Guest/Public Wifi Hotspot Solutions

[Armageus]

Just looking to revisit our guest wifi solution and wondering what everyone else uses?

Currently using the free version of Untangle with Captive Portal enabled to allow login via Google/Facebook/Microsoft accounts, which seems to work ok for the most part (aside from the odd iPhone seemingly able to bypass the captive portal).

When I originally set it up I was led to believe accountability was a requirement (in terms of being able to identify a user's traffic e.g. if requested by the police - e.g. for terrorism/child porn etc)

If this is the case, then how are companies getting away with offering "open" wifi (as I'm sure some of the wifi offered by the likes of Mcdonalds etc has been recently).


Potentially looking at 20+ AP, 500+ Users/Devices on site at any time, so would ideally prefer a self hosted/open source solution if one exists.

 

[Audigex]

I haven't seen properly "open" WiFi in the UK for a few years now, at leat where it's been done deliberately. McDonads, Starbucks etc all require some form of login

However, that doesn't mean you need to gather person-identifiable information, just that you have to have some way of identifying them (and differentiating their data from others) and passing that onto the police. Something like a Google account should be enough for that.

In fact, the main concern isn't "I can pass the culprit's actual personal information onto the police" (although, of course, that's soemthing you'd probably want to do)... rather, the concern is *proving that you are not the culprit*. You don't need to be able to prove who *did* do it, you just need to be able to prove that *it wasn't you*.

Rather than taking other's word for it though, I'd suggest taking an aftrernoon to take a look at the legislation yourself (assuming that you don't want to seek legal advice)

- The Data Retention (EC Directive) Regulations 2009: this implemented European Directive (2006/24/EC), which was later struck down by the ECJ, but the UK government claims that the UK law still stands and you probably want to assume it does until proven otherwise
- The Digital Economy Act 2010 (DEA2010)
- And the January 2004 Code of Practice (Voluntary Retention of Data) which, as the name suggests, is voluntary... but worth following because it dramatically reduces the chance of you having problems if you can show you've followed it

Also of interest would be the Ofcom's "DEA Initial Obligations Code" which helps to define who takes responsibility for what

In short, though, you would be *very* well advised to follow the January 2004 code of practice and ensure that you're protected from the Digital Economy Act 2010 (essentially, by being able to demonstrate that you are not the responsible party.