Your comment made me realize why my comment was wrong: the issue isn't listening in, the issue is recording. Recording someone else's conversation without the permission of a participant is illegal in most states.
I think that it is legal to record someone else's conversation without permission if it is in public, since there is no expectation of privacy in a public place.
But there is in this case, you have to take extraordinary steps and specifically ask your network card to enter a special mode to start recording these conversations.
They aren't public at all as there is an expectation at the protocol level that you ignore the message that aren't intended for you. And they're explicitly flagged that they're not for you.
You're opening mail addressed to someone else and you know you're doing it. It's not legal to start opening other people's mail because it's lying in the same hallway as yours. This is exactly the same thing.
This judge just doesn't understand that. The legal expert is right, the judge will end up with egg on his face.
Why they don't just do a bit of street theatre like 'Here is a letter addressed to the judge. Because of the way the postal system works I got it as well. I am now opening it and reading it. Is this ok? No. Of course not. It's not for me. This is exactly what they deliberately did but it's just digital.'
We don't have a blanket law against reading other people's messages. The law on intercepting postal mail sent through the postal service does not apply to internet packets in radio transmissions. The judge can't extract the intent of that law and apply it to a different domain. If that was how our legal system worked, you could be stripped of your drivers license for playing a racing video game in your living room while drunk.
You have an argument for why intercepting others' wifi messages might be unethical, but not why it's illegal.
You're opening mail addressed to someone else and you know you're doing it. It's not legal to start opening other people's mail because it's lying in the same hallway as yours. This is exactly the same thing.
No it isn't, because the mail is in a closed envelope whereas unencrypted activity over wifi is equivalent to a public conversation that can easily be overheard. The steps required to sniff open traffic are hardly extraordinary.
Why they don't just do a bit of street theatre like 'Here is a letter addressed to the judge. Because of the way the postal system works I got it as well. I am now opening it and reading it. Is this ok? No. Of course not. It's not for me. This is exactly what they deliberately did but it's just digital.'
Well, no. If traffic is not encrypted then it is public in the same manner as a postcard. It's illegal to open people's mail, but you can't practically prevent people reading what's written on a postcard.
> The steps required to sniff open traffic are hardly extraordinary.
Neither is the step required to open the envelope.
Judge's reasoning is that it is quite easy to obtain tools to sniff the packet, and that those tools are sold to the public for very low price. I can present you with readily available envelope opening tool that costs less than a dollar.
You missed the point. The grandparent argued that sniffing traffic required the listener to undertake extraordinary measures to engage in such activity.
but a sealed letter has the expectaion of privacy that only the addressee will open it
postcards and unencrypted radio transmissions (like say 2.4 ghz or 900 mhz cordless phones, and fm & am radio) do not carry such an expectation, so it is not illegal to snoop such traffic (this is one of the reasons why cable and satellite tv is encrypted (ie scrambled); were it not encrypted in some fashion, it would be legal to set up your own equipment to capture the stream and do what yoou what with it like you do with fm and am radio).
encrypting the data, like putting something in a sealed, addressed envelope, lets everyone know that the data is not intended for anyone to read and creates an expectation of privacy. the ease of decrypting data is not really relevant (eg breaking a wep protected connection carries the same legal penalties as breaking a wpa2 protected connection) because the basis for the law against reading others' mail is the violation of a privacy that the victim took steps to create (eg its almost certainly legal to read others' postcards and definitely legal to read the outside of the envelope because no steps are taken to prevent anyone other than the intended recipient from reading the message).
you could argue that there is also an expectation of privacy inherent in the relevant link (for wifi and ethernet) layers of the networking stack since the standards call for ignoring all frames not addressed to you (a host on the network), but this argument is severely weakened by the fact that frames are sent to every host connected to the network and that determining whether you should be reading a given frame requires you to read the frame (and not just part of it, because FCS is over the whole frame, not just the header) anyway. These two facts make it much more comparable to a conversation in a public space, which carries no expectation of privacy and thusly no law against eavesdropping.
