[AusNOG] Wifi Security and Interception

[Chris Pollock]

> Just so we're clear here.  You don't have a problem with 
> someone sitting in the Qantas Lounge with wireshark recording 
> all the communication happening at that location for say 2 
> weeks?  You don't have a problem with someone sitting in the 
> street near a recipient of your emails (say your parents 
> street) where they foolishly have an open Wifi access point 
> downloading photo's of your children that you sent to them?
> 
> Interesting.
> 
> [b]

This is actually getting closer to what I perceive to be the real issue.
For a crime to be committed in QLD, there needs to be intent, or
negligence surmounting to intent.  A few weeks ago I started wireshark
to try to debug why a Wifi SIP phone wasn't working.  I could be guilty
of a crime for receiving the data my neighbour transmitted while I was
trying to do my work.  Is that the same as parking near a house,
downloading photos of children?  There's obviously a difference in
intent for what was happening, but could I still be guilty of a crime
the equivalent of manslaughter?  Recklessly performing actions that
caused me to capture my neighbour's data?

Or, is it the way that data is used?  Am I guilty just for capturing
that data, or does it only become a problem when I actively do something
with it?  If the former, I could be arrested for doing a wifi site
survey.  All the situations that are being presented negatively are
someone trying to do something illegal using promiscuous wifi cards as a
tool.  What about all the situations where those tools are validly used?
I don't want to look at a house when I'm out for a walk and be arrested
for peeping.  

So my question is, what was Google's intent in listening?  Were they
sitting in the Qantas lounge recording communication for two weeks or
sitting near my parents house downloading photos of their grandchildren?
You can't use these examples for why what Google did was wrong, because
it's not what they did.  I don't expect that people should be expected
to understand end-to-end encryption, or why prime numbers are important
to SSL, but I DO expect to not be held responsible when someone nearby's
poor choice could cause me to do something illegal regardless of my
intent in the course of my every day life.

IMO, you shouldn't be able to be prosecuted just for listening.  If I
then start using their wifi, I'm gaining unauthorised access to a
computer system; -this- is the same as walking in an open/unlocked front
door.

--
Chris Pollock
Technical & Install Manager
PIPE Networks Limited

PPC-1 is now live!
6900 km, 20 Months, 2.56 Tbps, 12.5 kilovolts, $200 Million and 100%
Australian Owned.
http://www.pipeinternational.com

Mobile:  +61 4 1074 7765
Phone :  +61 7 3233 9813
Fax   :  +61 7 3233 9885
Web   :  www.pipenetworks.com