Austin Police Department announces “Operation Wardrive”

by Gregory Foster

Open Wireless Access Points - security threat?

Open Wireless Access Points - security threat?

Update (Sep 22 @ 1:07pm) – The Austin Police Department has decided to cancel Operation Wardrive and focus on the public education facet of this work. See Mark Boyden’s comment, an email response from APD Chief Art Acevedo. Thanks go to Scott Henson at Grits For Breakfast for his attention to this matter.

Yesterday (September 20th @ 2:46pm CST), KVUE News published an article relaying the Austin Police Department‘s intention to identify open residential wireless access points (WAPs) throughout the city.

Police will soon conduct an operation to find open wireless Internet connections in the city.

The APD Digital Analysis Response Team, or DART, will hold “Operation Wardrive” Thursday, Sept. 22. DART unit members will make contact with residents who have open wireless connections and teach them the importance of securing them.

This raises a number of immediate questions, perhaps the most simplistic and potentially revealing being simply: “why?” The answer to that question appears to be the same answer provided for lots of questions lately: safety.

From the article:

Leaving your wireless network open invites a number of problems:

  • You may exceed the number of connections permitted by your Internet service provider.
  • Users piggy-backing on your internet connection might use up your bandwidth and slow your connection.
  • Users piggy-backing on your internet connection might engage in illegal activity that will be traced to you.
  • Malicious users may be able to monitor your Internet activity and steal passwords and other sensitive information.
  • Malicious users may be able to access files on your computer, install spyware and other malicious programs, or take control of your computer.

The EFF Austin Board of Directors finds nothing wrong with this analysis of the potential risks Internet users undertake when intentionally or unintentionally leaving their wireless access points open for shared use. In fact, we could cite a few more. However, these are much the same risks that Internet users undertake when using ANY shared wireless access point, such as those provided by cafés, public parks, or the Austin Public Library.

Missing from the cited analysis is any recognition of potential benefits to be gained from publicly sharing one’s wireless access point. Lately, the virtues of contributing to any shared commons tends to be overshadowed by fears of bad actors (both real and imagined). For some facts, it’s worth reviewing cryptographer and computer security specialist Bruce Schneier‘s discussion on the virtues and risks of running an open wireless network.

More importantly, missing from the cited analysis is any recognition of the unintended consequences of APD collecting this information. The Austin Police Department is a public agency and is thus subject to the Texas Public Information Act (TPIA), Chapter 552 of the Texas Government Code, which guarantees the public’s access to information in the custody of government agencies. As a result of undertaking “Operation Wardrive” the records generated by that operation are subject to open records requests. That information is potentially valuable to perpetrators interested in undertaking the kind of malfeasance outlined in the KVUE article.

The EFF Austin Board is not interested in this data beyond knowing what is collected and why. We are more interested in the provenance of this Austin Police Department operation, and doing what we can to help APD increase public education about the virtues and risks of running an open wireless access point. To that end, we have decided to file an Open Records request today seeking information on this operation.

“Operation Wardrive” Open Records Request (Sep 21, 2011)

{ 12 comments… read them below or add one }

William Anderson September 21, 2011 at 5:11 pm

Good job, and I look forward to what you learn. As for the “Operation Wardrive” activity, I consider it a total waste of valuable human time and effort, as well as money.

/WLA

Gregory Foster September 21, 2011 at 5:31 pm

Scott Henson over at Grits for Breakfast has a good writeup on this also: “More risk than reward from Austin PD compiling list of open wifi connections”.

Fundamentally, it is unclear how anyone sniffing for wireless networks can reliably associate an open WAP SSID with a particular residence/owner, especially in a densely populated metropolitan area. At least not without the cooperation and assistance of the Internet Service Providers provisioning network access. Curiouser and curiouser.

Peter September 21, 2011 at 9:01 pm

And just how to they plan on identifying the owners and telling them? And what happens when the owner says GTFO my lawn and don’t come back. Fuck, they sue google for “war driving” but its ok for law enforcement to essentially do the same thing??

EyesWideOpen September 21, 2011 at 10:07 pm

The arrogance of APD and Austin City Government is palpable. As is their affinity to spend tax dollars frivolously. Stupid idea, not to mention Big Brotherish. Should have not gotten past the “Here’s an idea stage.” Good grief.

David September 22, 2011 at 7:15 am

Just perhaps they could help the City of Austin fix its Free wi-fi network (750k of was donated by Cisco) It has dead and broken mesh nodes all over the place almost functionally useless. At least they would be doing something productive.
I have at least 5 open waps just from my second story window, they are going to be very busy. Then who is going to show the owners how to setup a password on all their devices and then reset/reconfigure when they forget them.

Nicholas September 22, 2011 at 8:14 am

I would like to know how they specifically identify a resident/citizen as being the owner of the wifi network. In my neighborhood there are about 8 different wifi networks, how do they know which door to go knocking on.

Also what happens if someone doesn’t want their network protected? What advantage does the APD gain by having a list of these people and or networks?

Mark Boyden September 22, 2011 at 11:02 am

Subject: Re: APD Op WarDrive: Unwarranted and Unneeded
Date: Thu, 22 Sep 2011 10:13:45 -0500
From: Acevedo, Art
To: Mark Boyden, Austin City Council
CC: Debbie Russell, Scott Henson, Chiefs of Staff, Anna Sabana

Mr. Boyden,

Thank you for sharing your concerns with me. This WarDrive idea was not approved by APD Executive Staff and in fact has been disapproved. We will be releasing a statement later today. Although the involved unit’s intent was noble (educating the public about the risks to your personal information), a PSA or other educational effort would be much more effective. To place you further at ease, the idea was killed before actual implementation.

