Slashdot Mirror
Unsecured Wi-Fi to Become Illegal?
echucker writes "News.com is carrying a story for a draft proposal for law in Westchester County in New York state that would outlaw unsecured wi-fi connections. Public internet access would require a network gateway server with a firewall and also require home/business office users to install firewalls to protect personal info, even if their connection is encrypted. Violations would carry fines of $250-$500."
It's not like the necessary equipment for this costs money or anything! I'm sure that this will boost internet adoption and make conusmers happy.
using namespace slashdot;
troll::post();
I can see it now :)
It is like fining somebody for leaving their door unlocked and they get burglarized.
This is the epitome of a YRO violation. Interesting it was posted under the Hardware banner.
Ignorance is curable, stupid is forever.
we can no longer steal cable either? =)
Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something. -Heinlein
I can imagine the requirement for encryption and perhaps for some form of logging, but a firewall? Isn't that the responsibility of the users who connect?
Is this a response to the Google plans and various other implimentations of free wireless?
These legislators have gotten downright dangerous, I also wonder, how uesful is an open network for hacking?
If you were up to no good is an open AP the way to do it?
"If any question why we died, Tell them because our fathers lied."
This law would be impossible to enforce anyway. You would have to send a task around to track down all unsecured access points, then bust in the doors of a whole lot of white middle class people.
Dvorak on Doomtech
Make Unsecured OS Illegal too!!!
Um, just making something illegal doesn't stop it. Try doing the speed limit, in Westchester county of all places.
To me, this sounds like one of those "I'm protecting your children from Teh Internets" moves that politicians do periodically when they have to remind the masses that its time to vote.
How about holding someone responsible (gasp) for any malicious activity that originates FROM their network?
I want to delete my account but Slashdot doesn't allow it.
Leaving you front door unlocked is now illegal
If being an idiot were illegal, most of my company would be in prison.
They think they can legislate network security!
They are attempting to protect citizens whose information might be exposed by business without adequate security. All they really require is a firewall which will do nothing. More of this type regulation will do nothing. Businesses need more information and resources to protect their networks, but we all realize this isn't always such a simple problem and is often a moving target. Politicians are THE LAST people I want making network security policy and attempting to legislate it. Sounds like one less reason to do business in Westchester County.
What ever happened to personal choice?
If I want to leave my data connection open for any number of reasons, that's my business. If I want to leave my front door open or not lock my car, that's my business too...
Ridiculous.
We've got a public access wifi point in the building for visiting salsefolks and people from other government departments.
Open you laptop and you'll get 'do you want to attach to PublicWifi?'
It's firewalled off, URL filtered, and aside from http(s), DHCP, DNS, SSH and VPN, nothing else can get through. Further, those ports will only attach to outside IPs. All traffic is monitored, and there are notices in all meeting rooms that Your security is Your problem.
This is a solution that protects OUR network, has zero admin overhead, and still permits the resource...So that's now illegal?
"Draco dormiens nunquam titillandus."
... seatbelt is illegal, too. So why not make a "digital seatbelt" mandatory? I'm just curious how many users that can barely turn on their computer will become criminals with such a law...
Get a free Video iPod!
if this law passes, people will be buying routers that automatically configure themselves to be "secure" with default passwords.
There goes the free internet access my neighbor provides!
Fortunately, he doesn't seem to mind the amount of pr0n I download.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
All provider TOS limitations taken into account, the government does not have a right to tell me i cant share something i *PAID* for with my neighbors.
What is next, banning of the neighborhood BBQ? Cant share that meat and beer you bought with your friends that live across the street. noooo
---- Booth was a patriot ----
When I read this article I was thinking that I wouldn't mind having the job of enforcing this. Then I realized I would have to have the mindset of a parking enforcer to do something like this. Hell, let the parking enforcers take care of this as well. They love a good power trip. Parking enforcer: "Ma'am, your wireless access point is not running a firewall." Some old lady: "My what isn't on fire?" Parking enforcer: "your internet. It is against the law to allow others to use your internet for free" Some Old lady: "Oh, my 10 yr old grandson got that internet thing to work? Isn't he wonderful? He is so smart." Parking enforcer: "Ma'am, here is a ticket for running an unsecure access point. Don't let it happen again." Some Old lady: "How dare you come to my house and threaten me with this! I've been living here for 30 years and have never been treated like this! Parking enforcer: "Ma'am, have a nice day" Slow day at work. I apologize
any business or home office that stores personal information also must install such a firewall-outfitted server even if its wireless connection is encrypted and not open to the public. All such businesses would be required to register with the county within 90 days.
I wonder who is really behind creating THAT database?
http://xroads.virginia.edu/~HYPER/DETOC/ch4_06.htm
"It would seem that if despotism were to be established among the democratic nations of our days, it might assume a different character; it would be more extensive and more mild; it would degrade men without tormenting them."
and
"Thus it every day renders the exercise of the free agency of man less useful and less frequent; it circumscribes the will within a narrower range and gradually robs a man of all the uses of himself. The principle of equality has prepared men for these things;it has predisposed men to endure them and often to look on them as benefits."
I can also whole heartedly recommend Hanse Hermann Hoppe's _Democracy: The God That Failed_. Or even just the quote from Mel Gibson in _The Patriot_, "Why should I trade one tyrant 3000 miles away, for 3000 tyrants one mile away? An elected legislature can trample a man's rights as easily as any king."
It's a good idea to secure ones wireless access point. It's also a good idea to use an infant car seat. I object not that these are bad ideas, but they are imposed at gun point by force of law.
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics
Finding open WIFI is easier then catching speeders.
The speeders are a moving target and you have to be there at the same point in time, while the WIFI sitting in your bedroom is not. The cops have plenty of time to slowly ( and quietly ) cruise around town finding them. Then triangulating them down to the street address, with a warrant to search in hand.
---- Booth was a patriot ----
Isn't this the equivalent of police looking and pulling vehicles over for the driver not wearing a seatbelt? In other words, something that only endangers one self is trying to be prevented, right?
As if it isn't enough that using someone's open Wireless Access Point without permission is illegal, now they're making it illegal to own current wireless technologies? That's like bank robbing being illegal, but they're banning banks just in case. And I'm not saying connecting to open wireless is like robbing a bank, it's just an extreme analogy to show what the law is outlawing.
Saskboy's blog is good. 9 out of 10 dentists agree.
The passkey is 'passkey'. Am I legal now?
No, it is like fining somebody for leaving their door unlocked and letting someone run a meth lab in your house.
If the damage done by those who entered the unlocked door stayed inside the house, it would be no problem. But if unlocked WiFi is used for spamming or malware activities, then it needs regulation. Perhaps the law should be fine-tuned -- to only target those who have unlocked WiFi attached to the internet.
Two wrongs don't make a right, but three lefts do.
O.K. ....
...
.....
1st step: let's force a broken security model (WEP) on all users.
2nd : limit the allowed encryption so all government agencies can come and look into your house
it's like telling someone how to run their servers
wha if I like all my access points running without any crypto and just have a tunnel inbetween my machines, and not ruoute any packets into the net that does not come from that "internal net" or VPN ?
What if i want to see wardrivers trying to mess with my access points?
What if I run Linux or BSD as an access point with my own security measures ?
What if I just hate big brother telling me how to run my home network ?
