Why Your Wi-Fi Hotspots Could Be at Risk

The local mom-and-pop cafe that serves open, anonymous Wi-Fi access along with coffee and muffins may soon be on the front lines of a war in Congress over privacy.

The Internet Safety Act, recently introduced by U.S. Sen. John Cornyn and U.S. Rep. Lamar Smith, both Republicans from Texas, questions the wisdom of allowing anonymous access to the Internet, and it would require ISPs to log user activity -- and store that information for two years.

The bill's two sponsors say the measure is needed to improve the ability to identify sexual predators. The Internet's "limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," Cornyn said in a statement.

The legislation has been introduced in both the Senate (S. 436) and in the House of Representatives (H.R. 1076). Given Democratic control of both houses of Congress, the bill's fate is uncertain at best. But it touches on Internet and privacy issues that could come up in other contexts in coming years.

Although the measure focuses on sexual predators, data that is collected and stored could potentially be sought by anyone with a subpoena. It remains unclear, from this legislation, how extensive any data collection would be and whether it would affect, for instance, a home user with an open network. It is the type of legislation that could take regulators and courts years to sort out if it becomes law.

But the question of whether hot spots should offer anonymous access is one that Richard MacKinnon, president of the Austin Wireless City Project, an initiative of Austin Wireless Inc., deals with routinely. His firm, a nonprofit company in Texas, offers log-on and authentication services to government and private hot-spot operators. He believes Wi-Fi hot-spot services should be managed through an account that identifies the user and obligates him comply with to terms of service.

"Just because Wi-Fi is free to the user, it doesn't have to be sort of a free-for-all anonymous, irresponsible service," said MacKinnon. Many big chains that offer Wi-Fi access, such as Starbucks, do so via user accounts, he noted.

"It seems to me sort of strange that when it comes to Wi-Fi, people feel that Wi-Fi should not be managed by account. I think it's just because the culture preceded the capability," said MacKinnon. "Increasingly, people realize that if they try to create mischief from home or work, it's too easily traced to them, so their first thought is [to] go and use Wi-Fi in public. ... Unfortunately, that takes advantage of the businesses that are providing the free Wi-Fi."

Austin Wireless provides hot-spot authentication services to the city of Austin as well as commercial hot spots, which include a minimal registration -- a username and e-mail address -- and an agreement to terms of service. The service costs hot spots US$10 per month on top of broadband charges and does not track which Web sites users visit. MacKinnon calls it "a service which is discouraging abuse on a network, which probably costs more than $10 a month to cope with."

If someone uses a hot spot for illegal activities, he isn't necessarily putting the hot-spot operator under any legal risk, said Bart Lazar, an intellectual property attorney at Seyfarth Shaw LLP in Chicago. Contributing liability, which involves aiding and abetting criminal conduct, occurs only if you know the conduct is taking place, said Lazar. That liability, for instance, might be used against a technology developer that builds something designed to circumvent a protection.

"Internet Explorer has the capability to engage in copyright infringement, but it's not the fact that the tool can be used to engage in the infringement that is the issue," said Lazar. It's whether the tool was design for the purpose of infringing on copyrighted material, for example, he said.

Michael Disabato, a wireless analyst at Burton Group in Midvale, Utah, said he doesn't have any problem with basic authentication services at a hot spot; it's the bill's data-logging requirement that upsets him.

He described it as overly broad and ill-defined and said it might even put home Wi-Fi users in legal jeopardy if their Wi-Fi signal is open.

"People like me are going to start a grass-roots movement to whoever proposed that law to get them removed from office," said Disabato. There are already laws in place that allow legal authorities to tap and capture traffic from certain data streams, he said.

As for the broader issues raised by the bill, James Brehm, a mobile and wireless analyst at Frost & Sullivan Ltd., said it will raise many issues and require costly changes, such as increased storage and changes in network architectures to store and capture the data. Other issues, such as how any collected data would be protected, must also be addressed.

And there are potential cost issues. Brehm said he's not certain what the legislation would cost to implement, but it would "be big."

This story, "Why Your Wi-Fi Hotspots Could Be at Risk" was originally published by Computerworld.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon