Westchester County passes WiFi security law
Late last year we told
you about Westchester County
Executive Andy Spano's law, which proposed making it illegal for Westchester County business to have open WiFi.
Well, guess what: it passed. Granted, we've learned a few things about this law that makes us a little less sketch; for
example, it only applies to WiFi networks of businesses that store customer credit cards or financial information -- or,
to a lesser degree, cafes and hotels and the like, which if operating an open WiFi hotspot, must now post signage
advising patrons to use a firewall and be wary of their network security. And even when the law goes into effect in six
months it'll just be wrist-slaps: a third-offense business risks receiving a paltry $500 fine. Granted, we have no idea
how Westchester plans to enforce scofflaw companies who won't change their default SSIDs (how you gonna identify who's
got the Linksys?), install firewalls on servers, and implement WEP or WPA crypto, but we will definitely be keeping an
eye out for city positions that read something like: "looking for hacker experienced in wardriving and snarfing /
must know kismet, snort, nmap, like tools."[Via Ars Technica]
Filed under: Wireless
Reader Comments (Page 1 of 1)
Ronnie @ Apr 21st 2006 4:27PM
I live in westchester, this doesn't seem like that big a deal. Its probably a godo thing considering there are alot of big bunsinesses with alot of people's personal info in the area.
Ryan D. @ Apr 21st 2006 4:30PM
That's actually not a bad idea. While I detest the idea of applying laws to who can and cannot have a network and broadcast it to their hearts desire, this isn't really regulating data or access.. it's just a law to defend people against a lack of common sense.
I don't "wardrive" (And I don't know anyone who's still so awed by the concept of wireless internet that they indulge in such novelties) but I did happen to have my laptop on the ride home a few nights ago. Travelling a mile down a fairly built up stretch of road here in Ft Lauderdale, I found ~250 networks using NetStumbler. I didn't connect to any of them mind you, I zipped by too quickly even if I wanted to try - I did want to see, however, how many showed up with default SSIDs or without any encryption whatsoever. Startlingly enough, I found that about %75 of them were insecure, and likely easily exploited.
Granted, the security that is available is ultimately paltry and easily cracked, at least this might keep people from blindly setting up a network upon which secure information may be stored, and leave it wide open for any snot-nosed script kiddie who learned a new trick, reading 2600 at the book store. My only concern is this - just how are they going to determine who is violating this? Who will report it? Will the police actively search for open networks and then determine who the offending party is with a signal strength detector? Will they/should they obtain warrants to do this? Or will they just sniff packets until they find the relevant information?
Karl Robstad @ Apr 21st 2006 4:39PM
Westchester has almost no hotspots. just starbucks.
AndrewNeo @ Apr 21st 2006 4:44PM
Just for kicks, when I'm in the car I'll turn on my PocketPC and open WiFiFoFum. We can drive a mile and find fifty access points, almost all of which are open, and a lot with the default names. Once I found an access point renamed to "SECURE ME!". Fun stuff.
Hector @ Apr 21st 2006 4:45PM
Oh yeah, leave it to Westchester County to enact something like this. We have probably some of the dumbest laws in the book, sometimes I just wished I didn't live in this place!
daz @ Apr 21st 2006 4:49PM
The house over the road from me has unsecure wireless network....i tried to teach them to secure it by changing the name to SECURE TO STOP HACKERS and then added basic security so that they would actualy secure it. The next day i check if they had and no, they had just simpely reseted the router. Some people will never learn
Lawry @ Apr 21st 2006 4:53PM
If they don't learn, then don't bother trying to teach them, they never will.
Mike @ Apr 21st 2006 5:07PM
"Oh yeah, leave it to Westchester County to enact something like this. We have probably some of the dumbest laws in the book, sometimes I just wished I didn't live in this place!"
The law actually sounds like a good one. What is your problem with it?
Oddmanout @ Apr 21st 2006 9:47PM
It will indeed be quite problematic to 'enforce' this law. But, that may not be the point. Very few of the laws in this contry have anything to do with crime prevention and everything to do with prosocution. If a hacker/malcontent/terrorist/spammer jumps on someones unsecured wifi and does their dirty internet deeds, the owner/manager of the wifi network can just shrug their shoulders and say "I didn't want that person on my network. I'm just as much a victim in this as anyone else..."...this has happened before.
This law probably is designed to make that territory/situation a little less ambiguous in the courtroom. Now it's in writing that you ARE responsible for your network, and you ARE OBLIGATED to secure it (in the corporate sector anyway)...no more of this "I didn't know how to...". You are required to know, and to do. End of story.
Kinda sad that people (and since this is focussed on businesses, we're talking about PROFFESSIONALS) need to be threatened with a criminal record and monetary fines to take 10 minutes to read their user manual and do something that they should do for their own protection anyway...
Scott E @ Apr 22nd 2006 2:15PM
Here's a question, I thought the FCC was the only one that could regulate and mandate how anything wireless operates? Are they applying authority where they have none? If they are so concerned about security, why not mandate that companies switch to a more proprietary wireless method? Better yet, will the local government be providing funds to assist in securing the networks, since they are mandating it? And even better, what defines the minimum level of security? Its too ambiguous - if you're going to make an law it has to be exact (i.e. noon to 2PM no watering of your lawns not don't water your lawns during midday).
If an company wished to put an open ethernet port outside of their building would this law prevent it? A company is a private entity that will have to answer to its customers (and ultimetly to the government) if confidential information is leaked, but honestly, you're more likely to have your identity stolen by the sales person who takes your CC info over the phone or from employees in a store that still uses that good ole carbon paper swipe method.
My next question is: So where is the law mandating that cookies be removed from the computer every minute to ensure that confidential user information is not stolen?
Marty @ Apr 22nd 2006 5:30PM
What are the dangers of having an open WiFi network?
Meaning, I have a D-Link 802.11b wireless network in my condo that I leave open and it has a signal range to across the street to a park (not heavily populated, I live in a smaller town). I've always done this so that others in the neighborhood can use by bandwidth when I'm not using is because I pay for the DSL either way. Kind of a way to promote more WiFi coverage. A lot of my neighbors do the same, but, I guess, I've never really looked into what the dangers are. So, what are the dangers? I'm running Windows XP on a Dell and it is a personal computer - i.e. has some of my personal data on it, but not a repository for lots of highly sensitive info. Should I clamp down and shut off the open access?
einsteinx2 @ Apr 23rd 2006 2:37PM
@Marty:
I think it is good what you are doing and that you don't let scare tactics about hackers frighten you from sharing your internet access.
Honestly I think the chance of an experienced enough hacker happening to hop onto YOUR hotspot and begin to hack YOUR personal computer are a lot slimmer than an experienced hacker coming across your computer on the internet and doing the same.
As long as you take the same basic precautions you should be taking anyway just because you are on any network -- not having shared drives with no passwords, using a basic firewall, making sure extra uneeded ports aren't open) you are quite safe.
Anyone that thinks I am incorrect is free to post their opinion.
George @ Apr 23rd 2006 7:24PM
I live in Westchester. This is classic Westchester nonsense to make it look like they know what they are doing. Trust me, the legislators have NO clue what they were really voting on, whether it was even POSSIBLE to enforce this regularly. It just looks good for the evening news. Now I have to deal with the damn log in issues in my office as we run wifi routers instead of paying the union to run cables when we moved in. Thanks Mr. County Exec Andy Spano, you just lost my vote. Try asking some people who really knows something instead of checking in with your political consultants. Ha ha!
RJ @ May 13th 2006 2:53AM
Well thats a little better news, but having to put warnings about wi-fi security is about as dumb as having to put cautions on a coffe cup when you ordered it hot to begin with.
PCtechz.com @ Aug 13th 2007 10:10AM
Marty to answer your question sharing your wifi connections can cause your service to slow down in speed because other are using your bandwidth. Also when some one is connected to your router that means they are connected to your network which can lead to others seeing files they are not suppose to see. I have acctually received a couple of computer service calls since this this law was announced. Having an encrypted wireless connections is very important and very easy to setup. If any one has questions or needs advice feel free to visit my website and drop me an email.
Regards,
John R.
http://www.pctechz.com