A proposal made earlier this month in Westchester County, NY would require all commercial wireless internet access points to have a firewall to “secure and prevent unauthorized access to all private information that such entity may store” and post a sign stating: “You are accessing a network which has been secured with firewall protection. Since such protection does not guarantee the security of your personal information, use discretion.” Responding to criticism, Westchester County Executive Andy Spano has written a rebuttal encouraging readers to read the legislation and attempting to clear up some misconceptions about the law. I don’t know how far the FCC would let this go, they usually don’t take kindly to local government interference. The legislation seems to be aimed at getting businesses to secure their networks but is legislation really an effective tool for getting this done correctly?
This just goes to show what happens when legislators attempt to use technology words (FIREWALL) in legislation. Clearly, New York should work proactively to clarify that wireless networks need to be secure to a reasonable level, and not open to inviting transient Windows XP clients to auto-associate. I believe you should create an incentive for any security-related technology legislation; otherwise today’s secure network will become tomorrow’s wide-open network when the business sector fails to keep up with legislation.