A rather obscure problem of liability exposure, both civil and possibly criminal, can occur to landlords, businesses, hotels, or homeowners (especially shared economy users) who allow others to use their WiFi hubs “free” as a way to attract business.
Literature on the problem so far, even from very responsible sources, seems a bit contradictory. The legal landscape is evolving, and it’s clear the legal system has not been prepared to deal with this kind of problem, just as is the case with many other Internet issues.
Most hotels and other venues offering free WiFi take the guest to a strike page when she enters a browser; the guest has to enter a user-id, password, and agree to terms and conditions to continue. This interception can normally be provided with router programming, with routers properly equipped. The terms and conditions typically say that the user will not engage in any illegal behavior (especially illegal downloads, or possibly downloading child pornography or planning terror attacks). The terms may include a legal agreement to indemnify the landlord for any litigation, which in practice has been very uncommon so far in the hotel business. The router may be programmed to disallow peer-to-peer.
There is some controversy in the literature as to whether Section 230 of the 1996 Telecommunications Act would hold hotels and businesses harmless. But my understanding that Section 230 has more to do with a content service provider (like a discussion forum host or a blogging service provide) being held harmless for content posted by users, usually for claims of libel or privacy invasion. A similarly spirited provision in the Digital Millennium Copyright Act of 1998, called Safe Harbor, would protect service providers for copyright infringement by users. Even so, some providers, like Google with its YouTube platform, have instituted some automated tools to flag some kinds of infringing content before posting, probably to protect their long-term business model viability. Whether Section 230 would protect a WiFi host sounds less certain, to me at least. A similar question might be posed for web hosting companies, although it sounds as though generally they are protected. Web hosting companies, however, all say that they are required to report child pornography should they happen to find it, in their AUP’s. You can make a case for saying that a telecommunications company is like a phone company, an utility, so a hotel or business is just extending a public utility. (That idea also mediates the network neutrality debate, which is likely to become more uncertain under a president Trump.)
Here’s a typical reference on this problem for hotels and businesses.
A more uncertain environment would exist for the sharing economy, especially home sharing services like Airbnb. Most travelers probably carry their own laptops or tablets and hotspots (since most modern smart phones can work as hotspots) so they may not need to offer it, unless wireless reception is weak in their homes. Nevertheless, some homeowners have asked about this. These sorts of problems may even be more problematic for families, where parents are not savvy enough to understand the legal problems their teen kids can cause, or they could occur in private homes where roommates share telecommunications accounts, or where a landlord-homeowner takes in a boarder, or possibly even a live-in caregiver for an elderly relative. The problem may also occur when hosting asylum seekers (which is likely to occur in private homes or apartments), and less often with refugees (who more often are housed in their own separate apartment units).
It’s also worth noting that even individual homeowners have had problems when their routers aren’t properly secured, and others are able to pick up the signal (which for some routers can carry a few hundred feet) and abuse it. In a few cases (at least in Florida and New York State) homeowners were arrested for possession of child pornography and computers seized, and it took some time for homeowners to clear themselves by showing that an outside source had hijacked the connection.
Comcast, among other providers, is terminating some accounts with repeated complaints of illegal downloads through a home router. In some countries, it is possible for a homeowner to lose the right to any Internet connection forever if this happens several times, even If others caused the problem.
Here are a couple of good articles on the problem at How-to-Geek and Huffington, talking about the Copyright Alerts System. Some of this mechanism came out of the defeated Stop Online Piracy Act (SOPA), whose well-deserved death was engineering in part by Aaron Swartz, “The Internet’s Own Boy”, who tragically committed suicide in early 2013 after enormous legal threats from the Obama DOJ himself.
Along these lines, it’s well to understand that automated law enforcement and litigation scanning tools to look for violations are becoming more common on the Internet. It is now possible to scan cloud backups for digital watermarks of known child pornography images, and it may become more common in the future to look for some kinds of copyright infringement or legal downloads this way (although content owners are good enough detecting the downloading themselves when it is done through P2P).
Generally, the best advice seems to be to have a router with guest-router options, and to set up the guest account to block P2P and also to set up OpenDNS. An Airbnb community forum has a useful entry here. Curiously, Airbnb itself provides a much more cursory advisory here, including ideas like locking the router in a closet (pun).
I have a relatively new router and modem combo from Comcast myself. I don’t see any directions as to how to do this in what came with it. I will have to call them soon and check into this. But here is a typical forum source on guest accounts on Xfinity routers. One reverse concern, if hosting an asylum seeker, could be that the guest needs to use TOR to communicate secretly with others in his or her home country.
It’s important to note that this kind of problem has come some way in the past fifteen years or so. It used to be that families often had only one “family computer” and the main concerns could be illegal content that could be found on a hard drive. Now, the concern migrates to abuse of the WiFi itself, since guests are likely to have their own laptops or tablets and storage devices. There has also been some evolution on the concept of the nature of liability. Up until about 2007 or so, it was common to read that child pornography possession was a “strict liability offense”, which holds the computer owner responsible regardless of a hacker or other user put it there (or if malware did). In more recent years, police and prosecutors have indeed sounded willing to look at the usual “mens rea” standard. One of my legacy blogs has a trace of the history of this notion here; note the posts on Feb. 3 and Feb. 25 2007 about a particularly horrible case in Arizona. Still, in the worst situations, an “innocent” landlord could find himself banned from Internet accounts himself. The legal climate still has to parse this idea of downstream liability (which Section 230 and Safe Harbor accomplish to some extent, but evoking considerable public criticism about the common good), with a position on how much affirmative action it wants those who benefit from technology to remain proactive to protect those who do not.
(Posted: Monday, January 9, 2017 at 10:45 PM EST)
Update: Tuesday, Jan 24, 2017, about 5 PM EST
Check out this Computerworld article (Michael Horowitz, “Just say No” [like Nancy Reagan] June 27, 2015) on how your “private hotspot” Xfinitywifi works. There’s more stuff below in the comments I posted . To me, the legal situation looks ambiguous (I’ve sent a question about this to Electronic Frontier Foundation; see pdf link in comment Jan. 24). If you leave your router enabled, someone could sign onto it (it looks if they have your Xfinity account password, or other password if you changed it). Comcast seems to think this is “usually” OK because any abuse can be separated to the culprit.