California passes Wi-Fi user protection bill

Legislators in both houses of the state legislature voted overwhelmingly in favor or the "Wi-Fi User Protection Bill" to inform users how to secure networks against "piggybacking," or unauthorized sharing of wireless access, said a spokesman for Assembly Speaker Fabian Nunez, who proposed the bill.

Most Wi-Fi users ignore security options when setting up wireless gear and thus expose their computer networks to public view. Leaving connections open allows nearby residents or occasional passersby to share this wireless access.

One survey by the editor of computer products review site TomsHardware.com in 2004 conducted by flying in airplanes low over the city of Los Angeles found less than one-third of the 4,500 Wi-Fi connections detected to be secured.

"The question is, can we legislate away consumer idiocy?" said Paul Debeasi, a wireless industry analyst with the Burton Group based in Midvale, Utah.

"On the face of it, it's like cautioning the coffee drinker that the beverage is hot," said another Wi-Fi industry analyst. "It seems like a solution in search of a problem."

Every year millions more consumers in the United States and worldwide buy Wi-Fi routers in order to turn home broadband cable or telephone links into wireless links, providing Internet access to any computer in the nearby vicinity.

So-called "piggybacking" violates the terms of service of most access providers who supply the underlying Internet connections. It also can expose users to the threat of hackers invading their computers and grabbing personal data.

But such serendipitous sharing among grassroots users has also been a prime driver of the popularity of Wi-Fi technology over the past decade, as users in dense population centers can often count on borrowing Wi-Fi access in this way.

The California bill, which was introduced in April, calls for manufacturers to put warning labels on Wi-Fi network gear to advise consumers in one of four ways.

These can include place stickers on the boxes, including them in the setup software, by taking some specific action when setting up the router or through another process that automatically secures the connection without consumer effort.

The Wi-Fi Alliance, an industry trade group, initially opposed the legislation, but then swung in favor of it.

A spokeswoman for Linksys, the Irvine, Calif.-based company that is the world leader in sales of Wi-Fi gear supports the legislation. Most equipment makers can comply with the law with only minimal changes to their user instructions.

"Anything we can do to educate consumers about the importance of security and the risks that they are open to if they don't utilize the tools that are provided to them, is good for the industry overall," said Linksys spokeswoman Karen Sohl. Linksys is a unit of Cisco Systems.

Only equipment sold after October 2007 would be required to comply with the law, she said.

The bill now goes to Gov. Arnold Schwarzenegger, who must sign it before it goes into law. The California senate passed the bill 53-3 last week. The Assembly voted 51-0 on Tuesday.