Open Wireless Access Points - security threat?
Update (Sep 22 @ 1:07pm) – The Austin Police Department has decided to cancel Operation Wardrive and focus on the public education facet of this work. See Mark Boyden’s comment, an email response from APD Chief Art Acevedo. Thanks go to Scott Henson at Grits For Breakfast for his attention to this matter.
Yesterday (September 20th @ 2:46pm CST), KVUE News published an article relaying the Austin Police Department‘s intention to identify open residential wireless access points (WAPs) throughout the city.
Police will soon conduct an operation to find open wireless Internet connections in the city.
The APD Digital Analysis Response Team, or DART, will hold “Operation Wardrive” Thursday, Sept. 22. DART unit members will make contact with residents who have open wireless connections and teach them the importance of securing them.
This raises a number of immediate questions, perhaps the most simplistic and potentially revealing being simply: “why?” The answer to that question appears to be the same answer provided for lots of questions lately: safety.
From the article:
Leaving your wireless network open invites a number of problems:
- You may exceed the number of connections permitted by your Internet service provider.
- Users piggy-backing on your internet connection might use up your bandwidth and slow your connection.
- Users piggy-backing on your internet connection might engage in illegal activity that will be traced to you.
- Malicious users may be able to monitor your Internet activity and steal passwords and other sensitive information.
- Malicious users may be able to access files on your computer, install spyware and other malicious programs, or take control of your computer.
The EFF Austin Board of Directors finds nothing wrong with this analysis of the potential risks Internet users undertake when intentionally or unintentionally leaving their wireless access points open for shared use. In fact, we could cite a few more. However, these are much the same risks that Internet users undertake when using ANY shared wireless access point, such as those provided by cafés, public parks, or the Austin Public Library.
Missing from the cited analysis is any recognition of potential benefits to be gained from publicly sharing one’s wireless access point. Lately, the virtues of contributing to any shared commons tends to be overshadowed by fears of bad actors (both real and imagined). For some facts, it’s worth reviewing cryptographer and computer security specialist Bruce Schneier‘s discussion on the virtues and risks of running an open wireless network.
More importantly, missing from the cited analysis is any recognition of the unintended consequences of APD collecting this information. The Austin Police Department is a public agency and is thus subject to the Texas Public Information Act (TPIA), Chapter 552 of the Texas Government Code, which guarantees the public’s access to information in the custody of government agencies. As a result of undertaking “Operation Wardrive” the records generated by that operation are subject to open records requests. That information is potentially valuable to perpetrators interested in undertaking the kind of malfeasance outlined in the KVUE article.
The EFF Austin Board is not interested in this data beyond knowing what is collected and why. We are more interested in the provenance of this Austin Police Department operation, and doing what we can to help APD increase public education about the virtues and risks of running an open wireless access point. To that end, we have decided to file an Open Records request today seeking information on this operation.
