Legal experts debate legality of Firefox add-on that steals Facebook, Twitter account access at public hot spots
By Gregg Keizer | Computer World
People using the Firesheep add-on may be breaking federal wiretapping laws, legal experts said today.
Or maybe not.
“I honestly don’t know the answer,” said Phil Malone, a clinical professor of law at Harvard Law School as well as the director of the school’s Cyberlaw Clinic at the Berkman Center for Internet and Society. Malone also served for more than 20 years as a federal prosecutor with the U.S. Department of Justice.
Firesheep, which was released just over a week ago and has been downloaded nearly half a million times since, is an add-on to Mozilla’s Firefox browser that identifies users on an open network — such as a coffee shop’s public Wi-Fi hot spot — who are visiting an unsecured Web site. A double-click in Firesheep gives its handler instant access to the accounts of others accessing Twitter and Facebook, among numerous other popular Web destinations.
But while the tool itself is not illegal, using it may be a violation of federal wiretapping laws and an invasion of privacy, experts said.
“There are two schools of thought,” said Jonathan Gordon, a partner in the Los Angeles office of law firm Aston & Bird. “The first is that there’s no reasonable expectation of privacy in a public insecure Wi-Fi connection.”
Gordon, who regularly counsels clients on their Internet business practices, cited the U.S. statute pertaining to wiretapping, which states that it’s not a violation of the law “to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.”
But a second school of thought, said Gordon, “is that when people are accessing their social network [account], they have an expectation that whatever they’re doing is governed by the privacy settings in that network.” In other words, the fact that accessing a site takes place in an unsecure environment is beside the point.
Gordon acknowledged that the second position was held by a minority of legal experts.