Local govts. target Wi-Fi piggybacking

In New York and California, local governments are passing laws aimed at stopping people from piggbacking on open Wi-Fi networks, Network World reports.

Last October, the local government in Westchester County, N.Y., began enforcing a countywide law requiring all commercial businesses to secure their WLAN access or face fines. It also requires any Westchester County businesses offering public Wi-Fi access to the Internet to post an official sign on the wall that advises the user to “install a firewall or other computer security measure.”

The county is worried about piggybacking because, says county CIO Norm Jacknis, “On these networks, there’s unfettered access to confidential data, and we have a problem with that.”

Jacknis says a small number of businesses caught with unsecure Wi-Fi exposing sensitive data have been cited for violations under the law, but so far none has failed to correct the discovered problems. Under the new law, a second violation would lead to a $250 fine and a third and succeeding violation a fine of $500.

The state of New York is considering similar legislation, but some people find the whole idea pointless.

“It’s silly, because wireless doesn’t stop at the wireless site,” says Mark Rasch, chief security counsel at Omaha, Neb.-based security services firm Solutionary. “If you’re sitting outside, you won’t see the sign. A better approach would be a screen shot when you log in at the start.”

Laws are necessary because piggybacking is probably not illegal. “When it comes to piggybacking, it’s not clear it’s illegal, not clear it is legal,” Rasch says. “Is lack of security in this case an invitation to come in? We don’t know if what we’re doing is participating in a broad experiment or committing a felony.”

Meanwhile, California has passed the “Wi-Fi User Protection Bill,” which tries to pressure manufacturers to provide security warnings and advice in products they sell.

AB 215 offers WLAN vendors a choice of: putting a security warning sticker on the wireless router; presenting a screen message after the router is successfully installed that it’s time to secure the network; or securing the wireless LAN through a service. Users don’t have to apply security measures; they just have to be informed in some way about risks.

When California passes such legislation, it effectively legislates for the entire country because, for manufacturers to comply with the state's law it might as well change all of their equipment.

“California is obviously so big, you need to make the change for all your products,” says David Henry, director of product marketing for consumer products at Netgear. “We’re already compliant with the California law.”

Netgear chose to add a step in the WLAN router installation process advising customers to activate the security protocols WPA-2 or WEP, which are Wi-Fi Alliance standards. “Our message says this will prevent unauthorized access from your neighbors,” Henry says.