For Immediate Release - January 28, 2011

Attorney General Coakley Advises Massachusetts Consumers to Secure Their Wireless Internet Networks in Recognition of National Privacy Day

BOSTON - In recognition of National Data Privacy Day, Attorney General Martha Coakley is urging Massachusetts residents to protect their personal and communications data by encrypting their wireless Internet networks. The Attorney General's warning stems from her investigation into Google's collection of unencrypted data from consumers' home networks.

"Consumers should be aware that off-the-shelf wireless routers are not automatically encrypted and that they should take additional steps to better protect their sensitive information," said AG Coakley. "We have entered a new and more sophisticated age of cybercrime and the best way to protect your personal information from getting robbed is to make sure it is secured."

This past May, Google announced that it had been collecting unencrypted payload data over wireless networks. Payload data can include user emails, passwords, and browsing activity. Google Street View vehicles, which photograph homes, buildings, streets, and other landmarks, also were equipped to also capture payload data that was being transmitted over unencrypted networks at the same time those cars were driving through neighborhoods. The Attorney General and other states are continuing to investigate Google's collection of this data.

Manufacturers and service providers often deliver wireless routers with the encryption feature turned off. To turn encryption on, consumers should consult the instructions that accompany their wireless router, or visit the website of the router manufacturer or service provider. When selecting the level of encryption, consumers should keep in mind that Wi-Fi Protected Access (WPA) encryption is more effective than Wired Equivalent Privacy (WEP) encryption. WPA, either WPA2 or WPA-Personal, should protect against most hackers. WEP should protect wireless networks against accidental intrusions by neighbors or attacks by less-sophisticated hackers. If the only choice is WEP encryption, it should be set to the highest security level available.

Data Privacy Day, which is internationally recognized today, brings necessary awareness to an individual's right to protect his or her most sensitive and personal data. The day brings together businesses, individuals, government agencies, non-profit groups, and academics in a dialogue about how personal data is collected, used, and stored.

AG Coakley offers the following consumer tips to assist consumers in keeping their personal data safe and securing their wireless networks:

  • Use anti-virus and anti-spyware software, and a firewall. Install anti-virus and anti-spyware software, keep them up-to-date, and check to ensure that your firewall is turned on.
  • Turn off identifier broadcasting. Most wireless routers broadcast a signal to any device in the vicinity announcing their presence. You don't need to broadcast this information if the person using the network already knows it is there. Disable the identifier broadcasting mechanism if your wireless router allows it.
  • Change the identifier on your router from the default. The identifier (SSID) for your router is likely to be a standard, default ID assigned by the manufacturer to all hardware of that model. Change your identifier to something only you know, and remember to configure the same unique ID into your wireless router and your computer so they can communicate.
  • Change your router's pre-set password for administration. The manufacturer assigned the router a standard default password. Those default passwords are available to anyone, including hackers, so change it to something only you know. When choosing a password, make sure to choose one of sufficient length and complexity to prevent it from being cracked.
  • Turn off your wireless network when you know you won't use it. If you turn the router off when you're not using it, you limit the amount of time that it is susceptible to a hack.
  • Don't assume that public "hot spots" are secure. Café, hotel, and airport "hot spots" are convenient, but they are not secure.
  • Be careful about the information you access or send from a public wireless network. You should assume that other people can see anything you see or send over a public wireless network.

OnGuard Online, a consortium of federal government agencies and technology industry experts, recommends additional precautionary steps to secure your wireless network and ensure safe web browsing. The steps above are adapted from OnGuard Online's list.