Slashdot Mirror
Data Engineer In Google Case Is Identified
theodp writes "Meet Engineer Doe. A NY Times report has
identified Marius Milner as the software engineer at the center of the uproar over a Google project that used Wi-Fi sniffing Google Street View cars to collect e-mail and other personal data from potentially millions of unsuspecting people. Milner, creator of the wardriving software NetStumbler, referred questions to his lawyer. Google declined to comment. A patent search shows the USPTO awarded Google and Milner a patent in June 2011 for protecting Internet users from 'hackers and other ne'er-do-wells [who] may seek to tap into communications on a network.'"
Data Engineer In Google Case Is Identified
Fall Guy In Google Case Is Identified.
FTFY
#fuckbeta #iamslashdot #dicemustdie
Or in this case, if you have something that you don't want anyone to know, maybe you shouldn't be broadcasting it over the airwaves to the public at large.
Just a thought.
Or in this case, if you have something that you don't want anyone to know, maybe you shouldn't be broadcasting it over the airwaves to the public at large. Just a thought.
https is your friend. Seriously on any wifi network you should use https for anything secure.
You can't be that stupid. I live in a place that has wifi where you log in with password. It is encrypted, but after logged in you can still sniff everyone else on the network. It still doesn't make it right to do so. Likewise, your internet traffic goes unencrypted when it leaves your house. It doesn't make it right for me to plug in to that in between your house and ISP and capture that data. Google and Marius Milner can go fuck themselves.
If this guy is responsible for sneaking the phrase "hackers and other ne'er-do-wells" into an official legal document, I sort of like him already.
In general though I don't see much reason to single him out, when it seems fairly clear (from what evidence is available) that this was a Google project, not a "rogue employee" acting against management's wishes. There are cases where I'd support individual employees being held accountable, but I'm not sure this rises to that level; whether this turns out to be right or wrong, I think Google as a company should own the actions.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Neither of those analogies are appropriate, and your reaction is awfully spiteful for someone who likely wouldn't be on an unencrypted wi-fi network in the first place.
In one of your examples, you're given access to a private system with the idea that you won't mess with other.
In the other, you're tapping into a private circuit with the intent to steal data.
If anything, home routers should come pre-encrpyted, with the random default key on a sticker on the bottom, and display a warning and disclaimer for people who wish to run unencrypted wi-fi.
Someone before made the analogy about this being like having sex with the windows open, and then saying anyone who happens to stare for a few extra seconds can go fuck themselves and deserves to die. What kind of person ARE you???
NetStumbler for Windows and MiniStumbler for Windows CE downloads are at: NetStumbler.com
Downloads are free but PayPal donations are accepted.
DarkStarZumaBeachSurfinApocalypseWow
You can't be that stupid...
If the system is open, an easily sniffable, you're an idiot for using it with stuff you don't want publically accessible.
* I don't use WiFi at home (easy enough to wire a place up, a simple weekend project).
* When I do use WiFi...
** If it is encrypted, then I will use things like email, etc. But only if they are on a secure pipe (such as https / pops / etc.). I still won't use it for anything financial.
** If it is unecrypted, then I will only do casual browsing - no stuff with user names or passwords.
* Wired is treated like secure/encrypted WiFi, except I will do financial things (if it is a network I trust)...
Remember, on the internet, paranoia is your friend because everyone IS out to get you.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
https is your friend. Seriously on any wifi network you should use https for anything secure.
MITM attacks on public wifi hotspots are mostly trivial. Yeah, keep believing that using HTTPS is securing anything.
I guess it would be beyond expectation for someone to tell anyone complaining their data was "stolen" that they should have been pumping it into the local atmosphere for all to read without any encryption or other basic protection.
Yeah, holding people accountable for their own idiotic actions would make too much sense. Beside, we make far too much money out of idiots who bought cool stuff with no clue how it actually works - me especially, a lot of my tech support clients use Macs.
Your reasoning is along the same as "you shouldn't go out if you don't want to get stabbed". It is not reasonable suggestion.
Do you even have the ability to grasp granularity of magnitude that isn't all on or all off?
HTTPS isn't the issue here. THERE IS NO PRIVATE NETWORK ON OPEN WIFI. A secured connection, a dedicated connection from an ISP, these are PRIVATE connections. OPEN WIFI is a PUBLIC ONE.
You don't want people listening in on your phone calls? Don't have them outside in a public place, the hobos might steam your trade secrets (or whatever paranoia types like you subscribe to).
You don't want people listening in on your data? Don't transmit it on a "public" medium.
HTTPS and SSH cannot be sniffed on your wifi, nor does either one "go unencrypted" when it leaves your house. Broadband providers using DOCSIS protocols also are not sniffable by your neighbors.
However, I recommend you should worry more about "is it possible" and "is it likely" rather than "is it right". Our government and the big corporations (that's redundant, I know) clearly aren't at all concerned about your ideas of right and wrong.
Posting anonymous so this will not haunt me forever through the net (unless you are tracking me already har har).
Has anybody actually been hurt? Because, uh, I'm just asking. I'm all for privacy but I don't see anyone poring over my data in this case. So has anybody been hurt? Where is the victim?
Or are we talking about hurting the feelings of those poor electrons that used to mean something, however fleeting, before being vacuumed up by a hateful engineer?
And you know every atom whose state you have ever modified has certain inalienable rights..
I am pretty damned cynical about big corporations and those who presume to rule them, but there are plenty of white collar criminals in power in America and I have yet to see any at Google.
And for your info I think Sergey's and Larry's excellent space adventure shows me enough where those guys stand. I prefer to support Google and Man's Future In Space. The rest of the establishment, their cops and politicos and bastards who talk out the sides of their mouths, the warhawks and smack sellers, and all the self righteous fucks who turn a blind eye to killing, and the fucktards who find a moral pinnacle somewhere in there, they can all go off and fuck themselves until they die.
As for Milner? Well he is either completely innocent or a geek who has been hypnotized until robotic. Happens every day in America. There are one thousand other cases more worthy of prosecution.
Your hate towards Marius Milner is so strong, you saw this article in the future and registered just in time to post this comment with same timestamp as the article?..
Tech(NY|LA|Cars|nicalExpert), you're so unsubtle :(
But how could he not write the sniffer program? A co-worker of mine wrote a fun screen-saver. It posted each image sniffed over wifi in a random place on the background, creating a real-time collage of what people were viewing on the Internet. He wrote the program and showed it to his boss, and fortunately being at a start-up, he found it amusing. He also hacked our WEP security in a few hours with some hacker software, leading us to upgrade our protection rather than get pissed. It is the nature of good engineers to be curious, and Joe Engineer does not offend me. It's the government that scares me.
Celebrate failure, and then learn from it - Nolan Bushnell
I think it was stupid, but it doesn't look like it was a vast Google conspiracy to inhale as much data as possible for the takeover of the world. It looks like a stupid decision by an engineer and a layer of incompetent management.
I certainly don't condone anyone collecting WiFi data that most people expect to be private, but correct me if I'm wrong - they didn't crack WEP/WPA/hack their way into routers to obtain this data. That means it was floating free and unencrypted over the air for anyone to observe. It's shady and makes Google look bad, but technically it's not much different from receiving FM radio signals; perhaps short range walkie talkie conversations are a more apt comparison - still not illegal and not patently immoral.
...and you've eaten your pen. simply stunning.
https is your friend. Seriously on any wifi network you should use https for anything secure.
MITM attacks on public wifi hotspots are mostly trivial. Yeah, keep believing that using HTTPS is securing anything.
Written by someone who obviously doesn't understand how https works. Your site URL is validated against a server-side certificate. The protocol starts with an exchange of public keys, then uses session keys for the session. This makes a man in the middle attack impossible.
You (and the 100 other posts with the same sentiment) are frickin' morons.
Yes you should protect you data as much as possible, but there are always
ways around that and looking through other peoples stuff is wrong. just because
you *can* doesn't mean you *should*. If you mail a letter, I could grab it out of you
mailbox shine a light or something to read the contents (or unseal/read/reseal).
would your response be "Well, I guess I should have put the letter in a stainless steel
box and welded it shut"
Google long maintained that the engineer was solely responsible for this aspect of the project, which resulted in official investigations, some still unresolved, in more than a dozen countries. But a complete version of the F.C.C.’s report, released by Google on Saturday, has cast doubt on that explanation, saying that the engineer informed at least one superior and that seven engineers who worked on the code were all in a position to know what was going on.
The F.C.C. report also had Engineer Doe spelling out his intentions quite clearly in his initial proposal. Managers of the Street View project said they never read it.
Depicting his actions as the work of a rogue “requires putting a lot of dots together,” Mr. Milner said enigmatically Sunday before insisting again he had no comment. He said he was closely following the news reports on the issue.
If that's all to be believed, Milner reported on what he was doing, and sent it to his boss(es). They opted to "not read" the report. If at least six other engineers were in a position to know, then this sounds more like a "no, don't put this in writing or tell us what you're doing" situation than a rogue employee. If bosses aren't responsible for their employees, what are they there for?
www.clarke.ca
So, by "trivial" you mean "Easy, you just need to be a government official with a leverage over certificate authority, or you could simply hack a CA and issue a fake certificate. Trivial!"
He said it was an add-on to study WiFi use around the world as part of his 20% project. I dont know if you have report or get approval for your 20% projects at Google or elsewhere. But after this is may be a good idea to have some supervision.
It would be like adding some metric measurement software to what we ship customers. Then have that send back these data. Our customers may be unsure then if their personal data in this software is being compromised.
Now a former state investigator involved in another inquiry into Street View has identified Engineer Doe. The former investigator said he was Marius Milner ... The former state investigator spoke on the condition that he not be identified because he was not authorized to speak. ... Although the F.C.C. declined to identify the engineer, a footnote in the full text of its report said Google told the agency the identity of Engineer Doe “only because it had disclosed his name to state investigators on December 17, 2010.” Google declined to comment.
That's clearly Google's fault. They shouldn't have told state investigators ANYTHING. I mean, they got reprimanded for "obstructing investigation" or somesuch anyways, what does one more bit held back matter?
If you broadcast information publicly and without sufficient encryption, the public can listen in and record it.
Apart from the question of who is right in the abstract, punishing Google or other people isn't going to deter anybody who actually wants to do you harm, since passive listening is pretty much impossible to detect. What we might restrict and punish is the use of such information, for example rebroadcasting it, using it in legal proceedings without a prior warrant, or reselling it.
The real question we should be asking is how people are punished that broadcast private information (e.g., hospitals that use unencrypted networks).
So if I leave the door to my house unlocked it's OK for you to go in and take what ever you want? How much responsibility falls on the home owner? If they lock their doors and arm a security system but the system is old and easy to bypass and the thief has a bump key is it the owners fault. Google identifying open wifi while driving around is not the problem it's that they went into the network and collected data. If they sniffed any VOIP traffic then they committed a felony the only reason they have not been charged is that email and other communication are not protected under law.
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
I use wifi away from home only when it is a necessity. And only at when times I don't have an option. End even when I do use it, I restrict what I do (as stated previously, sorry if this mildly complex set of use-cases confused you). Also, it keeps anyone from accessing my home network via WiFI, should they manage a successful breakin. Using wifi elsewhere won't allow them to break in to my home network via wifi. If you need an explanation why, please go back to eating your crayons and glue.
If what I do is too complex for you, that's your problem, not mine. But I don't feel like wasting 10-15 mins on the phone to cancel a credit card, dealing with issues of someone having gotten into my filesystems because they've run rampant on my network, or having the cops come after me because someone hacked my network and started using my internet for illegal purposes.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
Written by someone who obviously doesn't understand how https works. Your site URL is validated against a server-side certificate. The protocol starts with an exchange of public keys, then uses session keys for the session. This makes a man in the middle attack impossible.
Yeah, who here doesn't understand things. I live in a country that has been serving fake certs and other trickery even when trying to login to fucking Slashdot using HTTPS. If you believe that there is no way around or no tricks to use against users you are being unbelievable naive and/or idiot. Hell, even Slashdot allows this because it has non-https components even if you browse with https. Go back to your noob-box and get some clue.
Bullshit, Certificates are international, and whenever certificate authorities have been compromised their issuing certificates have been revoked.
The ISPs and device vendors who sold UNSAFE PRODUCTS to consumers are the folks we should be mad at.
Car analogy: Do you get mad at the guy who slowed his car in front of you, or the auto manufacturer who sold you a car with the brakes detached from the brake pedal?
Uhm, no, my response would be tampering with the mail is a federal offense. Receiving unencrypted, publicly accessible radio transmissions isn't. If you are broadcasting unencrypted wifi signals, you do not have an expectation of privacy, any more than broadcasting an FM radio signal does. If I seal an envelope and mail it, and you steam it open, or shine a light through it to read it, you know you are looking at something you shouldn't, because it was SEALED. Get it?
If you leave your house unlocked, no, that doesn't allow me to go in and take whatever I want, because the DOOR IS CLOSED. Now, if you opened your door, and put a sign on the porch saying "Hey, I have stuff in here", then yes, it is your fault. Same as if you were broadcasting unencrypted wifi signals.
And while we are on the topic, let me educate you a bit. If you send out an unencrypted radio signal, and I do nothing more than receive it, then I did not "go into the network" to get anything. I received exactly what was sent to me. See the difference?
Nah, it's really much closer to "go around the city, looking at every house, and find several people broadcasting video of them having sex", since nothing Google did violated the internal network, all they did was receive a radio signal that was unencrypted.
Sure. Oh wait, except that to do so, you would have to break the encryption, which is against the law. In fact, now that I think about it, that makes your analogy completely useless, doesn't it? You *do* see the difference, right?
Actually, it's more like putting a speaker outside your house, then playing personal information over it for anyone driving down the street to hear, and then getting angry that someone had the gall to record the audio that you were broadcasting to the world at large.
mod parent up
-- QED
May we burn her?
You don't want people listening in on your data? Don't transmit it on a "public" medium.
But google wasn't just incidentally listening to peoples data (like seeing the router name and signal strength). They were doing the equivalent of setting up a ladder on the sidewalk and taking multiple telephoto photos through each house's front windows on each block, in every town, in every state, then compiling and analyzing the data so they could better advertise to each household. If I'm in my kitchen doing dishes and someone looks at the kitchen windows while walking down the sidewalk that's one thing. But if a fellow sets up a ladder, climbs it, then whips out a camera with a telephoto lens, is that fellow just capturing light that I am broadcasting into the public medium? Sort of, but he's also making a substantial effort to see things that aren't intended to be public. To knowledgeable people the most that a wardriver would see is the router name and the signal strength. That's like the incidental glancing at the window, no big deal. That is public. Google was using advanced packet sniffing software to effectively get on the ladder and take telephoto pictures of what was going on inside. You try out the ladder/camera trick and see how long before the local police show up and toss you in the clink for being a peeping tom.
-- QED
Actually they did, by broadcasting it freely, unencrypted over the airwaves. This isn't "sniffing". You could receive that signal with a random piece of wire. If you broadcast something, it is, sort of by definition, BROADCAST. Get it? You not only left the door open, you threw your stuff out the window, then complained when someone came by and picked it up off the street.
so if i dont put up curtains that gives you free reign to peer into the windows of my house and make an inventory?
Um, pretty much yes?
I don't know about that, they knowingly assigned a well-known writer of war-driving software to the street view team. It is kind of obvious what is going to happen next. That was the reason Google hired him in the first place.
If you check out the name of the person who made first post, along with the time stamp you'll see why it was written as inflammatory as possible.
I'm finally coming around to the opinion that /. is taking money for some story submissions such as this one.
Don't know something? Look it up. Still don't know? Then ask.
The people they were snooping on weren't intentionally running an open WiFi and had an expectation of privacy.
A false one. Ignorance is not an excuse.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Golly! I guess my Palo Alto firewalls are lying to me.
We use these to prevent internal data loss, filter malware, virus, etc... and decrypt all SSL traffic as normal policy. The client never knows the difference because the firewall has its own cert issued by a trusted CA. You could always do the same yourself, but the process has been made trivial with an appliance.
Pull my finger for my public key.
I don't think you understand how radio works. It's like sound.
Your neighbor blares his stereo? Well, you can hear his music because of that.
You blare your unencrypted data? Well, I can read it.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Lets be proper about this.
Nobody picked it up off the street, they merely looked at it, and made a record in their journal.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
So, it's the tools problem when the user refuses to use it correctly?
God help us all when the butter knives get fed up with it.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
So, instead of just insulting people - do you plan on backing anything up?
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
No, it's not OK even then. Only if I put up a sign saying "Hey, I have stuff in here AND YOU CAN HAVE IT."
I would argue that's exactly what you're doing if you broadcast unencrypted WiFi across your neighborhood. You cannot scream across the EM spectrum at the top of your lungs and demand the world not listen. People are not going into the public's house to get their wifi traffic. Ignorant members of the public are blasting it across an area greater than a football field with their house in the center.
No, it's more like walking down the sidewalk and noting how you and your boyfriend really are loud sex partners.
Since you can hear it from the sidewalk.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
It is assumed. Am I to cover my ears when I walk by a house where someone is shouting?
Generally, yes - as long as I do it from a location I am authorized to be (such as my own property or the sidewalk in front of your house). If my actions were associated with some crime (such as a conspiracy to murder) or in violation of court order (such as if you had a restraining order preventing me from being within 100 yards of your house) of course it is not okay.
Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading
Actually, I'm fine with that. I don't feel that I have a right to stop people from using the data I voluntarily send straight to them.
Good luck decrypting it, though.
If you're handing out checks to everyone who passes within several hundred feet of your house, then you can't complain that someone has your banking information.
Actually using that information to break into your account and take money would be theft, of course, but have you proved that Google did anything untoward with the data that they were given (yes, given)? If not, your analogy does not hold.
Three key words: You have the *right* to leave your house doors open, but if you do, you'll find your *insurers* take a dim view of your sense of *responsibility*.
The analogy may or may not apply well to wifi.
~Tim
--
Rushing on down to the circle of the turn
The school kid hacked the account.
Question. Are the people who think this is a crime really that fucking stupid when it comes to technology on this site?
Or are they just so blinded by their own ideology that the stuff they used to know goes "poof" never to be seen again?
Why is it so hard to only have politicians for a few years, then have them go away?
> It's like sound.
Which in most states is illegal to record without the consent of at least one party?
And further, I'd also mention that the Supreme Court has ruled that people have an expectation of privacy with regards to their infrared emissions, which is a much better analogy. There is a huge difference between actual sensory data which you incidentally encounter, and data that you can only receive by using a specialized piece of equipment and specifically decoding it. (Mind that even unencrypted wireless is still encoded by the protocol. You cannot make sense of the data by simply 'listening', you need to actually identify the noise, devices, packets, retransmissions, etc.)
I'd liken it to you having sex with your wife on the front lawn and then getting mad that someone took pictures of it.
I discovered an access point at my local kroger that decodes and SSL certs and replaces them. I'm curious how many phone apps will even notice this is happening. I plan to do some testing.
Cheap storage VM.
Neither HTTPS or SSH can be sniffed if you can properly authenticate your endpoint. I can still perform a Man-in-the-Middle attack if you are careless or uneducated. Given the right circumstances, I may be able to get my CA added to your browser.
Cheap storage VM.
Just like Rupert, Google is claiming 'We had no idea what our minions were doing; our job is merely to be wealthy.' #YeahRight
If you broadcast your voice over public airwaves it is legal to intercept it. It doesn't matter if you *think* it's a landline, it simply does not have the same protection.
Cordless phones many of which are unencrypted fall into your description, yet it is illegal in every state for a third party to monitor the phone call without consent of all participants. Most state laws also specify cellular and cordless calls, and others use all “electronic” communications, to cover ANY phone call. The protection is for any phone calls no matter how they are made.
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
"To me, there is no expectation of privacy if your communication is not encrypted."
Some people aren't capable enough to even program the clock on a VCR, yet you expect them to know how to magically set up encryption. The expectation of privacy is still there. It never goes away.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
You, along with many others commenting on this story are making the assumption that the common man is aware of how radio works. In each of the analogies being provided, I'm seeing examples of deliberate behavior:
-A persons loudly blares music
-A person has sex on their front lawn
-A person posts a sign in front of their house
In each of these cases, the person is extremely aware of what they are doing. Now, granted, you are correct - people are broadcasting their unencrypted data, which any one can collect. However, in this case, they are completely oblivious of the fact. Now, we can put on our nerd hats and proclaim that everyone should be intimately familiar with everything that we consider important, but I have to say, that isn't ever going to be reality.
Given the public's lack of understanding of the technology, it is reasonable to say that they can have an expectation of privacy for their wireless communication. As another poster pointed out, you need to purchase "specialized" equipment to collect this data. I don't simply walk down the street and have this data rudely forced upon me.
I think part of the problem is that we are dealing with different standards in different countries. I'm in the USA and while I think what they did was inadvisable I don't think it was completely wrong. The problem is that I think it is against the law over in Europe where they have much stronger data privacy laws. That's the sort of thing that could easily catch the engineers involved by surprise, but it appears that they covered that base by suggesting that the project be run by the legal team. It seems like that didn't happen which is likely a management issue, even though no one is admitting that because they don't want to take on that responsibility and the legal implications.
Yea, I noticed that. He felt it was fine to potentially ruin someone's career by identifying him but isn't willing to put his own name behind his statement?
OK, then i'll argue this way: you require specialist equipment to broadcast this internet. If you have it, you need to understand at least the super basics of how it works.
If suppliers are not ensuring you do, they are not exercising the due care that they should (yes, i know they are not required to. that's part of the problem)
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
When you need knowledge you don't have, you hire a consultant. People have been doing it with their cars for years, it's no different with a computer. And yes, you can get screwed in both cases. It's called the real world.
If you're incompetent, pay for someone who is competent. It's that simple. People just act different 'cause it's a fucking computer and they have some sort of mental block that prevents their intelligence from working properly.
Apparently, you could watch it, but in most of the US recording the act would be illegal.
(You can check the validity of this analogy for yourself).
.: Semper Absurda
Your Palo Alto firewalls only work because the (self signed) global wildcard certificate they use has been manually installed on every client on the network, and is trusted by those devices.
Unless you can trick a user on a public wifi hotspot into accepting your self signed global certificate their browser will not validate the connection or pass data without a big red warning screen.
Just because you disagree doesn't mean it's not true.
Why not?
It is in a public air space. The sender wished to share it with others. That makes it fair game to me. That which is private simply can not be communicated to another person. It's a narrow definition but in many ways the only real definition. A trusted wife or friend can betray. When you throw the dice of communication you pretty much have to accept the consequences.
"Just because you're stupid doesn't mean the law MUST protect you."
Actually, that's what laws are for.
"People just need to learn to RTFM, all the routers now have manuals with Big Friendly Pictures and Big Friendly Setup Wizards which tell you to set the password."
Mine didn't come with a manual, nor a setup wizard. It just came with a slip of paper with the login code for the router, and the default wireless encryption key (and the wireless encryption was turned off by default.)
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
This is false. There is no expectation of privacy in public space, if I grab my phone and record sound in the street, and happen to overhear a conversation from inside a house, I do not need authorization from the person having said this conversation.
The opposite would be evidently idiotic.
entia non sunt multiplicanda praeter necessitatem
The most obvious analogy is a person having a conversation by the window of his house. I am standing in the street, and can hear his conversation from a public space. I am completely free to listen to it, remember it and then relay it to some other party, take notes of it, record it, and even enter it into a log with other publicly available data like the address, the time and date, and if the person has one of those little nametags in mailboxes, their fucking name.
If i have loud sex in my apartment, i can not say that it is a violation of privacy when my neighbor complains about the noise. I can not complain about him recording it from the privacy of his own home, either.
If the opposite were true, you would have to get permission of everyone that happens to be in hearing range of your phone whenever the phone's microphone is on, like when making a call, or recording an audio note.
If the opposite were true, you would have to get permission from anybody that appears in the background of a picture taken in public space.
"Awareness" on the part of those persons has absolutely nothing to do with it.
entia non sunt multiplicanda praeter necessitatem
you don't have to go that far: it's like having loud sex in your room, and then complaining about privacy when your neighbor complains about the noise
entia non sunt multiplicanda praeter necessitatem
Don't know about the US but in the UK the law is clear regarding radio transmissions - whether clear or encrypted, whether audio or data : You need the permission of the transmitter (the person, not the equipment) to listen in. This covers everything, e.g. air traffic control is not encrypted but that doesn't mean you're allowed to listen to it. Same goes for CB chats between two trucker friends and also peoples WiFi.
So as you can see, arguing that "the wifi AP didn't have a password therefore the auto-negotiation between my laptop and their router constituted permission" will get you nowhere.
If you don't risk failure you don't risk success.
Care to provide citations? Especially considering the legal status of Wi-Fi.
Because a) it might fall under general transmission and not require any special permission to receive (just as it doesn't require any special permission to transmit), and b) your interpretation makes even just scanning for networks around you criminal - as in that screen which shows available networks in your phone settings and such. You see, I didn't give your phone a permission to receive my SSID and protection state - even though they are transmitted in the clear. I transmit them only for my laptop and phone.
Nevermind, found some fresh news from UK.
Seems like initial investigation was on Data Protection Act grounds, not just "listening in", though that part might be investigated now under other act.
From OFCOM: http://stakeholders.ofcom.org.uk/enforcement/spectrum-enforcement/guidance
This page is specific guidance about VHF Scanners, but cites laws regarding "transmissions" in general:
"...it is illegal to listen to anything other than general reception transmissions unless you are either a licensed user of the frequencies in question or have been specifically authorised to do so... "
and
"The services that can be listened to under the definition of general reception are:
licensed broadcasting stations;
amateur and citizens' band radio transmissions; and
weather and navigation transmissions
"
If you don't risk failure you don't risk success.
this is UK law, not US law but direct from OFCOM: http://stakeholders.ofcom.org.uk/enforcement/spectrum-enforcement/guidance
"It is an offence if a person ... uses wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of any message whether sent by means of wireless telegraphy or not, of which neither the person using the apparatus nor a person on whose behalf he is acting is an intended recipient."
It doesn't matter if I'm broadcasting unencrypted data. If you are not the intended recipient then you are breaking the law by sniffing it.
If you don't risk failure you don't risk success.
Opera on my phone threw a cert warning. I plan to test some apps to see if they send any sort of warning. It probably depends on the programmer. I wonder how many apps actually use https instead of http...
The cert was not a kroger cert, it was something else and I did actually call the police because I thought it was a rouge access point someone had set up on the parking lot. It appears to be in the store's deli. I'm debating whether I should follow up to ascertain if they are aware it is set-up the way it is and how that could potentially open them up to liability.
Cheap storage VM.