Slashdot Mirror
Unsecured Wi-Fi to Become Illegal?
echucker writes "News.com is carrying a story for a draft proposal for law in Westchester County in New York state that would outlaw unsecured wi-fi connections. Public internet access would require a network gateway server with a firewall and also require home/business office users to install firewalls to protect personal info, even if their connection is encrypted. Violations would carry fines of $250-$500."
I can imagine the requirement for encryption and perhaps for some form of logging, but a firewall? Isn't that the responsibility of the users who connect?
What ever happened to personal choice?
If I want to leave my data connection open for any number of reasons, that's my business. If I want to leave my front door open or not lock my car, that's my business too...
Ridiculous.
... seatbelt is illegal, too. So why not make a "digital seatbelt" mandatory? I'm just curious how many users that can barely turn on their computer will become criminals with such a law...
Get a free Video iPod!
if this law passes, people will be buying routers that automatically configure themselves to be "secure" with default passwords.
any business or home office that stores personal information also must install such a firewall-outfitted server even if its wireless connection is encrypted and not open to the public. All such businesses would be required to register with the county within 90 days.
I wonder who is really behind creating THAT database?
Isn't this the equivalent of police looking and pulling vehicles over for the driver not wearing a seatbelt? In other words, something that only endangers one self is trying to be prevented, right?
O.K. ....
...
.....
1st step: let's force a broken security model (WEP) on all users.
2nd : limit the allowed encryption so all government agencies can come and look into your house
it's like telling someone how to run their servers
wha if I like all my access points running without any crypto and just have a tunnel inbetween my machines, and not ruoute any packets into the net that does not come from that "internal net" or VPN ?
What if i want to see wardrivers trying to mess with my access points?
What if I run Linux or BSD as an access point with my own security measures ?
What if I just hate big brother telling me how to run my home network ?
It's like the safety belt issue : I wear it as once it saved my whole family's life in a nasty crash, however I know people who are scared of it as they were stuck in a car in a rollower accident and they choose to crush their head instead of burning in a car upside down tangled in a seatbelt
So let's be clear. You are in favour of strict penalties for anyone who leaves their house with a door unlocked on the grounds that the premises may be used for illegal behaviour?
In that case, I would like to propose compulsory content analysis and blocking on all backbone routers. Because you never know when someone somewhere might use the Internet for something distasteful.
I suspect that the proposed legislation has zero chance of getting anywhere.
I certainly hope this fails as I don't think legislation is the solution to wireless security... at least not in this form. Perhaps it should just be illegal to ship an access point that is open by default. I realize that manufacturers want their products to be easy to use but I don't think it's unreasonable for buyers to jump through a hoop or two before getting a completely open access point if that's what they want. On the other hand, maybe the FCC will get involved. Obviously, they have no jurisdiction over network design and such but any requirement to register an access point sounds a lot like a requirement to register a radio transmitter. It has been long since been established that local governments generally cannot regulate radio devices operating in accordance with the applicable FCC rules.
You might not think that when you discover that your mortgage office, which stores an obscene amount of personal info, has all of that personal information on desktop computers on an unsecured wireless network.
Yes, I have worked as a mortgage loan officer for such a place. Yes, I insisted on that being changed (to extremely computer clueless management). Yes, I eventually quit for these and other questionable practices.
Here's my question, do lawmakers really know enough about WiFi security and firewalls to write a coherent law requiring this? I'd draw the parallel between the FCC and the slow move to HDTV, which they really can't push too quickly because many people don't want/need to pay for a new tv and then pay more for cable/satellite. So since many people (including myself) run old equipment, what type of standard encryption and firewall will the law entail? Will they require WEP64/128, which can be easily broken, or WPA which old equipment isn't compatible with, or another form? Can they force a standard to be adopted by the residents within a county without stepping on the toes of the FCC? To the best of my knowledge, the band that 802.11 works in is public and unrestricted. What about firewalls? Are they going to legislate which ports you can have open? I seriously doubt the lawmakers would understand concerns like this, but should that be the case, how can they effectively legislate a law?
It's allowed to be unencrypted, it just has to be running a firewall. Which is stupid. Really stupid.
I don't live in America, so this won't effect me. I just still think it's stupid. I run my own connection free of firewalls anywhere in the chain. Sure, if someone can be bothered, they could get into my files, as long as they spent long enough with a bruteforce. Hell, I even allow root connections via ssh. Unless someone's seriously personally interested in cracking my machine, I don't need one, I only run MacOS, Linux and BeOS on the net, I'm not worred about malware or viruses. My wireless data is encrypted, but it won't keep anyone out, the encryption key is exactly the same as the SSID
The only reason I have that is so the (computer illiterate) people a few houses over don't connect accidentally, and use my bandwidth for no reason. Hell, I've connected to their router and changed its channel and such to produce the minimum interference between them.
I don't care if a guy nearby has lost his net for a bit, and so uses mine for a backup. I don't care if someone driving through switches to my connection.
If someone is using too much of my bandwidth, I'll just block their MAC address for a bit. Sure, they can crack that. If they do, I'll just change my WEP password. They're bored enough to crack that as well? Fine, I'll just stop my router from giving anymore DHCP leases than I use. Meanwhile, I'll track down where they are, using the many machines and people I can pull up to pinpoint where wireless traffic is. Then, I'll go over and kick the shit out of them.
So far, no one's ever done anything with my connection that's pissed me off. I've had people talk to me on rendezvous with iChat (Or whatever it's called now, the LAN chat thing) and thank me for letting people connect.
I like sharing my internet. I once set up a directional antenna so that a friend some ways over could use it when his cable company had screwed things up.
Stupidity? It's a choice. For instance my brother lives in a very friendly neighborhood where everybody has wifi and broadband. None of them secure it because they all get better coverage that way.
The way the trend is going, we will be legally required to encrypt our connections.
OK, then when the law hops in and screams bloddy murder because they can no longer tap into our traffic, THEN what do we do?
They're all idiots. It's just that simple.
I work for the Department of Redundancy Department.
This is entirely absurd. While there are people who don't know better, some chose to have their WiFi open.
And "some people" include such ignorant folks as Intel Corp., who operate a free-for-all access point on San Francisco's Union Square. Would the law outlaw this kind of marketing, too?
Oh, and a hint: Put your phone no. or eMail in your SSID and I will personally thank you when I use your AP.
Alex
Absinthe makes the heart grow fonder
In this case, the company storing this information is basically being criminally negligent.
There are laws that address the practices of institutions & business that house these types of personal information. I currently work in IT at a large insurance company, and each company wireless router is specifically configured in a secure fashion.
Businesses have an obligation to secure confidential information.
The problem is that we're talking about the impact on individuals.
But even if I left the car door wide open, the keys in the ignition, and a big sign on the roof that says 'take me' I wouldn't be responsible for the criminals actions. Although the insurance company may not be entirely pleased.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
Is this really about protecting private information or stopping computer crime?
It seems to me this would mostly benefit ISPs who don't want people sharing their broadband connections with everyone on their block. Won't someone think of the lost monthly fees?! Not that this would necessarily prevent connection sharing; but a mere firewall won't do much to prevent information stealing either.
I'll admit my main reason for thinking this is cynicism.
The enemies of Democracy are
All those nice things that if done from their own isp connection would get them kicked off by their ISP or have the police visit. Guess who gets the blame? All traces stop with the person who owns the internet connection.
So when the P2P police come calling if I'd had an open wireless connection it provides an element of doubt that I am guiltiy, which is pretty handy (if you're into P2P). If I used P2P a lot I'd do it from a box that operated only through my wireless connection - then any records don't even show the MAC address of your primary computer and you could ditch the box quickly if you got The Letter.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I don't believe Westchester county, or the state of New York for that matter, has any authority to regulate radio frequency transmissions. I believe only the Feds (specifically the FCC) can do that. So I suspect that the law, if enacted, would be invalidated as soon as it is challenged in Federal court.
"Negligence is a crime, and negligent computer users are quite responsible for the botnets/internet congestion/virus outbreaks which affect us all in some way (though some, but certainly not all, of that blame can be directed at vendors). We won't see any changes until we hold users responsible for their (in)actions."
BULLSHIT.
The writers of bots and viruses are responsible for those outbreaks!
The writers of the host operating systems that were *shipped* with obscene numbers of security holes are responsible for those outbreaks!
The users who are uninformed (ie - the box/manual doesn't say the software comes with security holes) are NOT responsible for the spread of malicious activity.
That's like saying the people who ride public transportation are responsible for the negligent amounts of polutants that city buses put into the air.
Let's start enforcing the laws we have.
Jail time for those who write viruses and bots.
Every time a new virus or bot hits the net, fine the company that sold the bug filled software that enabled the bot to run. Make the manufacturer responsible for the problems their incompetance (or negligence) caused.
If a car manufacturer sells vehicles that crash all the time, they are forced to do a recall.
If a hardware manufacturer sells computers / laptops that have a material defect that can cause harm or property damage, they are forced to recall.
If a software company releases software that causes (through bugs, incompetence, negligence) damage, financial harm, or physical harm (ie bad software controls for automatic equipment) they are somehow held NOT responsible?
If I write a piece of software designed to do a specific task, then state in the EULA that it may not be suitable for that purpose, and that in the end, it's the users responsibility to determine suitable (and in some cases, safe) functionality in that task, I get off with no responsibility or accountability?
I believe that any member of government who says that people in general should be fined because they take a product and use it by just plugging it in and running it as it was shipped by the manufacturer is, to put it bluntly, bull shit. It's just another ploy by less than intelligent, power hungry law makers blindly trying to find a culprit (in all the wrong places - as usual) and make some money off of it.
Who is general failure, and why is he reading my hard drive?
err, personally i have my wireless network completely insecure, my computers are secure but anyone can use my internet connection, i'm friendly with my neighbors and they use it when their connection is down and vice versa, and personally i dont mind if someone uses my connection for a bit if they need some directions or some info. this law is silly.
while I appreciate your zeal, Comrade, I must remind you that you are posting
on a computer forum where foreigners discuss issues in the context of their
imperialist regimes. Rejoice however, that even our greatest enemy is copying us.
In the past years their state has become so much more like our own beloved state
as they are finally getting rid of these obscene so-called "liberties" of theirs.
Wait Comrade, and be patient. They have a lot to catch up to but also they are
working very hard to become like us.