Solomon Islands Public WiFi: Connectivity, Security & Digital Privacy Laws

Broadband Infrastructure in Solomon Islands

Internet connectivity in the Solomon Islands has seen significant improvements, primarily driven by the introduction of the Coral Sea Cable System (CSCS). This submarine fiber optic cable, which became operational in 2020, directly links Honiara to Sydney, Australia, drastically increasing bandwidth and reducing latency for the nation. Before the CSCS, the Solomon Islands relied heavily on satellite connections, which were costly and slow. While the submarine cable has boosted international capacity, the distribution of this high-speed internet across the archipelago remains a challenge.

Fixed-line broadband, mainly ADSL and some fiber-to-the-home (FTTH) services, is largely concentrated in the capital, Honiara, and a few other major provincial centers. Its penetration outside these urban areas is very limited. For remote islands and rural communities, satellite internet and mobile broadband often remain the only viable options, albeit at higher costs and sometimes slower speeds.

Mobile Network Operators (MNOs) and 5G Rollout

The Solomon Islands' mobile telecommunications market is dominated by two primary Mobile Network Operators (MNOs):

1. Our Telekom (Solomon Telekom Company Limited): This is the incumbent and largest operator, providing extensive coverage across the islands, including many rural areas. Our Telekom offers 2G, 3G, and 4G/LTE services, with 4G concentrated in Honiara and other significant towns.
2. Bmobile-Vodafone Solomon Islands: A joint venture, Bmobile-Vodafone provides competitive mobile services, also offering 2G, 3G, and 4G/LTE. Their coverage is generally strong in urban centers and more populated regions, often competing directly with Our Telekom in terms of data speeds and pricing.

As of late 2023/early 2024, a widespread 5G rollout in the Solomon Islands is not yet a reality. The focus for both MNOs remains on expanding and enhancing their 4G/LTE networks to provide better coverage and faster speeds to more of the population. While trials or limited deployments might occur in the future, travelers and residents should primarily expect 4G/LTE as the fastest available mobile internet standard.

Tourist SIM Card Advice

For visitors to the Solomon Islands, purchasing a local SIM card is highly recommended for reliable and affordable connectivity. Both Our Telekom and Bmobile-Vodafone offer prepaid SIM card packages tailored for tourists and short-term visitors.

1. Where to Buy: SIM cards can be purchased upon arrival at Honiara International Airport (Henderson Field - HIR) from dedicated kiosks or stores, as well as from official operator stores and authorized resellers in Honiara and other main towns. Look for prominent branding for Our Telekom or Bmobile-Vodafone.
2. Registration Requirements: You will typically need to present your passport for identification when purchasing a SIM card, in compliance with local telecommunications regulations. Ensure your phone is unlocked to accept a local SIM.
3. Top-Up and Data Packages: Both operators offer various top-up options (scratch cards, electronic top-ups) and data bundles. It's advisable to inquire about current data packages that offer the best value for your intended usage, as promotions and plans can change. Data packages usually range from daily to monthly validity periods.
4. Coverage: While urban areas like Honiara have good 4G coverage, expect coverage to be spottier or drop to 3G/2G in more remote islands or during inter-island travel. Our Telekom generally boasts a wider, though not always faster, network footprint across the scattered islands.

Having a local SIM ensures you have access to local calls, SMS, and crucial internet connectivity for navigation, communication, and emergencies during your stay.

Data Privacy Laws in Solomon Islands

Unlike many developed nations, the Solomon Islands does not currently possess a comprehensive, standalone data protection law akin to the European Union's General Data Protection Regulation (GDPR) or similar legislation found in other Commonwealth countries. This means there isn't a specific statute governing the collection, processing, storage, and transfer of personal data across all sectors.

However, this does not imply a complete absence of privacy considerations. Privacy is generally protected through common law principles, which can be invoked in cases of egregious misuse of personal information. Furthermore, the Constitution of Solomon Islands guarantees fundamental rights and freedoms, including freedom of expression, though a direct right to data privacy is not explicitly enumerated. Specific sectors, such as banking or telecommunications, might have internal policies, licensing conditions, or industry-specific regulations that impose certain obligations regarding customer data. For instance, telecommunication providers are typically required to protect subscriber information under the terms of their operating licenses. Businesses operating within the Solomon Islands are increasingly encouraged to adopt international best practices for data protection, not only for ethical reasons but also to align with global standards, especially if they handle data from international clients or partners who are subject to stricter foreign privacy laws.

