All major news sources this morning are running the story of Jammie Thomas, the Minnesota woman who was the first to take the RIAA illegal file sharing accusations to court, and the jury judgment of $220,000 against her and in favor of the recording industry. [WaPo]
I will not comment on the merits of this lawsuit. Instead, I will mention one of Ms. Thomas’ defenses and its merits. During trial, Thomas defended on the ground that someone else was using her Internet connection. Her lawyer suggested in his questioning that someone other than Thomas — someone outside her window, or a neighbor — could have been responsible if she used a wireless router. That could have allowed anyone nearby to utilize her Internet connection, using the same IP address that led the record companies to Thomas.
If the jury had believed this possibility, they would not have found against Thomas. And this may be because of the specifics of this case - Thomas used the same login name in her P2P file sharing software as she used to login to her computer and myspace. If you are a neighbor stealing bandwidth, would you still use your neighbor’s unique login name to connect to file sharing services? Would you even know what the login name is? In theory, this information should be easily obtainable but I cannot think of a good motive to use such login name except maybe malice.
Seems like the "open wireless" defense becomes a staple for all cybercrime defense lawyers - it casts a shadow of a doubt on whether the defendant was the one actually using the connection at the time of the alleged wrongdoing. Almost every home now has a wireless router and there are statistics out there suggesting that a large portion of them have no or weak protection at all. (See more on wireless protection here.) But the Minnesota case shows that not every case is appropriate for this defense. In addition, at some point courts and juries may decide that if it is your wireless access point, you are responsible for what goes through it, with or without your knowledge. Currently the state of law is such that we are far from wireless point strict liability, but after a sufficient number of cases where such this defense is rejected, its usefulness may be zero.