Fact Sheet 2:
Voice and Data Privacy
Send to Printer
Privacy Rights Clearinghouse
- Cordless Phones
- Other Wireless Devices with Privacy Risks
- Cellular Phones
- Laws Regarding Wireless Eavesdropping
- Wireless Data Networks and Wi-Fi "Hotspots"
- Resources for More Information
Wireless phones are very popular, and the number of people who use them is steadily growing. As of December 2012, there were over 326 million cell phone subscriptions in the U.S. according to the Cellular Telecommunications International Association.
Depending on the kind of phone you use, others can listen to calls you make. Pagers can also be intercepted. And if your computer is connected to a wireless network ('Wi-Fi'), the data you transmit to other computers and printers might not be secure.
It pays to be aware of the privacy and fraud implications of using wireless devices. A few simple precautions will enable you to detect and prevent fraud as well as to safeguard the privacy of your communications.
A word about terminology: This guide uses the terms "analog" and "digital" when describing wireless communications. Analog cellular services have been available for over 25 years. They send a voice through the air using a continuous radio wave. Digital services, available since 1995, convert the signal into the ones and zeros of computer code. In contrast to analog signals which are continuous, digital transmissions are sent as discrete pulses of electricity. Digital calls are generally clearer and more secure than analog. Analog services have largely been replaced by digital technologies.
Cordless phones operate like mini-radio stations. They send radio signals from the base unit to the handset and from the handset back to the base. These signals can travel as far as a mile from the phone's location.
Can other people listen to my cordless phone conversations?
Yes, depending on the kind of phone you use. In most cases, your cordless phone conversations are probably overheard only briefly and accidentally. But there are people who make it a hobby to listen to cordless phone calls using radio scanners. These devices pick up the full range of wireless transmissions from emergency and law enforcement agencies, aircraft, mobile systems, weather reports, utilities maintenance services, among others. Signals from analog cordless phones can also be picked up by other devices including baby monitors, some walkie-talkies, and other cordless phones.
Newer digital cordless phones have better security, but older phones have few if any security features. Anyone using a radio scanner can eavesdrop on older analog cordless phone calls, even if the phone has multiple channels.
What privacy features should I look for in a cordless phone?
When you shop for a new cordless phone, ask the sales clerk for an explanation of the privacy and security features. Read the product descriptions on the box, and visit the manufacturer's web site to obtain more information.
Most cordless phones currently sold in the United States use Digital Enhanced Cordless Technology (DECT). DECT technology has the advantage of less interference with other devices because DECT operates exclusively at 1.9 GHz, a frequency that is not utilized by other devices.
Cordless phones that operate on the higher frequencies (1.9 GHz, 2.4 GHz, or 5.8 GHz, are more secure, especially if they use digital spread spectrum technology (DSST) or digital enhanced cordless technology (DECT). But don't get a false sense of security that your conversations are totally immune from monitoring. Skilled hobbyists and determined professionals can monitor just about anything.
The fact that laws prohibit eavesdropping (discussed below) is rarely a deterrent. Unless the eavesdropper reveals details of the monitored conversations to you, it's virtually impossible to know if others are listening.
Since others can listen to cordless phone conversations, you should avoid discussing financial or other sensitive personal information. If you buy something over a cordless phone and give your credit card number and expiration date, you might end up the victim of credit card fraud.
Another security feature to look for is digital security codes. Both the handset and the base must have the same code in order to communicate. Look for phones that randomly assign a new digital code every time the handset is returned to the base.
Security codes do not prevent monitoring by radio scanners. But they do keep people nearby with similar handsets from attaching to your phone line to make their own calls and driving up your long distance bill. If your phone does not automatically change the security code for you after each use, remember to change it yourself. Do not use the security code set by the factory. Professional eavesdroppers know to search for those codes.
Don't be confused into thinking that just because your cordless phone has many channels it is more secure. However, if the phone automatically changes the frequency during communications, called channel hopping, it does provide more security by making it difficult for the eavesdropper to follow the call from one channel (frequency) to the next.
Beware of so-called security features that simply distort the analog signal. They make eavesdropping difficult but not impossible.
High-tech cordless phones are more expensive. If your budget is limited and you are not able to purchase a phone with these security features, remember to use a standard wired phone for all sensitive communications, including financial transactions. Be sure both you and the person you are talking to are on standard phones.
