I am NOT a laywer, but I checked how much of what the article describes is illegal in Germany. The answer is just about everything.
Installing a doorbell with a camera that looks into the hallway is illegal. You may not record what happens in public spaces on security cameras. And even inside your home, you still have to ask for consent to make an audio recording. Otherwise, this constitutes a crime.
Also, sniffing Wifi for data not aimed at you is illegal. The law is quite broad and covers unencrypted data. Sniffing MACs of devices that don't communicate with your own network falls under that. Sending deauthenticarion packages using those MACs proves the intent to deliberately obtain that data. Thus might even result in a prison sentence. Deliberately interfering with the operation of a Wifi network may also constitute computer sabotage, but the bar for that is higher.
EDIT: I also forgot: creating the program that is intended to specifically interfere with the doorbell is also punishable. This is one of the rare cases where the preparation of a crime constitutes a separate crime in itself. The same goes for the distribution of such tools.
You might find it interesting that some German universities [1] actively send out deauthentication packages to clients that connect to SSIDs that are not on their internal whitelist to "protect" the clients from "rogue APs".
A lecturer from my Hochschule was fired for protesting this practice.
This letter from the BNetzA, which is in charge of regulating the use of the EM frequency spectrum in Germany, specifically states that sending deauthentication packages to disrupt other wireless networks is not allowed. It's in German, naturally:
From a network admin's perspective- this is necessary to protect the integrity of the air space. It discourages the use of rogue AP's which wreck the channel utilization for everyone. It's common to find this feature in enterprise wifi systems. Some actively spoof the SSID of the rogue AP in order to draw the client back to the institution's network.
And what about the people who don't/can't use the institution's network? Why should the institution be allowed to effectively monopolize the unlicensed airwaves?
If I was in some kind of debate club or moot court or something like that and got assigned to side that is supposed to argue for allowing this, I'd probably look into some kind of property rights approach and make a distinction between radio waves transiting the property and radio waves that originate on the property.
The property owner could make not operating an access point on the property a condition of granting permission to enter the property. Someone who then operated an access point would be trespassing and they (and their access) point could be evicted. In other words, the property owner is already allowed to monopolize those unlicensed airwaves on their property.
If they choose to exercise this monopoly by using technical measures to stop other access points from working, rather than by physically evicting those access points, why should that make a difference as long as those technical measures do not interfere with access point not on their property?
>If they choose to exercise this monopoly by using technical measures to stop other access points from working, rather than by physically evicting those access points, why should that make a difference as long as those technical measures do not interfere with access point not on their property?
By the same argument, can I also ban cellphones from my property and set up cellphone jammers to enforce this ban? You're free to set up arbitrary "rules" and ban people from your property for it, but that doesn't mean you're deputized by the government to do whatever you want to enforce those rules.
>Why not? It's unlicensed, so it's a free-for-all.
Unlicensed doesn't mean no rules. For example, even though 2.4 Ghz is unlicensed, you're still subject to transmission power limits. In the US at least, there's also statues against interference.
In the US, that practice is black-letter illegal. A major hotel chain had to pay a rather large fine for doing exactly what you describe.[1]
There is no private property right to the radio frequency energy traversing someone's property. The owner / lessor of a property may not interfere in someone's use of the airwaves.
From a security/technology standpoint I do not see any gain in using deauthentication packets against others. Any (half decent) skilled enough attacker will find ways to counteract these (e.g. by enabling PMF/WPA3 or using a stronger signal) or just leaving the property if a movable end device is attacked.
A network and end devices are secure by design or they are not. Separation of privileges, different accounts, multi factor authentication, certificates, modern protocols, no single password policy…
Making users, superiors or yourself believe that one is “secure” because of using deauthentication packets will actually result in the opposite because it will hide the existing structural security issues in your network/end devices and give a false sense of security.
What remains as argument is the service quality aspect.
One wants to deliver the best wireless quality. Either because of own quality needs or because for a production environment.
In either case one is using an unlicensed band that still has certain constraints based on the country. The choice of technology might just not be the right one for these needs. How about 5G?
I can imagine that one can define certain rules only for a private property though.
Radio waves usually do not stop on property fences. One would need to convince a court that it is 100% certain that deauthentication packets can not reach others outside of the property. I guess if the property is big enough that will work or one puts up a Faraday cage around the property or building.
Still one can not send with more power as it might have health consequences for employees or visitors. Private property right is solely for how one uses the property and whom is given access to under what conditions. It does not allow a completely new rule set that conflicts with the “surrounding” law (not to mention human rights). One can still not lawfully murder a person on their private property just because the own property rules allow it.
For public universities I do not see any way to implement wireless restrictions in any lawful way. Their properties are usually public for everyone. So making rules for employees and students that can not be enforced on visitors is probably against the principle of equal treatment.
Then there is the constitutional Academic Freedom in most democratic countries. Not allowing researchers or teachers to freely choose the technology suited for their needs is probably against the constitutions of these states. Also students can not be denied access to a university because of such a rule set because they have freedom of choice where and what they want to study.
Last but not least we discuss this because of a WPA design flaw that is fixed with PMF/WPA3. If we would not have had this flaw to begin with I guess we would never ever had this discussion as we do not have it for Bluetooth or wireless mice/keyboard combos or other wireless protocols that use the same frequency bands.
And finally I wonder about the mindset of the mentioned network admin’s.
I can not agree if one assumes just because an organization might have more people or more important ones or richer ones or has a higher building or … to then assume might is right and enforcing it by using design flaws in network protocols. This will eventually lead to an arms race with no winner at all.
> Also, sniffing Wifi for data not aimed at you is illegal.
Ugh, yuck, I hate when lawmakers write laws like that. What does that even mean? All WiFi that I can hear is aimed at me. That's how radio works.
No, I'm not being disingenuous or obtuse, this is a legitimate concern with the way we're allowing artistic liberty into the written law. It's really badly ambiguous, not to mention the ridiculous violation of autonomy that you can't listen to broadcasts you can hear is.
I'm reminded of early Unix, with default permissions that made one's files public, in the spirit of sharing. Well before one could Google, I wanted good examples of TeX vitas, so I searched all unprotected files of every math department server I could access. Some people were horrified to learn that this was possible or that I had done this.
That most people do not choose 802.11w is a similar state of ignorance. Yes these are public broadcasts. The laws are substitutes for more thoughtful engineering.
We have little privacy on the internet; that ship has sailed, through similar ignorance. It's worth worrying about doorbells, but that's not the big picture.
Poor word choice on my part. You are only free to capture and process information that either a broadcast without target or addressed specifically to you in some form. And that makes total sense. There is some leeway in the interpretation so that the mandatory reception and decoding as part of the technical implementation are not illegal in themselves, but any further processing of data clearly addressed at someone/something else is not legal.
In Belgium there's a similar law which almost prohibits the usage of Ring. In the law, there are two main usages of this kind of system. In case you want to use it to identify persons who ring your doorbell, you need to comply with the following:
- The camera can only be active when someone actually rings your doorbell
- You cannot store any images from this camera.
If the system you have installed doesn't abide by those rules, it falls under the more stringent camera surveillance law. That includes hanging up pictograms indicating camera surveillance, registering and obtaining permission,... and so on (gdpr becomes relevant).
I suspect that your rules are also the ones that the GP is subject to in Germany, since you actually can buy video doorbells here and use them at least without an Überwachung sign -- not sure about registration since I don't have one myself.
> You may not record what happens in public spaces on security cameras
In America this could be up for debate. Much of this kind of law depends on a "reasonable expectation of privacy", meaning that if anyone could see you there, it's not an issue to record or take pictures. An apartment hallway actually may or may not count as a public space, depending on whether or not the building is access controlled.
This is incorrect, it is not a felony to record audio from a security camera in the US. Two party /all party consent only applies to confidential communications.
“...it is possible to violate the Wiretapping Act (and thereby commit a felony) by pointing a camera at a person speaking on a cell phone and creating an audio recording of part of the telephone conversation.”
Recording audio is always fraught with risk. You should avoid it, especially in indoor locations that you do not control.
One party/all party consent laws only apply to confidential communications, or put another way private conversations, not anytime a phone is used. If you can only hear one person speaking, it is not a conversation. And even if you can hear both people, like if they were on speakerphone, someone talking on speakerphone in a public place is not having a "private" conversation.
That depends on the state. In Florida, I had to put up notices that audio was being recorded in one room in order to hook up a microphone to a surveillance camera.
If you're not a party to a conversation, then one-party rules don't apply. I.e., in one-party States you can record any conversation to which you are a party, but you can't eavesdrop on conversations that you're NOT a party to.
This means you can't leave a microphone at a bus stop to record random conversations, say, not without a) owning the bus stop, and b) loudly announcing the presence of the microphone to all users of said bus stop. Replace "bus stop" with any public space. This also applies to private spaces as well, even when you're the owner. Thus you can have video surveillance at any office, but audio surveillance is generally a big no-no.
GP refers to zero-party recording. I would be surprised if surreptitious (i.e., not announced) audio recording by non-parties were legal anywhere at all in the U.S.
If you're standing in front of a window and can see out (and can be seen), you don't really have a reasonable expectation of privacy. This applies to my single floor single family residence. If I want privacy, I close the blinds and/or drapes.
As a matter of courtesy, I never aim a telephoto at windows. Paparazzi are an entirely different class though in that most have no "class" anymore it seems.
You don't have a practical expectation. Its reasonable to expect polite neighbors not to stare in windows, take photos etc. Used to be called a 'Peeping Tom' and was actionable. Nowadays we've become jaded?
This is a poor example for two reasons. The reasonable expectation of privacy standard is for audio, not images. And you do have an expectation of privacy in your own hotel room
Not a Lawyer, but it looks like it varies by state. CA penal code 647 j makes this illegal even without entering the property, but mississippi code 97-29-61 does require entering the property.
Installing a doorbell with a camera that looks into the hallway is illegal. You may not record what happens in public spaces on security cameras. And even inside your home, you still have to ask for consent to make an audio recording. Otherwise, this constitutes a crime.
Also, sniffing Wifi for data not aimed at you is illegal. The law is quite broad and covers unencrypted data. Sniffing MACs of devices that don't communicate with your own network falls under that. Sending deauthenticarion packages using those MACs proves the intent to deliberately obtain that data. Thus might even result in a prison sentence. Deliberately interfering with the operation of a Wifi network may also constitute computer sabotage, but the bar for that is higher.
EDIT: I also forgot: creating the program that is intended to specifically interfere with the doorbell is also punishable. This is one of the rare cases where the preparation of a crime constitutes a separate crime in itself. The same goes for the distribution of such tools.