Judge In Google WiFiSpy Case Trying To Determine If Packet Sniffing Open Networks Is An Illegal Wiretap

from the it-shouldn't-be... dept

In the consolidated cases against Google for intercepting some unencrypted data passing over open WiFi networks as part of its Street View operation, the judge is now looking to determine if basic packet sniffing is the equivalent of an illegal wiretap. Google, and one would imagine, most people who understand the technology, are arguing that's silly. The nature of WiFi is that it takes the unencrypted bits and makes them wide open to anyone on that network. That's how the technology is designed. If you don't like it, you encrypt. Arguing, retroactively, that seeing the data that is put in the open on purpose is somehow an illegal wiretap seems silly, but that's what the case hinges on. Hopefully, the judge is either technologically savvy enough to understand this, or can be well educated in the nature of how an open WiFi network works... Otherwise, a lot of people may be facing wiretapping charges for activity that many people consider perfectly normal on a network.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Apr 19th, 2011 @ 6:39am

    And walking through a radiation leak is theft of services.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Chris Soghoian, Apr 19th, 2011 @ 6:42am

    The FBI

    Mike,

    If the FBI were driving vans around American cities silently sniffing wireless networks, would you approve?

    How can we prohibit the government from doing this kind of thing, yet let companies do it (particularly since companies can do it, and then sell the data to the government).

    Even though the tools to sniff networks are widely available, I think there are legitimate arguments to be made that sniffing content going across someone else's network should be considered a violation of the wiretapping act.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Shawn (profile), Apr 19th, 2011 @ 6:49am

      Re: The FBI

      "If the FBI were driving vans around American cities silently sniffing wireless networks, would you approve?"

      I think it would be better if instead of doing it silently they played 'Turkey in the Straw' like an ice cream truck. Other than that it is radio traffic that is being broadcast into the air. If no method is used to indicate otherwise i.e. encryption any one should be able to 'listen in' with out it being a crime. No whether that can be done by the State without a warrant for use in a criminal investigation may be more debatable, or not.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Michael, Apr 19th, 2011 @ 6:49am

      Re: The FBI

      "If the FBI were driving vans around American cities silently sniffing wireless networks, would you approve"

      I'm a different Mike, but I would ABSOLUTELY approve. Saying they cannot is like telling the police that they need to wear headphones so they cannot overhear people talking on the streets.

      The real problem is even worse. If you have a wi-fi enabled device and you walked past an unencrypted access point, you have also violated the law. Wi-fi antennas pick up all of the traffic and filter out everything except the SID you have enabled (if you have enabled one). At a packet level, everyone with a wireless device is guilty of what Google has done.

      Yes, they kept this information rather than immediately filtering it out, but can someone really argue that the length of time a wiretap log is held matters?

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      A Dan (profile), Apr 19th, 2011 @ 6:51am

      Re: The FBI

      Do you really think they don't do that? And do you really think they don't go ahead and break the encryption if it's there? After all, if you don't have anything to hide, why would you encrypt?

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 19th, 2011 @ 6:58am

      Re: The FBI

      Let's put things this way:

      Me and my friend go to the middle of the street and start having a "conversation" while shouting as loud as we can. An FBI agent, which has hearing problems, and cannot hear without his hearing aid, passes by. After seeing two people making a weird scene (imagine two nuts shouting at each other), he goes like "WTF?" and turns on his hearing aid.

      BAM!

      According to you, he goes to jail for eavesdropping. Nice.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        ltlw0lf (profile), Apr 19th, 2011 @ 10:41am

        Re: Re: The FBI

        According to you, he goes to jail for eavesdropping. Nice.

        The courts would not agree with this (well, maybe they might in this current day, but they hopefully would get struck down by the Supreme Court.)

        If you broadcast that you are committing a crime, and the police happen to hear this broadcast, then they can arrest you and the evidence will not be dismissed, whether you are on the street corner, on the radio, or on the internet. It is different if you are having a private conversation, but broadcasting is not private.

        What the defense could argue, in the case of an unencrypted wifi transaction is that like cell-phone and wireless telephones, which have special restrictions in the law when it comes to interception of communications, but that is because these channels may be open, but the conversation carried on these channels are considered private. If a wifi device allows anyone to connect and send/receive traffic, the conversation is hardly private.

        But this only effects government eavesdropping and rules of evidence...any private person can eavesdrop to their hearts desire (and in most cases unless they record the conversation or listen to cell-phone/wireless telephones, can do so legally.) The only way to be sure your transactions are secure are to use encryption and monitor sessions...and even then you can never be entirely sure the transaction isn't being monitored/recorded by a third party.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      David, Apr 19th, 2011 @ 7:20am

      Re: The FBI

      Mr. Soghoian:

      The 'actor' isn't the issue here it's the act itself.

