Netherlands

[NL] Dutch Court of Appeals Declares WiFi Hacking Legal

IRIS 2011-5:1/33

Kevin van ‘t Klooster

Institute for Information Law (IViR), University of Amsterdam

On 9 March 2011 the Court of Appeals of the district of The Hague (Court of Appeals) issued a judgment in a case regarding the question of whether breaking into an encrypted router and using the Wi-Fi connection is a criminal offence under Article 138ab of the Dutch Criminal Code.

The decision of the Court of Appeals relates to the case of a high school student who posted a threat on the Internet message board 4chan.org in which he declared his intention to begin a shooting spree at his high school, the Maerlant College in The Hague. He posted this threat using a Wi-Fi connection he had hacked into by bypassing an encrypted router. Even though the student was convicted to twenty hours community service for posting this threat, he was acquitted of the charges relating to bypassing an encrypted router and using the Wi-Fi connection.

The Court of Appeals ruled that the student did not break into a computer, but merely into the encrypted router. Article 138ab (1) of the Dutch Criminal Code states that it is illegal to break into an automated work (hereinafter: computer) or a part of an automated work if access to that work is granted, inter alia, by breaching the security or by using technical measures. According to Article 80sexies of the Dutch Criminal Code, a computer is defined as a machine that is used for data storage, processing and transmission. The Court of Appeals ruled that a router cannot be regarded as a computer, since it is only used for the processing and transmission of data and not for storage of data. Therefore, breaking into an encrypted router - which cannot be regarded as a computer - is legal under Dutch Criminal Law.

The decision also touches upon the topic of piggybacking or free-riding on open Wi-Fi networks. In some countries even piggybacking on open Wi-Fi networks in public places such as bars and hotels is deemed illegal. The ruling of the Court of Appeals, however, confirms that piggybacking is not a criminal offence, since it does not involve breaking into a computer, but merely using the router to gain access to an open Wi-Fi connection.

The case has stirred up a lot of controversy within the Dutch legal community. The Dutch Attorney General has decided to appeal the verdict of the Court of Appeals. Hence, the High Court of the Netherlands will review the case within two years to rule on whether a router can be defined as a computer under Dutch Criminal Law.