RE: Hasn't the LA Times and Humphrey Cheung ever heard of the Electronics Communications Privacy Act?

["Richard M. Smith" <rms () computerbytesman com>]

The Starbucks case is one for the lawyers to sort out if private WiFi
network is readily accessible to the general public or not.  My assumption
is no.  One data point here is intercepting insecure cordless phone
conversations is illegal under ECPA even though older cordless phones can be
heard with a $100 Radio Shack scanner.

> > > You don't really think the paper would've published this story if it 
> > > would've subjected an individual identified within to criminal
prosecution, do you?

Absolutely.  Back around 2003, the Washington Post did an article on how
easy was for two computer security people to break into Windows computers
owned by the Federal government.  These computers had open shares which were
easily detectable from the outside.  A week later the two consultants were
busted by the FBI.  Not sure what the result of the arrests were.

Richard


-----Original Message-----
From: Matthew Murphy [mailto:mattmurphy531 () gmail com] On Behalf Of Matthew
Murphy
Sent: Saturday, April 28, 2007 3:15 PM
To: Richard M. Smith
Cc: funsec () linuxbox org
Subject: Re: [funsec] Hasn't the LA Times and Humphrey Cheung ever heard of
the Electronics Communications Privacy Act?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Apr 28, 2007, at 10:15 AM, Richard M. Smith wrote:

> See:
>
> http://www.floridalawfirm.com/privacy.html
>
> Sec.  2511.  Interception  and  disclosure  of  wire,  oral,   or
> electronic communications prohibited
>
>
> http://www.latimes.com/business/la-fi-
> consumer22apr22,0,4976397,print.story?
> coll=la-home-headlines
>
> Public Wi-Fi may turn your life into an open notebook
>
> Don't assume wireless hot spots are secure. 'Sniffers' may be hacking 
> nearby.

ECPA doesn't apply.  It's obvious that Cheung didn't "hack into" the
network, as judged from the piece.  He sniffed a wide-open WLAN -- a  
communications system "readily accessible to the general public".   
That's specifically included as an affirmative defense under ECPA:

    (g) It shall not be unlawful under this chapter or chapter 121 of this
title for any person -

                  (i)   to   intercept  or  access  an  electronic
communication  made  through an electronic  communication  system that  is
configured  so  that such electronic  communication  is readily accessible
to the general public;

[...]

       (16) "readily accessible to the general public" means, with respect
to  a  radio communication, that such  communication  is
not--

           (A) scrambled or encrypted:

                 (B) transmitted using modulation techniques whose essential
parameters have been withheld from the public with  the intention of
preserving the privacy of such communication;

           (C)  carried on a subcarrier or other signal subsidiary to a
radio transmission;

           (D) transmitted over a communication system provided by a  common
carrier, unless the communication is a tone only paging system
communication;

           (E) transmitted on frequencies allocated under part 25, subpart
D,  E, or F of part 74, or part 94 of the Rules  of  the Federal
Communications Commission, unless,  in  the  case  of  a communication
transmitted on a frequency allocated under part  74
that   is   not  exclusively  allocated  to  broadcast  auxiliary
services,  the communication is a two-way voice communication  by radio;  or

           (F) an electronic communication;

California law, which requires mutual consent, is tougher, but not by enough
to allow Cheung to be prosecuted; it also has a public communications
exception.  You don't really think the paper would've published this story
if it would've subjected an individual identified within to criminal
prosecution, do you?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iQIVAwUBRjOdRHXzqEAiV8M/AQKI4w/+LB92FuG31amKCTQrEtixaVx4D4R9gqCF
/fJCtNpANc0wwAeIgNhSVQeRjGNoTLVyq60aj7tuEW6XqDWVhXQ3St9LSVrvRomO
RDiNwik44EgRrkSrVXen1/08H+Uo2GrEE5MsO/ODjN17gvTu2Yd7qHcYx6vRzYA8
S9jRqfJt61swfHG/zY4zVKQK7LHtnx+CP2z1czCaRoO73WnEcZJlJmx3ShWLINbq
bWoIztzZyPYL5nkr6Rywksg0odKI5F1j9LH8P0lG1Zp6Elh6x7FGDzbeQj2+w17/
4CoXUfuWxxnZ0TIkHX2lxlibVHKxlbg687YYcN1i0UCEU3GblsmveOGjZknyMjeS
l06d0edsa6KAbPK5rPjLMdtP97+X8ljLzS2jRx+1bdzwxHNWJfdQGyyPeayFYVcu
aA+twaXEnTrm5Z+C1dXFwXRbnoaJmJT16ZTWresDdppzWXZggsQB9tynL0xJsDxr
qH+8Ys2JNjpLW3x/PyBmO4gipvfJG09s1Ir5GWsW4yl+VW7h+9jaKCKPGmvdxOfZ
crk5+Fu3gg/GfX7n7oYylwTM31rxNR3uhzohBbBivr3VnKyVkQLoaVOPF4rBz3aQ
yOwZf02YhuKGPmieilb9NeW9beJJCf4vo/grqwLJ+KOamfn3bC/X3sbIIpGdkgcn
GmGj0JVFBOE=
=QL39
-----END PGP SIGNATURE-----

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.