Software Defaults as De Facto Regulation: The Case of Wireless APs

30 Pages Posted: 31 Jul 2012

See all articles by Rajiv C. Shah

Rajiv C. Shah

University of Illinois at Chicago - Department of Communication; Illinois State University

Christian Sandvig

University of Michigan, Ann Arbor, Dept. of Communication Studies

Date Written: August 15, 2005


Today's internet presumes that individuals use software to make their own decisions to regulate spam, security, indecent content, and privacy. This emphasis assumes that individuals are both interested in and capable of setting filters, settings, and preferences. This assumption is worrying -- common sense and empirical evidence state that not everyone is so interested or so skilled. When regulatory decisions are left to individuals, for the unskilled the default settings are the law. Using evidence from the deployment of wireless routers, this study finds that defaults act as de facto regulation for the poor and poorly educated.

Many have argued that software is a powerful form of regulation (e.g., Lessig, 2000) and that defaults in software regulate behavior, but empirical studies have been scarce. To empirically address the question of how significant default settings are in shaping behavior, this paper presents a large sample behavioral study of how people modify their 802.11 (“Wi-Fi”) wireless routers from two distinct sources. The first is a secondary analysis of, one of the largest online databases of wireless router information collected over four years (containing 400,000 routers). The second is an original wireless survey of portions of three census tracts in Chicago, selected as a diversity sample for contrast in education and income (containing 1,996 routers). We constructed lists of known default settings for specific brands and models, then identified those routers in the data using manufacturer-specific information that they transmit.

In short, we find that the default settings for wireless routers are powerful. Media reports and instruction manuals have increasingly urged users to change defaults -- especially passwords, network names, and encryption settings. Despite this, only half of all users change any defaults at all on the most popular brand of router. Moreover, we find that when a manufacturer sets a default setting this produces 96-99% compliance, while 28-57% of users acted to change these same defaults when exhorted to do so. There is also a suggestion that those living in areas with lower incomes and levels of education are less likely to change defaults, although these data are not conclusive. It is not surprising that default settings shape behavior, but this study provides empirical evidence of how rarely people actually change default settings, even in the face of widespread advice to do so. That is, the authority of software trumps that of advice. Consequently, policymakers must acknowledge and address the power of software to act as de facto regulation — this begs for the consideration of defaults in discussions about “individual choice.”

Suggested Citation

Shah, Rajiv and Sandvig, Christian, Software Defaults as De Facto Regulation: The Case of Wireless APs (August 15, 2005). TPRC 2005, Available at SSRN:

Rajiv Shah (Contact Author)

University of Illinois at Chicago - Department of Communication ( email )

1200 W Harrison St
Chicago, IL 60607
United States


Illinois State University ( email )

Normal, IL 61790
United States

Christian Sandvig

University of Michigan, Ann Arbor, Dept. of Communication Studies ( email )

5370 North Quad
105 South State Street
Ann Arbor, MI 48109-1285
United States


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics