×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Judge Rules Sniffing Open Wi-Fi Networks Is Not Wiretapping

Soulskill posted about a year and a half ago | from the makes-you-a-bit-of-a-jerk-though dept.

Network 308

An anonymous reader writes "Ars reports on a decision from a district judge in Illinois, who ruled that sniffing traffic on an unencrypted Wi-Fi network is not wiretapping. In the ruling, the judge points out an exception in the Wiretap Act which allows people to 'intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.' He concludes that 'the communications sent on an unencrypted Wi-Fi network are readily available to the general public.' Orin Kerr disagrees with the ruling, saying that the intent of the person setting up the network is important: 'No one suggests that unsecured wireless networks are set up with the goal that everyone on the network would be free to read the private communications of others.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

308 comments

I agree (5, Insightful)

Anonymous Coward | about a year and a half ago | (#41273637)

It's wireless tapping... D'oh.

Odd... (2, Insightful)

fyngyrz (762201) | about a year and a half ago | (#41273647)

...because listening to unencrypted cellphones is illegal.

I think that the difference between your conversations and pizza ordering on an analog transmission and on a digital one WRT 4th amendment protection should be zero.

Re:Odd... (2)

bhcompy (1877290) | about a year and a half ago | (#41273661)

Because you have an expectation of privacy

Re:Odd... (3, Insightful)

fyngyrz (762201) | about a year and a half ago | (#41273707)

I'm not sure where that is in the 4th amendment.

Even so... I think most people *do* have an expectation of privacy when they're receiving and sending email, surfing the net, etc. We -- as technical types -- may be very cynical about just how naive that expectation is, and particularly so if you incorporate an awareness of all the government "finessing" of 4th amendment issues, but my feeling is that the average person would be quite startled if you walked up to them and told them you knew what they'd sent via email the previous evening.

Re:Odd... (5, Insightful)

Anonymous Coward | about a year and a half ago | (#41273763)

With enough ignorance, you can have an expectation of anything in any situation at all. The intent of "expectation of privacy" is that it's to a reasonably informed person, not to someone who is wholly ignorant of the topic.

I might have an expectation that I could step into an operating theatre and perform a successful heart transplant. I mean, how hard can it be? But that is based on my own ignorance, and has nothing to do with reality. The "expectation of privacy" clause should be interpreted in the context, "... by those who have some notion of reality", or it's completely meaningless, because ignorance knows no bounds.

Re:Odd... (1)

Anonymous Coward | about a year and a half ago | (#41273823)

The "expectation of privacy" clause

...is garbage from a time before it was possible to use technology to spy on everyone and record everyone. Now it's being used by the government to justify such actions, and for that it should be thrown out and we need to rethink what is and is not private.

Re:Odd... (1)

fyngyrz (762201) | about a year and a half ago | (#41273979)

...it should be thrown out and we need to rethink what is and is not private.

Fine, there's a provision for just that. The procedure is in article five [usconstitution.net]. Have at it.

Re:Odd... (4, Insightful)

fyngyrz (762201) | about a year and a half ago | (#41273953)

The intent of "expectation of privacy" is that it's to a reasonably informed person, not to someone who is wholly ignorant of the topic.

I don't think that follows. I don't know what happens to my letters after I give them to the post office; but I still expect they won't be read by the government without a warrant.

When my mother in law picks up the phone, she doesn't know any of the details of how her voice goes down that wire, or is switched, or amplified, put on microwaves, etc... but she still doesn't think anyone from the government has any business at all listening without a warrant.

Our expectations of privacy from government intrusion aren't set by specific technical processes; they are set by the 4th amendment.

Furthermore, I'm convinced that is exactly how they should be set. It's more than a little far-reaching to say that the only valid expectations require a technical understanding of the process involved.

Re:Odd... (1)

chill (34294) | about a year and a half ago | (#41274039)

Your letters are in an envelope. Think "post cards" instead.

EVERYONE assumes those are read by postal employees. It is ingrained in our culture and was a casual joke used in many TV sitcoms that had post offices in them.

Hell, even one of the Infocom games featured a reference to it!

Re:Odd... (3, Interesting)

fyngyrz (762201) | about a year and a half ago | (#41274135)

My letters are indeed in an envelope; so are my internet communications. Several levels of envelope, in fact. An email package addressed to the recipient on the one hand, and packets containing the data as well. In fact, it's a lot easier for the average person to open the physical envelope and read my mail as compared to intercepting my email.

Again, you're confusing hardening of the boundary with the existence of the boundary. The government is forbidden to access our personal information without a warrant. There's no exception in the 4th amendment that says "unless it's easy."

An open door to your house doesn't automatically turn into "you can come in and do whatever you want."

The whole point of the 4th amendment is to set the boundary for the government. It's not about technical means, it's not about easy, it's not about expectations: It's about the government having to comply with a specific process in order to be able to look at your stuff.

Re:Odd... (3, Insightful)

chill (34294) | about a year and a half ago | (#41274231)

I disagree with your characterization.

Your internet communications are NOT in several layers of an envelope. They are like post cards, with several rows of addresses. There is no envelope. Everything is written on the outside. They are shouted to the world on open WiFi. Well...at least to the part of the world within radio reception.

I understand what you're saying about the 4th Amendment, but I can easily imagine a gov't agent back in the 1700s following a couple of people and listening as they have a discussion in public.

In all honesty, this is why I advocated WEP -- yes, WEP -- to people who couldn't use WPA. It was, from a legal perspective, a clean signal that my intent was the contents of the transmission were private.

Think of it like an interior, locked door. One of those cheap, hollow doors with a lock you can twist open if you try. The point of the door isn't to keep you out, but to let you know "you aren't supposed to be here unless invited in".

Damn well activate WEP and use the password "abcdabcd" or some such.

This is why my SSID at home is "private_keep_out" and why "No Trespassing" signs are needed.

I think this one falls squarely under the "plain view" doctrine.

