Local Politicians Say Open WiFi Should Be Illegal

from the seems-a-bit-extreme dept

Fri, Nov 4th 2005 2:46am — Mike Masnick

It's quite well known that there are security issues with WiFi networks, but there are ways to take precautions and make yourself pretty safe. As education gets better, it the security risks shouldn't be as big a deal. However, some local politicians in Westchester County, NY have decided to go a step further. According to Guy Kewney, Westchester's County Executive is proposing a law that would basically outlaw open WiFi from any commercial business. As Kewney points out, in the description of the "problem" it appears that the politicians are a bit confused about the actual problem, mixing up a few different issues related to WiFi and security. Obviously, it's a good idea to encourage commercial WiFi providers to make their networks more secure -- but does it really need a law? Update: To clarify, since there's some confusion, by "open WiFi," we mean unsecured WiFi. They're not saying businesses can't offer WiFi, but that it has to include security. But, the examples the politicians give are all just about regular open WiFi access points.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

38 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

red, 4 Nov 2005 @ 4:08am

Politicians are stupid
They have computers and are probably on them all the time but that doesn't mean they understand them. I think they fear them from lack of knowledge.
[ link to this | view in chronology ]
td23, 4 Nov 2005 @ 4:30am

back assward
What kind of backward thinking is that? That�s like banning the use of ATMs at night because you might get robbed. There are going to be security risks no matter what the situation.
[ link to this | view in chronology ]
- tready, 4 Nov 2005 @ 4:40am
  
  Not that bad of an idea
  Coming from an industry that works on wifi networks I think its a great idea to make sure businesses don't have an "open" wifi connection. They aren't banning wifi in general...just the way its used to make it safer for the business. It won't keep out all "hackers" but it will keep the young inexperienced ones out that are trying to do wrong. Passwords only keep out the honest and inexperienced......
  [ link to this | view in chronology ]
  - Tim, 4 Nov 2005 @ 5:06am
    
    Re: Not that bad of an idea
    So this would ban all the hotspots I use in town, like Panera's?
    
    Great! Your right we must put an end to free wi-fi. (note the dripping sarcasm)
    [ link to this | view in chronology ]
    - tready, 4 Nov 2005 @ 5:18am
      
      Re: Not that bad of an idea
      (the dripping sarcasm is doly noted) look at it from a business point of view once their network gets broken into...then what?...they will have wished they were not a free hotspot. Do you want to be on a network like that?
      [ link to this | view in chronology ]
  - Anna, 4 Nov 2005 @ 7:26am
    
    Very Bad Idea
    I am sick and tired of people thinking that Big Brother has to do everything for them.
    
    Sure it's a great idea that businesses don't have an 'open' wifi connection, but do we have to make a law about it?
    
    Why don't we just ban computers? That's what's causing the problems, right?
    [ link to this | view in chronology ]
- aero, 4 Nov 2005 @ 8:18am
  
  Re: back assward
  ACTAULLY in Brazil.... you can't get money after 9pm.. because of that very same reason.
  So there is 24hrs banking in Brazil anymore (unless is online)
  [ link to this | view in chronology ]
- Jim Gordon, 4 Nov 2005 @ 11:58am
  
  Re: back assward
  I agree. Wi-Fi is a step into the futre. With Wi-Fi the internet can be much more affordable and be avable to more rual area's. It makes it posable for loptops to be used in parks. Over all Wi-Fi is here and I think the public has the power to make it glorous. POWER BELONGS TO THE PEOPLE!!!!!
  [ link to this | view in chronology ]
- Chuck D, 31 Jan 2006 @ 10:07am
  
  Re: back assward
  All I can say is this is the most ridiculous idea I have heard of in quite some time.. Need I remind everyone that THIS IS A FREE COUNTRY!!!
  [ link to this | view in chronology ]
- Chuck D, 31 Jan 2006 @ 10:07am
  
  Re: back assward
  All I can say is this is the most ridiculous idea I have heard of in quite some time.. Need I remind everyone that THIS IS A FREE COUNTRY!!!
  [ link to this | view in chronology ]
- Chuck D, 31 Jan 2006 @ 10:18am
  
  Re: back assward
  All I can say is this is the most ridiculous idea I have heard of in quite some time.. Need I remind everyone that THIS IS A FREE COUNTRY!!!
  
  Not to worry.. This stupidity will never happen.. Here is the federal law protecting the installation of wi-fi systems..
  
  http://www.fcc.gov/mb/facts/otard.html
  
  Also, the Federal Communications Act of 1934 also declared the "Open Skies Policy", so the reception of open radio signals cannot be restricted in any way, and since wi-fi is "unlicensed operation", FCC rules don't really apply to wi-fi anyway, no matter how much they would like them to...
  