Special note about high-risk communications. If you have a high-profile occupation (entertainer, politician, corporate executive, high-ranking government official), if you're involved in a high-stakes lawsuit, if you are active in controversial political, religious, or social activities, or if you are a victim of stalking or domestic violence, you may be a more likely target of a phone voyeur. In fact, all of your electronic communications, whether wireless or wired, could be at risk. It is beyond the scope of this guide to suggest security strategies in these situations. Professional services are available that provide advice and technical assistance on securing high-risk communications.
Are there other gadgets or services that may be broadcasting my conversations?
Home intercom systems. Baby monitors, children's walkie-talkies and some home intercom systems may be overheard in the vicinity of the home in the same manner as cordless phones. Many operate on common radio frequencies that can be picked up by radio scanners, cordless phones, and other baby monitors nearby. If you are concerned about being overheard on one of these devices, turn it off when it is not in use. Consider purchasing a "wired" unit instead.
Speakerphones. If your standard wired phone has the speakerphone feature, be aware that some models may emit weak radio signals from the microphone even when the phone's handset is on-hook, (that is, hung-up, inactive). For short distances, a sensitive receiver may be able to pick up room noise in the vicinity of the speakerphone.
Wireless microphones. Radio scanners can intercept wireless microphones used at conferences, in churches, by entertainers, sports referees, and others. Fast-food employees at drive-through restaurants use wireless systems to transmit order information. Their communications can also be received by scanners in the vicinity. Scanners can also pick up conversations on some walkie-talkies.
Wireless cameras. Wireless videocameras have been installed in thousands of homes and businesses in recent years. The camera sends a signal to a receiver so it can be viewed on a computer or TV. These systems are advertised as home security systems, but they are far from secure. While they are inexpensive and relatively easy to install, they are also easy to monitor by voyeurs nearby who are using the same devices.
Images can be picked up as far as 300 yards from the source, depending on the strength of the signal and the sensitivity of the receiver. Before purchasing a wireless videocamera system, ask yourself if you want to be vulnerable to electronic peeping toms. Research the security features of such systems thoroughly.
Air-to-ground phone services. Conversations on the phone services offered on commercial airlines are easily intercepted by standard radio scanners. They are a favorite target of hobbyists.
Cellular phones send radio signals to low-power transmitters located within cells. One cell might cover a single building or areas up to 250 square miles, depending on the amount of network traffic a carrier anticipates in a given area.
Cellular phone privacy is becoming an important issue as more and more Americans switch their communications from landlines to cell phones. A September 2013 study by the Pew Institute found that 91% of the U.S. adult population owns a cellular phone. http://pewinternet.org/Reports/2013/Cell-Activities.aspx
According to the Centers for Disease Control and Prevention's National Health Interview Survey (July 2013), nearly two of every five American homes (38.2%) had only wireless telephones during the second half of 2012. http://www.cdc.gov/nchs/data/factsheets/factsheet_nhis.htm#wireless
A July 2012 study on Mobile Phones and Privacy found that consumers overwhelmingly
consider information stored on their mobile phones to be private—at
least as private as information stored on their home computers. They
also overwhelmingly reject several types of data collection including the collection of contact lists stored on the phone for the
purposes of tailoring social network “friend” suggestions and providing
coupons, the collection of location data for tailoring ads, and the use
of wireless contact information for telemarketing.
Can others listen to my cellular phone calls?
Yes, depending on the phone system's technical features. Cellular phone calls usually are not picked up by electronic devices such as radios and baby monitors. But analog cell phone transmissions can be received by radio scanners, particularly older model scanners and those that have been illegally altered to pick up analog cell phone communications. Analog cell phones have largely been replaced by digital technologies, which are more secure, more efficient and provide better quality.
With advances in digital technology, wireless voice communications are much more difficult to intercept than analog phones. The digital signal that is received by a standard radio scanner is undecipherable and sounds like the noise made by a modem or fax machine when transmitting over phone lines. Law enforcement-grade scanners can monitor digital communications, but these are expensive and generally not available on the open marketplace.
What technical features should I look for in cell phones to protect my privacy?
As with cordless phones, digital cell phones are more secure than analog phones by default. Phone conversations on digital phones cannot be picked up by the kinds of radio scanners used by casual hobbyists. Nonetheless, there are features you should consider regarding digital phone security.
Digital communications that are encrypted provide the highest security. Several digital technologies are available in the U.S., primarily CDMA and GSM. But few carriers here encrypt digital transmissions, in contrast to Europe.
In the U.S., CDMA systems use spread spectrum technology (SST) to provide strong security, difficult to intercept except by law enforcement and skilled technicians. CDMA stands for code division multiple access. CDMA carriers include Sprint and Verizon Wireless.
GSM means Global System for Mobile Communications. GSM is more common in Europe, but some U.S. carriers are converting to it. GSM carriers include AT&T and T-Mobile.
3G and 4G refer to wireless technologies which offer increased capacity and capabilities delivered over digital wireless networks.
How do I prevent someone from obtaining my cell phone records?
If you are a victim of stalking, involved in divorce proceedings, or simply concerned about your privacy, there are several steps you can take to protect your cell phone records. Several websites offer cell phone records for a small fee. Despite mounting legal battles, companies continue to offer the name and address connected to a cell phone number, an individual's phone number, or the complete record of outgoing and incoming phone calls.
The ease with which a person can obtain this information is likely discomforting to most, but in some circumstances it can be life threatening. The following tips can reduce the possibility that someone can obtain your phone records
- Contact your cell phone carrier and request that "call details" be removed from your bills. This will avoid a record of your calls being maintained in any form.
- Place a password on the account. When selecting a password, do not use commonly known information, such as your birthdate, mother's maiden name, or numbers from your driver's license or Social Security number. Do not reuse the same password for other sites. The best password has at least eight characters and includes numbers and letters.
- Instruct the cell phone carrier not to provide password reminders, but instead require that you visit your local store to show identification.
Please note that these tips will prevent unscrupulous people from obtaining your records through commercial vendors. These tips will not prevent disclosure of information if a court order is obtained. Nor will these tips be effective if there is a dishonest employee within the cell phone company who is sharing cell phone records with online information brokers.
How can I be sure my personal information is deleted when I sell, donate, or trash my old phone?
Many users of cell phones may choose to donate, sell, or trash their old phones when they are replaced with newer models. Be aware that your personal information needs to be "permanently" or "safely" deleted. In other words, on most cell phones the process for deleting your information is more complicated than simply selecting a delete function. Similar to computers, choosing to delete information simply creates new space but the data is retained until enough new information is added to write over the old information. To permanently delete your information follow the instructions in your manual, call the manufacturer or consult the Information Technology department if your employer has such a department.
Are there other privacy risks of cell phone use?
Some cell phone models can be turned into microphones and used to eavesdrop on conversations in the vicinity. This is why some businesses and government agencies prohibit cell phones in areas where sensitive discussions are held.
And don't forget (although many cell phone users do): Your side of the conversation can be heard when you talk on your cell phone in crowded public places like restaurants, airports, malls, public transportation, and busy city streets. If you don't want others to listen to your personal conversations, be discreet and speak softly. Better yet, move out of earshot of others or save those conversations for the privacy of your home or office.
What are the privacy implications of location-tracking features?
The Federal Communications Commission has mandated that the majority of wireless providers be able to provide location information for 911 calls for the originating cellular phone so that emergency services can find the callers. This feature is called E911. Wireless 911 services are described in greater detail at http://www.fcc.gov/cgb/consumerfacts/wireless911srvc.html and http://www.fcc.gov/pshs/services/911-services/
Carriers can either provide the location information that resides in the cellular network (triangulation of location based on the distance of the cell phone's signal to nearby cellular towers), or they can rely on satellite data from global positioning system (GPS) chips embedded in the handsets of their customers. Wireless carriers using CDMA technology, such as Verizon and Sprint, use GPS technology to fulfill E911 requirements. AT&T and T-Mobile use network-based technology that computes a phone's location using signal analysis and triangulation between towers.
Location-tracking features have privacy implications both from a law enforcement and behavioral marketing standpoint. Under certain circumstances, law enforcement personnel may obtain either retrospective (past) or prospective (future) locational data.
While retrospective data kept by cellular carriers for billing purposes may not be very detailed, prospective data can reveal the minute-by-minute location of a mobile device that is not on an active call. Such data would typically be obtained via a court-ordered warrant, for example. Cellular providers tend not to retain retrospective minute-by-minute logs of when each mobile device contacts the tower. However, they do keep records of which tower is in use when a call is initiated or answered. Those records are generally stored for six months to a year.
The requirement that cell phones be embedded with location-tracking technology has spawned a new industry -- location-based services such as targeted advertising. As you walk past a coffee house, your phone could receive an ad offering you a discount on a double latte.
While some might welcome this form of advertising, others are concerned about the privacy implications of location-based advertising. After all, in order to send you such ads, the service must know something about your interests as well as your specific location. If location records are kept over time, an in-depth profile could be compiled for both marketing and surveillance purposes.
The wireless industry is aware of consumers' privacy concerns and has been working to develop consent-based guidelines for the development of wireless advertising. Consumers must carefully research the privacy implications of these services before subscribing. Individuals are encouraged to only subscribe to services that offer maximum user control. Not only must users be able to turn off location-tracking features, industry must ensure that the wireless devices come out of the box with location tracking turned off, with the exception of E-911 calls.
Are there fraud risks involved with using a cellular telephone?
There are three types of fraud risks -- cell phone 'cloning,' theft, and subscription fraud. Cloning has declined dramatically in recent years, while subscription fraud is increasing.
In the mid-1990s, cloning of cell phone electronic serial numbers (ESN) was rampant. Cell phone companies lost several hundred million dollars each year to cloning. The ESN is a unique serial number programmed into the cellular phone by the manufacturer. The ESN and the Mobile Identification Number (MIN) are used to identify a subscriber. One way the ESN is cloned is by capturing the ESN-MIN over the airwaves. The ESN-MIN is then reprogrammed into a computer chip of another cellular telephone. The phone calls made by the cloned phone are listed on the monthly bill of the person whose phone was cloned.
Cell phone cloning has declined significantly in recent years. The industry developed authentication features that have greatly reduced cell phone cloning, although some still occurs on systems that do not authenticate.
Theft occurs when a cellular phone is stolen and used to place calls. The charges appear on the legitimate consumer's monthly statement. Cell phone carriers will not always remove these charges from the customer's account. So if your phone is stolen or lost, immediately contact the cellular carrier to terminate the account. The customer may be held accountable for all charges up until the phone is reported lost or stolen.
Today, the cell phone industry is battling subscription fraud, also known as identity theft. An imposter, armed with someone else's Social Security number, applies for cell phone service in that person's name but the imposter's address. As with other forms of credit-related identity theft, the imposter fails to pay the monthly phone bills and phone service is eventually cut off.
When the phone company or a debt collection company attempts to locate the debtor, it finds instead the victim who is unaware of the fraud. That person is then saddled with the long, laborious process of settling the matter with the phone company and repairing his or her credit report.
What can be done to prevent cellular telephone fraud?
Early detection is crucial. Consumers usually learn about cell phone fraud when they receive their bill. When the phone has been cloned, customers typically see many (10 or more) calls they did not make. Most carriers do not charge consumers for cloned calls. If you fall victim to cloning, contact your cellular telephone provider immediately. If you are having a problem with your service provider, file a complaint with the Federal Communications Commission. See the Resources section at the end of this guide for more information.
The most effective way to prevent cloning is to get service that uses authentication. Check with the cellular phone company to find out what anti-fraud features they have. Make sure the service you select uses authentication technology to prevent cloning.
If your current phone company does not offer authentication:
- Keep documents containing your phone's ESN in a safe place.
- Check your cellular phone bills thoroughly each month. Look for phone calls you did not make and report them immediately to the phone carrier.
- If you receive frequent wrong numbers or hang-ups, these could be an indication that your phone has been cloned. Report these to the phone carrier right away.
- Ask the phone carrier to eliminate overseas toll calls or North America toll calls if you do not intend to make long distance calls.
In addition, take these precautions whether or not your carrier uses authentication:
- Always use the phone's lock feature when you are not using the phone.
- Do not leave your phone unattended, or in an unattended car. If you must leave it in your vehicle, lock the phone out of sight and use the phone's lock code.
And in all cases:
- Report a stolen cellular telephone immediately to the cellular telephone carrier.
Subscription fraud is another matter. Your existing cell phone is not the target of fraud as in cloning. Rather, an imposter has established a new phone account in your name, with the monthly bills sent to their address, not yours. You usually don't find out about it until the bills are long past due and a debt collector tracks you down.
Early detection is the key to minimizing the aggravation of subscription fraud. Be sure to check your credit report at least once a year. If someone else has a cell phone in your name, you will notice an "inquiry" from the phone company on your credit report. And if the account has gone to collection, it is likely to be noted on the credit report. You will not be responsible for paying the imposter's bills, but you will need to take the necessary steps to remove the fraudulent account and/or inquiry from your credit report. California Penal Code 530.8 enables victims of subscription fraud to request documentation from the cell phone company pertaining to the fraudulent account, such as a copy of the application.
Are there laws that prohibit cellular telephone fraud?
Yes. Federal law makes it a crime to knowingly and intentionally use cellular telephones that are altered, to allow unauthorized use of such services. (18 USC 1029) Penalties for violating this law include imprisonment and/or a fine. The Secret Service is the agency authorized by this law to investigate cellular phone fraud.
In California, it is a crime to intentionally avoid a telephone charge by the fraudulent use of false, altered or stolen identification. (California Penal Code 502.7) In addition, it is against the law to use a telecommunications device with the intent to avoid payment for service. Penalties include imprisonment and/or a fine. (California Penal Code 502.8)
The California Public Utilities Commission requires cellular telephone service providers to give their subscribers a notice that warns them of problems associated with fraud and provide them with information on ways to protect against fraud. (California Public Utilities Code 2892.3)
Subscription fraud is also a crime. The federal law is the Identity Theft and Assumption Deterrence Act (18 USC 1028). Most states have also criminalized identity theft. The Federal Trade Commission provides information about these laws and how to recover from identity theft. The FTC's identity theft clearinghouse can be contacted at (877) IDTHEFT, and its web site is www.consumer.gov/idtheft. The Privacy Rights Clearinghouse (www.privacyrights.org) and the Identity Theft Resource Center (www.idtheftcenter.org) offer additional information.
There are several types of pagers on the market: tone-only pagers (which are outmoded and rarely used any more), numeric, alphanumeric, and two-way pagers. Pagers can be either purchased or rented. The monthly fees can be significantly less than cellular or standard phone services. The costs depend on the type of pager and services the subscriber wants to receive.
Can pager communications be monitored?
Pager messages are not immune to monitoring. Pager networks are generally not encrypted. They transmit in the frequencies that can be monitored by radio scanners, although messages cannot be deciphered without special equipment attached to the scanner. Hackers trade tips on web sites on how to intercept pager messages. Law enforcement-grade devices are available that pick up pager communications.
The odds of your pager messages being intercepted and deciphered are probably low, especially given the cryptic nature of most messages. But individuals who engage in high-risk communications, as discussed in the cordless phone section of this guide, should take appropriate precautions.
Is it legal to intercept other people's cordless or cellular phone calls?
The Federal Communications Commission (www.fcc.gov) ruled that as of April 1994 no radio scanners may be manufactured or imported into the U.S. that can pick up frequencies used by cellular telephones, or that can be readily altered to receive such frequencies. (47 CFR Part 15.37(f)) The law rarely deters the determined eavesdropper, however.
Another federal law, the Counterfeit Access Device Law, was amended to make it illegal to use a radio scanner "knowingly and with the intent to defraud" to eavesdrop on wire or electronic communication. (18 USC 1029) Penalties for the intentional interception of cordless and cellular telephone calls range from fines to imprisonment depending on the circumstances. (18 USC 2511, 2701)
There are exceptions in electronic eavesdropping laws for law enforcement monitoring. The Communications Assistance for Law Enforcement Act of 1994 (CALEA) requires telecommunications carriers to ensure that their equipment, facilities, and services are able to comply with authorized electronic surveillance by law enforcement. (www.fcc.gov/calea)
Under California law it is illegal to intentionally record or maliciously intercept telephone conversations without the consent of all parties. This includes cordless and cellular calls. (California Penal Code 632.5-632.7) To violate the law, the interception of your cordless or cellular phone conversations must be done with malicious intent.
So, if your neighbor accidentally hears your cordless phone conversation on a radio scanner, it's probably not illegal. But unless the eavesdropper discloses what he or she has overheard, you have no way of knowing your conversation has been monitored. Even though an eavesdropper would be violating the law, it's not likely that you or anyone else will detect it.
