The Wireless Hacker ReturnsThis time he brings a gift.
"What is a suitable punishment for hacking into a stranger's wireless network?" Jake wondered. Still fuming over the audacity of such a crime, Jake was finding it easy to imagine a host of satisfying punishments, from a long prison sentence to a good old public flogging. "Why shouldn't severe suffering be attached to such personal violations?" Jake muttered to himself.
A hacker had
broken into Jake's wireless network on Halloween. Not content with mere cyber-trespass, the hacker had then reformatted Jake's hard drive. To add insult to injury, Jake had been shocked to discover that
his neighbor's son was the culprit. Tim's father had agreed to pay for any damages—so long as Jake didn't press charges. That had been three weeks ago. Jake still hadn't decided what punishment was adequate. But with Tim's return from college just before Christmas, Jake knew that he must do something.
Curiously, Jake's wife was less concerned with punishment than with Jake's apparent lack of concern for security. "If your computer work is so important, why didn't you do something to protect it?" she asked bluntly. "Why should I
have to protect it?!" he shouted back angrily. "If it's not safe in my home, then where is it safe?" But she reminded him sternly that it wasn't "in his home." Wireless networks are broadcast well outside of the home or office, she noted in a calm and steady voice. Jake had been too full of self-righteous anger to respond to such gibberish.
Still, a part of him knew that she had a point. In fact, he had recently read about the owner of a residential wireless hotspot who might be
charged with a crime because someone downloaded pornography from his unsecured home network. Equally intriguing was the fact that states were considering
legislation that would hold business owners responsible for unprotected wireless access points.
Jake wondered what he would do. Imagining Tim in prison was not a pleasant thought. Tim had been a good boy. What good would a prison sentence do? He had reached an impasse. Dejectedly, he stared out the window. Snow was gently falling on the darkening winter landscape. The days were getting shorter as the nights grew longer, making darkness more prevalent than light. Jake knew that Christmas Eve was the longest, darkest night of the whole year. But then, with the winter solstice, the darkness would give way to light. Jake's understanding of the symbolic message behind Christmas didn't make the wonder of the season any less meaningful. In fact, the understanding gave him a deeper appreciation of it all. Suddenly, with a burst of insight, he realized what he must do. He grabbed his coat and walked quickly in the cold air to his neighbor's house.
Bill answered the door. Once inside, Jake asked to meet with Tim. "Here's the deal," Jake said. "If you can help me understand how to secure my wireless network so that it's not broken into again, I won't press charges. But your fixes must be good. If my wireless network is compromised again—even by someone else—I will press charges." Tim stared a Jake for a moment, and then slowly nodded in agreement. Together, they returned to Jake's house.
The fixes were easy; the actual setup took about 15 minutes. Tim started with the basics:
1. Change the default administrative password for the access point. Administrative access would give anyone free rein to the setup, configuration, and security features on Jake's wireless network.
2. Change the default SSID (network name). Tim explained that hackers use these defaults to easily join the network.
3. Disable the SSID broadcast option. Most commercial access points are set—by default—to broadcast the SSID. This allows anyone to join the network, even hackers. Broadcasting the SSID is fine if you're running a public hotspot, but not a good idea for the home office user.
4. Enable MAC address filtering. This feature, available on most 802.11 access points and routers, makes it harder for hackers to access a network using a random MAC address.
5. Turn on WEP security. Sure, WEP has plenty of problems, but it does provide a modicum of data encryption protection.
Tim suggested that Jake upgrade his 802.11b wireless network to 802.11g. Also, finding access points and PC Cards that use WPA security—a greatly improved version of WEP—would help to discourage all but the most determined hacker. Before returning home, Tim even left Jake with a Christmas present: a copy of
Real 802.11 Security. While still angry with Tim for hacking into his network, Jake was pleased that he found a way to put Tim's abilities to good use. It also helped Jake quickly improve his awareness and understanding of security issues. "Not a bad tradeoff," Jake thought, as he turned to watch the falling snow.
Lost? Hiding? Your Cellphone Is Keeping Tabssource:
www.nytimes.comOn the train returning to Armonk, N.Y., from a recent shopping trip in Manhattan with her friends, Britney Lutz, 15, had the odd sensation that her father was watching her.
He very well could have been. Ms. Lutz's father, Kerry, recently equipped his daughters with cellular phones that let him see where they are on a computer map at any given moment. Earlier that day, he had tracked Britney as she arrived in Grand Central Terminal. Later, calling up the map on his own cellphone screen, he noticed she was in SoHo.
Mr. Lutz did not happen to be checking when Britney developed pangs of guilt for taking a train home later than she was supposed to, but the system worked just as he had hoped: she volunteered the information that evening.
"Before, they might not have told me the truth, but now I know they're going to," said Mr. Lutz, 46, a lawyer who has been particularly protective of Britney and her sister, Chelsea, 17, since his wife died several years ago. "They know I care. And they know I'm watching."
Driven by worries about safety, the need for accountability, and perhaps a certain "I Spy" impulse, families and employers are adopting surveillance technology once used mostly to track soldiers and prisoners. New electronic services with names like uLocate and Wherify Wireless make a very personal piece of information for cellphone users physical location harder to mask.
But privacy advocates say the lack of legal clarity about who can gain access to location information poses a serious risk. And some users say the technology threatens an everyday autonomy that is largely taken for granted. The devices, they say, promote the scrutiny of small decisions where to have lunch, when to take a break, how fast to drive rather than general accountability.
"It's like a weird thought I get sometimes, like `he definitely knows where I am right now, and he's looking to see if I'm somewhere he might not approve of,' " said Britney Lutz. "I wonder what it will be like when I start to drive."