Re:Odd... (4, Informative)

Jane Q. Public (1010737) | about a year and a half ago | (#41274727)

"I understand what you're saying about the 4th Amendment, but I can easily imagine a gov't agent back in the 1700s following a couple of people and listening as they have a discussion in public."

You still aren't getting it. When you have a conversation in public there is no reasonable expectation of privacy. Anyone can hear you. When you have a telephone conversation, however, it takes special effort and equipment to listen to your conversation. So it is rather reasonable to expect your conversation to be private. Whether it is a cell phone or land line. (All cell phone traffic is "encapsulated" in packets even when it is not encrypted).

And so is WiFi traffic. While your WiFi might be open, and so it is easy for anyone to detect it or use it (anybody can see you using your cell phone, or borrow it if you let them), actually determining the contents of the communication (i.e., both sides of the "conversation") is another matter. Even your typical sniffer won't do that. It might record those contents but making sense of it takes further work.

So, what it boils down to is that telephone calls and internet traffic are not like public conversations. It takes special effort and tools to intercept those communications. That leads straight to a "reasonable expectation of privacy".

Further, there are already Federal laws against law enforcement using any electronic means to determine any activity in your household that is not readily visible from the outside. Internet use would certainly fall into that category of activity. So this judge's ruling would likely lead to a perverse (but not unheard of) situation in which a regular citizen could intercept communications legally but law enforcement could not.

Re:Odd... (1)

meta-monkey (321000) | about a year and a half ago | (#41274307)

But an open door to a house DOES mean you can look through it. It is not reasonable to expect privacy on something called an "unsecured wireless network."

Re:Odd... (1)

TheGratefulNet (143330) | about a year and a half ago | (#41274643)

An open door to your house doesn't automatically turn into "you can come in and do whatever you want."

that is a good capsule summary. quotable, even.

similarly, people *could* sit out front of every street corner and watch as cars go by and record their license plates. we were saved this intrusion, years ago, because it was not technically possible (manpower limits). now, the scanning does not need manpower. every plate could be scanned at every street corner, across the globe. is this really the society we want to live in? it is headed that way, by all accounts.

just because its technically possible, does not mean its *right* to do.

every time the government wants more rights into your life, you have to *really* think about the long term implications and that, once you give them this or that key, it will never be yours again.

do you really want to *share* your life with the government? ..and that would be my capsule summary for my post ;)

Re:Odd... (1)

Anonymous Coward | about a year and a half ago | (#41274063)

I still expect they won't be read by the government without a warrant.

Red herring. The topic isn't the government, it's about what everyone else is allowed to do. Restrictions on the government are immaterial to this, and the government is quite often restricted by law in ways private citizens or businesses are not. For this topic, it matters whether one has a reasonable expectation of privacy... reasonable being a key word here. No reasonable person thinks that unencrypted radio broadcasts are private in any way.

Re:Odd... (1)

fyngyrz (762201) | about a year and a half ago | (#41274171)

Mmmm.... maybe. But generally, just as the government can't read your mail; neither can a private citizen. Just as the government can't tap your cellphone or landline, neither can a private citizen. Just as the government can't arbitrarily enter your home, neither can the private citizen. I think the social standard is clear.

Quite aside from that, this isn't about sharing an open network by establishing your own communications to the net at large; it's about sniffing other people's packets on that network without their knowledge.

So it's pretty clear we are talking about the usual bounds of privacy.

Re:Odd... (1)

cpu6502 (1960974) | about a year and a half ago | (#41274069)

>>>I don't know what happens to my letters after I give them to the post office; but I still expect they won't be read by the government without a warrant.

That don't need a warrant. I've had a few of my letters & packages opened and resealed. Once the item leaves your hand it's no longer protected from government spying.

Re:Odd... (0)

Anonymous Coward | about a year and a half ago | (#41274167)

That's what you get for being in prison you criminal. That or basic training, they just dont let you use a computer in basic training, so you must be a criminal.

Re:Odd... (1)

fyngyrz (762201) | about a year and a half ago | (#41274201)

Your mail is protected. That the government violate those protections, I won't contest. But it certainly is protected. The 4th doesn't say that your papers must be in your possession. It just explicitly establishes your right for your papers to be secure.

Re:Odd... (1)

cervesaebraciator (2352888) | about a year and a half ago | (#41274179)

Exactly. There are many who, having more technical knowledge than the average citizen, say there can be no reasonable expectation of privacy in an unencrypted transmission. It happens that I know of a neat little trick for reading papyri from late antiquity period without unrolling (i.e. destroying) them. It's called x-ray tomography (CT). Because I have this little bit of technical knowledge, I also know that letters can be read without opening them. Were we to follow this "reasonably informed person" line of thinking, interpreting it to refer to those with a technical knowledge not possessed by the average citizen, then letters sent through the mail and not requiring a decoder ring to read would not have a reasonable expectation of privacy. Those who think that the distinction between an encrypted and unencrypted wifi signal is so basic that the average citizen should be expected to know it demonstrate the effects of homophily [wikipedia.org]. Their perception of what people ought to know is shaped by being surrounded by people with a like technical knowledge.

Besides, shouldn't we ere on the side of protecting the individual citizen from potential usurpations and abuses of the legal system?

Re:Odd... (1)

Wrath0fb0b (302444) | about a year and a half ago | (#41274301)

Our expectations of privacy from government intrusion aren't set by specific technical processes; they are set by the 4th amendment.

You are saying that the 4A protects us where we have a reasonable expectation of privacy but then that REP is set by the contours of the 4A. That's circular.

Here's a good overview [ssrn.com] of the way the Supreme Court has expanded and operationalized the test for REP:

The Fourth Amendment protects reasonable expectations of privacy, but the Supreme Court has refused to provide a consistent explanation for what makes an expectation of privacy reasonable. The Court's refusal has disappointed scholars and frustrated students for four decades. This article explains why the Supreme Court cannot provide an answer: No one test can accurately and consistently distinguish less troublesome police practices that do not require Fourth Amendment oversight from more troublesome police practices that are reasonable only if the police have a warrant or compelling circumstances. Instead of endorsing one single approach, the Supreme Court uses four different tests at the same time.

