Judge In Google WiFiSpy Case Trying To Determine If Packet Sniffing Open Networks Is An Illegal Wiretap
from the it-shouldn't-be... dept
In the consolidated cases against Google for intercepting some unencrypted data passing over open WiFi networks as part of its Street View operation, the judge is now looking to determine if basic packet sniffing is the equivalent of an illegal wiretap. Google, and one would imagine, most people who understand the technology, are arguing that’s silly. The nature of WiFi is that it takes the unencrypted bits and makes them wide open to anyone on that network. That’s how the technology is designed. If you don’t like it, you encrypt. Arguing, retroactively, that seeing the data that is put in the open on purpose is somehow an illegal wiretap seems silly, but that’s what the case hinges on. Hopefully, the judge is either technologically savvy enough to understand this, or can be well educated in the nature of how an open WiFi network works… Otherwise, a lot of people may be facing wiretapping charges for activity that many people consider perfectly normal on a network.
Filed Under: open wifi, packet sniffing, wifi, wiretap
Companies: google
Comments on “Judge In Google WiFiSpy Case Trying To Determine If Packet Sniffing Open Networks Is An Illegal Wiretap”
And walking through a radiation leak is theft of services.
The FBI
Mike,
If the FBI were driving vans around American cities silently sniffing wireless networks, would you approve?
How can we prohibit the government from doing this kind of thing, yet let companies do it (particularly since companies can do it, and then sell the data to the government).
Even though the tools to sniff networks are widely available, I think there are legitimate arguments to be made that sniffing content going across someone else’s network should be considered a violation of the wiretapping act.
Re: The FBI
“If the FBI were driving vans around American cities silently sniffing wireless networks, would you approve?”
I think it would be better if instead of doing it silently they played ‘Turkey in the Straw’ like an ice cream truck. Other than that it is radio traffic that is being broadcast into the air. If no method is used to indicate otherwise i.e. encryption any one should be able to ‘listen in’ with out it being a crime. No whether that can be done by the State without a warrant for use in a criminal investigation may be more debatable, or not.
Re: The FBI
“If the FBI were driving vans around American cities silently sniffing wireless networks, would you approve”
I’m a different Mike, but I would ABSOLUTELY approve. Saying they cannot is like telling the police that they need to wear headphones so they cannot overhear people talking on the streets.
The real problem is even worse. If you have a wi-fi enabled device and you walked past an unencrypted access point, you have also violated the law. Wi-fi antennas pick up all of the traffic and filter out everything except the SID you have enabled (if you have enabled one). At a packet level, everyone with a wireless device is guilty of what Google has done.
Yes, they kept this information rather than immediately filtering it out, but can someone really argue that the length of time a wiretap log is held matters?
Re: The FBI
Do you really think they don’t do that? And do you really think they don’t go ahead and break the encryption if it’s there? After all, if you don’t have anything to hide, why would you encrypt?
Re: The FBI
Let’s put things this way:
Me and my friend go to the middle of the street and start having a “conversation” while shouting as loud as we can. An FBI agent, which has hearing problems, and cannot hear without his hearing aid, passes by. After seeing two people making a weird scene (imagine two nuts shouting at each other), he goes like “WTF?” and turns on his hearing aid.
BAM!
According to you, he goes to jail for eavesdropping. Nice.
Re: Re: The FBI
According to you, he goes to jail for eavesdropping. Nice.
The courts would not agree with this (well, maybe they might in this current day, but they hopefully would get struck down by the Supreme Court.)
If you broadcast that you are committing a crime, and the police happen to hear this broadcast, then they can arrest you and the evidence will not be dismissed, whether you are on the street corner, on the radio, or on the internet. It is different if you are having a private conversation, but broadcasting is not private.
What the defense could argue, in the case of an unencrypted wifi transaction is that like cell-phone and wireless telephones, which have special restrictions in the law when it comes to interception of communications, but that is because these channels may be open, but the conversation carried on these channels are considered private. If a wifi device allows anyone to connect and send/receive traffic, the conversation is hardly private.
But this only effects government eavesdropping and rules of evidence…any private person can eavesdrop to their hearts desire (and in most cases unless they record the conversation or listen to cell-phone/wireless telephones, can do so legally.) The only way to be sure your transactions are secure are to use encryption and monitor sessions…and even then you can never be entirely sure the transaction isn’t being monitored/recorded by a third party.
