"Google, in response to government inquiries and lawsuits, claims it is lawful to use packet-sniffing tools readily available on the internet to spy on and download payload data from others using the same open Wi-Fi access point."
Passive sniffing is one thing. Active unauthorised access to a computer using FireSheep is definitely illegal in the UK according to the Computer Misuse Act:
(1) A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to
any program or data held in any computer, or to enable any such access to be
secured;
(b) the access he intends to secure, or to enable to be secured, is unauthorised;
and
(c) he knows at the time when he causes the computer to perform the function that
that is the case.
(2) The intent a person has to have to commit an offence under this section need
not be directed at—
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
I think passive sniffing may also be illegal in the UK according to RIPA [1] as it is unauthorised interception of public telecommunications.
Yeah, definitely illegal in the UK. I'd be surprised if it wasn't illegal in the US too.
So he's basically just blogged about committing a crime. I wonder what would happen if one if his "victims" read this and then contacted the police. I bet Facebook has enough information logged about which accounts were accessing Facebook from that IP at the time, and which of them received his messages.
if it were somehow deemed illegal, i'm sure github would get a subpoena requesting a list of everyone who downloaded firesheep... and then everyone on HN would be looking for a lawyer.
I would imagine they would need to actually prove you hijacked someones cookie? You could always claim you downloaded it to view the source or to check if your security implementation was broken by it.
