Jeff,
I would suggest that you check with some of the quasi-legal groups like
the EFF about "best practices" for this sort of thing. I know that here
at the University that we have a similar sort of set up. We offer free
wireless access for students and anyone else on campus. One thing you
might want to be aware of are the reporting requirements should the men
in blue suits ever show up at your door. These vary greatly by
location, so checking with someone in your area is wise. You may also
want to consult with a law firm that specializes in Tech Law. We have
several here in the Dallas area and you can probably find at least one
at the nearest major metropolitan area to you.
Good Luck!
Jimi
-----Original Message-----
From: Jeff McLaughlin [mailto:JMclaughlin@springsgov.com]
Sent: Tuesday, October 12, 2004 10:11 AM
To: 'security-management@securityfocus.com'
Subject: Synopsis - Legal Issues with providing Free WIFI access to
public
I was the original poster of this thread and thought I would pass on
what I
have learned to date. Thanks to all for their comments both in the list
and
personal.
Much of the advice I received was to contact my legal department and let
them assess the issues. They are, but their expertise is not in
telecommunication and this then requires learning, research and time.
Also,
I have to represent the technical part of the equation as much of the
language is not "user friendly to the non-technically inclined."
My journey has involved:
~ speaking with the police departments computer crimes division
~ speaking with the district attorney's office
~ speaking with other municipalities who are doing the same thing
~ auditors, this post and too many internet searches.
At this point, the questions I have asked have invoked opinions but
really
nothing legally solid that I can write a policy against and breathe
easier.
I have not found or been pointed to the case that provides legal
precedence
or guidance. Yet, this seems like a simple issue and capability that we
would like to provide our customers and we can offer it cheaply
(relative).
In agreement by all is minimally the user should be presented with a
banner/consent page that outlines the terms of service that the user
must
acknowledge and accept. After that, opinions not legalities seem to
guide
the issue.
The two most helpful sources have been the Privacy Protection Act and
the
Electronic Communications Privacy Act (ECPA). Reviewing these documents
is
requiring a partnership between our legal staff and me. We suddenly
have a
new appreciation for each other as I am not used to technical concepts
being
written in a legal manner. A good place to start is:
http://www.usiia.org/legis/ecpa.html
Sorry I could not offer more definitive information. They don't pay me
enough to make this type of decision so I've fully briefed our upper
management and will leave the decision with them. We continue to
research,
investigate and better understand not just the legal issues but slander
issues where our organizations domain (and hence the organization
itself)
can be associated with content, groups or causes that demean our
credibility
and misconstrue what the organization truly represents and values.
Thanks, Jeff
