Piggybacking . . . and how to fend off the pigs

Is wireless piggybacking theft of service or a victimless “crime” of convenience?

The New York Times recently took a front-page swipe at the (Internet) age-old question of whether an unprotected wireless network amounts to an open invitation for any piggybacker who happens by with a laptop.

Theft of service? . . . Or victimless “crime” of convenience?

At this point the question has become pretty much a philosophical one: Either you’re OK with catch-as-catch-can wireless . . . or you’re not. But the story did get me thinking about the issue again.

First off, the Times quoted Edwin Caroso, a 21-year-old Miami Dade College student: “I don’t think it’s stealing. I always find people out there who aren’t protecting their connection, so I just feel free to go ahead and use it.”

Imagine the swell of pride in the chests of Mr. and Mrs. Caroso as they see their little Edwin being quoted in the nation’s newspaper of record espousing such irrefutable logic. That’s our boy – the knucklehead.

I’m not unreasonable: The occasional quick sip out of an unprotected wireless stream – you’ve got to do something important, you don’t have an alternative and you don’t leave any trash where you troll – doesn’t make you a bad person. But doing it all the time? Sorry, Mom and Dad, that makes the lad a petty thief, no matter how unselfconscious he may be about the practice.

The notion that irresponsible wireless users deserve to have their service degraded by freeloaders – and that the service providers have no stake in the freeloading – has always struck me as suspect.

Do unto others, etc.

Which brings us to another point: Absent a sudden pandemic of security consciousness among the wireless-user masses, what might be done to dramatically reduce the temptations presented to Caroso and his fellow travelers in the what’s-yours-is-mine crowd?

For insight on the question I turned to security expert Joel Snyder, a frequent Network World contributor and senior partner at Opus One, a consulting firm in Tucson, Ariz. You can read the full text of Snyder’s colorful reply on my blog, but this excerpt captures the gist of what he proposes:

“Here’s an answer: Put a switch on the access point,” Snyder writes. “I don’t mean an on-off switch. I mean a ‘secure/insecure’ switch. If there are only two common configurations: one wide open and one with [Wi-Fi Protected Access]-Personal encryption, then put a switch on the box.

“I actually have an access point that has a switch on it with four positions. One is ‘management mode,’ and the other three are various combinations of open/closed, routing, etc. That wasn’t hard, and the access point cost $60. So it’s not like I’m coming up with this incredibly great idea here – access-point vendors already have it.”

But wait, there’s more.

“What about the password? Well, put it on a sticker, next to the switch,” he continues. “If you wanted to be non-negligent in security, then you could go one step further. Ship the box with the switch in ‘secure’ position. Put a little piece of tape on it, kind of like the one that’s over power outlets saying, ‘Are you sure you’re on 120 volts?’ Someone wants to move the switch, OK. But if they don’t, the password is right there on the box.”

That doesn’t seem so hard.

You can still join the Buzzblog Brigade

Names continue to be added to the Buzzblog Brigade mailing list on a daily basis. Soon these volunteers will begin to receive occasional missives from yours truly seeking their opinions about this or that matter of interest. We’ll do some polling, too. Want in on the list? Just drop me a line.

You’re just dying to defend Edwin, right? The address is buzz@nww.com.