Slashdot Mirror
Unsecured Wi-Fi to Become Illegal?
echucker writes "News.com is carrying a story for a draft proposal for law in Westchester County in New York state that would outlaw unsecured wi-fi connections. Public internet access would require a network gateway server with a firewall and also require home/business office users to install firewalls to protect personal info, even if their connection is encrypted. Violations would carry fines of $250-$500."
I can see it now :)
It is like fining somebody for leaving their door unlocked and they get burglarized.
This is the epitome of a YRO violation. Interesting it was posted under the Hardware banner.
Ignorance is curable, stupid is forever.
I can imagine the requirement for encryption and perhaps for some form of logging, but a firewall? Isn't that the responsibility of the users who connect?
Is this a response to the Google plans and various other implimentations of free wireless?
These legislators have gotten downright dangerous, I also wonder, how uesful is an open network for hacking?
If you were up to no good is an open AP the way to do it?
"If any question why we died, Tell them because our fathers lied."
This law would be impossible to enforce anyway. You would have to send a task around to track down all unsecured access points, then bust in the doors of a whole lot of white middle class people.
Dvorak on Doomtech
Make Unsecured OS Illegal too!!!
Um, just making something illegal doesn't stop it. Try doing the speed limit, in Westchester county of all places.
To me, this sounds like one of those "I'm protecting your children from Teh Internets" moves that politicians do periodically when they have to remind the masses that its time to vote.
How about holding someone responsible (gasp) for any malicious activity that originates FROM their network?
I want to delete my account but Slashdot doesn't allow it.
Leaving you front door unlocked is now illegal
If being an idiot were illegal, most of my company would be in prison.
What ever happened to personal choice?
If I want to leave my data connection open for any number of reasons, that's my business. If I want to leave my front door open or not lock my car, that's my business too...
Ridiculous.
We've got a public access wifi point in the building for visiting salsefolks and people from other government departments.
Open you laptop and you'll get 'do you want to attach to PublicWifi?'
It's firewalled off, URL filtered, and aside from http(s), DHCP, DNS, SSH and VPN, nothing else can get through. Further, those ports will only attach to outside IPs. All traffic is monitored, and there are notices in all meeting rooms that Your security is Your problem.
This is a solution that protects OUR network, has zero admin overhead, and still permits the resource...So that's now illegal?
"Draco dormiens nunquam titillandus."
... seatbelt is illegal, too. So why not make a "digital seatbelt" mandatory? I'm just curious how many users that can barely turn on their computer will become criminals with such a law...
Get a free Video iPod!
if this law passes, people will be buying routers that automatically configure themselves to be "secure" with default passwords.
When I read this article I was thinking that I wouldn't mind having the job of enforcing this. Then I realized I would have to have the mindset of a parking enforcer to do something like this. Hell, let the parking enforcers take care of this as well. They love a good power trip. Parking enforcer: "Ma'am, your wireless access point is not running a firewall." Some old lady: "My what isn't on fire?" Parking enforcer: "your internet. It is against the law to allow others to use your internet for free" Some Old lady: "Oh, my 10 yr old grandson got that internet thing to work? Isn't he wonderful? He is so smart." Parking enforcer: "Ma'am, here is a ticket for running an unsecure access point. Don't let it happen again." Some Old lady: "How dare you come to my house and threaten me with this! I've been living here for 30 years and have never been treated like this! Parking enforcer: "Ma'am, have a nice day" Slow day at work. I apologize
any business or home office that stores personal information also must install such a firewall-outfitted server even if its wireless connection is encrypted and not open to the public. All such businesses would be required to register with the county within 90 days.
I wonder who is really behind creating THAT database?
Isn't this the equivalent of police looking and pulling vehicles over for the driver not wearing a seatbelt? In other words, something that only endangers one self is trying to be prevented, right?
As if it isn't enough that using someone's open Wireless Access Point without permission is illegal, now they're making it illegal to own current wireless technologies? That's like bank robbing being illegal, but they're banning banks just in case. And I'm not saying connecting to open wireless is like robbing a bank, it's just an extreme analogy to show what the law is outlawing.
Saskboy's blog is good. 9 out of 10 dentists agree.
The passkey is 'passkey'. Am I legal now?
O.K. ....
...
.....
1st step: let's force a broken security model (WEP) on all users.
2nd : limit the allowed encryption so all government agencies can come and look into your house
it's like telling someone how to run their servers
wha if I like all my access points running without any crypto and just have a tunnel inbetween my machines, and not ruoute any packets into the net that does not come from that "internal net" or VPN ?
What if i want to see wardrivers trying to mess with my access points?
What if I run Linux or BSD as an access point with my own security measures ?
What if I just hate big brother telling me how to run my home network ?
It's like the safety belt issue : I wear it as once it saved my whole family's life in a nasty crash, however I know people who are scared of it as they were stuck in a car in a rollower accident and they choose to crush their head instead of burning in a car upside down tangled in a seatbelt
So let's be clear. You are in favour of strict penalties for anyone who leaves their house with a door unlocked on the grounds that the premises may be used for illegal behaviour?