Re: The FBI
Mr. Soghoian:
The ‘actor’ isn’t the issue here it’s the act itself.
WiFi is a broadcast medium and technology – that is it’s nature and intended purpose – if it’s not encrypted it’s *public* and there are many ramification to ruling otherwise.
And of course this being a class-action, harm should be proven which is very difficult here as well.
So I’m sorry the case against a company you so passionately hate is very weak, but the imagery of vans and the FBI doesn’t really help your case nor credibility.
Re: The FBI
If it was an open, unencrypted network, then I’d have absolutely no problem with them sniffing it. That’s the very nature of having an open, unencrypted network. If a user gets upset by that then it’s obvious they don’t understand technology and should probably have their smartphone/tablet/laptop confiscated for their own protection.
Maybe we need to have something like a Department of Computers and Technology (the DCT – like the DMV) where people have to go get a license before they allowed to use any network-connected device.
/end rant
Re: Re: The FBI
Maybe we need to have something like a Department of Computers and Technology (the DCT – like the DMV) where people have to go get a license before they allowed to use any network-connected device.
I like that. To further this train of thought. Anyone who buys a computer from places like Bestbuy, Dell, Gateway, HP, Apple, etc… they should be sent to a class on how to work with computers.
The feds have done worse, why is it legal for them?
I wonder if any cordless phone eavesdropping laws may apply here. I think those laws probably vary from state to state, but from what I gather, RF scanners used to be able to legally scan any frequency it could. Older RF scanners can still pick up on cordless phone conversations but there are new laws that prevent newer ones from having that ability. To what extent can this apply to Wifi?
Re: Re:
But I think there is a difference between cordless phones and Wifi. In the case of Wifi, most wifi setups have built in encryption options that the user can use. So if you keep it open, it’s not because you had to. In the case of cordless phones, most cordless phones have no such options.
Perhaps a cordless phone eavesdropping law might better apply to someone who has a wifi router without any encryption capabilities and to someone who can’t reasonably afford a wifi-router with such capabilities.
Re: Re: Re:
(but then the feds would have to find such a person who’s rights Google may have violated before going after Google with the argument that this persons rights were violated and they had no better option but to easily enable such a violation of law. Most Wifi Routers at least have WEP though, even older ones, and newer ones come with WPA, so it’s unlikely the Feds will get far).
Re: Re: Re:
I don’t know about the US, but I don’t believe *any* UK WiFi kit ever (and certainly not since it became “consumer” instead of “rich business toy”,) does not have at least WEP capability. OK as encryption goes it’s about the equivalent of a “No Trespassing” sign on a fenceless property, but it *is* at least a go-away sign and whispering instead of the “shouted conversation in the street” equivalence of unencrypted WiFi.
IMO If you don’t put *any* protection of WiFi you can’t claim any privacy over people listening to you shout, if you put up the “go-away sign”, that’s where the law should kick in no matter how easy or hard it is to listen after that.
Re: Re: Re: Re:
Yes, remember we are talking about the country here where putting the most pathetic (computer) security possible on a service/product means that it is illegal to circumvent that.
I totally disagree. Laws exist because some things that are possible (or even easy) to do shouldn’t be done.
If you left your house open, would it be fine for me to get in, make myself a sandwich, read TechDirt and other dirty sites on your PC and spend a night in your bed?
Re: Re:
If you left your house open, would it be fine for me to get in, make myself a sandwich, read TechDirt and other dirty sites on your PC and spend a night in your bed?
You are missing a small point – these were captured from the street (a public place). No trespassing involved. Your analogy fails on the “get in”, the “make myself a sandwich” and the “spend a night in your bed” parts.
The part about reading TechDirt and other sites is close – but you would be standing at the sidewalk watching through a window while someone else controlled the computer.
This is really simple – if you don’t want your WiFi signal being broadcast through your neighborhood, hard wire your computer to your router and shutoff the wireless. No different than cordless phones vs. wired phone.
Re: Re: Re:
No, I don’t miss the point.
Why is trespassing prohibited? It’s easy, you just turn left from the pavement, go to the door, push the handle and you’re in.
It’s prohibited because most people are not fine with it. And it’s the same with wifi snooping.
