The Amenity Wi-Fi Owner’s Dilemma: Ease of Use Versus Compliance

Posted on December 3, 2013

Two common themes about publicly available Wi-Fi circulate constantly in the press:  security (for users), and abuse (by users).  I find these issues fascinating because they position users at opposite ends of the spectrum. There’s the hapless user whose secrets are being stolen, and there’s the terrorist/ identity thief whose using free (and supposedly anonymous) network access for their own nefarious aims. Let’s take a moment to examine these topics.

Security is not to be taken lightly, but in our view security of public Wi-FI has been over-dramatized as the problem. The argument goes that public Wi-Fi is insecure because of the “open” (read unecrypted) nature of the link from your phone, PC, or tablet to the W-iFi access point in the bar, hotel, or café.  The weak part of the debate is the fact that even if the link itself was “secure”  (read encrypted), then beyond the Wi-Fi access point and all through the Internet your traffic would be unencrypted and fully exposed!

That has absolutely nothing to do with public Wi-Fi being open or secure. To resolve this, users need end-to-end encryption, from their device right the way through to the receiving service (i.e. their bank). In fact, the industry has already responded to this need—and most apps and websites encrypt sensitive user information using SSL, leaving precious little exposed as “plain text” no matter how you’re connecting to the network. Beyond this, a VPN service can provide an additional layer of security, as well as allow enterprise workers access to their work network.

Moving to network abuse, this is certainly a challenging problem. We must be able to manage users who abuse the network to maintain a good experience for everyone else, and to protect the Wi-Fi network owner from liability.  This means the Wi-Fi owner needs to take steps to identify who their users are.  As we’ve noted in the past, the availability of amenity Wi-Fi is a megatrend, as businesses seek better ways to attract and serve their guests and customers. An amenity Wi-Fi network is there to be used, and any mechanism that gets in the way of the user can defeat the whole rationale for the network entirely. The Wi-Fi network owner has a difficult choice to make, trading off ease of use with protection, and (in some countries) ensuring they are in compliance with evolving legislation.

Asking users to identify themselves is an ineffective solution, which serves primarily to protect the Wi-Fi hotspot owner while cutting the utilization of their network and annoying the vast majority of their guests. It’s a particularly silly approach, because its so easy for network abusers to falsely identify themselves and gain access regardless. No wonder that most network owners decide to simply ignore the problem, as noted in this article from the UK’s Telegraph.

At Devicescape, we’ve been focused on delivering a superior subscriber experience for many years.  We believe that access to the Wi-Fi network should be as hassle-free and seamless as possible, so our service platform delivers a fast and quality-controlled experience in the amenity Wi-Fi locations comprised within our curated virtual network (CVN). This makes Wi-Fi very easy to use, which is a great thing for users/subscribers (who just want a great data service from their operator), the Wi-Fi network owner (who wants guest to be happy in their location), and for operators (who want their subscribers to be happy and use more data for less).

Devicescape helps manage the abuse problem through three aspects of our Insight services:

  1. All users agree to certain terms of service specified within the code of conduct on the CVN and other Wi-Fi networks to which we make connections on the user’s behalf.
  2. We assign a unique identifier to each device, so that we can provide personalized service to each user that matches the policies of our operator partners.
  3. We are able to identify the transactions made by each and every device at every network location used. This allows us to synthesize CDRs and other insights for the operators, but it also provides a way for abuse to be measured, detected, and controlled.

With this approach, Devicescape solves some of the complexities of abuse prevention for users, Wi-Fi providers, and operators.  It doesn’t require complex and annoying steps for users, nor do operators need to implement or purchase an expensive new system that immediately works against the whole reason they wanted to offer Wi-Fi in the first place.