Cyber Security Industry Alliance Newsletter •  Volume 3, Number 1  • September 2006

CA Ratifies Wi-Fi Notification bill

California's state assembly requires makers of Internet access gear to warn consumers of the risks of using unsecured wireless connections


Every year millions more consumers in the United States and worldwide buy Wi-Fi routers in order to turn home broadband cable or telephone links into wireless links, providing Internet access to any computer in the nearby vicinity.

The California state legislature has passed a bill to help educate and protect the personal information of consumers who access the Internet through a WiFi router. AB 2415, or the "Wi-Fi User Protection Bill", introduced by Speaker Fabian Núñez (D), calls for Wi-Fi router manufacturers to warn consumers against "piggybacking," or unauthorized sharing of wireless access.

Most Wi-Fi users ignore security options when setting up wireless gear, leaving their computer networks open to nearby residents or occasional passersby. This practice can also expose users to the threat of hackers invading their computers and grabbing personal data.

Under the new law, manufacturers have four options for labeling Wi-Fi routers. They can put stickers on the boxes, include warnings in setup software, require some specific action when setting up the router or create another process that automatically secures the connection without consumer effort. Most equipment makers can comply with the law with only minimal changes to their user instructions. If the bill is signed by Governor Schwarzenegger, equipment sold after October 2007 will be required to protect consumers in this way.

The Wi-Fi Alliance, an industry trade group, endorsed the legislation.

California laws often become effective national standards, since it is too expensive for manufacturers to produce multiple versions of the same product. In this case, the manufacturer's cost of implementation is small, but the potential payoffs — including reduced liability risks — are large.

Significantly, this bill places an onus on manufacturers to help protect their customers' personal information, and reminds consumers that they are responsible for protecting themselves against home data breaches.