At 6:35 AM -0400 6/27/02, Evans, TJ wrote: >I am not, by any stretch of the imagination, a lawyer ... however my >understanding of the current interpretation of the laws applicable to >WarDriving are that if the owner/operator does not make atleast some minimal >effort to secure the transmissions then it is considered 'for public use'. >So if the WAP is happily broadcasting it's SSID and no encryption is enabled >... OTOH, if you capture packets, crack a wep key and spoof a MAC you are >putting forth effort to get into somewhere that has the proverbial "No >Entry" sign. > >Similar to how, currently, a basic port scan against someone's machine is >not illegal. It may violate your acceptable-use/subscription >agreement/whatever and you may get a slap on the wrist or a nasty-gram from >the lucky recipient, but AFAIK that is about as far as it goes ... until you >actually attempt to launch an exploit against those services/ports.
The difference here is that the first case uses electromagnetic spectrum and the second doesn't. Electromagnetic spectrum use is more regulated. Let's put it this way--people have been successfully prosecuted for disclosing the content of unencrypted cellular or other radio communications. Now, if you didn't disclose the information, or use it to penetrate, you probably would be OK. That's the basis of the legality of such things as short wave listening. It's specifically illegal to disclose it to a third party. The lawyers could have fun arguing whether you are the third party disclosing to one of the parties to the communication. Actually, if a broadcaster wants to be public access, they generally must positively register as such with the FCC. A public broadcaster actually has more regulatory requirements, such as outage reporting. There may also be issues of ownership and monopoly within a given market area. > > >... back to wardriving ... >"Simple Bandwidth Leeching" is about all you could do without crossing any >really bad lines, and even that is questionable - bandwidth is a company >resource that they must provision, pay for, etc. and you are depriving them >of the use of it. > >Obviously, if you do any of this and then proceed maliciously into their >network, or pose as a member of that firm, etc. you are _at_that_point_ >definitively violating the law and deserve whatever befalls you ;) > > >Again - that is my understanding of the current >laws/policies/interpretations. Corrections always accepted ... >Thanks! >TJ > > >-----Original Message----- >From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, June 26, 2002 4:02 PM >To: [EMAIL PROTECTED] >Subject: RE: Rogue Wireless LANs [7:47287] > >At 2:26 PM -0400 6/26/02, Dan Penn wrote: >>I think the take the company would take on it would depend highly on how >>worried they are about security. If they have a well written security >>policy I think you would be in for some arguments from their legal >>department. On the other hand what if it's a company that doesn't even >>know that employee Joe Schmoe has installed a WAP under his desk running >>802.11 unsecured to world...I think in that situation they might be >>interested to hear what you have to say. >> >>Over all this whole deal is very cloudy to say the least. What legal >>rights does a company have if they are broadcasting wireless >>unsecured...it is like throwing money into the air then trying to arrest >>someone if they take it. > >No, there really are very specific rules for electromagnetic >emissions, beginning with the (US) Communications Act of 1934. >Essentially, it says that any signals not explicitly meant for public >broadcast may be intercepted, but that disclosure of the content to >third parties is illegal. > >This is enforced by the Federal Communications Commission, which is >the US agency that regulates, among other things, the use of spectrum >space, and the licensing (when required) of parts of the spectrum. > >There certainly are blurred areas, such as disclosing statistical >aggregates that do not reveal content, or intercepting communications >by other than the primary signal (i.e., eavesdropping through >incidental radiation, power line coupling, etc.). > >In general, though, the law is much more clear about hacking >involving the electromagnetic spectrum in free space than it is on >entering computers. > >>It's an old well known fact you don't say >>"welcome" in your motd banner because you "welcomed" the intruder in. >>You could say, you didn't know that you were unauthorized because you >>could connect to it from somewhere not on their property and you were >>never warned that you were unauthorized. I'm not saying you would win >>the legal battle...but there would most likely be a legal battle over >>it. >> >>I am interested to know the outcome if anybody does actually try this >>and approaches the company about it. >> >>Dan >> >>-----Original Message----- >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of >>Ken Diliberto >>Sent: Wednesday, June 26, 2002 11:04 AM >>To: [EMAIL PROTECTED] >>Subject: Re: Rogue Wireless LANs [7:47287] >> >>Agreed. This could be a big legal trap. >> >>If you use something like Network Stumbler, you're not actually using >>their network. You're just seeing the broadcasts from it. Maybe that >>would be a good approach. >> >>Ken >> >>>>> "Thomas E. Lawrence" 06/25/02 11:09AM >>> >>I realize you are speaking in jest, but for those who might consider >>this >>approach as a means of drumming up business, you may want to give some >>thought. >> >>Connecting to a network to which you have no reason nor any right to >>connect >>can be considered hacking, and you could be subject to prosecution, >>ironically by an organization that is asking for trouble anyway.Just >>because >>I don't have locks on my doors does not mean it's ok for you to walk >>into my >>home any time you please. >> >>Please be careful how you approach a company when you have discovered >>by >>accident a particularly egregious vulnerability. >> > >Tom Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47574&t=47287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
