Would you ever run open wifi with no legal splash screen?

[SiegeTheDay]

I was just caught off guard with my director wanting to remove the legal splash screen on our public wifi. Immediate giant red flag popped up, I tried to explain my legal concerns but I am not a lawyer. Ultimately, I do work for him, so what he says goes, but that's what he wants, and I requested something in writing that states I am being directed to remove the splash screen and open it up. He was totally flabbergasted by my concern, and doesn't think that any court would ever 'in a million years' point at us for liability of anything that happens.

He sites that he *never* has to hit accept on a splash screen anywhere, and sites Starbucks as not having one, and thus having one is a symptom of a company being on old technology and stuck in the stone age. Personally, I don't think I have ever been anywhere and used a public wifi and not had to click one. I also don't go to Starbucks.

How would you handle this situation, and/or what references would you point to?

Or am I just way too paranoid?

EDIT> we do have internal wireless networks for employees, etc. that are secured.

 

[AMD_Gamer]

keep it up but make it so his MAC/IP does not see it lol.

 

[SiegeTheDay]

Edited original post. His phone doesn't see it, or shouldn't. He got a new phone, and we havn't put it on one of the secure networks yet. He now is almost refusing to join the employee wireless network.

 

[breadtk]

[edit]

 

[PanzerBoxb]

Also, a decision like this should be vetted by the corporate legal team.

 

[Brak710]

99.9% sure once they decided that IP =/= a person, that having open WiFi is much safer legally.

 

[SiegeTheDay]

I think it's passed. I was planning to address and clarify with him again, but he came by and during a conversation about something else, made a joke about it that made me think he is going to leave it alone. at least for a while.

It was such a relief, I was about to start getting my resume in order

 

[Database]

Wow dude, you are overacting a little bit, don't ya think? It's not like you'd personally be held liable for shit..

 

[Cerulean]

Wow dude, you are overacting a little bit, don't ya think? It's not like you'd personally be held liable for shit..

+ 1

 

[dashpuppy]

+ 1

isn't he trying to avoid being held responsible if some one did get in or use it the wrong way ?

Op, have you tried explaining to him why it is there in non technical way ?

 

[Cerulean]

isn't he trying to avoid being held responsible if some one did get in or use it the wrong way ?

Op, have you tried explaining to him why it is there in non technical way ?

Well, yeah.. legit reasons to be worried ;o

 

[Database]

isn't he trying to avoid being held responsible if some one did get in or use it the wrong way ?

Op, have you tried explaining to him why it is there in non technical way ?

I setup networks for clients all the time and if they want to do something dumb I try to talk them out of it. However, if they disregard my advice and do things their way I don't lose any sleep thinking I'm going to be sentenced to death by what happens. The dude seems like he is about to have a breakdown over the ordeal.

 

[dashpuppy]

I setup networks for clients all the time and if they want to do something dumb I try to talk them out of it. However, if they disregard my advice and do things their way I don't lose any sleep thinking I'm going to be sentenced to death by what happens. The dude seems like he is about to have a breakdown over the ordeal.

true, however getting something in writing is something I too would do..

think of it like this,

say he's installing a firewall / router with wifi, it's secured right now. The client is a legal lawyer and states he wants his clients friends family to use the wifi with out a password. The admin says hey that's not a good idea because blah blah blah ( list the reasons ) the own comes back and says its my network and my buddy said it wont hurt anything blah blah blah..

See where this could go ? I think he is just trying to cover his ass is all, paranoid sure, i would be too, jobs that pay $$ are harder and harder to come by...

 

[Database]

true, however getting something in writing is something I too would do..

think of it like this,

say he's installing a firewall / router with wifi, it's secured right now. The client is a legal lawyer and states he wants his clients friends family to use the wifi with out a password. The admin says hey that's not a good idea because blah blah blah ( list the reasons ) the own comes back and says its my network and my buddy said it wont hurt anything blah blah blah..

See where this could go ? I think he is just trying to cover his ass is all, paranoid sure, i would be too, jobs that pay $$ are harder and harder to come by...

I've been doing this professionally for 12 years and never bothered asking to get something in writing in regards to that. Then again, I'm good at what I do and have good clients so for the most part they do what I say. However, there are times I disagree with something and I've never went to that extreme.

 

[dashpuppy]

I've been doing this professionally for 12 years and never bothered asking to get something in writing in regards to that. Then again, I'm good at what I do and have good clients so for the most part they do what I say. However, there are times I disagree with something and I've never went to that extreme.

what was your option to them then,, did you say no i won't do it. or get some one else to manage & do this from here on in.. ?

 

[metallicafan]

Since I'm assuming that this is in a business environment and that completely removing the open wifi network isn't really an option then I wouldn't be too worried about the legal message. Open wifi is open wifi. People will log on and abuse it (if that is their intention) whether there is a legal message or not. No one is going to say "well since your company didn't have a legal warning, the child porn that was downloaded is IT's fault".

The better thing to focus your time and attention on is the correct security behind the scenes. Make sure that you have the proper prevention and detection controls on the network to monitor the activity and problems that do arise. Network segmentation and proper auditing are essential.

Your director's reasons may be misguided, but you have it in writing that he wants this done and from a security perspective the legal agreement isn't too much of a deterrent and certainly not one that you should rely on to protect you. Best of luck.

 

[SiegeTheDay]

1. No one is going to say "well since your company didn't have a legal warning, the child porn that was downloaded is IT's fault".

2. The better thing to focus your time and attention on is the correct security behind the scenes. Make sure that you have the proper prevention and detection controls on the network to monitor the activity and problems that do arise. Network segmentation and proper auditing are essential.

3. Your director's reasons may be misguided, but you have it in writing that he wants this done and from a security perspective the legal agreement isn't too much of a deterrent and certainly not one that you should rely on to protect you. Best of luck.

This has fairly blown over, with a strange outcome, but to reply, for the sake of this exercise/question/debate:

1. Are you a lawyer or have a reference for precedent that makes this issue not controversial?

2. In this case, we have guest traffic segmented, firewalled, and content-filtered (but there is always a balance between security and usability, there will always be a work-around)

3. That is exactly one of the points, he would *not* give it to me in writing. He approves my paycheck, so what he wants ultimately goes, I can only advise really. But at the same time, I can refuse to execute the instruction and risk my job. Until someone with some legal clout that the company has legal confidence in clears it, I would definitely want it in writing that I was being instructed to remove the banner, and under opposing advise from me.

 

[Protoform-X]

None of us are lawyers, bro. We're network engineers. Wrong forum.

 

[Acer_Sheep]

Yes I would run that, I hate wifi splash screens. Providing free of charge connection should remove the responsibility from you.

 

[SmithyJones]

If the public segment is segragate fully from any trusted network, I don't see any issues.

 

[Sean.hulbert]

BEWARE : As of this year Jan 1st 2012 Executive order of the president>
All Companies running WiFi and do not secure them will be held responsible for its use.
This means that if a hacker uses your WiFi and causes damages or hacks other sites that company will be held liable for all damages as if they hacked it.

 

[Nate7311]

BEWARE : As of this year Jan 1st 2012 Executive order of the president>
All Companies running WiFi and do not secure them will be held responsible for its use.
This means that if a hacker uses your WiFi and causes damages or hacks other sites that company will be held liable for all damages as if they hacked it.

That is the key. As long as a reasonable attempt is made to secure your network (even guest networks), yer golden.

 

[Eickst]

BEWARE : As of this year Jan 1st 2012 Executive order of the president>
All Companies running WiFi and do not secure them will be held responsible for its use.
This means that if a hacker uses your WiFi and causes damages or hacks other sites that company will be held liable for all damages as if they hacked it.

Link?