Widely respected computer security expert Bruce Schneier has written a controversial blog post explaining why he keeps his wireless network open. His primary reasons are:
- It’s a basic kindness
- The risk of uninvited strangers doing bad things using the network are overstated
- Even if someone did do something bad using the network, the fact that it was open makes defending yourself in court easier
- The latest wireless security protocol, WPA, is very good, but no wireless security is ever impervious to attack
Schneier also explains that we expose our laptop computers to dangerous security conditions all the time:
I’m also unmoved by those who say I’m putting my own data at risk, because hackers might park in front of my house, log on to my open network and eavesdrop on my internet traffic or break into my computers. This is true, but my computers are much more at risk when I use them on wireless networks in airports, coffee shops and other public places. If I configure my computer to be secure regardless of the network it’s on, then it simply doesn’t matter.
He also brings up the point that if the maintainer of an open network gets sued, even if he didn’t commit the crime, he’ll have to go through a time-consuming and costly defense. Schneier dismisses this on the basis of probabilities. The odds are simply too low that someone will do something nefarious on your network and that you’ll get charged for the act. I keep my home network secured with WPA, but his arguments have given me pause. Is there a point at which the negative possibilities reach such a low probability that even a lawyer would say the risk is justified? Or is Schneier foolishly ignoring the dangers of a black swan event?