...

October 7, 2014

At first blush, you might answer this question with “of course not” and you would assume that almost everyone else in the world would do the same. In that assumption you would be wrong. In London, in a matter of minutes, six people did just that (Read the article here). They happened upon a free Wi-Fi hotspot, selected it from their phones, accepted the terms and conditions, and connected to the Internet. No problem right? You probably have done that same thing, and likely still have all your children accounted for. Well it just so happens that the terms and conditions of this particular Wi-Fi hotspot contained what the company behind this experiment called a “Herod Clause” (to learn more about the historical character behind the name click here), which assigned the Wi-Fi user’s rights to their first-born child to the company for eternity. Now, clearly this contractual provision would be void against public policy, as most courts find it inappropriate to trade children for goods and services, so

the six Londoners who unwittingly gave up one of their children shouldn’t fret too much, but they should consider what this experiment shows us about Wi-Fi networks and our natural inclination to trust that the terms and conditions we accept to use them are safe.

In June of this year a security research company, F-Secure, created several free Wi-Fi hotspots and set them up in some of London’s busiest business sectors. The Wi-Fi hotspots all had terms and conditions that included the “Herod Clause” noted above. The experiment was meant to raise awareness about the dangers involved with free public Wi-Fi. The research went beyond the “Herod Clause” and showed that many email passwords were not encrypted on these public Wi-Fi networks and therefore the person or company running the network could see email passwords in plan text, making hacking and gathering personal information incredibly simple. The Cyber Security Research Institute organized the information gathered from the study and found that it does highlight significant issues with the general public’s lack of knowledge about their public Wi-Fi usage (Read the report here). According to F-Secure, these are not new issues. In fact the email password problem was noted as early as 2001. The company urges education of the public on public Wi-Fi usage and wants more transparency from the telecom industry. Finally F-Secure says that the best way to avoid this problem is to turn off the Wi-Fi connection of cell phones when in public places. While that seems fine and well, it may be a difficult choice for many people, whose high data rates from cell phone companies incentivize using Wi-Fi whenever possible to avoid going over the allotted data amount.
F-Secure is not the only entity concerned with the low security of most public Wi-Fi networks. Europol, the European Union’s law enforcement agency, has found that cybercrime criminals often create their own Wi-Fi hotspots to lure victims in (Read the article here). Perhaps more alarming and at the same time oddly entertaining, are stories like this one from this year’s Def Con Hacking Convention, where Gene Bransfield, from Tenacity Solutions, explained how he used dogs and cats equipped with computers to wander neighborhoods and find Wi-Fi networks that had their was little or not security provisions. These Wi-Fi networks are extremely easy to hack and most people don’t know how simple it is for someone with even limited hacking knowledge to gather personal information from these networks.
All in all these stories should make you think twice before connecting to public free Wi-Fi networks. I know I don’t want to give away my first-born child, or any other important information for that matter. Beyond that, they should make us consider how privacy law, contractual agreements in terms and conditions, and technology intersect, and provide a starting point for open dialogue on these subjects.