Misguided “Operation Wardrive” set to happen in Austin today

If this one seems a bit rushed, it is. I just now came across a mention of these two articles in an IRC channel I’m in, and noticed that this is was scheduled to start happening today. Spread the word if you are in Austin.

According to both EFF Austin and KVUE, the Austin Police Department is sweeping the city. Not for pot plants, speeders, reckless drivers, or even jaywalkers. They are sweeping the city for open wi-fi access points.

From the KVUE article (quoted in EFF Austin’s article):

Leaving your wireless network open invites a number of problems:

  • You may exceed the number of connections permitted by your Internet service provider.
  • Users piggy-backing on your internet connection might use up your bandwidth and slow your connection.
  • Users piggy-backing on your internet connection might engage in illegal activity that will be traced to you.
  • Malicious users may be able to monitor your Internet activity and steal passwords and other sensitive information.
  • Malicious users may be able to access files on your computer, install spyware and other malicious programs, or take control of your computer.

Before even getting into EFF Austin’s side of the story, I’d like to analyze these, which it would appear at first glance were ripped straight out of APD’s press release without any vetting whatsoever (I really hope KVUE is better than that, but this is the state of news in 2011). Most of these aren’t even correct or have errors in fact. In order:

  • “You may exceed the number of connections permitted by your Internet service provider.”: Most wi-fi routers assign a private IP address and don’t really differentiate between one, two, five, ten, twenty, or fifty devices on the network (some may run out of addresses at a certain point but this problem can be remedied). It is rare to have a wi-fi access point connected directly to the outside Internet so for the majority of users this doesn’t apply. If your Internet provider does hard-limit the number of devices you can run on your connection, it’s time to switch. (This may, eventually, become an issue again with IPv6, but even then with most users getting a block of 65,000 addresses, this is doubtful.)
  • “Users piggy-backing on your internet connection might use up your bandwidth and slow your connection.”: Most users using an open wi-fi access point will not download excessive amounts of data. The benefit here of invited guests and friendly neighbors being able to borrow your connection usually outweighs the risks.
  • “Users piggy-backing on your internet connection might engage in illegal activity that will be traced to you.”: This is the same argument used to dissuade people from running Tor exit nodes and I would expect most of the same legal advice given to Tor exit node operators would apply here. In summary, an IP address does not uniquely identify an individual Internet user. It is simply routing information.
  • “Malicious users may be able to monitor your Internet activity and steal passwords and other sensitive information.”: This is about the only one that may be true with any regularity, and even then this would only apply to connections in plaintext, not to encrypted connections.
  • “Malicious users may be able to access files on your computer, install spyware and other malicious programs, or take control of your computer.”: Only if your computer is misconfigured, and in the case of malware, only likely if you’re running Windows or possibly MacOS. This doesn’t happen very often in the wild, if at all.

From EFF Austin’s post on the topic:

The EFF Austin Board of Directors finds nothing wrong with this analysis of the potential risks Internet users undertake when intentionally or unintentionally leaving their wireless access points open for shared use. In fact, we could cite a few more. However, these are much the same risks that Internet users undertake when using ANY shared wireless access point, such as those provided by cafés, public parks, or the Austin Public Library.

Missing from the cited analysis is any recognition of potential benefits to be gained from publicly sharing one’s wireless access point. Lately, the virtues of contributing to any shared commons tends to be overshadowed by fears of bad actors (both real and imagined). For some facts, it’s worth reviewing cryptographer and computer security specialist Bruce Schneier‘s discussion on the virtues and risks of running an open wireless network.

I agree in principle with EFF Austin’s argument, and I think it is unfortunate that APD has chosen to go through with this with the misguided belief they are helping keep their citizens safe. (The rest of the article mentions EFF’s Texas Public Information Act request and their concern about exactly what is being collected and why.)

We have maybe a couple of hours before APD’s officers will start knocking on doors to contact computer network owners sharing their Internet intentionally or unintentionally. So I think it’s a good time to remind everyone, especially those in Austin, that it is a bad idea from both a privacy and a legal standpoint to let the police inside your residence or business unless they have a warrant or you called them and they need access to do their job. For more information review this FAQ entry at flexyourrights.org.

I suggest either not talking to APD or saying as little as possible if they want to discuss the security settings of your wireless network. Frankly, I think there are better uses of taxpayer money, and I encourage Austin residents who agree to communicate this to their elected officials.

UPDATE: Per entersection’s comment below, this was actually canceled/disapproved by APD. I will be making a followup post about this in the near future (probably by tomorrow night at the latest).