funsec mailing list archives
Re: Borrow a neighbor's WiFi connection and go to jail?
From: "S.f.Stover" <sam.stover () gmail com>
Date: Wed, 08 Mar 2006 22:48:04 -0500
Gary Funck wrote:
S.f.Stover wrote:Saying WEP is useless is inaccurate. It might not stop people from sniffing/decrypting/reading your traffic, but it makes it very clear that it's illegal. I'm still a bit fuzzy on whether or not sniffing non-WEPed traffic is illegal, but sniffing and decrypting WEP definitely is. Well, in Idaho anyway. ;-)When you say "it's illegal" to sniff decrypted packets,
Actually, I didn't mean sniffing decrypted packets, I meant: 1. sniffing packets 2. decrypting them (after cracking the key, of course) 3. looking at them
we need to define *it*.
"It" in the discussion I referenced (i.e. not this thread) pertained strictly to wardriving per se. Not cracking a key for stealing/borrowing/whatever bandwidth. I should have been more clear about that - sorry. Since there were legal folks and technical folks involved in that discussion (and in one case a legal and technical folk), and we had the statutes printed out in front of us, I'm pretty confident that what I meant to say was accurate (not that what I meant to say was actually what I said, but I tried). Moving away from that confidence level, I would still be tempted to GUESS that cracking a WEP key for pain, pleasure, or basic research is still considered illegal (in Idaho). The statute we were hinging on went something like this: Any person who knowingly and without authorization alters, damages, or destroys any computer, computer system, or computer network described in section 18-2201, Idaho Code, or any computer software, program, documentation, or data contained in such a computer, computer system, or computer network commits computer crime.
From which, we distilled the following point:
Any person who knowingly and without authorization alters... data contained in a... computer network commits computer crime. My understanding is that from a legal perspective, cracking WEP is considered altering the data. Maybe that's not how it would be interpreted - I could be barking wrong. But I don't think so.
For example, what if I don't snoop packets, could care less about them, and all I want is access to the wireless internet connection? Is it a worse offense that I decrypt for the purpose of poaching your broadband connection than if you just left it open?
I'm going on a limb here and IANAL, but I believe that cracking the WEP key would still qualify as "altering the data". Moreover, there's another statute, which reads something like this: Any person who knowingly accesses, attempts to access or uses, or attempts to use any computer, computer system, computer network, or any part thereof for the purpose of: devising or executing any scheme or artifice to defraud; obtaining money, property, or services by means of false or fraudulent pretenses, representations, or promises; or committing theft; commits computer crime. Again, our discussion at the time was really based more on wardriving (passive sniffing), but this statute clearly speaks to accessing a network. Sure, you could say that you weren't devising or executing a scheme, but if you haven't lawyered up, you'd be going against something like this: Any person who knowingly accesses, attempts to access or uses, or attempts to use any... computer network... for the purpose of... obtaining services by means of false or fraudulent pretenses... commits computer crime. In which case I would say that cracking WEP probably puts you in the "false or fraudulent pretenses" category. Again, I could be wrong, but I certainly wouldn't want to go up against this statute. YMMV. Keep in mind though, that both statutes I quoted were considered felonies if found to be violated.
Let's say that I come by your house every day, and use your garden faucet to wash my car while you're away at work. Can I say that it was okay because you didn't put a lock on the faucet?
Now that I've actually laid out the statutes, you can clearly see that we are talking about computer crime, not faucet crime. As tempting as these analogies tend to be (and believe me, I love analogies), they just don't work for me when it comes down to interpreting legalese. A house is not a computer, a port is not a door, and a WEP key is not a faucet. Well, OK, these kinds of analogies work great when you are teaching computers 101 to a novice. But not when debating a point. Not trying to be a dick (honest) - just trying to clarify my position. -- S.f.Stover http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5C4DAB68 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Borrow a neighbor's WiFi connection and go to jail? Richard M. Smith (Mar 08)
- Re: Borrow a neighbor's WiFi connection and go to jail? Blue Boar (Mar 08)
- RE: Borrow a neighbor's WiFi connection and go to jail? Gary Funck (Mar 08)
- Re: Borrow a neighbor's WiFi connection and go to jail? coderman (Mar 08)
- RE: Borrow a neighbor's WiFi connection and go to jail? Gary Funck (Mar 08)
- Re: Borrow a neighbor's WiFi connection and go to jail? coderman (Mar 08)
- Re: Borrow a neighbor's WiFi connection and go to jail? S.f.Stover (Mar 08)
- RE: Borrow a neighbor's WiFi connection and go to jail? Gary Funck (Mar 08)
- Re: Borrow a neighbor's WiFi connection and go to jail? S.f.Stover (Mar 08)
- Re: Borrow a neighbor's WiFi connection and go to jail? Blue Boar (Mar 09)
- Re: Borrow a neighbor's WiFi connection and go to jail? coderman (Mar 08)
- RE: Borrow a neighbor's WiFi connection and go to jail? Gary Funck (Mar 08)
- Re: Borrow a neighbor's WiFi connection and go to jail? Blue Boar (Mar 08)
- <Possible follow-ups>
- RE: Borrow a neighbor's WiFi connection and go to jail? Richards, Jim (Mar 08)
- Re: Borrow a neighbor's WiFi connection and go to jail? Don Kennedy (Mar 08)
- Re: Re: Borrow a neighbor's WiFi connection and go to jail? coderman (Mar 08)