A federal court in Illinois recently approved a party’s interception of user data on public WiFi systems at hotels, coffee shops, restaurants, supermarkets and other commercial outlets. This practice, known as sniffing, involves someone with a laptop, a Riverbed AiPcap Nx packet capture adapter (or equivalent), and free Wireshark network analyzer software, intercepting unencrypted packets between the public wifi hotspot and everyday users. In the course of sniffing, the person with the heavily-armed laptop can see your emails, financial information, photos, and whatever else you transmit.
Fortunately, in the case of In Re Innovatio IP Ventures, LLC Patent Litigation, the “sniffing” party agreed to overwrite the personal data of the wifi users. This, of course, does not mean that other, non-litigants within the airspace of a free wifi hotspot are so scrupulous. Nonetheless, the court determined that, absent a true “interception” of the user data, there was no violation of the Wiretap Act.
The take away lesson, however, is that your information which is sent over free, unencrypted wifi is sufficiently insecure that the court determined it was “readily accessible to the public.” In short, a person who intercepts you wifi data on an unencrypted wifi network is not committing wiretapping. As one might expect, the argument was that the data packets were only accessible to those with sophisticated packet sniffers. But the court concluded that such sniffing devices ran $200 – $700 and were not so unusual even though “the majority of the public is likely unaware that communications on an unencrypted wifi network are so easily intercepted by a third party.”
Worse, “[t]he public still has a strong expectation of privacy in its communication on an unencrypted wifi network even if reality does not match that expectation.”
Some further discussions can be had here and here (the latter suggesting that there is a $55 sniffing device available…).