Re:Odd... (1)

flaming error (1041742) | about a year and a half ago | (#41274137)

When we understand how something works, it often seems reasonable to think everybody should understand it. But to the majority who feels no need to learn its inner workings, it seems reasonable to just use it and spend their time on what they care about.

So like many things legal or linguistic, we need a clear definition for "reasonable." I suspect there is no objective algorithmic or even legal test for it. If there is one, I'd love to learn it.

Re:Odd... (1)

Hatta (162192) | about a year and a half ago | (#41273859)

I think most people *do* have an expectation of privacy when they're receiving and sending email, surfing the net, etc.

They may have an expectation of privacy, but what matters is a reasonable expectation of privacy.

Re:Odd... (1)

hairyfeet (841228) | about a year and a half ago | (#41274143)

This is what bugs me about this ruling, sure we geeks know that if we aren't encrypted we are wide open, but how many people hooking their laptop up at the Mickey D's while grabbing their Egg McMuffin are gonna know this? And I still don't get why you aren't allowed to grab cell phones that are unencrypted but are allowed to grab laptops..what's the diff?

Finally let us hope that no matter how crappy this ruling is the plaintiff loses in this case, its another damned patent troll looking to enact tollbooths to every place that offers free WiFi. If this bunch manages to pull it off you'll probably have to whip out your CC just to use that WiFi at the Mickey D's just to cover the patent troll, wonderful. Nothing I hate more on this planet than a God damned patent troll, a leech on the ass of society.

Re:Odd... (1)

fustakrakich (1673220) | about a year and a half ago | (#41274481)

Nothing I hate more on this planet than a God damned patent troll, a leech on the ass of society.

I don't know how to change a person's behavior when bad behavior is so well rewarded. You do understand the mechanics behind it, right? Press the right button, and out comes the pellets... Why does everybody want to reverse the laws of nature?

Re:Odd... (1)

Hatta (162192) | about a year and a half ago | (#41274553)

And I still don't get why you aren't allowed to grab cell phones that are unencrypted but are allowed to grab laptops..what's the diff?

You're absolutely right. It should be completely legal to intercept cell phone signals that are broadcast in the clear. This will promote actual encryption of cell phone signals, which is better than legal protection in any case. It doesn't matter whether it's legal or illegal to eavesdrop on my phone if it's impossible.

Re:Odd... (0)

Anonymous Coward | about a year and a half ago | (#41274259)

This cell phone monitoring is the exception. Before the FCC started enforcing a ban on monitoring of cell phone frequencies, the rule was everything sent unencrypted over the air is free to receive. This is why you can monitor police communications, military, numbers stations or foreign shortwave. There are probably plenty of things which the government does not wish us to monitor, but if they don't encypt them or are legally banned from encrypting them, we are free to monitor them.

Re:Odd... (1)

Urza9814 (883915) | about a year and a half ago | (#41274325)

So I spent an entire day configuring my wifi access ponit such that it was publicly accessible when I got my new internet service (pain in the ass with Verizon's router/modems -- like playing whac-a-mole; disable one type of security and it turns on another!) and you're saying it should be illegal for anyone to actually make use of that? That's the problem -- the counter-argument to this decision seems to be that intent is all that matters, but you can't possibly know that intent! Cellphones are different -- any packet coming from my router may be intended for you to receive. Any packet coming from my cellphone is obviously intended for the tower. Plus, aren't cell phones in licensed spectrum?

Re:Odd... (1)

Urza9814 (883915) | about a year and a half ago | (#41274413)

Also, wifi doesn't work if you can't receive open signals from others. I mean, what you are proposing would be to make it illegal for a computer to scan for wifi networks. No network could broadcast it's SSID -- or, more accurately, it COULD but it would be illegal for anyone to receive that packet...so there would be no point. That would break a lot of things. No more walking into Panera or Starbucks or a hotel and connecting right to their network -- you'd have to get the network information off of some posting and manually input that into your computer. No more automatically connecting to your home network as you walk in the door -- your phone couldn't legally look for that SSID being broadcast (because it wouldn't know what SSID it was until it opened the packet, and if that packet came from any other router it would be criminal wiretapping.) No more seamless transitions between routers -- back when I was in college we had a wifi network that spanned the entire campus -- it was public wifi with a VPN required for access. I could start a download in one class, put my laptop (running) into its back and walk across campus and my laptop would automatically connect to each new wifi access point along the way, keep the VPN connected and continue the download. If it was illegal to receive publicly broadcast signals, it would be illegal for my computer to do that -- I'd have to manually reconnect to each router along the way.

Re:Odd... (1)

hawguy (1600213) | about a year and a half ago | (#41273945)

I think that the difference between your conversations and pizza ordering on an analog transmission and on a digital one WRT 4th amendment protection should be zero.

Because you have an expectation of privacy

The problem is that the law gave the illusion of privacy for cell phone calls rather than actual privacy - scanners that can listen to analog cellular were easy to come by even after the ban and there were a number of "private" cell phone conversations made public in the media even after the ban. Some scanners required a simple hardware mod, others could be ordered from overseas sellers that weren't subject to the ban.

It's the same thing with Wifi -- making intercepting unencrypted Wifi transmissions illegal only makes people think that their open Wifi is secure.

Much better to tell people explicitly that it an open Wifi network is not at all private and that the onus is on them to lock it down. After all, the whole point of an open network is that you're inviting people to connect by broadcasting your SSID.

If I open my front door and yell out to the world "Hey, my door is open, come on in! Then I shouldn't be surprised when people come in and read the letters I left sitting in plain view on my coffee table". If I'm going to invite the public to connect to my Wifi network (or come into my home), then I should encrypt (or hide) anything I don't want them to see. A law saying otherwise is just giving people a false sense of security.