  Quote from the very first paragraph in the FCC rules and Regulations...
  
  "These rules and regulations apply to person with a license or prior written agreement with the FCC"....
  
  That is a key statement right there.. If you do not have a license of prior written agreement with the FCC, then their rules and regulations do not apply to you as a free American Citizen in any way, shape or form.. (I know some dwebe HAM operators will argue with that, but you idiots have licenses and prior agreements, so the rules do apply to you..)
  
  Rules and Regulations are not LAWS... Rules and regulations are optional, like wearing a tie to get into the country club... If you don't want to wear a tie, you can just stay out of the country club.. As soon as you sign and FCC license, you have contractually agreed to abide by their rules and reg's.... So don't ever sign such an agreement...
  
  The only exception to this is the interference with emergency service communications, and that is a law, not an FCC rule.. Big difference..
  
  So, not to worry... Anyone who thinks this is a good idea should just go ahead and move to Russia... They will welcome you there... LOL!!!
  
  IT JUST ISN'T HAPPENING!!!
  
  Total stupidity that isn't really even worth discussing any further....
  
  Later....
  Chuck D
  [ link to this | view in chronology ]
Chris H, 4 Nov 2005 @ 5:11am

No Subject Given
Read the article, it's actually saying they want business using open Wi-Fi to make it more secure.

"The law, which was recently submitted to the Board of Legislators, would require Internet cafes as well as commercial businesses that use wireless networks to take basic security precautions to protect private customer information from potential data thieves and hackers."

Though I think they have the concept of what a firewall actually does a little confused.
[ link to this | view in chronology ]
freefood, 4 Nov 2005 @ 5:43am

RTFA
I fail to see how this would "basically outlaw open Wi-Fi."
They want open wi-fi providers to put up firewalls. Jesus H. Christ, it's the end of the Internet!! (notice the reactionary hyperbole.)
[ link to this | view in chronology ]
FreeMoney, 4 Nov 2005 @ 5:59am

Internet Security
This type of rhetoric is typical of legislative slippery slope thinking. I would be willing to hear the other side if somebody can explain why they are suggesting this law.
[ link to this | view in chronology ]
Joe, 4 Nov 2005 @ 6:18am

The problem is...
not wifi security, but the individual machines that get hacked, or should I say Windows.

Think Apple, Linux, etc.
[ link to this | view in chronology ]
- The Other Mike, 4 Nov 2005 @ 6:51am
  
  Re: The problem is...
  Not that I don't get a dozen security notices for open source OS's a day or anything... One week on a mailing list for OS security issues will demonstrate that the vulnerabilities are just as bad in all other OS's. Even retarded monkey's know that you hack the ~94% marketshare OS (namely Windows) first.
  
  Just because you got a grudge about OS choices doesn't mean that it is actually the root of all that is evil. Politicians are.
  
  I have already seen how these coffee shops - when faced with a court order - refuse to divulge information about who did something illegal on their network (and I am not talking about file sharing). So they get no sympathy here. If they refuse to enforce some kind of standard on it then someone has to.
  [ link to this | view in chronology ]
swytch, 4 Nov 2005 @ 6:22am

Wi-Fi laws
We can't just "create" laws each time a person or business gets lazy.....
[ link to this | view in chronology ]
Chris, 4 Nov 2005 @ 6:38am

No Subject Given
Or maybe this is all leading to a new tax?
[ link to this | view in chronology ]
Bill, 4 Nov 2005 @ 7:21am

I'm confusesd..
Is the law to protect Starbuck's servers, and therefore customer data, or is it to prevent criminals for using Starbuck's open wifi to anon. commit crime?

Surely anyone who is providing open wifi to their customers must have a firewall, or separate service to insulate their servers.
[ link to this | view in chronology ]
- Jo, 4 Nov 2005 @ 11:14am
  
  Re: I'm confusesd..
  Starbucks does not provide open WiFi. TMobile provides open WiFi. The wirless networks you access in the store has absolutly NO connection to the Starbucks corporate network.
  [ link to this | view in chronology ]
admin, 4 Nov 2005 @ 7:50am

No Subject Given
I just called Spano's office and complained. This is an outrage. I am going to look into his campaign donations as well to see how much money Verizon has donated.
[ link to this | view in chronology ]
erica ann (profile), 4 Nov 2005 @ 7:51am

In other words...
So basically.. lets go make a law just to make one and be clueless about what is behind the actual law being made.. doesnt matter if the good people get hurt by it, as long as a law is made right?
[ link to this | view in chronology ]
J.P., 4 Nov 2005 @ 7:54am