There are some exceptions to California's all-party consent law. A judge can authorize the interception of an electronic cellular telephone communication in investigations involving specified crimes. (California Penal Code 629.50-629.98) California Penal Code section 633.5 states that if someone is threatening another person with extortion, kidnapping, bribery, or any other felony involving violence, the calls may be recorded by the person being threatened. Under special limited circumstances, phone company employees may monitor calls.
Laws in other states vary. In fact, the weaker standard of one-party consent is law in a majority of states. For a directory of the wiretapping and eavesdropping laws in the 50 states, visit the web site of the Reporters Committee for Freedom of the Press (www.rcfp.org/taping).
Are there laws related to the privacy of pagers?
Federal law prohibits anyone from intercepting messages sent to display pagers (numeric and alphanumeric) and to tone-and-voice pagers. Tone-only pagers are exempt from this provision. (Electronic Communications Privacy Act, 18 USC 2510)
Law enforcement must obtain a court order in order intercept your display or tone-and-voice pager. But under the USA PATRIOT Act, enacted in 2001 following the September 11 terrorist attacks, the standards for obtaining court ordered warrants have been loosened.
In California, a judge can authorize the interception of an electronic digital pager by law enforcement in investigations involving certain specified offenses. (California Penal Code 629.50)
Can telemarketers contact wireless phones, pagers, and other text devices?
Under the federal Telephone Consumer Protection Act, it is against the law to use autodialers or prerecorded messages to call numbers assigned to pagers, cellular or other radio common carrier services except in emergencies or when the person called has previously given their consent. (47 USC 227)
But the law fails to specifically prohibit ìliveî telemarketing calls to cell phones. Telemarketers claim they do not target cell phones with solicitations, but it can happen, especially if a wireline phone number is inadvertently assigned to a cell phone. Aside from the privacy and annoyance factors of receiving junk calls on cell phones, there is the further aggravation of having to pay for those calls. (Cell phone users generally pay for both the outgoing and incoming calls.)
The Direct Marketing Association's ethical guidelines instruct DMA members to refrain from knowingly calling a phone number for which the called party must pay the charges, unless the recipient has given consent
What about spam to cell phones and other wireless devices?
As wireless text messaging systems become more widespread, it is only a matter of time before "spam" -- unsolicited electronic bulk advertising -- becomes a problem for wireless consumers. In fact, unsolicited bulk message abuse is rapidly migrating from email to text messages.
In August 2004 the Federal Communications Commission (FCC) took action to protect wireless subscribers from spam. Under the CAN-SPAM Act, the FCC prohibits companies from sending commercial messages to wireless devices, specifically to any email addresses that are associated with wireless subscriber messaging services. http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-250522A3.doc. Commercial email messages can only be sent to individuals who have consented.
Text messages or Short Message Service (SMS) are messages transmitted solely to phone numbers (as opposed to those sent to standard email addresses). Text (SMS) messages are covered by the Telephone Consumer Protection Act. (See the PRC's telemarketing fact sheet, www.privacyrights.org/fs/fs5-tmkt.htm.)
In addition, prior express consent is required for all informational text (SMS) messages to cell phones The consent for these messages need not be in writing. There is an exception for informational messages from health care providers.
California law prohibits the transmission of text message advertisement to cellular phones or pagers equipped with short message capability. The law has exceptions if the company has an existing relationship with the subscriber or if it gives customers the option to not receive text messages. (California Business and Professions Code 17538.41)
If you have signed up to receive texts and you later decide that you no longer want them, you can unsubscribe by texting “stop” back to the sender. However, this tactic is not recomended when dealing with spammers, because it lets them know that your number is valid.
Some spam text messages may be scams that attempt to collect your personal data. This practice is known as "smishing", the cell phone equivalent of email "phishing". For example, the message may claim that you have won a gift certificate or prize. If you click on the link in the message, you'll arrive on a page that will attempt to collect your personal information. If you have a smartphone, the page might download malware to your device.
It's always best to avoid responding to spam text messages, as doing so lets the spammer know that they have reached a working cell number. Instead, you should report spam text messages to your carrier. AT&T, T-Mobile and Verizon subscribers can send spam texts to SPAM (7726). You will receive another text in response asking for the sender’s phone number. Read more tips about stopping spam messages at http://www.nytimes.com/2012/04/05/technology/personaltech/fighting-back-against-spam-texts.html.
