N.Y. county throws cold water on hot spots

Westchester County, N.Y., has enacted what may be the first law in the nation requiring Internet cafes and other similar commercial entities to secure their wireless networks to prevent identity theft and other computer fraud.

The law, which goes into effect 180 days from today, requires commercial businesses that store, use or maintain personal information electronically – such as a retail store that uses a wireless network to process credit card transactions – to take minimum security measures. County officials said the measures could be as simple as installing a network firewall, changing the system’s default service set identifier (SSID), or disabling SSID broadcasting with minimal effort and little to no additional cost.

“We know there are many unsecured wireless networks out there, and any malicious individual with even minimal technical competence would have no trouble accessing information that should be kept confidential,” Westchester County Executive Andy Spano, who signed the bill into law today, said in a prepared statement. The county Board of Legislators approved the bill April 10.

“It would be nice if these businesses took the necessary steps on their own to ensure their networks were kept secure, but the sad fact is that many don’t,” he added. “That’s why we’re taking it one step further and making it a law.”

The law does not apply to residents who use wireless networks in their homes.

The county Department of Consumer Protection’s Division of Weights and Measures will enforce the law. A first-time violator will receive a warning and 30 days to correct the situation. For a second violation, the business will receive a $250 fine. Further violations will result in $500 fines. The county also produced a brochure and Web site to educate consumers about identity theft.

Spano introduced legislation last fall after a team from the county’s information technology department found 248 wireless hot spots in less than a half-hour in White Plains using a laptop computer. Of the 248, 120 hot spots lacked any visible security and many kept the standard default name of the product, indicating it was a potential target for hackers.

In a related move, the county Department of Public Safety established the state’s first Digital Crime and Investigation Unit, a two-man team dedicated to searching the Internet for criminals involved in identity theft, fraud, pedophilia and cyber bullying.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.