Every day, thousands of students on Binghamton University’s campus access the Internet, sending e-mails, posting papers and even buying products from online stores. But with the prevalence of information privacy issues at BU today, should students be worried about the safety of such actions?
BU’s Wi-Fi network is not encrypted, which means information transmitted wirelessly can be accessed freely by anyone within range of the sender’s antenna.
Brock Meeks is the director of communications for the Center of Democracy and Technology (CDT), a nonprofit policy group based in Washington, D.C. The group advocates for keeping the Internet “innovative, open and free” and has an understanding of Wi-Fi security around the country.
The chances of jeopardizing personal information are more prevalent than students may realize, according to Meeks.
“That’s like tying a big knot in a rope to keep your bicycle safe. Anyone with motivation can come around and steal your bike,” Meeks said. “Any time you don’t have encryption, that information is at risk, the same risk you take when accessing public Wi-Fi at Starbucks or Borders.”
This means that every time you use one of those networks, your passwords and Social Security number can be at risk.
But according to James Wolf, director of academic computer services of the Information Technology Services department, users of Binghamton University’s Wi-Fi shouldn’t be discouraged from using the wireless Internet service.
“The lack of encryption on the campus wireless network is not as dangerous as it might seem,” Wolf said.
Internet services such as banking sites and online shopping pages typically encrypt the information. Even on a public network, the connection between these types of Web sites and a computer is encrypted. The user can tell whether the connection is encrypted if the address begins with “https://” where the letter “s” stands for secure.
Information can be stolen from standard Web-browsing, in addition to services like AIM and file transfers, which don’t encrypt the connection between the two points.
“Sniffing the net is most easily done from a computer connected to the same access point used by the transmitting computer (usually no more than 24 other computers [are] active on the campus network and in the same general vicinity),” Wolf explained.
While there is no encryption on campus, the University does use a specific virtual private network to register student computers. This closed system only allows Binghamton faculty, staff and students access to the Internet, but everything sent between such wireless computers is still visible by a third party.
Wolf said one reason the school may have chosen to go with an unencrypted network may have been to ensure the campus gained wireless capability quickly.
“I can’t give the answer exactly, but I believe our intention was to get it out there to as many people as possible, as quickly as possible,” Wolf said. “We did not expect it to be as dangerous as some people seem to believe.”
According to one report, many wireless users around the country don’t use encrypted networks, despite the fact that most networks offer protection. In its default state, Wi-Fi is unencrypted, and users have to select an encrypted option in order to be protected.
According to a study done by AirDefense, a wireless protection agency, many retailers who have Wi-Fi networks were left vulnerable to theft of consumer information this past holiday season.
“AirDefense discovered 25 percent [of networks] unencrypted while 74 percent were encrypted,” the report stated. “Also, 25 percent of retailers [that used encryption] used Wired Equivalent Privacy (WEP), one of the weakest protocols for wireless data encryption.”
While users may be at some risk using Wi-Fi on campus, according to Wolf, being safe is as easy as being smart.
“Campus users are more at risk from phishing schemes and other risky behavior where they provide such data voluntarily to an unreliable person or service,” Wolf said. Phishing is a scam in which the scammer poses as a legitimate Web site, asking for the victim’s password or other critical information.
However, an obvious concern for students is the fact that Social Security numbers are needed for checking grades, schedules, DARS and most of BUSI’s functions.
“We will not be using Social Security numbers for class registration anymore,” Wolf said. “Nonetheless, we agree that it is best to have the wireless network encrypted and we’re studying ways to best accomplish that as the network evolves.”