Arrest for wireless piggybacking
The Metropolitan Police have reported that "A stop by two PCSOs from Hounslow borough has resulted in the arrest, by officers, of a 39 year old man for stealing a broadband connection."
Two Police Community Support Officers apparently became suspicious when they observed a man sitting on a wall outside a house in Chiswick, West London on Tuesday, using a laptop computer. He admitted using an unsecured wireless broadband connection in the immediate area, and was taken to a police station where he was arrested on suspicion of breaches of the Communications Act 2003 and the Computer Misuse Act.
Despite the considerable publicity attracted over the last few years by wardriving and piggybacking, arrests for this offence are very infrequent in the UK. Only two other incidents seem to have resulted in arrests this year, both in Reddich, Worcestershire in April. Both parties were merely cautioned. This contrasts sharply with other jurisdictions. For example, in 2006 in Singapore a 17-year old faced a fine of up to 10,000 Singapore dollars and possibly three years in jail for the same offence. Although in the maximum UK penalties are comparable, so far there has apparently been only one successful prosecution: in 2005 an unnamed man was fined a mere £500.
Detective Constable Mark Roberts of the Metropolitan Police Computer Crime Unit (CCU) stated in the current case that the culprit's use of someone else's connection "potentially breaches the Computer Misuse Act and the Communications Act". However, although the Communications Act 2003 specifically criminalises "Dishonestly obtaining electronic communications services ... with intent to avoid payment of a charge applicable to the provision of that service", it is not entirely clear how the Computer Misuse Act could be brought to bear. The requirements for an offence under this Act are very specific: there must be intent to secure unauthorised access to a program or data, or alternatively (under the amendment of 2006) intent or recklessness relating to impairment of the operation of a computer. Merely using someone else's broadband router as a conduit for one's own authorised traffic to and from an independent source does not at first sight seem to fulfil these criteria. The Metropolitan Police have so far been unable to clarify this point for heise Security.
Interestingly, the official description of the alleged offence: "stealing a broadband connection", is also open to question. Section 1 of the Theft Act 1968 states "A person is guilty of theft, if he dishonestly appropriates property belonging to another with the intention of permanently depriving the other of it". It is difficult to see how the perpetrator in this case could "permanently deprive" the legitimate subscriber of their broadband service by making use of their wireless connection to access the internet via it.
These are not trivial issues. They clearly underline the lack of clarity on technical matters that currently undermines effective pursuit of electronic crime by law enforcement in the UK. Indeed the House of Lords recently pointed out that in the UK there is still not even a consistent definition of e-crime. For such reasons as these the Computer Misuse Act has a well-established history of not being applied wherever alternatives have been available. As a result prosecutions have been few and far between. It remains to be seen whether the amended Act will have more teeth, but so far it seems unlikely.