On Thu, 7 Oct 2004 13:12:10 -0600, Jeff McLaughlin
<jmclaughlin@springsgov.com> wrote:
I work for a small municipality who wants to offer public wifi access.
Would appreciate any direction on the possible liabilities incurred by an
organization that provides free public WIFI access. I'm really looking for
some legaleeze as I have looked at the "what if's" and "hypotheticals".
Would a simple banner page that identifies the terms/conditions and that a
user acknowledges for access hold up in court (US). Examples?
Would my organization be classified as an ISP (and subject to their laws)
even though the service is free?
Is my organization liable for any public activity or crime committed by an
individual using this access. Including law suits?
These are probably legal questions that I wouldn't feel comfortable
answering. I would hope that a terms and conditions type page along
with some appropriate attempts to monitor/thwart inappropriate use
would cover you enough on this stuff. However, for legalese, go to the
experts, get a lawyer to comment :)
Does my organization have any responsibility to notify users that the
transmission of information may be unsecured and monitored (virus).
I know here in my area that we don't believe we have any legal
obligation to notify users of free network services of monitoring that
is done. However, we feel as a matter of policy that we prefer to
disclose that monitoring is part of what we do, both as a measure of
respect for our users and as a deterrent to inappropriate behaviour.
For perspective, I work at a Canadian college so our user base is
wide, from employees to public walk-in users.
The laws here that we considered as likely or possible to apply were
primarily wiretap/eavesdropping laws, and privacy legislation. Wiretap
laws we decided were too specific in our location to apply directly,
but as noted before we decided to notify people anyway that we watch
the network. The user agreement to use wireless is the same as any
other college network, it defines the user's responsibilities, that we
will take whatever necessary steps to protect the integrity of the
network, and that as a general rule, when we monitor, we do so to
protect ourselves from attack or liability, and to protect our users
from attack or liability.
Privacy legislation is very critical for us since we have special
privacy laws that govern us as a public institution. We have
responsibilities to protect the private information of students to the
best of our ability, and that informs our user agreements quite
heavily. It also informs our data retention policies, in that we don't
keep monitoring information longer than necessary.
Can I block access to sites that my organization views as malicious, illegal
or inappropriate?
This one is pretty clear I think. Even if you provide free network
access, it's still your network, your hardware, etc. In my opinion,
you can block access to anything you want for whatever reasons you
deem appropriate. In our case, we actually allow completely
unauthenticated wireless access as long as you only want to visit our
local web sites and student services... anything else requires signon
and acceptance of the user policy, etc.
Hope that helps give you a few places to start...