Again, thank you for sharing your thoughts. Please feel free to contact me if you have any additional questions or concerns.

Regards,

Art Acevedo
Chief of Police
Chief Art Acevedo
Austin Police Department

*From*: Mark Boyden
*Sent*: Thursday, September 22, 2011 09:44 AM
*To*: Austin City Council, ANC
*Subject*: APD Op WarDrive: Unwarranted and Unneeded

Mayor, Mayor Pro Tem, Members of the Council:

I have recently learned that Austin’s APD is about to go war driving around the city to find open Wi-Fi hot spots to notify owners of their perceived dangers.

Really? Is this a good use of APD resources? Why?

The council just had a long discussion about the need for APD personnel and resources related to the budget. And THIS is how we use our very expensive resources to keep our community safe?

I know (from a recent news article) that violent crime is down 6% in Austin over last year, but burglaries and other such issues continue to be a problem. With the help of our DR’s (about to be promoted and leave us unfortunately), we’ve managed to somewhat tamp down the 80+% increase of burglaries here in Windsor Park, but there is still much work to do on that and other public safety issues that confront our neighborhood and our community at-large.

I see no reason why we would be using these resources to identify open networks. Every bar, every cafe, every coffee house in Austin has one; in fact we (customers) expect it and are disappointed when it doesn’t exist. Many homes have them. There is nothing illegal about it, and these open spots will always be available somewhere. I understand how it could be useful to the internet service providers who’d rather no one share their internet access; is that the reason? Or is it to shut down the access of the public commons?

And what about the data they capture? Will that along with the houses and locations (or even just block info as they currently provide online) be subject to open-records requests? This action seems beyond the purview of the police and a waste of money, personnel, and public safety resources. Crucially, it opens the police data gathered up to information requests (thanks for the favor, officer). What value is this action to the community?

Why can’t it be done like other public safety educational initiatives? And how are the stated risks any different from those when using any public network at the library, coffee house, a cell phone in public, or any other public access?

And what happens next? Will APD take the next step and start war-driving for open cordless telephone and cell phone communications? Those could be just as dangerous as anybody’s wi-fi network using the stated reasoning.

Interestingly, there is not one word about this on the city’s home page, nor on the APD page in their news releases or such.

This is a wrong allocation of resources, and not just for the value that it brings, but also because each person’s network is their own. I’ve never heard one of my neighbors tell any stories about an officers who stopped at their house and told them the danger of leaving an unlocked kid’s bike on the front lawn, their car or home door unlocked, unlocked backyard fences, etc. This planned operation is somewhat analogous to that kind of behavior, but unfortunately ever more intrusive.

Defacto, open wireless networks aren’t necessarily unsafe, at least not any more so than using a non-encrypted telephone and reading your credit card number to the person at the other end of the line. But, perhaps that’s the next public safety scourge for us to address. It’s possible, too, that a mesh of available open networks will benefit the community. Even the city dabbled with providing an open mesh across the downtown area – as did another non-profit which helped wire many of the business establishments a decade or more ago.

I would suggest that APD work with the Electronic Frontiers Foundation and the ACLU to find better, non-intrusive methods of helping make the public safe from the horrendous scourge of open wi-fi networks allowing internet access. This is NOT an appropriate method and could even potentially be unconstitutional in nature.

With best regards,

Mark Boyden

cc: Chief Art Acevedo
Austin Neighborhoods Council

Leon September 22, 2011 at 12:46 pm

Seriously? I can think of any number of crime-fighting initiatives that would be more compelling, and more in line with a service to the community and it’s residents.

911'sAJoke September 22, 2011 at 9:44 pm

Austin PD are fucking idiots. Maybe they realized they would get owned with their little operation, or that they would be breaking the law, or the fact they can’t identify the owners, or the fact that it’s not illegal to have an open AP and they serve no fucking purpose and are just wasting tax payers money. Stay the fuck out of our business and do some real police work. Always thinking you’re above the fucking law. Did you run out of unarmed people to kill?

jonl September 23, 2011 at 12:47 pm

EFF-Austin is certan the APD had good intentions here, though attorneys working with EFF-Austin also suggested there could be legal issues iwth the operation, and we still want to know how they were planning to find and contact owners of open APs. We definitely agree it’s not a best use of resources. Clearly you’re angry, and that’s unfortunate. The hopefully productive way we want to approach this is to offer to work with the APD on a public campaign about the vulnerabilities of open wifi – also the limitations of security, and why many informed users choose to have open wifi access points, and how this choice can make sense.

jetsmit September 23, 2011 at 4:37 pm

What needs to be done is to figure out who put the hair brained idea in somebody’s head to begin with. Chances are, it would lead back to organizations such as RIAA, or MPAA , and their efforts to combat piracy by lining the pockets of those that have any influence in this type of decision making. Really? The City and APD don’t just come up with this type of crap on their own.

Overcast September 25, 2011 at 1:50 pm

Do they wear brown shirts there?

Leave a Comment

{ 3 trackbacks }

Previous post:

Next post: