Newsgroups: alt.internet.wireless
Subject: Re: legality of wardriving ???
Date: 3 Sep 2002 06:01:47 -0700

I had begun to think we were pretty much upon the same sheet of music.
If I have been harsh, accept my apology, please.

I personally have no problem with someone driving around and sticking
pins in a map.  I feel that subsequent publication of ESSID, location,
and WEP status is a violation of privacy.  It's the issue of the value
added nature of publishing such data in a corporate body which
concerns me.

While I no longer believe in the cookie monster, I don't see the
boogie man in every closet anymore (There was a time when I did.). 
OTHO publishing the technical information that allows others to more
easily exploit these poorly secured nets may be dangerous.  Yes it is
the nets themselves which endanger the infrastructure.  Yes people who
operate without the least bit of security should be held liable for
damages incurred because of their negligence.  Even so, publishing
information about which systems are vulnerable makes it easier for the
few boogie men who are hiding in closets. "Billy the script kiddie" is
not a boogie man.

I truly enjoy (and have always enjoyed) locating radio transmitters. 
I especially enjoy it when I see a direction finding network operating
properly.  There is just something about finding the other fellow and
him not knowing you are there.  Maybe it is some sort of vouyerism, I
don't know, but when Kismet burps and tells me I just entered the
coverage area of another network, it feels great.

If you will, what method may we use to separate those who are
innocently mapping the extents of networks for personal pleasure, and
those who are subsequently exploiting those maps?  Where is the line
properly drawn?

Enforcability is definately an issue.  How do you  ensure that someone
is not intercepting a network with laws?  You can't.  That must be
done with technology. What you can do is make it illegal, and then
when someone exploits the information collected by intercepting, or
publishes that information in some form, you can prosecute.

Wardrivers collect technical data about networks by intercepting those
networks. The motivtation (payoff) is in "braggin' rights".  If you
take away their "braggin' rights", you take away the motivation, for
the vast majority.  There are still thousands of people out there with
scanners who sniff LEA traffic, cellular phone, and cordless phone but
the last one I know of that went public was convicted of a felony, and
those persons who communicated the content of that data paid handsome
fines.  I like that.  That was the Gingrich case. It was the last
straw that removed the third most powerful man in American politics
from office.  That is the extent of the seriousness of intercepted
traffic.  It also resulted in a more rapid deployment of digital
cellular across this country.  He was using an analog telephone so
were many others in D.C.  That case may well have helped the national
security, at the expense of the privacy of one citizen,  like I said,
"a box of choclates."

The problem we have here is three fold:

1) The technology has (and always does) move faster than society's
ability to access it's impact.

2) The technologists have (and always will) create new gadgets with
little or no forethought to how those gadgets might be *mis*used.

3) Security lessons are almost always learned after a disaster, not
before.

Wardriving, properly done, can actually help with society's accessment
of the impact of this new technology.  It already has, actually.  It
has helped make corporate (and private) people the idea that these
devices may well open doors which need to remain locked.  A new
industry is born, there is a lot of money to be made in security
surveys.  It has also awakened the LEA's to the fact that one can no
longer be assured an IP address belongs to any particular computer.
They have been alerted to the ides (reminded as it were) that you can
may not get a conviction if you don't catch the perp at the keyboard. 
With wireless technology that is decidedly difficult.

Modern warfare has a concept called a "force multiplier", it is a
technology or device or methodology which multiplies the effectiveness
of a small force to make it as powerful as a large force.  Another
concept is "asymetric warfare", when a large force has to combat a
much smaller force and is unable to employ the same tactis as the
smaller force.  For example we do not fight a guerilla war against
guerillas.  Guerillas (terrorists) seek love force multipliers, such
as unlimited, free, anonymous Internet access.  Publishing SSID,
location, and WEP status of networks facilitates the use of that force
multiplier, but also alerts an unsuspecting public to the potential of
harm (violation of privacy).  Unfortuately, not many will explain to
you the deeper implications.

This vulnerability is an "asymetric" vulnerability.  Afganistan does
not have it. We do.  Britany does.  Germany does...  You get my drift.
 We as a people have a responsibility to help ensure the "system" is
safer, less vulnerable, rather than more vulnerable.

I proposed elsewhere that persons who wanted to set up public access
hot spots should not use default settings because some method was
necessary to differentiate between a network setup by a techno-boob
and a network setup for public access.  I proposed "open_house" as an
SSID which could be used to identify public access nodes.

I propose here that persons who want wardriving to survive need to
establish a code of rules which differentiate their activity from that
of crackers.  It shouldn't be that hard.  I'll do a first cut right
here:

1) Never violate the privacy of a network.  Data upon a network is the
property of the owner of that network.  Any data transmitted upon a
network must therefore remain private.  The location of a network is
private information.

2) Never join any network which does not present "open_house" as it's
SSID, unless you have the permission of the network operator.

3) Published maps should never contain locative data.  Check the one
at http://osiris.urbanna.net/proptest.gif for an example.  You can
tell a lot about my access point from it, but none of the information
there will tell you where I am, my SSID, etc...  In observing this
rule the wardriver gets his "braggin' rights" but protects the
networks he has observed.  GPS track data (even without coordinates)
is considered locative information.

If wardrivers don't start observing some kind of code such as this,
they will become viewed as irresponsible and childish.  Somehow I th