      WiFi is a broadcast medium and technology - that is it's nature and intended purpose - if it's not encrypted it's *public* and there are many ramification to ruling otherwise.

      And of course this being a class-action, harm should be proven which is very difficult here as well.

      So I'm sorry the case against a company you so passionately hate is very weak, but the imagery of vans and the FBI doesn't really help your case nor credibility.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 19th, 2011 @ 7:23am

      Re: The FBI

      If it was an open, unencrypted network, then I'd have absolutely no problem with them sniffing it. That's the very nature of having an open, unencrypted network. If a user gets upset by that then it's obvious they don't understand technology and should probably have their smartphone/tablet/laptop confiscated for their own protection.

      Maybe we need to have something like a Department of Computers and Technology (the DCT - like the DMV) where people have to go get a license before they allowed to use any network-connected device.

      /end rant

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Liquid (profile), Apr 25th, 2011 @ 6:08am

        Re: Re: The FBI

        Maybe we need to have something like a Department of Computers and Technology (the DCT - like the DMV) where people have to go get a license before they allowed to use any network-connected device.

        I like that. To further this train of thought. Anyone who buys a computer from places like Bestbuy, Dell, Gateway, HP, Apple, etc... they should be sent to a class on how to work with computers.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 19th, 2011 @ 7:04am

    The feds have done worse, why is it legal for them?

    I wonder if any cordless phone eavesdropping laws may apply here. I think those laws probably vary from state to state, but from what I gather, RF scanners used to be able to legally scan any frequency it could. Older RF scanners can still pick up on cordless phone conversations but there are new laws that prevent newer ones from having that ability. To what extent can this apply to Wifi?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 19th, 2011 @ 7:08am

      Re:

      But I think there is a difference between cordless phones and Wifi. In the case of Wifi, most wifi setups have built in encryption options that the user can use. So if you keep it open, it's not because you had to. In the case of cordless phones, most cordless phones have no such options.

      Perhaps a cordless phone eavesdropping law might better apply to someone who has a wifi router without any encryption capabilities and to someone who can't reasonably afford a wifi-router with such capabilities.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 19th, 2011 @ 7:12am

        Re: Re:

        (but then the feds would have to find such a person who's rights Google may have violated before going after Google with the argument that this persons rights were violated and they had no better option but to easily enable such a violation of law. Most Wifi Routers at least have WEP though, even older ones, and newer ones come with WPA, so it's unlikely the Feds will get far).

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        Not an Electronic Rodent (profile), Apr 19th, 2011 @ 8:40am

        Re: Re:

        Perhaps a cordless phone eavesdropping law might better apply to someone who has a wifi router without any encryption capabilities and to someone who can't reasonably afford a wifi-router with such capabilities.

        I don't know about the US, but I don't believe *any* UK WiFi kit ever (and certainly not since it became "consumer" instead of "rich business toy",) does not have at least WEP capability. OK as encryption goes it's about the equivalent of a "No Trespassing" sign on a fenceless property, but it *is* at least a go-away sign and whispering instead of the "shouted conversation in the street" equivalence of unencrypted WiFi.

        IMO If you don't put *any* protection of WiFi you can't claim any privacy over people listening to you shout, if you put up the "go-away sign", that's where the law should kick in no matter how easy or hard it is to listen after that.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Niall (profile), Apr 20th, 2011 @ 2:53am

          Re: Re: Re:

          Yes, remember we are talking about the country here where putting the most pathetic (computer) security possible on a service/product means that it is illegal to circumvent that.

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    -, Apr 19th, 2011 @ 7:07am

    I totally disagree. Laws exist because some things that are possible (or even easy) to do shouldn't be done.
    If you left your house open, would it be fine for me to get in, make myself a sandwich, read TechDirt and other dirty sites on your PC and spend a night in your bed?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Gwiz (profile), Apr 19th, 2011 @ 7:29am

      Re:

      If you left your house open, would it be fine for me to get in, make myself a sandwich, read TechDirt and other dirty sites on your PC and spend a night in your bed?

      You are missing a small point - these were captured from the street (a public place). No trespassing involved. Your analogy fails on the "get in", the "make myself a sandwich" and the "spend a night in your bed" parts.

      The part about reading TechDirt and other sites is close - but you would be standing at the sidewalk watching through a window while someone else controlled the computer.

      This is really simple - if you don't want your WiFi signal being broadcast through your neighborhood, hard wire your computer to your router and shutoff the wireless. No different than cordless phones vs. wired phone.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        -, Apr 19th, 2011 @ 7:41am

        Re: Re:

        No, I don't miss the point.
        Why is trespassing prohibited? It's easy, you just turn left from the pavement, go to the door, push the handle and you're in.
        It's prohibited because most people are not fine with it. And it's the same with wifi snooping.