Another example. Would it be fine if your ISP saved all your browsing history, all your IM chats etc.? You willingly give all this data to them and (unlike with most wifi users) you’re aware you do so. If you don’t like it, you can prohibit them from doing so by using encryption everywhere. So would it be fine for them to save all this data in case they find some use for it?
Re: Re: Re: Re:
No, I don’t miss the point.
Why is trespassing prohibited? It’s easy, you just turn left from the pavement, go to the door, push the handle and you’re in.
Yes, you did miss the point, and by a mile.
Google didn’t go to the door, push the handle and go in. They stood in the street. In public.
If you were standing naked in your living room in front of the great big picture windows with no curtains, would you be upset if someone saw you naked? Well, then don’t stand naked in front of the window stupid!!!
Same issue here. People are broadcasting their wifi signal in public. It is their own fault if others can see it.
Re: Re: Re: Re:
Physical objects and the interactions with them don’t serve as accurate analogies for broadcasting unencrypted bits to the ether.
Re: Re: Re:2 Re:
+1
Analogies are great when you are explaining the basics of a concept, but once everyone understands the basics you should be capable of speaking in concrete language about the subject matter. Anyone who uses analogies in an effort to explain an advanced concept usually does so because they understand the analogy but not the advanced concept.
Re: Re: Re:3 Re:
That can be true. Of course it can just as easily be true that one might use an analogy because one’s audience doesn’t understand the advanced concept. I can explain an advanced concept to someone, only to have them raise irrelevant objections. I can then explain why those objections are irrelevant, but because the audience doesn’t understand the concept, they might respond with what amounts to “nuh-uh, it is relevant”. That’s when the analogy becomes useful as maybe the situation can be simplified to something they understand.
Re: Re: Re: Re:
It’s prohibited because most people are not fine with it. And it’s the same with wifi snooping.
Actually, I am OK with wifi snooping or war driving. I encrypt my wifi with WPA and a 20+ character alpha-numeric password that will take a few years to crack via brute force.
Another thing that you are perhaps missing – you are pushing the wifi signal out into the street – not the other way around.
With unencrypted wifi it’s like putting a table full of cookies near your sidewalk with a sign that says “Free – take one”.
If don’t want people to take your cookies, then don’t put them on the lawn with the sign (ie: encrypt your wifi).
Re: Re: Re:2 Re:
Not so much actually – especially if you’re using the standard “Pre-Shared Key” implementation for home use. Think minutes, hours at best – last time I looked at it and that was a while ago, even WPA-2 wasn’t that hard to break with the right tool.
All that’s kinda beside the point though and that’s where the physical analogy breaks down – encrypt at all even with WEP and you are saying “go away it’s private”. Indeed there are already laws about breaking computer encryption for “copy protection” so dumb though they may be I don’t see any reason that same standard shouldn’t apply to WiFi. On the other hand unencrypted as you say you are literally shouting in the street and shouldn’t have any expectation of privacy.
Re: Re: Re:3 Re:
Not so much actually – especially if you’re using the standard “Pre-Shared Key” implementation for home use. Think minutes, hours at best – last time I looked at it and that was a while ago, even WPA-2 wasn’t that hard to break with the right tool.
Well, getting the info needed to break WPA or WPA2 is easy and only takes minutes to collect. But, the hard part is actually cracking it, since you have to brute force against a dictionary database.
I have (just for education, nothing nefarious) cracked 3 of my neighbors WPA encrypted routers. The first database I ran them against is one with all of the available phone numbers in my area and *tada* all three used their DSL line phone numbers as passwords.
Four others around me I haven’t been able to crack (even against a million word database) because they are using strong passwords with numbers and letters in random patterns.
Re: Re: Re:4 Re:
Rainbow tables (your databases) are a great speedy tool for WPA password cracking. However I was referencing a brute force approach in my post.
Re: Re: Re:2 Re:
Would you be fine too if you learned after the fact that you have been spied upon? I suggest that you read
http://www.techdirt.com/blog/wireless/articles/20110418/15424813942/judge-google-wifispy-case-trying-to-determine-if-packet-sniffing-open-networks-is-illegal-wiretap.shtml#c291
and
http://www.techdirt.com/blog/wireless/articles/20110418/15424813942/judge-google-wifispy-case-trying-to-determine-if-packet-sniffing-open-networks-is-illegal-wiretap.shtml#c364
(Wow, can’t these links be shorter?)
