Legal and Security Implications of Offering Public WiFi
Legal compliance is an essential aspect of WiFi provision so the Airangel system is designed to protect our clients and customers. Businesses who give out their WiFi password are putting their business at risk and should provide a separate and secure system for guest WiFi. To protect your network, Airangel WiFi provides a secure login process and also separates business WiFi from the guest WiFi.
The European Directive (2006/24/EC) has been implemented in the UK under the Data Retention (EC Directive) Regulations 2009 and the January 2004 the Code of Practice (for voluntary retention of communications data) implemented under the Anti-Terrorism, Crime and Security Act 2001.
Under the above directive, certain types of data are required to be retained necessary to identify end users accessing the Internet. The type of data to be retained is traffic data and location data can trace the source of a communication. Airangel stores this data for our clients in line with the requirements of the regulation on secure Airangel servers.
Examples of relevant data include:
• User ID; name and address; date and time of login and log off
• IP address allocated to a user; MAC Address, originator of the communication;
• The internet service used (“communications data”).HTTP,POP,IMAP,SKYPE etc.
The Home Office would expect such data to be retained for a period of 12 months. As a matter of best practice an establishment should have in place facilities to store and access communications data for a period of 12 months from the date of the data coming into existence.
The purpose of maintaining communications data is to assist intelligence and law enforcement agencies such as the police in their investigation of criminal and terrorist activities.
Copyright Infringement& Illegal Online Activity
The government has now passed the Digital Economy Bill. The Act was designed to implement steps to reduce online copyright infringement by end users. The Act covers illegal downloading of copyrighted material and illegal file sharing. The Act came into law in June 2010 and prescribes obligations to keep end user records to assist copyright owners in identifying, and taking action.
Airangel provide a fully compliant legal intercept service that ensures viruses are blocked (e.g. Cryptolocker) and content that would be deemed inappropriate in a public place is stopped before reaching the user’s device. In addition, Airangel provide our clients with enhanced content filtering through OPENDNS to stop malware.
Law Enforcement Requests for Information
Under the Regulation of Investigatory Powers Act 2000 (RIPA), intelligence and law enforcement agencies such as the police can direct that communications data be provided for the purposes of investigating a crime. It is therefore very important that any communications data that the police or other law enforcement agency may require is stored and capable of being accessed upon receipt of a valid court order for the data.
Data Protection Act 1998
Under the Data Protection Act 1998 any user of Internet access services in a public establishment is entitled to request at any time details of his/her personal information. Failure to securely maintain and make available data to a data subject is an offence and may lead to the imposition of fines by the Information Commissioner. Airangel stores this data for our clients in line with the requirements of the regulation on secure Airangel servers.
Further information on the legal requirements can be found at: Data Retention (EC Directive) Regulations 2009, Schedule of Communications Data to be Retained, Part 3. Specifically 11 (3), the “name and address of the subscriber to whom the IP address was allocated”.
To be clear also, unless a customer seeks explicit positive affirmation from the user (tick box or via T&Cs), this data is not used for marketing purposes and can only be disclosed to a very select list of approved authorities, primarily law enforcement agencies and Government bodies. The data is also only released when a RIPA Request is made through a very secure formal process which requires the signature of either a Police Superintendent or Police Inspector. Fundamentally, we are trying to act responsibly to protect our customer’s brand and reputation by delivering a service that discourages the use of a WiFi service for illegal or immoral activity, and as such, provide a service that allows for the identification, verification and prevention of criminal activity.
Additionally we do all we can to ensure our customers are made aware of their responsibilities.
To give you further reassurance, we have worked with the Metropolitan Police and the Home Office in completing, on behalf of all our customers, a Home Office course for ”Communication Service Providers”.