Secure your hotspot or face a fine is the gist behind Westchester, NYs countywide law requiring all commercial businesses to secure their WLAN access points. Various news articles indicate that the state of New York is considering similar legislation (See ZDNet article dated 1/9/2007). Westchesters concern is On these networks, theres unfettered access to confidential data, and we have a problem with that. Personally, I have a problem with county taxpayers funding the task of enforcing such nonsense.
There are other concerns to support Westchesters position, but unfettered access to confidential data in my opinion does not justify the expense associated with creating and enforcing their new law. Take for example cordless phones, another wireless device purchased and deployed by the consumer/business that connects to a worldwide public network. Years ago all cordless telephones were completely unsecure, allowing anyone within range to covertly listen in on all transmissions from that device. Many people and businesses still use unsecure cordless phones, some unknowingly. Undoubtably confidential information is being passed with the use of these devices (e.g. credit card numbers, patient histories, and other customer data), and theyre even more unsecure because theres no use of security or encryption within the public network that can further prevent this disclosure (such as SSL encryption when processing credit card transactions online).
Do we or should we have local or state laws to insure that consumers/businesses only use secure cordless telephones? What about the analog cellular telephone network (AMPS)? This used to be the consumers only option, and it too is/was completely unsecure. Granted eavesdropping is illegal, whereas stealing bandwidth from an unsecure hotspot is still sort of a gray area legally. Eavesdropping or wiretapping laws, however, do not require government to go out and actively police the publics use of technology. The fact of the matter is that in both of the analogies above the onus remains on the consumer or business using the technolgoy. They chose to purchase and use a particular piece of equipment and the related technology, and disclosure of any confidential information through its use is therefore their responsibility.
If lawmakers are going to spend taxpayer dollars on the issue of securing wireless access points, personally Id rather see them put the onus on the manufacturers. California is doing just that with their Wi-Fi User Protection Bill. It would seem that in most cases manufacturers could either implement the security measures by default or provide warnings to the consumer at little to no cost.
While I completely disagree with Westchesters Wi-Fi law and am not convinced that Californias is absolutely necessary, I know both have good intentions. There are several issues to consider here though, including our freedom to buy and use technology how we wish so long as were not malicously harming others, and the ongoing expense associated with enforcing these laws. The fact of the matter is that these types of technologies will continue to progress, and our citizens will indeed continue to become more dependant on the Internet for both individual and business use as they do. Just my two cents, but Id rather see the government spend the time and money theyve allocated towards these efforts educating consumers rather than policing them.