Wait a second!
More handpicked essays just for you.
Role of security policies
Don’t take our word for it - see why 10 million students trust us with their essay needs.
The Legal Issues Surrounding Packet Sniffing
942 Words2 Pages
Recommended: Role of security policies
During a conversation last year with a Houston-based network administrator, I asked, “Is wire sniffing at some random public WiFi hotspot illegal?” “No, not at all. It’s just passive…and besides, anyone stupid enough to pass their sensitive information over an unsecure network gets what they deserve.” As it turns out, he was wrong, but he’s not alone in his confusion.
A quick search shows that many other people are curious about the legality of packet sniffing, but that the advice they get is contradictory. According to Ohm, Sicker, and Grunwald (2007), some of the top justifications for sniffing without consent include:
• “It’s my network, so I can do whatever I want.”
• “The network wiretapping laws have an exception for academic research.”
• “Packet sniffing is legal so long as you filter out data after the 48th (or 96th or 128th byte)”
• “Capturing content may be illegal, but capturing non-content is fine”
• “We’re not breaking the law because we’ve anonymized the data”
• “Data sent over a wireless network is available to the public, so capturing it is legal.” (Ohm, 2007 p. 1)
Ultimately, the court of law, not the court of public opinion, is the deciding factor in legality. So why isn’t the issue clear cut and widely known? The laws that govern packet sniffing, the Federal Wiretap Act and the Pen Register and Trap and Trace Act, were written more than 50 years ago and were meant to apply to the wire tapping of phones. Later, in 1986, packet transmissions were added to the list of covered communications. The Patriot Act of 2001 also amended the body of law. Between this patchwork of jury rigged laws and the legitimate exceptions to the law, it is often unclear what restrictions apply to which activities.
I...
... middle of paper ...
...nishments (ranging from a maximum of 5 years in jail to a civil judgment of over $10,000) may not be enough to deter would-be thieves. As IT professionals, it is our job to not only operate within the boundaries of all laws and ethical obligations, but to do our best to protect the transmissions that people entrust us with by making our applications secure.
Works Cited
Ohm, Paul, Douglas Sicker, and Dirk Grunwald. 2007. Legal Issues Surrounding Monitoring During Network Research. Internet Measurement Conference. [Online] October 2007. http://www.imconf.net/imc-2007/papers/imc152.pdf.
Singer, Abe. Conference Password Sniffing. Usenix. [Online] http://www.usenix.org/publications/login/2005-08/pdfs/singer.pdf.
Spangler, Ryan. 2003. Packet Sniffer Detection with AntiSniff. [Online] May 2003. http://www.packetwatch.net/documents/papers/snifferdetection.pdf.