Still, personal location devices are beginning to catch on, largely because cellular phones are increasingly coming with a built-in tether. A federal mandate that wireless carriers be able to locate callers who dial 911 automatically by late 2005 means that millions of phones already keep track of their owners' whereabouts. Analysts predict that as many as 42 million Americans will be using some form of "location-aware" technology in 2005.
Wireless companies and start-up firms are weaving the satellite system known as G.P.S., or Global Positioning System, which was begun by the United States military in the 1970's, into the cellular phone network and the Internet to sell products and services that provide location information.
After fixing an individual's location relative to a network of G.P.S. satellites orbiting 12,000 miles above the earth or, more crudely, by the time it takes signals to bounce off nearby cell towers personal locator services transmit the constantly updated information to a central database, where customers can retrieve it through the Internet, telephone or pager.
Until recently, one of the main civilian uses of G.P.S. was in devices issued by the criminal justice system to track offenders as a condition of their parole or probation. The new generation of tracking devices has moved well beyond that population and now takes many forms, from plastic bracelets that can be locked onto children to small boxes with tiny antennae that can be placed unobtrusively in cars.
"We are moving into a world where your location is going to be known at all times by some electronic device," said Larry Smarr, director of the California Institute for Telecommunications and Information Technology. "It's inevitable. So we should be talking about its consequences before it's too late."
Some of those consequences have not been spelled out. Will federal investigators be allowed to retrieve information on your recent whereabouts from a private service like uLocate, or your cellular carrier? Can the local Starbucks store send advertisements to your phone when it knows you are nearby, without your explicit permission?
Because the new electronic surveillance services are still in their infancy, there are few answers, but the debate over the boundaries of privacy in a more transparent world is already taking shape. Teenagers in particular tend to be skeptical of the new technology's value.
"Cellphones would lose their appeal if they became tracking devices," said Nate Bingham, 16, of Seattle. "I think if your parents really care that much they should just put a leash on you."
Mr. Bingham's parents use an AT&T service called Find Friend that lets them see his general location when his cellphone is on, based on the company's nearest cellular tower. He said his mother had at times asked him where he was and then used the service to see if he was telling the truth. He admits to turning the phone off occasionally when he doesn't want to be found.
That won't work in the Pratt household, in Garden City, N.Y., where Jason, 13, and Ashley, 11, were given new Nextel cellphones on the condition that they be kept on at all times. With uLocate, Tom Pratt set up his account on the company's Web site to establish a "geofence" around his home and his children's school. Every time the kids leave a 400-foot radius of either place, he gets an automatic e-mail alert: "Ashley has exited Home at 08:18 AM," read a typical message last week.
Jason Pratt said there were advantages to being watched. He no longer has to call his mother to let her know where he is. Instead, she can press a "locate" button on her phone and see for herself. So long as Jason's phone is running the uLocate software, it transmits his location information every two minutes. Jason's 17-year-old brother, Matthew, however, kept his older cellphone even though it had poor reception rather than submit to the new deal.
Howard Boyle, president of a fire sprinkler installation company in Woodside, N.Y., presented his employees with no such choice. The five workers who have been given company phones with the G.P.S. feature have not been told that Mr. Boyle can find out if they have arrived at a work site, and whether they are walking around in it or sitting still.
"They don't need to know," said Mr. Boyle, who hopes the service will help him determine the truth when clients claim they are being overbilled for the time his employees spent at their location. "I can call them and say, `Where are you now?' while I'm looking at the screen and knowing exactly where they are, just to make sure they're not telling me they're somewhere else."
But it is not just the unnerving effect of uncovering small lies that has some users of the technology worried. Like caller I.D., location devices lift the curtain on a zone of privacy that many Americans value, even if they rarely have anything serious to hide.
"Think back to when you were a teenager and your mom or dad said, `I don't want you to do this,' and you said, `yeah, yeah, yeah,' because you knew you could do it and they wouldn't know," said Graham Clarke, president of National Scientific, which makes several G.P.S. tracking devices. "Those days are gone now, because they actually can know."
Mr. Clarke recently installed a tracking device called Followit in the Jeep Wrangler of his 17-year-old son, Gordon. It alerts him if Gordon has exceeded 60 m.p.h. or traveled beyond preset boundaries.
Advocates of location-aware technology insist that its safety benefits like locating a 911 caller or a stolen car outweigh the privacy issues.
And for Donna Phillips, 66, whose husband, Hubie, has Alzheimer's disease, the ability to lock a G.P.S.-enabled bracelet from Wherify Wireless around Mr. Phillips's fanny pack when he goes out has meant an end to panicked searches when he fails to come home. Now her granddaughter can help her find her husband on the Wherify Wireless Web site, which displays the location information transmitted from the bracelet when an authorized user logs on.
About two weeks ago, Mr. Phillips, 90, boarded a bus near his home in Rancho Park, Calif., and traveled several miles before switching to another bus. Because he was moving too fast for his wife to catch up, she called the police, who were able to pinpoint his location through the Wherify Wireless service to pick him up.
Critics of the new technology do not dispute its usefulness, but worry that it will become ubiquitous before legal guidelines are established.
Last year, the Federal Communications Commission turned down a request from the cellular phone industry's association and privacy groups for guidance on such matters. For the moment, the questions of trust and tracking are being raised largely in the sphere of family and personal relationships, rather than in the public arenas of government and business.
Jerold Surdahl, 40, an administrator in a building management office in Centerville, Ohio, said he started using the uLocate service to communicate with colleagues. Now, he is intrigued by the possibility of stashing a location-tracking phone in the trunk of his wife's car.
"I'm not expecting or hoping or wanting to find something, but I would just like to explore the possibilities," Mr. Surdahl said. "I'd tell her about it later."
