DME ResourcesSecure your hotspot or face a fine is the gist behind Westchester, NY's countywide law requiring all commercial businesses to secure their WLAN access points. Various news articles indicate that the state of New York is considering similar legislation (See ZDNet article dated 1/9/2007). Westchester's concern is "On these networks, there's unfettered access to confidential data, and we have a problem with that." Personally, I have a problem with county taxpayers funding the task of enforcing such nonsense.
There are other concerns to support Westchester's position, but "unfettered access to confidential data" in my opinion does not justify the expense associated with creating and enforcing their new law. Take for example cordless phones, another wireless device purchased and deployed by the consumer/business that connects to a worldwide public network. Years ago, all cordless telephones were completely unsecure, allowing anyone within range to covertly listen in on all transmissions from that device. Many people and businesses still use unsecure cordless phones, some unknowingly. Undoubtably confidential information is being passed with the use of these devices (e.g. credit card numbers, patient histories, and other customer data), and they're even more unsecure because there's no use of security or encryption within the public network that can further prevent this disclosure (such as SSL encryption when processing credit card transactions online).
Do we or should we have local or state laws to ensure that consumers/businesses only use secure cordless telephones? What about the analog cellular telephone network (AMPS)? This used to be the consumer's only option, and it too is/was completely unsecure. Granted eavesdropping is illegal, whereas "stealing" bandwidth from an unsecure hotspot is still sort of a gray area legally. Eavesdropping or wiretapping laws, however, do not require government to go out and actively "police" the public's use of technology. The fact of the matter is that in both of the analogies above the onus remains on the consumer or business using the technolgoy. They chose to purchase and use a particular piece of equipment and the related technology, and disclosure of any confidential information through its use is therefore their responsibility.
If lawmakers are going to spend taxpayer dollars on the issue of securing wireless access points, personally I'd rather see them put the onus on the manufacturers. California is doing just that with their "Wi-Fi User Protection Bill". It would seem that in most cases manufacturers could either implement the security measures by default or provide warnings to the consumer at little to no cost.
While I completely disagree with Westchester's Wi-Fi law and am not convinced that California's is absolutely necessary, I know both have good intentions. There are several issues to consider here though, including our freedom to buy and use technology how we wish so long as we're not maliciously harming others, and the ongoing expense associated with enforcing these laws. The fact of the matter is that these types of technologies will continue to progress, and our citizens will indeed continue to become more dependent on the Internet for both individual and business use as they do. Just my two cents, but I'd rather see the government spend the time and money they've allocated towards these efforts educating consumers rather than policing them.
