Tear Down This Wall: Why Open WiFi Is Safer Than You Think
After moving my couch into my new apartment in Los Angeles’ Silver Lake neighborhood, it took about five minutes before I was supine on the thing and looking for internet access. The cable company said it would take a few days for them to set up my wireless, so I was depending on the kindness of strangers. To my delight, there were dozens of connections within reach. To my dismay, however, not a single one of them was open, forcing me to head downstairs to a nearby coffee shop to get some work done.
Trudging to the café, I stopped to think, What is it with people and their wireless connections? It’s 2011 and the sharing economy is stronger than it’s ever been. We have car-sharing programs, bike-sharing programs, and community agriculture projects. Sites like CouchSurfing.org even get people to open up their homes to perfect strangers based on the idea that the globe is to be explored and shared with fellow travelers. And yet when it comes to WiFi connections, people go instantly hermetic.
To figure out whether their fears are founded, I called up some computer security experts.
“It’s something that makes people wary,” says Gene Spafford, a computer science professor at Purdue University, “and for good reason.” Spafford, a computer security pioneer who made a name for himself by scrutinizing one of the internet’s first malware worms (PDF), is well aware of the damage to which unprotected computers—and thus unprotected lives—are susceptible.
“There are two problems with open WiFi,” says Spafford. “One of them is that someone can use your network to access your personal information, which is what concerns most people. But the other is that someone can inject information into your network, and that can be just as bad, if not worse.”
What Spafford means by “inject” is a scenario in which a stranger uses your wireless connection to upload child pornography to the internet, or to launch a denial-of-service attack on a website. Were that to happen on your WiFi network, the trace back is going to lead to your router, and with that trace usually comes well-armed FBI agents. “This isn’t just some academic threat,” says Spafford. “A case like this happened very recently in Buffalo.”
The case Spafford is referencing happened in March, when a team of law enforcement officers with assault weapons awakened a New York man early in the morning. The police grilled him for hours and searched his laptop, eventually confiscating it, his iPads, and his and his wife’s cell phones. Throughout the ordeal they called him a “pedophile” and a “creep,” which is when it hit him—it was his new wireless router; he hadn’t password-protected it.
“As a practical matter, nobody gets convicted on that kind of information alone,” says Eric Rachner. A Seattle-based security expert, Rachner is perhaps most famous for catching Seattle police in a lie when they illegally arrested him in 2008 and then claimed to not have key video evidence that would exonerate him. By day, he is also an executive at Déjà Vu Security, which assists clients around the world with tightening their technological guard. Rachner says that not only are incidents like the one that happened in Buffalo exceedingly rare, they also have no real chance of getting the average citizen into trouble.
“What happens is some investigator who’s chasing down a hacker observes that it’s coming from this address,” says Rachner. “That’s all he knows. And so then he goes and secures a warrant and turns some poor bastard’s apartment and computer inside out and finds—nothing. They’re going to have to cut the guy loose.”
In fact, that’s exactly what happened to the suspected pedophile in Buffalo. Three days after the authorities ransacked his home and technology, police returned his computers and arrested his 25-year-old neighbor, charging the young man with distributing child pornography. The lesson, says Rachner, is “if you’re not doing anything illegal, you’re not going to get in trouble.”
According to experts, you’re also unlikely to get in trouble on an open WiFi connection if you take some basic security precautions before going online. Bruce Schneier is a security guru with decades of experience—“He’s been at this awhile,” says Rachner—and even he keeps an open wireless network at his home. “To me, it's basic politeness,” Schneier wrote in 2008. “Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea.”
What makes this man who knows the ins and outs of computer hackery so willing to open up his internet connection? Simple: He protects himself. “For the record, I have an ultra-secure wireless network that automatically reports all hacking attempts to unsavory men with bitey dogs,” he wrote in 2006. By taking some easy precautions, Schneier is able to offer up his wireless to his neighbors while also sleeping soundly. Just last month, even after the Buffalo incident, Schneier insisted on his blog that he won’t lock up his WiFi.
“If you’re just some guy on a home network with just one laptop, your home network is not going to be any more dangerous than doing some work at a coffee shop, even if you leave it wide open,” says Reicher. “I wouldn’t leave three desktops running 24-7 on an open connection, but the vast majority of people don’t do that.”
None of the experts recommended major businesses run an open WiFi network, and all of them acknowledged there was some danger associated with the practice. Still, they all said that normal security measures could mostly ensure that your open network would be as safe as your average internet café.
Last month the Electronic Frontier Foundation, a nonprofit dedicated to ensuring digital freedom, called for “a political and technological ‘Open Wireless Movement’ to reverse the degradation of this indispensable component of the Internet's infrastructure.” Wrote the EFF’s Peter Eckersley, “opening … WiFi is the socially responsible thing to do.”
Eckersly noted that some technology is already prepared for a more open world, like WiFi routers through which you can share some bandwidth while also keeping an encrypted WPA2 network that gets priority over the open network. Not all routers do this, but some do, and that’s a step in the right direction.
Standing in the way of such sharing, of course, are the major internet service providers, which make a killing when every individual resident of an entire apartment building pays for their own WiFi connection. To keep the racket going, companies like Comcast have made it a breach of contract to share wireless with your neighbor, saying “restricted” usage includes “[making] available to anyone outside the Premises the ability to use the Service (for example, through wi-fi or other methods of networking), in whole or in part, directly or indirectly.” In other words, sharing is forbidden.
In living in close proximity to one another, Americans take risks all the time. Our children are exposed to germs from other children, our cars and their passengers are less safe on congested roads, and in bigger cities, street crime is a very real danger. Nevertheless, we deal with these threats because we’ve come to understand that a sense of community—a sense of shared growth—is often preferable to being isolated. If we don’t reflect this ideal in our technological practices, we don’t just do a disservice to our communities; we also do a disservice to the grand notion that the internet will one day unite everyone. And we'll continue to unnecessarily send our disconnected friends and neighbors downstairs to the nearest coffee shop.
photo via Flickr user roland