Sniffing Unencrypted WiFi Does Not Violate Wiretap Act

A federal court in Illinois recently approved a party’s interception of user data on public WiFi systems at hotels, coffee shops, restaurants, supermarkets and other commercial outlets.  This practice, known as sniffing, involves someone with a laptop, a Riverbed AiPcap Nx packet capture adapter (or equivalent), and free Wireshark network analyzer software, intercepting unencrypted packets between the public wifi hotspot and everyday users.  In the course of sniffing, the person with the heavily-armed laptop can see your emails, financial information, photos, and whatever else you transmit.

Fortunately, in the case of In Re Innovatio IP Ventures, LLC Patent Litigation, the “sniffing” party agreed to overwrite the personal data of the wifi users.  This, of course, does not mean that other, non-litigants within the airspace of a free wifi hotspot are so scrupulous.  Nonetheless, the court determined that, absent a true “interception” of the user data, there was no violation of the Wiretap Act.

The take away lesson, however, is that your information which is sent over free, unencrypted wifi is sufficiently insecure that the court determined it was “readily accessible to the public.”  In short, a person who intercepts you wifi data on an unencrypted wifi network is not committing wiretapping.  As one might expect, the argument was that the data packets were only accessible to those with sophisticated packet sniffers.  But the court concluded that such sniffing devices ran $200 – $700 and were not so unusual even though “the majority of the public is likely unaware that communications on an unencrypted wifi network are so easily intercepted by a third party.”

Worse, “[t]he public still has a strong expectation of privacy in its communication on an unencrypted wifi network even if reality does not match that expectation.”

Some further discussions can be had here and here (the latter suggesting that there is a $55 sniffing device available…).

1st Amendment
“Valid Grounds for Employment Action” Deemed Not Enough for Stalking Injunction under F.S. 784.048 (Klenk v. Ransom)

Florida’s First District Court of Appeal held today that a respondent’s behavior may be enough for an “employment action” (presumably, for termination due to sexual harassment) but, in this case, was not enough for the “exacting standard” for an injunction against stalking under Florida Statute 748.048. The case is Joseph …

Data Breach
Is Your PC Keeping Your Information Private? Take This 10-Question Quiz

A law firm was behind that largest hack in history. How safe is your desktop or laptop PC? For both home and work, this article presents 10 questions in a quiz format about your security and privacy practices. The article also includes the steps how to find the answers — …

1st Amendment
Applying “Old” Laws to New Technology: Smartphones, Recordings, Privacy (at FAU)

Special thanks to attorney / instructor Larry Buck for inviting me to speak to his Florida Atlantic University “Law in the Real World” honors class about my practice, particularly how we apply traditional laws to new, emerging technologies. We discussed: drone regulation First Amendment and social media (US v. Hobgood, …