A Michigan man, Sam Peterson II, was arrested after he was found parked outside of a Grand Rapids cafe, wirelessly surfing the web via the cafe's open WiFi network from his car.
An article describing the incident on a local TV station's website states that "Piggybacking - using someone else's WiFi without their permission - isn't legal." It links to the Michigan law which supposedly prohibits what Peterson did: The Fraudulent Access to Computers, Computer Systems, and Computer Networks Act, clause 752.795 Prohibited Conduct, section 5.
A person shall not intentionally and without authorization or by exceeding valid authorization do any of the following:
(a) Access or cause access to be made to a computer program, computer, computer system, or computer network to acquire, alter, damage, delete, or destroy property or otherwise use the service of a computer program, computer, computer system, or computer network.
(b) Insert or attach or knowingly create the opportunity for an unknowing and unwanted insertion or attachment of a set of instructions or a computer program into a computer program, computer, computer system, or computer network, that is intended to acquire, alter, damage, delete, disrupt, or destroy property or otherwise use the services of a computer program, computer, computer system, or computer network. This subdivision does not prohibit conduct protected under section 5 of article I of the state constitution of 1963 or under the first amendment of the constitution of the United States.
In point of fact, there is a violation here. In the language of the law, Peterson intentionally and without authorization accessed a computer network to use the service of the network. Now, the intent of the law was to deny malicious access. Peterson was not malicious, just cheap. He could have purchased authorization with a cup of coffee. Or he could have stayed at home to pay for access instead driving to this cafe routinely to surf.
But he didn't. And to arrest him for accessing an unsecured network with no malicious intent or activity itself seems malicious. If the cafe really sought to protect its network, it would rely on more than the passive protection of a law originally enacted in 1979 as a reactionary anti-hacker law. It would rely on encryption and password protection, and would limit access only to its clients.
I wonder how many other jurisdictions have similar legislation.