I am not, by any stretch of the imagination, a lawyer ... however my understanding of the current interpretation of the laws applicable to WarDriving are that if the owner/operator does not make atleast some minimal effort to secure the transmissions then it is considered 'for public use'. So if the WAP is happily broadcasting it's SSID and no encryption is enabled ... OTOH, if you capture packets, crack a wep key and spoof a MAC you are putting forth effort to get into somewhere that has the proverbial "No Entry" sign.
Similar to how, currently, a basic port scan against someone's machine is not illegal. It may violate your acceptable-use/subscription agreement/whatever and you may get a slap on the wrist or a nasty-gram from the lucky recipient, but AFAIK that is about as far as it goes ... until you actually attempt to launch an exploit against those services/ports. ... back to wardriving ... "Simple Bandwidth Leeching" is about all you could do without crossing any really bad lines, and even that is questionable - bandwidth is a company resource that they must provision, pay for, etc. and you are depriving them of the use of it. Obviously, if you do any of this and then proceed maliciously into their network, or pose as a member of that firm, etc. you are _at_that_point_ definitively violating the law and deserve whatever befalls you ;) Again - that is my understanding of the current laws/policies/interpretations. Corrections always accepted ... Thanks! TJ -----Original Message----- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 4:02 PM To: [EMAIL PROTECTED] Subject: RE: Rogue Wireless LANs [7:47287] At 2:26 PM -0400 6/26/02, Dan Penn wrote: >I think the take the company would take on it would depend highly on how >worried they are about security. If they have a well written security >policy I think you would be in for some arguments from their legal >department. On the other hand what if it's a company that doesn't even >know that employee Joe Schmoe has installed a WAP under his desk running >802.11 unsecured to world...I think in that situation they might be >interested to hear what you have to say. > >Over all this whole deal is very cloudy to say the least. What legal >rights does a company have if they are broadcasting wireless >unsecured...it is like throwing money into the air then trying to arrest >someone if they take it. No, there really are very specific rules for electromagnetic emissions, beginning with the (US) Communications Act of 1934. Essentially, it says that any signals not explicitly meant for public broadcast may be intercepted, but that disclosure of the content to third parties is illegal. This is enforced by the Federal Communications Commission, which is the US agency that regulates, among other things, the use of spectrum space, and the licensing (when required) of parts of the spectrum. There certainly are blurred areas, such as disclosing statistical aggregates that do not reveal content, or intercepting communications by other than the primary signal (i.e., eavesdropping through incidental radiation, power line coupling, etc.). In general, though, the law is much more clear about hacking involving the electromagnetic spectrum in free space than it is on entering computers. >It's an old well known fact you don't say >"welcome" in your motd banner because you "welcomed" the intruder in. >You could say, you didn't know that you were unauthorized because you >could connect to it from somewhere not on their property and you were >never warned that you were unauthorized. I'm not saying you would win >the legal battle...but there would most likely be a legal battle over >it. > >I am interested to know the outcome if anybody does actually try this >and approaches the company about it. > >Dan > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of >Ken Diliberto >Sent: Wednesday, June 26, 2002 11:04 AM >To: [EMAIL PROTECTED] >Subject: Re: Rogue Wireless LANs [7:47287] > >Agreed. This could be a big legal trap. > >If you use something like Network Stumbler, you're not actually using >their network. You're just seeing the broadcasts from it. Maybe that >would be a good approach. > >Ken > >>>> "Thomas E. Lawrence" 06/25/02 11:09AM >>> >I realize you are speaking in jest, but for those who might consider >this >approach as a means of drumming up business, you may want to give some >thought. > >Connecting to a network to which you have no reason nor any right to >connect >can be considered hacking, and you could be subject to prosecution, >ironically by an organization that is asking for trouble anyway.Just >because >I don't have locks on my doors does not mean it's ok for you to walk >into my >home any time you please. > >Please be careful how you approach a company when you have discovered >by >accident a particularly egregious vulnerability. > >Tom > >[snip] ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47547&t=47287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
