How Ruling On WiFi Snooping Means Security Researchers May Face Criminal Liability
from the not-a-good-thing dept
We wrote last week about an appeals court's technologically illiterate ruling that WiFi isn't a radio communication, and therefore picking up unencrypted WiFi data, even though it's broadcast for anyone to access, could be a violation of wiretapping laws. This seemed ridiculous for a variety of reasons, including the fact that part of the reasoning is that radio is supposedly mostly "auditory" (even though it's not).Over at the EFF, Hanni Fakhoury explains how this ruling could be a disaster for security researchers:
If you're a security researcher in the Ninth Circuit (which covers most of the West Coast) who wants to capture unencrypted Wi-Fi packets as part of your research, you better call a lawyer first (and we can help you with that). The Wiretap Act imposes both civil and serious criminal penalties for violations and there is a real risk that researchers who intentionally capture payload data transmitted over unencrypted Wi-Fi—even if they don't read the actual communications —may be found in violation of the law. Given the concerns about over-criminalization and overcharging, prosecutors now have another felony charge in their arsenal.There's a fairly big risk here that this interpretation of the law is going to create tremendous chilling effects on research.
Of course, there is a flip side. In theory, this might also mean that police can't scoop up WiFi signals either:
On the other hand, the decision also provides a strong argument that the feds and other law enforcement agencies that want to spy on data transmitted over unencrypted Wi-Fi will need to get a wiretap order to do so. We've seen the government use a device called a "moocherhunter" without a search warrant to read Wi-Fi signals to figure out who's connecting to a particular wireless router. This decision suggests that to the extent the government uses a device like this (or even a "stingray" to the extent it can capture Wi-Fi signals) to capture payload data —even if just to determine a person's location—they'll need a wiretap order to do so. That's good news since wiretap orders are harder to get than a search warrant.Still we've seen courts give much greater leverage to law enforcement scooping up communications, so this benefit might not actually be real. The risk and the chilling effects to security researchers, however, is very real. Having seen how often security researchers have been threatened and/or arrested for their research, giving law enforcement another bogus thing to use against them is a huge problem.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, liability, research, security, vulnerabilities, wifi, wifi sniffing
Reader Comments
Subscribe: RSS
View by: Time | Thread
Because in order to first connect to a network you need to scan it, to find out the ssid, and what encryption you need to use.
[ link to this | view in chronology ]
Re:
This is why it's a bad law.
[ link to this | view in chronology ]
Re:
So if you carry this ruling to its logical conclusion, you're a felon every time you use WiFi in a built up area.
[ link to this | view in chronology ]
Re: Re:
Sorry for being pedantic, but most packets do not have the network name. They have up to four six-byte addresses. It chooses to discard the stuff based on the receiver address, and if the receiver address is a group address (broadcast or multicast), based on another address which has the BSSID (which designates a single access point; a network name, called a ESSID, can have more than one access point).
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Many access points, and most client software, captures data based on this traffic to show you what is in the air around you.
Many access points label this information as "site survey" so that they can allow the administrator to chose the least populated channel (which of course, very few administrators realize that there are only three channels which do not interfere with each other: 1, 6, 11, and that choosing 2,3,4,5,7,8,9, or 10 makes you a dick,) and thus allow the administrator to chose channel 3 (because nobody else is on it.)
Most clients will display, as a matter of course, the list of SSIDs they see so that the user can connect to the one they think is theirs. Which is often a lot of fun when you set up an identical SSID as the one they usually use, and then they end up connecting to your access point without authorization! Me loves me some hot "linksys" or "default" SSID action!
[ link to this | view in chronology ]
So, very narrow risk so far only in Mike's FUD...
Mike Masnick on Techdirt: "its typical approach to these things: take something totally out of context, put some hysterical and inaccurate phrasing around it, dump an attention-grabbing headline on it and send it off to the press."
[ link to this | view in chronology ]
Re: So, very narrow risk so far only in Mike's FUD...
Even guessing here I really dont see how commentary on the risk posed to researchers attempting to determine, A) how effective wifi encryption is, or B) how effective a new algorithm is at acquiring wireless signal, or C) any other legitimate, necessary research into security and/or innvoation in the wireless industry has "very little risk" because somehow it brings down google?
[ link to this | view in chronology ]
Re: So, very narrow risk so far only in Mike's FUD...
[ link to this | view in chronology ]
Re: So, very narrow risk so far only in Mike's FUD...
