Tuesday, April 10, 2012

Ahrndt considerations on remand and cordless ≠ WiFi

This is the third of a four-part series from Cybercrime Review on the Ninth Circuit's Ahrndt decision and the important legal issues concerning wireless networks.

The Ahrndt case is rapt with analogies – “When a person shares files on LimeWire, it is like leaving one's documents in a box marked "free" on a busy city street. When a person shares files on iTunes over an unsecured wireless network, it is like leaving one's documents in a box marked "take a look" at the end of a cul-de-sac.” What is missing from these analogies is a step-by-step analysis of what accessing someone’s wireless and looking at their iTunes library entails, and the legal implications. Below, I will discuss the process to gain access, how it fits within the precedent that the trial court attempted to ground its decision in, and ultimately I conclude that the trial court erred by mistakenly equating intercepting cordless telephone audio with the capabilities and technological realities of WiFi.

Here are the pertinent steps that JH took to discover, during her private search, the CP:
  • JH loses her internet connectivity, and her computer connects to a non-secured wireless network (JH’s volition – she allows connections to unsecured wireless networks automatically)
  • That wireless network’s configuration allows a DHCP address to be handed out to JH’s computer, effectively allowing it to communicate with Ahrndt’s router, all other hosts on the intranet, and the internet. (at this step, by using the internet, even if to make a DNS request, is theft of service without authorized access)
  • JH’s iTunes library sends out a broadcast packet, looking for any other iTunes libraries that exist on the intranet and Ahrndt’s library responds
  • JH’s iTunes library incorporates Ahrndt’s library as a browsing option
  • JH browses the library and discovers child pornography (under United States v. Jones, 132 S.Ct. 945 (2012) could one say that this was a trespass?)
After viewing the steps above, a few things should become apparent. One is that analogies to California v. Greenwood, 486 U.S. 35 (1988) are misplaced. Leaving a wireless network unsecured is not akin to leaving your trash at the street for all eyes to see – that analogy only holds water if you actually bring your computer and wireless access point outside for all to interact with and give up property right to the items. While your unsecured wireless extends outside of your home, Greenwood does not stand for the proposition that anything external to your house is “trash,” and devoid of privacy rights, nor on its face does it contemplate unauthorized access to devices within the home.

To clarify, it is also important to point to volitional acts and their necessary consequences. Let's change the analogy to a new one – you find a car KEY FOB sitting in a parking garage, which contains the buttons “unlock,” “lock,” “trunk,” and “alert.” Obviously the person has misplaced this item, forgotten about it, or discarded it not understanding its full capabilities. You, as JH, find this FOB and decide that you’re going to “check it out” (let's disregard for a second whether merely picking up the FOB is a trespass in and of itself). You press the lock button twice, and a car a few steps away beeps. Because you are having issues with your car, and are hoping to find a pair of jumper cables in the trunk, you hit the trunk button, which allows you to look inside and see what the trunk contains. When you look into the trunk, you observe that there is a car repair kit, which intrigues you – you figure there must be good stuff in there. You open this further, and inside, instead of jumper cables, you find child pornography. How is this distinct from Ahrndt?
  1. There is a volitional act that initiates the connection – the connection to the wireless network vs. picking up the remote, pressing the lock button twice, and identifying the car
  2. There is a volitional act to usurp another’s property or services – use of the network of another for financial gain (internet service, iTunes, etc.) vs. popping the trunk and examining the trunk for a beneficial device. As a caveat – these are arguably both physical trespasses – in the former case, you are changing the memory on the router, which is a physical process, and in the latter, you are opening the trunk.
  3. There is a trespassory intrusion upon another’s property – opening another’s iTunes library vs. opening a car repair kit
In Ahrndt, all of the actions above were completed by law enforcement, or by JH, acting as an agent of law enforcement: (steps 1 & 2) - “Officer McCullough duplicated the steps that JH had used to access Dad's Limewire Tunes,” 2010 U.S. Dist. LEXIS 7821 (D. Or. 2010), and (step 3) “Officer McCullough . . . asked JH to open one of the files. JH opened the file briefly and the two saw a photo of a minor engaged in sexually explicit conduct.” Id. JH can readily be called a state agent because she “acted together” with law enforcement, Lugar v. Edmonson Oil Co., 457 U.S. 922, 937 (1982); United States v. Jacobsen, 466 U.S. 109, 113 (1984) (a private citizen is an agent of the police if he or she “acts with the participation” of law enforcement), and completed a task at their behest. See, e.g., United States v. Reed, 15 F.3d 928, 931 (9th Cir. 1994).

In the analogy, clearly a search has occurred as soon as the trunk has been opened AND a person views the contents – it’s sound constitutional law that one has a reasonable expectation of privacy in the contents of their car, especially places not freely visible. But how does that translate to the wireless transmittal of data?

The district court in Ahrndt relies heavily on Tyler v. Berodt, 877 F.2d 705 (8th Cir. 1989) for the concept that communications that can be intercepted have a “diminished” expectation of privacy. In Tyler, a cordless phone signal was able to be intercepted at a neighbors house; the neighbor heard suspected criminal activity and contacted the police. Id. at 706. The police listened as well, and subsequently charged the individual who was overheard with crimes related to the illegal activity. Id.

To equate Ahrndt to Tyler is a failure to understand the difference in technology. A cordless phone, or any other radio transmitter, does just that – transmits information that (in theory) can be overheard – but the communication is not bi-directional (unless licensed). This is similar to FM radio, ham radio, and other VHF closed systems. To make it illegal to intercept this or listen to it would be absurd. Listening to another’s cordless conversation, the radio, or a police scanner are all passive activities, requiring merely the receipt of radio waves. I am sure that the holding in Tyler would have been different, however, had the police transmitted something back (say, by joining the conversation); similarly, while it is of no legal consequence to listen on your police scanner to local law enforcement, it would be a much different situation if you picked up a radio and joined that conversation. You have turned the passive conduct of listening into the active conduct of transmitting and participating. This is a fundamental difference in kind between Tyler and the case at hand.

The TCP/IP protocol and various wireless handshaking protocols all require that the receiving device transmit data back to the wireless access point, or router. There is active interaction, continuously. The TCP/IP protocol requires that the initiator send a SYN packet, the receiver send back a SYN/ACK packet, and then the original initiator send back an ACK. So, by connecting to someone’s wireless network, you are directly interacting with it – you are affecting the possessory interest of property contained within another’s house; each connection made necessarily forces data to be stored on the access point and the router, affecting that devices’ memory, and changing it physically. To exempt that from Fourth Amendment protection seems unwise – the text of the Fourth Amendment is clear that the people have a right to be free from unreasonable searches in their “houses” and “effects.”

Just to be clear, this interpretation merely states that a person reasonably expects that their wireless network, secured or unsecured, would not be interfered with by another through unauthorized connection – a non-passive activity. The key there is unauthorized. No search can occur if you have given consent to the search. And, merely observing networks around you, whose SSID (Service Set Identification), aka “name” is being broadcast, affects no interest and is no search, as well.

Viewed in this light, it makes no difference what was done after the connection to the wireless network, because the connection itself was a search. Additionally, any argument to the Limewire case, United States v. Ganoe, 538 F.3d 1117, 1119, 1127 (9th Cir. 2008), is irrelevant, because there, the defendant had already consented to Limewire facilitating connections between his computer and the internet. The same is not true, here. Ahrndt did not consent to anyone other than himself connecting to the network. By leaving it unsecured, there may be an argument of implied consent, but leaving your car unlocked does not imply consent to open it up and see what you find. Further, any argument that states that the computer connected to the wireless network automatically does not defeat this argument – a computer only does what you tell it to do, and failure to change default settings is no defense.


Post a Comment