[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 09 Sep 2014 10:36:59 -0700
From: Eric Rand <eric.rand@...wnhatsecurity.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Public WiFi Pcaps
If you're interesting in ensuring that you do so with appropriate
legality, then your best avenue would be to get the permission of the
WAP owner--tell them that you're doing research on wifi, that you wanted
to get their permission before doing so, and that you're sensitive to
privacy etc.
You're going to get a lot of "no" answers.
Proper social engineering/salesmanship will mitigate some of these if
you present it as something of value to the WAP owner--"free site survey
to help you increase your security" (provided you follow through with at
least some documentation derived from your pcaps) or "it's for a study"
might get you some better responses.
But yeah--get (written!) permission from the WAP owner and you're likely
to be entirely in the clear.
N.b. I am not a lawyer; this isn't legal advice; this is just a
practical interpretation from my individual perspective. Your mileage
may vary; void where prohibited.
--ER
On 09/08/2014 09:37 AM, Bryan Bickford wrote:
> Greetings,
>
> I am starting some wifi research and had questions about the legality of
> listening to unencrypted, public wifi data and publishing subsequent
> research.
>
> From what I understand, the wiretap act prohibits listening to
> communications that were not configured to be readily accessible to the
> general public. Specifically:
>
> ...permits "any person" to intercept an electronic communication made
> through a system "that is configured so that . . . [the] communication is
> readily accessible to the general public."
>
> I have seen debates about whether an unencrypted access point (e.g.
> starbucks) qualifies under this exception. Is there any concrete legal
> precedent that defines this either way?
>
> The only one I can think of is the google street view case, and they lost.
> http://epic.org/privacy/streetview/
>
> From a technical viewpoint, you are just reading unencrypted radio waves. I
> see no technical reason that it's any different than listening to an FM
> radio station.
>
> Anyone else have more insight/experience?
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>
--
Talk to me securely: https://emailselfdefense.fsf.org/en/
View my public signature: https://keybase.io/munin
EBCF7076FE79669584934664B7A07729C6AA699A
Download attachment "0xC6AA699A.asc" of type "application/pgp-keys" (3925 bytes)
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists