Sniffing Conference Networks: Is It Legal? Is It Right? presented at 14th USENIX Security Symposium 2005

by Paul Ohm, William R. Cheswick, Abe Singer, Mike Scher,

Tags: Security Panel Legal

Summary : It has become commonplace at some computer conferences, especially security conferences, for someone to "sniff" the network?monitor other users' communications. Often this is for the purpose of intercepting usernames and passwords transmitted in cleartext, sometimes publicly posting the information found. The person sniffing may or may not be officially affiliated with the conference, and the activity is often condoned or approved by the conference organizers (although not by USENIX), and many of the participants.
But is such activity legal? It may very well not be, or only under very limited circumstances. Who has standing to "permit" the activity, and who is liable for the results?
Aside from whether or not the activity is criminal, there is also the ethical issue. Is sniffing a conference network the "right thing to do"? What example does it set? What message does it send?
These issues have been highlighted by some heated complaints at recent USENIX conferences.
This panel will discuss these legal and ethical issues.