Friday night, lawyers flocked to airports to assist refugees whose status was threatened by President Trump’s executive order on border security and immigration. It was inspiring to see lawyers banging out habeas corpus petitions from airports around the US, pulling all-nighters in defense of civil liberties.

Good job, lawyers!

There is a but coming.

But look at all those laptops, some or all of which are undoubtedly connected to the airport Wi-Fi. I want to believe all these lawyers are using a reputable VPN because they know airport Wi-Fi is public and insecure. Or that they are at least using secure communication tools.

Because when your client’s legal issue involves the federal government and immigration and national security in the same sentence, it is reasonable to assume the federal government’s considerable surveillance powers are focused on you. Or anyone with a laptop and a free packet-sniffing utility.

Airport Wi-Fi is public, and many airport Wi-Fi networks are compromised by design. Anyone can “listen” to what you are sending and receiving, and they don’t need to be a hacker or the NSA to do it. Packet sniffing is a hobby for some people (there are even perfectly legitimate reasons to do it).

In fact, it is probably unreasonable to assume that nobody is listening on a normal day at the airport, much less a day when an unusually large portion of the US (and probably the world) is focused on what happens in a dozen or so US airports.

You and I both know many of those lawyers are just hooked up to the airport Wi-Fi hotspot. Many of them are sending email over unsecured or leaky connections. I’m sure if you look closely at enough photos of lawyers in airports from Friday night, you will find someone running Windows XP.

Which means … who knows. Maybe the government isn’t actually listening for some reason. Maybe it isn’t particularly worried about the information these lawyers are sharing with one another. After all, many of them probably aren’t sharing anything particularly salacious. Maybe the government isn’t organized enough to take advantage of it.

But maybe not.

A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. (Rule 1.6(c) of the Model Rules of Professional Conduct.)

It is not reasonable to connect to a public Wi-Fi network—particularly airport or hotel Wi-Fi—without making some effort to prevent the disclosure of the information you send over that network. It is especially not reasonable when you can be fairly certain someone is motivated to get that information and capable of getting it.

These lawyers did good work under pressure. I don’t want to take away from that. But the unfortunate reality is that someone may have been watching every keystroke.

4 responses to “Lawyers, Airports, and Wi-Fi Security”

  1. jqheywood says:

    Thank you, Sam. Damn useful and needed information.

  2. Marc Whipple says:

    Odds are your smartphone either is already a hotspot, or can become one without much trouble. It cost $10 for a 30day 2GB plan for mine. (I’m volunteering at ORD.) While you’re at the airport, don’t be streaming video, use your own phone, and KEEP OFF THE WIFI.

    Seriously, even if it weren’t tapped/compromised, that’s how you get malware and stuff. Don’t be going on there. Ew.

    • Sam Glover says:

      True. Using your phone or tablet as a personal hotspot means your phone service provider (Verizon, in my case) is effectively a VPN. However, I’m not confident that is sufficient protection if you are representing someone of interest to the federal government. After all, the wireless telecoms were apparently all on board the NSA’s mass surveillance program.

      But more practically, using your phone or tablet as a personal hotspot is a lot more expensive than just getting a VPN.

      I pay $10/month for Cloak, which gets me unlimited data. There are even free VPN providers out there. However, I think it is worth paying since you have to be able to trust your VPN. I feel like I am more likely to be able to trust a company I’m paying for service than one that is giving me service for free and potentially selling information to the highest bidder.

      So for both cost and confidentiality reasons, I think it is better to just get a VPN.

Leave a Reply

Your email address will not be published. Required fields are marked *