The problem with open networks is that people are accountable for what goes over their networks. Nearly everywhere that I have a connection to the internet (and might want to create a wireless network) all connections made could get traced back to me, through means such as keeping track of which subscribers have which DSL modems, requiring log-ins, and keeping track of which switch port corresponds to the ethernet jack in my room.

While the Digital Millennium Copyright Act (DMCA) provides protections to ISPs so that they are not liable for actions committed by their customers, provided they follow certain procedures for dealing with such cases, these protections don’t extend to individual users running wireless networks (unless they can claim to be an ISP, which is almost certainly a violation of their ISP’s terms of service, even if casual sharing is not).

The lawsuits brought against many individuals by the RIAA lately have demonstrated that simply being accused of performing infringing or illegal acts over an internet connection is costly for the person accused, if the accused person’s IP address can be even loosely linked to the infringing activity. In this case, the person has the option to accept any monetary settlement that may be offered, on the order of several thousand dollars, or to fight the accusations in court. Even if the accused person proves that he or she is innocent and is able to recoup legal fees, a large amount of time and effort is required, simply as a consequence of having been accused.

Having an open wireless network connected to my name, particularly in a university residential setting where large amounts of copyright infringement is known to take place, is simply not a risk I’m willing to take so that someone nearby can check his e-mail in a pinch. Using encryption hardly makes me immune to this threat, but it discourages the majority of users who may want to use my network to do harmful things, particularly when there are several open access points nearby.

Now, you obviously don’t care much about this basement, you don’t secure it and you probably wouldn’t mind too much if a homeless person is sleeping down there. However, it would probably bother you dramatically if somebody is running a meth lab in your basement, or using it to store murder victims, and the cops track him or her down (assume for the moment that you can’t smell it from the house).

Think about what illegal acts you could do with an Internet connection that can be accessed invisibly and can’t be tied to you. Kiddie porn (or anything else that’s illegal on the web) could be hosted through your connection. Botnets and phishing scams could be operated from your IP address. Your bandwidth could be used for DoS attacks. The probability of any particular one of these or similar threats occurring is slight, but consider the potential damages - even if you manage to convince the court that none of it is your fault (an outcome I certainly wouldn’t count on), you’ll be out a lot of legal fees and time in court, you may have had to do jail time prior to getting out on bail (assuming you can afford to), and it probably won’t be good for a reputation of respectability. At the other end of the spectrum, you could get thrown in the slammer for a few months/years/decades, have massive punitive fines to pay, find yourself facing civil lawsuits from people or companies attacked via your connection, be registered as a sex offender for the rest of your life, or any number of other unpleasant things. Against any risk of all that, I’d be willing to spend a few minutes of my life securing my network.

Also – the $1,000 to have your computer replaced doesn’t factor in some of the other annoyances that you have to deal with if someone gets into your apartment and steals. There is also the cost to you in time in order to go around and get all of your stolen stuff replaced, file a report with the police, and generally deal with the situation.

And finally, there is the possibility that the thief will vandalize your home when they enter it. When I was five years old, burglars broke into my house while we were away and trashed the place while stealing everything valuable they could find. The cost of the damage they caused was much higher than the cost of the property they stole. All in all, it makes the two seconds to lock my door worth the stress that I might have to deal with if I don’t.

Regardless of how possible it is for standard encryption mechanics to be cracked, an open system is well, open. I think it is also important to note what kind of area he is advocating keeping an open system. In a rural neighborhood, or even suburbia, the risk would be far less than a densely populated area such as the U District.

This also ignores automated attacks. Consider a worm that connects to open access points, dictionary-attacks the administrative controls (which on many APs are accessible via WiFi), and re-flashes the firmware to propogate itself. Such a worm would have incredible access; all your Internet traffic, all internal traffic that goes through the router, and all the computers and/or access points in range. Having multiple unsecured APs in range of each other is not uncommon in urban areas, so this type of worm could spread rapidly through densely populated regions.

Let’s take the “lock your doors” principle as an example. Suppose that I live by myself in an apartment in the U district. My apartment would have, say, $20 in cash, some clothes, some cheap furniture, and my computer. My most valuable asset, the data on my computer, would be backed up remotely. I think that it would not be worth the time to lock the door on my way out. It is my impression that the likelihood of someone attempting a break-in to my apartment while I am gone is very, very small (much less than 1 in 10,000 over the course of a year). And if a break-in does occur, I probably wouldn’t lose anything irreplaceable. Mainly, it would be the inconvenience of getting a new computer (which I might need anyway), restoring the data, and maybe changing some passwords. (Besides, if there are people willing to risk jail time for my items, maybe they need them more than I do anyway.) Looking at this another way, I would lose at most $1000 in the event of, let’s say, a 1-in-10000 burglary. That’s a cost of $1000/10000 = 10 cents for the convenience of not needing to lock/unlock the door all year! I’d say that’s worth it.

If you believe, like I do, that the chance of someone relying on your home wireless network to gain access to your computer or to perform other malicious activity is tiny in reality, then the same reasoning applies to open wireless networks. I think it is many times more likely that someone would use your open wireless network for something innocent (like browsing porn sites). So unless you have something highly valuable at stake, it may simply not be worth the effort to setup a secure wireless network at home.

From that perspective, I can almost understand his rationale for opening his network to anyone who’d use it. However, one thing in the article does strike me as sour… He comes across as seeming to think that just because he leaves it intentionally open, he won’t be liable for anything that happens to it. In fact, I think the opposite might well prove to be true. As one educated in such matters, making a conscious decision to leave the network wide open can easily be construed as negligent, or at least it seems so to me. I’m not aware of any cases in which the ‘my network was open, so you cannot prove it was me that perpetrated these crimes’ defense actually worked.

Combine that precedent with a conscious, informed decision on the side of negligence, and I certainly wouldn’t rush to his side, were I a lawyer.