Re:Odd... (1)

fyngyrz (762201) | about a year and a half ago | (#41274075)

You're confusing expectation of privacy (being secure in your papers) with encryption (hardening access.) They're not the same thing at all.

Consider unencrypted mail, telephone conversations, an unlocked door to your house, the banking papers in your desk.

Our expectation is that there are boundaries here that are not to be crossed, and it isn't because they're hard to cross, or they exist only when made harder; further, our "sense of security" isn't derived from the existence (or not) of technical means to access these things; it's about the government being forbidden to cross these lines without a warrant.

When you say that access should be granted because it is easy, you're entirely missing the point.

Sure, the government has the means to get at the information -- and it's easy for them.

The point is, they're forbidden to do so without a warrant.

Re:Odd... (1)

hawguy (1600213) | about a year and a half ago | (#41274583)

You're confusing expectation of privacy (being secure in your papers) with encryption (hardening access.) They're not the same thing at all.

No, I'm pointing out that using law to grant people an "expectation of privacy" doesn't give them anything. The government could pass a law saying that it's illegal to eavesdrop on conversations in restaurants, yet people would understand that they should not conduct private conversations withing earshot of other patrons because they realize that the law gives them no real protection.

However, when it comes to technology, people think that the law actually offers something, much like the law that made it illegal to listen to analog cell phone transmissions even though they were broadcast without encryption - users thought that they were safe and secure and conducted credit card transactions and other business over cell phones despite having no real protection at all.

If the government had just said "Sorry, unless your carrier encrypts your cell phone transmissions, they are fair game for anyone to listen to", many people either would have pushed their carriers for encryption and/or stopped conducting private business over open communications channels.

Re:Odd... (1)

russotto (537200) | about a year and a half ago | (#41273697)

Unencrypted cellphone conversations are protected by other special legislation, so the exception the judge relied on doesn't come into play. Personally I think Kerr is way off base, he talks about the intent of the designers, but the law says nothing about "intended", it says "that is configured..." -- it's talking about the actual situation, not the intended one.

He cites Tapley v. Collins (ruling that unencrypted cordless phone conversations were protected), but that's only a district court case; IMO it was decided incorrectly.

Re:Odd... (2)

fyngyrz (762201) | about a year and a half ago | (#41273817)

Let's just review this little bit of law:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized

...email is a facet of today's "papers", as the telephone was a facet (which congress recognized with explicit telecommunications laws... which appear to me to be redundant, but that's just me.)

The thing about our right of security is that it isn't about hardening. If I don't lock my door, that's not an invitation for you to come in and raid my refrigerator. If I write my papers in English, that's not an invitation for you to read them and walk off with my banking info or anything else. If a lady wears a dress, that's not an invitation for you to look up it. In all cases, the boundary can be trivially hardened: I can lock my door, I can write my papers in code, the lady can wear jeans. None of that has any bearing on the expectations of privacy, though -- the boundaries don't move.

This bears on cellphones. The 800 mhz band (was) easily accessible to anyone with a scanner at one point. This was used as an attempt to say that the conversations on that band were not to be protected. basically the argument was there was no hardening. The door was open, in a sense. And the end result was... those conversations were protected by law. Because it isn't about hardening. The analogy is to the mail. It's unencrypted, and the difficulty of reading someone else's mail is basically zero. So "expectations", you would think, would not incorporate privacy. But again, that's just not how we look at things. We consider our details private and inviolate because of what they are, not because of the medium or any level of obfuscation.

Nothing in the 4th amendment says "if you encrypt, you have this right -- if you don't, the right evaporates."

...and I really don't think case law should over-ride clear constitutional specifics.

Re:Odd... (1)

icebike (68054) | about a year and a half ago | (#41274001)

The clear constitutional specifics you claim apply only to government, not to your neighbors. They can look into any open window any time they want, and you have no expectations of privacy unless or until you close the blinds.

The constitution wasn't written to control people's behavior, it was written to control government's behavior.

Re:Odd... (1)

fyngyrz (762201) | about a year and a half ago | (#41274261)

The constitution wasn't written to control people's behavior, it was written to control government's behavior.

Agreed, and this is the best argument (that this was a private company doing the invasion.)

However, it's pretty clear that the same rules that apply to the government land on us in this arena: You cannot tap someone else's phone; you cannot enter their home without their permission; you cannot open their mail; you cannot repeat any communication you inadvertently intercept, and so forth.

IMHO, to say that it's ok to deep mine someone's packets just because they have an open wifi connection... that seems to me to be not just stretching the idea of privacy, but breaking it completely.

Re:Odd... (1)

russotto (537200) | about a year and a half ago | (#41274655)

The clear constitutional specifics you claim apply only to government, not to your neighbors. They can look into any open window any time they want, and you have no expectations of privacy unless or until you close the blinds.

The cops can look in your open window any time they want too, if they don't use any technological aids like binoculars (and sometimes if they do). That's the plain sight exception. You may have an expectation of privacy when standing in front of your open window, but it's not one the courts have found reasonable.

Re:Odd... (1)

hairyfeet (841228) | about a year and a half ago | (#41274263)

But playing devils advocate here those laws are to protect you from the government NOT private citizens which is what we are talking here. This is why we had to have special communications laws passed for cell phones, because otherwise while the government couldn't do it they could just as easily hire a private corp to do it and be totally legit, just as this private company can pick up anything being broadcast over WiFi since they are not a governmental agent nor working for one.

Don't get me wrong, I still think this sucks balls, but it looks like this is one of those cases where we are gonna need to pass a law that covers private citizens accessing these signals because the current laws simply don't fit the situation.

Re:Odd... (0)

Anonymous Coward | about a year and a half ago | (#41274393)

email is a facet of today's "papers"

If you send an email unencrypted to my mail server, I have every right to read it. It doesn't matter if you sent it to someone else, it's on my hardware. Your analogy is fatally flawed, because email is closer to a postcard than a letter in an envelope. You clearly don't understand the basics of the protocol.

Do you really leave the house without locking your door? I don't know anyone who does that. But hey, it's illegal for someone to come in, so that's protection enough... right?

Re:Odd... (1)

tsotha (720379) | about a year and a half ago | (#41274681)

And the end result was... those conversations were protected by law.

When you say "protected by law" do you mean they were found to be protected under the constitution or that protection was legislated? Because the latter case would undermine rather than support your argument.

Re:Odd... (2)

michael_cain (66650) | about a year and a half ago | (#41273755)

Cites, please? And is the statute (illegal implies it's either in statute or a regulatory rule with the force of law) specific to cell phones? Back in the day, when I paid some attention to this type of thing, the case law was pretty clear that if you transmitted unencrypted material you had no expectation of privacy, hence no wiretap order was needed.

Re:Odd... (1)

fyngyrz (762201) | about a year and a half ago | (#41273883)

Sure:

https://www.privacyrights.org/fs/fs9-wrtp.htm [privacyrights.org]

https://www.cdt.org/wiretap/wiretap_overview.html [cdt.org]

...this isn't even controversial, though -- it's been this way for many years. They even made it illegal to sell a radio that could receive in the bands where the cellphone transmissions are made.

Re:Odd... (1)

swillden (191260) | about a year and a half ago | (#41274053)

They even made it illegal to sell a radio that could receive in the bands where the cellphone transmissions are made.

Actually, they only made it illegal to sell scanners that could receive the transmissions. It's not illegal to listen, just illegal to sell devices that enable listening. Though in that case because of the law banning the devices there's a good argument to be made that you do have some expectation of privacy, which clearly does not apply in the case of Wifi, since there is no such device ban, nor anything remotely like it.

Also, I think the fact that it is possible (and easy) to enable Wifi encryption means precisely that unencrypted Wifi does not provide any expectation of privacy -- because if you'd wanted privacy you'd have encrypted the Wifi.

Re:Odd... (2)

msauve (701917) | about a year and a half ago | (#41273939)

He's probably thinking of the "scanner law" (47 CFR Part 15.37(f)), which made it illegal to make scanners which could receive cell calls after some date (not that it matters much since analog cellular went away). Or maybe 18 USC 1029, which requires "intent to defraud."

Neither of which directly make it illegal to intercept calls.

For that, there's 18 USC 2511, which might make it illegal to even listen to the conversation a person next to you is having. ("intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;")

Re:Odd... (1)

icebike (68054) | about a year and a half ago | (#41273933)

There is a specific law that prohibited manufacturer of scanners capable of receiving wireless phones, and you aren't supposed to publish what you intercepted, but there is no laws again listening.

Wifi is a totally different matter. Beaconsare broadcast precisely so that these networks can be found and encryption is provided as an OPTION.

The implication is clear, that if you turn off encryption you don't care.

I wonder where this judge was hiding during the big Google street view fiasco.

Re:Odd... (1)

The Snowman (116231) | about a year and a half ago | (#41273991)

I think that the difference between your conversations and pizza ordering on an analog transmission and on a digital one WRT 4th amendment protection should be zero.

This isn't about analog v. digital. With an unencrypted cell phone transmission you are still paying for service and not just anyone is allowed on the network. Your phone has an ID that tells the carrier who you are so they can allow you to use the network and to bill you for service.

With an unencrypted wifi hotspot, it is open for anyone to use. Perhaps you may need to purchase something and enter a code in your web browser (although this is more and more rare), but by and large, the wifi owner doesn't care who you are. They are providing a service to anybody, not specific individuals.

Put it this way, with a car analogy. If I lend my car to a friend and charge money, there's no big deal. But if I advertise and let anyone rent my car, I am suddenly operating a business and a whole different set of rules and laws apply.

Re:Odd... (1)

cpu6502 (1960974) | about a year and a half ago | (#41274035)

>>>because listening to unencrypted cellphones is illegal.

Not in my state. You only need the consent of one person. That's me and my scanner; I've heard many cellphone, portable, and HAM communications. Besides: Just like TV and radio you are broadcasting "in the open" and therefore have no more expectation of privacy than if you stood on a soapbox and started reading a book aloud.

Re:Odd... (1)

Fnord666 (889225) | about a year and a half ago | (#41274185)

Not in my state. You only need the consent of one person. That's me and my scanner; I've heard many cellphone, portable, and HAM communications. Besides: Just like TV and radio you are broadcasting "in the open" and therefore have no more expectation of privacy than if you stood on a soapbox and started reading a book aloud.

If I am interpreting 18 U.S.C. 2511 - Interception and disclosure of wire, oral, or electronic communications prohibited [gpo.gov] correctly, your interception of these signals becomes illegal the moment you tell anyone about what you heard or take any action in any way based on what you heard.

Please notice that this is a U.S. code, so unless your state had seceeded from the the US lately, it is applicable.

Re:Odd... (1)

fyngyrz (762201) | about a year and a half ago | (#41274285)

That's not correct. You need the consent of one of the parties to the conversation. That's not you and your scanner.

Can't disagree (5, Insightful)

bhcompy (1877290) | about a year and a half ago | (#41273653)

Open networks are just that. If your intent is to keep your transmissions private, you should be using something better than an open network. Intent may be applicable in a pre-trial hearing on the validity of not having a warrant, but requiring insight in to the intent of an open wifi is highly unlikely at the warrant stage without some pretty strong inside information already.

Re:Can't disagree (1)

wer32r (2556798) | about a year and a half ago | (#41274071)

No. All it requires is to know what it is, and what it's used for. Anyone capable of listening in to these signals would know the answer to both.

scanners (2)

theNetImp (190602) | about a year and a half ago | (#41273655)

If it's wiretapping than anyone in the last 20 years who owned a scanner should be fined for listening in on their neighbors telephone calls because their wireless household phones weren't encrypted.

Re:scanners (1)

Shavano (2541114) | about a year and a half ago | (#41273781)

That is illegal. Wiretapping is a separate question and it only refers to GOVERNMENT surveillance.

