California Passes Wi-Fi Guidance Law

MrNonchalant writes, "California's legislature has passed a law requiring Wi-Fi device manufacturers to include warnings about security. From the article: 'From 1 October 2007, manufacturers must place warning labels on all equipment capable of receiving Wi-Fi signals, according to the new state law. These can take the form of box stickers, special notification in setup software, notification during the router setup, or through automatic securing of the connection. One warning sticker must be positioned so that it must be removed by a consumer before the product can be used.'"

Let's hope the "warnings" are well written

[SachiCALaw]

A law like this is only as good as the warnings. If the warnings wind up being heavy on the legal boilerplate or tech jargon, not many of the people who really need them will be helped. But if they are written with the law's intended target in mind -- clueless Mom and Pop (or Ted Stevens) -- and use simple explanations and instructions for securing the WiFi connection, the law could be a good thing. That's said, I'm kind of pessimistic . . .

Re:Let's hope the "warnings" are well written

[elmarkitse]

This post sounds a lot like the programmers who bitch incessantly about reasonably adept computer users who nevertheless use GUI's.

"If someone really wants to use a computer they should at least be able to get in behind the little artsy GUI's and do something with the software, GUI's are for pansy's and if you can't code you lose the right to complain"

Isn't there some responsiblity on the part of the manufacturers who are advertising to these ignorant mom and pops to educate them? Isn't it the responsiblity of software desginers to make their GUI's actually work?

There's no correlation between not knowing how to enable WEP / WAP / etc on a wireless router and, for example, being able to survive as you put it. Where on Mazlow's hierarchy of human needs do we see the 'Good with tech gadgets' section? Conversely however, we do expect our corporations to be good citizens, and if they sell an ignorant end user something that doesn't secure itself and the customers data, shouldn't we place some blame on the company targeting people who aren't savvy enough to use their products?

Bad Idea.

I hope this doesn't lead to criminalizing open access points by brainwashing peole into thinking access points should be locked down and encrypted.. I provide free wireless to one of the coffee shops at the end of my block; and a friend of mine does to the other one. Of course our own computers are safely firealled off from the wireless access point which is in a sort of DMZ/outside our firewall.

This idea that people should not share wireless (even when their ISP allows it) is just one more step in wrecking the freedom of the internet.

Re:Bad Idea.

[GalacticCmdr]

Actually a better approach would be to completely lock down the access points that are sold. Then someone who wants to share can make the change to share. Those that simply want to plop down some wireless to connect their home laptop should have it easy. This makes this easy as a toaster for the technologically-challenged, but gives those that want to do something the ease to do it. What we currently have is crappy Windows-like security - what we want to get to is better BSD-style of security.

Manufacturers can solve this problem easily

[thesandbender]

Telling people how to do it is not going to solve the problem. When I headed up the IT department for my old company I established a program where people could fedex in their routers and we would secure them and fedex them back... at no cost to them (I successfully argued that the cost of next day air was less than the cost of a potential breach). One person out of a company of 300 took advantage of it. As much as I hate big government/big brother there are times when you have to overcome apathy but legislation. It sucks but it's true... and there is a simple solution to this problem. Almost every piece of commercial software you buy today includes a key that is, for practical purposes, unique. The technology to create, assign and distribute these keys exists and can be done at a price point low enough to pass on to the consumer without them caring (e.g. $5 a router, most of which pays for support and not the actual technology to do it). The legislation should not mandate that users are told *how* to secure the router. It should mandate that the routers are *shipped* secured, with a pseudo-random key pre-program and stuck on the outside of the router with a label. Just like the keys you get if you buy Windows. The problem is the support costs... but good documentation can take care of must of that, along with a little $ tacked onto the cost of the router.

Re:Manufacturers can solve this problem easily

[thegrassyknowl]

Mod Parent Up.

Just shipping all routers with a pseudo-random long WPA-PSK pre-loaded into each router and a sticker in the user guide telling what the PSK is will go a long way to securing routers.

Anyone who wants to change from WPA-PSK to something else should have the experience to understand the implications of doing that, and if they don't then well... let them suffer the consequences of their actions.

Re:California

Isn't it funny how productive one can be when they're no longer worried that some corporation is poisoning them to make a quick buck?

Re:California

[inviolet]

Not to mention that [sticker-happy California] has one of the highest GDPs of any state and is the world's 7th largest economy in addition to being a leader in innovation. Too bad the rest of the states can't seem to learn from California's success.

Correllation != causation.

And another thing. The cost of warning stickers is inevitably reflected in the product's price. Therefore, the actual effect of this law is to force the consumer to purchase warning stickers that may or may not be necessary, useful, or effective.