Local Politicians Say Open WiFi Should Be Illegal

from the seems-a-bit-extreme dept

It's quite well known that there are security issues with WiFi networks, but there are ways to take precautions and make yourself pretty safe. As education gets better, it the security risks shouldn't be as big a deal. However, some local politicians in Westchester County, NY have decided to go a step further. According to Guy Kewney, Westchester's County Executive is proposing a law that would basically outlaw open WiFi from any commercial business. As Kewney points out, in the description of the "problem" it appears that the politicians are a bit confused about the actual problem, mixing up a few different issues related to WiFi and security. Obviously, it's a good idea to encourage commercial WiFi providers to make their networks more secure -- but does it really need a law? Update: To clarify, since there's some confusion, by "open WiFi," we mean unsecured WiFi. They're not saying businesses can't offer WiFi, but that it has to include security. But, the examples the politicians give are all just about regular open WiFi access points.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    red, Nov 4th, 2005 @ 4:08am

    Politicians are stupid

    They have computers and are probably on them all the time but that doesn't mean they understand them. I think they fear them from lack of knowledge.

    reply to this | link to this | view in thread ]

  2. identicon
    td23, Nov 4th, 2005 @ 4:30am

    back assward

    What kind of backward thinking is that? That’s like banning the use of ATMs at night because you might get robbed. There are going to be security risks no matter what the situation.

    reply to this | link to this | view in thread ]

  3. identicon
    tready, Nov 4th, 2005 @ 4:40am

    Not that bad of an idea

    Coming from an industry that works on wifi networks I think its a great idea to make sure businesses don't have an "open" wifi connection. They aren't banning wifi in general...just the way its used to make it safer for the business. It won't keep out all "hackers" but it will keep the young inexperienced ones out that are trying to do wrong. Passwords only keep out the honest and inexperienced......

    reply to this | link to this | view in thread ]

  4. identicon
    Tim, Nov 4th, 2005 @ 5:06am

    Re: Not that bad of an idea

    So this would ban all the hotspots I use in town, like Panera's?

    Great! Your right we must put an end to free wi-fi. (note the dripping sarcasm)

    reply to this | link to this | view in thread ]

  5. identicon
    Chris H, Nov 4th, 2005 @ 5:11am

    No Subject Given

    Read the article, it's actually saying they want business using open Wi-Fi to make it more secure.

    "The law, which was recently submitted to the Board of Legislators, would require Internet cafes as well as commercial businesses that use wireless networks to take basic security precautions to protect private customer information from potential data thieves and hackers."

    Though I think they have the concept of what a firewall actually does a little confused.

    reply to this | link to this | view in thread ]

  6. identicon
    tready, Nov 4th, 2005 @ 5:18am

    Re: Not that bad of an idea

    (the dripping sarcasm is doly noted) look at it from a business point of view once their network gets broken into...then what?...they will have wished they were not a free hotspot. Do you want to be on a network like that?

    reply to this | link to this | view in thread ]

  7. identicon
    freefood, Nov 4th, 2005 @ 5:43am


    I fail to see how this would "basically outlaw open Wi-Fi."
    They want open wi-fi providers to put up firewalls. Jesus H. Christ, it's the end of the Internet!! (notice the reactionary hyperbole.)

    reply to this | link to this | view in thread ]

  8. identicon
    FreeMoney, Nov 4th, 2005 @ 5:59am

    Internet Security

    This type of rhetoric is typical of legislative slippery slope thinking. I would be willing to hear the other side if somebody can explain why they are suggesting this law.

    reply to this | link to this | view in thread ]

  9. identicon
    Joe, Nov 4th, 2005 @ 6:18am

    The problem is...

    not wifi security, but the individual machines that get hacked, or should I say Windows.

