network owner and controller to secure his data in any means seen fit by
himself. This means WEP, VPN, PPtP, etc etc. If you neglect to do this, your
data is floating about in the airwaves free as a radio station, since
802.11b does use the ISM band, set asside for the public's use, without
license. This raises another question. Cordless phones use ISM as well.
(2.4ghz, 900Mhz) It is illegal to intercept and recieve any of those
transmissions. The wiretap laws cover those. Some states do have
"computer-to-computer" transmissions in their wiretap laws (such as New
Jersey), but it does not state anything about allowing your computer to show
you interference it's recieving from another computer.

Now, the question of the software. I'm sure many are familiar with kismet
and netstumbler, and airsnort. Kismet does collect the data that it picks up
in 802.11b packets floating about the air. Does that land in with the "it's
in the public, it *IS* public" laws? I think so. Anyone? Now, intentionally
sitting in front of someone's house using this to gather passwords, read
email, or even attempt a wep key crack, i would find to be illegal. Since
you're using the data you are gathering for malicious intent. (As stated
above)


This is on the wardriving.com website, in the FAQ. Feel free to read it all,
but this was the only part that was valid to this post.
http://www.wardriving.com/doc/Wardriving-HOWTO.txt

3.  Why are people Wardriving?

3.1  Is it legal?

There is no cut and dry answer to this question, but simply driving around a
city searching for the existence of wireless networks, with no ulterior
motive cannot be deemed illegal. However, if you are searching for a place
to
steal internet access, or commit computer crimes then the wardriving you
performed was done in a malicious manner and could be treated as such in
court. Don't forget in the US, simply receiving radio transmissions on the
Cellular telephone frequencies (895-925 MHZ) is illegal, a similar law could
be written to discourage this, but this isn't likely.
As with any questionable activity, there are always two sides. Whether you
agree or disagree with the whole practice makes no difference to me, but in
the future, legal proceedings and violations may be related to wardriving.
Technology is not bound to ethics. It is the application and use (or abuse)
of that technology that brings ethics into it. To get back to the question
this technology is not really new (802.11 IEEE Standard - 1997), but this is
the peak of it's popularity. And at this peak it's good to get the kinks
worked out, and the security of wireless Ethernet is a pretty huge kink.
WEP(Wired Equivalent Privacy) uses up to 128-bit RC4 encryption, but it was
implemented wrong, so now it makes no difference whether or not you use it,
it's vulnerable. There are few built-in mechanisms that provide security,
not
broadcasting the ESSID is a start, but a sniffer can pick it up, anything
else is left to other 3rd-party devices.


"3rd-party devices" Meaning that it's up to you to secure your data. If you
cannot secure your data, oh well, figure it out. :)

Personally, i think there needs to be more definition in the laws and
regulations reguarding this. WEP could be useful, and there is a new driver
based WEP256 floating about, but at the physical layer, it's still only RC4,
128-bit wep.

So, the short & sweet answer to "is wardriving illegal?": No.
The long answer is whatever you want it to be, with as many definitions and
explanations as you see fit. I don't see wardriving illegal, but i do see
association to another's access point without expressed permission, illegal.


Just some observations, and my opinions, which are mine alone, with a bit of
mixed fact. I would like to hear your ideas and observations on this topic.
Perhaps it could be a subject for the meeting in a few weeks here.


--
Alex Hartman - goober at goobe.net
PGP Key fingerprint = 26 41 19 56 19 81 E2 BC  EE C8 1D F4 DB B8 ED B8
"Watch out for that bus!"