Penetration Testing mailing list archives
Re: Legality of WEP Cracking
From: "Justin Ferguson" <jnferguson () gmail com>
Date: Sun, 20 May 2007 17:45:31 -0400
Nothing is unclear about the law. Not knowing it does not make it unclear. These are VERY clear laws. The ONLY areas of un-clarity are in tortious actions. The un-clarity is how much of a civil penalty will you also get.
While I generally agree with your interpretation, and believe that it's most likely illegal, the part that makes it a somewhat gray area is in 18 USC 2511(2)(g)(i): (g) It shall not be unlawful under this chapter or chapter 121 of this title for any person-- (i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public; The question becomes is a wifi AP thats sending its packets out everywhere within range 'readily accessible to the general public', in which case I think the answer is yes it is readily accessible, but I'd believe that if we were to look up case law and how this played out that this situation would largely fall back to intent, was the owner/operator intending for this to be readily accessible to the general public and did they have a reasonable expectation of privacy, in which case I'd think most people would say 'no, they didnt intend for it to be public access' and 'yes they had the reasonable expectation of privacy'. It may seem odd that you would have the reasonable expectation of privacy, but when you view it under the spectacle of other things that have been ruled to have the reasonable expectation of privacy (i.e. the PSTN or wired networks), it seems like it could be clearly reasonable to expect privacy, and unquestionably if the signal is encrypted. I seem to remember a case where the ESSID was something like 'NOPUBLICACCESS' or similiar, and it ended up being ruled that they had taken all of the steps necessary (legally) on their end to keep people out and to setup a clear line that the defendant had overstepped (although I would be hard pressed to actually find the case if asked). In summary, here's what I know for sure- you're probably doing something illegal if you don't fall into one of the exceptions, you may not be however, but either way I know that LEO tends to think you are (and given the right set of circumstances would arrest you) and do you really want to spend the money that it will take to get a decent lawyer, and possibly X years fighting the case in the first place? Even an arrest that doesn't result in conviction can be devastating, it can last years and if unlucky you can find yourself in jail awaiting all of those hearings and court dates, even if in the end you're cleared you can find yourself having to explain it over and over again to potential employers because they used a background check company that violates (imho) the spirit of the judicial system and collects and reports arrests/charges along with convictions (California is the only state that I know of that prohibits such actions), and so on. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- RE:Legality of WEP cracking, (continued)
- RE:Legality of WEP cracking scott (May 18)
- Re: Legality of WEP Cracking Matthew Webster (May 18)
- Re: Re: Legality of WEP Cracking cwright (May 18)
- Re: Legality of WEP Cracking Chris Travers (May 19)
- Re: Legality of WEP Cracking Bob Radvanovsky (May 19)
- Re: Legality of WEP Cracking Justin Ferguson (May 20)
- Re: Re: Legality of WEP Cracking Matthew Webster (May 19)
- Re: Re: Re: Legality of WEP Cracking ebk_lists (May 19)
- Re: Re: Re: Legality of WEP Cracking Justin Ferguson (May 20)
- Re: Legality of WEP Cracking cwright (May 20)
- Re: Legality of WEP Cracking Justin Ferguson (May 21)
- Re: Legality of WEP Cracking Larry Offley (May 21)
- Re: Legality of WEP Cracking Justin Ferguson (May 21)
- Re: Re: Legality of WEP Cracking ebk_lists (May 21)
- RE: Re: Legality of WEP Cracking John Babio (May 21)
- Re: RE: Re: Legality of WEP Cracking ebk_lists (May 22)
- Re: Re: Legality of WEP Cracking cwright (May 27)
- Re: Legality of WEP Cracking Nick Selby (May 29)
- Re: Re: Re: Legality of WEP Cracking cwright (May 29)