        Another example. Would it be fine if your ISP saved all your browsing history, all your IM chats etc.? You willingly give all this data to them and (unlike with most wifi users) you're aware you do so. If you don't like it, you can prohibit them from doing so by using encryption everywhere. So would it be fine for them to save all this data in case they find some use for it?

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          FormerAC (profile), Apr 19th, 2011 @ 7:51am

          Re: Re: Re:

          No, I don't miss the point.
          Why is trespassing prohibited? It's easy, you just turn left from the pavement, go to the door, push the handle and you're in.


          Yes, you did miss the point, and by a mile.

          Google didn't go to the door, push the handle and go in. They stood in the street. In public.

          If you were standing naked in your living room in front of the great big picture windows with no curtains, would you be upset if someone saw you naked? Well, then don't stand naked in front of the window stupid!!!

          Same issue here. People are broadcasting their wifi signal in public. It is their own fault if others can see it.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Apr 19th, 2011 @ 7:58am

          Re: Re: Re:

          Physical objects and the interactions with them don't serve as accurate analogies for broadcasting unencrypted bits to the ether.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Apr 19th, 2011 @ 12:58pm

            Re: Re: Re: Re:

            +1

            Analogies are great when you are explaining the basics of a concept, but once everyone understands the basics you should be capable of speaking in concrete language about the subject matter. Anyone who uses analogies in an effort to explain an advanced concept usually does so because they understand the analogy but not the advanced concept.

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              Brian Schroth (profile), Apr 20th, 2011 @ 7:35am

              Re: Re: Re: Re: Re:

              That can be true. Of course it can just as easily be true that one might use an analogy because one's audience doesn't understand the advanced concept. I can explain an advanced concept to someone, only to have them raise irrelevant objections. I can then explain why those objections are irrelevant, but because the audience doesn't understand the concept, they might respond with what amounts to "nuh-uh, it is relevant". That's when the analogy becomes useful as maybe the situation can be simplified to something they understand.

               

              reply to this | link to this | view in chronology ]

        •  
          icon
          Gwiz (profile), Apr 19th, 2011 @ 8:29am

          Re: Re: Re:

          It's prohibited because most people are not fine with it. And it's the same with wifi snooping.

          Actually, I am OK with wifi snooping or war driving. I encrypt my wifi with WPA and a 20+ character alpha-numeric password that will take a few years to crack via brute force.

          Another thing that you are perhaps missing - you are pushing the wifi signal out into the street - not the other way around.

          With unencrypted wifi it's like putting a table full of cookies near your sidewalk with a sign that says "Free - take one".

          If don't want people to take your cookies, then don't put them on the lawn with the sign (ie: encrypt your wifi).

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            Not an Electronic Rodent (profile), Apr 19th, 2011 @ 8:55am

            Re: Re: Re: Re:

            Actually, I am OK with wifi snooping or war driving. I encrypt my wifi with WPA and a 20+ character alpha-numeric password that will take a few years to crack via brute force.

            Not so much actually - especially if you're using the standard "Pre-Shared Key" implementation for home use. Think minutes, hours at best - last time I looked at it and that was a while ago, even WPA-2 wasn't that hard to break with the right tool.

            All that's kinda beside the point though and that's where the physical analogy breaks down - encrypt at all even with WEP and you are saying "go away it's private". Indeed there are already laws about breaking computer encryption for "copy protection" so dumb though they may be I don't see any reason that same standard shouldn't apply to WiFi. On the other hand unencrypted as you say you are literally shouting in the street and shouldn't have any expectation of privacy.

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              Gwiz (profile), Apr 19th, 2011 @ 11:17am

              Re: Re: Re: Re: Re:

              Not so much actually - especially if you're using the standard "Pre-Shared Key" implementation for home use. Think minutes, hours at best - last time I looked at it and that was a while ago, even WPA-2 wasn't that hard to break with the right tool.

              Well, getting the info needed to break WPA or WPA2 is easy and only takes minutes to collect. But, the hard part is actually cracking it, since you have to brute force against a dictionary database.

              I have (just for education, nothing nefarious) cracked 3 of my neighbors WPA encrypted routers. The first database I ran them against is one with all of the available phone numbers in my area and *tada* all three used their DSL line phone numbers as passwords.

              Four others around me I haven't been able to crack (even against a million word database) because they are using strong passwords with numbers and letters in random patterns.

