Pat Says...

The recent battle over WiFi (wireless internet) availability at the airport has been brewing for a little while now. The airlines want to offer this service to their premier travelers for low or no cost, which means that Logan's $8/hour service gets less business. Of course, this makes it harder for Massport or its chosen WiFi vendor to earn revenue from travelers that are most likely to be able to spend the money.

I've been wondering for some time, though, about Massport's claims of diminished security that resulting from other WiFi services. Thinking about the problem from a technical standpoint, it's pretty clear to me that Massport either has no legitimate argument, or they are relying on WiFi for things they shouldn't be. I'll talk about this but try to keep the explanations understandable.

Massport's premise here is that a private WiFi hotspot diminishes airport security. In other words, if people connect to that private hotspot, they can disrupt or cause harm to Massport or Logan. In what ways could this possibly happen?

• Denial of Service (DoS) - There is so much WiFi traffic on the airwaves that Massport's hotspots are drowned out.


• Massport can't monitor users of alternative hotspots - "If we can see what people are doing, we can decide whether we need to send out the police"

These are the only direct security concerns I can come up with. Neither of these justifies a prohibition on alternative hotspots, though.

WiFi denials of service can happen just by flooding the airwaves with bogus traffic, or jamming WiFi frequencies. Somebody who wants to prevent the use of WiFi can do it easily. A bigger question is why this is even a travel security concern for Massport, if indeed this is the case. If Massport is relying on WiFi for its own critical operations, then it has made a mistake that can't be corrected by quashing alternative hotspots. The only guarantee against a DoS attack is to operate within a closed network, which WiFi is not.

The ability to monitor communications has become a topic of discussion in the mainstream press recent. Massport, like any other ISP, has the ability to monitor the internet connections made by its WiFi clients, and to examine the information contained within those communications. By setting up a hotspot, Massport enables itself to review and store all of the messages it carries. Following an attack against an airliner or a facility, the logged data might help reconstruct terrorist activities leading up to the event.

However, who says that terrorists will use Massport's WiFi? Who says they've even use one of the alternative hotspots? Perhaps they are using their own 2-way radios, completely untraceably. Or they could be using cell phones, like many other Logan passengers and relatively untraceably. They could even be using Massport's own WiFi, but using VPN software to conceal their communications from anybody who might be watching.

If Massport thinks it can prevent or mitigate attacks by being the only WiFi game in town, it is mistaken. The "Security" argument falls down pretty quickly, leaving the astute observer to realize that the real reason Massport doesn't want competing WiFi hotspots is that it wants to collect all the revenue - the one argument that doesn't fall flat on its face.

When "Security" becomes the catch-all justification for decisions, especially when it's not accompanied by any justification, people stop listening. What we really need is thoughtful security, and Massport needs to be party to this. Shutting down competing WiFi services is neither thoughtful nor effective, and Massport needs to rethink this decision.