At 2:26 PM -0400 6/26/02, Dan Penn wrote: >I think the take the company would take on it would depend highly on how >worried they are about security. If they have a well written security >policy I think you would be in for some arguments from their legal >department. On the other hand what if it's a company that doesn't even >know that employee Joe Schmoe has installed a WAP under his desk running >802.11 unsecured to world...I think in that situation they might be >interested to hear what you have to say. > >Over all this whole deal is very cloudy to say the least. What legal >rights does a company have if they are broadcasting wireless >unsecured...it is like throwing money into the air then trying to arrest >someone if they take it.
No, there really are very specific rules for electromagnetic emissions, beginning with the (US) Communications Act of 1934. Essentially, it says that any signals not explicitly meant for public broadcast may be intercepted, but that disclosure of the content to third parties is illegal. This is enforced by the Federal Communications Commission, which is the US agency that regulates, among other things, the use of spectrum space, and the licensing (when required) of parts of the spectrum. There certainly are blurred areas, such as disclosing statistical aggregates that do not reveal content, or intercepting communications by other than the primary signal (i.e., eavesdropping through incidental radiation, power line coupling, etc.). In general, though, the law is much more clear about hacking involving the electromagnetic spectrum in free space than it is on entering computers. >It's an old well known fact you don't say >"welcome" in your motd banner because you "welcomed" the intruder in. >You could say, you didn't know that you were unauthorized because you >could connect to it from somewhere not on their property and you were >never warned that you were unauthorized. I'm not saying you would win >the legal battle...but there would most likely be a legal battle over >it. > >I am interested to know the outcome if anybody does actually try this >and approaches the company about it. > >Dan > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of >Ken Diliberto >Sent: Wednesday, June 26, 2002 11:04 AM >To: [EMAIL PROTECTED] >Subject: Re: Rogue Wireless LANs [7:47287] > >Agreed. This could be a big legal trap. > >If you use something like Network Stumbler, you're not actually using >their network. You're just seeing the broadcasts from it. Maybe that >would be a good approach. > >Ken > >>>> "Thomas E. Lawrence" 06/25/02 11:09AM >>> >I realize you are speaking in jest, but for those who might consider >this >approach as a means of drumming up business, you may want to give some >thought. > >Connecting to a network to which you have no reason nor any right to >connect >can be considered hacking, and you could be subject to prosecution, >ironically by an organization that is asking for trouble anyway.Just >because >I don't have locks on my doors does not mean it's ok for you to walk >into my >home any time you please. > >Please be careful how you approach a company when you have discovered >by >accident a particularly egregious vulnerability. > >Tom > >[snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47510&t=47287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
