It was recently reported that the Malaysian Communications and Multimedia Commision (“MCMC”) had received six complaints regarding the supply and sale of devices that can hack into WiFi connections. Three cases have since been sentenced by the courts and the other three will soon be brought to the courts soon. Most of the WiFi hacking incidents were carried out by using devices such as WiFi booster and WiFi cracker, which can amplify signals to attract WiFi signals within a distance of one to three kilometres.
The MCMC said that a person who uses, has in possession or sells this type of non-standard equipment or device can be charged under Section 239 of the Communications and Multimedia Act 1998 (“CMA”), and will be fined up to RM100,000 and/or jailed up to 2 years upon conviction. A person who possesses, obtains or creates an equipment or device designed to fraudulently use or obtain any network facilities, network service, applications service or content applications service can also be charged under Section 232 of the CMA, which upon conviction, will be fined up to RM300,000 and/or jailed up to 3 years.
There is also another form of “stealing” WiFi connections without having to use any equipment or device such as WiFi booster or WiFi cracker. It has been established that using another person’s unsecured WiFi connection without his or her consent and knowledge is known as “piggybacking” or “mooching”. If a person’s WiFi connection is not secured by a password, any person can actually connect to the account, without the person’s consent and knowledge. WiFi piggybacking normally happens when a person uses his neighbour’s WiFi connection without permission, or when a person sitting in a car near a WiFi hotspot to access the WiFi connection.
The issue on WiFi piggybacking remains controversial. Some argue that it is harmless, because it is no different to sitting behind another passenger on a train, and reading his newspaper over his shoulder, or enjoying the music a neighbour is playing in his backyard. Others, however, argue that it is unethical, because it is akin to entering a home just because the door is unlocked, or hanging on the outside of a bus to get a free ride (Source: Wikipedia – Piggybacking (Internet Access)).
Let’s take a look at what has happened around the world in respect of WiFi piggybacking. In the United States, most of the states prohibit unauthorised access to computer networks which include open WiFi networks. In 2005, a man in Florida was charged with unauthorised access to a computer network because he was using a resident’s WiFi connection from a car parked outside. In 2007, a man in Michigan was fined for using a cafe’s WiFi connection from a car parked nearby to check his email every day.
In Singapore, a 17 years old teenager was arrested for tapping into his neighbour’s WiFi connection. Apparently, he went outside his house to piggyback on any available WiFi connection after his mother had confiscated his computer modem. He was seen chatting online when a passerby asked what he was doing, became suspicious, and later called the police. He pleaded guilty and was sentenced to 18 months’ probation under the Computer Misuse Act. In the United Kingdom, a man was also convicted for dishonestly obtaining an electronic communication service when he was found repeatedly trying to gain access to a neighbour’s WiFi connection with a laptop from his car.
In Malaysia, no one has been arrested or charged for WiFi piggybacking so far. Our Computer Crimes Act 1997 is very similar to the Computer Misuse Act in Singapore and the United Kingdom, which means WiFi piggybacking could potentially constitute a criminal offence under Malaysian law. Section 3 of the Computer Crimes Act 1997 states that a person who:
- causes a computer to perform any function with intent to secure access to any program or data held in any computer;
- the access he intends to secure is unauthorised; and
- he knows at the time when he causes the computer to perform the function that that is the case,
will be fined up to RM50,000 and/or jailed up to 5 years upon conviction.
This section is also targeted at hackers who hack into other’s computer network or system. One peculiar feature of this Computer Crimes Act 1997 is that it has extra-territorial scope. The Computer Crimes Act 1997 states that regardless of the person’s nationality or citizenship, where an offence is committed by the person in any place outside Malaysia, in which the computer, program or data that he accessed was in Malaysia, or capable of being connected to or sent to or used by or with a computer in Malaysia, he may be charged under the Computer Crimes Act 1997 as if it was committed at any place within Malaysia. What this means is that a foreign hacker may be charged in Malaysia if he hacks into a computer, program or data in Malaysia.
It will be interesting to see how the enforcement authorities will enforce the law against people who piggyback on other’s WiFi connection, especially with the Government’s plan to increase public WiFi hotspot to make it freely available to the people across the nation. From a technological point of view, it might do no harm to you sharing your WiFi connection with others. However, from a legal perspective, that may attract several problems. For example, sharing your home WiFi connection with neighbours may violate your Internet Service Provider’s terms of service. That is because usually home WiFi package only allows WiFi connection to be shared within home users only (as opposed to those business WiFi package used by cafés, offices and shopping malls which allows them to share with the public). Another legal implication that may arise from allowing WiFi connection freely available is that you may be liable for the conduct of the person using your WiFi connection since you are the subscriber of the WiFi connection.
While it is clear that unauthorised access to a password-protected WiFi connection is illegal, it is submitted that even the use of public WiFi available at cafés and shopping malls is subject to certain restrictions, as the owners usually limit the amount of network bandwidth that may be used by an individual; require the user to remain within the premises; require the individual to be a customer before he can access the WiFi connection; or prohibit inappropriate online activity such as viewing or downloading pornographic materials (Source: WiFi Connection Laws, legalmatch.com). Hence, just because an open WiFi signal is detected, one should not assume that he is allowed to use it without the consent and knowledge of the owner.