Unsecured Wi-Fi would be outlawed by N.Y. county

According to a new proposal being considered by a suburb of New York City, any business or home office with an open wireless connection but no separate server to fend off Internet attacks would be violating the law.

Politicians in Westchester County are urging adoption of the law--which appears to be the first such legislation in the U.S.--because without it, "somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data," County Executive Andy Spano said in a statement.

The draft proposal offered this week would compel all "commercial businesses" with an open wireless access point to have a "network gateway server" outfitted with a software or hardware firewall. Such a firewall, used to block intrusions from outside the local network, would be required even for a coffee shop that used an old-fashioned cash register instead of an Internet-linked credit card system that could be vulnerable to intrusions.

Scott Fernqvist, special assistant to the county's chief information officer, said Friday that he thought "the law would apply" to home offices as well.

"It was just introduced; it's a draft," Fernqvist said. "We're hoping it's enacted early next year, but this can change."

The proposed law has two prongs: First, "public Internet access" may not be provided without a network gateway server equipped with a firewall. Second, any business or home office that stores personal information also must install such a firewall-outfitted server even if its wireless connection is encrypted and not open to the public. All such businesses would be required to register with the county within 90 days.

The proposal echoes a slew of bills in Congress and in state legislatures that are being considered in the wake of recent security problems involving Bank of America, payroll provider PayMaxx and Reed Elsevier Group's LexisNexis service. But the other proposals tend to follow approaches such as requiring notification of breaches or restricting use of Social Security Numbers--as opposed to regulating wireless links.

According to the Westchester proposal, public Internet access sites also would have to post a sign saying: "You are accessing a network which has been secured with firewall protection. Since such protection does not guarantee the security of your personal information, use discretion." Violations of any part of the law would be punishable with fines of $250 or $500.

Representatives from the county's information technology department drove around downtown White Plains, N.Y., with laptop computers and detected 248 open wireless connections in less than half an hour, the county reported. Half lacked "visible security" features.

[Eggs Ackley]

Bunch o' lard-butt politicians ...

... somehow getting the impression from somebody that there would be a point to this legislation, other than restricting and criminalizing the growth of *_PRIVATE_* wi-fi networks.

Now, where would they get the idea there's some practical need for this.

Hmm ...

let's see ...

who could it be ...

I dunno ...

could it be ...

THE PHONE COMPANIES?!!

[Hernys]

I don't know

Maybe this is over reporting, or people are reading too much from the article. I interpret from it that this would only apply to businesses that hold third parties confidential data. In which case it seems pretty reasonable, given that there's already legislation asking for the companies protecting that data.
If that's not the case and the law would apply to every access point, I don't see how such a law could be passed that forces people to spend money on stuff to protect nothing (for example, for a user that doesn't hold confidential information). If this was the case, I would side with the view that this is the result of a lobbyin effort from the telcos.
Anyway, even if passed, the law shouldn't cause much trouble in the long term. Access point manufacturers will just build the functionality in their appliances, which should be doable at very low cost, and only preexisting users would be inconvenienced.

[heystoopid]

oh ignorant ones

Ignorance begats ignorance,these politicians are true computer illiterates!, oh well, stupidity is hereditary with these dysfunctional ones who call themselve peoples representatives?

[raynettech]

NY Residents Apparently Cannot Think For Themselves

It has always amazed me the fact that NY residents cannot think for themselves. This must be the case because they continually elect leaders to think for them. First, cell phone regulations were put in place because residents could not handle using their phones safely. Now politicians have decided NY residents are incapable of setting up their own networks without the governments help. But why stop there. Why not outlaw unhealthy eating habits, mandate exercise, and while we're at it pass a bill to require a procreation license.

I really hope this law does pass. I do not live in the state, but I do a lot of IT Consulting in the county in question. Once this passes, and it will if NY legislative history has shown us anything, I am going to make millions and never have to pay a dime in sales tax to NY as I have no business presence there. Keep electing those politicians to think for you NY!! My bank account could really use the help!

[dam7ri]

Hey,

If you re-read the article, you will notice that this is one suburb, not the entire state. If you want to criticize Westchester residents for their choice of politicians, be my guest, but remember two things:

1) These people that you criticize apparently exercise the same lack of judgement whenever they use your services.

2) There are "NY residents" that do their own thinking, and many of them live in NYC, Buffalo, and other areas that would probably stop this type of legislation dead in its tracks.

Now as far as this proposed law is concern, it is utterly assinine. No government has the right to mandate how a privately owned network is administered. Some businesses or citizens may leave a WAP open, by design, but this would take away that choice.

If this law passes, it will only serve to reaffirm my belief that NYC has banished every moron and useless politician to Westchester, if only to raise the city's IQ.

[grajoe]

good intention, wrong action

Giving Spano the benefit of the doubt, that the individuals security and personal protection is the goal, there are far better ways to (dare I say) regulate this.

1. Of course expanding education through the usual channels, i.e., news papers, the local news cast, the local papers, etc.
2. Second, by urging the industry, Microsoft, Apple, Cisco, etc. to further educate the consumer might help.
3. Lastly, the law should be framed in same way many consumer protection education acts are implemented. For example, the state could of course regulate the public sector, municipal buildings, fire, police, etc., and also require private industries that use WiFi, air ports, cafés, etc., to post a consumer warning notification, or a use at your risk type notice if they have no encryption.

Once that occurs, the private sector would compete on its own to gain consumer confidence. But, as many of you are thinking, any attempt by politicians to regulate such a dynamic technology would only prove futile.

[Stating]

Will Open The Door To Taxing WiFi

Who do you think will end up paying for the new bureaucracy to police WiFi use? To outfit mobile detection vans. Pay for staff. Pay for overtime. Provide for community outreach. Prosecute offenders. Rehabiliate offenders. Translate the programs into 20 different languages. Why the WiFi users of course. We must tax them, because they are causing us all this extra expense. Before you know it this will be a $50 million dollar a year department.

[grajoe]

$$

The cost of the above would be minimal, which, would far outway the costs of the crimes thmeselves. As I said, the private secter would assume most of it. The public secter would simply inforce its own set of standards.

[myoung15]

Politics & Technology don't mix

Idiots in politics should just stay in politics and have no business even venturing into the world of technology. Their intentions may be all good but history proves true that the final outcome will be far from what was intended.

[markdoiron]

I Don't Think They Can Do This

few years back oklahoma, where i live, tried to impose regulations on cable tv content (they wanted to ban playboy channel). the fcc promptly told them that was the fcc's domain. i don't believe fcc is inclined to cede regulating wireless connectivity to local officials, even under this administration. the next thing you know local officials would demand licensing for local radio and tv stations, with appropriate fees to be collected!

mark d.

[staticimperative]

Activism???

Does anybody know if there is any formal, organized group considering actively trying to prevent this legislation? Can anyone point them out to me? I'd like to know what is being done about this - in my opinion - flagrantly ignorant action.

[john_miles]

EFF

There is an effective national organization that does what you describe. The <a href="#">http://www.eff.org</a> is dedicated to the proposition that Constitutional rights don't terminate at the gateway. Check them out, and (at the very least) see if they can put you in touch with New York-based activists.

This law in particular is a non-starter on at least two grounds: one, as another poster mentioned, the FCC will not stand for it; and two, it's a gross First Amendment violation. It won't survive its first two hours in a court of law. Neverthless, if you don't want more of the same, please consider joining the EFF.

[tangential]

Can they compel me to lock my doors too?

I guess, for my own good, they should require self-locking doors, barred windows, etc... on my house to help protect me from....something.

[fyrfyter]

Idiots Idiots Idiots!!!

Apparently, this just proves the point that high power, mult-million dollar companies are just as stupid as politicians. Who in their right mind runs a company with WiFi and no security? Apparently, wearing a tie cuts off the oxygen supply to your brain to the point that there is no more logical reasoning coming fom it, hence how we have arrived at this point. Just another way for the government to try and get total control of the citizens of the US and their lives.

[rfc1394]

This law is unconstitutional

Federal law overrides state and local law, and current law gives the FCC sole and exclusive jurisdiction to regulate or control use of frequencies. This is no different than colleges trying to tell people they can't use their own wireless equipment on unlicensed spectrum when the university is also running a network on the same unlicensed spectrum, or an airport saying airlines can't run their own wireless network when the airport authority wants them to use (and pay) its own network. The county has no more authority to ban unsecured wireless networks any more than it can ban secured ones.

[purplefibreoptic]

Gee, I thought we were smarter than that?

As a former Westchester County resident, I thought that we were all smarter than this. First, if someone wished to leave her(his) access point open, it is not the business of the COUNTY GOVERNMENT.
What you do in your own home is your own business....not that of Mr Spano or the DA (gotta ge a plug in for her...god knows she always wants one), or anyone else. God knows, if I lived in Westchester County right now and had high speed access and a wireless access point, I'd leave it open just to **** off some of you ignorant mindless fools that made up this junk.

Hidden agenda

This is to prevent people from sharing their connection and has NOTHING to do with security. This has been growing concern from the Internet Service Providers, that access points are shared through a wireless router connected directly to the internet.