In that case, I would like to propose compulsory content analysis and blocking on all backbone routers. Because you never know when someone somewhere might use the Internet for something distasteful.
I suspect that the proposed legislation has zero chance of getting anywhere.
I certainly hope this fails as I don't think legislation is the solution to wireless security... at least not in this form. Perhaps it should just be illegal to ship an access point that is open by default. I realize that manufacturers want their products to be easy to use but I don't think it's unreasonable for buyers to jump through a hoop or two before getting a completely open access point if that's what they want. On the other hand, maybe the FCC will get involved. Obviously, they have no jurisdiction over network design and such but any requirement to register an access point sounds a lot like a requirement to register a radio transmitter. It has been long since been established that local governments generally cannot regulate radio devices operating in accordance with the applicable FCC rules.
Here's my question, do lawmakers really know enough about WiFi security and firewalls to write a coherent law requiring this? I'd draw the parallel between the FCC and the slow move to HDTV, which they really can't push too quickly because many people don't want/need to pay for a new tv and then pay more for cable/satellite. So since many people (including myself) run old equipment, what type of standard encryption and firewall will the law entail? Will they require WEP64/128, which can be easily broken, or WPA which old equipment isn't compatible with, or another form? Can they force a standard to be adopted by the residents within a county without stepping on the toes of the FCC? To the best of my knowledge, the band that 802.11 works in is public and unrestricted. What about firewalls? Are they going to legislate which ports you can have open? I seriously doubt the lawmakers would understand concerns like this, but should that be the case, how can they effectively legislate a law?
It's allowed to be unencrypted, it just has to be running a firewall. Which is stupid. Really stupid.
I don't live in America, so this won't effect me. I just still think it's stupid. I run my own connection free of firewalls anywhere in the chain. Sure, if someone can be bothered, they could get into my files, as long as they spent long enough with a bruteforce. Hell, I even allow root connections via ssh. Unless someone's seriously personally interested in cracking my machine, I don't need one, I only run MacOS, Linux and BeOS on the net, I'm not worred about malware or viruses. My wireless data is encrypted, but it won't keep anyone out, the encryption key is exactly the same as the SSID
The only reason I have that is so the (computer illiterate) people a few houses over don't connect accidentally, and use my bandwidth for no reason. Hell, I've connected to their router and changed its channel and such to produce the minimum interference between them.
I don't care if a guy nearby has lost his net for a bit, and so uses mine for a backup. I don't care if someone driving through switches to my connection.
If someone is using too much of my bandwidth, I'll just block their MAC address for a bit. Sure, they can crack that. If they do, I'll just change my WEP password. They're bored enough to crack that as well? Fine, I'll just stop my router from giving anymore DHCP leases than I use. Meanwhile, I'll track down where they are, using the many machines and people I can pull up to pinpoint where wireless traffic is. Then, I'll go over and kick the shit out of them.
So far, no one's ever done anything with my connection that's pissed me off. I've had people talk to me on rendezvous with iChat (Or whatever it's called now, the LAN chat thing) and thank me for letting people connect.
I like sharing my internet. I once set up a directional antenna so that a friend some ways over could use it when his cable company had screwed things up.
For the love of god - seatbelt laws were enacted because the consequence of not wearing a seatbelt was a much higher probability of DEATH in an auto accident (and assuming you are just injured, the associated higher costs of health care which has to be borne by everybody) - hardly the result of someone who "hack[s] into the [your] network and steal your most confidential data". Jeez, even that quote, "the network", like there is only one shows how clueless some of these politicians are. Now we need laws going after WiFi providers who don't secure themselves sufficently?
Let's pass some other useful laws, then:
1) Fine people who use unpatched OS's, or OS's with KNOWN, UNPATCHED security holes. They cause all those net problems!
2) Fine people who don't lock their car doors at night. They're letting car thieves make a living!
3) Fine people who purchase something without collecting a reciept - they're enabling tax fraud, and employees ripping off corporations!
4) Fine people who plug in electronic equipment without surge protectors in place. They're tempting God to wreak havok with his lightning bolts!
When did it become acceptable to penalize the victims rather than the criminals?
(/rant)
Our politicians should do what matters for the ordinary folks like fixing health-care and other services, then legislate on matters like these. Is that too much to ask for?
Looks like they want to cut off all the free wirless access so they can charge you for it. Aren't you glad they care about making your internet safe?
Seriously though, one poster asked jokingly why they aren't banning insecure OS's and it sounded funny, but it does point out a problem with the bill. Certainly people running insecure OSs are just as bad for spam, and illegal activities as are free wireless, yet nobody is proposing a bill to fine those users. Naturally, if someone proposed this, MS would throw a shit fit.
-- Knowledge shared is power lost. -- Aleister Crowley
Violations would carry fines of $250-$500."
About time. I figure the only way law enforcement is going to enforce internet good practices is if it becomes like traffic tickets. Get caught, pay the fine. This is a good idea unless you want your access point open.
While it sounds like this particular proposal was written by people who just don't understand, maybe it will give people with a bit more clue (and authority) an idea.