And with the cookies analogy, think about a granny sending cookies from one place in their home to another in their home. It’s clear that if they do their way via the wild, something is wrong and it’s not fine to reach out and take them.
But really, talking about cookies in here is wrong.
1. There are things more important than cookies. Much more.
2. If sb. takes your cookie, you can find out.
3. Cookies are scarce, so taking them is something very different.
Re: Re: Re:3 Re:
Would you be fine too if you learned after the fact that you have been spied upon? I suggest that you read
Look, if my data is encrypted with a strong password then all someone can see is gibberish and I am not worried about it.
Besides, every time anything I do online goes through an AT&T hub, it is being collected by the government anyways. So what you are saying actually happens all day, everyday.
Re: Re: Re: Re:
Originally, 802.11 had no security. Instead it had a place where security protocols could be put if third parties wanted to add them. It was designed to be open. IEEE, who set it up, wanted everyone to be able to see what was going on. It was only later, after seeing some horrible and conflicting implementations of multiple third party security that they added an officially sanctioned extensions for it.
So if someone is looking through what you’re doing on a unencrypted wifi signal… they are doing EXACTLY what they are supposed to be doing by the design of wifi.
I hope this clears up any misconceptions you have, and allows you to extrapolate exactly why your ISP example has no baring on this what so ever.
Re: Re: Re:2 Re:
So if someone is looking through what you’re doing on a unencrypted wifi signal… they are doing EXACTLY what they are supposed to be doing by the design of wifi.
Show me *any* wifi ad that shows strangers sniffing owners’ whole communication. It doesn’t matter what engineers wanted from a technology, what does is what it turned out to be – a major form of doing private communication. It’s terrible on the privacy front, but only like 5% of society knows this. So technology should be improved to better serve it’s purpose. But in the meanwhile there are needed other ways of ensuring that the 5% doesn’t harm the other 95%. In such cases social mores usually work well enough, but in case of Google they didn’t. I don’t know whether what they did was illegal, but it should be.
And I don’t see any difference from ISP in what you told. ADSL and most other popular networking technologies don’t have any security either, 3rd partied are free to add them if they wish so.
Re: Re: Re:2 Re:
And on the topic on engineers’ intentions, I’d like to add that Internet was supposed to be a military network.
Re: Re: Re:3 Re:
And on the topic on engineers’ intentions, I’d like to add that Internet was supposed to be a military network.
Sorry sir, but you failed computer history 101, please head back to school. I suggest reviewing the Wikipedia page for ARPANET and History of the Internet.
The “internet” was designed to be a connection of networks (hence the name Internet is a shortened name for Interconnected-Networks,) some of which were run by the military. ARPANET (which was the precursor to the internet,) was a research and development network, created to link the defense research labs with universities which were doing their work. It was not designed to be a military network, as it was not exclusive to the military (if it was, you likely never would have heard about it or would be using it now.) ARPANET was designed to link the military with universities around the country in order to share the few high-powered research machines that existed at the time. As more and more networks were connected to ARPANET, the name was changed from ARPANET to NSFNET to the Internet.
Re: Re:
A thoroughly inaccurate analogy.
Wifi is a broadcast. If you don’t want people viewing the Wifi traffic you are broadcasting in public then encrypt it.
A better analogy would be … you take all your furniture our of your house and set it up on the lawn. Now, with everything on the lawn, in full public view, would you be upset if someone came over, made themselves a sammich and spent the night in your bed?
Well, you might, but you can’t fault someone for using something that you placed in full public view without placing any restrictions upon their use.
Therein lies the issue … restrictions. If you are broadcasting Wifi unencrypted, you have not places any restrictions upon its use. If you can’t figure out how to encrypt it, that isn’t my problem, just as it isn’t my problem if you decide to live on the front lawn.
Re: Re: Re:
Yeah, the comparison isn’t perfect, but there are so many ways of invigilating yourself from only public data, there have to be some limits. Humans are imperfect and that’s why there are various laws shielding them from common mistakes. Not all such laws are good, but not all are bad either. Back on the topic, do you encrypt all your internet traffic? Because sb. could put a cable that runs parallel to your internet line and use electromagnetic interference to read all that goes through it. Would you feel it’s fine if I convinced you I do it to you?
Re: Re: Re: Re:
Yes, but I would also consider you a whackjob.
