Law enforcement tracks child pornography distributor to hotel WiFi networks across the country using his GUID

Using public WiFi networks such as those in hotels can make it much more difficult to catch criminals in the act such as those downloading child pornography. As one defendant recently learned, however, police are capable of using old-fashioned investigative work when it comes to cyber cases.

In United States v. Pirosko, No. 5:12CR327 (N.D. Ohio 2013), an investigator tracked the sharing of child pornography to a hotel in Nebraska. The same computer (as determined by the GUID) connected to the Internet using the hotel's IP address five nights in a row. The defendant was the only person staying at the hotel for all five of those nights.

Over the next three months, the same GUID was found to be sharing or downloading child pornography in five other hotels around the country. After connecting the defendant's travel patterns to the GUID connections, a search warrant was obtained, and the defendant's computer was seized.

Prior to trial, the defendant argued that probable cause did not exist to obtain the search warrant, but the court held otherwise.

As pointed out by the Government, the affidavit established that Defendant, a registered sex offender from Mississippi, was a guest at hotels in Nebraska, Missouri, New Jersey, Utah and Ohio over a three-month period. During his stays, Defendant connected to the same peer-topeer network, used the same software, and downloaded images of child pornography from a computer at each of these hotels.

Further, even if probable cause did not exist, the court found that law enforcement had executed the warrant in good faith.

Read More

Wiretap Act and sniffing Wi-Fi - new Michigan Law Review note

The newest issue of the Michigan Law Review has arrived, and within it is a very interesting note on the intersection of the federal wiretap act and wi-fi sniffing. It's a topic we have touched upon here a few times, and I think the article does a good job of highlighting the uncertainty in the area. Indeed, that word is used in the abstract. The article, by Mani Potnuru, can be reached here: Limits of the Federal Wiretap Act’s Ability to Protect Against Wi-Fi Sniffing, and the abstract is below:

Adoption of Wi-Fi wireless technology continues to see explosive growth. However, many users still operate their home Wi-Fi networks in unsecured mode or use publicly available unsecured Wi-Fi networks, thus exposing their communications to the dangers of "packet sniffing," a technique used for eavesdropping on a network. Some have argued that communications over unsecured Wi-Fi networks are "readily accessible to the general public" and that such communications are therefore excluded from the broad protections of the Federal Wiretap Act against intentional interception of electronic communications.

This Note examines the Federal Wiretap Act and argues that the current Act's treatment of Wi-Fi sniffing might protect unsecured Wi-Fi communications under some circumstances, but that any such protections are incidental, unsystematic, and uncertain. This Note further argues that the current statute's "readily accessible to the general public" language should be interpreted in a way that addresses concerns about Wi-Fi sniffing and users' expectations of privacy. Users' current expectations stem from their limited understanding of the underlying Wi-Fi technology and the accompanying security risks and, more importantly, from the fact that private communications cannot be intercepted without specialized tools and knowledge not readily available to the general public. Finally, this Note advocates for amending the Federal Wiretap Act to remove uncertainty regarding protections against Wi-Fi sniffing. Clear protections against Wi-Fi sniffing would avoid the private and social cost of data theft resulting from sniffing and could close the gap between users' theoretical ability to protect themselves by using security mechanisms and their reduced practical ability to take any such protective measures.

Read More

Federal court addresses applicability of Wiretap Act to wireless network packet sniffing, holds data is "publicly available"

An Illinois federal district court recently analyzed the Wiretap Act as it applies to packet sniffing and held that "the interception of communications sent over unencrypted Wi-Fi networks" does not violate the statute. In re Innovatio IP Ventures, LLC Patent Litigation, No. 11 C 9308 (N.D. Ill. 2012).

The plaintiff, Innovatio IP Ventures, LLC, brought suit against multiple companies for various patent infringement claims concerning the use of wireless Internet technology in the defendants' businesses (such a hotels and coffee shops). Innovatio sent technicians to defendants' businesses in order to collect information about the infringement. The packets they intercepted contained data about the network as well as "e-mails, pictures, videos, passwords, financial information, private documents" and other data transmitted by network users. Innovatio sought a preliminary ruling on the admissibility of the data.

After a discussion of how packets are transmitted in a wireless network and the meaning of the word "intercept" in the Wiretap Act, the court determined that the proper "question is not ... whether the networks are "readily available to the general public," but instead whether the network is configured in such a way so that the electronic communications sent over the network are readily available." The Wiretap Act provides an exception if the communications are publicly available (18 U.S.C. § 2511(g)(i)). The court concluded that the communications themselves are readily available because they are "open to such interference from anyone with the right equipment" - equipment available for a couple hundred dollars and the right open source software.

The court concluded:

Any tension between that conclusion and the public's expectation of privacy is the product of the law's constant struggle to keep up with changing technology. Five or ten years ago, sniffing technology might have been more difficult to obtain, and the court's conclusion might have been different. But it is not the court's job to update the law to provide protection for consumers against ever changing technology. Only Congress, after balancing any competing policy interests, can play that role.... Unless and until Congress chooses to amend the Wiretap Act, the interception of communications sent over unencrypted Wi-Fi networks is permissible.

An argument had also been made that the interception violated Pen Registers and Trap and Trace, but the court found that the argument was not properly briefed and declined to apply the statute. Thus, the court found the evidence to be admissible.

Read More

WiFi hotspots to increase 350% by 2015

The Wireless Broadband Alliance (WBA) released a study projecting WiFi hotspots to increase by 350% to a total of 5.8 million by 2015. The increased use of data by smartphones is the predominant reason for the expansion as use of smartphones continues to increase. Already in the United States, smartphones outnumber laptops on WiFi hotspots.

The WBA membership includes Comcast, Time Warner, Google, AT&T, Cisco, Intel and other leading technology companies. The full report is available here.

Read More