Can't speak for other countries, and I am no legal expert, but here in the UK its a really fine line that stops prosecution under the Telecommunications act 1981, (obviously been updated since) that states it is "unlawful to intentionally Intercept transmitted communications" for the purposes of..... it then goes on to cover the specific details, wiretapping etc. defining what we would all consider traditional interception by law enforcement etc. In my experience, the average cop is unaware of the Telecoms act and hence more than likely unaware what is being done. However, the curious one could stop and arrest you, if so its up to the tester to explain that 1, they have written authority from X to undertake such a task, and that interception of "other" organisations wireless information is an accidental byproduct of the authorised scanning. Also the tester needs to be able (in the worst case) to show that they are passively receiving the information, hence it has been broadcast, "sent" to you rather than you going looking for it, and that information will not be stored on unrelated systems. So, my feelings are its a fine line, but as long as you can prove that in passing through somewhere the information collected was not intentionally "intercepted" but the broadcast received it would be very difficult for anyone to prove otherwise. Unless of course you were sat in a van with blacked out windows, parabolic antennas on the roof and balaclava's on :)) Interestingly, the more I think about the act, the more it brings into question other forms of intercept, for example IDS, which dependent on which one is in use can record user id's and passwords, this brings into question whether the sysadmin should see the CTO's ftp/email id/pw, one to ponder. PJD > ---------- > From: Ken Kousky[SMTP:kkouskyat_private] > Sent: 05 March 2003 17:04 > To: 'stonewall'; pen-testat_private > Subject: RE: Netstumbling > > Don't have the answers you're looking for ...but more questions. I've > heard from many professionals that various state wiretapping laws > consider sniffing, be it wireless or simply dsniff, a form of > wiretapping and it is illegal. Not sure of the legal consequences > either. For the most part, wiretapping restrictions were targeted at LE > and the admissibility of evidence. When individuals do it, I'm not clear > if it is a criminal or civil act...but would love to hear more from > anybody with knowledge in this area. > > KWK > > -----Original Message----- > From: stonewall [mailto:stonewallat_private] > Sent: Wednesday, March 05, 2003 9:15 AM > To: pen-testat_private > Subject: Netstumbling > > HI, I need some advice. > > I am interested in the reaction that list members have gotten from > various > government agencies while netstumbling. Is there any clear guidance on > the > legality of 'stumbling? I am talking here about just 'stumbling, not > set to > auto reconfigure the card, just assessment and locating WAPs. > > You cannot be in the security business without being able to assess > threats. > In this business, paranoia is not paranoia, it is due diligence. I > believe > that anyone serious about security must be able to assess wireless > zones, > overlapping areas, buildings with multiple WAPs, etc. But have you been > threatened by LE personnel in the process? > > Thanks in advance for your info. > > stonewall > > > ------------------------------------------------------------------------ > ---- > > Are your vulnerability scans producing just another report? > Manage the entire remediation process with StillSecure VAM's > Vulnerability Repair Workflow. > Download a free 15-day trial: > http://www2.stillsecure.com/download/sf_vuln_list.html > > > -------------------------------------------------------------------------- > -- > > Are your vulnerability scans producing just another report? > Manage the entire remediation process with StillSecure VAM's > Vulnerability Repair Workflow. > Download a free 15-day trial: > http://www2.stillsecure.com/download/sf_vuln_list.html > ************************************************************* The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Any opinions expressed are those of the individual and do not represent the opinion of the organisation. Access to this email by persons other than the intended recipient is strictly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or other action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email is subject to the terms and conditions expressed in the applicable Portcullis Computer Security Limited terms of business. ************************************************************** ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Thu Mar 06 2003 - 10:16:15 PST