide whether a Wi-Fi owner has a duty to keep other people off his wireless, and whether he has failed in that duty with the result that someone was harmed. That's the legal definition of negligence.

But if the theory holds up, are retailers who offer Wi-Fi at risk, too? Marc Randazza, who came up with the theory, doesn't think so. He believes the Digital Millennium Copyright Act (the law that shields Internet service providers from lawsuits like this) would probably also give immunity to retailers who offer free Wi-Fi. And if it turns out the DMCA doesn't protect retailers, they could probably argue that free Wi-Fi was a competitive necessity and that securing it would put them at a disadvantage, which might overcome a plaintiff's argument about negligence and damages.

"Let's say that my theory on statutory immunity is wrong," Randazza said. "I still think Starbucks wins. It's a competitive necessity with a low likelihood of nefarious acts. But at home you really ought to know better."

That's a reasonable argument. But it's still an argument a retailer would have to be making in court.That's a reasonable argument. But it's still an argument a retailer would have to be making in court, which isn't a place any retailer wants Wi-Fi to connect it to.

For Randazza's part, he clearly doesn't believe any of the defendants he's fingered are actually innocent victims of Wi-Fi theft. But let's say one of those IP addresses did belong to a Starbucks. What then?

"We tested this," he said. "Starbucks could block or throttle this kind of activity. You'd have to sit for three hours to allow one movie to upload."

And no one has ever sat in a Starbucks for three hours?

It's actually riskier than that. As the Massachusetts lawsuit spells out, BitTorrent doesn't require movie thieves to sit for hours while a movie downloads. A "torrent" involves breaking the movie up into pieces, which then can be downloaded from many different computers—not even necessarily all at once.

So if a would-be movie thief walks through a mall from one free Wi-Fi-enabled retailer to the next, using an iPhone or iPad to slurp down a few pieces of a stolen movie at each store, every one of those stores' IP addresses could conceivably show up on the list of thieves. And if the Wi-Fi negligence theory holds up in court, some overly aggressive plaintiff's lawyer could list all those retailers as defendants in a negligence lawsuit.

None of this spells doom for in-store customer Wi-Fi, at least not yet. Both the Wi-Fi negligence legal theory and the idea that Wi-Fi-offering retailers aren't covered by the DMCA have yet to be tested. And there are bigger problems with letting customers use the in-store Wi-Fi for whatever they please—there's really no limit to how much bandwidth some customers would happily soak up, in ways that don't have anything to do with moving merchandise.

But it's probably not to early to start thinking about how you might keep an eye on that customer Wi-Fi traffic, or even filter out connections that don't seem to have anything to do with making actual customers happy. That way, even if you get dragged into court, at least you can say you tried.