Re: Re: Re: Re:
Because sb. could put a cable that runs parallel to your internet line and use electromagnetic interference to read all that goes through it.
sb. ??????
People seem to be having trouble with this simple concept. Unencrypted WIFI is BROADCAST TO THE WORLD with no protection. Granted, early Wifi routers did not enable encryption by default, but it is available. All you have to do is RTFM.
Modern Wifi routers have encryption turned on by default. All the major players (at least where I live) have routers that are encrypted OUT OF THE BOX.
What you are talking about is using specialized equipment to read a signal that is not being broadcast. My internet traffic is run through a cable from my house to my provider. It is point to point traffic, intended for two parties, me and my provider. Unencryped wifi being broadcast and can be read by anyone who cares to receive the signal.
Lets try this definition of broadcast: circulate: cause to become widely known
Does that make it any clearer for you? Unencrypted wifi is broadcast … to everyone.
Would you feel it’s fine if I convinced you I do it to you?
So you’re the one. I knew it!
Re: Re: Re:2 Re:
No, it’s broadcast almost as broad. Does it really matter if you have to be within 20 meters or just 1? In both cases you have an antenna sending electromagnetic waves around and one needs just another antenna to read the signal.
Neither is broad, really, even with your definition and that’s a big point.
But really, a bigger one is that good majority of people have reasonable expectations that technology that they use just works. Hardly any wifi router sold up to c.a. year ago (when Google did the spying) had even basic security enabled and almost everybody connected them and were happy when they worked. These were not idiots but regular people that just were not skilled in some field of technique. It’s unreasonable to ask everybody to become expert in everything and that’s why laws that protect us from others abusing our skillessness make sense.
Re: Re: Re:3 Re:
Hardly any wifi router sold up to c.a. year ago (when Google did the spying) had even basic security enabled and almost everybody connected them and were happy when they worked.
WWEEEET! WWEEEET! BS detector activated. Here is a study from 2006 showing basically completly disproving all of your guesses about how many people secure their router, how many routers come with default security, etc.
http://www.informatics.indiana.edu/mhottell/research/Predictors%20of%20Wireless%20Security.pdf
And that is already 5 years out of date, I can’t imagine security has declined significantly since then.
The majority of people know about securing their wireless data (or they don’t know about it but do it anyway) and one would imagine that some people actively choose not to implement security. That means a small minority either don’t know or care that they are broadcasting their information. Either way applying wiretapping laws makes no sense in this situation.
Re: Re: Re:4 Re:
I got some 80% in my memory (which matches my experience), so I was surprised to hear something so vastly different.
Here are (reports of) studies conducted by various groups in various locations:
In 2003, NetStumbler estimation (not a study) was 15-20%
2005:
Gartner predicted the number would be 20% in 2 years:
http://news.cnet.com/Worried-about-Wi-Fi-security/2100-7347_3-5540969.html
2006:
40%
http://www.bizjournals.com/milwaukee/stories/2006/05/29/story2.html
2008:
Airports only, 20%:
http://www.scribd.com/doc/2675160/AirTightAirportWiFiScanAnalysis
2009:
20%
http://www.tgdaily.com/security-features/40986-cops-in-mumbai-say-unsecure-wi-fi-aids-terrorists
2011:
6% WEP, 16% WPA2
http://www.indianexpress.com/news/how-secure-is-your-wifi-only-16-safe-networks-cops/736873/0
During the search I saw many studies that showed vastly different results like the 60% that you showed.
So the only think I think we can settle is that a significant part of wifi networks is unsecured.
And my opinion is that “I don’t care” is not among statistically significant reasons, dwarfed by ones like “What do you mean?”, “Who would do this?”, “I think the person who set it up did it right” and such. The opinion is based entirely on personal experience.
Re: Re: Re:5 Re:
Your whole argument was that we need a law to protect us from people gathering broadcast data because most people don’t secure it.
Numerous studies show that most people either secure their network or actively choose not to (ex. airports), with some smaller percentage of people not having any idea.
My argument is that you don’t need a law because consumers already have tools to solve this problem and a law simply increases complexity and leads to frivolous, useless lawsuits … namely this lawsuit against Google.
Re: Re: Re:3 Re:
It’s unreasonable to ask everybody to become expert in everything and that’s why laws that protect us from others abusing our skillessness make sense.
I have to disagree with you on this.
First, a legal precedent saying that intercepting unencrypted wifi is illegal would make the situation worse. It would give the average person a false sense of security that doesn’t exist.
Second, this really more of a common sense kind of thing. Pickpocketing is illegal, right? But, when I walk out into a crowd, I move my wallet to my front pocket for security reasons anyways.
Third, we are not talking about rocket surgery here, a couple of screens and your done. My ISP will even walk you through it over the phone if you need help.
Google presumption
Suppose you mistakenly left your wallet at the cash register counter when you checked out at the store, went to your car and placed your items in the back seat and then you remembered you forgot your wallet. When you went back into the store some guy who worked for Google was going through your wallet and helping himself to your credit cards, money etc. When you asked him what the hell he was was doing, his response was… “oh, this wallet was left here so its in the public domain and I’m helping myself to the contents”.
Re: Google presumption
> When you went back into the store some guy
> who worked for Google was going through your
> wallet
If you left your wallet behind at the register, you’d have to be an idiot to expect no one would go through it, if only to find who it belonged to in order to return it.
Re: Google presumption
Congratulations.
I think you have managed to combine the highest amount of reverse-logic and thickheadedness ever seen in one post.
You are either a fool repeating Faux News talking points/some other script for the hard-of-thinking or (and this option is almost better) you are simply a paid or unpaid shill doing your best to attack google.
Let us hope unpaid, as you would not be providing your moneys worth.
In short, you are a ludicrous parody of a buffoon or simply a buffoon.
Re: Google presumption
Supposing someone was opening their wallet in the middle of the shop pulling out handfuls of notes and throwing them high in the air would you think they were an idiot or arrest all the people picking up the cash? Does it help any if they are shouting “No! No! Leave it alone! It’s all MY money!” while they do it?
And yes, that’s a crap analogy, but then so was yours.
Please don’t call it ‘wispy’ a phrase concocted by PR firms hired by Google’s competitors.
Wasn’t there a case where a guy sitting in his car in the parking lot of Sartbucks using their wifi charged.
Re: Re:
@Don: There was a 2007 story where a “gamer” was charged with illegally accessing an Alaska library’s WiFi after hours.
WEP = Wired Equivalent Privacy
The fact that unsecured Wi-Fi is open to the world was made fairly explicit in the name chosen for the original security protocol: Wired Equivalent Privacy.
It creates a pretty clear line: if you’re cracking WEP, regardless of how easy that may be, your access is clearly unauthorised and illegal (and if you’re cracking WPA2… well, that’s actually kinda impressive, but still illegal).
But when someone has their network wide open, then neighbours and passersby are going to see that traffic.
Is recording a fully open air conversation in public legal?
This question is no more complicated than that.
“If the FBI were driving vans around American cities silently sniffing wireless networks, would you approve”
They are on a public street, picking up an open, unsecured broadcast…. If you are concerned about that or the data moving over the network – encrypt it.
See technically – if the broadcast reaches *MY* car, you are broadcasting *your* data into my private property. There’s not even a question at that point – who is infringing upon who?
But then I get kicks out of doing the opposite – leaving the network wide open and packet sniffing those who connect… ^.^
Re: Re:
See technically – if the broadcast reaches *MY* car, you are broadcasting *your* data into my private property. There’s not even a question at that point – who is infringing upon who?
These are 2 separate things.
If a plane makes an emergency landing on your lawn, it doesn’t make the plane yours, you can’t take any part of it, you can’t take anything from people inside. It is a limitation of your property law, sure. And if it harms you because you wanted to make a party on that lawn (or because the lawn is destroyed), you can seek damages – by negotiations or in court, not by taking what you feel should be yours.
Re: Re: Re:
You don’t even make any sense. We’re not taking physical objects. It’s the same as the difference between copying and stealing. They’re two mutually exclusive actions.
Re: Re: Re:
If a plane makes an emergency landing on your lawn, it doesn’t make the plane yours, you can’t take any part of it, you can’t take anything from people inside. It is a limitation of your property law, sure. And if it harms you because you wanted to make a party on that lawn (or because the lawn is destroyed), you can seek damages – by negotiations or in court, not by taking what you feel should be yours.
Really, really flawed analogy…but your like 0 for 30 in the analogy department so far.
