Make Sure You Are Encrypting Your WiFi Traffic

 
 
By Wayne Rash  |  Posted 2012-04-17
 
 
 

Google Likely Broke No Laws in Street View Data Collection


Rather than buying into the hype surrounding the Federal Communications Commission's investigation of how Google conducted its controversial Street View survey, let's start with a few facts. I know that many of you, especially those who think of themselves as privacy advocates, are going to hate what I have to say.

But the truth is Google did not break the law in the United States when it collected WiFi access point data. While it certainly did nothing to make the FCC's investigation easier (thus the $25,000 fine for obstructing the probe), it's not even clear that the law required Google to help the FCC.

So here are the facts. First, WiFi signals are unlicensed radio transmissions. While intercepting private radio transmissions isn't legal, that's only when those transmissions are clearly intended to be private. In its examination of the Wiretap Act, the FCC noted that the Act provides, €œIt shall not be unlawful under this chapter or chapter 121 of this title for any person ... to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.€

What this means is that if a person doesn't encrypt his or her WiFi, then it's readily available to the general public. And it is. WiFi equipment is ubiquitous. If a WiFi signal is unencrypted and the SSID is readily available, then it would appear that listening in on any communications through that signal isn't against the law. Because of the way that the Communications Act of 1934 and the Wiretap Act are written, the part about communications being open to the general public applies to both.

This is consistent with the FCC's practice since its inception. Radio transmissions have always been open for others to listen to unless something specifically prohibited it. When I got my first commercial engineer's license from the FCC nearly 50 years ago, it was part of the material we had to study. At the time, it was clear that there was no expectation of privacy in radio communications unless you did something to make your communications private or if the FCC specifically said they were private.

This practice held up through the first cordless phones, which transmitted analog signals at 49MHz and could be listened to by anyone with a radio that would cover that band. The same thing held true with cell phones that transmitted clear analog signals. Only when the FCC required that manufacturers stop making cell phone frequencies available on general-purpose radio receivers was there any expectation of privacy, and even then it was legal to build your own receiver to listen in on cell phone calls.

Make Sure You Are Encrypting Your WiFi Traffic


 

Nothing has changed those conditions with regard to WiFi. If you can receive your neighbor's WiFi signals and they aren't encrypted, you may find that your neighbor is annoyed, but your neighbor's only recourse is to turn on encryption. The whole privacy issue has been around for a while, but that's due mostly to the fact that the unlicensed radio concept means that people don't have to pass tests, and thus learn the law, before they use their radios.

The lack of precedent, as the FCC puts it, is one reason the agency didn't move more aggressively against Google. But the bottom line is, what Google did may offend privacy advocates, but it's not illegal.

In fact, the FCC had to stretch even to fine Google $25,000. The agency has jurisdiction over radio licenses and the people and companies who operate using those licenses. In its Notice of Apparent Liability, the FCC had to note that Google has a few corporate FCC licenses. Had Google not had those licenses, the FCC may well have been powerless to assess the relatively minor fine that it did.

The bottom line here is that you cannot assume that your information is private unless you take steps to secure it. If you use an insecure WiFi access point, whether it's one at your home that you didn't get around to setting up WPA on or whether it's the access point at Starbucks, then you have no reason to expect privacy. The fact that you didn't think about this when you sent your bank account information using your iPad or when you never quite got around to setting up your WiFi router is beside the point.

Should it be this way? Well, probably not. The Communications Act of 1934, even though it's been updated several times, never anticipated a world where essentially everyone would be connected by wireless devices. The Congress at that time was thinking more about radio broadcasters, ships and a few other corporate users, not a cell phone in every pocket and a WiFi router in practically every home and office.

The only real solution is to change the law. Because the Wiretap Act and the Communications Act work in concert, both need to be revised to take the world of wireless communications into account so that it really is illegal to listen to someone's communications. Unfortunately, without a change in the law, there's no privacy. For you this means two things. First, don't waste your energy railing against Google. Instead, work at getting the law changed. And while you're at it, turn on encryption on your WiFi router. 

To follow Wayne Rash on Twitter, click here. 

 


Rocket Fuel