The wireless fidelity (WiFi) network soon to be launched by Toronto Hydro Telecom Inc. has triggered quite a few concerns about user privacy, data security, and even public health.
Toronto Hydro Telecom (THT) has reiterated that the security features of the new network – dubbed One Zone – will not be intrusive. They will protect against criminal activity, but will not be used to pry on people, THT said.
However, one analyst counters that the real question with One Zone is not that it will facilitate Big Brother monitoring by law enforcement agencies but something quite different.
“From my perspective, it’s more likely the snooping will be done criminals,” said Joe Greene, head of security research for IDC Canada. He said it’s improbable that the Toronto police would resort to a Canadian Security and Intelligence-type surveillance operation.
A cybercrime investigator agrees with Greane.
“WiFi is a fantastic technology but it’s open to abuse by criminal elements,” said Cpl. David Peter, investigator at the policy centre of the technology crime branch of the Royal Canadian Mounted Police (RCMP).
Pater said Web-based crime is difficult to trace because of the anonimity provided by the Internet and a free WiFi network makes the job even harder.
“Because it’s going to be a paid service, I hope this will be a more secure network,” he said.
Toronto Hydro Telecom, meanwhile, has reassured potential patrons that the authentication process, while efficient, would not be invasive.
The organization provided this assurance shortly after announcing it is using an authentication process approved by the Toronto police. “This is not the Big Brother syndrome,” said Dino Farinaccia, director of marketing and communication at THT. “The police will have to go through the legal process and get a warrant before they can obtain access to information.”
One privacy activist says this is not exceptional.
It’s only to be expected that One Zone would be governed by the same laws and safeguards as other networks operating in Canada, said Philippa Lawson, executive director of Ottawa-based Canadian Internet Policy and Public Interest Clinic or CIPPIC. “We have all sorts of networks covered by lawful access rules. I don’t see the WiFi network being any different.”
Lawson recently voiced strong objections to a controversial bill that has seeks to grant government agencies warrantless access to private user information.
One Zone uses 128-bit encryption on the backhaul radio links. This, Farinaccia said, will prevent illegal hacking attacks by unauthorized parties.
When the network launches, the initial authentication process will be cell phone-based
During a six-month trial phase, subscribers will need to use their cell phones to apply for a username and password.
The process, as some industry insiders point out, discriminates against the thousands of Torontonians who do not own cell phones.
When questioned about this, a THT executive admitted the validation procedure is “imperfect.” But it’s the only way, during the “free” trial, to address the double need – for secure authentication and ease of use, said Sharyn Gravelle, vice-president for wireless services at THT.
She said when One Zone becomes a paid service, THT will move to a credit card-based authentication and billing set up.
Gravelle said the authentication process is also meant to prevent One Zone from being used for illegal purposes such as child pornography, fraud, drug trafficking and other crimes.
However, one technology industry analyst notes that cell phone authentication can easily be circumvented.
“As a security [measure], the process doesn’t make much sense,” said Alicia Wanless, senior analyst at technology consultancy firm SeaBoard Group Inc. in Toronto. “Anyone can call up for password but still remain anonymous by using a pre-paid phone card.”
During the trial period, data sent over One Zone (from the access point to the client device) will not be encrypted. To protect sensitive data, THT recommends that clients encrypt it or make use of virtual private networks (VPN).
However, as IDC’s Greene points out, while encryption can make it harder for snoopers to break into the network, it only has temporary value. “Over time any encryption can be cracked by a determined hacker.”
There is also a recent phishing assault variant that THT may not yet prepared for. It involves the use of spoofed e-mail and fraudulent Web sites to fool respondents into entering personal financial data such as credit card numbers, account user names and passwords, which can then be used for financial theft or identity theft.
How does THT plan to deal with this threat? “We are looking at it and sorting it through,” said Gravelle. Then there are safety-related issues: concerns that blanketing the downtown core with radio waves may pose a potential health risk .
However, THT says these concerns have been adequately addressed.
According to Gravelle, electromagnetic fields (EMF) emitted by One Zone satisfy safety guidelines. She said One Zone complies with the Toronto Public Health Board’s policy that exposure levels to radio frequency (RF) electromagnetic fields be set at 100 times below the distance factor required by Canada’s Safety Code Six.
Safety Code Six limits emissions to 10 watts per square metre.
But a Health Board official, when contacted, suggested that the issue is still open. “We have not yet confirmed [THT’s] data,” said Ronald MacFarlane, supervisor of environmental health assessment and policy at the Toronto Public Health Board. “Essentially we are still looking at their system and don’t expect any answers until after January or February 2007.”
MacFarlane said some studies show that close proximity exposure to high levels of radio waves – such as those emitted by television station antennas – can have deleterious effects on the brain and other cells. While such emissions have been linked to disease such as cancer, MacFarlane said results are “not conclusive.”