For years, legal ethics attorneys and many other experts have warned about the dangers of using free Wi-Fi, and Starbucks has become the poster child for the dangers of logging into unsecured and unprotected computer networks. With its recent Opinion in Commonwealth v. Dunkins, the Pennsylvania Supreme Court has issued clear advice and a clear warning that users, including criminals, have no privacy rights when they check the box and log into a free unsecure network.
For criminals, this decision means that law enforcement does not need a search warrant to view the information being transmitted.
For civil litigants, this decision means that users of free Wi-Fi are fair game for anyone trying to see what they are saying, doing or sending.
For everyone else, this decision also means that users of free Wi-Fi are fair game for anyone trying to see what they are saying, doing or sending.
But for lawyers, it means that confidential or sensitive information about clients and others - information that lawyers are required to keep confidential under the Rules of Professional Conduct - is not confidential when using the free Wi-Fi at Starbucks and so many other places.
Listen to techno-ethics attorney and technologist Daniel J. Siegel as he outlines the dangers of using free Wi-Fi and why this Pennsylvania Supreme Court decision is a game changer.
Hello. Welcome to the Legal Tech Podcast. I'm your host, Dan Siegel, and today's episode is going to discuss why free WiFi is dangerous, not just for criminals, but for everyone one else as well. Because when you use free WiFi, you're giving up your Privacy. So let's talk about that. But first, let me mention and thank our sponsors, which are Integrated Technology Services LLC, and the law offices of Daniel J. Siegel LLC, which are sponsors of this and all of the Legal Tech podcasts. We cover everything from law to ethics and technology. Today's podcast covers all of those issues. What we're going to talk about is a Pennsylvania Supreme Court case in the matter of Commonwealth of Pennsylvania versus Dunkins, a case decided by the Pennsylvania Supreme Court on March 9, 2021. But before I get to the case itself, let me explain why we're here and why this podcast matters to everyone, not just criminals. Whenever you use free WiFi and we hear about it all the time, we hear about don't use the Starbucks WiFi, but what we're really talking about is free WiFi WiFi that you get in public places or in a hotel or in a restaurant or any of those places. Typically, when you go to those places and decide that you're going to communicate or download information or send information using the free WiFi, you are checking a box, and that box will say you agree to our Privacy policy. And let's be honest, most of us, if not all of us don't really read that well, not reading that can have implications for lawyers for criminals and for everyone else. Because typically speaking, when you don't read that information, you don't realize that you have no Privacy on that information. And anyone else who's eavesdropping on that network. And it's really not hard to eavesdrop on a public WiFi network can see your information. Criminals can steal your information. We know in Pennsylvania and probably pretty much everywhere that the police are going to be able to access that information. As the Pennsylvania Supreme Court made clear. And for lawyers, we have an obligation to maintain confidential information and sensitive information and information relating to clients under the rules of professional conduct. And when you're using free WiFi to transmit or discuss information relating to your clients, you are doing so in a non confidential manner. That's dangerous. That could lead to legal consequences, so that if your client is communicating with you through free WiFi, their communications could be eavesdropped. In fact, someone could set up your client to provide that information. For example, if a client was sent to what's called an independent medical exam and they log into that free WiFi, and then they are communicating with you. The insurance company or the independent medical exam provider could actually be eavesdropping. And based on this decision, which I agree with from the Pennsylvania Supreme Court, there's nothing you can do. So let's talk about Alkiohn Dunkins, who is the subject of Commonwealth v. Dunkins, a case decided by the Pennsylvania Supreme Court on March 9, 2020, was decided on November 17, 2021 was argued in March of 2021. And here's what happened. The court decided to hear this case because the issue was whether a trial court should suppress which means exclude evidence of records that police obtained without a warrant from the Information Technology Department, the It Department of Moravian College through their wireless Internet network. The reality was that two individuals tried to gain access into dorm. They stole information, they stole items from the dorm, and the College was asked to compile a list of people logged into the WiFi in the building where the robbery occurred that included three students and others as well. The information was sent to a Detective in the Bethlehem Police Department, and they were able to discover who was involved in the robbery and other information as a result of that search or that information provided to the police without a warrant. And during the hearing, the testimony about whether the information had to be suppressed was explained that College students access that network by entering their individual usernames and passwords. You don't even have to do that at a lot of free WiFi, and students could have their devices automatically log onto the network without having to re enter their username and