Comment: Businesses Need to Wake Up to Open Wireless Access Risks

"Allowing open access to a wireless Internet connection is a dangerous strategy", warns Peter Davin
"Allowing open access to a wireless Internet connection is a dangerous strategy", warns Peter Davin

A federal lawsuit filed by Liberty Media Holdings – a San Diego adult content company – promises to keep the lawyers and copyright experts busy in the months ahead. The lawsuit – which accuses around 50 individuals of using their Internet connection, or allowing their connection to be used by a third party to file-share an adult movie – is interesting because it will test whether people who leave their wireless network on open access can be held liable if a third party uses it to download copyrighted content.

The Recording Industry Association of America (RIAA) has tried, with varying degrees of success (and more than a little negative publicity), to take individuals to court on such issues, but this is the first time that an adult movie producer has taken legal action. The Massachusetts lawsuit alleges that each of the defendants – both named and unnamed – are directly responsible for downloading and sharing the movie, or that they contributed to the piracy through their negligence.

The case is certain to hit the mainstream headlines in the months ahead – largely because of the content – but it is also precedent setting on other fronts, notably the all-to-common issue of leaving your wireless connection on open access to all comers.

A number of airports and other public transportation hubs use a simple controlled system where the user agrees not to misuse the connection and leaves their details. Many businesses simply don’t bother, either because a controlled system costs money or because they are unaware of the potentially serious legal and reputational risks.

Legal issues aside, the reputation risks are significant. For example, what if a password-less wireless connection were to be used to download criminally illegal content and the business was then prosecuted? You can imagine the headlines.

For this reason, I hope this lawsuit – and the likely attendant publicity – will act as a wake-up call to those organizations that allow password-free access to their wireless networks.

The case is an interesting one, because this is first time that the legal weight of the adult movie business has been brought to bear on the WiFi network responsibility issue. The use of access control technologies, automated encryption and clearly defined and well-communicated policies can all help educate employees, enforce policies and mitigate an employer’s legal liability.

The case is likely to be precedent-setter, and its outcome could also make or break what has become a billion dollar industry. Put simply, this means that – regardless of your opinion on the morality of adult movies – the case is very likely to reach higher levels among the US courts, and legal liability decided.

The accompanying publicity will also, I believe, be good news on the IT security front, as it will help educate those businesses that use on-site password-free wireless network access to the dangers.

Apart from the civil and criminal risks of users downloading illegal content using their Internet connection, there is also the very real risk that the firm's reputation could be hit if the courts become involved – as they have in this case.

A growing number of businesses are now offering guest access to their company network for site visitors and contractors. This is acceptable if the access is controlled through the use of a password and audit logging system – complete with acceptable usage policies – but many companies avoid the cost of these controls by simply opening up their wireless network on a password-free basis. Although this saves a few dollars a month on subscription fees, it is a very dangerous game because the legal liability risks are quite high.

The essence of this lawsuit is that even if the defendants did not file-share the movie(s) themselves, they allowed their Internet access to be misused. The courts must now decide whether they are legally liable for their actions in this context.

Regardless of whether the claim for legal negligence sticks or not, I hope the case makes companies – especially the smaller ones – sit up and take notice of their responsibilities on the security front. Allowing open access to a wireless Internet connection is a dangerous strategy in a world where large numbers of people have a mobile device in their pocket or purse.

Too many companies take a laissez-faire approach to their IT security, reasoning that if everyone does it, a given action is okay. The reality is that your company's reputation and legal liability could be on the line.

Peter Davin is the COO and co-founder of IT threat mitigation specialist Cryptzone. Davin has worked in the software and communications industry in Scandinavia and the US for many years and is considered a veteran of the IT security industry. He steered Cryptzone through key acquisitions of AppGate Network Security in 2009, followed by ControlGuard in 2010 and NETconsent and SE46 in 2011. 

What’s hot on Infosecurity Magazine?