Thursday, November 18, 2010

Firesheep raises Question About Expectation of Privacy in Public Wireless Networks

The latest "development" is cybersecurity is a program call "Firesheep." This program allows someone to access the accounts of other users on an open network -- such as at Starbucks, McDonalds, or my neighbors. (BTW, there is a an add-on call "blacksheep" that can detect if someone is trying to use Firesheep.

PC World recently published an article discussing whether People using Firesheep may be breaking federal wiretapping laws.

The best answer was from a professor at Harvard: "I honestly don't know the answer."

The answer seems to depend on whether a person has a reasonable expectation of privacy in information transmitted over a public Wi-Fi connection. If the answer is no, then there is generally no wiretap violation.

I am not so quick to dismiss the idea that people have an expectation of privacy even when using a public connection. People generally access password protected sites, and often use encrypted connections if conducting business or commerce. Moreover, access to a person's account would not only possibly reveal the information transmitted in this one session, but all other information stored in an account.

If there is not expectation of privacy, then someone could argue that a single access over an open Wi-Fi connection would act as a waiver of any confidentiality in the password to e-mail or Facebook accounts. I don't think this is correct.

For these reasons, people likely have a greater and more reasonable expectation of privacy in information transmitted over public Wi-Fi, and the use of Firesheep is likely illegal.

No comments:

Post a Comment