An increasing number of households and businesses are establishing wireless networks to link multiple computers, printers, and other devices. A wireless network offers the significant advantage of enabling you to build a computer network without stringing wires. Unfortunately, these systems usually come out of the box with the security features turned off. This makes the network easy to set up, but also easy to break into. Most wireless networks use the 802.11 protocol, also known as Wi-Fi.
What are the security risks of using wireless data networks?
Wireless networks have spawned a past-time among hobbyists and corporate spies called war-driving. The data voyeur drives around a neighborhood or office district using a laptop and free software to locate unsecured wireless networks in the vicinity, usually within 100 yards of the source. The laptop captures the data that is transmitted to and from the network's computers and printers. The data could include anything from one's household finances to business secrets.
Most home Wi-Fi access points, routers, and gateways are shipped with a default network name (known as an SSID) and default administrative credentials (username and password) to make setup as simple as possible. These default settings should be changed as soon as you set up your Wi-Fi network. In addition, some routers are equipped by default with "Guest" accounts that can be accessed without a password. "Guest" accounts should be disabled or password protected.
The typical automated installation process disables many security
features to simplify the installation. Not only can data be stolen,
altered, or destroyed, but programs and even extra computers can be
added to the unsecured network without your knowledge. This risk is
highest in densely populated neighborhoods and office building
Home networks should be secured with a minimum of WPA2 (Wi-Fi Protected Access version 2) encryption. Routers purchased in the last six years should include WPA2 security technology. Often, you have to specifically turn on WPA2 to use it. The older WEP encryption has become an easy target for hackers. Also, do not name your home network using a name that reveals your identity.
Setting up your home Wi-Fi access point can be a complex process and is well beyond the scope of this fact sheet. To ensure that your system is secure, review your user's manuals and web resources for information on security. TheWi-Fi Alliance offers tips for setting up a home Wi-Fi connection at http://www.wi-fi.org/security. Two other useful guides can be found on the web at:
What are the security risks of using Wi-Fi Hotspots?
The number of Wi-Fi hotspot locations has grown dramatically and includes schools, libraries, cafes, airports, and hotels. With a Wi-Fi connection you can be connected to the Internet almost anywhere. You can conduct the same online activities over Wi-Fi as you would be able to at home or work, such as checking email and surfing the web.
However, you must consider the risks to your privacy and the security of your laptop or netbook when using a Wi-Fi hotspot. Most Wi-Fi hotspots are unsecured and unencrypted. This is one of the biggest security risks of Wi-Fi. Even the expensive pay Wi-Fi service available in many airplanes may be as insecure as the free Wi-Fi offered at your corner coffee house. http://www.privatewifi.com/flying-naked-why-airplane-wifi-is-so-unsafe/. Therefore, you must take additional steps to protect your privacy.
Because the network at a Wi-Fi hotspot is unsecured, Internet connections remain open to intrusion. Hackers can intercept network traffic to steal your information.
There are 3 major privacy threats in a Wi-Fi hotspot:
Man-In-The-Middle Attack refers to the act of intercepting the connection between your computer and the wireless router that is providing the connection. In a successful attack, the hacker can collect all the information transferred and replay them on his computer.
Eavesdropping refers to the act of using sniffer software to steal data that is being transmitted over the network. A sniffer is an application or device that can read, monitor, and capture network data. This is particularly dangerous when conducting transactions over the internet since sniffers can retrieve logon details as well as important information such as credit card numbers.
Looking over the shoulder is the simple act of others looking over your shoulder to see your activities.
How can you protect your privacy at a Wi-Fi hotspot?
The basics. There are various ways to help protect your privacy when using Wi-Fi. Begin with basic common sense. Look around to see if anyone is surreptitiously trying to look at your computer. Do not leave your computer unattended. Never conduct unsecured transactions over unsecured Wi-Fi. When entering sensitive information (such as your Social Security number, password, or credit card number), ensure that either the webpage encrypts the information or that your Wi-Fi connection is encrypted. Disable your wireless adapter if you are not using the Internet. Otherwise, you leave your computer open to vulnerabilities if it accidentally connects to the first available network.