Re:scanners (1)

helix2301 (1105613) | about a year and a half ago | (#41274581)

Having open wireless is irresponsible and very stupid. I mean if you are crazy enough to leave your wireless open to the world you are stupid enough to get it sniffed.

General Public (1)

bondsbw (888959) | about a year and a half ago | (#41273675)

It's not illegal to intercept communications "made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public."

Just who is included in the general public here? This is like saying that most everyone who has a Wi-Fi capable computer typically runs a packet analyzer.

Re:General Public (1)

Shavano (2541114) | about a year and a half ago | (#41273803)

Why wouldn't they, given the number of malwares out there that can have such a capacity built-in?

Re:General Public (1)

Hatta (162192) | about a year and a half ago | (#41273875)

No, it's like saying that most everyone who has a WiFi capable computer typically has a packet analyzer readily available. Which is entirely true.

One of those rare occasions I agree with the gov (4, Insightful)

MikeRT (947531) | about a year and a half ago | (#41273683)

IFF the extent of it is to scan the wireless broadcast, not join the network and access the internet, their private network, files, printer(s), etc. then I think this is an amazing case of common sense. Joining their network and using the internet or anything similar to that is akin to going into someone's house and sleeping on their couch while they're not home. Sure, "you may not be harming them" and they're "not using it right now" but that's not relevant to whether you can jump in and use their resources.

Wireless broadcasts without encryption, however, are akin to a neighbor who yells loud enough for everyone to know their family's business. I don't see any difference between my neighbors having a heated conversation that I can hear inside my house and them sending unencrypted packets into my house. The criminality should only come in if and when they are used maliciously.

Re:One of those rare occasions I agree with the go (0)

Anonymous Coward | about a year and a half ago | (#41274003)

That is amazingly backwards. Using a network that has been configured so that everyone can use it is just fine until you get asked not to do so - for example if the name of the network is "you are not allowed to use this network", then OK, it's not allowed. The analogy to using someone else's couch against their wishes is ridiculous - I am sure that you yourself would rather contribute some bandwidth to the neighbor than have them hang out in your house when you are not there against your wishes, so you refute your own argument - it's not the same thing. You call the cops on squatters, you set up your network properly if you want to prevent people from using it. Not the same thing at all.

However, intercepting other people's network traffic in order to gain information is like opening someone's mail - it's not secured, you only need trivial tools to gain access to it, but there is no reasonable expectation that you are allowed to read it. Your analogy that it is like hearing someone's heated argument fails because in that case it is them informing you about their secrets and not you actively invading their privacy. The difference is that your ears work automatically outside of your will, which is no one is going to blame you for, but you need equipment to intercept private email. In the same way, if you set up a very sensitive microphone in order to detect even faint whispers coming from your neighbor's property, you are doing something creepy that goes beyond just overhearing a heated argument.

Re:One of those rare occasions I agree with the go (0)

Anonymous Coward | about a year and a half ago | (#41274085)

Sure, "you may not be harming them" and they're "not using it right now" but that's not relevant to whether you can jump in and use their resources.

I never see this argument modded up on Slashdot, let alone to plus five, when the subject is digital piracy. In fact, they're usually modded down as "trolls" so you can't even see them except for quotes by people posting rebuttals.

Funny how that works.

Re:One of those rare occasions I agree with the go (1)

cpu6502 (1960974) | about a year and a half ago | (#41274117)

>>> I don't see any difference between my neighbors having a heated conversation that I can hear inside my house and them sending unencrypted packets into my house.

Agreed.
Reminds me of the couple I lived next door to. The guy was constantly yelling at his girlfriend, which made her cry. Then he'd yell "But I love you!" Once they started arguing in the parking lot, so I went to my window to see what was going on. He pointed at my window and said, "What's your problem?" and then came charging up the stairs and pounding on my door.

I guess I was just all supposed to pretend none of this was happening, as if the sounds were not entering my apartment. Just as I'm supposed to pretend I don't see 2 open Wifis broadcasting to my PC. ----- Sorry but I disagree with persons who think that.

Re:One of those rare occasions I agree with the go (2)

Kjella (173770) | about a year and a half ago | (#41274139)

Wireless broadcasts without encryption, however, are akin to a neighbor who yells loud enough for everyone to know their family's business. I don't see any difference between my neighbors having a heated conversation that I can hear inside my house and them sending unencrypted packets into my house.

The difference is that each packet is keyed to the recipients address and to listen in you need a device explicitly made to intercept packets going to others. If you have tenants and offer them internet service and set up a dump of their traffic, are you doing a wiretap? Hell yes. If you are on a cable loop and modify the cable modem to dump all packets for everyone on the loop, are you doing a wiretap? Hell yes. Note that in an earlier case they found the exception didn't apply to cordless phones - the intent was obviously that it was designed to only be received on the handset it belonged to. Wifi packets are the same, you only intend to communicate with that one card and not the world. That it's unencrypted is mostly irrelevant, if you go through a door marked "staff only" you're trespassing even though it was unlocked. The intented user was clear.

Re:One of those rare occasions I agree with the go (2)

cantsleep (2723025) | about a year and a half ago | (#41274151)

Interesting analogy of a 'yelling' neighbor. Unfortunately it's not helping your point.

-You can't stop but to hear a yelling neighbor.

-Is your personal network interrupted by theirs?

-Do they have a reasonable expectation of privacy?

Sending an "unencrypted" love letter to a girlfriend by postal mail offers me adequate expectation of privacy... and anyone can just simply intercept that letter many ways.

You are trying to make a point that because you CAN do something from the comfort of your own home/car/bike you SHOULD be able to do it.

The general public doesn't "readily have access" to interpret unencrypted wifi networks any _more_ than we have access intercepting personal wireless phones (which is also easy).

We dont have any _less_ access to DVD decryption software (which is illegal, I'm told) than we do to wifi monitoring tools.

