Hanni Fakhoury reports:
Is a Wi-Fi signal the equivalent of an FM radio station, blasting classic rock ballads through your car speakers?
Not to the Ninth Circuit Court of Appeals, which issued its long awaited decision in Joffe v. Google this week, the case where Google was sued for allegedly violating the Wiretap Act when its Street View cars sucked up data from wireless routers as it passed by.
First, the bad. If you’re a security researcher in the Ninth Circuit (which covers most of the West Coast) who wants to capture unencrypted Wi-Fi packets as part of your research, you better call a lawyer first (and we can help you with that). The Wiretap Act imposes both civil and serious criminal penalties for violations and there is a real risk that researchers who intentionally capture payload data transmitted over unencrypted Wi-Fi—even if they don’t read the actual communications —may be found in violation of the law. Given the concerns aboutover-criminalization and overcharging, prosecutors now have another felony charge in their arsenal.
On the other hand, the decision also provides a strong argument that the feds and other law enforcement agencies that want to spy on data transmitted over unencrypted Wi-Fi will need to get a wiretap order to do so.
Read more on EFF.
I’ve said it before and I’ll say it again: some laws need exceptions for researchers.