Politicians in Westchester County are urging adoption of the law--which appears to be the first such legislation in the U.S.--because without it, "somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data," County Executive Andy Spano said in a statement.
The draft proposal offered this week would compel all "commercial businesses" with an open wireless access point to have a "network gateway server" outfitted with a software or hardware firewall. Such a firewall, used to block intrusions from outside the local network, would be required even for a coffee shop that used an old-fashioned cash register instead of an Internet-linked credit card system that could be vulnerable to intrusions.
Scott Fernqvist, special assistant to the county's chief information officer, said Friday that he thought "the law would apply" to home offices as well.
"It was just introduced; it's a draft," Fernqvist said. "We're hoping it's enacted early next year, but this can change."
The proposed law has two prongs: First, "public Internet access" may not be provided without a network gateway server equipped with a firewall. Second, any business or home office that stores personal information also must install such a firewall-outfitted server even if its wireless connection is encrypted and not open to the public. All such businesses would be required to register with the county within 90 days.
The proposal echoesand in that are being considered in the wake of recent security problems involving Bank of America, payroll provider PayMaxx and Reed Elsevier Group's LexisNexis service. But the other proposals tend to follow approaches such as requiring notification of breaches or restricting use of Social Security Numbers--as opposed to regulating wireless links.
According to the Westchester proposal, public Internet access sites also would have to post a sign saying: "You are accessing a network which has been secured with firewall protection. Since such protection does not guarantee the security of your personal information, use discretion." Violations of any part of the law would be punishable with fines of $250 or $500.
Representatives from the county's information technology department drove around downtown White Plains, N.Y., with laptop computers and detected 248 open wireless connections in less than half an hour, the county reported. Half lacked "visible security" features.