Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

If you don’t secure your wireless network, you could get a visit from the police

If you don’t secure your wireless network, you could get a visit from the police

Rate This
  • Comments 1

A few days ago, the Associated Press published an article highlighting a couple of cases where individuals with wireless networks that were insecure (had no password) were being investigated by the police.  The reason?  Someone piggybacking on their network used it to download illegal material:

BUFFALO, N.Y. – Lying on his family room floor with assault weapons trained on him, shouts of "pedophile!" and "pornographer!" stinging like his fresh cuts and bruises, the Buffalo homeowner didn't need long to figure out the reason for the early morning wake-up call from a swarm of federal agents.

That new wireless router. He'd gotten fed up trying to set a password. Someone must have used his Internet connection, he thought.  "We know who you are! You downloaded thousands of images at 11:30 last night," the man's lawyer, Barry Covert, recounted the agents saying. They referred to a screen name, "Doldrum."

"No, I didn't," he insisted. "Somebody else could have but I didn't do anything like that."

"You're a creep ... just admit it," they said.

Law enforcement officials say the case is a cautionary tale. Their advice: Password-protect your wireless router.

Plenty of others would agree. The Sarasota, Fla. man, for example, who got a similar visit from the FBI last year after someone on a boat docked in a marina outside his building used a potato chip can as an antenna to boost his wireless signal and download an astounding 10 million images of child porn, or the North Syracuse, N.Y., man who in December 2009 opened his door to police who'd been following an electronic trail of illegal videos and images. The man's neighbor pleaded guilty April 12.

For two hours that March morning in Buffalo, agents tapped away at the homeowner's desktop computer, eventually taking it with them, along with his and his wife's iPads and iPhones.  Within three days, investigators determined the homeowner had been telling the truth: If someone was downloading child pornography through his wireless signal, it wasn't him. About a week later, agents arrested a 25-year-old neighbor and charged him with distribution of child pornography. The case is pending in federal court.

It's unknown how often unsecured routers have brought legal trouble for subscribers. Besides the criminal investigations, the Internet is full of anecdotal accounts of people who've had to fight accusations of illegally downloading music or movies.

Whether you're guilty or not, "you look like the suspect," said Orin Kerr, a professor at George Washington University Law School, who said that's just one of many reasons to secure home routers.

The homeowner later got an apology from U.S. Attorney William Hochul and Immigration and Customs Enforcement Special Agent in Charge Lev Kubiak.

"The question," said Kerr, "is whether it's unauthorized access and so you have to say, 'Is an open wireless point implicitly authorizing users or not?'

"We don't know," Kerr said. "The law prohibits unauthorized access and it's just not clear what's authorized with an open unsecured wireless."

In Germany, the country's top criminal court ruled last year that Internet users must secure their wireless connections to prevent others from illegally downloading data. The court said Internet users could be fined up to $126 if a third party takes advantage of their unprotected line, though it stopped short of holding the users responsible for illegal content downloaded by the third party.

Leaving your wireless network open to the rest of the public allows other people  to potentially use your resources for nefarious purposes.  In this case, it led to a visit from the police.  Since police don’t have a way to differentiate between users on a wifi network, this act of negligence on the owner’s part brought certain consequences.  It’s like if you leave the keys in your car and the car is unlocked, and then your car is stolen and crashes into a building, and the thief runs away from the scene of the accident, then the police will trace it back to you. 

The convenience you may have saved by leaving your car unlocked probably wasn’t worth the visit from the police – especially if the police charge you.  What’s worse in wifi is that at least with a car, you can tell it has been stolen (it’s not difficult to see that your parking space is empty).  With an unsecured wireless network, you wouldn’t know that someone is using your network to do bad things unless you had some packet sniffing or monitoring software.  Of course, if you had that software, then you wouldn’t have an unsecured network to begin with.

The last paragraph – Germany fining owners of insecure networks – is an interesting one.  Are owners responsible for securing their networks?  We need to find out if the German police fine home owners for not locking their cars if it is used in a crime, or for not locking their homes and it is burglarized.

The difference between cars and houses from wireless networks is that cars and houses are easy to secure.  Lock the doors and windows.  Even children can do it.  But as the article above says, securing a network means a trip to the manual and let’s be honest – how many people can understand computer manuals?  Some are well written and some are not.  Even then, the amount of computer literacy required to be aware of security and then grok the manual is beyond the grasp of many people.  It’d kind of be like sticking me in the cockpit of an airplane and then fining me for not understanding the control panel.  Duh, what?

Network routers need to be secure by default and they need to be easy to understand and set up.  Plug it in, set the password (maybe have a one time password on a sticker in the box) and away you go.  Security on by default and the user can be on their merry way.  We need to be smart as an industry and stop blaming the victim.

Leave a Comment
  • Please add 3 and 8 and type the answer here:
  • Post
  • IANAL, but if I recall it correctly from reading a German "netlaw" newsgroup almost a decade ago it is in fact not allowed to leave an open car with keys in a public spot, because cars are inherently dangerous, e.g., a driver license and liability insurance are required.

    This is not exactly the same situation as with WiFi networks, so far this does not require any license or insurance (in Germany).

Page 1 of 1 (1 items)