An Illinois federal district court recently analyzed the Wiretap Act as it applies to packet sniffing and held that "the interception of communications sent over unencrypted Wi-Fi networks" does not violate the statute. In re Innovatio IP Ventures, LLC Patent Litigation, No. 11 C 9308 (N.D. Ill. 2012).
The plaintiff, Innovatio IP Ventures, LLC, brought suit against multiple companies for various patent infringement claims concerning the use of wireless Internet technology in the defendants' businesses (such a hotels and coffee shops). Innovatio sent technicians to defendants' businesses in order to collect information about the infringement. The packets they intercepted contained data about the network as well as "e-mails, pictures, videos, passwords, financial information, private documents" and other data transmitted by network users. Innovatio sought a preliminary ruling on the admissibility of the data.
After a discussion of how packets are transmitted in a wireless network and the meaning of the word "intercept" in the Wiretap Act, the court determined that the proper "question is not ... whether the networks are "readily available to the general public," but instead whether the network is configured in such a way so that the electronic communications sent over the network are readily available." The Wiretap Act provides an exception if the communications are publicly available (18 U.S.C. § 2511(g)(i)). The court concluded that the communications themselves are readily available because they are "open to such interference from anyone with the right equipment" - equipment available for a couple hundred dollars and the right open source software.
The court concluded:
Any tension between that conclusion and the public's expectation of privacy is the product of the law's constant struggle to keep up with changing technology. Five or ten years ago, sniffing technology might have been more difficult to obtain, and the court's conclusion might have been different. But it is not the court's job to update the law to provide protection for consumers against ever changing technology. Only Congress, after balancing any competing policy interests, can play that role.... Unless and until Congress chooses to amend the Wiretap Act, the interception of communications sent over unencrypted Wi-Fi networks is permissible.An argument had also been made that the interception violated Pen Registers and Trap and Trace, but the court found that the argument was not properly briefed and declined to apply the statute. Thus, the court found the evidence to be admissible.
What about packets from a mobile phone to the carrier? I mean GSM was broken years ago,and you can get something to hack it for $10 (publically available). This sort of judicial logic seems like it could have far reaching ramifications.
ReplyDeleteWow, packet sniffing isn't wiretapping. This is a highly technical case, and I see no mention of the difference between setting a wireless interface in promiscuous vs. monitor vs. managed mode...
ReplyDelete