[diverman]

I see Stupid people!

So, somebody's tax dollars are hard at work. Allowing employees from the county to drive around looking for "open" access points. I want that job! These Access Points at a business may have proxies not allowing them to critical data. These morons think by seeing an open access point it indicates the entire network is unprotected. People need to be educated on how the system is meant to work. Then use it accordingly. They are just looking for another way of getting money from people. The lawmakers always think they know technology. Hey, Westchester County! Maybe you should offer your "expert" services to Hollywood for the next Matrix movie. That is real.. ;) Oh and I hear Walmart is hiring IT people.

[unigamer69]

Firewall != WLAN security on the local side... doofuses

What in the heck does a firewall server have to do with Wi-Fi, open or not? A firewall is a must, even on a wired network...

A firewall isn't going to do jack poo from the blue moon about access to the wireless. If the network is open, anything sent will still be visible to anyone in range with the proper tools, and anyone will still be able to jump on it. A firewall sits at the gateway between Internet and internal network - the gatekeeper. It has nothing to do with the internal part...

I'd have to say that about 95% of people with a basic WLAN set up DO have a firewall (a hardware one!), and DO have it turned on - even though by default. It's called the one built into the router! LOL

And for incoming stuff, it's quite handy and more than adequate.

I wonder if the built-in firewall would count for this new law - it is a firewall.

If they require a separate server for this, it's extra, unnecessary (and expensive) overhead in many cases... it almost smells of pork. Like the people who make server-based network firewalls lobbied the legislature...

IN SHORT: A firewall, server-based or not, does NOTHING for securing Wi-Fi. If it's unencrypted, it's unsecured. The firewall doesn't deal with the local side, and that includes the radio part.

[nicmart]

Time to put rape and robbery victims in jail!

It's much harder to apprehend criminals than it is their victims. So,
to make Orwell proud, these bright people have decided to do the
natural thing: criminalize non-criminals.

Any country that can criminalize self-medication, not wearing seat
belts, and carrying nail clippers on to airplanes can criminalize just
about anything. Welcome to the Therapeutic State.

[tjporter]

Contact Them!!!!!

Send comments to the legislators at this page!

<a class="jive-link-external" href="http://www.westchesterlegislators.com/Legislators/index.htm" target="_newWindow">http://www.westchesterlegislators.com/Legislators/index.htm</a>

[tw914]

GET A LIFE

LAW MAKERS NEED TO STOP ALL THE BUTTING IN
WE ALL READY HAVE FAR TOO MANY LAWS NOW THAT
CAN NOT BE INFORCED! THE PEOPLE NEED TO REMBER
THAT THEY PUT THESE PEOPLE IN OFFICE AND IF THEY
WOULD STOP FOR A MOMENT AND THINK. THEY WOULD PROBLEY IMPEACH THEM THIS IS NOT SOME THING THAT
CAN ONLY BE DONE TO THE PRESIDENT, AND WHEN YOU
LOOK AT WHAT HAS BE DONE WITH THE COPY WRITE LAWS
ON CD&#38;DVDS WHO WERE THEY PROCTECTING? BIG MONEY NOT THE PEOPLE THAT ELECTED THEM. JUST THE MONEY
THAT IS LINEING THERE POCKETS!

myWIFIzone

This is why we have been working on our free blocking software - it's only a matter of time before liability issues come into play with open WIFI zones. Our captive portal service coming this year will send intruders to a page where they must agree to terms of use - or continue to get blocked. see <a class="jive-link-external" href="http://www.myWIFIzone.com" target="_newWindow">http://www.myWIFIzone.com</a>

[grajoe]

People need to be educated

"People need to be educated"

That would be the goal, yes. Not necissarily to regulate, but to educate the public.

[AgonizingFury]

Can Anyone Else Read?

I have to wonder after reading some of the comments on this article if anyone other than me can read english? From what I'm reading the law does not require you to secure your Wi-Fi against intruders or free users, it requires that you protect all users of your Wi-Fi from attacks "ouside the LAN" I.E. all other users of the internet. In fact I don't see anywhere in the article where it says that "Unsecured Wi-Fi would be outlawed. From what I'm reading any NAT Enabled Wireless Router already meets these requirements. No additional equipment to buy, no need to identify your users, and no need to even activate buggy WEP Encryption on your Wi-Fi. This bassically makes the law pointless as it is protecting users against the unlikely event that someone will attack a Wi-Fi Network from the internet, instead of the much easier task of connecting to the Wi-Fi network iteself and attacking the users over the LAN. Did anyone else come to the same conclutions as me?

Agonizing Fury