If you and I share a fence, and I have a tree growing on my side which produces lemons. If my tree crosses over the shared fence into your yard, under most property laws, the tree may belong to me but the lemons on your side of the fence belong to you (as does the branches, so if you wanted, you could go and cut down the branches on your side of the fence if you wanted to.)
Mine is an equally crappy analogy, because a wifi device is an access device, and theoretically I could press charges if you accessed my wifi router without my permission, but since I am broadcasting my traffic to you (like playing a radio in my house or standing nude in my front room,) it certainly shouldn’t be illegal for you to sniff my traffic, listen to my radio, or accidentally see me standing nude in my front room.
Re: Re: Re: Re:
Mine is an equally crappy analogy, because a wifi device is an access device,…..
Better analogy than some. 🙂
That’s kind of my take on this too. If you don’t want me seeing your wifi signal – then keep it within your own property and away from my property and public places.
(I did read about a “anti-wifi” paint awhile ago, kinda like a poor man’s Faraday Cage)
Oh noe!
What would be next if the judge happens to be not so savvy on the subject? Don’t you think we’d all be in trouble for listening to radio, and even worse; recording 10-30 seconds of a song to identify it using our favorite app [insert app names]?
I guess Internet wasn’t built in 01 day and it hinges for it needs to be looked at every possible angle Information Systems has but essentially, it’s a wave!
Wireless Security
I have to admit that this seems pretty silly to me. If someone does not take the time to properly secure their wifi connection to provide needed security over their wireless networks, how can anyone be blamed for intercepting the traffic. This is the same as transmitting in clear text across any standard network connection. Would you send your credit card in clear text across the internet? I know I wouldn’t, who knows who or what will intercept the traffic. Thus I fail to see how anyone can consider it illegal or for that matter even wiretapping (Especially given there is no wire, j/k).
On a more serious note however, I think it very important to establish a precedent on this matter for the future. Having spent some time doing penetration testing of my own wireless networks and those of my friends (purely for fun and with their knowledge) I can say for certain that it doesn’t matter what encryption you use, it can be broken, with ease, and rather quickly.
For example, the AES256 bit block cypher used by WPA2 encryption with a 64bit key (this is mandated for banks nation wide) is heroically hard for any top of the line computer to crack at this point (the time necessary is calculated in years, even if that time is dropping drastically with GPGPU computing). However if you spend twice what you would on a top of the line system, and buy cheap parts, you can build yourself a small computing cluster. With 64 processors clocked at 1ghz (or less)and minimal RAM in the unit the ability to crack that password drops to hours. If you have a significant compute cluster with hundreds of cores or more running on fast CPU’s you can take the time down to minutes (as in about 10 minutes).
(don’t forget to think about all the bot-nets out there, the kind of clusters I’m talking about are more centralized and in general more stable and reliable, however the bot-nets can be utilized in the same fashion with a little work)
Now given what I have said it is important to think in terms of what equipment the government would have available if they chose to do wiretapping of this nature. They would have a rather good compute cluster that they can hook into from the field (no reason to carry the equipment with you after-all) and break into any wireless network in minutes.
So my two cents.
This is not a case of illegal wiretapping.
However depending on the verdict and the phrasing of the judge during the ruling, this could create a dangerous precedent issues with what the gov’t can legally get away with in the future.
Talking through megaphones
Wouldn’t this be logically equivalent to declaring it illegal to listen to a conversation between two parties shouting at each other across a field using megaphones/bullhorns?
Re: Talking through megaphones
Nice way of putting it. I would agree, that is what this would be equivalent to.
Re: Talking through megaphones
“Wouldn’t this be logically equivalent to declaring it illegal to listen to a conversation between two parties shouting at each other across a field using megaphones/bullhorns?”
I agree with you but it occurs to me that if those 2 people were singing a popular song, then the RIAA would probably declare it illegal and demand public performance fees.
Hmmm
Legal or not, it is kinda sneaky taking advantage of those not savvy enough to know better.
Say you hitch up a PC for grandma so she and the grandkids can keep in touch via email. Grandma loves it, but becomes bedridden and so turns on this new fangled wifi so she can use her ipad (lol) from bed for the same purpose. Now grandma knows nothing about anything tech wise other than email.
And someone comes by and steals grandmas cookies…Is that right?
Point is not everyone knows enough to protect themselves.
Re: Hmmm
it is kinda sneaky taking advantage of those not savvy enough to know better.
WARNING! Flawed assumption alert!!
Who took advantage of what?
Google did nothing more (and nothing less) with the encrypted traffic they received, they used the SSIDs to help develop a geo-locating system. So far there has been no evidence that they did anything with the additional data at all.
IF (and this is a big if) Google did something inappropriate with the data they collected you may be able to make some legal argument about privacy violations; however, if all they did was collect the data and then eventually destroy it, why would grandma’s panties be all bunched up?
I think this is a little more complicated than you make it out to be Mike. Your privacy rights don’t have much to do with whether you have protected your data but more about your reasonable expectations. Protecting your data just allows you to more easily prove your expectation of privacy. An uneducated computer user (most people) probably does not understand how their wifi works and they probably don’t understand concepts such as packet-sniffing. Their assumption is most likely that their data will remain private unless some “hacker” “steals” it. So their expectation of privacy is not the same as if they were using a radio transmitter to broadcast their conversations over the FM band, or talking loudly in public. If I forget to turn on encryption, that does not mean I intend to share my emails with you.
On the other hand, the mens rea of the listener should matter a lot too. In this case, Google did not intend to store that information and deleted it as soon as it found out. Their intention was obviously NOT to wiretap and therefore it makes sense for them to not be guilty of any offense. Had they intended to capture that information and use it, that would be a whole different ball of wax.
The issue is not whether Google knew that what it was doing was legal or not. It is more whether Google knew what it was doing. And in this case, the evidence seems to be they didn’t realize they were capturing private information.
Re: Re:
Your privacy rights don’t have much to do with whether you have protected your data but more about your reasonable expectations.
Your privacy rights disappear when the signal enters the public domain. If you want it private, don’t put it in the public domain.
There should be no expectation of privacy for unencrypted wireless, or unencrypted radio, television, etc. If you don’t want something shared, keep it private.
An uneducated computer user (most people) probably does not understand how their wifi works and they probably don’t understand concepts such as packet-sniffing.
Every wifi device I’ve purchased in recent months have come with documentation warning the person using the device that they need to turn on encryption. If you are a moron in a hurry, you shouldn’t have a computer, or a car, or a house, or anything else. The law should not protect the foolish (why, oh why, do we have to put warning labels on everything.)
Plus, going wireless has inherent risks, regardless to whether you use encryption or not. As we say in EVE Online…you aren’t completely safe anywhere in space…and this includes life in general. If you are broadcasting, you are transmitting your data to everyone around you, whether it is encrypted or not, and people may be able to discover what you are transmitting, whether or not the law is on your side. Build a faraday cage and condition all wires entering and leaving your site if you are worried about your data, or realize that you aren’t safe, and do what you can to increase the difficulty/decrease the payoff of compromise.
Re: Re: Re:
+1
A law would just give people a false sense of security and further insulate them from taking the most basic responsibility, which in most cases means using the install disk to setup your wireless with encryption.
I think a common misconception is that laws “stop people from committing illegal acts” when the reality is that laws only punish people after the act has been committed. If you have some horrible secret that you would never want revealed would you rather: A) have it kept secret via WiFi encryption OR B) have an opportunity to sue your neighbor after they packet sniffed your network and revealed your secret to everyone you know?
This reminds me of the 1980s and the big debate over whether it was legal to put up a satellite dish on your property and watch the completely unscrambled signals from HBO. HBO tried to argue that they owned the signals and that only authorized people were allowed to receive them.
Another unintended consequence....
…. of declaring wireless packet capture to be illegal:
Even assuming you put in a provision for “accepted but thrown away” packets (it’s a broadcast medium – your wireless card picks up EVERYTHING and *then* decides what was aimed at it) as someone else pointed out, you’d pretty much stuff a large chunk of wireless security on the corporate side.
Most decent wireless solutions do IPS/IDS and analyse detected “rogue” access points and signals for intrusion attempts. Declare interception illegal and you’ve just reduced the security of every major corporate wireless network and rendered them unsafe to use. Last major system I saw in a business in a residential area was tracking and monitoring (and whitelisting/blacklisting as necessary) over 100 extraneous access points and often the clients of them. That’s a whole lot of counts of a criminal charge and/or a lot of lawsuits just for keeping your data safe…..