Due to my position, I will caveat this: I am not providing any legal opinion or supporting any particular belief or view on this subject. Nor is this an official stance by any government organization. The subject matter being discussed is currently in a grey area and is legally untested in most districts. Some districts have successfully prosecuted war driving under the following statute: Title 18 USC Section 3121. - General prohibition on pen register and trap and trace device use. (a) In General.- Except as provided in this section, no person may install or use a pen register or a trap and trace device without first obtaining a court order under section 3123 of this title or under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.). (b) Exception.- The prohibition of subsection (a) does not apply with respect to the use of a pen register or a trap and trace device by a provider of electronic or wire communication service- (1) relating to the operation, maintenance, and testing of a wire or electronic communication service or to the protection of the rights or property of such provider, or to the protection of users of that service from abuse of service or unlawful use of service; or (2) to record the fact that a wire or electronic communication was initiated or completed in order to protect such provider, another provider furnishing service toward the completion of the wire communication, or a user of that service, from fraudulent, unlawful or abusive use of service; or (3) where the consent of the user of that service has been obtained. (c) Limitation.- A government agency authorized to install and use a pen register or trap and trace device under this chapter or under State law shall use technology reasonably available to it that restricts the recording or decoding of electronic or other impulses to the dialing, routing, addressing, and signaling information utilized in the processing and transmitting of wire or electronic communications so as not to include the contents of any wire or electronic communications. (d) Penalty.- Whoever knowingly violates subsection (a) shall be fined under this title or imprisoned not more than one year, or both. However, in the cases where this has been prosecuted successfully, there have been other underlying offenses. For example, an individual who finds an open or vulnerable AP, collects documents transmitted from that AP as proof of the vulnerability, and then takes those documents to the company demanding several thousand dollars to fix the problem and / or not go public may face other charges. I have not heard of Joe user turning on his wireless card looking for his favorite local T-Mobile hotspot, but also incidentally finding other AP's and information about these AP's, being charged with this statute. I believe intent will be the key here. And once again... I am not providing any legal opinion or supporting any particular belief or view on this subject. Nor is this an official stance by any government organization. Just food for thought. -----Original Message----- From: owner-crime@private [mailto:owner-crime@private] On Behalf Of Alan Sent: Tuesday, September 28, 2004 11:35 AM To: warren@private Cc: Crispin Cowan; Gary Driggs; Crime List Subject: Re: CRIME wireless case study URLs? On Tue, 2004-09-28 at 09:30, Warren Harrison wrote: > This is actually more interesting than it sounds > (well, maybe it does sound interesting :-) > Burglary is basically defined (in Oregon) as committing > a crime while trespassing. So *if* war driving *was* > trespassing, and the intruder committed a computer > crime, they would also be committing burglary. > An ambitious DA could really stack the charges :-) There seems to be a big misunderstanding what wardriving is. Wardriving does not involve _using_ the network, only _identifying_ it. A wardriver does not normally use ANY of the bandwidth of the target, he just identifies the location and accessibility of the network. The "all connection is theft" attitude is going to involve just about everyone with a wireless card. Most wireless configurations are set yo locate and identify all connections in range, just like a wardriver does. (They just do it in bulk.) They do this so that the "average person" can actually use wireless. Furthermore, most wireless connections are set to connect to the first wireless signal that they find. The OS will ask for a connection, dhcp address and configure everything without the user having to do anything but have the machine turned on. In the hyper-prosecute mode of the "all connection is theft" crowd, this is automatically a crime. (And under the INDUCE act, will also allow punishment of anyone who makes any wireless hardware or software.) The point of wardriving is to show just how many wireless connections there are and just how many are unsecured. Connecting after discovery is something else entirely. -- 'This message has not been made with the consent or cooperation of the Federal Board of Regulations (F.B.R.) or the Central Enquires Agency (C.E.A.). Any resemblance to persons living or dead is purely coincidental, and so forth and so on.
This archive was generated by hypermail 2.1.3 : Tue Sep 28 2004 - 16:24:15 PDT