Look Before You Log On

The ACLU of Northern California has been very active in highlighting the need for privacy and free speech safeguards in municipal wireless programs. Cities should not be deploying wireless networks that track who we are, what we are looking at, and where we are looking at it from. Once that information is collected, who knows where it will end up or how it will be used or abused?

But municipal wireless programs are not the only wireless services lacking in proper privacy and security protections for personal information. Many of us rely on hotel, airport, coffee shop and other private wireless services in our daily lives without considering whether and how our use of those services is being monitored.

Some users of hotel wireless services noticed some strange behavior when surfing the web through their hotel internet connection. Some investigating on their part revealed that their hotel was tracking the websites they went to and even contained identification information connecting them to that web-browsing. These hotels are probably not the only businesses providing "free" (or paid) wireless access in exchange for personal information. Superclick Networks, which provides high speed internet access for hotel guests and specialty IP services to the hospitality industry, even advertises that hoteliers can "deliver targeted marketing and brand messages to guests and users on their network." This targeted marketing is very similar to what Google and Earthlink will be able to do in the proposed San Francisco municipal wireless service.

In addition to concerns about the service providers themselves, there are security and privacy risks from nefarious individuals who use public, unencrypted wireless networks to access your computer. Among these concerns are the use of "sniffing" tools to obtain sensitive information such as passwords, bank account numbers, and credit card numbers. Another threat is an "evil twin" wireless network, in which the attacker gathers information about a public access point, sets up his or her own system to impersonate the real access point, and when unsuspecting users connect to the internet through the attacker's system, it's easy for the attacker to use specialized tools to read any data the victim sends over the internet, including credit card numbers, username and password combinations, addresses, and other personal information. Malicious individuals don't even have to imitate an existing wireless network, but instead can just set up an ad-hoc network that will entice users with free wireless internet access.

There are a few things individuals can do to protect themselves. Be an aware WiFi user: read those terms of service rather than just clicking "I Agree." Ask your local coffee shop about their privacy/security features and/or suggest better ones. If you don't like their settings, or if they won't reveal them, complain and urge them to change or at least disclose their practices so that users can understand that this "free" WiFi has a real price and make an informed decision about whether to use it.

For more information about the privacy concerns and standards for municipal wireless services, check out the ACLU of Northern California's website about wireless networks at Don't Let Internet Hot Spots Chill Privacy and Free Speech.