The ethics of network detection

* Ethical dilemmas in a wireless network world

Allow me to present a clickable ethical dilemma hidden under the Network icon in Windows Explorer, a.k.a. Network Neighborhood. Click it and what do you see? All of the networks and computers visible from your computer. Some may not be “accessible.” You might not be able to get into them, but you can see them - and a few more clicks might get you into some of them (the exception is when Windows is having a bad day and you can’t get into anything but your own machine).

Clicking “Network” is just one of many ways to navigate a network, but personally, I use it quite often - for example, to find a printer when I’m visiting the offices of friends, employers, or clients. Networks were made for sharing, and that icon is one way to find out what has been shared.

But what if you click the same icon when you are not in an office, but in the park, at a bar, or in a hotel room? You may find that there is some unintentional sharing going on. You may be able to access hard drives that belong to strangers. What do you do? Were you wrong to click the icon? Do you inform the parties who are exposed? Therein lies the dilemma, which is far from academic now that the air around us is thick with data, especially in trains, planes, hots pots, and hotels.

Over the last 12 months we’ve seen numerous convictions for “wireless crimes.” These have ranged from the criminal hacking of medical records in North Carolina to the attempted interception of credit card transactions at the national headquarters of the Lowe's home improvement chain (coincidentally also in North Carolina) via an “open” network connection which the perpetrators detected, wirelessly, from a Lowe’s parking lot in Michigan.

Reports of such cases invariably invoke the term “wardriving.” I’m sure editors love the sound of it but are unaware that it’s not the same as wireless intrusion. Indeed, wardriving, as defined by the vast majority of those who do it, is the detection of wireless networks that are broadcasting data into public airspace. Wardriving typically uses a laptop, a Wi-Fi card, and software such as NetStumbler.

Before you point to any motes in the wardriver’s eye, remember that your Windows XP laptop is probably beaming the air right now by default, since Wi-Fi detection is part of XP’s standard operating procedure. This observation suggests another nasty legal problem: Would Microsoft would be an accessory to criminal acts if wardriving were ruled illegal? After all, the recording industry, through the RIAA, is trying to pin piracy on makers of peer-to-peer software.

I consider myself a road warrior. My laptop and I check into numerous different hotels every month. Am I tempted to click Network? Yes, because when I plug my laptop into the Internet port in my hotel room, or connect with Wi-Fi at a hot spot, I want to know, without running software that could be mistaken for hacking tools, whether anyone else can see my system. Think of it is as wartraveling. The fact is, at some hotels, clicking Network shows me other guests’ laptops. With a few more clicks I could probably read files off some of the systems I see, but I won’t go that far. I think it would be wrong.

Surprisingly, the hotels where I’ve seen this problem aren’t cheap places where you fear for your life as well as your data. They’re brand name hotels, venues where doctors and other professionals hold conferences and rooms start at $300 per night. Sadly, in some of them, that $300 is not going towards good network design.

So do you click Network or not? And if so, what do you do about the result? You can hardly call the front desk and say, “Please let Dr. Doe know his patient records are exposed.” But you could enter a comment on one of those ubiquitous customer feedback forms: “Your guest network is not secure.” 

Learn more about this topic

Network World Encyclopedia: Wardriving

Paper on wardriving 

Healthcare looks to biometrics

Network World, 12/13/04

Trend Micro gives away mobile anti-virus software

Network World, 12/13/04
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)