Westchester County NY Might Make Unsecured WiFi Illegal

A newly proposed law aims to make it illegal to operate unsecured hotspots to "protect the public from crimes such as identity theft and other consumer fraud." The law, proposed by Westchester County Executive Andy Spano, would require those businesses who operate hotspots, including Internet cafes and commercial businesses, to take at least some amount of basic security precautions to protect information as it travels over networks.

“People don’t realize how easily their personal information can be stolen. All it takes is one unsecured wireless network,” Spano said. “Your credit card number, social security number, bank account information – it’s all vulnerable if a business that collects that information hasn’t taken the proper steps to protect it. Somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data.”

To attempt to drive the point home, a team from Westchester's Department of Information Technology did a little "wardriving" around downtown White Plains. The result was that the team found 248 hotspots in less than 30 minutes. In a public statement representatives of the county said that about 120 of those hotspots had at least some sort of issue that represented a potential security problem, such using the default Service Set Identifier (SSID). Interestingly enough that particular issue isn't much of a security problem since SSIDs can be easily discovered regardless of what they're set to be.

As currently written the proposed law would cause "all commercial businesses that use wireless networks and maintain personal information to be required to have secure networks that protect the public from potential identity theft and other potential threats such as computer viruses and data corruption.” Such security would include a firewall and businesses would have to file a note of compliance with the county.

Businesses that offer a public hotspot "would be required to post a sign stating that the network has been secured with firewall protection and stressing the need to use discretion." If the law is passed the county would also provide public education that helps outline steps to be taken in order to defend against identity theft.

The potential law raises interesting liability issues. For example, whose fault would it really be if a public hotspot complies with such a proposed law and then later a patron falls victim to identity theft while using that hotspot?

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish