News 

Andy Spano, county executive of Westchester, has submitted a bill that would require locations such as Internet cafés with public access points and businesses with wireless networks to ensure that their networks are secure.

'People don't realise how easily their personal information can be stolen,' Spano explained. 'All it takes is one unsecured wireless network. Your credit card number, social security number, bank account information - it's all vulnerable if a business that collects that information hasn't taken the proper steps to protect it. Somebody parked in the street or sitting in a neighbouring building could hack into the network and steal your most confidential data.'

To prove his point Spano and Norman Jacknis, the county's chief information officer, took a half hour war drive

ADVERTISEMENT

around the city of White Plains looking for unsecured networks via their wireless-enabled laptop. Around half of the 248 networks they encountered were insecure.

The proposed law would require all businesses that use wireless networks and maintain personal information to have 'secure networks' that protect the public from potential identity theft and other potential threats such as computer viruses and data corruption' and would have to file a note of compliance with the county. Businesses that offer public Internet access would be required to post a sign stating that the network has been secured with firewall protection and stressing the need to use discretion.

'Wi-Fi is a wonderful technology if used wisely,' said Jacknis. 'Protecting your computer involves little to no cost. Setting up a Wi-Fi network with basic security takes just a few minutes and there are available free or low-cost personal firewalls to stop intruders from gaining access to your personal computer.'

Although we know of no similar provisions anywhere else, legal action was recently taken in the UK after a man logged onto an unsecured domestic Wi-Fi network. Gregory Straszkiewicz was fines £500 under the 2003 Communications Act for dishonestly obtaining an electronics communication service and possessing equipment for fraudulent use of a communications service.