Don,
You mentioned a sernario where 802.11 itself is encrypted, I disagree that's legal (see below). I'm also under the impression that, in some cases, the return packet may be a 3rd party communication (if you want to discuss this from Layer 3); but I won't get into that, since I purposely stuck to Layer 1 to formulate my theory.
The "communication" here is an 802.11 frame (which happens to contain an Ethernet [802.3] frame, which contains an TCP/IP packet). So, at the 'nitty-gritty' of RF, I'm sending you an 802.11 frame by DSSS or OFDM - by Part 97, I can't obfuscate the 802.11 WLAN frames (so encrypted access points may be a no-no here, but ARRL even says that the code can be 'published' and they believe that solves the closed access point issue - I suppose analogous to someone not knowing the PL tone to transmit, if you will; but I don't 100% agree).
I'm 100% aware some stations may disagree with that notion; but as far as I'm concerned, I can sniff 802.11 frames all day, if I can determine the callsign somewhere, tell if it's 802.11, tell the device MACs and that it's an Ethernet frame (even even more, that it's ICMP/TCP/UDP/GRE/IPENCAP/etc.), we're within the scope of the Part 97.
-KB3VWG