Companies and governments use various techniques to investigate when computer break-ins happen, and to learn more about potential intruders. But these techniques can invade the privacy of entities other than the suspect, and violate privacy laws. Additionally, regulations may define different investigative techniques themselves as attacks or intrusions. There is little legal guidance in this area, and a lot of uncertainty. This talk will discuss the legality and of network scans, war driving, borrowing wireless connectivity, sniffers, "hack-back", social engineering and other techniques under U.S. law.