VPN (Virtual Private Network). This is the first line of defense against vulnerabilities created by Wi-Fi. A VPN provides encryption over an unencrypted Wi-Fi connection. This will help ensure that all web pages visited, log-on details, and contents of email messages remain encrypted. This renders intercepted traffic useless to the hacker. You can obtain software to set up a VPN through your office or home computer, or you can use a commercial provider’s hosted VPN service.
Secure surfing/SSL. When checking your email or conducting any important transaction, adding an “s” after “http” may give you a secured connection to the webpage (for example, https://www.gmail.com). Many webmail services provide this feature. This ensures that your login details are encrypted thereby rendering it useless to hackers. Although your email login may be encrypted, some webmail providers may not encrypt your Inbox and messages.
Check for SSL (Secure Sockets Layer) certificates on all websites on which you conduct sensitive transaction. SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely.
Wi-Fi settings. Ensure that your computer is not set to automatically connect to the nearest available Wi-Fi access point. This may not necessarily be a legitimate connection point but instead an access point on a hacker’s computer.
Disable file-sharing. Ensure that file sharing is disabled on your computer to ensure that intruders cannot access your private files through the network.
Firewall. Install a firewall on your computer and keep it enabled at all times when using Wi-Fi. This should prevent intrusion through the ports on the computer.
Security updates. Keep your computer’s software and operating system up-to-date. This will help plug security holes in the software or operating system.
You can read handy guides to staying safe at public WiFi networks at http://lifehacker.com/5576927/how-to-stay-safe-on-public-wi+fi-networks and at http://www.onguardonline.gov/articles/0014-tips-using-public-wi-fi-networks.
Contact the Federal Communications Commission to file complaints about wireless phone services. Its web site provides guides on wireless services as well as information on laws and regulations:
- Federal Communications Commission
Consumer and Governmental Affairs Bureau, Consumer Complaints
445 12th Street, S.W.
Washington, D.C. 20554
Phone: (888) 225-5322
Your state's public utilities commission may also oversee wireless providers and enable you to submit complaints. To find the contact information for your state's utilities commission see http://www.usa.gov/directory/stateconsumer/index.shtml.
The California Public Utilities Commission consumer complaint number is (800) 649-7570. It provides an online complaint form at www.cpuc.ca.gov.
Additional PRC guides on wireless phones:
- Fact Sheet 2a: "Hang Up on Harassment: Dealing with Cellular Phone Abuse," www.privacyrights.org/fs/fs2a-cellcalls.htm
- Fact Sheet 2b: "When a Cell Phone Is More than a Phone: Protecting Your Privacy in the Age of the Super-Phone," https://www.privacyrights.org/content/privacy-age-smartphone
The industry association CTIA provides information about the wireless industry, including the latest usage statistics.
- Cellular Telecommunications and Internet Association (CTIA)
1250 Connecticut Avenue, N.W., Ste. 800
Washington, D.C. 20036
Phone: (202) 785-0081
To follow developments in the debate on wireless location tracking services, visit these industry sites:
- Mobile Marketing Association, www.mmaglobal.com
- Location Interoperability Forum, www.openmobilealliance.org
Also read the Electronic Frontier Foundation guide on location privacy:
The Pew Internet & American Life Project's September 2012 survey "Privacy and Data Management on Mobile Devices" looks at personal information management on cell phones, http://pewinternet.org/Reports/2012/Mobile-Privacy.aspx?utm_source=Mailing+List&utm_campaign=2251646e41-Mobile_privacy_09_05_2012&utm_medium=email.
You can read the texts of the laws and regulations cited in this guide at these sites:
- Federal laws: www.law.cornell.edu/uscode
- Code of Federal Regulations, www.gpoaccess.gov/cfr/index.html
- California statutes: www.leginfo.ca.gov/calaw.html
Note: Several commercial products and features are named in this guide. No endorsements are implied.
PRC gratefully acknowledges the assistance of Mithila Seshadrikumar in researching information about Wi-Fi Hotspots.
Browse Privacy Topics
Background Checks & Workplace
Banking & Finance
Credit & Credit Reports
Harassment & Stalking
Identity Theft & Data Breaches
Online Privacy & Technology
Privacy When You Shop
Public Records & Info Brokers
Social Security Numbers
Who We Are
We are a nationally recognized consumer education and advocacy nonprofit dedicated to protecting the privacy of American consumers.