By Anne Broache, 7 November 2005 08:30
NEWS
According to a new proposal being considered by a suburb of New York City, any business or home office with an open wireless connection but no separate server to fend off internet attacks would be violating the law.
Politicians in Westchester County are urging adoption of the law - which appears to be the first such legislation in the US - because without it, "somebody parked in the street or sitting in a neighbouring building could hack into the network and steal your most confidential data", county executive Andy Spano said in a statement.
The draft proposal offered this week would compel all "commercial businesses" with an open wireless access point to have a "network gateway server" outfitted with a software or hardware firewall. Such a firewall, used to block intrusions from outside the local network, would be required even for a coffee shop that used an old-fashioned cash register instead of an internet-linked credit card system that could be vulnerable to intrusions.
Scott Fernqvist, special assistant to the county's chief information officer, said on Friday that he thought "the law would apply" to home offices as well.
He said: "It was just introduced; it's a draft. We're hoping it's enacted early next year but this can change."
The proposed law has two prongs: first, "public internet access" may not be provided without a network gateway server equipped with a firewall. Second, any business or home office that stores personal information must also install such a firewall-outfitted server even if its wireless connection is encrypted and not open to the public. All such businesses would be required to register with the county within 90 days.
The proposal echoes a slew of bills in Congress and in state legislatures that are being considered in the wake of recent security problems involving Bank of America, payroll provider PayMaxx and Reed Elsevier Group's LexisNexis service. But the other proposals tend to follow approaches such as requiring notification of breaches or restricting use of Social Security Numbers - as opposed to regulating wireless links.
According to the Westchester proposal, public internet access sites also would have to post a sign saying: "You are accessing a network which has been secured with firewall protection. Since such protection does not guarantee the security of your personal information, use discretion." Violations of any part of the law would be punishable with fines of $250 or $500.
Representatives from the county's IT department drove around downtown White Plains, NY, with laptop computers and detected 248 open wireless connections in less than half an hour, the county reported. Half lacked "visible security" features.
Anne Broache writes for CNET News.com
Comments
There are 6 comments. Join the discussion
1. John Hall
I see the fine traditions of sue first ask questions is still being up held, instead of helping or even explain why or how the just slap you with a bill.
The reality is most likely this lovely little bit of work came from some government ministers mind as a solution to the problem of Wi-Fi hackers and I don’t mean them getting into your network oh no but using your network to hack someone else, this I could cover in more detail but that’s not what I’m here to do today.
For once is any one going to look out for the little guy and help them…guess not poor sod.
2. Steve Berry
With all due respect the "little guy" really does have a personal responsibility to ensure their network is adequately protected/encrypted - they may need to educate themselves.
Note the phrase "Open" connection in the first para. If they leave their connection Open they need to be aware of the possible consequences.
I see absolutely nothing wrong with the approach being taken by NY.
Ultimately, that's the only way we're going to get a "reasonably" secure Network. The element of accountability/responsibility is obviously what's driving this.
3. John Woods
My home wifi network bears the proud SSID 'please help yourself'. If you want to park outside and download mail, surf porn or hack the security services, be my guest.
Do the people who charge for wifi --- like McDonalds --- somehow have a different legal standing if you 'misuse' their equipment because you have paid for the privilege of doing so?
I'm looking forward to being sued by someone who couldn't be bothered to secure their network and got attacked through my router. I could use the publicity. And the grins.
4. David Parkinson
Do they understand technology or are they just playing with buzz words? Are they including in the legislation exactly how these firewalls are configured and what they must do? "Yes officer I know you could do X - I set it up that way. Yes, I do have a firewall as required. It's that box over there and is configured so as not to interfere with any traffic". They should stick to the basic principles (protect this, don't disclose that) and leave the details of "how to" to the system designers.
5. StuBarbour
Are terrorists picking up instructions over your internet connection? I think these laws are damn Right. It occurs to me that all these home networks are open to anyone using their internet connection to access anything on the internet under somone elses name. How are the police supposed to track this?
6. John Woods
Terrorists may well be picking up intstructions via my internet connection. (or from coded free ads in the paper, or via mobile, or whatever).
Of course, I don't support terrorists, or their atrocious activities. But the thought that I should lock my network to assist the police in survellance of all network usage to me sends a chill down my spine.
In all societies so far where the government has had that degree of control, the government has become the 'terrorist'.
I know it's sacrilege to say it, because we must all switch our brains off whenever anyone uses the word 'terrorist', but the most dangerous thing outside my house is the A422. By about two or three orders of magnitude.
Terrorists aim to control what we do in our society by instilling fear in us. Throwing away the hard-won rights we claim to be defending because we are frightened is just assisting them. It's talking tough and being chicken.
Strangely, many of those who now believe we should give our goverments draconian powers are the same who were so (rightly) opposed to totalitarian oppression in Soviet countries. How can their memories be so short?