Re: Re: Legality of WEP Cracking

From: cwright@bdosyd.com.au
Date: Sun May 27 2007 - 20:09:23 EDT

('binary' encoding is not supported, stored as-is) >Also regarding the legality issue, if it has not >been done to death,
>the issue - when I researched this last year - might >not be as simple
>as Craig suggested. He speaks accurately about >prior permission. But I
>am not sure the 'your state my state' issue should >be dismissed out of
>hand for that very reason: one problem seems to be >that states seem to
>control how such authorization itself is >expressed, and lawyers and
>legislators are unclear about how one can >reasonably assume authorization.

>The problem of successfully prosecuting someone >who accesses an AP
>without permission - even though arrests have >been made - seems fairly
>tough.

Access and authorisation are not the issue. The law is well developed in terms of property, license and authorisation. When you claim that it may be difficult to prosecute, this is a function of evidence.

In the respect of the law, rules of evidence are also well defined. The issue is that of collecting evidence. Being a matter of fact, the nature of the evidence is not one that requires a large amount of legal dispute. It does however require more than the word of the accuser.

In civil cases, the requirements are lower. In criminal, there is a higher hurdle. Either way, there is a duty to collect evidence if you want to persue this. The difficultly is that it is not likely that a system running an open WEP gateway will have detailed logging and monitoring enabled. You do not need to notify the user that they are accessing the system without authority; they are not licensed to do so by the nature of the communications.

The law of license is a subset of property and requires a legal technical background that I can not extrapolate adequately on this list.

If you read [1], this case covered many of these issues including some examples of limitations. In this case, a “blanket authorisation” was supplied to investigators as the woman involved was actively sharing files and setup as a peer to peer hub for mp3 distribution. Cases such as this are the exception.

There is a legal maxim “difficult cases make bad laws”. The drive to make more and more legislation to cover IT and Telecoms is making the Internet more difficult to enforce, not less as some presume.

A few examples are included below. One thing to remember also is that in the US, Federal; law owns telecoms and wireless, not state. They can also charge, but the US Fed has priority.

[1} United States: C.T.L.R. 2006, 12(3), N60 [Computer and Telecommunications Law Review] Publication Date: 2006

[2] Future regulation of the communications industry still in the balance.
Nick Pimlott.
Comms. L. 2003, 8(2), 247-249
[Communications Law]
Publication Date: 2003

[3] ECJ - judgment on Canal Satelite Digital.
Sebastian Pooschke.
Legal I.E.I. 2003, 30(3), 267-277
[Legal Issues of Economic Integration]
Publication Date: 2003

[4] Computer crime - UK/Singapore: unauthorized access to computer data.
Ter Kah Leng.
C.L.S.R. 2000, 16(3), 187-189
[Computer Law & Security Report]
Publication Date: 2000 “UK and Singapore cases on meaning of unauthorized access and use of computer data.”

Regards,
Craig

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:50 EDT