China's decision to outlaw Wi-Fi must be one of the oddest responses to a security hole that has ever been made. For most people in the security industry, the idea of legally compelling companies to enforce security is nothing new. It is an idea security guru Bruce Schneier has been promoting for many years: 'Liability forces companies to protect the data they're entrusted with.' But when he talks about law, he does not suggest legislating for or against a security standard; he means companies that produce lax security products should be legally liable when those weaknesses are exploited by criminals. For China to respond to a weakness in a standard by banning it is an unrealistic overreaction, as is the demand that companies in China immediately switch to China's new and cryptically named GB 15629.11x standard. With the world watching the international wireless standards as defined by the Institute of Electrical and Electronics Engineers (IEEE), the vast majority of wireless network buyers will continue to follow IEEE standards. This entails buying equipment manufactured in China. To ban the production of 802.11x equipment would send those buyers to Taiwan, Europe, the US or elsewhere. It would not mean the world would adopt the China Broadband Wireless IP Standard Working Group's standards. It is too late to enforce a ban. Instead, what China needs to do is work with the international standards bodies instead of trying to replace them. The weaknesses of Wi-Fi are well known, and many solutions have been put forward. Companies that can afford it can make their existing networks as strong as they like and those that cannot only need to wait till next year to buy 802.11i equipment, which is likely to be unbreakable - for now. In Hong Kong, Wi-Fi's weaknesses were emphasised again last week, when the Professional Information Security Association (Pisa) released its second annual wardriving report, which found that while the number of wireless access points on Hong Kong island had leapt the vast majority were still unsecured. So, while China is worrying about Wired Equivalent Privacy (Wep) security, only 69 per cent of Hong Kong wireless users even bother switching it on. And while the much stronger 802.11g specification has been around for some time, Pisa found few people were using it - just 2.6 per cent of access points in western Hong Kong Island, compared to 9.1 per cent in the east. While the average wireless access point is not strong enough to throw its signal across a road, improved technology means that some of these devices are now sending their signals out a very long distance. Using a powerful antenna based on The Peak, Pisa was able to pick up signals as far away as Sau Mau Ping, more than 10.5km away. Most of us do not mind trusting our neighbours not to hack into our computers but can we trust everyone within a 10km radius? No one who owns an unsecured network can blame hackers if they have their system compromised. While it takes some conscious effort and time to hack into a Wep-secured wireless network, accessing an unsecured one takes none at all. Pisa programme director Leung Siu-cheong said his group consulted with the Office of the Telecommunications Authority before setting out. 'If you connect to the WLAN network, you are breaching the law,' he said. Merely sniffing a network for a response is not. Edward Alder, partner at legal firm Bird & Bird, agrees that wardriving in itself is a harmless pursuit. 'If the info obtained is just info 'about' the network [rather than the contents of specific communications] and it's out there because the company puts it out by broadcasting, there must be an argument that just checking out the nature of the network would not be unauthorised access. It would be analogous to walking past a shop window and ... catching sight of the nature of the computer network that happened to be visible. You'd then know, but not through any wrongdoing, what sort of network the shop had.' Much of the world is content to let strangers browse their networks. If that is the case then surely we should just leave them to it. This is one area in which the market is right. When holes are found in one product, there are enough alternatives for customers to switch. If China wants to use the law to enforce better security, then it should start punishing firms that fail to disclose security issues when they learn of them. The government's role is to ensure that users of technology are aware of its pitfalls and that they have access to safe products. We cannot trust governments to legislate security standards.