[ link to this | view in chronology ]
Re: Re: So, very narrow risk so far only in Mike's FUD...
hee hee hee
ho ho ho
ha ha ha
ak ak ak
[ link to this | view in chronology ]
Re: So, very narrow risk so far only in Mike's FUD...
[ link to this | view in chronology ]
Re: So, very narrow risk so far only in Mike's FUD...
You could be charged for a felony for using their wifi.
[ link to this | view in chronology ]
Re: So, very narrow risk so far only in Mike's FUD...
Of course you do. That you cannot see or understand the benefits of security research only highlights your extraordinary ignorance of the topic.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
No wonder some of the best come from china and other parts of the world.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
http://community.eveonline.com/news/dev-blogs/
You're welcome.
This is a multi-million dollar business too.
[ link to this | view in chronology ]
Re: Re:
That would be great, that's what I have AO3 set to. Or what about black on dusky light blue like my copy of Cool Reader?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
translation
Because we think this might actual make some forms of hacking illegal, and because we wish that all wi-fi was free and no net users could ever be held accountable for their action, we therefore bring up this incredible scare story that has little basis in fact.
Valid security researchers, working on approved target networks or against networks they create for testing would not have an issue.
People who randomly door knock servers and networks looking for problems would - as they should.
Thanks to the EFF for this horribly transparent attempt to further their own agendas.
(and my posts are STILL being held for moderation... don't you get bored of censoring people Mike?)
[ link to this | view in chronology ]
Re: translation
Congratulations, fucktard, you earned yourself a DMCA vote, plus the following observation - which I'm going to keep making until you get it through your penis-embedded skull.
horse with no name just hates it when due process is enforced.
[ link to this | view in chronology ]
Re: translation
Actually, censorship would be if your posts were deleted altogether, not simply held to check they're not anything like the following: Cheap kobe Shoes I looked at the size and realized it was not going t
New Football Boots Their alertness, agility, and strength make them formidable guard dogs and used as service dogs, guide dogs for the blind, therapy dogs, police dogs in K9 units, and occasionally herding cattle or sheep. After all, censorship is suppression of speech, not waste disposal.
[ link to this | view in chronology ]
So are they telling us that all the miscreants who war drive and invade Wi-Fi will stop dead in their tracks because of this ruling? I doubt that.
The government can't even seem to follow it's own law and those who are there to enforce them and seem to have a broad interpretation of how the law applies to them.
Well this will certainly clear that up.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Great theory...
[ link to this | view in chronology ]
Another useful feature shot down in flames
Most enterprise level WiFi controllers allow the detection and quashing of "rogue" WiFi signals in range, including detecting APs impersonating your own network. This often includes the ability to impersonate the rogue AP to "steal back" any clients that have attached to it. To do that of course, it has to "wire tap" the rogue.
Looks like that feature will have to be disabled, huh? Way to make corporate networks less secure.
[ link to this | view in chronology ]
Torn Sympathies
[ link to this | view in chronology ]
Not just security researchers
Every wifi network in the area was encrypted, so I did not capture any plaintext payload, and I discarded the capture when closing Wireshark. But I could not know that every wifi network in the area was encrypted until after I did the capture. Not only are there kinds of wifi networks which do not beacon normally (like some kinds of mesh network), but also if I am close to the client but far enough from the access point, the network could be invisible to me but I could see the client (the hidden node problem, with the access point being the hidden node).
That ruling is pathetic anyway. "Sophisticated hardware"? Really? Every single wireless network card I have seen on common laptops can capture wireless packets. If every average laptop user has it, calling it "sophisticated hardware" as if it was something special you had to buy is a stretch. "Fail to travel far beyond the walls of the home or office where the access point is located"? Have they ever heard of high-gain antennas? I have heard of people being able to connect to unmodified access points kilometers away by simply using a high-gain antenna on a laptop. And not all high-gain antennas are "sophisticated hardware" too; have they ever heard of the cantenna and of the wok-fi?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Government
[ link to this | view in chronology ]
Unless you are exempt from the law, which apparently allows you to do what ever you want. No holds barred. Two sets of rules.
"All animals are equal, but some animals are more equal than others"
[ link to this | view in chronology ]
Police wardriving
[ link to this | view in chronology ]
So let me get this straight. If the NSA collects communications but doesn't read them, they haven't actually collected anything. But if you're a researcher, then it's a felony?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Judges are imbeciles
[ link to this | view in chronology ]
[ link to this | view in chronology ]