General discussion

Locked

Should providers of unsecure Wi-Fi hotspots be fined?

By Why Me Worry? ·
I'm sure we have all seen groups of college students, business people, teenagers, even senior citizens all using their laptops to surf the web using the wireless networks available in places like Starbucks, public libraries, shopping malls, and other retail stores. These wireless networks employ no encryption or security and are basically an open door for anyone smart enough to know how to steal personal information by using a simple sniffer program. This raises a legal issue and begs the questions "Should the provider of the unsecure Wi-Fi hotspot be held liable if someone has their identity stolen by using that hotspot?". Yes, users are uneducated about wireless security and should not be expected to know what WEP or 3DES enryption is, but at the least, these places should display a warning to users of wireless laptops that they are wirelessly surfing the web at their own risk. I'm lobbying my state officials for such a bill to hold places like Starbucks and Atlanta Bread Company liable for what I deem as promoting unsafe computing habits. Do you agree or disagree on holding Wi-Fi hotspot providers liable if someone has his/her identity stolen?

This conversation is currently closed to new comments.

63 total posts (Page 3 of 7)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Much like fences

by Jessie In reply to That wasn't my point

Fences are put up to keep honest people honest, not to keep criminals away... criminals are the reason you get a monitored security alarm.

Pleading ignorance never works in the court of law, unless you've got a LOT of money.

Collapse -

No longer true

by gralfus In reply to I would...

I was able to successfully do a man-in-the-middle attack on my own network and from my other computer visit "secure" https sites with the padlock icon, and intercepted all logins and passwords. I could even remotely watch the websites being viewed.

The padlock doesn't mean a lot if the network itself is compromised.

Collapse -

I recently saw a warning

by mdhealy In reply to This is tough

In a hotel room recently, before it would let me access the internet I had to acknowledge a lawyer-written page that basically said, you're about to access an inscure network, if you don't take appropriate security precautions the hotel cannot be held responsible for the likely consequences. Of course many people *don't* take appropriate precautions -- from where I'm sitting right now I can see seven wireless routers including mine, and two of them don't have security turned on. Actually, it's an improvement that only two of my neighbors are wide-open, until recently four of them were.

Collapse -

A sign or table top warning

by zlitocook In reply to Should providers of unsec ...

Would be fine, I agree with what every one has said to a point. ID theft, computers being stolen, wireless is not secure and tons of other stuff has been in news papers, magazines, TV it is every where. People have seen or heard about all of this, if they have not then they should not be using a computer. Because like any device when you buy it you assume reasonability for it.
Like a car, can you sue the company that makes it if it is stolen? How about if you leave it running and the doors are unlocked? That is sort of like a wireless connection; you sit down and turn your computer on. You have no firewall, no encryption, no VPN and maybe no up to date anti virus software. So you started your car in an unprotected area, you leave it unprotected, you leave the doors open and leave your self open to people that can use your ID any way they want.
Sorry rant coming on, almost all computers that you buy have tons of software on them ( I hate that but that?s for another rant) and most of them have a trial version of an antivirus and other things.
With all the media attention on ID theft wouldn?t you thing that every one would buy the software already installed or at least get free programs to protect them?
All they have to do is search, Google or call their ISP and ask. Shoot just walk in to CompUSA or a computer repair shop and ask. But no most people expect the computer they just bought to do every thing and they should not have to do any thing. As for as suing a company for not protecting me, well I could sue the ATM makers if my pin was used by someone other then me, or I could sue Dodge because my mileage is not what they say it should be or maybe Microsoft because I keep getting updates and don?t want to install them.
Ok I wiped the sweat from my forehead and have composed my self now. What do you think?

Collapse -

It's the same old argument.

by TonytheTiger In reply to Should providers of unsec ...

How can you hold one person responsible for the wrongdoings of another?

If you're going to hold hotspot operators responsible for identity theft (if you can even prove that the identity was stolen through that hotspot), then you're also going to have to hold them responsible for other illegal acts that someone who connects through that network might do... like illegally downloading music... or emailing a bomb threat to a school, for a couple of examples. By logical extension, you would then have to hold any ISP responsible for anything illegal their users do.

Sorry, the person who buys the technology is totally responsible for its use or misuse, deliberate or accidental.

Collapse -

User beware

by jdclyde In reply to Should providers of unsec ...

You are still more likely to have a credit card stolen by using it when you go out to eat.

Another threat is someone that sets up their own access point to phish. Had never even heard of it before today. You think it is starbucks access point, but it could really be someone with a wireless card that can switch to work as an access point. The things people will do.

People should still have to be responsible for themselves. There is already too much of people refusing to take responsiblity for their own actins in this sick sue happy world.

Collapse -

No

by TechExec2 In reply to Should providers of unsec ...

I see this as a potential problem, not a real one. I think it is very likely that there are more people who have become sick from eating tainted spinach in the past few weeks than people who have suffered an actual loss through using unencrypted Wi-Fi hotspots. [no stats, just an illustration for my point]

Providers of unencrypted Wi-Fi hotspots should not be fined. And, I would not be in favor of some law governing how these hotspots are run. I don't think there must be a law for every harm that might befall a member of our society, especialy when the hotspots are run by private companies and the users are private users.

On the other hand, providers of unencrypted Wi-Fi hotspots should be admonished to admonish their users about best security practices and the risks of using the hotspot. This should come from within the industry and from people like us here on TR.

There is a place for government regulation. But, the government does not have to regulate every corner of the landscape.


P.S. Great thread, by the way!

Collapse -

The basic idea has merit but this method is wrong

by Deadly Ernest In reply to Should providers of unsec ...

Plenty of people have and use computers without wireless capability, they learn how to use it, then they adda wireless card without knowing the issues. If you feel that someone MUST provide advice on these issues to the general user, then it should be the people making the wireless capability possible. Make the wireless card manufacturers responsible for including a small brochure about the dangers with their products. if a new computer has wireless then it is part of the paperwork shipped witht he computer.

If the purchaser chooses not to read it, then that's their problem.

From a business perspective if you increase the cost of providing a service, and it becomes non-profitable, then I no longer provide it. Then someone provides a blackmarket service.

At present when McDonalds provide a wifi access, they do some checks on the quality of the service and how often it's used. If they suddenly stopped doing that, because you just upped their liability insurance, they will stop checking the area. Someone else can then set up a fake McDonalds access site, and start collecting personal info. In the current environment, they can't do that as the McDonalds staff check the service quality on a regular basis and would detect the fake access.

No law in the world can stop people being lazy or idiotic or criminal.

Collapse -

Take one example: Starbucks

by -Q-240248 In reply to Should providers of unsec ...

Just taking one of your examples, Starbucks, there are a few mitigating provisions in place and already some encryption involved. I think you've seemed to have trivialized the mitigations, as in, not mentioned any at all.

First, Starbucks uses T-Mobile. See T-Mobile's security statement:

http://selfcare.hotspot.t-mobile.com/security.htm

Secondly, you have to be a T-Mobile customer to even beging to get on the network in order to snoop around. That's the first mitigation..and the risks begin to fall more after that. The point is that I don't hink the networks are less secure than any public wired LAN network, such as the library, the only difference is that they provide the machine.

Smart people will not put confidential or even personal data onto a public network, period. Usernames and passwords are encrypted and the practice of ensuring smart Internet practices, such as ensuring SSL is on when submitting credentials should apply.

But even though there is mitigation and people should browse intelligently, they should still provide full-time encryption, it can't be that difficult. The average user there should be able to compensate.

Collapse -

I don't want a fine

by NZ_Justice In reply to Should providers of unsec ...

and I have a personal unsecure wifi internet connection. and I'm pretty sure every one else that owns there own personal unsecure internet connection doesn't want to be finded either. leave it the the goverment, normal gov types want to impose useless fines and taxes on people, becuase of "saftey" so eventualy if they can make money screwing there constiuantes they will do it.

Back to Security Forum
63 total posts (Page 3 of 7)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums