Unsecured Wi-Fi to Become Illegal?

echucker writes "News.com is carrying a story for a draft proposal for law in Westchester County in New York state that would outlaw unsecured wi-fi connections. Public internet access would require a network gateway server with a firewall and also require home/business office users to install firewalls to protect personal info, even if their connection is encrypted. Violations would carry fines of $250-$500."

This is absurd

[TFGeditor]

It is like fining somebody for leaving their door unlocked and they get burglarized.

This is the epitome of a YRO violation. Interesting it was posted under the Hardware banner.

Re:This is absurd

[remahl]

No, it's like fining somebody for leaving their door unlocked and _not_ getting burglarized.

Re:This is absurd

[roystgnr]

No, it's like fining somebody for leaving their door unlocked and _not_ getting burglarized.

No, it's like fining somebody for not having a fence around their property and not getting burglarized.

A locked door isn't like a firewall, it's like a secure password-protected service. Firewalls easily let you limit access to "all or nothing" - but hell, if that's as "fine-grained" as you need your security to be, you can get the same effect on a good OS just by turning off the services you want inaccessible. You can use a firewall to limit access by IP, but you could do that without a separate firewall by having clients do IP (or better, asymmetric encryption key) checks themselves. What you can't do is use a firewall to forward outside connections to an inside service and expect that service to become any more secure.

Does this have something to do with the push behind SP2? I can't imagine Microsoft wanting to widely advertise, "You need to upgrade for security reasons because pre-SP2 versions of our programs are swiss cheese!" but they did need to get the "You need to upgrade for security reasons" message out there - perhaps what got across to consumers and lawmakers was "You need to upgrade for security reasons because SP2 has the all-important magic of Firewall!"

Re:This is absurd

[ThaFooz]

It is like fining somebody for leaving their door unlocked and they get burglarized.

I'm not sure I agree with your analogy. If someone owns something which is both desirable & dangerous (ie handguns, swimming pools, etc) they are required by either laws or insurance premiums to secure it.

I belive the same argument can be made for the internet. Sure the concequences aren't as severe (children having access to unfiltered content & computer virii instead of, well, death and injury), but neither are the punishments under this law with just a fine comparable to that of a speeding ticket.

Negligence is a crime, and negligent computer users are quite responsible for the botnets/internet congestion/virus outbreaks which affect us all in some way (though some, but certainly not all, of that blame can be directed at vendors). We won't see any changes until we hold users responsible for their (in)actions.

Re:This is absurd

[Pendersempai]

This is why we need strict liability for having your customers' personal information stolen. This is not an argument for arresting/fining people with an unprotected WiFi.

Re:This is absurd

[pimpin+apollo]

So the consumer who buys the linksys box, comes home, and sets it up is liable to protect themselves... but the company that produces software that lacks these purportedly basic protections is under no similar obligation?

It just is more evidence that the legislature should be regulation of last resort. Anybody who's been on their work network or a campus resnet knows that bureaucratic rule making is the least efficient kind out there. That's why we delegate power as much as possible. This doesn't work though when legislatures (even county legislatures) start trying to write network policies for everyone.

There's a myriad of paranoia over anything that happens with a computer -- people could send anonymous emails this way! -- that conveniently forget there are always much more dangerous real world alternatives (do you show id at a mailbox?).

What's more, the only dangers to innovation aren't just patents and copyrights (although these are significant). There's also danger in over-regulating technology simply because most people don't understand it - again, conveniently forgetting that most people don't understand most things and yet this does little to engender a rash of absurd regulation.

New York State should pass a pre-emption statute so that local municipalities can't arbitrarily run over much more important things in pursuit of some meaningless 'security'.

Re:This is absurd

[ultranova]

Now I go to Amazon.com and order a book over https; the packets are encrypted, nobody can get my credit card number, so what's the issue?

