Wi-Fi: no more places to hide?

Data is the ‘new oil’ apparently.

And ‘X’ is the new ‘Y’ (or is it ‘Y’ is the new ‘X’? – I can never remember).

Anyhow, what the legal and tech 'commentariat' are undoubtedly trying to say is that data is of enormous value. And, unlike oil, it is increasing in volume: the world is swimming in the stuff. Greetings to ‘Big Data’ and then, no doubt in a few years, to ‘Gargantuan Data’, ‘Behemothic Data’ and so on.

However, the problem with all this data is that it needs to be stored. Somewhere.

Moreover, many businesses are unaware that they are legally obliged to store this data, particularly if, say, they offer Wi-Fi services to their customers.

https://twitter.com/zackwhittaker/status/502834056456069121

Frustratingly the law is not exactly clear in this area

In April the Court of Justice of the European Union (CJEU), in the case Digital Rights Ireland and Seitlinger and Others, unexpectedly declared that the Data Retention Directive was invalid. This European directive obliged certain organisations to keep data and make it available to the authorities if requested.

As a result of its invalidation, the government brought forward emergency legislation a few months later—the Data Retention and Investigatory Powers Act 2014 (see our post here: Emergency data laws announced).

As it happens, it is likely that this new law only affects big providers of public Wi-Fi at the moment and then only if the Secretary of State makes a retention notice requiring the service provider to comply with the law.

So far so good?

Probably not: even smaller businesses would be wise to err on the side of caution as there are plenty of other laws that do apply such as the Digital Economy Act 2010 (in terms of copyright infringement) and the Data Protection Act 1998.

What’s more, these laws have teeth: in 2009 an owner of a pub owner was fined £8,000 when a customer unlawfully downloaded copyrighted material over their open Wi-Fi hotspot.

The upshot? Make sure that your clients have systems in place to ensure they are fulfilling their legal duties. In particular:

  • Can they store all necessary data for the relevant periods? Many businesses (who offer the Wi-Fi service itself) now also offer a compliance service with it so that customers can authenticate themselves via their social network accounts such as Twitter, Facebook, LinkedIn etc
  • Make sure that they have robust terms and conditions which customers must agree to before accessing the Internet via Wi-Fi. Such terms and conditions should include an acceptable use policy
  • Consider using technology to block unsavoury or illegal sites (including tech which includes updated blacklists via organisations such as the Internet Watch Foundation), and
  • Make sure that the stored data is easily accessible. Intelligence and law enforcement agencies may require access to it so presenting them with a Commodore 64 8-bit home computer and a keyboard that has not been used since 1986 won’t help.

Finally, your clients should also check with their ISP if they are allowed to offer Wi-Fi to their customers– this is not always a given.

In brief, plonking a Wi-Fi router in a window and hoping that nothing goes wrong is inviting trouble. No audit trail means no obvious way for your client to prove that he or she hasn’t been visiting inappropriate or illegal sites. Most businesses use blocking technology for their employees – why not consider the same for customers?

So what do you think? Do let us have your thoughts by leaving a comment below. Or why not leave two comments? Go on, live a little!

Area of Interest