[ Features Index | Silicon Valley | Metroactive Home | Archives ]

Techsploits WiFi Peril WORSE THAN the Trent Lott show on BET, more agonizing than Patrick Stewart's "acting" in Star Trek: Nemesis and 10 times more awful than the message on John Poindexter's home answering machine--it was the low-profile, we'll-just-remove-your-freedom-now meeting two weeks ago between high-tech industry execs and Defense Department reps. The subject of this meeting? Dangerous WiFi networks! Apparently, wireless computer networks are spreading everywhere, soiling our precious military spectrum and making it possible for crafty terrorist hackers to get free Internet access. This meeting followed closely on the heels of several announcements made by policymakers associated with the Department of Homeland Security that WiFi needed to become more secure or face government regulation. Soon techno-geniuses like cybersecurity czar Richard Clarke would start getting funny feelings about WiFi. This technology is both too libertarian and too anticapitalist to please any good servant of the U.S. government. But before I cheerfully rip into Clarke and Co., I should note that there are excellent reasons to be concerned about the security of wireless networks. Most schemes for locking down wireless networks are easy to hack, and the majority of people setting up WiFi for themselves aren't very clueful when it comes to making sure nobody is sniffing their radio waves. The ever-resourceful publisher O'Reilly even has a new book out (802.11 Security) arguing that most WiFi networks (which use the 802.11 transmission protocol specified by the IEEE) are wide-open to attack. But Clarke and his cronies aren't really worried about the kind of security that geeky O'Reilly authors are. This is obvious if you take a look at the working draft of President Bush's National Strategy to Secure Cyberspace. Its authors suggest that WiFi networks can be secured with tools "such as password-access requirements, address filtering, encryption or using a virtual private network." With the exception of encryption, all of these tools are used in the context of WiFi exclusively to prevent random people from hopping onto a network. None is particularly difficult for a skillful hacker to circumvent. So, obviously, the threat model the CIPB types are working with is not evil terrorist hackers who laugh in the face of your address filtering. The government is most worried about people whose "hacker" tool kit includes nothing more complicated than Dynamic Host Configuration Protocol (DHCP), software that is used to grant users open access to a publicly-available wireless network. Most free WiFi networks use DHCP to assign visitors a temporary address on the network, giving them access to the Internet or whatever the network owners have made available. A deliberately open WiFi network is not an insecure network; it's a public works project, a resource that some generous geek has made available to anyone who wants to partake--and usually said geek has carefully secured all parts of the network she wants to keep private. Nearly all of CIPB's suggestions for "securing" a wireless network are actually rules for creating a closed WiFi network. "Password access requirements" are used by Starbucks in their pay-per-use coffeeshop WiFi; "address filtering" allows only certain machines to log on to the network; and a "virtual private network" allows selected people to log into an already-secured network remotely. None of these "security" methods will protect a network's content. If you have a password or a machine whose address the network recognizes, you're in. Only "encryption" will protect sensitive data. So most of the "security" recommended by the government for wireless isn't aimed at stopping bad guys from drinking up our precious data. Nope; it's aimed at preventing people from using and setting up open wireless networks. In other words, the government is dubbing open WiFi networks a security risk. Just having a network that's open to the public makes you part of the national vulnerability problem. Huh? This only makes sense if you consider that open networks across the globe have given people yet another way to gather in public places to disseminate information. Nobody in the Bush Administration likes it when a piece of technology makes information exchange easy and anonymous. So why did the DoD have that meeting two weeks ago with industry types whose next-generation products are all heavily laced with 802.11? Apparently the military is worried that increasing uses of unregulated spectrum will interfere with secure military radio frequencies. Although DoD officials admit that there are no examples of such interference ever occuring--and despite the fact that spectrum-sharing technologies already being used in Europe could make interference almost impossible--this is what the DoD is freaked about. Do you see a pattern emerging? Somebody doesn't like the idea of unregulated communication. WiFi is scaring the government not because it's a tool of terrorism, but because it's a tool of unregulated political dissent. Annalee Newitz ([email protected]) is a surly media nerd. Send a letter to the editor about this story to letters@metronews.com. [ Silicon Valley | Metroactive Home | Archives ]