Habitually Good

The Mumbai police is in the process of undertaking a massive drive to try and secure open wifi connections in the city. The reason is that during the recent terrorist attacks, the terrorists used open wifi connections for communications and information gathering. I don’t have a problem with Mumbai police trying to close open Wifi connections – no matter how big and (worthless as some say) this exercise is – if they have identified this as a threat, by all means go ahead and make sure it is a threat no more.

What I have a problem with is the manner in which they are going to go ahead and implement this. According to this news source here, the police is going to equip their forces with laptops, devices, etc. They will then go to certain designated areas and visit residences randomly to check for open connections. How effective do you think that is? Here are my reasons for why I think this is a total waste of time if you do it this way:

• You don’t get complete coverage. So you are just hoping that the random places which are checked are the ones the terrorists will use the next time. That is pretty dumb, I think.
• You don’t get permanent coverage. Imagine a residential complex where the police has just swept and secured the open connections. A week later, new tenants move in; or someone who didn’t have a wifi or an Internet connection gets one; or someone changes providers (and the new box comes unsecured as they often do), in which case you are back to square one.
• Are they going to make sure that even if the connection is secure (or they secure it), whether the connection is using WPA (instead of WEP)? It is child’s play to crack a WEP security on a wifi network. There are tools freely available with step-by-step information on how to crack a WEP secured network. It really doesn’t require any level of sophistication to do this.

So, even if they are going to do this, the reason I don’t like it is because they are not doing it right (of course, I am not saying that even if they did it right, this would help). If they want to do it right, they need to think beyond an initial knee-jerk reaction to the problem. I would use one or combination of the following points:

• Equip all police cruisers in the city with high-powered wifi-catchers which also detect the security permissions of the network. Each of these cruisers should be tied to a device which stores data about any open network and its GPS coordinates. A permanent technical team can go through this data regularly and help the owners of errant wifi networks secure them.
• Create a website where helpful citizens can report open wifi networks and push for a public awareness drive that lets people understand the importance of keeping a secure network. The website should also have pages that explain how to secure their networks (comprehensive step-by-step help for all the possible router types) and a help line to the technical team if they are unable to do it themselves.
• Provide wifi enabled PDAs to certain level of police officers. These PDAs have software installed on them that catches any open wifi networks and again stores data about them (similar to the cruiser idea above) and this data is again uploaded to a database where a technical team deals with it.
• Discuss with Internet service providers for putting in place very strict guidelines which make it mandatory for their technicians to configure wifi routers installed for customers so that they are secure (each customer should enter their own password). And then the technical team should perform random audits of such installations.

These are just some steps. Of course, I don’t think making the wifi system secure will prevent any further terrorist activities. In the western nations, cities are putting city-wide open wifi networks in place. So, they are actually going the other way. I think the police needs to stop reacting in a knee-jerk manner and start thinking of long term and sustainable plans for security.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.