Re:One of those rare occasions I agree with the go (2)

mysteryvortex (854738) | about a year and a half ago | (#41274327)

Joining their network and using the internet or anything similar to that is akin to going into someone's house and sleeping on their couch while they're not home.

The problem with your analogy is that they are transmitting beacons frames without the privacy bit [microsoft.com] set. This frame basically says: "Hi I am a WiFi network, here is my name and all the other info you need to connect to me if you want to!" If you set the privacy bit it basically says: "Hi I am a WiFi network, here is my name and all the other info you need to connect to me if you are authorized!"

In the case of your analogy, the beacon frame sans privacy bit is the eqivalent of posting a sign that says: "Feel free to sleep on my couch if you want to!"

Whether or not the default mode should be open or private is another debate, and I understand that most new consumer wifi equipment has been addressing this from the should private point of view for quite a while. (see WPS [wikipedia.org])

your intent doesn't matter (3, Insightful)

kenorland (2691677) | about a year and a half ago | (#41273693)

It isn't the function of government to protect your "intent" against your own stupidity.

If you want to keep your communications private, encrypt them.

Re:your intent doesn't matter (5, Insightful)

Catiline (186878) | about a year and a half ago | (#41273747)

It isn't the function of government to protect your "intent" against your own stupidity.

Bingo! Furthermore, the last few wireless routers I've setup automatically prompted to turn on some form of encryption during that process. If you choose not to use this feature, it should be viewed as a deliberate (not ignorant) choice in the nature of your setup.

Re:your intent doesn't matter (0)

Anonymous Coward | about a year and a half ago | (#41273877)

There are plenty of people who believe the purpose of the wireless encryption choice and password is to prevent unauthorized people from using their internet connection. They may or may not understand that by not requiring a password to use their connection, they are also allowing people to intercept their own communications. In fact, I suspect most people don't realize that.

Re:your intent doesn't matter (0)

Anonymous Coward | about a year and a half ago | (#41273801)

However if you want to increase the legal debate, reserve the outcome to legal judgement and precedent after lengthy and expensive trials rather than the application common sense up front circumventing all that, you would end up with a law professors wet dream.

Re:your intent doesn't matter (0)

Anonymous Coward | about a year and a half ago | (#41273821)

"It isn't the function of government to protect your "intent" against your own stupidity."

Well, yes that is a function of government. There are all sorts of laws designed to protect people from having others take advantage of their ignorance.

Re:your intent doesn't matter (0)

Anonymous Coward | about a year and a half ago | (#41273937)

Well, yes that is a function of government...

... but not a legitimate function. Protecting people from their own stupidity is not something governments should be doing, because (a) there is no end to the authoritarianism that results, and (b) you end up producing a society of people who are dumbed down to the level where they cannot function without the nanny state telling them what to do at all times.

Re:your intent doesn't matter (0)

Anonymous Coward | about a year and a half ago | (#41273983)

Yeah! And if you don't want to get raped, wear a burka or don't go out without a male relative because it doesn't matter if it's hot out and/or you just want to look nice and wear a dress/skirt!

All them bitches get what they deserve, right?!

(That's why all mail, such as bank statements, billing, and medical documents, are in code, right? That's the only way to keep 'em private.)

Re:your intent doesn't matter (1)

cantsleep (2723025) | about a year and a half ago | (#41274299)

If you want to keep your communications private for now, encrypt them in 4096 bit.

-Fixed that for you.

stupid question but who is orin kerr? :) (2)

youn (1516637) | about a year and a half ago | (#41273699)

and why does his/her opinion matter so much in the case? (it maybe does, just seeing the name in the summary made me ask the question)

More on point... if you are going to broadcast open packets for everyone to peruse freely... even outside your house, it is like doing something illegal in public and complaining about being caught for it and any witness is illegally watching over your privacy. If it was a secured network, then yes, it would be illegal snooping

wow... a judge got one right? (0)

Anonymous Coward | about a year and a half ago | (#41273739)

Whether by accident or on purpose it seems the judge got this one right. The protocol specifically provides for encryption in the cases you want privacy. Not turning it on is like shouting your private business from your roof with a megaphone and then getting mad when someone hears it.

Encryption is in there for a reason. Finally a judge who rules on the side of reason, rather than pandering to stupidity and emotion.

Re:wow... a judge got one right? (1)

91degrees (207121) | about a year and a half ago | (#41274451)

Not really. You can't help but to hear it if someone does that.

To tap a wireless network you need to actively listen in, in a manner that is different from what a reasonable person might consider to be the normal mode of use.

Normally (3, Insightful)

DaMattster (977781) | about a year and a half ago | (#41273743)

I'm not on the side of law enforcement but in this case the ruling is fair game. If you use an open, unencrypted wireless access point you do not have a heightened expectation of privacy.

Re:Normally (1)

cantsleep (2723025) | about a year and a half ago | (#41274363)

I completely agree.

The thief isn't responsible when I forget to lock my car/house/computer/belt buckle.

Intent doesn't matter (5, Insightful)

Hentes (2461350) | about a year and a half ago | (#41273783)

There are many open wifi access points set up with the intent of giving internet access to anyone who happens to be there. How am I supposed to know that the owner of an open network wants to share it or not?

ERGO SOFTWARE AND MOVIES WITHOUT DRM ARE FREE !! (-1)

Anonymous Coward | about a year and a half ago | (#41273813)

So have at it boyz !! His Honor has set you free !! as in beer !!

One's guilt shouldn't depend another's intent (1)

mc6809e (214243) | about a year and a half ago | (#41273863)

One's guilt depends not on whether a rule was followed or broken, but on what another person was thinking?

Kerr is asking too much.

Re:One's guilt shouldn't depend another's intent (0)

Anonymous Coward | about a year and a half ago | (#41274065)

... what about laws about rape? Don't those pretty explicitly deal with what the "other" party was thinking?

