Do you leave your wireless network open or is it secured such as with WPA2? According to the Open Wireless Movement, running an open network is not a security risk. For folks who don’t buy into that, the Open Wireless project will release router firmware to allow you to freely share a portion of your bandwidth while also “providing a high degree of security and privacy for your own communications.”
At the Hackers on Planet Earth (HOPE X) conference in July, EFF speakers will explain “why the future is open wireless” and then release free, open-source router firmware “designed to let you share a portion of your Wi-Fi network, password-free, with anyone nearby.” The Open Wireless Router software creates “a public slice of bandwidth that can dialed up or down with a simple smartphone interface.” EFF staff attorney Nate Cardozo told Wired, “If everyone runs open Wi-Fi, there’s no real argument that anyone is being negligent by doing so. If you’re not the person doing the illegal activity, you have no liability.”
When first urging people to join an Open Wireless Movement back in 2011, the EFF claimed that opening your Wi-Fi “is the socially responsible thing to do” and that “individuals who choose to do so can enjoy the same legal protections against liability as any other Internet access provider. Individuals, including Bruce Schneier and Cory Doctorow, have laid some of the groundwork.” Yet Schneier and Doctorow wrote that in 2008. After Snowden disclosures in 2013, Schneier didn’t mention open wireless politeness as part of his security setup when he was talking about how to remain secure against the NSA.
A lot has changed in the last few years. Some people used to share Wi-Fi with neighbors out of the goodness of their heart. Others wouldn’t lock down their wireless network just to spit in the eyes of the RIAA or the MPAA. Sure enough, if someone commits a crime while accessing your open Wi-Fi, then having an open wireless network should work as a legal defense … after finding a technically-savvy attorney. Although just dealing with the fallout and expense would likely be a nightmare, this year a federal judge in Florida determined that an IP address does not identify a person; she then tossed out a porn copyright troll’s case. Regarding a BitTorrent lawsuit in 2011, a judge also ruled that an IP address is not a person.
But if you locked down your Wi-Fi and then something happens, the cops are much less inclined to believe it was a matter of being hacked. For example, the Wi-Fi-cracking “neighbor from hell” repeatedly hacked into his neighbor’s WEP-enabled Wi-Fi network and tried to “frame them for child pornography, sexual harassment, various kinds of professional misconduct and to send threatening e-mail to politicians, including Vice President Joe Biden.” The court sentenced the hacker to 293 months in prison, ruling that “he inflicted unfathomable psychic damage, making the victims feel vulnerable in their own home, while avoiding detection” for nearly two years.
Although locking down your wireless network does not come with a 100% security guarantee, if a person was looking for open wireless networks, then it’s easier for most folks just to use the free Wi-Fi at a local McDonald’s, Starbucks, or public library.
Some folks claim the “easiness” factor is part of why Comcast plans to use customers’ routers to create a mesh of public Wi-Fi; it’s expected to result in about 8 million Wi-Fi hotspots in 19 of the largest U.S. cities. For all the griping about electric bills potentially going up or shared bandwidth slowing connection speeds, you would think people would opt out. Yet Comcast claimed that less than 1% of its customers are opting out of having their Xfinity WiFi as a home hotspot.
After introducing Xfinity Pineapple and proof-of-concept code, LogRhythm’s Greg Foss added that a man-in-the-middle attack can happen on “any public access point, though stealing Comcast credentials does have the added advantage of providing attackers with credentials they can later use to mask their online activity.”
The new firmware coming out of the Open Wireless Movement would “prioritize the network owner's traffic over others', so good samaritans won't have to wait for Netflix to load because of strangers using their home networks.” EFF activist Adi Kamdar told ArsTechnica that “every connection is walled off from all other connections;” this will “decrease the risk of unwanted snooping” and eventually make it harder to tie an IP address to a specific individual. In short, the EFF says the "open Wi-Fi tool promotes efficiency, neighborliness, and privacy."
“From a legal perspective, we have been trying to tackle this idea that law enforcement and certain bad plaintiffs have been pushing, that your IP address is tied to your identity. Your identity is not your IP address. You shouldn't be targeted by a copyright troll just because they know your IP address," said Kamdar.
There’s nothing illegal about running a Tor exit node either, but since it's realistic that someone will use Tor “for illegal purposes,” the EFF doesn’t recommend that a person should run an exit relay from their home. The EFF warned that if “law enforcement becomes interested in traffic from your exit relay, it's possible that officers will seize your computer." Eventually, after putting up with the cops “searching everything,” you might find a technically literate cop who understands how Tor works; just because your IP showed up on child porn server logs doesn’t mean you were the pedophile who the cops were trying to bust.
Having free open Wi-Fi everywhere sounds like a great world to experience; but how many legal battles will have to be fought and won before open wireless networks are so ubiquitous that it’s no longer “reasonable” for law enforcement to automatically investigate an IP address captured during a crime?