Ryan lives in Westchester County, where clueless lawmakers are proposing to bust people who provide open WiFi networks unless they deploy unreliable, expensive captive portals and known-compromised wireless security technologies. He sent his elected reps a letter and they sent back a lame-o response that shows that they really don't get it.
The lawmakers defend their proposal to legislate specific network configurations and routing equipment on the grounds that people who use open WiFi networks to send personal information in the clear are vulnerable to identity thieves. I agree that this is a giant problem, but wireless "security" doesn't solve it. The security measures that can solve this are hard and complex — ISPs need to give you SSL-based email so your passwords aren't in the clear. Any site that requires a password or a valuable cookie after the password is given should also use SSL. Users should use tunnels or other methods to secure private comms where possible.
All of this is complicated and all of it is a market opportunity for service providers who want to sell products and services to people who use insecure networks (e.g., the entire Internet).
But if Westchester's lawmakers want to mandate "security" so that users don't end up in a fool's paradise, sending sniffable data while believing it's private, then this won't solve their problems. The security measures that Westchester mandates won't stop identity thieves with rudimentary technology expertise. A user who relies on Westchester's mandated "security" inhabits a fool's paradise just as foolish as the users of "unsecured" services.
(Thanks, Ryan!)