Re:One's guilt shouldn't depend another's intent (1)

mc6809e (214243) | about a year and a half ago | (#41274219)

... what about laws about rape? Don't those pretty explicitly deal with what the "other" party was thinking?

I don't think so, otherwise rapists might try to claim that while the victim said "no", the victim instead was thinking "yes".

And suppose someone says "yes" but regrets the encounter? Should someone go to jail because another didn't make their thoughts known?

Re:One's guilt shouldn't depend another's intent (1)

91degrees (207121) | about a year and a half ago | (#41274575)

Tech forums always seem to have a certain Asperger thing going on. They find it hard to put themselves in the position of another person.

To most of us, it should be obvious that someone communicating over a wireless network. There are, after all, many reasons one might use an unencrypted network. It would be remarkable strange behaviour for anyone to actually want people to intercept their data, so much so that one might reasonably expect that permission would need to be made explicit.

If you walked up to someone who was using an open network, and asked "Hello. I'd like to intercept your network traffic, do you mind?" what do you think the answer would be?

He's Wrong (1)

SwashbucklingCowboy (727629) | about a year and a half ago | (#41274011)

The intent doesn't matter, if it did it would have been written into the law. Besides, someone scanning wifi channels cannot know with certainty what the intent of someone who hasn't encrypted a particular network is.

Agree with the judge (0)

Anonymous Coward | about a year and a half ago | (#41274019)

When you want to have a private conversation do you go out in the street and yell back and forth? No. You go into a room and close the door.

People generally make some effort when they don't want other people to hear them. The internet is no different. And ignorance is not an excuse.

k, then (1)

JustOK (667959) | about a year and a half ago | (#41274037)

Using it to snoop on the owners or other users is wrong. Using it to get to the internet, not so much.

If sniffing wifi networks isn't wiretapping, (1)

Compaqt (1758360) | about a year and a half ago | (#41274077)

sniffing a police station's or an FBI office's wifi isn't wiretapping, either, right?

Re:If sniffing wifi networks isn't wiretapping, (0)

Anonymous Coward | about a year and a half ago | (#41274351)

No, it isn't.
There is probably a different set of laws that make that illegal though.
But it's not wiretapping.

Re:If sniffing wifi networks isn't wiretapping, (1)

arbiter1 (1204146) | about a year and a half ago | (#41274471)

Well what are chances police and FBI are open wifi point? which this covers and not wpa2 or something encyption

Kerr is wrong (2)

Todd Knarr (15451) | about a year and a half ago | (#41274255)

Orin Kerr is wrong. Intent matters, but only up to the point where it's reasonable. If you decide to discuss a sensitive private matter with your SO by yelling at each other at the top of your lungs in a crowded lobby, you can't possibly reasonably expect that conversation not to be overheard by everyone in the lobby. The same with unsecured WiFi: you're broadcasting your traffic in the clear to anyone who has a receiver and you know this. It's up to you, if you intend a communication to be private, to take at least some reasonable steps to make it private. Choosing a method that's so blatantly exposing the communication to the public is decidedly not such a reasonable step. If you don't like it, sorry but the rest of us didn't agree to plug our ears just because you find it inconvenient to go somewhere private to have a private conversation.

Re:Kerr is wrong (1)

RicktheBrick (588466) | about a year and a half ago | (#41274603)

You are trying to destroy the value of WiFi. So you are saying that it is okay to listen to all the communications at every restaurant, hotel, rest area just because they have open WiFi so that anyone can use it. I have read that everyone should leave their WiFi system open as a courtesy so that people can make phone calls, download books while walking in front of your house. But if the government encourages people to listen in than I guess a large number of people will not have open WiFi systems just for that reason. I still suspect that if I kept an open WiFi system and someone downloaded a child pornography file that I would be suspect of possessing that file so for that reason I do not have an open WiFi.

amateur radio (0)

Anonymous Coward | about a year and a half ago | (#41274343)

As an amateur radio operator, there is overlap in the 2.4ghz range that WiFi uses, that I can use higher power on and other modifications. When I do this though, I still have to follow the FCC Regulations assigned to me as an amateur radio operator. 1. I have to broadcast my call. 2. It can not be encrypted. The reasoning is that by the FCC Regulations, other amateur radio operators shall be able to learn and listen. .. So, in my eyes, if some one's WiFi AP is not encrypted, they must be an amateur radio operator who is not broadcasting their call.

Not reasonable (1)

the eric conspiracy (20178) | about a year and a half ago | (#41274381)

This judge is in contempt of common sense.

Just because I leave my car unlocked with the key in the ignition doesn't give you the right to drive away in the car, nor does the fact I forgot to lock my front door give you the right to search my house.

Re:Not reasonable (0)

Anonymous Coward | about a year and a half ago | (#41274477)

But if you paint your social security number onto the side of your house, why is it my fault I can see it?

Re:Not reasonable (2)

silas_moeckel (234313) | about a year and a half ago | (#41274513)

How about a common converse issue person A has a smartphone setup to connect to his linksys wireless network he walks down the street and the phone connects to his neighbors linksys network. Was he wiretapping or ortherwise hacking there network? Common sense tells me no they did nothing to keep there signal contained within there property or to keep people out of there network. As a network eng I know that basic troubleshooting involved sniffing traffic. From the case they were not spoofing the gateway IP or otherwise gaming the network, just listening to what they could see. This is no different than you shouting next to me and then complaining that I overheard.

Let's all take a minute of silence for... (0)

Anonymous Coward | about a year and a half ago | (#41274589)

the land of "freedom".

"public" (1)

spongman (182339) | about a year and a half ago | (#41274697)

i recommend that we come up with some way of making un-encrypted wi-fi networks a thing of the past.

one simple solution would be to have wi-fi clients automatically attempt to use the default password "open" for encrypted networks if none is supplied.

wi-fi access points should strongly indicate to users that using the password "open" is better for security than no password.

  o : private network. password: __________
  o : create open network (password is "open")
  o : create insecure network (NOT RECOMMENDED)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...