Minimizing bandwidth drain and legal risk by securing guest Wi-Fi

Published on


With “Free Wi-Fi” becoming a common offering at retail businesses nationwide, Dealership sales and service customers might actually expect free Wi-Fi. There are certainly some advantages to providing it: customers can have something to do while waiting, can research vehicles or accessories online, and they can submit online credit or insurance applications on their mobile devices. However, providing Wi-Fi has its downsides: you may have already experienced bandwidth drain from mobile users and customers or unknown parties can misuse internet access by, for example, accessing or downloading data being transmitted through your network by other users or stored on your own servers or computers. A Wi-Fi network could also be used commit crimes unrelated to your business or other users, such as being used to illegally download movies or music or transmit illegal materials. This article addresses potential liability in offering free Wi-Fi and provides some basics of setting up a secured wireless network to mitigate these risks.

Risks unique to unsecured Wi-Fi

Routers and access points sometimes default to unsecured access, meaning that any user within any device can easily connect to your network. Although this is convenient to set up because you do not need to configure a password or entry page, an unsecured network can be so open that anyone with free hacking software can intercept information about other users on the network, including, without limitation, seeing their emails, chat messages, passwords and credit card information.[1] Or hackers can use an unsecured network to plant malware (viruses, spyware, Trojan horse programs, etc.) on to other users’ devices. Hackers can even make fake hotspots that mimic the names of an unsecured network in order to trick users to connect to the hacker’s (even more dangerous) fake network.[2]

We mentioned that users could use your network to download copyrighted materials, such as movies or music. Although a dealership could be liable if it somehow encouraged such use, there is usually little risk in merely providing unsecured Wi-Fi in this regard. The Digital Millennium Copyright Act (“DMCA”), which is used to prevent and remedy the pirating of copyrighted media, provides a safe harbor for Wi-Fi network providers (“Service Providers”) who:

  • Do not initiate or mediate the transmission of, or store copies of, illegally transmitted materials;
  • Do not interfere with technical copyright protection measures (e.g., watermarks or passwords);
  • Do have prompt systems in place to respond to notices of infringement and for banning repeat infringers (this last requirement is typically usually used against ISPs who, for example, are given notice that someone is hosting copyrighted materials on a website they are leasing).[3]

Although the risk of liability for copyright infringement is minimal if these measures are followed, we recommend against providing, or transmitting data on, any unsecured wireless network mainly to prevent the other potential misuses mentioned above, especially the interception of dealership or user private information.

Protecting your network with encryption

We recommend utilizing an experienced Information Technology professional in setting up a secured, encrypted Wi-Fi network that meets your needs and your budget. It is beyond the scope of this article to address all the possible technical safeguards available, which will be replaced by newer systems in the future. As a best practice, an encrypted “Guest Wi-Fi” should be separate from an encrypted business network, providing an additional barrier between people using Guest Wi-Fi and the valuable intellectual property stored on your business network, including your customers’ private financial information. Encrypted networks are more secure; however, no online network offers perfect protection from outside threats.

Using a Wi-Fi landing page to provide additional legal protection

Have you ever been low on cell data while grabbing a latte? If so, you have probably seen a Wi-Fi landing page asking you to “Accept and Connect” in order to use the internet. When a landing page (also considered a “captive portal”) is in place, all devices connecting to a guest Wi-Fi network are routed to a page that the customer must click to access the internet. There is no “one size fits all” solution to providing and securing Wi-Fi, but a captive portal can provide several advantages. For example:

  • You can cap how much bandwidth each device can use (prohibiting, for example, one user from downloading large files, such as movies).
  • You can require users to review and agree to terms and conditions such as:
    • That users will use the network only for browsing and not for high bandwidth purposes, such as downloading or streaming;
    • That users will not use the network to download any copyrighted or otherwise protected materials;
    • That users will not use the network to obtain information from other users or the network host;
    • That users will not use the network for any illegal purpose such as gambling, publishing defamatory statements, fraudulent activity, or even for legal but inappropriate purposes such as downloading pornography;
    • That users will provide their own devices and comply with all applicable laws;
    • That users will indemnify and defend you against any third party claims created by their use of the network;
    • That Wi-Fi services are provided “As Is”, with all available limitations of liability, and subject to California law and jurisdiction;
    • That your dealership is not agreeing to secure any data on the network and users assume all liability in their use of the network;
    • That your dealership can restrict any access or user at any time for any purpose.
  • As a best practice, you can make users type their name out and agree that they are over eighteen years of age, before accessing the network, for further proof of their informed consent to the terms and conditions of using your Wi-Fi.

Terms such as these can offer a dealership with additional defenses and rights in the event that someone comes after your dealership for an issue caused by a third-party user. Several of these terms involve specific legal language that should be drafted by an experienced attorney, especially with regard to indemnification, limitations of liability, and the application of California law. And again, we recommend consulting with an experienced IT professional in developing technical safeguards to encrypt and isolate out your guest Wi-Fi.

[1] May 23, 2017