               

              reply to this | link to this | view in chronology ]

              •  
                icon
                RcCypher (profile), Apr 19th, 2011 @ 11:35am

                Re: Re: Re: Re: Re: Re:

                Rainbow tables (your databases) are a great speedy tool for WPA password cracking. However I was referencing a brute force approach in my post.

                 

                reply to this | link to this | view in chronology ]

          •  
            identicon
            -, Apr 19th, 2011 @ 8:57am

            Re: Re: Re: Re:

            Would you be fine too if you learned after the fact that you have been spied upon? I suggest that you read
            http://www.techdirt.com/blog/wireless/articles/20110418/15424813942/judge-google-wifispy-case-tryi ng-to-determine-if-packet-sniffing-open-networks-is-illegal-wiretap.shtml#c291
            and
            http://www.tech dirt.com/blog/wireless/articles/20110418/15424813942/judge-google-wifispy-case-trying-to-determine-i f-packet-sniffing-open-networks-is-illegal-wiretap.shtml#c364

            (Wow, can't these links be shorter?)

            And with the cookies analogy, think about a granny sending cookies from one place in their home to another in their home. It's clear that if they do their way via the wild, something is wrong and it's not fine to reach out and take them.

            But really, talking about cookies in here is wrong.
            1. There are things more important than cookies. Much more.
            2. If sb. takes your cookie, you can find out.
            3. Cookies are scarce, so taking them is something very different.

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              Gwiz (profile), Apr 19th, 2011 @ 11:33am

              Re: Re: Re: Re: Re:

              Would you be fine too if you learned after the fact that you have been spied upon? I suggest that you read

              Look, if my data is encrypted with a strong password then all someone can see is gibberish and I am not worried about it.

              Besides, every time anything I do online goes through an AT&T hub, it is being collected by the government anyways. So what you are saying actually happens all day, everyday.

               

              reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Apr 19th, 2011 @ 9:20am

          Re: Re: Re:

          Originally, 802.11 had no security. Instead it had a place where security protocols could be put if third parties wanted to add them. It was designed to be open. IEEE, who set it up, wanted everyone to be able to see what was going on. It was only later, after seeing some horrible and conflicting implementations of multiple third party security that they added an officially sanctioned extensions for it.

          So if someone is looking through what you're doing on a unencrypted wifi signal... they are doing EXACTLY what they are supposed to be doing by the design of wifi.

          I hope this clears up any misconceptions you have, and allows you to extrapolate exactly why your ISP example has no baring on this what so ever.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Apr 19th, 2011 @ 9:41am

            Re: Re: Re: Re:

            So if someone is looking through what you're doing on a unencrypted wifi signal... they are doing EXACTLY what they are supposed to be doing by the design of wifi.
            Show me *any* wifi ad that shows strangers sniffing owners' whole communication. It doesn't matter what engineers wanted from a technology, what does is what it turned out to be - a major form of doing private communication. It's terrible on the privacy front, but only like 5% of society knows this. So technology should be improved to better serve it's purpose. But in the meanwhile there are needed other ways of ensuring that the 5% doesn't harm the other 95%. In such cases social mores usually work well enough, but in case of Google they didn't. I don't know whether what they did was illegal, but it should be.

            And I don't see any difference from ISP in what you told. ADSL and most other popular networking technologies don't have any security either, 3rd partied are free to add them if they wish so.

             

            reply to this | link to this | view in chronology ]

          •  
            identicon
            -, Apr 19th, 2011 @ 9:44am

            Re: Re: Re: Re:

            And on the topic on engineers' intentions, I'd like to add that Internet was supposed to be a military network.

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              ltlw0lf (profile), Apr 19th, 2011 @ 11:05am

              Re: Re: Re: Re: Re:

              And on the topic on engineers' intentions, I'd like to add that Internet was supposed to be a military network.

              Sorry sir, but you failed computer history 101, please head back to school. I suggest reviewing the Wikipedia page for ARPANET and History of the Internet.

              The "internet" was designed to be a connection of networks (hence the name Internet is a shortened name for Interconnected-Networks,) some of which were run by the military. ARPANET (which was the precursor to the internet,) was a research and development network, created to link the defense research labs with universities which were doing their work. It was not designed to be a military network, as it was not exclusive to the military (if it was, you likely never would have heard about it or would be using it now.) ARPANET was designed to link the military with universities around the country in order to share the few high-powered research machines that existed at the time. As more and more networks were connected to ARPANET, the name was changed from ARPANET to NSFNET to the Internet.

               

              reply to this | link to this | view in chronology ]

    •  
      icon
      FormerAC (profile), Apr 19th, 2011 @ 7:37am

      Re:

      A thoroughly inaccurate analogy.

