Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Re: Re: Legality of WEP Cracking
From: "Justin Ferguson" <jnferguson () gmail com>
Date: Sat, 19 May 2007 17:13:55 -0400

Well, if you look at that link and notice that under the 'Wiretap Act'
(AKA Federal Wire and Electronic Communications Interception Act.),
that 'You're probably not in violation if you intercept unencrypted
wifi communications.',  note the 'probably', which tells me that there
most likely is not any case law on the subject as of yet, so which
judge, what you were doing and how much your lawyer costs will have a
significant play on the subject.

Even more, your link is talking more about accessing an open AP, not
intercepting traffic, which is another ball of yawn.

What the 'Wiretap Act' states exactly is that its not unlawful to
intercept traffic that is 'readily accessible to the general public',
whether wifi traffic is 'readily accessible' is arguable and my
understanding (which may be incorrect) is that it relates to
expectation of privacy, which most people sitting at home using their
AP have. Honestly though, its probably a question of law that has not
been specifically ruled on, but if its encrypted then there is very
little question and  illegal, and if its unencrypted and you find
yourself in trouble, I'd say hire a good lawyer and set a precedent
for the rest of us.

Wireless audits are going to be legal as you would be acting on behalf
of a carrier/provider/owner and CB traffic will be covered under a
number of the exceptions listed.


18 USC 2511:

(2)
(g) It shall not be unlawful under this chapter or chapter 121 of this
title for any person—

  (i) to intercept or access an electronic communication made through
an electronic
      communication system that is configured so that such electronic
communication is readily
      accessible to the general public;





On 19 May 2007 13:47:57 -0000, ebk_lists () hotmail com
<ebk_lists () hotmail com> wrote:
Are you sure?


Here is an interesting post:


http://cfp2004.org/blogs/wardriving/archives/000056.html


Makes for some good reading. This is definitely a gray area of the law. Which makes it hard to find concrete examples of what is legal and 
what is not. I'm of the opinion that passively listening to the air is not illegal. I equate it to listening to CB (civilian band) 
radio conversations. If they don't want us to "hear" these conversations, then they need to use encryption. The law comes in 
when you try to overcome any encryption they may be using, if you actually connect to and use the network (theft of service), and where you 
are when you are listening (potential trespassing). Active tools like netstumbler may also be pushing the limits.


If just listening were a crime, we'd all be going to jail when we do wireless audits, because there is no way we can 
limit the traffic we pick up to only the networks we own or have permission for. It is just the way wireless works.


One last thought: what you _do_ with any data you receive may or may not land you in jail as well.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]