By Shane Huang
Originally, this series was designed to highlight the most problematic portions of the 9th Circuit’s opinion in Joffe v. Google, and to propose a better framework for analyzing whether the Wiretap Act covers technologies developed and popularized since the Act’s most recent major revision.
However, on December 27, 2013, the 9th Circuit substantially revised its opinion, and the most problematic portions of the September opinion no longer carry the force of law. As a result, the critical legal questions are once again up for grabs, and the court opinion no longer “threatens to criminalize ordinary Wi-Fi use,” as this series’ title indicates. With that in mind, this final installment in this series will shift its focus to how the courts should analyze the issues in this case, so as to not threaten branding ordinary Wi-Fi users as criminals.
As discussed before in Part II of this series, the original September opinion had two main conclusions: (1) Wi-Fi signals are not “radio communications” within the meaning of the Wiretap Act, and (2) Wi-Fi signals are not “readily accessible to the general public.” Because Wi-Fi did not fall under either of these two exceptions, interception of Wi-Fi was held to be a crime under the Wiretap Act. The amended opinion still preserves the first holding, that Wi-Fi signals are not “radio communications.” However, the court’s amended opinion no longer reaches a conclusion about whether Wi-Fi is “readily accessible to the general public,” and has instructed the lower trial court to properly adjudicate that particular issue. Regardless of what the lower court decides, it’s safe to assume that the losing party will appeal it back to the 9th Circuit Court of Appeals.
So how should the courts — both the trial court and the appellate court — rule on this issue? As discussed in the last post, the original 9th Circuit opinion followed a naive and factually inaccurate line of reasoning when it concluded that Wi-Fi is not “readily accessible to the general public.” Instead, the court should adopt a new framework for analyzing whether particular signals are “readily accessible to the general public.”
As discussed in part I of this series, Wi-Fi signals are governed under Part 15 of the FCC rules, which provide for a commons-based approach to certain spectrum bands. Because use of these frequencies does not include the right to exclude other users from that spectrum, the technical protocols in these frequency bands are designed specifically to anticipate interception and interference by others using either the same or entirely different protocols. As almost any Wi-Fi user can attest, it is not uncommon to scan for available Wi-Fi networks and see that there are multiple networks available, each receiving and transmitting signals under a different operator’s control. Users of Part 15 spectrum, therefore, have no reasonable expectation of exclusivity in the use of this spectrum. It follows, then, that users also have no reasonable expectation of privacy in this spectrum, either. If the users are expected to share this analogous “space” with anyone else who might choose to use this spectrum, it would be unreasonable for any user to demand that their own actions stay private within this shared space.
This “license by rule” regulatory framework should be the centerpiece of any legal analysis of whether these types of wireless signal are protected by the Wiretap Act. Part 15 is not the only relevant Part of the FCC rules where this regulatory framework applies — for example, the FCC has used “license by rule” frameworks in Part 95 to govern use of consumer-grade push-to-talk radios, medical telemetry devices, and other types of radios. Courts, therefore, should look to the regulatory regime to determine whether users may reasonably expect exclusivity on the spectrum, in order to determine whether those signals should be protected by the Wiretap Act.
Looking to other authorized users of a given spectrum band would not leave users’ privacy completely unprotected. Technical means exist for securing wireless communications, and the law should continue to presume that even minimal technical encryption or scrambling techniques should grant the Wiretap Act’s legal protections against eavesdropping. Wi-Fi encryption today does not require technical sophistication, and almost any Wi-Fi device is readily configurable for operating on an encrypted network. When a user takes the technically trivial steps of protecting the communications with encryption, that user should have the benefit of legal protection as well. Although the Wiretap Act does not directly have a provision saying that encrypted electronic communications are not “readily accessible to the general public,” other provisions within the Wiretap Act strongly suggest that the line between unencrypted and encrypted communications is an important one.
With these concerns in mind, the courts should apply the following two-factor test when determining whether a wireless electronic communication is “readily accessible to the general public”:
1. Does the user whose privacy interest is at stake have an expectation of exclusive use of the spectrum, under the FCC licensing regime for the spectrum band at issue?
2. Do the signals at issue use any technical means for obscuring or otherwise protecting the contents from eavesdropping?
Applying this test to unencrypted Wi-Fi communications would lead courts to the conclusion that unencrypted Wi-Fi communications are “readily accessible to the general public,” and therefore not protected by the Wiretap Act. Moreover, this test would largely be future-proof, and would still be a valid method of analysis as new communication technologies are developed, as the FCC passes new or amended rules, and as society’s adoption and use of technologies change over time.
The trial court and the appellate court will probably grapple with these issues over the next year or so, and the precise contours of the rulings will have broad effects on anyone who works in wireless security research. As a result, it’s important that the courts get this question right.
 See Joffe v. Google, 729 F.3d 1362 (9th Cir. 2013), amended and superseded by Joffe v. Google, 2013 WL 6905957 (9th Cir. Dec. 27, 2013).
 See, e.g., Securing Your 802.11n Wireless Network, Netgear, http://kb.netgear.com/app/answers/detail/a_id/112/~/securing-your-802.11n-wireless-network-%3A-use-wpa2-or-get-a-slow-connection (Oct. 1, 2010) (instructions for configuring a common consumer router/access point); Set Up a Security Key for a Wireless Network, Microsoft, http://windows.microsoft.com/en-us/windows/set-security-key-wireless-network#1TC=windows-7 (last visited Feb. 22, 2014) (instructions for configuring a Windows computer for an encrypted Wi-Fi connection); iOS and OS X: Recommended Settings for Wi-Fi Routers and Access Points, Apple, http://support.apple.com/kb/ht4199 (last updated Jul. 24, 2013) (instructions for configuring Apple computers, phones, and tablets for connecting to encrypted Wi-Fi networks).
 See, e.g., 18 U.S.C. § 2510(16)(a) (providing that “scrambled and encrypted” radio communications are, as a matter of law, not “readily accessible to the general public”); id. § 2511(2)(g)(v) (distinguishing between unencrypted and encrypted radio communications); id. § 2511(4)(b) (carving out a Wiretap Act exception for intercepting certain types of satellite signals when not “encrypted or scrambled”).