      Wifi is a broadcast. If you don't want people viewing the Wifi traffic you are broadcasting in public then encrypt it.

      A better analogy would be ... you take all your furniture our of your house and set it up on the lawn. Now, with everything on the lawn, in full public view, would you be upset if someone came over, made themselves a sammich and spent the night in your bed?

      Well, you might, but you can't fault someone for using something that you placed in full public view without placing any restrictions upon their use.

      Therein lies the issue ... restrictions. If you are broadcasting Wifi unencrypted, you have not places any restrictions upon its use. If you can't figure out how to encrypt it, that isn't my problem, just as it isn't my problem if you decide to live on the front lawn.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 19th, 2011 @ 7:55am

        Re: Re:

        Yeah, the comparison isn't perfect, but there are so many ways of invigilating yourself from only public data, there have to be some limits. Humans are imperfect and that's why there are various laws shielding them from common mistakes. Not all such laws are good, but not all are bad either. Back on the topic, do you encrypt all your internet traffic? Because sb. could put a cable that runs parallel to your internet line and use electromagnetic interference to read all that goes through it. Would you feel it's fine if I convinced you I do it to you?

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          The eejit (profile), Apr 19th, 2011 @ 8:00am

          Re: Re: Re:

          Yes, but I would also consider you a whackjob.

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          FormerAC (profile), Apr 19th, 2011 @ 8:20am

          Re: Re: Re:

          Because sb. could put a cable that runs parallel to your internet line and use electromagnetic interference to read all that goes through it.

          sb. ??????

          People seem to be having trouble with this simple concept. Unencrypted WIFI is BROADCAST TO THE WORLD with no protection. Granted, early Wifi routers did not enable encryption by default, but it is available. All you have to do is RTFM.

          Modern Wifi routers have encryption turned on by default. All the major players (at least where I live) have routers that are encrypted OUT OF THE BOX.

          What you are talking about is using specialized equipment to read a signal that is not being broadcast. My internet traffic is run through a cable from my house to my provider. It is point to point traffic, intended for two parties, me and my provider. Unencryped wifi being broadcast and can be read by anyone who cares to receive the signal.

          Lets try this definition of broadcast: circulate: cause to become widely known

          Does that make it any clearer for you? Unencrypted wifi is broadcast ... to everyone.


          Would you feel it's fine if I convinced you I do it to you?

          So you're the one. I knew it!

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            -, Apr 19th, 2011 @ 8:43am

            Re: Re: Re: Re:

            No, it's broadcast almost as broad. Does it really matter if you have to be within 20 meters or just 1? In both cases you have an antenna sending electromagnetic waves around and one needs just another antenna to read the signal.
            Neither is broad, really, even with your definition and that's a big point.

            But really, a bigger one is that good majority of people have reasonable expectations that technology that they use just works. Hardly any wifi router sold up to c.a. year ago (when Google did the spying) had even basic security enabled and almost everybody connected them and were happy when they worked. These were not idiots but regular people that just were not skilled in some field of technique. It's unreasonable to ask everybody to become expert in everything and that's why laws that protect us from others abusing our skillessness make sense.

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Apr 19th, 2011 @ 1:15pm

              Re: Re: Re: Re: Re:

              Hardly any wifi router sold up to c.a. year ago (when Google did the spying) had even basic security enabled and almost everybody connected them and were happy when they worked.

              WWEEEET! WWEEEET! BS detector activated. Here is a study from 2006 showing basically completly disproving all of your guesses about how many people secure their router, how many routers come with default security, etc.

              http://www.informatics.indiana.edu/mhottell/research/Predictors%20of%20Wireless%20Security.p df

              And that is already 5 years out of date, I can't imagine security has declined significantly since then.

              The majority of people know about securing their wireless data (or they don't know about it but do it anyway) and one would imagine that some people actively choose not to implement security. That means a small minority either don't know or care that they are broadcasting their information. Either way applying wiretapping laws makes no sense in this situation.

               

              reply to this | link to this | view in chronology ]

            •  
              icon
              Gwiz (profile), Apr 19th, 2011 @ 1:33pm

              Re: Re: Re: Re: Re:

              It's unreasonable to ask everybody to become expert in everything and that's why laws that protect us from others abusing our skillessness make sense.

              I have to disagree with you on this.

              First, a legal precedent saying that intercepting unencrypted wifi is illegal would make the situation worse. It would give the average person a false sense of security that doesn't exist.

              Second, this really more of a common sense kind of thing. Pickpocketing is illegal, right? But, when I walk out into a crowd, I move my wallet to my front pocket for security reasons anyways.

              Third, we are not talking about rocket surgery here, a couple of screens and your done. My ISP will even walk you through it over the phone if you need help.

