Re: Wireless Legality- Netstumbler and kin

["Bill Pennington" <billp () boarder org>]

First off I am not a lawyer :-)

With Netstumbler it is a little fuzzy for the following reasons:

1. For Netstumbler to detect the WLAN in question the WLAN must be
configured in "open" mode. So the WLAN (Access Point more specifically) must
respond to 802.11b probe packets with a packet that says, hey I am here and
available.

2. Netstumbler, in particular, and detecting WLANS, in general, have
legitimate uses such as detecting WLANS that are "public". Public being
intentionally open for anyone to use them, like mine is currently. The only
way to detect these open public access points is to sumble upon them
generally.

3. If an access point is spewing out beacon frames, basically broadcasting
"I am here" how can I determine that they are not intended for me?

4. From a security consults role it gets even trickier. If I am hired by
company A to perform a wireless assessment and I see traffic from Company B
while performing that assessment have I then violated ECPA?

No things get fuzzier when you introduce tools like KISMET that will detect
open and closed networks by intercepting ALL wireless (802.11b to be exact)
traffic flying around. Again how can I determine, without first seeing the
traffic, if is was or was not destined for me (the public at large)? What
about WEP (or otherwise) encrypted traffic? I can detect that something is
passing by, probably get the SSID info, but if I don't break the encryption
scheme have I discovered any relevant data, at least enough to do harm to
the WLAN in question? Probably not. And before everyone jumps on me about
AirSnort and breaking WEP keys I am just talking about intercepting A as in
1 packet.

As always a lawyer could give you better legal consul, and you should seek
it if you have any legal questions, but the above points are ones I would
discuss with legal consul. Again I am not a lawyer but I think you could
make the argument that if a) The AP was broadcasting and not closed. and b)
The WLAN in question was not using WEP then the operator of that WLAN did
not have an expectation of privacy since they where broadcasting over an
unregulated frequency (2.4ghz) in a publicly (assuming the war driving type
scenario) space.

A couple of good links that should have links to other relevant articles:

http://www.bawug.org
http://www.nycwireless.org/
http://www.seattlewireless.net/


Sorry that was a bit of a ramble... and again I am Not a Lawyer :-)

----- Original Message -----
From: "Russell Handorf" <rhandorf () mail russells-world com>
To: <vuln-dev () securityfocus com>
Sent: Friday, March 15, 2002 9:35 AM
Subject: Wireless Legality- Netstumbler and kin


> Hey all- question for ya'll that I haven't found any firm evidence with
> that raises a question of legality which concerns me greatly.
>
> Of course all those in the wireless community (WLANs) know of a program
> called netstumbler, and also that it has the capability to map networks on
> a large scale (city wide and all). Well, is this not illegal pertaining to
> the Electronic Communications Privacy Act from 1986?
>
> I can certainly understand that it is illegal for Joe Schmoe hacker to sit
> outside a WLAN and to circumvent any protective measures taken by the
> administrator (defaults include MAC Address and the infamously poor WEP),
> however is it illegal for Joe Schmoe hacker to sit outside and use the
WLAN
> of a company that doesn't have ANY protective measures set in place?
>
> According to the ECPA, it's illegal to intercept any/all wireless signals
> that are not intended for you, so would the people who are involved with
> these wireless mapping projects criminals or does this Act not apply in
> this situation at all?
>
> Russ
> ==================================
> Russell Handorf
> oooo, shiney ::Wanders after it::
>
> www.russells-world.com
> www.philly2600.net
>
> "Computer games don't affect kids; I mean if Pac-Man affected us as kids,
> we'd all be running around in darkened rooms, munching magic pills and
> listening to repetitive electronic music."
>
> Kristian Wilson
> Nintendo Inc. 1989
> ==================================