Unsecured WiFi to be outlawed?

According to a new proposal being considered by a suburb of New York City, any business or home office with an open wireless connection but no separate server to fend off Internet attacks would be violating the law. Politicians in Westchester County are urging adoption of the law--which appears to be the first such legislation in the U.S.--because without it, "somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data." Representatives from the county's information technology department drove around downtown White Plains, N.Y., with laptop computers and detected 248 open wireless connections in less than half an hour, the county reported. Half lacked "visible security" features.

The draft proposal offered this week would compel all "commercial businesses" with an open wireless access point to have a "network gateway server" outfitted with a software or hardware firewall. Such a firewall, used to block intrusions from outside the local network, would be required even for a coffee shop that used an old-fashioned cash register instead of an Internet-linked credit card system that could be vulnerable to intrusions. Scott Fernqvist, special assistant to the county's chief information officer, said Friday that he thought "the law would apply" to home offices as well.

The proposed law has two prongs: First, "public Internet access" may not be provided without a network gateway server equipped with a firewall. Second, any business or home office that stores personal information also must install such a firewall-outfitted server even if its wireless connection is encrypted and not open to the public. All such businesses would be required to register with the county within 90 days.

CATEGORIES: 1legal, 1compliance, 1wireless, 1data privacy