               

              reply to this | link to this | view in chronology ]

  •  
    identicon
    BW, Apr 19th, 2011 @ 7:08am

    Google presumption

    Suppose you mistakenly left your wallet at the cash register counter when you checked out at the store, went to your car and placed your items in the back seat and then you remembered you forgot your wallet. When you went back into the store some guy who worked for Google was going through your wallet and helping himself to your credit cards, money etc. When you asked him what the hell he was was doing, his response was... "oh, this wallet was left here so its in the public domain and I'm helping myself to the contents".

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      btr1701 (profile), Apr 19th, 2011 @ 9:35am

      Re: Google presumption

      > When you went back into the store some guy
      > who worked for Google was going through your
      > wallet

      If you left your wallet behind at the register, you'd have to be an idiot to expect no one would go through it, if only to find who it belonged to in order to return it.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      teka, Apr 19th, 2011 @ 4:52pm

      Re: Google presumption

      Congratulations.


      I think you have managed to combine the highest amount of reverse-logic and thickheadedness ever seen in one post.

      You are either a fool repeating Faux News talking points/some other script for the hard-of-thinking or (and this option is almost better) you are simply a paid or unpaid shill doing your best to attack google.

      Let us hope unpaid, as you would not be providing your moneys worth.

      In short, you are a ludicrous parody of a buffoon or simply a buffoon.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Not an Electronic Rodent (profile), Apr 20th, 2011 @ 1:29am

      Re: Google presumption

      Supposing someone was opening their wallet in the middle of the shop pulling out handfuls of notes and throwing them high in the air would you think they were an idiot or arrest all the people picking up the cash? Does it help any if they are shouting "No! No! Leave it alone! It's all MY money!" while they do it?

      And yes, that's a crap analogy, but then so was yours.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    David, Apr 19th, 2011 @ 7:10am

    Please don't call it 'wispy' a phrase concocted by PR firms hired by Google's competitors.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Don, Apr 19th, 2011 @ 7:20am

    Wasn't there a case where a guy sitting in his car in the parking lot of Sartbucks using their wifi charged.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Nick Coghlan (profile), Apr 19th, 2011 @ 7:44am

    WEP = Wired Equivalent Privacy

    The fact that unsecured Wi-Fi is open to the world was made fairly explicit in the name chosen for the original security protocol: Wired Equivalent Privacy.

    It creates a pretty clear line: if you're cracking WEP, regardless of how easy that may be, your access is clearly unauthorised and illegal (and if you're cracking WPA2... well, that's actually kinda impressive, but still illegal).

    But when someone has their network wide open, then neighbours and passersby are going to see that traffic.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Overcast (profile), Apr 19th, 2011 @ 8:51am

    Is recording a fully open air conversation in public legal?

    This question is no more complicated than that.


    "If the FBI were driving vans around American cities silently sniffing wireless networks, would you approve"

    They are on a public street, picking up an open, unsecured broadcast.... If you are concerned about that or the data moving over the network - encrypt it.

    See technically - if the broadcast reaches *MY* car, you are broadcasting *your* data into my private property. There's not even a question at that point - who is infringing upon who?

    But then I get kicks out of doing the opposite - leaving the network wide open and packet sniffing those who connect... ^.^

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      -, Apr 19th, 2011 @ 10:11am

      Re:

      See technically - if the broadcast reaches *MY* car, you are broadcasting *your* data into my private property. There's not even a question at that point - who is infringing upon who?
      These are 2 separate things.
      If a plane makes an emergency landing on your lawn, it doesn't make the plane yours, you can't take any part of it, you can't take anything from people inside. It is a limitation of your property law, sure. And if it harms you because you wanted to make a party on that lawn (or because the lawn is destroyed), you can seek damages - by negotiations or in court, not by taking what you feel should be yours.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 19th, 2011 @ 12:30pm

        Re: Re:

        You don't even make any sense. We're not taking physical objects. It's the same as the difference between copying and stealing. They're two mutually exclusive actions.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        ltlw0lf (profile), Apr 19th, 2011 @ 1:07pm

        Re: Re:

        If a plane makes an emergency landing on your lawn, it doesn't make the plane yours, you can't take any part of it, you can't take anything from people inside. It is a limitation of your property law, sure. And if it harms you because you wanted to make a party on that lawn (or because the lawn is destroyed), you can seek damages - by negotiations or in court, not by taking what you feel should be yours.

        Really, really flawed analogy...but your like 0 for 30 in the analogy department so far.

        If you and I share a fence, and I have a tree growing on my side which produces lemons. If my tree crosses over the shared fence into your yard, under most property laws, the tree may belong to me but the lemons on your side of the fence belong to you (as does the branches, so if you wanted, you could go and cut down the branches on your side of the fence if you wanted to.)

