Slashdot Mirror
Judge Rules Sniffing Open Wi-Fi Networks Is Not Wiretapping
An anonymous reader writes "Ars reports on a decision from a district judge in Illinois, who ruled that sniffing traffic on an unencrypted Wi-Fi network is not wiretapping. In the ruling, the judge points out an exception in the Wiretap Act which allows people to 'intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.' He concludes that 'the communications sent on an unencrypted Wi-Fi network are readily available to the general public.' Orin Kerr disagrees with the ruling, saying that the intent of the person setting up the network is important: 'No one suggests that unsecured wireless networks are set up with the goal that everyone on the network would be free to read the private communications of others.'"
It's wireless tapping... D'oh.
Open networks are just that. If your intent is to keep your transmissions private, you should be using something better than an open network. Intent may be applicable in a pre-trial hearing on the validity of not having a warrant, but requiring insight in to the intent of an open wifi is highly unlikely at the warrant stage without some pretty strong inside information already.
IFF the extent of it is to scan the wireless broadcast, not join the network and access the internet, their private network, files, printer(s), etc. then I think this is an amazing case of common sense. Joining their network and using the internet or anything similar to that is akin to going into someone's house and sleeping on their couch while they're not home. Sure, "you may not be harming them" and they're "not using it right now" but that's not relevant to whether you can jump in and use their resources.
Wireless broadcasts without encryption, however, are akin to a neighbor who yells loud enough for everyone to know their family's business. I don't see any difference between my neighbors having a heated conversation that I can hear inside my house and them sending unencrypted packets into my house. The criminality should only come in if and when they are used maliciously.
It isn't the function of government to protect your "intent" against your own stupidity.
If you want to keep your communications private, encrypt them.
I'm not sure where that is in the 4th amendment.
Even so... I think most people *do* have an expectation of privacy when they're receiving and sending email, surfing the net, etc. We -- as technical types -- may be very cynical about just how naive that expectation is, and particularly so if you incorporate an awareness of all the government "finessing" of 4th amendment issues, but my feeling is that the average person would be quite startled if you walked up to them and told them you knew what they'd sent via email the previous evening.
I've fallen off your lawn, and I can't get up.
I'm not on the side of law enforcement but in this case the ruling is fair game. If you use an open, unencrypted wireless access point you do not have a heightened expectation of privacy.
With enough ignorance, you can have an expectation of anything in any situation at all. The intent of "expectation of privacy" is that it's to a reasonably informed person, not to someone who is wholly ignorant of the topic.
I might have an expectation that I could step into an operating theatre and perform a successful heart transplant. I mean, how hard can it be? But that is based on my own ignorance, and has nothing to do with reality. The "expectation of privacy" clause should be interpreted in the context, "... by those who have some notion of reality", or it's completely meaningless, because ignorance knows no bounds.
There are many open wifi access points set up with the intent of giving internet access to anyone who happens to be there. How am I supposed to know that the owner of an open network wants to share it or not?
I don't think that follows. I don't know what happens to my letters after I give them to the post office; but I still expect they won't be read by the government without a warrant.
When my mother in law picks up the phone, she doesn't know any of the details of how her voice goes down that wire, or is switched, or amplified, put on microwaves, etc... but she still doesn't think anyone from the government has any business at all listening without a warrant.
Our expectations of privacy from government intrusion aren't set by specific technical processes; they are set by the 4th amendment.
Furthermore, I'm convinced that is exactly how they should be set. It's more than a little far-reaching to say that the only valid expectations require a technical understanding of the process involved.
I've fallen off your lawn, and I can't get up.
My letters are indeed in an envelope; so are my internet communications. Several levels of envelope, in fact. An email package addressed to the recipient on the one hand, and packets containing the data as well. In fact, it's a lot easier for the average person to open the physical envelope and read my mail as compared to intercepting my email.
Again, you're confusing hardening of the boundary with the existence of the boundary. The government is forbidden to access our personal information without a warrant. There's no exception in the 4th amendment that says "unless it's easy."
An open door to your house doesn't automatically turn into "you can come in and do whatever you want."
The whole point of the 4th amendment is to set the boundary for the government. It's not about technical means, it's not about easy, it's not about expectations: It's about the government having to comply with a specific process in order to be able to look at your stuff.
I've fallen off your lawn, and I can't get up.
I disagree with your characterization.
Your internet communications are NOT in several layers of an envelope. They are like post cards, with several rows of addresses. There is no envelope. Everything is written on the outside. They are shouted to the world on open WiFi. Well...at least to the part of the world within radio reception.
I understand what you're saying about the 4th Amendment, but I can easily imagine a gov't agent back in the 1700s following a couple of people and listening as they have a discussion in public.
In all honesty, this is why I advocated WEP -- yes, WEP -- to people who couldn't use WPA. It was, from a legal perspective, a clean signal that my intent was the contents of the transmission were private.
Think of it like an interior, locked door. One of those cheap, hollow doors with a lock you can twist open if you try. The point of the door isn't to keep you out, but to let you know "you aren't supposed to be here unless invited in".
Damn well activate WEP and use the password "abcdabcd" or some such.
This is why my SSID at home is "private_keep_out" and why "No Trespassing" signs are needed.
I think this one falls squarely under the "plain view" doctrine.
Learning HOW to think is more important than learning WHAT to think.
"I understand what you're saying about the 4th Amendment, but I can easily imagine a gov't agent back in the 1700s following a couple of people and listening as they have a discussion in public."
You still aren't getting it. When you have a conversation in public there is no reasonable expectation of privacy. Anyone can hear you. When you have a telephone conversation, however, it takes special effort and equipment to listen to your conversation. So it is rather reasonable to expect your conversation to be private. Whether it is a cell phone or land line. (All cell phone traffic is "encapsulated" in packets even when it is not encrypted).
And so is WiFi traffic. While your WiFi might be open, and so it is easy for anyone to detect it or use it (anybody can see you using your cell phone, or borrow it if you let them), actually determining the contents of the communication (i.e., both sides of the "conversation") is another matter. Even your typical sniffer won't do that. It might record those contents but making sense of it takes further work.
So, what it boils down to is that telephone calls and internet traffic are not like public conversations. It takes special effort and tools to intercept those communications. That leads straight to a "reasonable expectation of privacy".
Further, there are already Federal laws against law enforcement using any electronic means to determine any activity in your household that is not readily visible from the outside. Internet use would certainly fall into that category of activity. So this judge's ruling would likely lead to a perverse (but not unheard of) situation in which a regular citizen could intercept communications legally but law enforcement could not.
To maybe be clearer:
Access to my open wifi is intended to be public. My own communications that go through it are not intended to be public.
I think the judge erred in not distinguishing between the signals themselves and the communication content of those signals.
Orin Kerr a law professor who has been published a fair number of time on Fourth Amendment computer-related issues. I think he's even had one or two blog posts from the Volokh Conspiracy cited in judicial opinions.
One of the notable ways he got that blog post wrong, though, is that the statute in question provides a specific definition of "an electronic communication system that is configured so that such electronic communication is readily accessible to the general public" -- and unencrypted WiFi networks are covered by that definition. One of the comments on the post provides a citation and the definition.
doesn't matter who is listening, in an age where encryption is standard, if you don't use encryption, or if you don't limit your transmission radius, then you have not indicated that you which your wi-fi to be private. A transmission via radio is open to 'listening' under laws in many countries, it is what you do with the material that is usually restricted.
There was an unknown error in the submission.