Law Scholars Say WaveLAN Hacking Is Legal, In Germany

An Anonymous Coward writes: "Seems in Germany sniffing other peoples WaveLAN is no criminal offense. At least the authors of this Article from the German magazine 'Datenschutz und Datensicherheit' claim that even intercepting and decrypting WEP-encrypted traffic is perfectly legal. Wow." (The PDF file is in English.)

Wow.

[booch]

Wow, lawyers actually came out and had an opinion on something without being paid to have that opinion? I've never heard of a lawyer saying something was legal or not -- they prefer to deal in the gray areas, so they can help you get away with anything.

Thank god.

[Snowfox]

Trying to achieve data security through legislation instead of responsible technology use is just stupid. This approach makes perfect sense.

I hope that other countries follow suit.

presedence in US court.

[j-turkey]

Its too bad that this won't affect any of our (bad) US legislation.

Hell, we still can't use radar retectors in some states (to listen in on somewhat public frequencies that are used to surveile us).

Even without encryption, I'll bet that just about any US court would rule it illegal to sniff 802.11a/b/d packets.

If you add breaking WEP, it becomes a DMCA issue...again, US courts would be even more likely rule it illegal.

Are there any other capitalist countries out there that are just a little smarter than mine?

-Turkey

Re:presedence in US court.

[uradu]

> Hell, we still can't use radar retectors in some states

Hold your horses, cowboy. Just because you (might!) be allowed to intercept WEP traffic doesn't mean you can use radar detectors in Germany. In fact, you can't! You'll get a good spanking for that--in most of Europe, AAMOF.

Re:presedence in US court.

[Negadecimal]

doesn't mean you can use radar detectors in Germany. In fact, you can't!

When did that happen? When I left Germany six years ago, there were still automated photoradar systems all over the place... you'd see a bright blue flash, and get a bill in the mail shortly thereafter. No fuss, no muss.

Re:presedence in US court.

[j-turkey]

Yeah -- I forgot that doesn't apply to the rest of the world. I stand corrected.

But then again (to go way off topic) police in Germany don't issue speeding tickets (using radio surveillance) fot the sole purpose of revenue enhancement either.

In any case, outside of my slightly OT Radar rant, it doesn't change the fact that no US court would ever let that fly -- I think its indicitave of how much more progressive europe is in some aspects.

BTW, what does AAMOF stand for?

-Turkey

Re:presedence in US court.

[doooras]

>we still can't use radar retectors in some states (to listen in on somewhat public frequencies that are used to surveile us).

What frequencies can you listen in on using a devices that beeps at you while your ass is going 90 MPH through a school zone?

do you mean scanner?

Re:presedence in US court.

[uradu]

> BTW, what does AAMOF stand for

I made it stand for As A Matter Of Fact :-}

Re:presedence in US court.

[uradu]

> When I left Germany six years ago, there were still automated photoradar systems

I believe the original poster meant radar detectors as in "detectors of radar", those little black boxes on your dash that beep when they detect radar frequencies.

Re:presedence in US court.

[j-turkey]

What frequencies can one listen in on? That's exactly what a radar detector does -- it listens in on frequencies, just like a radio (it is a radio). When it picks up the specific frequency (or range therein), rather than play the frequency through a speaker, it signals the operator with a beep.

Its pretty simple actually.

As far as going 90 MPH in a school zone -- I don't know how you drive, but I use radar detectors -- and I don't do 90 in school zones. I just won't pay tickets based on counties trying to boost revenue by entrapping unsuspecting drivers and issuing speeding tickets. If the police are watching you using electronic equipment (especially for a scam like this) don't you want to know?

Scanners are legal in all 50 states -- and I'm not talking about those.

-Turkey

Re:presedence in US court.

[Caradoc]

Not exactly. The use of a mobile scanner is limited to amateur and professional radio operators in some areas of the U.S., because the legislators in those areas fear that criminals could use them to snoop on police frequencies during the commission of the crime. Regular desktop radio scanners, I'm not sure.

Big hint to any legislators that might read this (yeah, right!): if they're planning on robbing a bank, and they want to listen to the police frequencies while they do it, the fact that it's illegal in that locale is not going to stop them, or even intimidate them.

Re:Datenschutz und Datensicherheit

[uradu]

> Is that "Chips and Dips" in German?

No, it's "dataprotection" and "datasecurity". Once you grasp (say, in the second or third class of German 101) that those apparently endlessly long German words are actually compound nouns composed of multiple simpler nouns--rather than atomic words that you can look up in a dictionary--their apparent length ceases to be all that amusing.

Re:Datenschutz und Datensicherheit

[GigsVT]

German is doubleplusgood!

This boggles my mind

[DiSKiLLeR]

Of course its legal, it SHOULD be legal!

It boggles my mind how it could be made illegal. You broadcast data for the world to see, and you can make it illegal to view it? wtf?!

Makes no sense to me..

Laws get worse and worse each day...

Re:Datenschutz und Datensicherheit

[nefertari]

Datenschutzbeauftragter der Landesmedienanstalten would then be a DataProtectionOrderedTo of the StateMediaAgencies...

You are more or less right. A Datenschutzbeauftragter is somebody who has to take care of the privacy of the informations his organization has collected.

BTW, I am german, but I don't think that a longer word means that someone is more important. For example at the Bundeswehr (the german military) there are ranks called Unteroffizier, that is less than an Offizier since Unter means sub, so the longer name has the lower rank.

OT: nitpick on sig :o)

[kiwaiti]

Nach welcher Rechtschreibreform heißt es denn wieder "seelig" statt "selig"? Orig. M. Luther? :o)

Kiwaiti

Re:OT: nitpick on sig :o)

[nefertari]

Keine Ahnung, ich habe es immer so geschrieben. Muss ich wohl aendern. Danke! Judith

No they don't

[osolemirnix]

Sigh. Did the submitter even bother to read the whole PDF?

...claim that even intercepting and decrypting WEP-encrypted traffic is perfectly legal...

No they don't claim that. As stated in section 5.4 of the PDF, german law says that if you break "special safety measures against unauthorized access" you are certainly violating the law. Now wether WEP encryption is strong enough to be considered a valid safety measure in terms of this law is yet to be determined in a court case.

But that is not what the PDF is mainly about anyway. As it goes on in the following sections, it just claims that merely intercepting the WEP-encrypted data is definitely not a crime, at least as long as you're not decrypting it. So, simply sniffing/netstumling is legal. Decrypting WEP-encrypted data and further meddling in a thus cracked WLAN is most likely illegal (has yet to be determined by a german court).
Sniffing unencrypted (WEP disabled) WLAN is not illegal, since there is no "special safety measure to prevent unauthorized access" as stated in the law.

Still an interesting read, but not nearly as mindboggling as suggested in the /. story.