cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
RV
Newcomer I

Risk / Impact of NOT using AUP / Splash page on public WIFI

Probably the most stupid question on the forum 🙂 as we all know you should present a splash page with the acceptable usage policy to users while providing public wifi to your customers.

 

Unfortunately, my C-suite claims this is against there business model. They want the customer to access and use the WIFI as easy as possible. In addition more, a returning customer - even our business location - must be able to access the WIFI (on all our locations). This is wolr wide (US, Europe and Asia).

 

To have a better discussion with our legal department, I hope members of this forum could help me is reasons you should NOT providing the wifi in this manner. Of course, the WIFI itself is "not the problem" but, not claiming how you should expect it will be used AND no ability to track identity (and therefore pin to a person in case something illegal happens) could bring the company at risk. BUT, how big is this risk? Is it a penalty of a certain amount of $, or is it a blank check?

 

So, hope from some help in this. OR, that somebody could provide me with some backgrond infro that the risk is limited 🙂

 

Thanks

 

 

4 Replies
Troy_Fine
Newcomer I

I don't know the legal implications, but do you have a way of testing the C-SUITE theory on a test location to see if usage actually goes does because of a splash page. Pretty sure my biggest gripe with public WIFI is when its slow and unstable, not the splash page. If you have fast and stable internet, your customers won't care about the splash page.
RV
Newcomer I

Thanks, the speed of the Internet and the stability of the connection is ok. No one complains and is very happy. y worries are regrading the liability part. What if a breach to another network is sourced from ours or illegal content is published via ours. We have nothing in place to find out who did it OR saying it is not allowed? In such a case - my opinion - we are fully liable and probably the cost should recover from the company AND probably, our name will be in the newspapers.

 

So, I'm not worried about performance (it's pretty good :)), and not worried if a customer should or should not have a problem with the splash page. It's more related to the liability and reputation impact if something went wrong.

Troy_Fine
Newcomer I

I understood your point of view on risk/liability - what I was suggesting was a way to convince upper management that a splash page doesn't reduce usage and therefore isn't an inconvenience to customers, since all they care about is convenience. What data are they basing that claim on? Your legal team should be driving this requirement with input from security, rather than the other way around. Chances are your CSUITE will do whatever legal says to do in this situation.
denbesten
Community Champion


@RV wrote:

...present a splash page with the acceptable usage policy to users while providing public wifi to your customers .... To have a better discussion with our legal department,


Not stupid.  Domain-related questions for which you are honestly seeking input are always welcome here. 

 

I don't know how effectively a spash screen reduces legal or reputational risk, but I do know that lawyers and public relations specialists can probably answer that better than any of us. They are the ones that will need to clean up the damage if something goes awry, so they ought to own the decision.

 

Instead of trying to get them to endorse your opinion, your goal should be to help the lawyers and PR staff make the best informed risk decision on behalf of the company.  I would start by posing a few scenarios, such as:

  1. Teens offending other customers by watching pοrn in the store. 
  2. Threats made against the President.
  3. HD-Netflix starving other customer's bandwidth.
  4. Bad actors setting up rogue access points that look like ours.
  5. Illegal activity being initiated from your IP address space.

Then, I would pose a few mitigations, such as splash screens, url filtering, rate limiting and mobile data signal boosters instead of guest wifi,  Maybe even a chart that shows how each effectively each mitigation addresses each scenario.