Free public Wi-Fi providers are bamboozling users with lengthy terms and conditions that fail to inform them of the security risks involved in access, according to RMIT University researchers.
Many terms of access texts required legal training to understand, the research team led by Dr Ian McShane suggested. Others were simply too long to be feasibly read in full, in one case running for 6,800 words.
“Some terms and conditions governing public Wi-Fi are in dire need of revision to a friendlier and more user-oriented format. The current defensive, corporate risk-focused posture of many T&Cs has little educative value, and ultimately brings into question the rationale for providing a public network,” the report – Practicing safe public Wi-Fi: Assessing and managing data-security risks – stated.
T&Cs provided an opportunity to inform consumers and guide decisions about use of public Wi-Fi networks, the report suggested, but were proving an ineffective communications tool.
“Some texts are so long and complex that they require considerable persistence and perhaps legal training to read and comprehend, yet their ‘boilerplate’ character offers users no option other than to accept entirely in order to gain network access,” researchers said.
Of the 26 public Wi-Fi networks T&Cs provided by commercial, government and community institutions sampled, 18 advised users that communications may be insecure. However, many providers were deemed to prioritise their own risk and liability issues over consumer advice.
“The typical placement of warnings about network and communications security is towards the end of sometimes-lengthy documents. This raises questions about the extent to which users are effectively and fully informed of security risks,” the report stated.
The paper's authors suggest providers adopt an ‘educate first stance’ in their terms and conditions, since many consumers are unaware of the security risks involved in accessing public Wi-Fi. The research included a survey of 1200 Australians and found that almost one in five conducted financial transactions over public Wi-Fi without taking any security precautions and one in seven undertook work-related activities on unsecured networks.Read more: US cyber security mission to showcase Australian credentials
While in some cases this was down to an informed choice to forgo security measures for convenience sake, the data showed a generally low awareness among users of the security measures available.
The Victorian government, which provides public Wi-Fi networks in Melbourne, Ballarat and Bendigo, was noted by researchers as giving especially clear and concise consumer advice ahead of them accessing the service.
Last week, Transport for NSW was accused of “burying the 'catch' in the fine print” of its free Wi-Fi which is being trialled on Sydney buses.
NSW Greens MP Dr Mehreen Faruqi said: "Not making it clear to tens of thousands of bus commuters that they'll be signing up to hand over their personal information to a private company is simply irresponsible."
Free Wi-Fi users’ lack of scrutiny of terms and conditions is well documented. In 2014, cyber security firm F-secure ran an experiment in which it set up two free Wi-Fi hotspots in London. Users were invited to agree to terms which “in return for free Wi-Fi access the recipient agrees to assign their first born child to us for the duration of eternity”. Six people signed up.