This post was originally published by the Alliance for Affordable Internet at a4ai.org.
How often do you use public WiFi? Are you reading this from a public Wifi network at a cafe right now? If so, think about what information you shared to log in to the network. Are you aware of any risks of information sharing for public WiFi access? While public WiFi enables wider public internet access, there are areas of potential concern regarding user privacy, security, and safety. Thankfully, there are safeguards — and ways to make public access work for users beyond these.
As public WiFi networks increase in popularity, governments need to ensure that privacy, security and safety concerns are addressed. Policy guidelines for public WiFi networks should ideally be developed via public consultation. As a way forward, we’ve laid out the most common problems users face when using public WiFi and have developed these guidelines as a good starting framework.
1. Clarify Terms of Service or Acceptable Use Policies
Problem: Terms of service policies are not always easily accessible and understandable to all users.
Solution: The government can work with service providers to develop a clear, accessible, and easy-to-understand Terms of Service or Acceptable Use Policy template.
2. Protect the Consumer
Problem: Public WiFi users don’t always enjoy consumer protections with practical options for legal recourse where available.
Solution: As with any other sector, protections should be put in place and adhere to local and international law.
3. Ensure User Data Privacy
Problem: Service providers don’t consistently ensure the data privacy of each user’s online activity.
Solution: Records of user activities (where they are recorded) should not be used for any purpose other than those noted in the Terms of Service and should only be used with the user’s permission. Many service providers choose to collect user data to sell to other companies (e.g., data brokers); it is critical that users are made fully aware of this activity and are able to consent to — or opt out of — this use of their data.
4. Eliminate Invasive Registration Requirements
Problem: In some cases, public WiFi networks are open and do not require users to log in or provide a password. In other cases, users must submit some information to access the network. This might involve submitting a name and valid email address, but in other instances, users are required to submit potentially sensitive information (e.g., national ID data, passport numbers, telephone numbers) or to register their device with a government agency in order to access the service. These registration requirements place great risk on users’ privacy and security, not least because it is relatively easy to harvest data from public WiFi networks — even if they are password protected. These practices also increase the potential damage that can be inflicted by fraudsters — or overreaching law enforcement agencies.
Solution: Since the risks presented to users required to submit sensitive information far outweigh any benefits provided to governments and their partners, this practice should be prohibited.
5. Prevent Harassment
Problem: Physical harassment of women, girls, and other user groups is a reality in public spaces in many countries.
Solution: In cases where a public WiFi service is provided in a space controlled by the service provider, providers should work with their users to prevent harassment by, for example, educating users and customers about this problem. Service providers should also work with law enforcement to prevent such activities from occurring on their premises, as they would in any other sector.
6. Increase Public Awareness of Public WiFi Security
Problem: Public WiFi users are often completely unaware of the security risks they face when using such networks, especially on open networks (i.e., those with no passwords).
Solution: Users should be educated about these risks and the precautions they can take to improve their online security (e.g., using websites with https protocol, using VPNs, avoiding phishing schemes, etc.).
Public access is a critical path to affordable access for all, and particularly for those who cannot afford to purchase a mobile or fixed connection; given this reality — and the fact that a number of users are unaware of the risk they face when coming online via a public network — governments and regulators must lead efforts to implement a measure of accountability for user safety and privacy online. These recommendations will go a long way toward ensuring a safer experience for those coming online through public WiFi networks.