        Mine is an equally crappy analogy, because a wifi device is an access device, and theoretically I could press charges if you accessed my wifi router without my permission, but since I am broadcasting my traffic to you (like playing a radio in my house or standing nude in my front room,) it certainly shouldn't be illegal for you to sniff my traffic, listen to my radio, or accidentally see me standing nude in my front room.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Gwiz (profile), Apr 19th, 2011 @ 1:41pm

          Re: Re: Re:

          Mine is an equally crappy analogy, because a wifi device is an access device,.....

          Better analogy than some. :)

          That's kind of my take on this too. If you don't want me seeing your wifi signal - then keep it within your own property and away from my property and public places.

          (I did read about a "anti-wifi" paint awhile ago, kinda like a poor man's Faraday Cage)

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    MaxBen, Apr 19th, 2011 @ 9:42am

    Oh noe!

    What would be next if the judge happens to be not so savvy on the subject? Don't you think we'd all be in trouble for listening to radio, and even worse; recording 10-30 seconds of a song to identify it using our favorite app [insert app names]?

    I guess Internet wasn't built in 01 day and it hinges for it needs to be looked at every possible angle Information Systems has but essentially, it's a wave!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    RcCypher (profile), Apr 19th, 2011 @ 9:52am

    Wireless Security

    I have to admit that this seems pretty silly to me. If someone does not take the time to properly secure their wifi connection to provide needed security over their wireless networks, how can anyone be blamed for intercepting the traffic. This is the same as transmitting in clear text across any standard network connection. Would you send your credit card in clear text across the internet? I know I wouldn't, who knows who or what will intercept the traffic. Thus I fail to see how anyone can consider it illegal or for that matter even wiretapping (Especially given there is no wire, j/k).

    On a more serious note however, I think it very important to establish a precedent on this matter for the future. Having spent some time doing penetration testing of my own wireless networks and those of my friends (purely for fun and with their knowledge) I can say for certain that it doesn't matter what encryption you use, it can be broken, with ease, and rather quickly.

    For example, the AES256 bit block cypher used by WPA2 encryption with a 64bit key (this is mandated for banks nation wide) is heroically hard for any top of the line computer to crack at this point (the time necessary is calculated in years, even if that time is dropping drastically with GPGPU computing). However if you spend twice what you would on a top of the line system, and buy cheap parts, you can build yourself a small computing cluster. With 64 processors clocked at 1ghz (or less)and minimal RAM in the unit the ability to crack that password drops to hours. If you have a significant compute cluster with hundreds of cores or more running on fast CPU's you can take the time down to minutes (as in about 10 minutes).

    (don't forget to think about all the bot-nets out there, the kind of clusters I'm talking about are more centralized and in general more stable and reliable, however the bot-nets can be utilized in the same fashion with a little work)

    Now given what I have said it is important to think in terms of what equipment the government would have available if they chose to do wiretapping of this nature. They would have a rather good compute cluster that they can hook into from the field (no reason to carry the equipment with you after-all) and break into any wireless network in minutes.

    So my two cents.
    This is not a case of illegal wiretapping.
    However depending on the verdict and the phrasing of the judge during the ruling, this could create a dangerous precedent issues with what the gov't can legally get away with in the future.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Brendan (profile), Apr 19th, 2011 @ 9:53am

    Talking through megaphones

    Wouldn't this be logically equivalent to declaring it illegal to listen to a conversation between two parties shouting at each other across a field using megaphones/bullhorns?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      RcCypher (profile), Apr 19th, 2011 @ 10:01am

      Re: Talking through megaphones

      Nice way of putting it. I would agree, that is what this would be equivalent to.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 19th, 2011 @ 8:38pm

      Re: Talking through megaphones

      "Wouldn't this be logically equivalent to declaring it illegal to listen to a conversation between two parties shouting at each other across a field using megaphones/bullhorns?"

      I agree with you but it occurs to me that if those 2 people were singing a popular song, then the RIAA would probably declare it illegal and demand public performance fees.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    chuck, Apr 19th, 2011 @ 10:00am

    Hmmm

    Legal or not, it is kinda sneaky taking advantage of those not savvy enough to know better.
    Say you hitch up a PC for grandma so she and the grandkids can keep in touch via email. Grandma loves it, but becomes bedridden and so turns on this new fangled wifi so she can use her ipad (lol) from bed for the same purpose. Now grandma knows nothing about anything tech wise other than email.
    And someone comes by and steals grandmas cookies...Is that right?
    Point is not everyone knows enough to protect themselves.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 19th, 2011 @ 1:22pm

      Re: Hmmm

      it is kinda sneaky taking advantage of those not savvy enough to know better.