    Think Apple, Linux, etc.

    reply to this | link to this | view in thread ]

  10. identicon
    swytch, Nov 4th, 2005 @ 6:22am

    Wi-Fi laws

    We can't just "create" laws each time a person or business gets lazy.....

    reply to this | link to this | view in thread ]

  11. identicon
    Chris, Nov 4th, 2005 @ 6:38am

    No Subject Given

    Or maybe this is all leading to a new tax?

    reply to this | link to this | view in thread ]

  12. identicon
    The Other Mike, Nov 4th, 2005 @ 6:51am

    Re: The problem is...

    Not that I don't get a dozen security notices for open source OS's a day or anything... One week on a mailing list for OS security issues will demonstrate that the vulnerabilities are just as bad in all other OS's. Even retarded monkey's know that you hack the ~94% marketshare OS (namely Windows) first.

    Just because you got a grudge about OS choices doesn't mean that it is actually the root of all that is evil. Politicians are.

    I have already seen how these coffee shops - when faced with a court order - refuse to divulge information about who did something illegal on their network (and I am not talking about file sharing). So they get no sympathy here. If they refuse to enforce some kind of standard on it then someone has to.

    reply to this | link to this | view in thread ]

  13. identicon
    Bill, Nov 4th, 2005 @ 7:21am

    I'm confusesd..

    Is the law to protect Starbuck's servers, and therefore customer data, or is it to prevent criminals for using Starbuck's open wifi to anon. commit crime?

    Surely anyone who is providing open wifi to their customers must have a firewall, or separate service to insulate their servers.

    reply to this | link to this | view in thread ]

  14. identicon
    Anna, Nov 4th, 2005 @ 7:26am

    Very Bad Idea

    I am sick and tired of people thinking that Big Brother has to do everything for them.

    Sure it's a great idea that businesses don't have an 'open' wifi connection, but do we have to make a law about it?

    Why don't we just ban computers? That's what's causing the problems, right?

    reply to this | link to this | view in thread ]

  15. identicon
    admin, Nov 4th, 2005 @ 7:50am

    No Subject Given

    I just called Spano's office and complained. This is an outrage. I am going to look into his campaign donations as well to see how much money Verizon has donated.

    reply to this | link to this | view in thread ]

  16. icon
    erica ann (profile), Nov 4th, 2005 @ 7:51am

    In other words...

    So basically.. lets go make a law just to make one and be clueless about what is behind the actual law being made.. doesnt matter if the good people get hurt by it, as long as a law is made right?

    reply to this | link to this | view in thread ]

  17. identicon
    J.P., Nov 4th, 2005 @ 7:54am


    its just another way for politicians to make history in being a part of a controversial issue.

    reply to this | link to this | view in thread ]

  18. identicon
    Aaron, Nov 4th, 2005 @ 8:10am

    Crap Law

    What a crap law. If they wanted to write a law about anything, why not just require businesses to post a sign that says you use the WIFI access at your own risk and if you are foolish enough to pass confeditial information across open lines that is your fault. They could also require busineses to maintain a separate line just for WIFI access to the internet. Wouldn't that at least make a little bit of sense. After all why would you connect your business to an open network, jut spend the extra money for another cable/dsl/T1 or whatever line and dont sweat it.

    reply to this | link to this | view in thread ]

  19. identicon
    Joe R, Nov 4th, 2005 @ 8:11am

    read carefully

    If I'm reading this correctly, what the law would require is for companies that use wireless networks to collect and store personal information would be required to comply. Meaning; if my company uses WiFi to process credit transactions, bank statements, bills, etc (other personal information) then I would be required to install safeguards. It doesn't mean that your average hotspot coffee shop that supplies WiFi to Mr. Smith would be required. Unless that coffee shop uses that same wireless network to collect info (process transactions).

    reply to this | link to this | view in thread ]

  20. identicon
    aero, Nov 4th, 2005 @ 8:18am

    Re: back assward

    ACTAULLY in Brazil.... you can't get money after 9pm.. because of that very same reason.
    So there is 24hrs banking in Brazil anymore (unless is online)

    reply to this | link to this | view in thread ]

  21. identicon
    arcfixer, Nov 4th, 2005 @ 8:24am

    No Subject Given

    To a man with a hammer, all the world's a nail. To a legislator, all the world is a legislative issue.
    What else would one expect?

    reply to this | link to this | view in thread ]

  22. identicon
    Gerald Gibson, Nov 4th, 2005 @ 8:42am

    Wireless Mesh Communities

    Put facts on the ground... as Isreal likes to say...


