Partner
Municipal wifi is now live in our home office of Traverse City, Michigan thanks to the efforts of the Traverse City Downtown Development Authority and the Downtown Traverse City Association, an association of downtown merchants and businesses. Revision Legal attorney John Di Giacomo, a board member of the Traverse City Downtown Development Authority, was proud to aid the project by contributing his expertise in the drafting of the acceptable use policy and terms of service agreement for customer-facing aspects of the project. After over two years in the making, it is great to finally see the project come to life.
A public WiFi network is more than a convenience — it is a service that creates legal relationships between the operator and every person who connects to it. Without carefully drafted legal agreements governing that relationship, network operators face significant exposure under federal and state law.
The acceptable use policy (AUP) and terms of service agreement drafted for the Traverse City municipal WiFi project serve several critical legal functions. They define the permitted uses of the network, establish that the network operator is not liable for user conduct on the network, protect against liability for monitoring or failing to monitor user activity, and provide grounds to terminate access for users who misuse the network. These documents are the legal foundation that makes public WiFi viable as a sustainable public service.
Public WiFi operators must navigate a specific set of federal statutes that govern network liability and acceptable use. The most significant of these is the Electronic Communications Privacy Act (ECPA), 18 U.S.C. §§ 2510–2523, which governs the interception of electronic communications. Network operators who monitor user traffic — even for legitimate network management purposes — must ensure their practices comply with ECPA’s requirements or risk criminal and civil liability.
The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, also applies to users of public networks. Users who access computer systems without authorization — including using a public WiFi network to attack other systems — can face federal criminal prosecution under the CFAA. An AUP that explicitly prohibits such conduct and puts users on notice of applicable law strengthens the network operator’s position and establishes user awareness as a matter of record.
Section 230 of the Communications Decency Act, 47 U.S.C. § 230, provides critical protection for interactive computer services — including network operators — from liability for content that users transmit through their networks. Courts have broadly interpreted Section 230 to protect operators who do not directly create or control the content at issue. A properly drafted AUP reinforces the operator’s status as a passive conduit rather than a publisher of user content, strengthening the Section 230 shield.
Every public WiFi network necessarily collects some data about its users — at minimum, device identifiers and connection times. Depending on the network’s design and any registration or authentication requirements, the network may collect far more, including email addresses, names, browsing history, and location data.
Network operators must clearly disclose in their terms of service what data they collect, how they use it, how long they retain it, and whether they share it with third parties. This disclosure is legally required for operators subject to state privacy laws — Michigan’s internet privacy statute and federal laws applicable to government operators both impose disclosure requirements — and it is essential to building user trust in the network.
Government entities operating public networks have additional obligations under the Fourth Amendment and applicable state constitutional provisions. Unlike private network operators, government entities must be particularly careful about how they handle user data because their data collection activities may constitute searches subject to constitutional constraints. Law enforcement requests for user data stored by a government network operator require careful legal review before disclosure.
Public WiFi networks are inherently insecure environments. Users who transmit sensitive information over unencrypted public networks assume real risks of interception. A well-drafted AUP and terms of service will include clear disclaimers that the network operator does not guarantee the security of communications made over the network, is not responsible for user data that is intercepted by third parties, and strongly recommends that users employ encryption and VPN services for sensitive communications.
These disclaimers, properly incorporated into a browsewrap or clickwrap agreement presented to users at login, have been upheld by courts as enforceable limitations on liability. They do not eliminate all risk for network operators, but they substantially reduce the operator’s exposure to claims from users who suffer harm attributable to the inherent risks of public networking rather than the operator’s own negligence.
The Traverse City municipal WiFi project reflects a broader national trend of downtown development authorities and business improvement districts using public WiFi as an economic development tool. Free, reliable public WiFi attracts foot traffic, encourages visitors to linger in commercial districts, and supports the mobile-first commerce habits of modern consumers. Studies of downtown WiFi deployments consistently show measurable increases in retail sales and business patronage in covered areas.
For businesses located in the coverage area, the arrival of public WiFi is also an opportunity to review and update their own network security practices. With more devices connecting to public networks nearby, businesses should ensure their own internal networks are properly segregated from any public-facing WiFi access points they may offer, and that sensitive business data is protected by appropriate encryption and access controls.
Revision Legal advises municipalities, businesses, and organizations on the full range of legal issues arising from public network deployments, acceptable use policy drafting, data privacy compliance, and internet law. If your organization is deploying a public network or reviewing your existing network’s legal framework, contact our internet lawyers for guidance tailored to your specific situation.
A public WiFi terms of service must balance the legitimate interests of the network operator with the practical reality that most users will not read the agreement before connecting. This creates a tension between the legal goal of obtaining enforceable consent and the user experience goal of making connection as frictionless as possible. The solution most operators adopt is a captive portal — the splash page that appears when a user first connects to the network — that prominently summarizes key terms and requires a click-through before granting internet access.
The captive portal click-through converts a browsewrap agreement (where mere use constitutes acceptance) into a clickwrap agreement (where affirmative action signals assent). This distinction is legally significant: courts are far more likely to enforce terms against a user who clicked a button labeled “I agree to the Terms of Service” than against a user who passively connected to a network where the terms were posted somewhere on a website.
For business improvement districts and downtown development authorities operating public networks on behalf of their member businesses, the terms of service also serve the important function of making clear that the network operator is a distinct entity from individual downtown businesses and that each business’s own terms govern the customer relationships within that business. This prevents customers from attributing network-related issues to individual merchants who may happen to operate near a WiFi access point.
A federal court upheld the FCC’s net neutrality rules, requiring ISPs to treat all internet traffic equally. Here’s what the ruling means for consumers and online businesses.
Read more about DC Court Protects Net Neutrality: What It Means
Business communications may be protected from court discovery by attorney-client privilege or work product doctrine. Here’s when your emails and messages are legally protected.
Read more about Are Business Communications Protected from Discovery?
Anti-SLAPP laws protect defendants from meritless defamation lawsuits designed to silence them. Here’s how anti-SLAPP statutes apply to internet defamation cases.
Read more about Internet Defamation and Anti-SLAPP Laws