Data, network value to drive Wi-Fi security

As controversy around Google's admission that its Street View cars had collected data from unsecured wireless networks continues to swirl, an analyst says better Wi-Fi security will only come about when users recognize the value of their networks and data.

Daphne Chung, senior research manager for infrastructure software at IDC Asia-Pacific's domain research group, told ZDNet Asia in an e-mail interview that users are generally becoming more savvy about Wi-Fi network security and are gradually looking toward encrypted Wi-Fi network to ensure secure communications.

Such a change in mindsets, however, takes time.

"People need to understand the value of their networks and their data or information and the potential consequences of the violation of their networks, then they would understand the need to lock their networks just as they lock their houses," Chung pointed out.

"Ultimately, self preservation is usually the best incentive and as users grow in reliance on networks for their sensitive transactions and information exchange, this awareness and adoption of more security around their Wi-Fi networks will also grow."

Google last month announced it had inadvertently accumulated about 600 gigabytes of data transmitted over public Wi-Fi networks in more than 30 countries--a revelation that spurred a class action lawsuit in the United States and probes in Australia, Canada, Germany, Italy and Spain.

Singapore is among the countries affected by Google's collection of what the company calls payload data, or actual data transmitted over the network. A Google spokesperson said in an e-mail to ZDNet Asia that company representatives "had conversations" with local ICT regulator, the Infocomm Development Authority of Singapore (IDA), and will continue to work with the authority "to answer their questions and concerns".

However, Google said it did not collect data from secured networks, suggesting that none of this would have occurred had Wi-Fi access been password-protected.

Ignorance, lack of technical know-how to blame
According to IDC's Chung, ignorance, lack of know-how in securing networks and not understanding the consequences of unprotected access were the main reasons for unsecured wireless networks.

That said, manufacturers have made it easier to configure password protection on wireless routers, she said.

ZDNet Asia blogger Lee Lup Yuen concurred. In an e-mail, he noted that these days, users can use the installation software bundled with the devices to easily perform password configurations.

Still, problems could arise during the installation process, such as whether an owner should opt for the WPA (Wi-Fi Protected Access) or WEP (Wireless Equivalent Privacy) standard, he said. "When users get frustrated with the installation process, they may resort to using no security for their Wi-Fi networks."

Forgetting the router administrator password could also pose a headache for wireless network owners. To solve this problem, Lee suggested product vendors preset the router administrator password to a random number, which can be printed on a sticker attached to the router.

Legal penalties for not securing Wi-Fi?
In at least one country, wireless network owners can be taken to task for their negligence in wireless network encryption. Last month, the BBC reported that a German court fined a man 100 euros (US$122) for not securing his Wi-Fi network with a password. The failure to protect the access had led to the network being used to illegally download and file-share music.

A British lawyer told BBC in the report that it was unlikely a U.K. court would arrive at the same verdict.

Over in Singapore, Keystone Law's Tan noted that there has been a precedent where penalties are meted out for illegal Wi-Fi access. However, there is "currently no specific legislation penalizing those who do not secure wireless access", and such legislation is required for authorities to take legal action, he said in an e-mail.

Even if a civil lawsuit arises where one party alleges that the network owner had been negligent in not securing his wireless access, Tan pointed out that "the current state of Singapore law in the form of its Electronic Transactions Act and the Copyright Act may give network owners what is known as a 'conduit defense'--where network owners are merely conduits and not the perpetuators of the wrongful acts of third-parties".

The lawyer added that users should password-protect their wireless networks, but said enforcement would be "impractical because no one gets into trouble for leaving their door unlocked".