Wednesday, July 2, 2008

Akron's Free City-wide Wireless

It looks like Akron is moving forward with its plan for free city-wide wireless. The city has just committed $800K over the next 5 years and is also being backed by various organizations to the tune of $25M.

I think this is a horrible idea, as is any free city-wide wireless. Ignoring the costs associated with it that tax-payers will have to shell out, I have not seen word one anywhere on how the security of the network will be handled. Part of the article says:
The free wireless corridor will cover about 80,000 to 90,000 city residents and about 31,000 workers. It will allow anyone with a wireless-ready computer to access the Internet for free within the district.
I read that as 80,000 to 90,000 victims. Lets look at the security issues regarding giving over 100,000 people (when you include the workers) free Internet access.

1. Free wireless typically means unencrypted wireless. That means that anyone within proximity of anyone else can see their traffic...the sites they visit, the emails they read, the credit cards they use, the passwords they have. Think it won't happen? I can guarantee the entire city will be wardriven the first day this is opened.

2. I have heard it touted that businesses would be able to use this and save money. Be careful on that! Businesses who take credit cards for payment have to comply with PCI DSS and depending how they handle their cc's, using free and unencrypted wireless may be a violation of that.

3. Free wireless means anyone can use it...even criminals. I can see a number of scenarios here. First, there are now potentially 80,000+ victims on an open network now. If I'm a computer hacker I can drive around and break into these PCs, install my malware or steal information, and own the box before I'm long gone. Except through the C&C, how are you going to trace it back to me?

Second, what about child pornographers? I have to think that free wireless which is city-wide would be a dream come true for them! They want to share their pics? Drive down to Akron for 20 minutes, jump on the wireless, send everything through and drive away. Probably pretty hard to track down.

4. Who is going to be monitoring this? What privacy policies, if any, will be in place? Is there going to be a clause which states there is no privacy which will allow law enforcement to record traffic when they need it? (Not that I'm opposed to that) People need to consider that as well.

I'm sure this sounds like I'm being a nervous nelly on that, but these issues aren't anything the security industry hasn't seen before with businesses who have spent money to put security in place. I'll be curious to see what happens as this unfolds over the next few years.

1 comment:

Ben said...

Good points raised here. I am sure these are issues that the city will deal with "down the road."


But hey, people get free internet!