Results 1 to 2 of 2

Thread: Wi-Fi and (US) Law

  1. #1
    Join Date
    Aug 2001

    Wi-Fi and (US) Law

    Wi-Fi and the law


    With new computer technologies rising up like mushrooms in a dark cellar, it's no surprise that a traditionally slow "network" like law-making can't keep up.
    Before 1996, courts had to base their rulings on traditional laws, many of them being insufficient and inadequate to be applied to computer crimes.
    In 1996 finally, the Computer Fraud and Abuse Act was signed.

    The following document is an attempt to summarize all (US) computer-related laws, accompanied by practical examples, guidelines, and more.
    Keep in mind that law is always subject to interpretation: the interpretation of your local judge isn't necessarily the interpretation expressed in this document.

    Federal Laws

    - The first amendment.

    Bill of Rights, Amendment 1:
    Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
    It is generally accepted by US courts that computer code is intellectual property, is considered a form of free speech, and therefore protected by the First Amendment. One could write the most destructive or harmful code ever, and it would be considered free speech, protected by the First Amendment.
    This includes viruses, worms, and encryption software.

    Consider the case of Daniel Bernstein, a student at the University of California at Berkeley.
    In 1993, the US State Department ruled that Daniel Bernstein would have to register as an international weapons dealer, under the Arms Export Control Act. The reason? Bernstein posted an encryption program (Snuffle) online.
    In 1997, a US district court ruled that the government could not restrict Bernstein’s work, as it is a form of free speech.

    The US Constitution - Bill of Rights
    Daniel J Bernstein vs. the US Department of State
    Wired Magazine on Daniel Bernstein
    Crypto Law Survey

    - The CFAA (Computer Fraud and Abuse Act - United States Code Title 18, Part I, Chapter 47, Section 1030 - “Fraud and related activity in connection with computers”)

    Originally, this law was only used for government and financial institute computers, but since then the law has been called upon to fight newer computer crimes involving “civil” computers as well. This was done by amending the original act: in 1996 for example, Clinton signed the National Information Infrastructure Protection Act.

    In short, the CFAA prohibits unauthorized access to a “protected computer” (even if no data is obtained). The National Information Infrastructure Act amended the CFAA to define virtually every computer connected to the internet as a protected computer.. Accessing such a computer is a felony if:
    - the computer system is accessed with intend to defraud.
    - damage of more than $5,000 in a one-year-period is caused (this does not apply if the damage is done to medical systems, if someone is harmed, or if national security is threatened).
    - it is used to traffic in passwords.

    Additionally, it is a felony to threaten to damage a computer system.

    While the First Amendment (Bill of Rights) makes it a legal right to write virus-code, the CFAA makes it a crime to distribute the code.


    - The Federal Wiretap Act (United States Code Title 18, Part I, Chapter 63 - “Mail Fraud”)

    The Federal Wiretap Act
    makes it a crime to devise any scheme or artifice to defraud, or for obtaining
    money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate of foreign commerce.
    Furthermore, if a financial institution is involved, fines and imprisonment are worse.

    - The ECPA (Electronic Communications Privacy Act, United States Code Title 18, Part I Sections 2510-2521, 2701-2711, 3121-3127)
    The ECPA is an amendment to the Federal Wiretap Act.
    In short, the ECPA prohibits and criminalizes the intentional interception of electronic communications (be it over a wire, a cable, or other like connection used in wired communication). This includes cell phone communications, email,...
    Furthermore, the ECPA criminalizes the alteration, and prevention of access to electronic communications in storage: it is a federal crime to access computer messages without authorization, not only during transfer, but also when they are stored on a computer system.

    Combined, the Federal Wiretap Act and the ECPA make it illegal to intercept electronic communication, and the unauthorized access of stored information.


    - Civil lawsuits.
    Both the CFAA and the ECPA also allow “injured” parties to start a civil lawsuit.

    Other federal laws are being used to judge computer-crimes (the Patriot Act being the most famous), along with state laws.

    Wi-fi and the law

    - Wi-Fi Technologies

    802.11b was the first wireless networking standard on a mass scale. 802.11b operates in the 2.4GHz radio band (2.4 to 2.4835 Ghz), and uses a technique called DSSS (Direct Sequence Spread Spectrum) to perform at a maximum link rate of 11Mbps per cannel. Within this band, there are three available radio channels (Channels 1, 6, and 11). Theoretically, you could use the other channels at well, but this could cause overlapping, as shown by this 802.11b Channels-chart.
    Note that most microwaves and a lot of residential cordless phones also use the 2GHz band, and interference is not uncommon.


    802.11a uses 13 channels in the 5GHz band at a maximum link rate of 54Mbps, using a technique called OFDM (Orthogonal Frequency Division Multiplexin Modulation).
    The exact frequencies used by 802.11a are 5.150-5.250GHz, 5.250-5.350GHz, and 5.725-5.850Ghz, providing a 300MHz-spectrum in the 5GHz-band (versus only 83.5GHz available in the 2GHz-band).
    While it has a greater throughput than 802.11b , this standard has less coverage than the b-variant.

    Some newer cordless phones also use the 5GHz band.

    802.11g uses the same OFDM-technique as 802.11a (and therefore operates at a maximum link rate of 54Mbps), and operates on the same band as 802.11b (2.4 to 2.4835GHz).

    Wi-Fi and the law

    The frequency-band used by Wi-Fi is an unlicensed band.
    This is important, as he ECPA rules that is not unlawful to:
    intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.
    This is exactly what an unconfigured and unsecured Wi-Fi network does: it transmits readily accessible signals. The ECPA therefore makes it not unlawful to intercept or access this information (note that the term “intentional interception” is used in the act).
    Now comes the interesting part: say you’re wardriving around town (it should be clear by now that wardriving is absolutely not illegal) and you find an open Access Point (broadcasting its SSID, no WEP). You are allowed to connect to this AP, for the simple reason that there is no way for you to check if this AP was intentionally left open (to share a connection), or if it was left open without the intention to have it broadcast. You are not breaking a law, as it is not possible to make a distinction between the two.
    I have yet to find a case where somebody gets convicted for accessing an unprotected AP.
    As long as you use the network reasonably and without causing damage, you are protected under the ECPA..
    A distinction should be made though between using the AP to access its internet connection, and accessing the AP to access an internal network.
    Accessing an internal network through an open AP is questionable: snooping around a filesystem is something you’d probably get away with, but tampering with the files is an absolute no-no, just as considerably degrading the band-with (don’t even think about using the system as a personal warez-server).

    Note: as said before, law is subject to interpretation: your local judge might rule that NetStumbler does not fall under “readily accessible to the general public”, for example. In this case, your response should be that the FCC (the Federal Communications Commission) has declared that the frequencies used for Wi-Fi are for public use.

    This is not a legal document, but merely a summary of information from legal documents, and is subject to interpretation (in short: don't go waving this document in the face of the judge that wants to lock you away for five years). I hope it'll spark an interesting discussion, though

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Huson Mt.
    Note: as said before, law is subject to interpretation: your local judge might rule that NetStumbler does not fall under “readily accessible to the general public”, for example. In this case, your response should be that the FCC (the Federal Communications Commission) has declared that the frequencies used for Wi-Fi are for public use.
    I use a Belkin 802.11b card and it does the same thing as netstumbler, with the execption of continuously scanning. You have to manually scan for new WAP's. While using this card, I have come upon several instances where I have had a few different access points to choose from, so then according to this interpertation these WAP's are “readily accessible to the general public”.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts