In the last year, I heard how Dublin City Council had given up on plans to run a free, city-wide wireless Internet programme on the grounds that it was against EU regulations, anti-competitive and bad for the consumer. As Ireland currently has some of the slowest and most expensive broadband options available in Europe, it seems obvious how the consumer will benefit from having to continue paying for their poor services. But there could be a nicer alternative to centralised WiFi. In a post much earlier this year, Bruce Schneier generated a lot of debate when he claimed he leaves his wireless network open and unprotected for just about anyone to use. This he considers a common courtesy, and whilst acknowledging the risks, considers them to be largely inflated. As many of the people commenting on his article or reporting about it elsewhere point out, there are risks involved, and as far as many of the people in authority are concerned, his common courtesy leaves him much more culpable. Many ISPs stipulate that sharing a connection in this manner would be a breach of contract, and from a legal perspective infringements undertaken by someone piggybacking the network could result in a rather unwelcome investigation for the owner.
Needless to say, much of what Schneier writes makes sense. Wireless protection, like most forms of security, can only really be seen as a form of prevention. If someone were to hack his protected network and then carry out their nefarious activities, from a legal standpoint would his defense be any the stronger? ISPs may demand their customers run protected wireless networks, but at what level should we consider a network secure? I’ve been in places where the wireless was only secured by WEP, and even making the owner aware of its deficiencies only resulted in a shrug or a blank look. As is the case with many technologies, wireless was developed and put to market as soon as possible, and security concerns are only dealt with as and when they appear. It should be given a higher priority, and as Schneier points out, if a user intends to use his laptop on other open networks, such as those often provided to customers in airports, hotels, universities or cafés, a far more dangerous prospect as far as network security is concerned, it makes sense for that security to start at home. There are however several downsides to Schneier’s argument. From a security perspective, one of the first rules is always to present as small and undesirable a target as possible. Leaving a wireless connection open certainly allows would-be hackers an easier point of access, and raises its profile. Also, should the network be in a densely populated area, the amount of network piggybacking could quickly become an issue, to the extent that there could be extra charges or a reduction of service quality from the ISP. Furthermore, it is entirely plausible that users stealing bandwidth could find themselves charged, with the sensible argument running that even if someone leaves their door unlocked, walking in and stealing the TV would still be considered theft (even if the insurance company would term it negligence). Ultimately, whilst Schneier opens his network up to people in good faith, this could cause problems for people who aren’t security minded, or even for those thinking of using such open networks. Whilst a number of people have come up with their own solutions to the issue (such as putting a telephone number as the network’s SSID and giving people access if they should call), FON have turned it into something of a business model. Essentially, the system relies on users signing up to allow their connections to be shared with other FON members. An entirely distinct wireless network is enabled which any FON member can access using their details to gain Internet access. In return, members can earn some money if people pay to access the Internet through their access point, and of course have the benefit of being able to use other FON members’ connections when they are on the move. The FON map shows just where those hotspots are, and there’s already quite a surprising amount of coverage in some areas. In the UK it seems that FON has made a partnership with the leading broadband supplier BT, who would sell access to the Internet via the FON network. The interesting corollary of this of course is that BT will thus derive some revenue from the reselling of its rivals’ bandwidth (which may already have been purchased from BT). Personally I would consider running an open network in principle, but for a few minor problems. The first is that this building is so adequately wired that the wireless option on the router serves little purpose except when the occasional guest prefers to use it, otherwise the wireless is disabled. More troublesome is the fact that since our broadband provider limits our monthly usage, it could easily be considered an expense to run an open wireless network should anyone feel obliged to download vast amounts of data over it. Furthermore if anyone were to be leeching bandwidth it would make things like VoIP calls or online gaming a painful experience. These two problems could easily be stymied by keeping an eye out for potential abuse, or more logically by simply locking down the ‘public’ wireless access to ensure that bandwidth is both limited and given the lowest QoS priority. After all, I see the greatest benefit for users of public WiFi in being able to check emails and do some idle surfing on the go, not downloading the latest linux ISO images or streaming movies from their favourite website. But the most important deterrent for me personally has to be the fact that even our nearest neighbours probably live outside of WiFi range, so unless a horde of people turned up on our road to use our wireless from their cars, they might as well come in and get plugged in properly and have a cup of tea to go with it! Schneier’s comments are very reminiscent of the claims Jeremy Clarkson made earlier in the year about the lack of danger presented by bank details being readily available, after another monumental data loss by a government department. To prove his lack of concern, Clarkson had published his own bank details and made it clear how easy it would be to find his address. Unfortunately for him, someone did indeed take up the gauntlet and set up a Direct Debit payment to charity Diabetes UK using precisely those details. At least to date I’m unaware of the same type of thing happening to Schneier, but the wager has been made.