    Got Windows XP and a wireless card? Setup a mesh.

    reply to this | link to this | view in thread ]

  23. identicon
    Amar Maktal, Nov 4th, 2005 @ 8:43am

    Spano in bed with Cablevision: Westchester Telecom

    So what really is going on here? Perhaps WiFi ubiquity will put the kaibash on Spano's and Cablevision's Westchester Telecom project.

    reply to this | link to this | view in thread ]

  24. identicon
    Navy IT Guy, Nov 4th, 2005 @ 8:54am

    WiFi Legislation Ramifications

    With the advent of wireless technology and the continuing decrease of public knowledge, I think that this will mark a trend of politicians trying to create laws to manage technology that they don’t have a full understanding of... Speaking of which, when will we see legislation regarding ever accessible Bluetooth vulnerabilities?

    reply to this | link to this | view in thread ]

  25. identicon
    David, Nov 4th, 2005 @ 9:27am

    Come on people... READ.

    The headline on this article is just a bit of alarmist hyperbole. All the proposed law says is if you're a business using a wireless network to transmit sensitive information, use a damn firewall. It'd be idiotic NOT to, but there are still businesses out there that don't. Nobody's trying to shut down your precious Internet cafe, they just want to keep YOUR credit card data safe. Jeezus.

    reply to this | link to this | view in thread ]

  26. identicon
    J to the A, Nov 4th, 2005 @ 9:56am

    Re: Come on people... READ.

    I don't need any laws from the government to keep my credit card safe. I need stupid people to pay for leaking my information. This would also force people who setup wireless access points for places like restaurants to make darn sure the place knows the vulnerabilities. Sure I'm savvy and I know how to secure my wireless, but the swbell (2wire) guy that installed the dsl never said one word to us before he left, and left an open wireless hub right on our network. If I had left that open, and a hacker got CC number, you bet I should be sued, and you better belive that I would turn right around and sue swbell. We don't need a law, we just need better accountability.

    reply to this | link to this | view in thread ]

  27. identicon
    Clifford VanMeter, Nov 4th, 2005 @ 10:33am

    Re: WiFi Legislation Ramifications

    The truth is most politicians are like anchormen these days. They take the news as they are given it by "experts" (read lobbyists and pollsters) and regurgitate it a sound-bite at a time. Until we start looking to elect more than a glib hairstyle to office, we can expect more of the same.

    reply to this | link to this | view in thread ]

  28. identicon
    Jo, Nov 4th, 2005 @ 11:14am

    Re: I'm confusesd..

    Starbucks does not provide open WiFi. TMobile provides open WiFi. The wirless networks you access in the store has absolutly NO connection to the Starbucks corporate network.

    reply to this | link to this | view in thread ]

  29. icon
    Derek Kerton (profile), Nov 4th, 2005 @ 11:24am

    Most Of You Have Misinterpreted

    Most of you have read extra things into the story that are not there. The Politico IS NOT saying that public WiFi hotspots need to have security enabled, NOR is he saying that individual citizens need to do so to their home WiFi.

    He IS saying that businesses that hold confidential user data in their computers or network MUST enable some kind of security to protect that data if their networks are accessible through WiFi.

    This seems like a basic step that should be a no-brainer, but some business owners are not savvy on tech issues.

    A stupid example is: say you're a woman with grey hair and you secretly dye it blond. Your hairstylist has invoices in her PC for you with the line item "blond hair dye". If the stylist has WiFi, and no security, it is possible for someone to hack their system and find out you dye your hair. More seriously, credit card numbers might be vulnerable.