      WARNING! Flawed assumption alert!!

      Who took advantage of what?

      Google did nothing more (and nothing less) with the encrypted traffic they received, they used the SSIDs to help develop a geo-locating system. So far there has been no evidence that they did anything with the additional data at all.

      IF (and this is a big if) Google did something inappropriate with the data they collected you may be able to make some legal argument about privacy violations; however, if all they did was collect the data and then eventually destroy it, why would grandma's panties be all bunched up?

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    PrometheeFeu (profile), Apr 19th, 2011 @ 10:52am

    I think this is a little more complicated than you make it out to be Mike. Your privacy rights don't have much to do with whether you have protected your data but more about your reasonable expectations. Protecting your data just allows you to more easily prove your expectation of privacy. An uneducated computer user (most people) probably does not understand how their wifi works and they probably don't understand concepts such as packet-sniffing. Their assumption is most likely that their data will remain private unless some "hacker" "steals" it. So their expectation of privacy is not the same as if they were using a radio transmitter to broadcast their conversations over the FM band, or talking loudly in public. If I forget to turn on encryption, that does not mean I intend to share my emails with you.

    On the other hand, the mens rea of the listener should matter a lot too. In this case, Google did not intend to store that information and deleted it as soon as it found out. Their intention was obviously NOT to wiretap and therefore it makes sense for them to not be guilty of any offense. Had they intended to capture that information and use it, that would be a whole different ball of wax.

    The issue is not whether Google knew that what it was doing was legal or not. It is more whether Google knew what it was doing. And in this case, the evidence seems to be they didn't realize they were capturing private information.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      ltlw0lf (profile), Apr 19th, 2011 @ 3:38pm

      Re:

      Your privacy rights don't have much to do with whether you have protected your data but more about your reasonable expectations.

      Your privacy rights disappear when the signal enters the public domain. If you want it private, don't put it in the public domain.

      There should be no expectation of privacy for unencrypted wireless, or unencrypted radio, television, etc. If you don't want something shared, keep it private.

      An uneducated computer user (most people) probably does not understand how their wifi works and they probably don't understand concepts such as packet-sniffing.

      Every wifi device I've purchased in recent months have come with documentation warning the person using the device that they need to turn on encryption. If you are a moron in a hurry, you shouldn't have a computer, or a car, or a house, or anything else. The law should not protect the foolish (why, oh why, do we have to put warning labels on everything.)

      Plus, going wireless has inherent risks, regardless to whether you use encryption or not. As we say in EVE Online...you aren't completely safe anywhere in space...and this includes life in general. If you are broadcasting, you are transmitting your data to everyone around you, whether it is encrypted or not, and people may be able to discover what you are transmitting, whether or not the law is on your side. Build a faraday cage and condition all wires entering and leaving your site if you are worried about your data, or realize that you aren't safe, and do what you can to increase the difficulty/decrease the payoff of compromise.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 20th, 2011 @ 11:27am

        Re: Re:

        +1

        A law would just give people a false sense of security and further insulate them from taking the most basic responsibility, which in most cases means using the install disk to setup your wireless with encryption.

        I think a common misconception is that laws "stop people from committing illegal acts" when the reality is that laws only punish people after the act has been committed. If you have some horrible secret that you would never want revealed would you rather: A) have it kept secret via WiFi encryption OR B) have an opportunity to sue your neighbor after they packet sniffed your network and revealed your secret to everyone you know?

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Rekrul, Apr 19th, 2011 @ 11:39pm

    This reminds me of the 1980s and the big debate over whether it was legal to put up a satellite dish on your property and watch the completely unscrambled signals from HBO. HBO tried to argue that they owned the signals and that only authorized people were allowed to receive them.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Not an Electronic Rodent (profile), Apr 21st, 2011 @ 9:03am

    Another unintended consequence....

    .... of declaring wireless packet capture to be illegal:
    Even assuming you put in a provision for "accepted but thrown away" packets (it's a broadcast medium - your wireless card picks up EVERYTHING and *then* decides what was aimed at it) as someone else pointed out, you'd pretty much stuff a large chunk of wireless security on the corporate side.
    Most decent wireless solutions do IPS/IDS and analyse detected "rogue" access points and signals for intrusion attempts. Declare interception illegal and you've just reduced the security of every major corporate wireless network and rendered them unsafe to use. Last major system I saw in a business in a residential area was tracking and monitoring (and whitelisting/blacklisting as necessary) over 100 extraneous access points and often the clients of them. That's a whole lot of counts of a criminal charge and/or a lot of lawsuits just for keeping your data safe.....

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This