The issue is that your Corporate Overlords and their Political Henchmen want to keep an eye on you, and that is easier if all the data from and to your computer goes through a single wire. In a world full of public anonymous Wi-Fi access points, anyone could connect to anything from anywhere without giving away their own identity, allowing free exchange of information without fear of legal consequences, and making things impossible to censor (since it might be impossible to find the servers the data resides in, especially if the servers are running a P2P network like Freenet); it is Big Brothers and Big Businesses worst nightmare.

Freedom is the worst enemy of Power, so of course powers-that-be try to crush it. This law is just another attempt of forces of darkness to crush all opposition and bring about a Digital Dark Age.

Is this because of the telco's?

[koan]

Is this a response to the Google plans and various other implimentations of free wireless?
These legislators have gotten downright dangerous, I also wonder, how uesful is an open network for hacking?
If you were up to no good is an open AP the way to do it?

Luckily it is just a proposal.

[Nichotin]

This law would be impossible to enforce anyway. You would have to send a task around to track down all unsecured access points, then bust in the doors of a whole lot of white middle class people.

Speeding also illegal, as is cheating on taxes

[Gothmolly]

Um, just making something illegal doesn't stop it. Try doing the speed limit, in Westchester county of all places.
To me, this sounds like one of those "I'm protecting your children from Teh Internets" moves that politicians do periodically when they have to remind the masses that its time to vote.
How about holding someone responsible (gasp) for any malicious activity that originates FROM their network?

In related news...

[M555]

Leaving you front door unlocked is now illegal

stupid stupid stupid

[Matey-O]

We've got a public access wifi point in the building for visiting salsefolks and people from other government departments.

Open you laptop and you'll get 'do you want to attach to PublicWifi?'

It's firewalled off, URL filtered, and aside from http(s), DHCP, DNS, SSH and VPN, nothing else can get through. Further, those ports will only attach to outside IPs. All traffic is monitored, and there are notices in all meeting rooms that Your security is Your problem.

This is a solution that protects OUR network, has zero admin overhead, and still permits the resource...So that's now illegal?

As if it isn't enough already?

[saskboy]

As if it isn't enough that using someone's open Wireless Access Point without permission is illegal, now they're making it illegal to own current wireless technologies? That's like bank robbing being illegal, but they're banning banks just in case. And I'm not saying connecting to open wireless is like robbing a bank, it's just an extreme analogy to show what the law is outlawing.

Ok.. I just turned on WPA....

[cowmix]

The passkey is 'passkey'. Am I legal now?

Do they have standing?

[redelm]

A legislative body can pass whatever they want, but it might not withstand legal challenge. In this case, I don't see how the county can show an interest. This is clearly interstate, and the FCC has jurisdiction.

Industry Regulation

[jpl166]

While it sounds like this particular proposal was written by people who just don't understand, maybe it will give people with a bit more clue (and authority) an idea.
People were talking about this being like getting fined for leaving your door unlocked. How about fining a landlord who doesn't provide locks on the doors? With the prevalence of wireless "internet router" units, many of which include basic firewall functionality, it wouldn't take much of an upgrade to make this work well. Anything that provides 802.11[bg...] should have a firewall built in and come with a VPN client - anything on the airwaves is then firewalled AND encrypted. How much would this really cost the industry? How much would it benefit the public?

Simple solution.

[polyp2000]

Enable encryption on the access point and then make the encryption key publically available.

Re:Great idea!

[h4rm0ny]

Although depending on the wording of the law, this could be used to hinder anonymous internet access. Example - if you are providing a public internet access then unsecured could be interpreted as allowing access without identity verification.

And another bit of privacy is lost.

Re:Great idea!

[hector_uk]

well seeing as their will be no evidence on any of my macs/pc's and their will be on my neighbors pc's it's a moot point, my neighbor may borrow my cork screw and stab someone with it, should the lending or cork screws be illegal? hell no.

Except...

[msauve]

for this little thing called the US Constitution, which provides free speech guarantees, and which this law certainly infringes. IP is just another form of communications.