password. But when you agreed to log into that network, the policy provided that you were agreeing that any data transmitted over any of the College's connections were included in your waiver of Privacy rights and the waiver. The checkbox that either no one reads or you don't care about said that users cannot and should not have any expectation of Privacy with regard to any data documents, electronic mail messages or other computer files created or stored on computers within or connected to the institution's network. That Privacy policy that you check off without reading also said that all Internet data composed, transmitted or received through the Internet's computer system is considered part of the institution's records and as such, subject at any time to disclosure to institutional officials, law enforcement, or third parties. Basically, they could give that information to anyone, let anyone see it, and you were giving up that right. The Intermediate Appellate Court, the Superior Court, said that a search warrant was needed. The Pennsylvania Supreme Court, in an opinion by Justice Docratey, disagreed, and the court made it very clear that in these circumstances, by agreeing to use that WiFi network, any right to Privacy had been given up, the court's language could not have been clearer. And what's important isn't so much that the case applied to this particular criminal, but to the fact that there was no expectation of Privacy. And if a criminal doesn't have an expectation of Privacy, neither does anyone involved in any other kind of civil or other matter. And that's what happens when you check off those boxes. Don't read them or don't care about the consequences because it's just easy or as many of us have heard. After all, it's just the Internet and what could happen. Well, the Court disagreed. And in his opinion, Justice Dougherty said that by agreeing to the computing resources policy and logging onto that WiFi network on his cell phone, the individual specifically agreed that he cannot and should not have any expectation of Privacy with regard to any data created or stored on computers within or connected to the institution's network. The criminal defendant also agreed that all Internet data composed, transmitted or received through the institution's computer system as part of the institution's record and is subject to any time to disclosure to institutional officials, law enforcement, or third parties. The court then concluded these acts by the appellant. The criminal defendant provide clear intent, clear desire, or agreement to relinquish any purported expectation of Privacy in the WiFi connection records. The court also noted that this abandonment by the criminal defendant was voluntary, as it is for all of us. When we just check the free WiFi box at whatever store or place we happen to be, the court said, even though he was required to agree to the policy before enrolling at the College, that defendant, that individual agreed to the consequences of the policy by logging into or otherwise connecting to the campus's network. He did that voluntarily, and as a result, the information was available without a search warrant to the police. Think about it. He could have chosen not to log into that network and used his data plan through his cell phone. He could have purchased or used a jet pack or a hotspot as they are called, which would have been secure and would have protected his Privacy. We all could do that. It's why when I lecture to other attorneys or the public about these types of issues, I explain when I'm traveling, I have a jet pack that I use and my phone has a data plan that's unlimited so that when I'm communicating about client or office information from either the law offices of Daniel J. Siegel or Integrated Technology Services, I can easily know that that information is secure. It's encrypted, which means it's protected from eavesdropping. But if I'm at a hotel and I want to watch a movie, I'll use their free WiFi. Why? Because watching a movie isn't giving up any private information. I'm not logging into my bank. I'm not doing anything where information that I want to keep private needs to be kept private. So in Commonwealth v. Dunkins, the Pennsylvania Supreme Court has affirmed what many of us in the legal ethics community have been saying for years and years and years. You have no expectation of Privacy, nor is information that is transmitted through free WiFi networks subject to any Privacy rights or concerns. In Pennsylvania, we now know criminals who agree to those policies have no Privacy rights. The police don't need to get a search warrant. That also means that if the police don't need to get a search warrant, neither does anyone else who's trying to find out what you are saying, what you are doing or what you are sending. Commonwealth v. Dunkins is a case that will likely be cited all over the country for its clear and correct decision, and it also affirms don't use free WiFi for any confidential or sensitive information for attorneys. You're violating your obligations under the rules of professional Conduct and the rules of confidentiality apply everywhere in the country. I want to thank you. I'm Attorney Dan Siegel and I operate the offices of Daniel J. Siegel LLC and Integrated Technology Services LLC. We provide ethical, techno, ethical and professional disciplinary advice and guidance through our law firm and our technology firm provides workflow and technoethical guidance to ensure that your offices are fully compliant with the rules of professional conduct. You can reach us at danieljsiegel. Com D-A-N-I-E-L-J-S-I-E-G-E-L. Com or tech lawyergy T-E-C-H-L-A-W-Y-E-R-G-Y. Com. Thank you again. Bye. We hope you enjoyed this program.