> postcards and unencrypted radio transmissions (like say 2.4 ghz or 900 mhz cordless phones, and fm & am radio) do not carry such an expectation, so it is not illegal to snoop such traffic
As to cell phone transmissions, yes, it is illegal to eavesdrop on them. This was true before they were digital -- when anyone with a suitable receiver could tune them in. It's just as illegal now, as well as being more difficult to eavesdrop because the entire system is now digital.
yes, but a major part of the reason that it is illegal to eavesdrop on them is because they are encrypted.
Generally speaking, it is not illegal to eavesdrop on unencrypted radio transmissions, but it is illegal to eavesdrop on any encrypted radio transmission (regardless of how effective the encryption is). This is because the people who crafted the law thought that an encrypted datastream was enough of a warning to potential eavesdroppers that the datastream is intended to be private. The crime isn't breaking the encryption, but violating a reasonable assumption of privacy.
The examples I cited all broadcast unencrypted datastreams, which is why it's legal to tune into them regardless of whether you are the intended recipient.
Exactly. Even in the "one-party" consent states (which is most of them), where a conversation, phone or otherwise, can be recorded if only one of the participants is aware of the recording, it's illegal almost everywhere to record a conversation you're not a party to.
It is legal, though I can only speak to US law. Its just that the police can take it as evidence, and that makes the task of making it 'disappear' pretty simple. Some jurisdictions also require the officer to be made aware of the recording as it goes on.
The policeman is likely to be saying something. And his focus is on the victim, and therefore unaware of the recording. So do we still think that should be illegal to record?
What the people nearby are saying is incidental to the thing you're actually recording, though. It's the same thing as, or very similar to taking a video while you're on vacation: the police aren't going to bust down your door and haul you away because your camcorder's mic happened to pick up a conversation between the people standing three feet away from you. When you break out a parabolic mic and start recording conversations from 30 meters away — without the knowledge or consent of the people having that conversation — however, you're doing something that's at best creepy, and probably also illegal.
EDIT: It would also probably be illegal to, in the course of taking your vacation video of whales breaching or whatever, instead start specifically recording a conversation happening nearby. IANAL, but I think the distinction has more to do with what you intend to record than what you happen to record. You don't have a "reasonable expectation of privacy" in public, but you do have a "reasonable expectation" of not being deliberately and specifically recorded by some random creeper while out in public.
EDIT 2: Further, with as often as it happens, and pursuant to the DoJ's own statements on the subject, the police don't have a "reasonable expectation" of not being recorded when they're going about their jobs — particularly when, in the course of executing said job, they end up beating someone into unconsciousness...
Personally, I feel such matters are resolved by the simple rule that things happening in public spaces are public, and things happening in private spaces are private. One can argue about public vs private spaces, but it removes intent and expectations from the equation.
Are you outside your house? If yes, expect to have all your actions recorded and available to be streamed on the internet.
If you're shouting your password at your roommate loudly, and a neighbor overhears it, then how is that really snooping? Once the extremely loud signal leaves your property, I'm not sure you can be responsible for that data. It doesn't take any sort of high-end equipment to intercept this data, it's being thrown at us constantly.
What really is the difference between a FLIR gun and a wifi card in promiscuous mode?
Both do nothing more than pick up non-visible light and are widely available, but both are still magic to the layman. Hell, a FLIR gun is even easier to use, you just point it like any other camera. Is the important difference to you really price?
Yes, unprotected wifi can be trivially snooped. But that is now what people expect.
The difference is that radio communication is well defined in the US code, as are the conditions that exempt the interception of radio communications from being prohibited.
FLIR guns do not fall under these definitions and so are covered by different codes.
What really is the difference between a FLIR gun and a wifi card in promiscuous mode?
Both do nothing more than pick up non-visible light and are widely available, but both are still magic to the layman.