WiFi
its just another way for politicians to make history in being a part of a controversial issue.
[ link to this | view in chronology ]
Aaron, 4 Nov 2005 @ 8:10am

Crap Law
What a crap law. If they wanted to write a law about anything, why not just require businesses to post a sign that says you use the WIFI access at your own risk and if you are foolish enough to pass confeditial information across open lines that is your fault. They could also require busineses to maintain a separate line just for WIFI access to the internet. Wouldn't that at least make a little bit of sense. After all why would you connect your business to an open network, jut spend the extra money for another cable/dsl/T1 or whatever line and dont sweat it.
[ link to this | view in chronology ]
Joe R, 4 Nov 2005 @ 8:11am

read carefully
If I'm reading this correctly, what the law would require is for companies that use wireless networks to collect and store personal information would be required to comply. Meaning; if my company uses WiFi to process credit transactions, bank statements, bills, etc (other personal information) then I would be required to install safeguards. It doesn't mean that your average hotspot coffee shop that supplies WiFi to Mr. Smith would be required. Unless that coffee shop uses that same wireless network to collect info (process transactions).
[ link to this | view in chronology ]
arcfixer, 4 Nov 2005 @ 8:24am

No Subject Given
To a man with a hammer, all the world's a nail. To a legislator, all the world is a legislative issue.
.
What else would one expect?
[ link to this | view in chronology ]
Gerald Gibson, 4 Nov 2005 @ 8:42am

Wireless Mesh Communities
Put facts on the ground... as Isreal likes to say...

http://research.microsoft.com/mesh/

Got Windows XP and a wireless card? Setup a mesh.
[ link to this | view in chronology ]
Amar Maktal, 4 Nov 2005 @ 8:43am

Spano in bed with Cablevision: Westchester Telecom
So what really is going on here? Perhaps WiFi ubiquity will put the kaibash on Spano's and Cablevision's Westchester Telecom project.
[ link to this | view in chronology ]
Navy IT Guy, 4 Nov 2005 @ 8:54am

WiFi Legislation Ramifications
With the advent of wireless technology and the continuing decrease of public knowledge, I think that this will mark a trend of politicians trying to create laws to manage technology that they don�t have a full understanding of... Speaking of which, when will we see legislation regarding ever accessible Bluetooth vulnerabilities?
[ link to this | view in chronology ]
- Clifford VanMeter, 4 Nov 2005 @ 10:33am
  
  Re: WiFi Legislation Ramifications
  The truth is most politicians are like anchormen these days. They take the news as they are given it by "experts" (read lobbyists and pollsters) and regurgitate it a sound-bite at a time. Until we start looking to elect more than a glib hairstyle to office, we can expect more of the same.
  [ link to this | view in chronology ]
David, 4 Nov 2005 @ 9:27am

Come on people... READ.
The headline on this article is just a bit of alarmist hyperbole. All the proposed law says is if you're a business using a wireless network to transmit sensitive information, use a damn firewall. It'd be idiotic NOT to, but there are still businesses out there that don't. Nobody's trying to shut down your precious Internet cafe, they just want to keep YOUR credit card data safe. Jeezus.
[ link to this | view in chronology ]
- J to the A, 4 Nov 2005 @ 9:56am
  
  Re: Come on people... READ.
  I don't need any laws from the government to keep my credit card safe. I need stupid people to pay for leaking my information. This would also force people who setup wireless access points for places like restaurants to make darn sure the place knows the vulnerabilities. Sure I'm savvy and I know how to secure my wireless, but the swbell (2wire) guy that installed the dsl never said one word to us before he left, and left an open wireless hub right on our network. If I had left that open, and a hacker got CC number, you bet I should be sued, and you better belive that I would turn right around and sue swbell. We don't need a law, we just need better accountability.
  [ link to this | view in chronology ]
Derek Kerton (profile), 4 Nov 2005 @ 11:24am

Most Of You Have Misinterpreted
Most of you have read extra things into the story that are not there. The Politico IS NOT saying that public WiFi hotspots need to have security enabled, NOR is he saying that individual citizens need to do so to their home WiFi.

He IS saying that businesses that hold confidential user data in their computers or network MUST enable some kind of security to protect that data if their networks are accessible through WiFi.

This seems like a basic step that should be a no-brainer, but some business owners are not savvy on tech issues.

A stupid example is: say you're a woman with grey hair and you secretly dye it blond. Your hairstylist has invoices in her PC for you with the line item "blond hair dye". If the stylist has WiFi, and no security, it is possible for someone to hack their system and find out you dye your hair. More seriously, credit card numbers might be vulnerable.

This law proposal DOES NOT apply to Wi-Fi Hotspots, which are INTENTIONALLY left open with no security.

