Archive for January 12th, 2009

I found out via @whiteafrican that in response to November’s terror attacks in Mumbai, Indian police are starting to walk around the city searching for insecure WiFi connections and require the owner to secure them. This is being done because terrorists used random WiFi hotspots to send emails prior to a couple of recent attacks.

Presumably, this is to make investigating terrorism easier – police won’t have to waste time interviewing unwitting WiFi owners, but in reality it strikes me as a waste of resources. Locating hotspots, identifying their owners and enforcing proper security are all likely to be time consuming (and futile) exercises. Terrorists will still be able to get online, whether by hacking WPA, finding an open connection or using an Internet cafe. And besides, wouldn’t you want the additional evidence made possible by the warning emails (such as IP, email account, etc.)?

As security guru Bruce Schneier endlessly points out, security is a trade-off. In this case, it seems that the Indian police are making a bad trade.