Information, Communication, and Society, Vol. 11, No. 1, pp. 25-46, 2008
38 Pages Posted: 26 Feb 2007 Last revised: 4 Mar 2008
Today's internet presumes that individuals are capable of configuring software to address issues such as spam, security, indecent content, and privacy. This assumption is worrying - common sense and empirical evidence state that not everyone is so interested or so skilled. When regulatory decisions are left to individuals, for the unskilled the default settings are the law. This article relies on evidence from the deployment of wireless routers and finds that defaults act as de facto regulation for the poor and poorly educated.
This paper presents a large sample behavioral study of how people modify their 802.11 ("Wi-Fi") wireless access points from two distinct sources. The first is a secondary analysis of WifiMaps.com, one of the largest online databases of wireless router information. The second is an original wireless survey of portions of three census tracts in Chicago, selected as a diversity sample for contrast in education and income. By constructing lists of known default settings for specific brands and models, we were then able to identify how people changed their default settings.
Our results show that the default settings for wireless access points are powerful. Media reports and instruction manuals have increasingly urged users to change defaults - especially passwords, network names, and encryption settings.
Despite this, only half of all users change any defaults at all on the most popular brand of router. Moreover, we find that when a manufacturer sets a default 96-99% of users follow the suggested behavior, while only 28-57% of users acted to change these same default settings when exhorted to do so by expert sources. Finally, there is also a suggestion that those living in areas with lower incomes and levels of education are less likely to change defaults, although these data are not conclusive. These results show how the authority of software trumps that of advice. Consequently, policymakers must acknowledge and address the power of software to act as de facto regulation.
Keywords: Regulation, Software, Wireless, Defaults, Law, Policy, Internet
Suggested Citation: Suggested Citation
Shah, Rajiv C. and Sandvig, Christian, Software Defaults as De Facto Regulation: the Case of the Wireless Internet. Information, Communication, and Society, Vol. 11, No. 1, pp. 25-46, 2008. Available at SSRN: https://ssrn.com/abstract=964950