Wednesday, September 21, 2011

More risk than reward from Austin PD compiling list of open wifi connections

UPDATE (9/22): I fowarded this post to Austin Police Chief Art Acevedo and, after a brief back and forth via email, this morning he writes to say the department has canceled today's planned "Operation Wardrive." Wrote Acevedo, "I nixed it already, good intentions to educate, but not best for public perception. A very enthusiastic group of folks trying to combat cyber crime came up with the idea without flying it up the flag pole. Please let folks know that there are people that can and will use unsecured home networks for unsavory and illegal activity."

Thanks, Chief, for accepting feedback and acting on it instead of reacting defensively, and for doing so in a timely manner. Perhaps next time the DART unit should run their plans "up the flag pole" before launching dicey mass surveillance schemes without probable cause, if only to save the embarrassment of having to backtrack after announcing plans to the media.

Certainly readers should check to make sure the default password has been changed on their routers and be sure to use a firewall, especially when using open networks outside the home. But average folks needn't be frightened into closing off access to your home wifi by Chicken Little-style scare tactics. As computer security expert Bruce Schneier has written, running an open wifi connection is "basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea." Common courtesy should never trigger a police investigation, even under the pretense of a public education project.
Original post: The Austin PD is undertaking a bizarre scheme called "Operation Wardrive" to "find open wireless internet connections in the city." Reported KVUE-TV, "The APD Digital Analysis Response Team, or DART, will hold "Operation Wardrive" Thursday, Sept. 22.  DART unit members will make contact with residents who have open wireless connections and teach them the importance of securing them."

According to KVUE, "APD says wireless devices will be used to find the open networks. They say most manufacturers of wireless routers ship their devices with the wireless network unsecured by default, which leaves people at risk. They warn that internet users who  fail to secure their network are at risk of someone else using it or hacking into personal information."

This strikes me as a very strange task for police to undertake. Asks one of my techie friends, "Has Austin run out of crime? Do APD officers patrol neighborhoods checking for open windows and doors? (Actually using your neighbor's wifi is more like reading by their porch light.)"

This is less about protection of the public and more about using law enforcement as corporate welfare to enforce terms-of-service agreements with wireless internet providers. But APD is not a party to the contract with my ISP and I fail to understand why it's any of their business if my wifi connection is open or not. Want to educate folks that they need to change the password on their routers? Fine. Purchase advertising. But don't go creating a master list of open wifi connections and start hassling customers who've done nothing wrong.

Which brings us to a big unintended consequence from this ill-considered scheme. Because this activity is not (remotely) part of an actual criminal investigation, the list of open wifi connections APD generates as well as all associated data will be a public record under the Texas Public Information Act. Simply compiling that list - which will be available to anyone as soon as somebody files an open records request and posts the results online - makes the types of malicious activities APD is concerned about more likely, not less. Bad idea.

Even if this is a well-intentioned effort and not just water carrying for the ISPs, I don't think our friends at Austin PD have fully thought this tactic through.

MORE: From EFF-Austin, where advocates published a detailed open records request filed today with APD about "Operation Wardrive."


gregoryfoster said...

EFF Austin concurs with your assessment and has filed an Open Records request seeking details on the inception, planning, and execution of "Operation Wardrive" (which we're referencing as #opWardrive on Twitter).

We are following this one closely, and trying to direct it in a more constructive fashion.

Anonymous said...

APD and company need to know where they can d/l porn while in their cruisers.

Austin police investigating officers suspected of viewing porn on duty
Investigation comes a month after EMS paramedics disciplined.
Austin police internal affairs detectives are investigating several officers suspected of viewing Internet pornography on city computers while on duty.
Assistant City Manager Mike McDonald confirmed the investigation, but he said he couldn’t provide details, including the number of officers involved in the inquiry.
Last month, 10 Austin-Travis County Emergency Medical Services paramedics were disciplined for viewing pornographic Web sites while on duty. City Manager Toby Futrell then sent a memo to city employees warning them about Internet use.
By Tony Plohetski

Jim Howard said...

This is crazy talk Marge!

I passed it on to Matt Drudge.

Anonymous said...

Is this The Onion? This has to be a joke! Leaving your wifi open is not against the law.

RSO wife said...

So that's why Austin needs to hire all those extra officers per capita!!! Maybe they haven't heard of 3G or 4G and wireless internet is a thing of the past for lots of devices. Are they going to pull traffic stops and check our cars for an iPad or iPhone?

Anonymous said...

This must serve another purpose. Something that we're not seeing. Yet. Maybe they're wanting to do unauthorized and unwarrantable searches? No way does a department expend resources for something as trivial as this. Doesn't add up.

Mark Boyden said...

The response from Chief Acevedo:

Thank you for sharing your concerns with me. This WarDrive idea was not approved by APD Executive Staff and in fact has been disapproved. We will be releasing a statement later today. Although the involved unit's intent was noble (educating the public about the risks to your personal information), a PSA or other educational effort would be much more effective. To place you further at ease, the idea was killed before actual implementation.

Again, thank you for sharing your thoughts. Please feel free to contact me if you have any additional questions or concerns.


Art Acevedo
Chief of Police

Adina said...

Glad APD saw reason here. What a pleasure and surprise to see a positive change in a foolish "security" policy.

As the source of the "techie" quote, the "offers" was a typo for officers, feel free to correct it.

Stephanie said...

Maybe now they'll have time to cruise around and contact the people (love 'ya, roomie) who leave their bills and other mail hanging from their mailbox for the postal carrier to pick up.

Stephanie said...

Now maybe they'll have time to cruise around and notify people who leave their bills and other outgoing mail hanging from their mailbox for the postal carrier to pick up.

Gritsforbreakfast said...

Fixed it, Adina, thanks. Great line! :)

Anonymous said...

Honestly maybe in 2001 this should have been done, but its 2011 who needs Wifi spots when you can use VPNs hosted outside US jurisdiction through Starbucks and MAC address spoofers?
Google Chinga La Migra Anonymous has Texas LE IT departments running to secure their networks.

Roger N said...

Good for you, Grits. You got APD to shoot itself in the pinkie-toe. It gave them a clue as to what a REAL police mission might be or not be, but didn't inflict lasting harm on their jack-boots.

mnemonic said...

Thanks for tracking this APD thing and exposing it early. I tweeted about it yesterday.

Anonymous said...

Texas Takedown Thursday: Chinga La Migra IV

Just imagine what Williamson County has been hiding?

Anonymous said...

My neighborhood is PLAGUED with burglaries and APD expends resources to have two officers driving around photographing people who have cars parked in their front yard. Of course, if you leave it on the street overnight your windows will be knocked out in a matter of hours by the smash-and-grab boys that swing in off Cameron Road, smash and grab, and then take off on IH-35 or 290 East. You can't win. And now this ridiculous open wifi fiasco. And APD just requested another $600,000 for tasers! What a complete waste of tax money. And, to make it worse, the majority of officers don't even live in Austin! No "sanctuary city" for them.