It's like the safety belt issue : I wear it as once it saved my whole family's life in a nasty crash, however I know people who are scared of it as they were stuck in a car in a rollower accident and they choose to crush their head instead of burning in a car upside down tangled in a seatbelt
Oh, terrific. I can see it now - police demanding access to your computer to make sure you're running a firewall. And of course, the police will be trained to identify any one of the hundreds of firewalls now available, won't they? Just which firewalls will fall within their legal definition of "firewall". I'd like to know. And I'm sure their definition of "firewall" will be well though out --- NOT!
If you ask me, this is just to provide the police with an excuse to upgrade their usual hangout from donut shops to Starbucks.
Well, what next....
I just hope they don't try to tell us exactly how to protect our wireless points. I have several slow laptops on my network, and really don't want each of them to have to encrypt and decrypt everything, and so I work by mac address filtering. No matter how I protect my network, if someone really wants to break in, they'll do it. All I can be sure of is stopping any neighbours or passers by from logging on easily.
I certainly hope this fails as I don't think legislation is the solution to wireless security... at least not in this form. Perhaps it should just be illegal to ship an access point that is open by default. I realize that manufacturers want their products to be easy to use but I don't think it's unreasonable for buyers to jump through a hoop or two before getting a completely open access point if that's what they want. On the other hand, maybe the FCC will get involved. Obviously, they have no jurisdiction over network design and such but any requirement to register an access point sounds a lot like a requirement to register a radio transmitter. It has been long since been established that local governments generally cannot regulate radio devices operating in accordance with the applicable FCC rules.
to the Nanny state! Were people who win a popularity contest (elected) are automatically qualified to know what's best for you.
Evil people don't think they're evil. - George Lucas, Making of Ep III
So, to enforce they would run around and illegally connect (as some courts have said) to wireless access points. Breaking the law (civil) and civil rights (illegal search and seizure, or is this plain sight?) to find out whether you are breaking the law? Wow, okay.
So, I assume the common beat cop doesn't have the skills to determine whether the protocol on a running wireless setup therefore the police departments will have to hire new people. But, with budget cuts there is no more money so they will probably end up using a tried and true system. Privateers. Pass another law allowing private citizens to act as privateers to enforce the law. Their reward will be whatever they confiscate off the unprotected computers.
What do you think?
Quality Hosting e3 Servers
Here's my question, do lawmakers really know enough about WiFi security and firewalls to write a coherent law requiring this? I'd draw the parallel between the FCC and the slow move to HDTV, which they really can't push too quickly because many people don't want/need to pay for a new tv and then pay more for cable/satellite. So since many people (including myself) run old equipment, what type of standard encryption and firewall will the law entail? Will they require WEP64/128, which can be easily broken, or WPA which old equipment isn't compatible with, or another form? Can they force a standard to be adopted by the residents within a county without stepping on the toes of the FCC? To the best of my knowledge, the band that 802.11 works in is public and unrestricted. What about firewalls? Are they going to legislate which ports you can have open? I seriously doubt the lawmakers would understand concerns like this, but should that be the case, how can they effectively legislate a law?
"somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data," County Executive Andy Spano said in a statement.
That's all well and good, Andy but I run an open network and frankly, if somebody breaks into my network that's my problem. I don't need people like you to tell me what to do.
The draft proposal offered this week would compel all "commercial businesses" with an open wireless access point to have a "network gateway server" outfitted with a software or hardware firewall.
I recently convinced a company to share some of its unused DS3 with the community. Yeah, I put it in the DMZ but again, we don't need you to tell us how to design our network.
I've also worked on slfan who objective is to purposely build open networks that are easy to access. If these big-brother laws start to take off around the country you can say goodbye to freedom.
Personally, I'm still convinced unsecure WiFi poses to large of a risk. Just think about what can happen:
- terrorists could potentially drive up, connect, and unleash an attack on infrastructure (power grid, etc.).
- peidophiles could drive up, and transmit their data, then leave... with nobody knowing who they are, and it being pretty much impossible to track down.
- lauching of a virus or bot attack.
No longer is traceroute a good solution to find out who is at the end of the line. Anyone can find any open wifi, connect, do harm... and leave. By the time the damage is realized, they can be hundreds of miles away.
Why would a criminal work from home? Use someone elses network.
It's allowed to be unencrypted, it just has to be running a firewall. Which is stupid. Really stupid.
I don't live in America, so this won't effect me. I just still think it's stupid. I run my own connection free of firewalls anywhere in the chain. Sure, if someone can be bothered, they could get into my files, as long as they spent long enough with a bruteforce. Hell, I even allow root connections via ssh. Unless someone's seriously personally interested in cracking my machine, I don't need one, I only run MacOS, Linux and BeOS on the net, I'm not worred about malware or viruses. My wireless data is encrypted, but it won't keep anyone out, the encryption key is exactly the same as the SSID
The only reason I have that is so the (computer illiterate) people a few houses over don't connect accidentally, and use my bandwidth for no reason. Hell, I've connected to their router and changed its channel and such to produce the minimum interference between them.
I don't care if a guy nearby has lost his net for a bit, and so uses mine for a backup. I don't care if someone driving through switches to my connection.
If someone is using too much of my bandwidth, I'll just block their MAC address for a bit. Sure, they can crack that. If they do, I'll just change my WEP password. They're bored enough to crack that as well? Fine, I'll just stop my router from giving anymore DHCP leases than I use. Meanwhile, I'll track down where they are, using the many machines and people I can pull up to pinpoint where wireless traffic is. Then, I'll go over and kick the shit out of them.
So far, no one's ever done anything with my connection that's pissed me off. I've had people talk to me on rendezvous with iChat (Or whatever it's called now, the LAN chat thing) and thank me for letting people connect.
I like sharing my internet. I once set up a directional antenna so that a friend some ways over could use it when his cable company had screwed things up.
For the love of god - seatbelt laws were enacted because the consequence of not wearing a seatbelt was a much higher probability of DEATH in an auto accident (and assuming you are just injured, the associated higher costs of health care which has to be borne by everybody) - hardly the result of someone who "hack[s] into the [your] network and steal your most confidential data". Jeez, even that quote, "the network", like there is only one shows how clueless some of these politicians are. Now we need laws going after WiFi providers who don't secure themselves sufficently?
Let's pass some other useful laws, then:
1) Fine people who use unpatched OS's, or OS's with KNOWN, UNPATCHED security holes. They cause all those net problems!
2) Fine people who don't lock their car doors at night. They're letting car thieves make a living!
3) Fine people who purchase something without collecting a reciept - they're enabling tax fraud, and employees ripping off corporations!
4) Fine people who plug in electronic equipment without surge protectors in place. They're tempting God to wreak havok with his lightning bolts!
When did it become acceptable to penalize the victims rather than the criminals?
(/rant)
Our politicians should do what matters for the ordinary folks like fixing health-care and other services, then legislate on matters like these. Is that too much to ask for?
In related news, the FBI has announced that the residents of Westchester county will be required to set up their secure wireless networks in a manner that will allow access to federal officials for general eavesdropping operations.
Looks like they want to cut off all the free wirless access so they can charge you for it. Aren't you glad they care about making your internet safe?
Seriously though, one poster asked jokingly why they aren't banning insecure OS's and it sounded funny, but it does point out a problem with the bill. Certainly people running insecure OSs are just as bad for spam, and illegal activities as are free wireless, yet nobody is proposing a bill to fine those users. Naturally, if someone proposed this, MS would throw a shit fit.
-- Knowledge shared is power lost. -- Aleister Crowley
Improving Wi-Fi Restriction Systems
Many analysts would agree that, had it not been for SMPs, the study of RPCs might never have occurred [12]. In fact, few cyberneticists would disagree with the analysis of flip-flop gates. In this work we probe how rasterization can be applied to the understanding of simulated annealing.
Table of Contents
1) Introduction
2) Related Work
3) Design
4) Implementation
5) Experimental Evaluation and Analysis
* 5.1) Hardware and Software Configuration
* 5.2) Dogfooding TOTEAR
6) Conclusion
1 Introduction
Recent advances in knowledge-based theory and psychoacoustic symmetries are largely at odds with interrupts. In fact, few security experts would disagree with the theoretical unification of massive multiplayer online role-playing games and scatter/gather I/O, which embodies the natural principles of cryptoanalysis. Given the current status of psychoacoustic algorithms, end-users clearly desire the construction of evolutionary programming, which embodies the unfortunate principles of programming languages. The synthesis of gigabit switches would tremendously degrade the lookaside buffer.
To our knowledge, our work here marks the first methodology deployed specifically for embedded configurations. The basic tenet of this approach is the study of consistent hashing. Our solution caches the analysis of agents, without architecting semaphores. This combination of properties has not yet been visualized in prior work.
On the other hand, this solution is fraught with difficulty, largely due to collaborative symmetries. Two properties make this solution optimal: our framework should be deployed to locate authenticated technology, and also our heuristic is built on the synthesis of A* search. On the other hand, metamorphic theory might not be the panacea that systems engineers expected. Two properties make this solution perfect: TOTEAR turns the multimodal algorithms sledgehammer into a scalpel, and also TOTEAR learns ambimorphic epistemologies. Indeed, superblocks and DHCP have a long history of agreeing in this manner. Thus, TOTEAR harnesses virtual configurations.
TOTEAR, our new methodology for multicast solutions, is the solution to all of these problems. We view networking as following a cycle of four phases: development, investigation, management, and refinement. By comparison, indeed, forward-error correction and cache coherence have a long history of agreeing in this manner. Though similar algorithms refine the deployment of Smalltalk, we fulfill this purpose without investigating spreadsheets.
The rest of this paper is organized as follows. For starters, we motivate the need for e-business. Similarly, we validate the analysis of hierarchical databases. As a result, we conclude.
2 Related Work
Several signed and multimodal systems have been proposed in the literature. The original method to this obstacle [14] was adamantly opposed; unfortunately, such a hypothesis did not completely achieve this goal [7]. We had our solution in mind before Maurice V. Wilkes et al. published the recent foremost work on the Turing machine [4]. While Martin and Bose also constructed this solution, we emulated it independently and simultaneously [2]. All of these methods conflict with our assumption that neural networks and wireless modalities are theoretical [11]. Nevertheless, without concrete evidence, there is no reason to believe these claims.
Our application builds on prior work in self-learning technology and networking [16]. Next, the infamous framework by John Hopcroft does not refine object-oriented languages as well as our method [17]. A comprehensive survey [4] is available in this space. Along these same lines, the foremost framework by Bhabha and Zhao does not control Smalltalk as well as our solution. Recent work by Taylor [17] suggests a methodology for architecting atomic theory, but does not offer an implementation [18,1,3,8,13
Violations would carry fines of $250-$500."
About time. I figure the only way law enforcement is going to enforce internet good practices is if it becomes like traffic tickets. Get caught, pay the fine. This is a good idea unless you want your access point open.
I don't mind if people use my open relay. My boxes are firewalled and sharing is what made the internet so great. I believe this law is much more about control than security with Telcos joining the long list of companies that are scared of community competition.
...or some other kind of danger you can leave your door unlocked. Otherwise the home owner is liable for keeping their pool locked so the neighborhood kids don't sneak in to swim and then drown. Not that I think this law is a good idea but the better weak argument I see for it is the "keep the dangerous internet locked away" argument.
this space intentionally left blank (oops)
The technical term is 'ultra vires'. That means that if the feds have the right to regulate something then a local government can't attempt to regulate the same thing. It is applied differently in different places but one example I have seen unfolded as follows: The feds gave a radio station a license to erect their transmitting antennas. The local municipality tried to pass a zoning bylaw to forbid the antennas. The radio station took the town to court and had the bylaw pitched out because it was ultra vires. As you point out, the feds have the right to regulate anything to do with RF.
Dangit there goes my free access to Cerebro
While it sounds like this particular proposal was written by people who just don't understand, maybe it will give people with a bit more clue (and authority) an idea.
People were talking about this being like getting fined for leaving your door unlocked. How about fining a landlord who doesn't provide locks on the doors? With the prevalence of wireless "internet router" units, many of which include basic firewall functionality, it wouldn't take much of an upgrade to make this work well. Anything that provides 802.11[bg...] should have a firewall built in and come with a VPN client - anything on the airwaves is then firewalled AND encrypted. How much would this really cost the industry? How much would it benefit the public?
Violations would carry fines of $250-$500. But on the other hand, Public Drunkenness is a $250-$500 fine, and I do that all the time.
Partial Credit: The Engineer's Best friend
"Well, the bridge didn't fall all the way down!"
...RIGHT HERE!! BOOYAH!!
If I were doing something online that this administration or my community finds particularly heinous, and they tracked me down by my IP address and busted down my door, I could simply stipulate "fuck off, it wasn't me, somebody must have hacked into my access point." It would be up to them to prove otherwise. Now they have something new to go at me with. Our elected officials' perverse fascination with the goings-on of its citizens and our willingness to let these things slide is going to be a really big deal in the near future. Oops, did I say that out loud? There'll be a van parked across the street sometime soon I expect.
The way the trend is going, we will be legally required to encrypt our connections.
OK, then when the law hops in and screams bloddy murder because they can no longer tap into our traffic, THEN what do we do?
They're all idiots. It's just that simple.
I work for the Department of Redundancy Department.
Enable encryption on the access point and then make the encryption key publically available.
Electronic Music Made Using Linux http://soundcloud.com/polyp
Very informative.
It's now illegal to carry a wallet without a wallet chain.
While not a perfect analogy, that's what this idea sounds like to me.
head - on. Make Mafiasoft illegal. The root of the problem. Puff.
keep doors and windows unlocked in your home?
Power to the Penguin!
As a resident of Westchester county I find this laughable, sitting here I see 3 open networks from my neighbors and find it a great comfort in the event of network problems. The county's view is posted here posted in an article called Gasoline and Katrina (nice job webmaster). As a westchester resident of 12 years I can imagine only 2 reasons for this, 1 to make it look like they're active in protecting the people, who in Westchester would love to make a point that *their* county is fighting for them on the tech front. The other point which might provide a bit more incentive is a Corporate interest. Someone is sure to make money off of this, and not just be the county from collecting fines.
It's either they really care about the security of the resident's home wireless networks or they're planning some municipal "Wi-Fi" subscription service and they want to eliminate the free competition and have a monopoly for themselves. If they really cared, instead of fines, they'd create a free guide on securing a wireless connection and distribute it at the town hall and/or in the local paper. I'll go with 'eliminate the competition' it's all politicing, there has to a reason other than "for the public good" for why they want close down all the open networks. Hatch is owned by the **AA, maybe they've been bought out by Verizon broadband wireless.
1) take down all open wireless networks (sources of free Internets)
2) install municipal subscription service at $9.99-$59.99/mo
3) PROFIT
F7 doesn't work, ignore spelling and grammar
Here's a reality item for you. The terrorists do not need to be in your neighborhood to do this. Hell, they don't even need to be in the country for that matter. Simply put, there's enough out there in the way of infrastructure on the Internet, why in the heck would they endanger themselves by even being in this country when they could attack from anywhere else in the world, using their own or someone else's subborned gear.
Simply put, that's not a concern.
Again, yeah, they could DO that, but why bother? Especially when they can do it clandestinely enough with their own resources or a subborned set of systems. If they've got the skills to compromise WEP, they typically have the resources to cover their tracks- and it's still a mis-use of the system and they could get caught easier by doing what you're talking to.
Geez... You're not with it these days, are you? Hell, Sony even sets it up so anyone can clandestinely do this- all from the comforts of home without ever running the risk of getting caught. Besides, how many of the virii, trojans, and worms got started this way? I'll bet few to none is the answer to that one.
Uh, this is new HOW? It never was a good solution to rely solely on traceroutes- how many subborned machines does the attacker have? Is the end machine that did the "attack" owned by the attacker or 0wn3d? It doesn't matter if the network and machines are wireless or not. Honestly. They don't even NEED to drive up to your unsecured wireless network to do things like you describe- and not get caught. So, why go to the trouble of driving about in the first place- you're actually more likely to get CAUGHT because you need to be lurking in a neighborhood for a while just to be able to even DO things in most cases. They won't unless their idiots. Honestly.
It's always been this way with the Internet. You didn't know this? Well, sorry to tell you this, but it's been this way for decades now- and wireless is just one more way, no easier or harder, to accomplish this sort of thing for the criminals. It's nothing new. Open AP's doesn't make things "easier". Security is something of a mindset in the first place and legislating it isn't going to fix it.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Comment removed based on user account deletion
Hi, I'm new here, and I read the article.
I see where this would require the purchase of a router with built in firewall, instead of a router without. Isn't that pretty much standard, now?
I see where this would require arbitrary WAN connections to be firewalled from your LAN, and probably from each other.
I'm not seeing where this would require a passkey on an open WAP.
Comment removed based on user account deletion
Oh wait. Mine's already secure. Never mind.
Clarity is good. And to be clear, I am NOT in favor of this law. I'm only pointing out that the unlocked/burgled house analogy is deeply flawed because the damage isn't limited to the unlocked house but extends to others on the internet. If we are to debate the problems with this law, we do need to be clear that the law is intended to limit criminal's access to the net via unsecure and largely untraceable means and that the potential harm extends beyond the interior of the "unlocked house". You are 100% correct that this is a law that criminalizes what is not, on the face, a criminal act. Perhaps this law is more like one that says a person can't leave a loaded gun in their front yard. Perhaps, like so many things about the net, no meatspace analogy is going to work.
Personally, I am in favor of expansive personal freedom bounded by personal responsibility and civil, ethical behavior. Yet I (and many law makers) notice that some people like the freedom, but don't hold up their end of the responsibility/civility side of the bargain. The result is loathsome nanny-state laws like this one. I may be against this law on a personal level, but I can understand on an intellectual level why this law is a direct consequence of the current state of the internet.
Two wrongs don't make a right, but three lefts do.
Thousands of people are volunteering their time to set up free wireless community networks while some idiotic burocrats are trying to criminalize free sharing of bandwith? This is not just plain stupid but dangerous for innovation in wireless network technology. I am running a free access point for everyone to share just I would expect to find open wireless access while on the road. This is what free wireless community networks are about and if we don't defend our freedoms to set up those type of distributed network infrastructure we all end up paying $49.95 every month to some crooked "service provider" for some lousy bandwith instead of coming a step closer to a decentralized and free internet.
The companies that manufacture the routers such as Dlink and Linksys should ship the routers with preconfigured WEP so the lamer newbies don't just plug their routers in and assume everything is great since it seems to work. Most cable connections (using DHCP) will work immediately after you plug the router in. However they are wide open to the world and to any individuals who want to surf, download, upload, view child porn or launch viruses or hack machines or make threatening emails etc... I'm all for wardriving here don't get me wrong but I can see the problem getting worse as time progresses
Isn't this preempted by FCC law?
How does this reconcile with the demands of organizations like the FBI that want remote, on-demand access to network traffic?
If the traffic becomes encrypted, then it is just asking for legislation to require registering your encryption keys with law enforcement.
To-do List: Receive telemarketing call during a tornado warning. Check.
Hmmm.. Interesting analogy. Actually, its more like if you GIVE your cars keys to someone and they commit a crime, then you are liable (I'm not saying you are liable or should be liable, but that is the proper analogy). After all, the criminal's computer asked to connect to the unlocked WAP and the WAP said "OK." The criminals never "enter" the unlocked WAP or "stole" the unlocked WAP. Instead, they use a standard public protocol to ask to use it and it's up to the owner to configure the WAP to allow or deny that usage.
Two wrongs don't make a right, but three lefts do.
This is great legislation.
1) Users agree to deal with everything in the air. (Part 15)
2) For must internet users this violates their EULA anyway.
3) If I understand this right, only one user can use an access point at a time.
They do a lot of things in Canada that should be regarded with horrified disgust by men who are free.
Y'all are subjects, not citizens. Chattel. Cogs in the Good Government machine.
-ccm
Too much Law; not enough Order.
all the metaphors, my my.
Reality check: the Internet is a communications protocol. Not a physical entity.
Not metaphor: phone system of olde. Anyone who walked into your home could pick up a phone and commit wire fraud, any number of identity theft scams using your phone number, could call Mexico (happened to us) hundreds of times and stick you for the bill.
Were you liable for these acts because your phone did not have a physical lock on it? (No encryption back then for normal folk).
Metaphor holds because people accessing your wireless access are not breaking into your house; they are merely picking up a party-line phone. This phone was DESIGNED to be a part-line system. Anyone on it understands that. Act accordingly.
And encryption is nonsense. I've been around long enough to know that ANY security system can be hacked. Just hold your breath and wait.
Here's a solution: leave the law the hell off the Internet. Let mesh networks blossom, leave people the fuck alone, let video fly through the air, lasr backbones branch from neighborhood to neighborhood, phone companies strange to death -- LEAVE US ALONE. The laws covering child porn, fraud, harrassment et all already existed. This is an issue of command and control, not "crime". If businesses don't want to be hacked, let them collectively build an encrypted PRIVATE system on fiber and data lines, just like they used to, and keep off the citizen's internet.
LEAVE PEOPLE ALONE, YOU WANKERS!
In my office WAP, when I turn on WEP encryption, things slow down and even there are connexion problems, so the PHB asked for encryption removal, and I did. Anyway, we are in the middle of nowhere.
DNA in your Linux: DNALinux
Just make the ESSID "the_key_is_123456789abcde"
Those users who are less techically-inclined usually have problems enabling encryption on their wireless networks. Sometimes it is due to the poor documentation (e.g. undescriptive and full of jargons) of the wireless router / access point; sometimes it is the poor implementation (e.g. confusing user interface) that hinders the use of encryption on the wireless network. And because of this new ruling, there may be many home/business wireless network owners fined for their insecure wireless networks.
w00t
I think they should ban themselves from being able to make network policy.
Looking at the words, one would thing that would be the case. I'm guessing you must be British. Amazing how much difference an ocean and a couple hundred years can have on a language. Burglarize defined in the U.S. I happen to like burgle better though. It seems much truer to the meaning of the word+suffix.
There's no place I can be, since I found Serenity.
Public face: Let's make sure everyone has a secure network for their own protection.
Private face: Let's make sure peopole can't set up free wireless access points in their neighborhood that will take profits away from ISP's.
The "private face" statement isn't necessarily a bad thing. It's like having a tenant in a basement suite and sharing your cable TV with them. But I don't see why it needs to be legislated; let the ISP's make it part of their terms of use.
Find environmentally and socially responsible products on http://buy-right.net
Let's see....from the article:
...without even hardly trying. Let's call this move what it actually is, a method for a municipality to raise revenue, plain and simple. And all under the guise of 'security' for your own sake.
"Violations of any part of the law would be punishable with fines of $250 or $500."
"Representatives from the county's information technology department drove around downtown White Plains, N.Y., with laptop computers and detected 248 open wireless connections in less than half an hour, the county reported. Half lacked "visible security" features."
So, half of 248 is 124 x $500 = $62,000
Plus whatever they charge to 'register' each of the 248, say...$100 = $24,800
$62,000 + $24,800 = $86,800
I'm surprised they're not claiming it's "for the children" for Christ's sake.
All those nice things that if done from their own isp connection would get them kicked off by their ISP or have the police visit. Guess who gets the blame? All traces stop with the person who owns the internet connection.
So when the P2P police come calling if I'd had an open wireless connection it provides an element of doubt that I am guiltiy, which is pretty handy (if you're into P2P). If I used P2P a lot I'd do it from a box that operated only through my wireless connection - then any records don't even show the MAC address of your primary computer and you could ditch the box quickly if you got The Letter.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I don't believe Westchester county, or the state of New York for that matter, has any authority to regulate radio frequency transmissions. I believe only the Feds (specifically the FCC) can do that. So I suspect that the law, if enacted, would be invalidated as soon as it is challenged in Federal court.
Punishing the average user for their ignorance of wireless security is even more stupid than using an insecure wireless connection for shopping online. Most people for whom I've set up wireless networks don't understand what WPA or WEP is, or why they would want to stop people from using their internet access. Who is this targeted at anyways? I agree I would like BUSINESSES that deal with MY money to have strict security applied to their network (And I'm not against government regulations on that one...), but to require ALL computer users (Home users included) to secure their wireless, is asking too much...
And while we're on the subject, as far as I know all the standard wireless encryption protocols are so easily crackable that you may as well be running an open access point. So I suppose if they try to mess up my business model I could deliberately choose a weak encryption protocol with the expectation that it will be cracked.
So I'd like to ask the guys working on this law, with all respect, "What, are you fooking retarded?!"
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
.. only outlaws will have unsecured Wi-Fi.
Well duh, firstly if _anyone_ can go and find a hot-spot and completely anonymously get online with absolutely no trail back to them without the use of pesky 'real' policing techniques like 'stake-outs' and 'witnesses' and 'deduction' then you have a problem. All these investigations cost time and money and the authorities need to be able to listen in to phone and net connections for anyone instantly. Wireless net access is ok, if you're using GPRS etc that's tied to your phone account and you can be traced, if your using a paid hot-spot you can be tied to an account, credit card, or a Starbucks security camera.
Secondly, if you can convince a court that anyone could have been using your internet connection then how are they going to convict you of visiting 'banned' websites? If you can always blame it on 'the guy outside your window' then you might as well be given an anonymous free-for-all to go anywhere you want on the net.
Last but not least, if people keep leaving their access points open, there will be no market for paid services. What if you lived above a Starbucks and just happened to leave your connection open? now who's going to pay premium rate fees to access a semi-reliable connection when there's a free one available that doesn't charge 'by the hour' and wont block ports.
This comment does not represent the views or opinions of the user.
Mmmmm...salse.
She was a spicy little number; when I bit into her little pepper, the fire alarms went off!
This is meant to stop people from giving free internet access. Look at who is pushing the bill, their voting record, and contributers.
I don't think this law quite hits the spot, but at least they are paying attention: businesses should be subject to stiff penalties, fines, and restitutions if poor security discloses any kind of private or sensitive information about their customers.
Why not go to the source? Pass a law requiring that all WAPs have sufficient security built in and easy to configure? Require all OSs on computers sold in the state to meet a certain level of security?
We've reached an interesting point in our society. The proliferation of advanced information and networking technology has made it such that any person who wants to be part of the "revolution" has to either become a semi-expert on OS and networking technology, or be part of the problem. Nobody wants to be responsible for security breaches, DDOSs, or Spam deluges -- they just don't have the time or the ability to educate themselves on how to prevent it. If legislators start placing a burden on those users to be responsible for such things, what is most likely to happen is that people will just stay away from the technology for fear of inadvertently breaking the law. Why not place that burden where it belongs, on the people who do have the knowledge and skill to increase security -- the manufacturers and software developers?
This proposal is patently absured. We already have laws on the books for protecting personal information in the corporate landscape. Haven't they heard of HIPAA? And that's not the only regulation of its kind for protecting sensitive personal information. The finance industry has all sorts of regulations they have to abide by.
My suggestion for those that feel they MUST legislate to protect private/personal information: make it illegal to traffic sensitive *personal* information and put companies like ChoicePoint out of business for good.
"On a scale from 1 to 10, people are stupid"
WEP is the very insecure and can be cracked in 8 hours
for more on the wireless take a look at this page from my website Wireless Security
So we can borrow your stuff. :)
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Missing poll option:
( ) I live in Westchester County
Why not just ban the sale of wireless access points that can only be secure as WEP (or less)? There's probably a ton of WAPs being sold that only support WEP right now.
I'm a bit puzzled by the notion of a "firewall" put forth in this proposal. From TFA:
The proposed law has two prongs: First, "public Internet access" may not be provided without a network gateway server equipped with a firewall. Second, any business or home office that stores personal information also must install such a firewall-outfitted server even if its wireless connection is encrypted and not open to the public.
So what kind of firewall is this? It certainly isn't the kind of firewall you can buy at Staples and install out-of-the-box. Normal appliance routers are designed to block inbound connections from the Internet to the local network and masquerade internal networks out onto the Internet. If the point is to protect sensitive business information from WiFi intruders, it would require a custom firewall configuration that blocks access to the local network by WiFi users. Where are these firewalls supposed to come from, and who is supposed to do the custom configuration required?
Of course, if all the proposal means is that the business have some type of firewall between the local network and the Internet, it provides no protection for the data on the local network at all. What's the point?
If registration is required, there will be a registration fee. That should bring New York City a few more tax dollars.
As it happens, I was just reading a slightly old (May 2005) issue of Bruce Schneier's Crypto-Gram that I'd printed off and not finished reading. it had a link to this article about the possible legal liability you carry for running an open access point.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Also, Bender loves to burgle, hasn't anyone watched Futurama? Clearly a superior form of the word.
"If a software company releases software that causes (through bugs, incompetence, negligence) damage, financial harm, or physical harm (ie bad software controls for automatic equipment) they are somehow held NOT responsible?"
----
In a word, yep! When the Y2K issue came up, an awful lot of companies paid millions (or at least thousands) to fix the bugs themselves. If all the software authors were held liable for the error, it should have all amounted to no-charge fixes instead. When my Pinnacle Video Studio software didn't properly talk to my JVC camcorder, rendering it useless, the only recourse I had was waiting and hoping they'd provide a bug fix on their own. The list is endless here, and I'm not saying it's "right" or "wrong", but just that it "is". Right now, software isn't treated the same way as more tangible products. You can make all sorts of claims on the outside of the box, but if your software product fails to function properly (including not even running at all on your hardware!), you're pretty much stuck trying to resell it as "used" on eBay or something, or opting to keep it, hoping the developer will be generous enough to provide a free "fix" for you.
This is not unusual from a state that makes it a crime to take a picture from a bridge. Camera use prohibited, pffft, morons.
I get concerned whenever we try to force people to use common sense. America has always been about us having the rights and freedom to screw up our own lives.
Another crazy example - in Charlotte, NC you can be fined for leaving your car unlocked at the gas station when you go inside to pay for your gas!
Amazing!
Ok I understand what their wanting here is a way to comp ISPs.That's fair. What I'd like to know is have they acounted for new LANs? do they just want me not to broadcast my SSID or BBID? What happens when you forget your password I know that most of the time that's not a problem. I don't always remember it because apple hates me and I can't use a 'regular password' for my linksys wrt54g (it was given to me as a present.) How do they determine 'setup'? I am actually cerious here. My ISP so far has no policy one way or the other about privaate AP's (it's quest and this is true as of early July it may not be true now or the tech{s} I got may have not known]. How do they account for community networks? I know my library has one and needs more people to bridge to it to reduce the burden by defination I'd get fined 500 a violation.
This is yet another law added to the long list of crap laws that won't be followed/anforced.
Does anyone remember for a moment the Boston Airport situation, where Continental was offering free WiFi (unsecured I imagine) for its first class lounge (or whatever) and the company that was trying to charge people for WiFi connections at Boston Logan had a shit fit?
Now I don't know who's behind this law, but consider for a moment companies like Verizon or other companies who charge for WiFi. If they can find a way to shut down ALL free WiFI access, then their service becomes ... well they can charge people for it, and people will have to use their shitty "pay per hour" system...
I'm not wearing a tinfoil hat or anything, but I'll bet you the people behind this is a company with a vested interest in shutting down free WiFi... almost stinks like a bookstore wanting to shut down those damn free "libraries"... :)
It's like the safety belt issue : I wear it as once it saved my whole family's life in a nasty crash, however I know people who are scared of it as they were stuck in a car in a rollower accident and they choose to crush their head instead of burning in a car upside down tangled in a seatbelt .....
Maybe always wear a seatbelt and carry a knife? Plus it is the act of being ejected out of the vehicle in a rollover that kills most people. Not wearing a seatbelt is a stupid proposition and the analogy doesn't follow either.
Does this mean that I can't have my wireless encrypted and put the password on a lawn sign? Maybe it does.
Does it mean I can't make friends with everyone who drives by and THEN tell them the password?
xkcd.com - a webcomic of mathematics, love, and language.
Initially, I thought this was because lawmakers wanted to stop criminals by forcing secure networks. This would be akin to fining me if my car was stolen and I had left it unlocked. The criminals are going to be criminals, and punishing the common man for the criminals isn't going to stop them. In most cases, companies will set up the bare necessities to meet the law (should it be enacted), which probably won't be enough to stop someone who really wants to get in.
However, after RTFA, it seems there's an ulterior motive: without it, "somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data," County Executive Andy Spano said in a statement.
While I appreciate the government looking to protect my identity (though this is more likely about corporations), this is the wrong way to go about it, considering the average level of technical knowledge in this country. (I don't know how that compares with the average level of technical knowledge in Westchester County.)
Programs should be set up to inform the public; perhaps require (and help pay for) documents to be included in wireless access points that warn about the dangers of unprotected networks, as well as detailed instructions of how to enable various protection schemes.
Man, I guess all the other problems in NY are solved, and now the lawmakers have too much time on their hands....
Basically this places 100% of the burden on the end user. It adds nothing is the way of punishing people who do the actual theft. So now if your identity is stolen, the county will say your failure to secure the perimeter was your tacit agreement to be robbed.
You KNOW that most Average Users (and yes, I know some average joes that set up their own wireless networks) can't even understand what a firewall DOES, let alone know how to set it up.
Show this to your friends and family that don't know what a real hacker is
*If* you argue that this is an FCC thing, you can't use the interstate commerce clause of the Constitution to argue it. Though this law could potentially affect businesses which do engage in interstate commercial activities, its primary thrust is to regulate the activities of these companies on a local level. That's why it's a county law and not a state or federal one.
I can see this kind of thing passing anyway because politicians typically don't have a very clear grasp of technology, but I'm not sure how readily anyone could challenge it in court. Would you use the "This is bullsh*t, yo" defense?
You guys have this all wrong when it comes to the "locked door" analogy. I figure the reason they are doing this is so that when they bust pedophiles, crackers, and other criminals, they won't have the excuse that someone else must have logged into their open access point and committed these crimes. BTW I am in no way for such a law.
LS
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
while I appreciate your zeal, Comrade, I must remind you that you are posting
on a computer forum where foreigners discuss issues in the context of their
imperialist regimes. Rejoice however, that even our greatest enemy is copying us.
In the past years their state has become so much more like our own beloved state
as they are finally getting rid of these obscene so-called "liberties" of theirs.
Wait Comrade, and be patient. They have a lot to catch up to but also they are
working very hard to become like us.
And of course it's phrased such that it's all about "security" when the real security impact is low to nil. The real purpose here is to make it difficult/illegal to share connections so that everyone has to buy their own. Admitting that motivation out in the open, however, would be the immediate death knell for this thing.
Almost every bill comes back to money; figure out who profits and you're one step closer to finding the real reason behind things. Sometimes it's corporations, sometimes it's increasing fundraising ability, but in the end it's all about cash. On the other hand, I'm just a jaded voter - maybe someone in washington really is totally altruistic and just wants the world to be a better place.
It is already illegal under The Homeland Security Act to have an unsecured access point, although you will usually only be charged if terrorists use your connection to plan or carry out an attack..
The draft proposal offered this week would compel all "commercial businesses" with an open wireless access point to have a "network gateway server" outfitted with a software or hardware firewall.
If *anyone* who commented already had read TFA, they would see this proposal is trying to protect user's condifential data by forcing commercial businesses with a wireless network to protect it in some way. The problem is that it would apply to places like coffee shops which don't really have anything to protect anyway.
As I recall, the frequency range covered by Wireless 802.11 A,B,and G (approx 2.4 and 5.0 GHz) is in the unregulated spectrum. OK that might not be the exact technical term (repliers invited to provide correct details).
I think that any attempted regulation here might only be within the realm of the FCC's authority. Is this body within its rights or authority to attempt regulation on this?