    This law proposal DOES NOT apply to Wi-Fi Hotspots, which are INTENTIONALLY left open with no security.

    Businesses, like dry cleaners, which offer free WiFi to customers but that WiFi is also connected to the business' PC would have to secure their PC with a firewall, while they could still leave the WiFi unsecured.

    So stop complaining. This is almost irrelevant to anyone who doesn't own a business, in Westchester County, that offers unfettered WiFi access, and where that WiFi network is also connected to sensitive customer data.

    The law makes sense, and just protects customer data from potentially careless business operators who don't understand the risks of the WiFi networks they installed. I, for one, like the idea.

    I imagine a lot of people complaining right now would be more angry if they found out they were the victims of ID Theft, caused in part by their dry cleaner's sloppy IT practices.

    reply to this | link to this | view in thread ]

  30. identicon
    Jim Gordon, Nov 4th, 2005 @ 11:58am

    Re: back assward

    I agree. Wi-Fi is a step into the futre. With Wi-Fi the internet can be much more affordable and be avable to more rual area's. It makes it posable for loptops to be used in parks. Over all Wi-Fi is here and I think the public has the power to make it glorous. POWER BELONGS TO THE PEOPLE!!!!!

    reply to this | link to this | view in thread ]

  31. identicon
    Scott, Nov 4th, 2005 @ 2:33pm

    Setting the record straight...

    As a staffer for County Executive Spano, who proposed the law, I just wanted to clarify a few points…
    The law DOES apply to public Wi-Fi hotspots, requiring them to provide a minimum level of security to ensure that confidential customer data is not also accessible via the wireless network that the public can use. It also asks that they post a sign saying they have done so, but reminding users to still exercise discretion. The last point is there to remind users of publicly available shared Wi-Fi connections that they may be sitting in a common open network and could be putting confidential information on their own computers at risk. We hope that these users take at least elementary steps to install some defenses on their computers.
    While it would be nice to assume that business owners know they need to secure their wireless networks, many of them obviously don’t. In our 20-minute drive through downtown, Netstumbler showed that at least half the networks had no obvious security. OK, so some may have another layer of security not immediately visible, but --just standing outdoors on a street -- we were repeatedly able to piggyback on these networks to get to various Internet sites. We weren’t going to break the law and hack into “internal” computers on these networks to prove the point, but a variety of studies by others have shown that about a third of these networks are quite insecure.
    One of the biggest reasons Spano took the legislative route was to raise public awareness – and that campaign is still to come. The risks of Wi-Fi use may be obvious to all of you, but that’s simply not the case for all the novice computer users and small business owners who are going out in droves to buy cheap Wi-Fi equipment and then firing it up without doing even the most basic security configuration. (You’d be surprised at how many these people have even left the SSID at the default name that the device came with.) We are creating a brochure that lists the steps one can take to protect their network and will distribute it through local business groups and at events.
    Our hope is that people won’t look at this as just one more layer of legislation, but rather will see that this is an issue they WANT to comply with given the risks.
    Finally, we too think that Wi-Fi is a great technology. But like everything else with technology, we just want it to be used wisely.

    reply to this | link to this | view in thread ]

  32. icon
    Mike (profile), Nov 4th, 2005 @ 3:11pm

    Re: Setting the record straight...

    I'm still confused as to why leaving the default name of the network is such a "security threat." You can leave the name and set up plenty of other security features, you know...

    reply to this | link to this | view in thread ]

  33. identicon
    Chris, Nov 4th, 2005 @ 6:59pm

    Re: Setting the record straight...

