From: cwright@bdosyd.com.au
Date: Sat May 19 2007 - 18:34:06 EDT
For clarification, the US, (most of CA), AU, UK, NZ and many other places are common law and not Romanic or civil law countries. France is civil law. Now that this is clear I will progress.
Wireless interception is covered as electronic interception. Wireless communications use electromagnetic waves for transmission. The dissemination of electromagnetic waves is legally considered electronic interception of electronic communications. Thus is clear. It is decided in case law in a variety of countries.
Mostly this is oldish law going back 20-30 years. The majority of cases at that point are due to the interception of Satellite transmissions or to pay television through electronic interception.
In § 2511 (Interception and disclosure of wire, oral, or electronic communications prohibited) of [1], parts1.b.ii states:
“such device transmits communications by radio, or interferes with the transmission of such communication”
So this is US Federal law. Forget all the “my state” bits etc. It is defined federally, and federal is all you need to be covered.
Section 2.d of the Act states:
“It shall not be unlawful under this chapter for a person not acting under colour of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.”
The act even covers cases where a transmission is NOT “encrypted or scrambled”. It is still not legal to intercept it.
Now from the above in 2.d you should note that you can be given prior permission. This is from the site or system owner. As such, you can intercept a communication on your own site when you are an auditor or network administrator. You are exempted under the act as long as you remain acting within your authority. If you attack another network which crosses your site – you have no authority.
REMEMBER that this is PRIOR permission. That is BEFORE the act. There can not be any permission subsequent to the act.
In Au, we have the Telecommunications (Interception) Act 1979 and the TELECOMMUNICATIONS (INTERCEPTION) AMENDMENT BILL 2006. The UK has the equivalent as do the majority of other common law (and many civil law) countries.
Nothing is unclear about the law. Not knowing it does not make it unclear. These are VERY clear laws. The ONLY areas of un-clarity are in tortious actions. The un-clarity is how much of a civil penalty will you also get.
There is nothing to stop the owner of the network your intercepted taking tortious action. If you have been found guilty or charged with a criminal offence – this makes it easier.
So the uncertainty is not per se a legal one, but rather that when you go to goal, will the aggrieved party also sue you.
So:
Admin and your own network =ok
Admin and finding another network, but stopping = ok
Admin finding another network and just capturing = asking for trouble
Not admin and no permission = new friends with Bubba
Simple?
Regards,
Craig
[1]
TITLE 18. CRIMES AND CRIMINAL PROCEDURE
PART I--CRIMES
CHAPTER 119--WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:49 EDT