Businesses, like dry cleaners, which offer free WiFi to customers but that WiFi is also connected to the business' PC would have to secure their PC with a firewall, while they could still leave the WiFi unsecured.

So stop complaining. This is almost irrelevant to anyone who doesn't own a business, in Westchester County, that offers unfettered WiFi access, and where that WiFi network is also connected to sensitive customer data.

The law makes sense, and just protects customer data from potentially careless business operators who don't understand the risks of the WiFi networks they installed. I, for one, like the idea.

I imagine a lot of people complaining right now would be more angry if they found out they were the victims of ID Theft, caused in part by their dry cleaner's sloppy IT practices.
[ link to this | view in chronology ]
Scott, 4 Nov 2005 @ 2:33pm

Setting the record straight...
As a staffer for County Executive Spano, who proposed the law, I just wanted to clarify a few points�
The law DOES apply to public Wi-Fi hotspots, requiring them to provide a minimum level of security to ensure that confidential customer data is not also accessible via the wireless network that the public can use. It also asks that they post a sign saying they have done so, but reminding users to still exercise discretion. The last point is there to remind users of publicly available shared Wi-Fi connections that they may be sitting in a common open network and could be putting confidential information on their own computers at risk. We hope that these users take at least elementary steps to install some defenses on their computers.
While it would be nice to assume that business owners know they need to secure their wireless networks, many of them obviously don�t. In our 20-minute drive through downtown, Netstumbler showed that at least half the networks had no obvious security. OK, so some may have another layer of security not immediately visible, but --just standing outdoors on a street -- we were repeatedly able to piggyback on these networks to get to various Internet sites. We weren�t going to break the law and hack into �internal� computers on these networks to prove the point, but a variety of studies by others have shown that about a third of these networks are quite insecure.
One of the biggest reasons Spano took the legislative route was to raise public awareness � and that campaign is still to come. The risks of Wi-Fi use may be obvious to all of you, but that�s simply not the case for all the novice computer users and small business owners who are going out in droves to buy cheap Wi-Fi equipment and then firing it up without doing even the most basic security configuration. (You�d be surprised at how many these people have even left the SSID at the default name that the device came with.) We are creating a brochure that lists the steps one can take to protect their network and will distribute it through local business groups and at events.
Our hope is that people won�t look at this as just one more layer of legislation, but rather will see that this is an issue they WANT to comply with given the risks.
Finally, we too think that Wi-Fi is a great technology. But like everything else with technology, we just want it to be used wisely.
[ link to this | view in chronology ]
- Mike (profile), 4 Nov 2005 @ 3:11pm
  
  Re: Setting the record straight...
  I'm still confused as to why leaving the default name of the network is such a "security threat." You can leave the name and set up plenty of other security features, you know...
  [ link to this | view in chronology ]
- Chris, 4 Nov 2005 @ 6:59pm
  
  Re: Setting the record straight...
  As a Westchester resident for whom you and Mr. Spano work, I wish you would post a link to the text of the law so I could make an informed judgement on its merits.
  As far as I can piece together from your posting and the rather less cogent press release, the law would do four potentially unexceptionable things:
  --mandate firewalls between public Wifi networks and networks holding customer information. I'm free to have an Internet cafe, as long as I process credit cards on a separate, secure network.
  --mandate that businesses handling confidential information use an encrypted network. Does (should) WEP count or only WPA?
  --mandate that businesses handling confidential information install a firewall. If this only applies to wireless networks it is stupidly underinclusive: the threat there is from the WAN and that is there for wired and wireless alike.
  --try to educate users of public hotspots that they are NOT secure. God knows this is needed: half the idiots sitting at computers in Bryant Park have NO firewalls and have Windows shared drives. I have the firewall logs full of UDP=137s to prove it.
  Anyway, Saint Stallman forgive me but I don't hear the muffled tread of jackboots in any of the foregoing.
  [ link to this | view in chronology ]
  - Jim Gordon, 4 Nov 2005 @ 9:36pm
    
    Re: Setting the record straight...
    What is UDP=137s Please send me some info on how I can setup a better encryption other then WEP witch I found out on a recent tech show is full of holes.
    [ link to this | view in chronology ]
scary_wumpus, 15 Mar 2006 @ 12:09pm

Benjamin Franlin said that any man who would sacrifice freedom for security deserves neither freedom nor security.

Don't you think that this applies to everything?

The deal here is that no security is good security.

Provided Uncle Sam now has access to everything you say, write, and type in your little cubicle, there is no more privacy. There is no more AMerica.

At this point, we should either fightr back, or put away the Stars & Stripes to make room for the Hammer & Sickle.
[ link to this | view in chronology ]