    As a Westchester resident for whom you and Mr. Spano work, I wish you would post a link to the text of the law so I could make an informed judgement on its merits.
    As far as I can piece together from your posting and the rather less cogent press release, the law would do four potentially unexceptionable things:
    --mandate firewalls between public Wifi networks and networks holding customer information. I'm free to have an Internet cafe, as long as I process credit cards on a separate, secure network.
    --mandate that businesses handling confidential information use an encrypted network. Does (should) WEP count or only WPA?
    --mandate that businesses handling confidential information install a firewall. If this only applies to wireless networks it is stupidly underinclusive: the threat there is from the WAN and that is there for wired and wireless alike.
    --try to educate users of public hotspots that they are NOT secure. God knows this is needed: half the idiots sitting at computers in Bryant Park have NO firewalls and have Windows shared drives. I have the firewall logs full of UDP=137s to prove it.
    Anyway, Saint Stallman forgive me but I don't hear the muffled tread of jackboots in any of the foregoing.

    reply to this | link to this | view in thread ]

  34. identicon
    Jim Gordon, Nov 4th, 2005 @ 9:36pm

    Re: Setting the record straight...

    What is UDP=137s Please send me some info on how I can setup a better encryption other then WEP witch I found out on a recent tech show is full of holes.

    reply to this | link to this | view in thread ]

  35. identicon
    Chuck D, Jan 31st, 2006 @ 10:07am

    Re: back assward

    All I can say is this is the most ridiculous idea I have heard of in quite some time.. Need I remind everyone that THIS IS A FREE COUNTRY!!!

    reply to this | link to this | view in thread ]

  36. identicon
    Chuck D, Jan 31st, 2006 @ 10:07am

    Re: back assward

    All I can say is this is the most ridiculous idea I have heard of in quite some time.. Need I remind everyone that THIS IS A FREE COUNTRY!!!

    reply to this | link to this | view in thread ]

  37. identicon
    Chuck D, Jan 31st, 2006 @ 10:18am

    Re: back assward

    All I can say is this is the most ridiculous idea I have heard of in quite some time.. Need I remind everyone that THIS IS A FREE COUNTRY!!!

    Not to worry.. This stupidity will never happen.. Here is the federal law protecting the installation of wi-fi systems..


    Also, the Federal Communications Act of 1934 also declared the "Open Skies Policy", so the reception of open radio signals cannot be restricted in any way, and since wi-fi is "unlicensed operation", FCC rules don't really apply to wi-fi anyway, no matter how much they would like them to...

    Quote from the very first paragraph in the FCC rules and Regulations...

    "These rules and regulations apply to person with a license or prior written agreement with the FCC"....

    That is a key statement right there.. If you do not have a license of prior written agreement with the FCC, then their rules and regulations do not apply to you as a free American Citizen in any way, shape or form.. (I know some dwebe HAM operators will argue with that, but you idiots have licenses and prior agreements, so the rules do apply to you..)

    Rules and Regulations are not LAWS... Rules and regulations are optional, like wearing a tie to get into the country club... If you don't want to wear a tie, you can just stay out of the country club.. As soon as you sign and FCC license, you have contractually agreed to abide by their rules and reg's.... So don't ever sign such an agreement...

    The only exception to this is the interference with emergency service communications, and that is a law, not an FCC rule.. Big difference..

    So, not to worry... Anyone who thinks this is a good idea should just go ahead and move to Russia... They will welcome you there... LOL!!!


    Total stupidity that isn't really even worth discussing any further....

    Chuck D

    reply to this | link to this | view in thread ]

  38. identicon
    scary_wumpus, Mar 15th, 2006 @ 12:09pm

    Benjamin Franlin said that any man who would sacrifice freedom for security deserves neither freedom nor security.

    Don't you think that this applies to everything?

    The deal here is that no security is good security.

    Provided Uncle Sam now has access to everything you say, write, and type in your little cubicle, there is no more privacy. There is no more AMerica.

    At this point, we should either fightr back, or put away the Stars & Stripes to make room for the Hammer & Sickle.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Insider Shop - Show Your Support!

Hide this ad »
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Hide this ad »
Recent Stories
Hide this ad »


Email This

This feature is only available to registered users. Register or sign in to use it.