US ruling on legality of eavesdropping on open WiFi networks exposes data

September 11, 2012 // By Venafi
Commenting on a US court ruling that intercepting IP traffic on an open WiFi network is now legal, Venafi expresses concern that the law exposes organisations to increased risk of data loss and breaches, and adds that companies now have a pressing need to encrypt all of their wireless communications.

According to Calum Macleod, EMEA director with the Enterprise Key and Certificate Management (EKCM) solutions specialist Venafi, this is the wireless equivalent of allowing tech-savvy people to wander around attaching crocodile clips to phone cabinets. It shows that the ease with which public WiFi networks can be intercepted is being interpreted as a free-for-all on the hacking front by the US courts.

"The ramifications of this new law for online security and cyber criminality are dizzying, and violate basic industry best practices. Just because a transmission can be eavesdropped, does not make the act of sniffing that traffic any less wrong. It's illegal to intercept a phone call, and there is no reason for the same principles not to apply to a WiFi transmission, which carry both voice and data traffic," he said.

"The reality is that using open WiFi networks for anything other than simple Web surfing is asking for trouble. Company users - if they have not already - should now be moving to encrypt all of their wireless traffic, both on- and off-premise, especially since WiFi has become so pervasive and readily accessible by remote employees and traveling corporate users," he added. Such knowledge workers are accessing increasing amounts of sensitive, often regulated information and corporate applications—from more and more unsecure WiFi networks outside the security of the firewall.

The Venafi EMEA director went on to say that, with BT's Fon WiFi network now having topped the six million hotspot mark worldwide in May of this year, a growing number of companies that use BT as their Internet Service Provider are using the included BT Fon WiFi service when away from their offices and locked-down corporate IT environments. The problem with this service, he says, is that while it is free the Fon WiFi service is open and easily sniff-able.

Put simply, he adds, that means that your email credentials and messages may be on display for