For that matter, arrests for "stealing" Wi-Fi are still rare and if someone taps into your network, in some places it may be hard to prosecute them, Bankston said. It's hard to prove an intruder was deliberately snooping rather than just taking advantage of signal that was intentionally made public. The flip side is that if you're the one looking for a signal and you happen to find your neighbor's wireless LAN, the odds seem fairly slim that you'll be punished for it.
Estimates vary on the percentage of unprotected wireless LANs, but many observers agree on the main reason: It's too complicated for the average consumer to set up.
All certified Wi-Fi gear made since late 2003 are equipped with Wi-Fi Protected Access (WPA), an encryption system strong enough for business use, and earlier approved products have at least Wired Equivalent Privacy (WEP), a weaker system. Even WEP will force a would-be intruder to do some work, and most snoopers will just move on to the next unprotected LAN, Girard said.
However, consumers often don't use either because they aren't aware of the problem or can't figure out the startup process. For example, setting up WPA requires the new Wi-Fi user to come up with a good "pass phrase," type it into the computer, and then enter it on the router via the network, said David Cohen, senior product marketing manager at Wi-Fi chip maker Broadcom.
Broadcom recently moved to simplify the process with Secure Easy Setup, a system that automatically creates a pass phrase and lets the user set up WPA just by clicking on a software button on the PC and then pushing a hardware button on the router. Secure Easy Setup is now shipping with products from Cisco Systems Inc.'s Linksys division, the biggest seller of home Wi-Fi gear, and will be adopted by other vendors that use Broadcom chips, Cohen said.
The Wi-Fi Alliance, the industry group that certifies Wi-Fi gear, wants to ensure easier setup for all consumers. In the first half of next year, it plans to create a standard that vendors can build in and have certified as a check-off item on their products, said Frank Hanzlik, the organization's managing director. The standard won't be required on all Wi-Fi products because it wouldn't be appropriate for complex enterprise gear installed by IT professionals, he added.
Some consumers will still choose to leave their networks open as a public service, the EFF's Bankston said. In addition to possibly violating the terms of your broadband contract, that move calls for all the safeguards mentioned above.
"If you don't know how to control network permissions, you should not run open Wi-Fi," Bankston said. "Even if you know what you're doing, opening up your network to the public will increase your risk."