[LINK] Google's WiFi bungle

Kim Holburn kim at holburn.net
Thu May 20 09:01:17 AEST 2010 

On 2010/May/20, at 7:19 AM, Richard Chirgwin wrote:

> Kim,
>
> WiFi is covered by both acts and regulations - IANAL but I'm  
> thinking of
> the Radiocommunications Act, plus ACMA regulations specific to WiFi.
> That is, the act gives ACMA the power to regulate the use of the  
> devices.
>
> In my use of "authorised" and "unauthorised", I was thinking more in
> terms of computer crime - ie, unauthorised access to a computer  
> network.
> Various state crimes acts and a commonwealth act cover this. Here, I'm
> simply saying that authorisation refers to the intent of the network
> owner; a network owner's stupidity may mitigate the act of accessing a
> network, but doesn't excuse it.

See I don't think that works when you "broadcast" (in the technical  
sense) or "narrowcast to your neighbours and the public road" (if you  
prefer) your network way outside your property.

It'd be like turning on loud music late at night and then accusing  
anyone listening to it of being unauthorised listeners.

I think you've conflated two ideas from different parts of the law  
that don't apply.  Of course IANAL and court cases can change this  
stuff unaccountably at times.

Just because the network is encrypted doesn't mean suddenly everyone  
is not allowed to listen to it.  It might be dashed impolite but I  
don't believe it is currently against the law to listen in to shouted  
conversations even if they are partly in another language.

> The broadcasting act isn't relevant to WiFi, but that's the point I  
> was
> pursuing. WiFi is not "legally" a broadcast, regardless of its  
> technical
> behaviour. To treat a WiFi transmission as if it were legally a
> broadcast - ie, anyone is allowed to receive anything and do what they
> will with it - is to get the wrong end of the stick.
>
> Cheers,
> RC
>
> Kim Holburn wrote:
>> IANAL and I always use the term "broadcast" in the simple technical
>> sense, not in the legal sense so you would have to read my emails in
>> that light.
>>
>> I assume when you use the term "authorised" and "unauthorised" you  
>> are
>> using that in some legal sense.  Which act does it come from?  ACMA  
>> is
>> mostly concerned with spectrum use and transmitter power.  I'm not
>> familiar with the broadcasting act but I can't imagine it is relevant
>> to wifi.  There is an act dealing with wifi?
>>
>> On 2010/May/19, at 8:39 PM, Richard Chirgwin wrote:
>>
>>> "Broadcast" in the meaning of various Acts doesn't mean "transmits a
>>> signal someone else can receive". It has specific meanings  
>>> associated
>>> with the licensed activities of the operators and their  
>>> transmitters.
>>>
>>> While a WiFi base station "broadcasts" in the sense of "transmits  
>>> data
>>> which can be received by an unauthorised third party", this does not
>>> make it "any broadcast". Moreover, if I set up a base station for my
>>> own
>>> use, it is definitely not "intended for anyone within reception
>>> range."
>>> If I leave the base station unsecured, I am foolish, but that  
>>> doesn't
>>> change my intention that the base station is for my use.
>>>
>>> As far as the Broadcasting Act and ACMA regulations are concerned, a
>>> WiFi base station is not a broadcast transmitter.
>>>
>>>
>>>
>>>> given that there are both "open" and "closed" networks operating on
>>>> the same wifi spectra and all interfering with each other to  
>>>> varying
>>>> degrees, it's unreasonable to assume that there's any privacy at  
>>>> all
>>>> when using wifi devices and it's more than unreasonable to
>>>> criminalise
>>>> anyone listening to what is being broadcast.
>>>>
>>> In other words, "I can receive this, therefore I have the right to
>>> receive it, and I have no obligation to respect the privacy of the
>>> base
>>> station."
>>>
>>>
>>>> wifi is not a point to point
>>>> link (even wifi connections set up for that purpose aren't actually
>>>> point-to-point), it's an omnidirectional broadcast accessible by
>>>> anyone
>>>> within range.
>>>>
>>>> criminalising that would make it illegal to even scan for "open"
>>>> networks
>>>> that you are allowed to use...
>>>>
>>> Nobody said "criminalise authorised access". Unauthorised access,
>>> however, is already criminalised, which is the main reason Google is
>>> pleading accident. It has nothing to do with what actually happened;
>>> Google is merely trying to minimise its criminal jeopardy, because
>>> it's
>>> in a Jesus-load of trouble.
>>>
>>>> because it's physically impossible to scan
>>>> for those without ALSO detecting any "closed" networks that are in
>>>> range.
>>>>
>>>>
>>> Nobody said detecting the existence of a network was the same as
>>> sniffing packets traversing the network. One is, as you note,
>>> intrinsic
>>> to WiFi. The other is a criminal act. It's really not that hard to
>>> tell
>>> the difference between saying "There's a network called Kent Street,
>>> but
>>> I want George Street", and logging into George Street; compared, on
>>> the
>>> other hand, to saying "Look! Kent Street is unsecured. That means  
>>> they
>>> must *want* us to sniff their packets".
>>>
>>> [snipping for brevity]
>>>
>>>>> The equivalent of bouncing an infrared beam off house windows to
>>>>> eavesdrop conversations inside.
>>>>>
>>>>>
>>>> absolutely not!
>>>>
>>>> passively receiving something that is being broadcast is VERY
>>>> different
>>>> to actively snooping.
>>>>
>>>>
>>> Google *was* actively snooping. Its software sought and captured not
>>> just the SSIDs and MAC addresses, but payload data. Its PRs and  
>>> legal
>>> counsel claim accident. But that speaks to the intent of the  
>>> activity,
>>> not its nature.
>>>
>>> RC
>>>
>>>> craig
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Link mailing list
>>> Link at mailman.anu.edu.au
>>> http://mailman.anu.edu.au/mailman/listinfo/link
>>>
>>
>>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list