Data Retention Mandates

In the absence of a comprehensive data protection law, there are no broad, explicit statutory data retention mandates that apply uniformly across all industries in the Solomon Islands. However, certain sectors or specific legal requirements may necessitate data retention for particular purposes:

• Telecommunications: Telecom operators (like Our Telekom and Bmobile-Vodafone) are often required by their operating licenses or under the direction of law enforcement agencies to retain certain subscriber data, call records, and internet usage logs for a specified period. This is typically for national security, crime prevention, and investigation purposes.
• Financial Institutions: Banks and other financial service providers are subject to anti-money laundering (AML) and counter-terrorism financing (CTF) regulations, which mandate the retention of customer transaction data and identification records for several years.
• General Business Practices: While not legally mandated, many businesses retain customer data for operational reasons (e.g., warranty, customer service, billing) or for tax and accounting compliance. The duration of such retention is usually dictated by internal policy or sector-specific best practices rather than a general law.

Breach Notification Rules

Similar to data retention, there are no overarching statutory breach notification rules in the Solomon Islands that compel organizations to report data breaches to affected individuals or a regulatory authority. This means that if a business experiences a data breach, there is no general legal obligation to disclose it.

However, despite the lack of specific legislation, businesses may still be compelled to notify in certain circumstances:

• Contractual Obligations: If a business processes data on behalf of an international client, their contract might stipulate breach notification requirements in line with the client's domestic laws (e.g., GDPR, CCPA).
• Reputational Risk: Many companies choose to notify affected individuals out of good faith, to maintain customer trust, and to mitigate reputational damage, even without a legal mandate.
• Sector-Specific Directives: In highly regulated sectors like banking, there might be directives from the Central Bank or other regulatory bodies that encourage or require reporting of significant security incidents that could impact customers.

Government Censorship and Internet Restrictions

Generally, the internet in the Solomon Islands operates with a relatively high degree of freedom compared to some other nations in the region or globally. There is no evidence of widespread, systematic government censorship or filtering of internet content. Social media platforms and international news sites are typically accessible.

However, the government does retain the power to issue directives that could lead to restrictions, especially in times of national emergency, civil unrest, or for content deemed offensive or illegal under existing laws (e.g., defamation, incitement to violence). While outright internet shutdowns are rare, there have been instances where the government has expressed concerns over online content, particularly during periods of political sensitivity or social tension. Telecommunication providers operate under licenses that include provisions for cooperation with law enforcement and government directives, which could potentially be used to request content blocking or monitoring. Nevertheless, for the average user, internet access remains largely unfettered by government restrictions on content.

Captive Portal Legality and Best Practices for Venues

For cafes, hotels, and other venues offering public WiFi in the Solomon Islands, implementing a captive portal is not just a technical convenience but also a crucial legal and operational best practice. While there isn't specific legislation in Solomon Islands mandating captive portals, they serve several important functions:

1. User Agreement & Acceptable Use Policy (AUP): A captive portal allows you to present an Acceptable Use Policy (AUP) that users must agree to before accessing the internet. This AUP should clearly outline what activities are prohibited (e.g., illegal downloads, spamming, harassment). By requiring agreement, the venue can mitigate its liability for illicit activities conducted by users on its network.
2. Identity Logging: A captive portal can facilitate the collection of user identification (e.g., name, email, room number for hotels) or a unique login token. This logging is vital for tracing back problematic activities to specific users, should law enforcement require it.
3. Compliance: Although no direct data retention laws for public WiFi users exist, collecting basic access logs (MAC address, connection time, IP address assigned) is a prudent measure that aligns with general telecommunications monitoring principles and aids in potential investigations.

Collecting Guest Data for WiFi Access

Collecting guest data via public WiFi presents a balance between security, operational needs, and privacy. Given the lack of comprehensive data protection laws in Solomon Islands, venues should adopt a 'data minimization' approach:

• Collect Only Necessary Data: For a cafe, an email address or agreement to terms might suffice. For a hotel, linking WiFi access to a room number or guest name is more practical for security and billing.
• Purpose Limitation: Clearly state the purpose of data collection (e.g., network security, service improvement, legal compliance). Do not use collected data for unrelated marketing without explicit consent.
• Data Security: Implement robust security measures to protect any collected personal data. This includes encryption for data in transit and at rest, strong access controls, and regular security audits. A data breach, even without specific notification laws, can severely damage a venue's reputation.
• Retention Period: Retain data only for as long as necessary for its stated purpose or as required by any sector-specific regulations (e.g., for financial transactions). Establish clear data retention policies.
• Transparency: Inform users what data is collected, why, and how it's protected, ideally within the AUP presented on the captive portal.

Liability for Illegal Guest Downloads

Determining liability for illegal guest downloads (e.g., copyright infringement) on a venue's public WiFi network in Solomon Islands can be complex due to the absence of specific legislation. However, general legal principles suggest that while the venue may not be primarily liable for the actions of its users, it could face indirect consequences:

• Aiding and Abetting: If a venue is found to be knowingly facilitating illegal activities, or if it has been grossly negligent in securing its network or monitoring its use, it could potentially be seen as aiding and abetting.
• Acceptable Use Policy (AUP): A strong AUP, clearly displayed and agreed upon via a captive portal, is your first line of defense. It demonstrates that the venue has taken reasonable steps to prevent misuse.
• Logging: Maintaining logs of who accessed the network and when (via the captive portal) allows the venue to identify the user responsible for illegal activity, shifting direct liability from the venue to the individual user.
• Cooperation with Authorities: In the event of a complaint or legal request, venues should cooperate with law enforcement, providing access logs and any other relevant information to identify the perpetrator. Failure to cooperate could lead to legal complications.
• Reputational Damage: Beyond legal liability, allowing illegal activities on your network can lead to negative publicity and damage your brand reputation. Proactive measures, including a secure network and clear policies, are essential for mitigating these risks.

Avoiding Evil Twin Spoofing in Solomon Islands

When connecting to public WiFi in the Solomon Islands, be highly vigilant about “Evil Twin” spoofing. An Evil Twin is a malicious WiFi hotspot designed to mimic a legitimate one (e.g., "Hotel_Name_Free_WiFi" or "Airport_WiFi"). When you connect to it, the attacker can intercept all your internet traffic, including sensitive information like passwords and financial details.

How to protect yourself:

• Verify Network Name: Always confirm the exact name of the WiFi network with staff (e.g., hotel reception, cafe manager) before connecting. Malicious networks often have similar but slightly altered names.
• Look for Encryption: Legitimate public WiFi networks often use WPA2 or WPA3 security. If a network shows no security (open network) or uses outdated WEP, be extremely cautious.
• Avoid Generic Names: Be wary of networks with generic names like "Free WiFi," "Public WiFi," or "Internet Access" that aren't clearly associated with a specific venue.
• Disable Auto-Connect: Turn off your device's auto-connect feature for WiFi. Manually select and verify networks each time.
• Use a VPN: A Virtual Private Network (VPN) encrypts your internet traffic, making it unreadable to anyone trying to intercept it, even if you accidentally connect to an Evil Twin.

The Importance of Using VPNs

Given the general lack of robust data privacy laws and the inherent security risks of public WiFi in the Solomon Islands, using a Virtual Private Network (VPN) is a crucial step for protecting your digital privacy and security.

Benefits of using a VPN:

• Encryption: A VPN encrypts all your internet traffic from your device to the VPN server. This means that even if someone intercepts your data on an unsecured public WiFi network, they won't be able to read it.
• Anonymity/Privacy: Your real IP address is masked, and your online activities are routed through the VPN server, making it harder to track your location and browsing habits.
• Bypassing Geo-Restrictions: While less common for the Solomon Islands, a VPN can allow you to access content or services that might be geographically restricted by making it appear as if you're browsing from another country.
• Secure Transactions: When conducting online banking, shopping, or accessing sensitive accounts, a VPN adds an essential layer of security, especially on public networks.

Tips for choosing a VPN:

• Reputable Providers: Choose a well-known, trusted VPN provider with a strong no-logs policy.
• Server Locations: Opt for a VPN with servers in locations relevant to your needs.
• Security Features: Look for strong encryption standards (e.g., AES-256) and features like a kill switch.

Identifying Secure Hotspots

Beyond avoiding Evil Twins and using a VPN, there are other ways to identify and utilize secure hotspots in the Solomon Islands:

• WPA2/WPA3 Encryption: Always prioritize WiFi networks that use WPA2 or, ideally, WPA3 encryption. These are the current industry standards for securing wireless networks. Avoid open, unsecured networks whenever possible.
• HTTPS Protocol: When browsing websites, always check for "https://" in the URL, which indicates an encrypted connection between your browser and the website. Most reputable websites, especially those handling sensitive data, use HTTPS by default.
• Official Venue Hotspots: Stick to WiFi networks provided by reputable establishments like major hotels, well-known cafes, or official government/tourism centers. These are more likely to have properly configured and secured networks.
• Use Your Mobile Data: If you're unsure about the security of a public WiFi network, consider using your mobile data (via a local SIM card) for sensitive transactions. Your mobile network connection is generally more secure than an open public WiFi hotspot.
• Keep Software Updated: Ensure your device's operating system, web browser, and all applications are up to date. Software updates often include critical security patches that protect against vulnerabilities.
• Firewall & Antivirus: Maintain an active firewall and up-to-date antivirus software on your devices, especially when connecting to public networks.