If the layman is competent to setup a WAP then it's not exactly magic. I have unpleasant memories of doing so from the Unix command line back int he bad old days, but the average person using a consumer operating system will be asked by a friendly wizard whether they with their WAP to be public or private. This isn't difficult, and the public signal can be intercepted with the same sort of technology that is used to broadcast it in the first place.
A FLIR gun, on the other hand, provides the user with a superior sensing ability to that of the subject, who is unable to estimate the IR signature of anything or anyone except by touch or close approach.
What really is the difference between a FLIR gun and a wifi card in promiscuous mode?
The person that claims a right to privacy needs to take reasonable steps. Behind a solid wall, is a reasonable step to take. As is building a wall. Failing to secure your network, that you set up to "broadcast" in open mode, is arguably different.
To you or I, yes; securing your wireless network is obvious.
Can you really say that about the general population? Certainly there is a non-trivial portion of that population, if not a majority, that lacks an understanding of the mechanics behind how wifi works. Even more technically inclined users may reasonably be under the impression that MAC filtering, hidden SSIDs, or WEP provide privacy. Why should any of these people be any less deserving of privacy than the rest of us?
Knowledge of the basic properties of visible light is built into most of us. The laws were written with that in mind. However you cannot say the same about wifi.
I'm not disagreeing at at all your point. Only noting that the general rights to privacy are (for good or bad) hinging on 'reasonable' expectations. If the public and the police are not in a 'fair fight' so to speak, this is a problem and should be taken up. We just need to frame the problem. Properly though, so it makes sense.
Right now, it does seem pretty unreasonable to expect citizens to line their house with lead shielding, for example, to keep from being visually intruded upon. Because the cost and complexity, if nothing else.
The wi-fi example is more tricky, because of a couple areas. You are technically using unlicensed public spectrum in 2.5ghz. You can secure it (somewhat) with simple, lo-cost steps, etc. Its broadcasting signal beyond your propert lines, etc.
Now, what about 3G datacard? Thats protected because not only is it encrypted but its a 1 to 1 telco connect which requies a warrant. 1 to 1 calls are not exempt from warrant requirements. are on private spectrum. and because 1 to 1 their is no broadcast element. etc. Even though this too is lookingh alot like wi-fi in a diagram (radio, spectrum, mobile etc)
So, these are some things in the context that are relevant. Generally, if the authorities have 007 technology that we cannot see, hear, smell, detect or ever reasonably avoid, then we have a major problem. This is one reason we need transparency (no pun intended).
Will be of interest to see when that lines are crossed.
it wasn't illegal to listen in on other people's cordless phone calls since they were broadcasting unencrypted in the 900MHz and 2.4GHz parts of the spectrum.
I am not so much concerned with the state of the law as I am with what we, the technically inclined members of society, think of these people's right to privacy. We cannot allow ourselves to abuse our position and justify preying on those who are less skilled.
Claims from within our community that "Privacy is dead." concern me more than any warrantless wiretapping the FBI may be enjoying. It confuses the ability to secure your own privacy with the right to enjoy it. I expect law enforcement to live by the letter of the law, but I expect better of us. I expect ethical behaviour, not just merely legal behaviour. We innovate too quickly for the law to keep up with us.
Claims from within our community that "Privacy is dead." concern me more than any warrantless wiretapping the FBI may be enjoying.
-- This is an important point, because the notion of "reasonable" will ultimately be a relative point. so, in this case "a sinking tide sinks all ships" (to bastardize an old phrase). This is arguably a 21stC disease.
But, If you have school debts to pay, those facy granite countertops, or a promotion on the line, etc people will revert to: "I'm smarter than XYZ, I deserve PQR, all these other people are [naive, dumb, suckers]...etc. So I'll do [whatever morally grey area thing] will be [instrumentally useful].
So, at the end of the day, root cause is (1) greed; and (2) entitlement. You could also throw in (3) moral haze. But in my experience, (3) often is a byproduct of (1) and (2) coming into conflict. There is also likely a component which is just "lack of imagination" in the pre-9/11 sense. You just won't believe tha people will do certain types of things, until its too late. Confronting the problems is too disruptive, etc.
Except this isn't a house, this is wifi. Driving around picking up wifi signals from public networks through automated systems is very different. I've seen nothing but crappy analogies since this whole thing started.
Picking up wifi signals is one thing, but I was under the impression that they were locating, connecting and looking at data on these networks.
>Legal scholar Orin Kerr disagrees with Judge Holderman's reasoning. "No one suggests that unsecured wireless networks are set up with the goal that everyone on the network would be free to read the private communications of others," he wrote. "In my view, that ends the matter: the exception doesn’t apply, and the interception of the contents of wireless communications is covered by the Wiretap Act."
And I don't see how automating the process makes it any better. You're still accessing someone's private (albeit unsecured) network.
However, I take my analogy back if this doesn't include actual analyzing of data packets within the unsecured network.
"You're still accessing someone's private (albeit unsecured) network."
I guess that's the whole issue right there - Is something that is being broadcast, possibly 40m outside my house, still private? At what point does a signal become so large that it defaults to a public broadcast? To me it makes sense that if I access your wifi, but can only get that signal by standing in your house, by all reasoning that is a private network. However if I can stand on a street corner and still access your signal, it's public. Of course I guess with strong enough hardware you could access both regardless, so I really don't know.
I believe there was a court case that cleared up the ambiguity in the case of telephoto lenses, which I think could be mapped to this case quite nicely. But for the life of me I can't remember the name of it or find it on google.
"No one suggests that unsecured wireless networks are set up with the goal that everyone on the network would be free to read the private communications of others,"
Talk about begging the question. Kerr often makes that kind of argument, and it's a crappy one. I assume at least some unsecured networks are set up with exactly that goal, and that one has no expectation of privacy for the communications one conducts across such a channel.
Its certainly a sticky subject; but suppose the following situation exists:
You are a student at a university somewhere in the United States. You live at said University. You have the right to use internet there, but it only available through unsecured wireless. Would it be ethical for someone/some company to packet sniff the wireless traffic, without your consent (or knowledge)? Would it be ethical for the University to packet sniff the wireless traffic without your consent (or knowledge)?
Even assuming its unethical though, given the current ruling both situations would still be legal. How do you feel about the above?
Hasn't receiving radio signals sent "in the clear" always been legal? That confused me with the Google case too. There are exceptions, particularly surrounding cars (radar detectors, police scanners are both illegal in cars in some states)
[edit] The issue isn't receiving, it's recording, duh!
It's a radio signal. It's broadcast and if you are in range, you can tune in and listen. There's no possible way this can be construed as "wiretapping".
If you are in line with a telephone microwave tower and have the appropriate radio, you are able to tune in and listening. That does not make it not wiretapping.
It's illegal either way. But to answer your question: GSM and CDMA have weak encryption. GSM at least has optional encryption, and your phone won't tell you if it's being sent in the clear.
It's actually not (edit: it actually is illegal either way for cell signals in particular, see below), according to federal code. We'll have to dig up some old cordless phone interception cases, but if you weren't trying to defraud the intercepted line (like racking up a bill), you're more or less in the clear.
California and other states had stricter laws about telephone conversations in particular, but as others have noted: when laws are particular about their domain, that almost always means they are not applicable by analogy elsewhere.
Edit: ah, someone in the Ars comments brought up a good point: cell phone frequencies are specially regulated and auctioned by the FCC, and intercepting them is indeed prohibited (by my reading at least). Since your connection to your cordless phone base station is itself not a common carrier, though, it is considered publicly accessible (by federal code), and so it is not illegal to intercept it (when it's not encrypted).
Several years ago, I cloned the ESN of my phone to another phone of the same model (Samsung SCH-A680? on Sprint). When I tried turning them both on (next to one another) and calling them, they'd both ring, and answering both would result in hearing the audio in both ears for a short time (presumably until something got out of sync). If there is some token "encryption", it certainly isn't up to modern standards.
