Hot spots elude RIAA dragnet

Early last spring, NYCWireless co-founder Anthony Townsend got a note in the mail saying that someone on his network had been violating copyright laws.

Read more about swapping and Wi-Fi

This type of note is becoming increasingly common as record companies and Hollywood studios subpoena Internet service providers (ISPs) for information about subscribers in order to stop people from trading songs and movies online. But Townsend's case was unusual: As the representative of a loose collection of wireless "hot spot" Internet access points, there was no way he or the relevant access point operator in New York's Bryant Park could identify or warn the file trader.

"We brought the notice to the attention of the park management, but they weren't concerned," Townsend said. "That whole mechanism (for finding copyright violators) becomes really problematic when the ISP is someone sharing a wireless access point."

Townsend and others' similar experiences, no matter how limited today, point to a slowly widening hole in the Recording Industry Association of America's (RIAA) recently announced drive to identify and ultimately sue what could be thousands of file swappers online.

Wireless Net access through free, open or publicly available hot spots is proving to be a last bastion of privacy on an Internet where the veil of anonymity can now easily be pierced. Wi-Fi access points give anyone who possesses the appropriate computer equipment within a radius of about 300 feet the ability to reach the Internet.

Traditional ISPs give each subscriber a unique, if temporary, identification number while they're online. Wi-Fi access points don't, and that makes it difficult for the RIAA or anyone else to pinpoint exactly who is doing what using these nodes on the Net.

Wi-Fi access, meanwhile, is one of the fastest-growing segments of the technology marketplace today. About 28,000 publicly accessible hot spots exist around the world today, according to research firm Allied Business Intelligence. That figure is expected to grow to 160,000 by 2007, the firm predicted in a report last week.

Not all of those hot spots provide the same kind of anonymous access as the free services provided by Armstrong's network in New York. Most commercial Wi-Fi points are run as pay services by companies such as T-Mobile USA or Boingo, typically requiring computer users to pay for their time, usually with a credit card, and log in to their account while online. This allows customers to be identified just as easily as they would on an ordinary ISP using telephone or cable lines.

Increasingly, cafes, parks and even private homes are offering access to Net where no registration is required. With people logging in and out without offering identities, it becomes virtually impossible for groups such as the RIAA to track down the identity of copyright infringers using these nodes.

Changing Wi-Fi patterns
It is hard to argue that this type of network access makes up more than a tiny fraction of file swapping. People using public Wi-Fi access points typically use them for just a few minutes or hours, rather than staying online for the long periods of time necessary to download movie files, for instance.

This could change as the patterns of Wi-Fi use change, becoming more residential, however. Just last week, ISP Speakeasy opened a program that allows home broadband subscribers to sell wireless Net access to their neighbors, becoming in effect a mini-ISP with Speakeasy's help.

This kind of program illustrates further the potential holes in the RIAA dragnet. A Speakeasy customer who has several customers of her own could wind up unwittingly being the conduit for file-sharing activity.

In that case, Speakeasy would receive a subpoena, and be required under recent court decisions to give up her name. Moreover, under the provisions of the company's new program, her role as "administrator" for other people's accounts would make her responsible for any illegal activity by the people using her wireless Net access.

"If our terms of service are violated on (that broadband) line, we hold the administrator responsible," said Speakeasy CEO Mike Apgar. "We think the best person to understand their local area is the administrator."

However, unless the administrator keeps detailed logs of everybody's account use--which is not required by law--she may well not know who was swapping files at the time the RIAA identified a problem, and the subpoena may hit a dead end.

Recording industry officers declined to discuss their legal strategy in detail, but said that the Wi-Fi issue was not necessarily a dead end for investigations.

"We are not limiting ourselves in that respect," said RIAA Senior Vice President Matt Oppenheim.

What the group and other copyright holders can do if Wi-Fi access points turn out to be a substantial nexus for piracy isn't wholly clear. Unlike the file-swapping market, which in Napster's wake has been populated mostly by small companies that exist on the margin of the law, Wi-Fi is the technological darling of giants that range from Intel to Verizon Communications.

In theory, copyright holders could press policymakers for some regulatory framework that would require individual computer users to be identified wherever they were logged on to a network. That way, even people logging on to a free access point like the one in New York City's Bryant Park could be traced if found to be doing something illegal.

However, previous technological measures that involved the strict ability to identify users or users' computers, such as the unique serial numbers once built into Intel chips, have proven extremely controversial.

Privacy and civil-liberties activists, by contrast, are encouraging the spread of Wi-Fi access points, whether officially under a plan like Speakeasy's, or simply by setting up a wireless access point on their own.

"I think there is good reason for people to become ISPs and offer this service in order to give people real anonymity again," said Fred von Lohmann, an Electronic Frontier Foundation attorney who has represented file-swapping companies against the recording industry.

Von Lohmann, a copyright lawyer, contends that individuals and businesses that operate open Wi-Fi hot spots should be eligible for the same legal shields that ensure that ISPs aren't liable for the online actions of their customers.

Hot spot operators like Townsend say they are likely to attract the RIAA's subpoenas and lawsuits, which are due in mid-August. But they say, for now, they're not worried.

"It is obvious that people are using wireless hot spots to do the same kind of thing other people online are doing," said Townsend, whose NYCWireless group is made up of 160 hot spots around the city, mostly run by volunteers. "But there's no evidence that this kind of thing is any more prevalent. We haven't been asked to make (identifying people) any easier."