The San Jose Mercury News reports on a new law in New York’s Westchester County – businesses must “install basic security measures for any wireless network that stores customers’ credit card numbers or other financial information.” The County Executive, Andrew Spano, noted that he could not find such a law in any other jurisdiction anywhere in the world and seemed rather proud of what he imagines is a pathbreaking measure. If Mr. Spano tarried a while to ponder why no other locale has this measure, he would find an obvious reason why – it is plainly a bad law.
Forcing businesses (hotels are likely among those most affected) to ostensibly take care of their customers only ratchets up costs. Most experts believe that dedicated hackers will find a way to bust the supposedly secure networks anyway. And it is the dedicated hackers who, far and away, are responsible for most identity theft. Chances are, by the time governments determine the appropriate level of encryption & firewalls, hackers and technology are eons ahead. It is patently absurd to force hotels (and other businesses) to be nannies to their customers. Instead, the onus should be on prosecuting hackers – who break the law deliberately – rather than hotels who have to keep second guessing the next step from publicity seeking bureaucrats and elected officials.