Re: Borrow a neighbor's WiFi connection and go to jail?

["S.f.Stover" <sam.stover () gmail com>]

Gary Funck wrote:
> S.f.Stover wrote:
>
> > Saying WEP is useless is inaccurate.  It might not stop people from
> > sniffing/decrypting/reading your traffic, but it makes it very clear
> > that it's illegal.  I'm still a bit fuzzy on whether or not sniffing
> > non-WEPed traffic is illegal, but sniffing and decrypting WEP definitely
> > is.  Well, in Idaho anyway.  ;-)
>
>
> When you say "it's illegal" to sniff decrypted packets,

Actually, I didn't mean sniffing decrypted packets, I meant:

1. sniffing packets
2. decrypting them (after cracking the key, of course)
3. looking at them

> we need to define *it*.

"It" in the discussion I referenced (i.e. not this thread) pertained
strictly to wardriving per se.  Not cracking a key for
stealing/borrowing/whatever bandwidth.  I should have been more clear
about that - sorry.

Since there were legal folks and technical folks involved in that
discussion (and in one case a legal and technical folk), and we had the
statutes printed out in front of us, I'm pretty confident that what I
meant to say was accurate (not that what I meant to say was actually
what I said, but I tried).  Moving away from that confidence level, I
would still be tempted to GUESS that cracking a WEP key for pain,
pleasure, or basic research is still considered illegal (in Idaho).

The statute we were hinging on went something like this:

Any person who knowingly and without authorization alters, damages, or
destroys any computer, computer system, or computer network described in
section 18-2201, Idaho Code, or any computer software, program,
documentation, or data contained in such a computer, computer system, or
computer network commits computer crime.

> From which, we distilled the following point:

Any person who knowingly and without authorization alters... data
contained in a... computer network commits computer crime.

My understanding is that from a legal perspective, cracking WEP is
considered altering the data.  Maybe that's not how it would be
interpreted - I could be barking wrong.  But I don't think so.

> For example, what if I don't snoop packets, could
> care less about them, and all I want is access to the wireless
> internet connection?  Is it a worse offense that I decrypt for the
> purpose of poaching your broadband connection than if you just
> left it open?

I'm going on a limb here and IANAL, but I believe that cracking the WEP
key would still qualify as "altering the data".  Moreover, there's
another statute, which reads something like this:

Any person who knowingly accesses, attempts to access or uses, or
attempts to use any computer, computer system, computer network, or any
part thereof for the purpose of:  devising or executing any scheme or
artifice to defraud; obtaining money, property, or services by means of
false or fraudulent pretenses, representations, or promises; or
committing theft; commits computer crime.

Again, our discussion at the time was really based more on wardriving
(passive sniffing), but this statute clearly speaks to accessing a
network.  Sure, you could say that you weren't devising or executing a
scheme, but if you haven't lawyered up, you'd be going against something
like this:

Any person who knowingly accesses, attempts to access or uses, or
attempts to use any... computer network... for the purpose of...
obtaining services by means of false or fraudulent pretenses... commits
computer crime.

In which case I would say that cracking WEP probably puts you in the
"false or fraudulent pretenses" category.  Again, I could be wrong, but
I certainly wouldn't want to go up against this statute.  YMMV.  Keep in
mind though, that both statutes I quoted were considered felonies if
found to be violated.

>  Let's say that I come by your house every day,
> and use your garden faucet to wash my car while you're away at
> work.  Can I say that it was okay because you didn't put a lock
> on the faucet?

Now that I've actually laid out the statutes, you can clearly see that
we are talking about computer crime, not faucet crime.  As tempting as
these analogies tend to be (and believe me, I love analogies), they just
don't work for me when it comes down to interpreting legalese.  A house
is not a computer, a port is not a door, and a WEP key is not a faucet.
 Well, OK, these kinds of analogies work great when you are teaching
computers 101 to a novice.  But not when debating a point.

Not trying to be a dick (honest) - just trying to clarify my position.


-- 
S.f.Stover
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5C4DAB68
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.