People were talking about this being like getting fined for leaving your door unlocked. How about fining a landlord who doesn't provide locks on the doors? With the prevalence of wireless "internet router" units, many of which include basic firewall functionality, it wouldn't take much of an upgrade to make this work well. Anything that provides 802.11[bg...] should have a firewall built in and come with a VPN client - anything on the airwaves is then firewalled AND encrypted. How much would this really cost the industry? How much would it benefit the public?
Thank god we have the government to protect us from those evil terrorists trying to snoop on our cybersex IMs!
The way the trend is going, we will be legally required to encrypt our connections.
OK, then when the law hops in and screams bloddy murder because they can no longer tap into our traffic, THEN what do we do?
They're all idiots. It's just that simple.
I work for the Department of Redundancy Department.
Enable encryption on the access point and then make the encryption key publically available.
Electronic Music Made Using Linux http://soundcloud.com/polyp
keep doors and windows unlocked in your home?
Power to the Penguin!
It's either they really care about the security of the resident's home wireless networks or they're planning some municipal "Wi-Fi" subscription service and they want to eliminate the free competition and have a monopoly for themselves. If they really cared, instead of fines, they'd create a free guide on securing a wireless connection and distribute it at the town hall and/or in the local paper. I'll go with 'eliminate the competition' it's all politicing, there has to a reason other than "for the public good" for why they want close down all the open networks. Hatch is owned by the **AA, maybe they've been bought out by Verizon broadband wireless.
1) take down all open wireless networks (sources of free Internets)
2) install municipal subscription service at $9.99-$59.99/mo
3) PROFIT
F7 doesn't work, ignore spelling and grammar
But even if I left the car door wide open, the keys in the ignition, and a big sign on the roof that says 'take me' I wouldn't be responsible for the criminals actions. Although the insurance company may not be entirely pleased.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
All those nice things that if done from their own isp connection would get them kicked off by their ISP or have the police visit. Guess who gets the blame? All traces stop with the person who owns the internet connection.
So when the P2P police come calling if I'd had an open wireless connection it provides an element of doubt that I am guiltiy, which is pretty handy (if you're into P2P). If I used P2P a lot I'd do it from a box that operated only through my wireless connection - then any records don't even show the MAC address of your primary computer and you could ditch the box quickly if you got The Letter.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Although depending on the wording of the law, this could be used to hinder anonymous internet access. Example - if you are providing a public internet access then unsecured could be interpreted as allowing access without identity verification.
And another bit of privacy is lost.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
err, personally i have my wireless network completely insecure, my computers are secure but anyone can use my internet connection, i'm friendly with my neighbors and they use it when their connection is down and vice versa, and personally i dont mind if someone uses my connection for a bit if they need some directions or some info. this law is silly.
So when your neighbor starts a child pornography ring and posts photos of children in sexually explicit acts to the internet using an IP address assigned to you, you'll take responsibility?
well seeing as their will be no evidence on any of my macs/pc's and their will be on my neighbors pc's it's a moot point, my neighbor may borrow my cork screw and stab someone with it, should the lending or cork screws be illegal? hell no.
while I appreciate your zeal, Comrade, I must remind you that you are posting
on a computer forum where foreigners discuss issues in the context of their
imperialist regimes. Rejoice however, that even our greatest enemy is copying us.
In the past years their state has become so much more like our own beloved state
as they are finally getting rid of these obscene so-called "liberties" of theirs.
Wait Comrade, and be patient. They have a lot to catch up to but also they are
working very hard to become like us.
The law of negligent entrustment is another area in which courts have specifically defined negligence under very limited circumstances. A dive shop operator who lends a vehicle or a spear gun, or a boat owner who lends a boat, may be found guilty of negligent entrustment if the borrower is incompetent, unfit, or reckless and the owner knew or had reason to know that the borrower was unfit. The law of negligent entrustment is fairly broad and covers nearly any dangerous instrumentality. The injured person may allege that the operator or user of the equipment was negligent; or the plaintiff may allege that the owner of the equipment was negligent and that the user of the equipment was simply unfit. For example, a person injured in an accident may allege that an automobile owner knew about the driver's tendency to black out, but loaned the car to the driver anyway. The injured person may not claim that the driver was negligent, but can still claim that the owner should not have lent the car.
http://www.pernet.net/~danat/negloview.htm
for this little thing called the US Constitution, which provides free speech guarantees, and which this law certainly infringes. IP is just another form of communications.
"National Security is the chief cause of national insecurity." - Celine's First Law
The original English word in this group is the noun "burglary", quickly followed by "burglar", both of which are first attested in the early 1500s, and ultimately derive from the Indo-European root *bherg, which means "high". The verb "burglarize" is a regular verb form, dating from the late 1800s, formed from "burglary" by the same process that gives us "scrutinize", "sympathize", etc. The British form "burgle" is an (apparently originally humorous) back-formation, also dating from the late 1800s, but not widely considered acceptable (in Britain) until somewhat later.
Sure, they can pass such a regulation, but any communications limiting regulations are unenforceable in most states. In Canada, only the Federal Government can regulate communications. So, yeah, nothing to see here, move along...
Oh well, what the hell...
This is an attempt to stop free internet access from competing with big telco. It's all about the bucks, don't you know?