lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 09 Sep 2014 10:36:59 -0700
From: Eric Rand <eric.rand@...wnhatsecurity.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Public WiFi Pcaps

If you're interesting in ensuring that you do so with appropriate
legality, then your best avenue would be to get the permission of the
WAP owner--tell them that you're doing research on wifi, that you wanted
to get their permission before doing so, and that you're sensitive to
privacy etc.

You're going to get a lot of "no" answers.

Proper social engineering/salesmanship will mitigate some of these if
you present it as something of value to the WAP owner--"free site survey
to help you increase your security" (provided you follow through with at
least some documentation derived from your pcaps) or "it's for a study"
might get you some better responses.

But yeah--get (written!) permission from the WAP owner and you're likely
to be entirely in the clear.

N.b. I am not a lawyer; this isn't legal advice; this is just a
practical interpretation from my individual perspective. Your mileage
may vary; void where prohibited.

--ER

On 09/08/2014 09:37 AM, Bryan Bickford wrote:
> Greetings,
> 
> I am starting some wifi research and had questions about the legality of
> listening to unencrypted, public wifi data and publishing subsequent
> research.
> 
> From what I understand, the wiretap act prohibits listening to
> communications that were not configured to be readily accessible to the
> general public. Specifically:
> 
> ...permits "any person" to intercept an electronic communication made
> through a system "that is configured so that . . . [the] communication is
> readily accessible to the general public."
> 
> I have seen debates about whether an unencrypted access point (e.g.
> starbucks) qualifies under this exception. Is there any concrete legal
> precedent that defines this either way?
> 
> The only one I can think of is the google street view case, and they lost.
> http://epic.org/privacy/streetview/
> 
> From a technical viewpoint, you are just reading unencrypted radio waves. I
> see no technical reason that it's any different than listening to an FM
> radio station.
> 
> Anyone else have more insight/experience?
> 
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
> 

-- 
Talk to me securely: https://emailselfdefense.fsf.org/en/
View my public signature: https://keybase.io/munin
EBCF7076FE79669584934664B7A07729C6AA699A

Download attachment "0xC6AA699A.asc" of type "application/pgp-keys" (3925 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