Austin Police Department announces “Operation Wardrive”

Open Wireless Access Points - security threat?
Open Wireless Access Points - security threat?

Update (Sep 22 @ 1:07pm) – The Austin Police Department has decided to cancel Operation Wardrive and focus on the public education facet of this work. See Mark Boyden’s comment, an email response from APD Chief Art Acevedo. Thanks go to Scott Henson at Grits For Breakfast for his attention to this matter.

Yesterday (September 20th @ 2:46pm CST), KVUE News published an article relaying the Austin Police Department‘s intention to identify open residential wireless access points (WAPs) throughout the city.

Police will soon conduct an operation to find open wireless Internet connections in the city.

The APD Digital Analysis Response Team, or DART, will hold “Operation Wardrive” Thursday, Sept. 22. DART unit members will make contact with residents who have open wireless connections and teach them the importance of securing them.

This raises a number of immediate questions, perhaps the most simplistic and potentially revealing being simply: “why?” The answer to that question appears to be the same answer provided for lots of questions lately: safety.

From the article:

Leaving your wireless network open invites a number of problems:

  • You may exceed the number of connections permitted by your Internet service provider.
  • Users piggy-backing on your internet connection might use up your bandwidth and slow your connection.
  • Users piggy-backing on your internet connection might engage in illegal activity that will be traced to you.
  • Malicious users may be able to monitor your Internet activity and steal passwords and other sensitive information.
  • Malicious users may be able to access files on your computer, install spyware and other malicious programs, or take control of your computer.

The EFF Austin Board of Directors finds nothing wrong with this analysis of the potential risks Internet users undertake when intentionally or unintentionally leaving their wireless access points open for shared use. In fact, we could cite a few more. However, these are much the same risks that Internet users undertake when using ANY shared wireless access point, such as those provided by cafés, public parks, or the Austin Public Library.

Missing from the cited analysis is any recognition of potential benefits to be gained from publicly sharing one’s wireless access point. Lately, the virtues of contributing to any shared commons tends to be overshadowed by fears of bad actors (both real and imagined). For some facts, it’s worth reviewing cryptographer and computer security specialist Bruce Schneier‘s discussion on the virtues and risks of running an open wireless network.

More importantly, missing from the cited analysis is any recognition of the unintended consequences of APD collecting this information. The Austin Police Department is a public agency and is thus subject to the Texas Public Information Act (TPIA), Chapter 552 of the Texas Government Code, which guarantees the public’s access to information in the custody of government agencies. As a result of undertaking “Operation Wardrive” the records generated by that operation are subject to open records requests. That information is potentially valuable to perpetrators interested in undertaking the kind of malfeasance outlined in the KVUE article.

The EFF Austin Board is not interested in this data beyond knowing what is collected and why. We are more interested in the provenance of this Austin Police Department operation, and doing what we can to help APD increase public education about the virtues and risks of running an open wireless access point. To that end, we have decided to file an Open Records request today seeking information on this operation.

“Operation Wardrive” Open Records Request (Sep 21, 2011)

NSTIC session at Internet Identity Workshop 11

Jay Unger at IIW11

Jay Unger’s IIW11 slides are a very helpful introduction to the 36 page National Strategy for Trusted Identities in Cyberspace document produced by Deloitte last year. Also, during the session, Jay shared some things he had heard from the Department of Homeland Security such as “expect the ecosystem to be private sector led” and suggested that this initiative was leading towards commerce (“reading between the tea leaves”). It seems Jay was right and it seems to me that the main catalyst here, although not clearly defined as a vision, was stated in the White House blog post on NSTIC this week.

we can…cut costs for businesses and government by reducing inefficient identification procedures.

Think about how much money businesses and government could save for each customer it can convert from doing things by phone and mail versus online. “Money is what jumpstarts this” is among my notes from the IIW session.

So, it seems a good question to ask about trusted identities is “trusted by who?” If the goal is to reduce costs which is desired by business and government, who truly needs to trust them are we, the people. This seems to be a matter of changing our perception about the security of doing our business online. Of course, there will still be security vulnerabilities and privacy compromises. We just need to perceive that NSTIC is fixing those. Therefore, I agree with Kaliya Hamlin’s sentiment that We Shouldn’t Freak Out About NSTIC.

Update 1/11: Here is the video of last Friday’s Stanford Institute for Economic Policy Research event with Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard Schmidt and ID Commons post-event conference call notes. To keep updated with these calls, check here.

IIW11 was held November 2-4, 2010. IIW12 is is May 3-5, 2011 in Mountain View, California.

Cloud Computing

whurley, Don Jarrell, Chris Boyd
whurley, Don Jarrell, Chris Boyd

EFF-Austin sponsored a successful panel, Cloud Computing: Threat, or Menace, on March 3. Thanks to all who joined us!

Audio

Speakers:
W. Scott McCollough, Telecommunications and ISP Law Specialist, McCollough|Henry, PC
Chris Boyd, Midas Networks
whurley, BMC Software, Inc.
Andrew Donoho, Strategist
Don Jarrell, Digital Thinking, Inc.
Moderator: Michael Hathaway, Pico Innovations