By Naomi Graychase
October 19, 2006
Will it lead to more secure home networks?
On September 30, 2006, Governor Arnold Schwarzenegger signed into law California Assembly Bill 2415, which will require wireless home networking equipment manufacturers to warn consumers about the dangers of unsecured Wi-Fi networks. The law, dubbed the “Wi-Fi User Protection Bill,” is intended to prevent the unauthorized sharing of open Wi-Fi networks, and aims to better inform consumers about the risks to their personal information that can result from an unsecured network. The law goes into effect in just under a year, on October 1, 2007.
In order to comply with the law, which was sponsored by Speaker Fabian Nunez, manufacturers of any device that “includes an integrated and enabled wireless access point… for use in small office, home office, or residential settings… [must] include a warning advising the consumer how to protect his or her wireless network connection, a warning sticker, or provide other protection that, among other things, requires affirmative action by the consumer prior to use of the device.”
Of course, since all of the major vendors do some form of this already, there is some doubt as to whether the new law is likely to result in a higher proportion of users taking the time to secure their networks.Phil Belanger, a Wi-Fi analyst as well as a former chairman of the Wi-Fi Alliance, thinks the legislation is unnecessary.
“I don’t think it’s going to do anything of real value,” says Belanger. “They are thinking that they are solving a problem that they are not really solving. With the general problem of securing your home network from outside threats, the wireless piece is one piece of many. People should take other steps, like firewalls, no matter what [type of Internet connection] they have. A warning label? It remains to be seen how effective it is — I mean, how many people still smoke cigarettes, and there’s basically a warning that says, ‘These will kill you.’ I’m a little disappointed that our government spends time on things like that. I wish they would do something more useful.”
Vendors, including Netgear, Linksys and Buffalo Technology, were quick to react in favor of the new law and to emphasize their interest in providing users with easy-to-access security options.
In a press release issued just over a week after the bill became law, Netgear stated that its products “are already designed to meet the basic requirements of the bill and make it easier for consumers to enable security.” The release emphasized the company’s existing tools, including the Smart Wizard Install Assistant and “Touchless” Wi-Fi security.
Brian Verenkoff, product manager at Buffalo, says, “We understand why the bill was created and would have no objections to cooperating with it. For us, it could be an advantageous bill, because it would make consumers more aware about the needs of wireless security, and some of our own security technologies… are extremely user-friendly and easy to use.”
Linksys’s official position is that “a law that helps educate consumers and makes them aware of security options and the risks of unprotected wireless networks is good for the consumer. Linksys supports this initiative and is ready to implement the requirements when the bill becomes a law.”
Kendra Harrington, usability product manager for Linksys, adds, “Since we already have the sticker in place, all we have to do is modify the wording.”
In a move that is not related to the California legislation but seeks the same end, the Wi-Fi Alliance will roll out a new initiative later this fall to simplify the setup of security options, in the hope that by making it easier for consumers to enable security, more of them will opt to do so.
“Linksys is heavily involved in the Wi-Fi Alliance and Wi-Fi Protected Setup,” says Harrington. “That new technology allows an industry standard for all wireless manufacturers to easily set up a wireless network for consumers. Entering a PIN on two devices will create the SSID and the encryption — or using a push button method on your access point and your client — will be an industry standard.”
Belanger believes that, along with raising awareness, making security easier to enable is the key to getting more consumers to choose to protect their networks.
“Some people choose not to [enable security] because it’s too complicated,” says Belanger. “What if I turn on the security, and then I can’t get into my own network? What if I misconfigure my clients? We can overcome that part by making these things easier to use. We can make the secure mode the default mode. In the first wave of clients for consumers, the default mode is the open mode.”
“Wireless is funny because there’s no physical connection—is it on? Is it working? Can I use it? You could be connected to your neighbor’s network instead of your own, and not even know it,” says Belanger. “To address that issue, they made the default open and available so that you would immediately find it. Now I think the trend is to make the default secure and make it easier for users to configure and get into the secure network. The thrust of this Wi-Fi Alliance initiative is to have products come in a secure default mode, so if you do nothing, it’s not just broadcasting open.”
By the time the new California law takes effect, the Alliance’s new industry standard for simpler security setup will have been out for almost a year. Between the two, a rise in the number of home users who turn on security, not just in California but nationwide, seems likely… but it’s not a given.