Since the proposed law doesn't appear to specify any minimum levels of access that said hardware firewalls _MUST_ block, said firewalls could simply be configured by their respective owners to allow whatever access was desired (even if that _IS_ wide open... it shouldn't matter, because it's conformed to the law by having the firewall present).
File under 'M' for 'Manic ranting'
You know the name of that town 'not' to live in?
for this little thing called the US Constitution, which provides free speech guarantees, and which this law certainly infringes. IP is just another form of communications.
"National Security is the chief cause of national insecurity." - Celine's First Law
when did I move to China?
We all know that's the kind of thing an idiot would have on his luggage!
Are trivially secure networks "open?" If not, then this law is meaningless. If so, then without drawing a clear line between "secure" and "trivially secure" (which would be impossible), then this law is meaningless.
Ergo, this law is meaningless.
This violates federal law and federal regulations and is thus unconstitutional since neither a local authority nor a state can pass a law that contradicts federal law.
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
that they were outlawing all Wifi? Why all the words to say the same thing?
Scott Swezey
The original English word in this group is the noun "burglary", quickly followed by "burglar", both of which are first attested in the early 1500s, and ultimately derive from the Indo-European root *bherg, which means "high". The verb "burglarize" is a regular verb form, dating from the late 1800s, formed from "burglary" by the same process that gives us "scrutinize", "sympathize", etc. The British form "burgle" is an (apparently originally humorous) back-formation, also dating from the late 1800s, but not widely considered acceptable (in Britain) until somewhat later.
I wrote to the dynamic looking and very photogenic Andy Spano via his web site: http://andyspano.com/contact.html
r eless.htm
Dear Andy Spano,
I am writing to suggest you reconsider your bill imposing penalties for WiFi access points that fail to meet various arbitrary criteria intended to control access.
http://www.westchestergov.com/WhatsNew/Press/PRwi
There are three reasons why this legislation is fundamentally flawed:
1) It is an utterly ineffectual way to protect the LAN. A firewall, as required by law, is merely a complication in the process that may or may not provide any useful security depending on the way it's set up. The term itself is effectively meaningless and the function far too technical for any typical user to understand. To be effective, the city would have to hire enough personal technology consultants to train every single resident. Otherwise a firewall that filters packets between the LAN and the WAN does nothing to protect a wLAN attack. Filtering between the wLAN and the LAN merely breaks the functionality of being able to attach devices wireless to the LAN. Strong filtering on the wLAN breaks the value of offering free WiFi hotspots.
Every single installation has installation specific security concerns unique to that particular installation. What works in one, won't work in another.
2) It is utterly irrelevant to the stated goal of reducing identity theft. Nobody bothers driving around to steal credit card numbers. It would be beyond stupid to waste time and gas and money to actually drive somewhere to just maybe catch the odd not SSL encrypted email containing a credit card number. Normally financial transactions are carried out over SSL encrypted web sites and sniffing the LAN, firewall or not, provides no useful information without breaking the SSL encryption. Identity theft happens by phishing or by breaking into company servers. Punishing end users for bad server security with a pointless and ill-considered law might sound like fun, but it does nothing to reduce the theft of financial information. Any cracker smart enough to hack into a server will hack into the server of a company that stores credit card data en masse, like CDnow or something, and steal hundreds of thousands at a time, not one by one. This bill is like trying to stop bank robberies by forcing people to lock their doors.
3) It is heinously intrusive. It is like passing a law to fine people for not locking their doors and windows, even second story windows, and sending cops around to check up on them, even if they have other means of security like an alarm system, a security dog, or being good friends with their neighbors who keep an eye out for them. It seems fundamentally wrong for government to micro manage people's lives in such an intrusive and unjustified way.
I am sympathetic to the goal, but any legislation should address the crime itself, not dictate a method for reducing it (especially when the method is merely onerous and irrelevant). A valuable bill would make companies liable for customer information and the cost of mishandling it. If a business requires information from me that represents a liability, they should be required to take responsibility for that information as a cost of doing business in that way. If they take and store my credit card information, and fail to secure it, they should pay the cost of that failure. They should not be given a safe harbor for having installed some easily circumvented "firewall."
Isn't this a bit like making it illegal to touch a hot burner on a stove? Yeah, I think people will still do it.
My neighbors can get a $20 pair of binoculars at WalMart and watch what's on my unsecured TV set through the living room window.
Lock me up.
This is like telling muggers to knock themselves out trying, then arretsing the victims.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Nothing can match a double cheese Big Mac on a rainy summer night
dem things are tasty!
Sure, they can pass such a regulation, but any communications limiting regulations are unenforceable in most states. In Canada, only the Federal Government can regulate communications. So, yeah, nothing to see here, move along...
Oh well, what the hell...
Guess it's time to get familiar with the Zone CD.
http://www.publicip.net/
Say I were in business building widgets. I decide a Wireless Access Point (WAP) would be helpful for my inventory pullers. Let's also say my WAP is wide open(either by choice or by incompetence) and an outside party violates my data. The fact that my clients' data was leaked by my lack of acceptable safety measures is bound to surface at some point. This could poison my reputation with my clients who may take business to XYZ corp who make equal quality widgets but secure their transmissions. The nature of capitalism ensures I take appropriate precautions.
You cannot legislate common sense.
Beware the fury of a patient man
- John Dryden
If you put the key in the SSID, clearly labeled as such, problem is solved. Whoo hoo.
That's all the "publically available" I need.
This piece of craptacular legislation is almost as useless in preventing computer crime as the Patriot Act is in stopping terrorism.
A) For every security measure, there are three well-known ways around it, four attacks that exploit those weaknesses, five not-so-well known weaknesses, six hackers developing attacks to exploit the lesser-known weaknesses, and seven more hackers dissecting the code to find more weaknesses.
B) There will always be idiots who don't use proper computer security, no matter how many times their boxes get owned (or how many times fines are levied).
C) Most people use these security measures anyway - yeah, it'll stop the typical skriptkiddie attacks, but a determined hacker will find a way in, no matter what you do (unless you stay off the Internet). FFS, even the security-conscious-to-the-point-of-paranoia CIA/NSA/KGB/Mossad can't keep hackers out of the systems they connect to the 'Net, and they've got top-of-the-line security!
D) What's next, a law fining people for not having locked doors and burglar alarms on their houses "because it's an inducement to criminal activity"? Give me a fuckin' break!
Patrolling ftw
If they do this I'll move to Europe, and so should anybody else with half a brain left. Then lets see how american companies fair in a market when they've got no brain power.
rhY
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
This is an attempt to stop free internet access from competing with big telco. It's all about the bucks, don't you know?
you can't use the interstate commerce clause
In the United States, regulation of activity within a state is a power shared by federal and state legislatures. Wickard v. Filburn ; Gonzales v. Raich .
Not sure how it is elsehwere, but in Qld Australia, new laws will have you fined $50 if you leave your car unlocked.
as my friend said "why don't the police just open any unlocked doors and take $50 worth of your belongings" - that should teach us "criminals" to lock our car doors
Rich Gentlemen Hide - The Existential Comic
1) Outlaw unsecured wireless networks 2) Wait for bounties to be posted for finding unsecured networks 3) ?? 4) PROFIT!!
Want to find other gamers to play board and role playing game
Weed is illegal too, but I still smoke it.
Whilst I agree it should be against the law to have a open wireless network I'd also rather they had a law against people who get worms on there PC's. An insecure PC is more dangerous to others than a open wireless netork which is more dangerous to the owner than a open PC which is dangerous to all.
That aside what assistance/help/regilation are they doing to monitor/enforce this.
I still recall friend having a Linux box taken by police and 3 years l8r still awaiting for it back as the 1police1 weer still trying to read the disk. Even after they contracted a external consultant in as they didn;t understand linux. Seems neither did the consultant. So giving powers to the law to make open networks is illegal but what is the true definition of a open network.
I can make a network open with more honeypots(dynamics hosts) than are on the internet and still yet offer secure wireless as any valid connection would need to port/knock and VPN intot eh main real network. Technicaly i'd have a open wireless netowrk on the face of it but in practice it would be very very secure to the stage that the wirless aspect was assumed flawed security wise and securty hadn;ed another way for full valid network access. Now in that situation would I be breaking the law, Technicaly yes but for those who knew what they were on about I wouldn;t be. Given that who polices the police with regards to creadability on technical issues.
On the same argument, is it illegal to leave your front door unlocked, nope. But in this case its easy and clear to all how to turn a key to make it otherwise. Now would a wireless netork be secure if it had a default password or a poor password/configuration. No, actualy imho it would be a poorer case as the owner would think it was secure when it is far far far from secure. So on balance less secure than a open netowrk as the owner woudl have a false sence of security.
So on the whole I call this law a kneee-jerk law that on the whole will do more harm than good. Laws are all very nice but guidance on how to carefully follow said law's/guidlines are what is needed and relying on joe-public to flesh them out is like asking joe-public to lock there doors with a paper-clip all the time, whilst technicaly possible most wont have a clue were to start and as such not bother, let alone be aware they needed to bother. As for the law/policing of it, well; Until they show solid guidlines on how to achive this in a joe-public way and are computent themselves and not justa select few then I forsee alot of messy cases and wasted resources when the real issues are being highlighted selctivly but never addressed. Law against unpatched computers, wonder why we dont have that yet.
WAP OEMs are the ones that ship products with default passwords.
Should all bank account default pin numbers be "12345"? Don't you see how that would be abused? Banks have a real financial incentive to do better than that, but WAP OEMs don't.
This law should apply only to businesses and governmental agencies because they have OUR personal information and quite a few don't care or don't know that it's vulnerable. If I, Average Joe, want to allow my neighbor to access my internet connection or copy my personal files because I didn't secure my WAP then that should be perfectly legal (barring the fact that it might be against my ISP AUP). But because businesses and the government are entrusted with the public's personal information, shopping details, etc. they should be fined if they can't keep that info secure. Especially if they can't even be bothered to turn on WEP.
Thanks, that is good to know. :-)
There's no place I can be, since I found Serenity.
Why don't they outlaw WEP "secured" access points?
WEP Crack makes short work of any non-WPA protected wireless access point.
ok..im starting to think that the MPAA/RIAA and now Bell run the United States Congress...they get bills passed that benefit ONLY them...they have laws written up JUST for them...and now they are going to start to tell you yanks that 'airwave internet' is ONLY for those who supply them and if you find one open its ILLEGAL to use it? so...lets say i find a $5 bill on the ground..is it illegal in the states to pick it up cause its legal tender and belongs to the treasury? wow...land of the free my ass.
Most people who buy these wireless routers don't know that they're leaving them unprotected. This basically creates a class of criminals, where none existed before, who don't know they're violating the law. There is no way you should be charged with this previously perfectly legal actvity with out being given a warning notice, and that's on an individual basis, not some 1 inch statement on page 43 of the local paper. Can you imagine all of our parents suddeny being fined the next day after this goes into effect?
I live in Westchester and will be talking to my represenative about this. In general whenever the government attempts to fix a problem like this it is always too little or too much and too late...just look at Can Spam.
Westchester can't legislate radio law. That is handled by the Federal Communications Commission.
"Maybe always wear a seatbelt and carry a knife?"
...
....
and spraypaint it to the car : "my knife is in my pocket, in case I am unconcious hanging upside down"
"Plus it is the act of being ejected out of the vehicle in a rollover that kills most people."
I read a study (no link) that states otherwise. Besides that, if you have airbags all over you have a good chance of being kept in the car (e.g. front seat front pretty much locks you for a good few seconds into your seat, I assume that side ones do the same...
"Not wearing a seatbelt is a stupid proposition and the analogy doesn't follow either."
It's the question of right to choose, not a proposition. I wear a belt all the time, even if I just go 500 meters on a dirt road 15kms/h.
"and the analogy doesn't follow either"
well try this: I have the right not to run a firewall and leave my AP open -I know it is not safe, but I might choose that for some reason that is weighted more to my liking
I should have the right not to wear a belt - even if I know that it is dangerous, but I am more afraid of burning in a car tangled in my belt.
I think it is fairly comparable, especially because both is for your own safety and does not endanger anyone else
just my 2c
They should just come out and say it- This law is being pushed by ISPs who fear losing money because wireless home networks are becoming more common and they fear that potential customers might use their neighbors unlocked wireless connection instead of paying for their own. This is about money, not safety.
Trying pass sneaky laws and marketing them by saying "it's for your safety" or "think about the children" is just an insult to the intelligence of the public.
What? Sounds like business as usual to me...
http://undecidedgames.blogspot.com
The study aside, not wearing your seatbelt is against the law in most states. The reason why is two-fold. One is to protect the people from themselves. The other is to cut down on auto insurance rates. So if you don't wear a belt and then injure yourself in a crash, you are affecting me because on average insurance rates go up.
Taking this over to the wireless side, if you leave your AP open and someone drives by and uses it to conduct some illegal activity like hack my webserver then you are affecting me. Now I don't think this law is the right way to enforce secure wireless but I do think that leaving an AP open most of the time is just asking for trouble.
1. To enter and steal from (a building or other premises).
2. To commit burglary against: "The second-floor tenants have been burglarized twice."
It's a real word. Look it up.
Ignorance is curable, stupid is forever.
"Can't stop the signal."
Oh, wait a minute...
If I knew the wedgies I gave you back in 6th grade would have resulted in this . . . I might have taken a moments pause.
I can agree on the seatbelt issue in the viewpoint absolutely. And as I told I wear a belt and a fullface helmet when riding my motorbikes.
:)
However on the wireless issue I do not agree how it is put: If I am a tech (as I am) I might want to run my own circus and if I am competent and know what I am doing I might no want to go the WEP+firewall way.
I might want to build a more secure VPN, and I might want to keep my AP open to monitor possible break-in attempts and then go after the hacker myself with my own knowledge+software.
And again I hate wireless as hell (the last time I plugged my card in when I was wardriving for fun - 3 months ago) and I am freaked by all open ports and by how people leave their info wide open.
I agree on a regulation that would sound like this : do whatever to prevent unauthorized access FROM your network, otherwise we can fine you. Whoever access MY AP is my business IMO as far as I do not let them out into the wild where they can cause harm.
Maybe you agree with that analogy then: I agree I should not walk naked on the streets exposing my reproduction organs, but I do not want any government to tell me if I should wear boxers or tangas, and it I should use zippers, velcro or buttons, or what colours of pants I should wear.
cheers
Law enforcement and the politicians have been trying to tighten in on these "wi-fi" loopholes for a while. We've had some interesting discussions around war driving convictions, but this takes the cake.