Full Disclosure mailing list archives

Re: Public WiFi Pcaps

From: Eric Rand <eric.rand () brownhatsecurity com>
Date: Tue, 09 Sep 2014 10:36:59 -0700

If you're interesting in ensuring that you do so with appropriate
legality, then your best avenue would be to get the permission of the
WAP owner--tell them that you're doing research on wifi, that you wanted
to get their permission before doing so, and that you're sensitive to
privacy etc.

You're going to get a lot of "no" answers.

Proper social engineering/salesmanship will mitigate some of these if
you present it as something of value to the WAP owner--"free site survey
to help you increase your security" (provided you follow through with at
least some documentation derived from your pcaps) or "it's for a study"
might get you some better responses.

But yeah--get (written!) permission from the WAP owner and you're likely
to be entirely in the clear.

N.b. I am not a lawyer; this isn't legal advice; this is just a
practical interpretation from my individual perspective. Your mileage
may vary; void where prohibited.

--ER

On 09/08/2014 09:37 AM, Bryan Bickford wrote:

Greetings,

I am starting some wifi research and had questions about the legality of
listening to unencrypted, public wifi data and publishing subsequent
research.

From what I understand, the wiretap act prohibits listening to
communications that were not configured to be readily accessible to the
general public. Specifically:

...permits "any person" to intercept an electronic communication made
through a system "that is configured so that . . . [the] communication is
readily accessible to the general public."

I have seen debates about whether an unencrypted access point (e.g.
starbucks) qualifies under this exception. Is there any concrete legal
precedent that defines this either way?

The only one I can think of is the google street view case, and they lost.
http://epic.org/privacy/streetview/

From a technical viewpoint, you are just reading unencrypted radio waves. I
see no technical reason that it's any different than listening to an FM
radio station.

Anyone else have more insight/experience?

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


-- 
Talk to me securely: https://emailselfdefense.fsf.org/en/
View my public signature: https://keybase.io/munin
EBCF7076FE79669584934664B7A07729C6AA699A

Attachment: 0xC6AA699A.asc
Description:

Attachment: signature.asc
Description: OpenPGP digital signature


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Public WiFi Pcaps Bryan Bickford (Sep 09)
- Re: Public WiFi Pcaps Eric Rand (Sep 09)
- Re: Public WiFi Pcaps uname -a (Sep 09)
- Re: Public WiFi Pcaps Wesley Spikes (Sep 10)