Rights and networksContents

Rights and free Wi-Fi

A critical part of free Wi-Fi use comes when people "agree" to the terms of the provider. A part of the sign-in process they might only see once, this step defines the legal status of the user in every digital interaction that follows.

The terms of popular networks

The most common free Wi-Fi on our walk in Bethnal Green was offered through ‘BT-Wifi-with-FON’. So we took a look at the terms and conditions users agree to when you first connect to the network.

Scroll through BT's T&Cs at 2x speed (Image: IF, CC-BY)

As you would expect, the terms and conditions are really long. They’re hard to understand, and offer an unrealistic consent model for users (for instance, that no-one uses the network to view adult content or connect devices that can be used as a server for a denial of service attack). The relationship with partner company FON is similarly vague.

Agreeing to BT’s terms, means the user also agrees to the terms of other companies who provide marketing and advertising services through BT. They do that using the data BT collect, but it's not clear what that data consists of. Does it include the information shared when a user signs up to the service? Is that linked to the data collected during browsing? It’s also not specific about what the browsing data includes, just that it covers a broad range of it.

Without making a freedom of information request, it’s impossible to know exactly what information is being collected. It’s therefore impossible to understand what BT do with users data, or what they might do with it in the future.

A phone showing our prototypes interface with a list of Wi-Fi network names around it.

BT Wi-Fi were the most recorded Internet Service Provider (Image: IF, CC-BY)

Legal friction is emerging

It’s also not the only legal framework someone browsing the internet is subject to. New legislation, like the Investigatory Powers Act or the EU General Data Protection Regulation (GDPR), will change what telecommunication companies have to collect and how they handle data.

One clause in the act requires all ISPs (like BT) keep a record of every site that a person visits for 12 months. At the same time, GDPR gives people the power to move or request deletion of their personal information. How these will work alongside one another, and what types of information each covers, is extremely vague. These grey areas leave people unsure about who gets access to what information, how such information might be used to make judgements and determinations about them, and how this might change in the future.

For as long as the terms and conditions design pattern is used, people will be left in the dark about what happens to their data. Only now are policies and laws like the General Data Protection Regulation emerging which mandate that people should be made aware of how date about them is used, stored and sold.

But these laws aren't universal. Until they're enforced widely businesses will continue to transfer risk to people who use their services. But this can change.