What's the difference between taking a picture in a public place (a.k.a. measuring the photons of the wavelength of visible light) and sniffing Wi-Fi signals (a.k.a. measuring the photons of the wavelength of radio)? Public photons are public photons, it seems arbitrary to distinguish them based on wavelength. How can it be a crime to measure the photons passing all around us, sometimes literally through us? The originators of these photons are knowingly sending them into the public, so they should have no expectation of privacy, just as we have no expectation of privacy for the photons that reflect off us into someone's camera on the street.
The difference is humans can see the visual spectrum but not the radio spectrum. This means that people tend to ensure their own privacy in the visual spectrum (by wearing clothes, etc), but don't in the radio spectrum (by transferring sensitive data unencrypted).
You could argue that people are being irresponsible by not paying more attention to their "radio privacy" (and you'd be right), however the lawmakers apparently felt that the advantages of making it illegal outweighed the disadvantages.
If I recall, and I'm not a lawyer, a large part of privacy law is asking whether there is a reasonable expectation of privacy. Not many people go around sniffing the wireless, you can reasonably assume that no one is listening at a given moment. Visible light in public are being sampled all the time by many observers.
I was investigated for threatening to burn down the campus a couple of years ago. Supposedly I talked about it to someone on campus over the summer. I wasn't enrolled for summer classes and I hadn't been near the campus for 5 weeks when I was reported to have been there.
I can't count the number of times I've had my laptop banned from the school network because I plugged into a mis-labeled ethernet jack. I'm on some list with the system administrators. I've filed more bug reports than anyone else. On top of this I use an encrypted vpn to prevent them from eavesdropping on my traffic.
If the FBI wants to investigate me for my comments on this site, they are welcome to it.
Good luck making a case with no evidence and no witnesses.
Also, how is listening to a Wifi radio any different than listening to your police scanner or AM/FM radio? I'm not convinced that passive packet capture is a criminal activity.
Why is you putting a knife in someone considered attempted murder in one case and assault in another and an accident in a third?
Why is computing an algorithm that undoes DRM illegal and one which predicts weather not?
Why is building something electronic and selling it legal, unless there's a bit of paper in an appropriate office somewhere in the country describing what you've built?
We don't legislate things based only on the precise actions of what people are doing, but also the social and mental contexts in which people do them. And listening to an FM radio station is a different act in a different context to listening to a police radio station or a privately owned laptop's WiFi card.
I'm not saying I know it is a criminal activity, just that it's not as simple as saying "well it's like listening to public FM radio so it must be legal.". It isn't like it, and that conclusion doesn't necessarily follow.
Why is you putting a knife in someone considered attempted murder in one case and assault in another and an accident in a third?
This would be a good analogy if knives were being constantly broadcast into my head.
Also, since it's impossible to prove that you listened to a radio transmission, I don't see how any law against listening to public Wifi would be enforceable.
(Example: saying "I've smoked pot" on the Internet. I just confessed to a crime, but probably won't be spending much time in prison for it. A confession is not enough proof.)
I'm surprised that none of the students tried to skew the results as the author expected. If could have been done fairly easily by writing a quick HTML page that uses JavaScript to make a couple iframes continuously load a variety of different sites.
I would have thought that a place like MIT ran their on-campus wireless using encryption, which should make this kind of sniffing/snooping a bit more difficult.
Even our home wlan is encrypted. Weird. Is this by design?
MIT's philosophy toward just about everything is famously open.
- You can walk around in just about all of the buildings during the day, and many even at night without a special access card.
- A CS professor here was the one who founded OpenCourseWare, which helped ignite the fire that led to many universities putting their courseware up for free online)
- Course registration is amazingly relaxed, to the point where halfway through the semester it is common to hear a professor say "by the way, if you haven't signed up for this course, you probably need to as the deadline is approaching"
- MIT's network is not behind a NAT box.
In terms of internet access, this culture means that anyone within radio-range of MIT's campus gets free, unprotected WiFi. A very different reception than you get at that other school down the street cough. :)
(Of course, the flip side of this is that you are responsible for your own security).
EDIT: I also remember during grad student orientation, the campus police representative explicitly told the auditorium full of new students: "The Cambridge homeless community is part of the MIT community, too. Just because you don't have a home doesn't mean you are not welcome here, so if you see someone who appears homeless on MIT campus, treat them with the respect they deserve." Approximate quote, since this was 2 years ago, but I was pretty blown away at the culture here from day 1.
Last year while at the library there was a room to a lab (where the printers were). To get in you could either punch in the code or next to it was a whiteboard with 5 or so problems each of which gave you one digit in the code.
I was a student there 1986-1990, then worked full-time on Athena until February, 1998. What you say has been true a long time. There are no-trespassing signs at all MIT entrances only so that the MIT police can legally eject people who cause trouble. Casual visiting is normal.
In 1994 I pushed hard to get kerberos-authenticated telnet into the Athena release. The general sentiment from others was that, sure, sniffing passwords was possible, but distributed computing was advancing to the point where people would be able to do everything from their desks, and wouldn't need remote logins. So kerberizing other services was a higher priority.
> In terms of internet access, this culture means that anyone within radio-range of MIT's campus gets free, unprotected WiFi.
My university requires you to register MAC addresses, change your hostname, turn on SAMBA, and use PEAP authentication before they will let you connect to their packetshaped and heavily filtered network where you can download a full gigabyte per day. :`-(
I guess one reason would be they have the idea that if you are worried about your activity being tracked that you probably shouldn't be doing it over the public on campus wireless.
I wondered about that too. Not the case on my wired network. Perhaps its because many laptops were taken out of suspend and then hardly used, so session-initialization messages dominate.
btw Thanks for actually addressing the point of the article.
