mesh

mesh@sudoroom.org

1409 discussions

Fwd: [Commotion-discuss] Seattle Police mesh network for surveillance?

by Jenny Ryan

---------- Forwarded message ---------- From: Preston Rhea <prestonrhea(a)opentechinstitute.org> Date: Thu, Nov 7, 2013 at 6:49 AM Subject: Fwd: [Commotion-discuss] Seattle Police mesh network for surveillance? To: Jenny Ryan <jenny(a)thepyre.org>, Shaun Houlihan <shaunhoulihan(a)gmail.com> Thought this would interest y'all, I don't know if you are already on the Commotion listserv Jenny. ---------- Forwarded message ---------- From: Dan Staples <danstaples(a)opentechinstitute.org> Date: Wed, Nov 6, 2013 at 9:32 PM Subject: [Commotion-discuss] Seattle Police mesh network for surveillance? To: commotion-discuss <commotion-discuss(a)lists.chambana.net> http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143… You Are a Rogue Device A New Apparatus Capable of Spying on You Has Been Installed Throughout Downtown Seattle. Very Few Citizens Know What It Is, and Officials Don’t Want to Talk About It. by Matt Fikse-Verkerk and Brendan Kiley If you're walking around downtown Seattle, look up: You'll see off-white boxes, each one about a foot tall with vertical antennae, attached to utility poles. If you're walking around downtown while looking at a smartphone, you will probably see at least one—and more likely two or three—Wi-Fi networks named after intersections: "4th&Seneca," "4th&Union," "4th&University," and so on. That is how you can see the Seattle Police Department's new wireless mesh network, bought from a California-based company called Aruba Networks, whose clients include the Department of Defense, school districts in Canada, oil-mining interests in China, and telecommunications companies in Saudi Arabia. The question is: How well can this mesh network see you? How accurately can it geo-locate and track the movements of your phone, laptop, or any other wireless device by its MAC address (its "media access control address"—nothing to do with Macintosh—which is analogous to a device's thumbprint)? Can the network send that information to a database, allowing the SPD to reconstruct who was where at any given time, on any given day, without a warrant? Can the network see you now? The SPD declined to answer more than a dozen questions from The Stranger, including whether the network is operational, who has access to its data, what it might be used for, and whether the SPD has used it (or intends to use it) to geo-locate people's devices via their MAC addresses or other identifiers. Seattle Police detective Monty Moss, one of the leaders of the mesh-network project—one part of a $2.7 million effort, paid for by the Department of Homeland Security—wrote in an e-mail that the department "is not comfortable answering policy questions when we do not yet have a policy." But, Detective Moss added, the SPD "is actively collaborating with the mayor's office, city council, law department, and the ACLU on a use policy." The ACLU, at least, begs to differ: "Actively collaborating" is not how they would put it. Jamela Debelak, technology and liberty director of the Seattle office, says the ACLU submitted policy-use suggestions months ago and has been waiting for a response. Detective Moss also added that the mesh network would not be used for "surveillance purposes... without City Council's approval and the appropriate court authorization." Note that he didn't say the mesh network couldn't be used for the surveillance functions we asked about, only that it wouldn't—at least until certain people in power say it can. That's the equivalent of a "trust us" and a handshake. His answer is inadequate for other reasons as well. First, the city council passed an ordinance earlier this year stating that any potential surveillance equipment must submit protocols to the city council for public review and approval within 30 days of its acquisition and implementation. This mesh network has been around longer than that, as confirmed by Cascade Networks, Inc., which helped install it. Still, the SPD says it doesn't have a policy for its use yet. Mayor McGinn's office says it expects to see draft protocols sometime in December—nearly nine months late, according to the new ordinance. Second, and more importantly, this mesh network is part of a whole new arsenal of surveillance technologies that are moving faster than the laws that govern them are being written. As Stephanie K. Pell (former counsel to the House Judiciary Committee) and Christopher Soghoian (senior policy analyst at the ACLU) wrote in a 2012 essay for the Berkeley Technology Law Journal: The use of location information by law enforcement agencies is common and becoming more so as technological improvements enable collection of more accurate and precise location data. The legal mystery surrounding the proper law enforcement access standard for prospective location data remains unsolved. This mystery, along with conflicting rulings over the appropriate law enforcement access standards for both prospective and historical location data, has created a messy, inconsistent legal landscape where even judges in the same district may require law enforcement to meet different standards to compel location data. In other words, law enforcement has new tools—powerful tools. We didn't ask for them, but they're here. And nobody knows the rules for how they should be used. This isn't the first time the SPD has purchased surveillance equipment (or, as they might put it, public-safety equipment that happens to have powerful surveillance capabilities) without telling the rest of the city. There was the drones controversy this past winter, when the public and elected officials discovered that the SPD had bought two unmanned aerial vehicles with the capacity to spy on citizens. There was an uproar, and a few SPD officers embarked on a mea culpa tour of community meetings where they answered questions and endured (sometimes raucous) criticism. In February, Mayor Mike McGinn announced he was grounding the drones, but a new mayor could change his mind. Those SPD drones are sitting somewhere right now on SPD property. Meanwhile, the SPD was also dealing with the port-camera surveillance scandal. That kicked off in late January, when people in West Seattle began wondering aloud about the 30 cameras that had appeared unannounced on utility poles along the waterfront. The West Seattle neighborhood blog (westseattleblog.com) sent questions to city utility companies, and the utilities in turn pointed at SPD, which eventually admitted that it had purchased and installed 30 surveillance cameras with federal money for "port security." That resulted in an additional uproar and another mea culpa tour, much like they did with the drones, during which officers repeated that they should have done a better job of educating the public about what they were up to with the cameras on Alki. (Strangely, the Port of Seattle and the US Coast Guard didn't seem very involved in this "port security" project—their names only appear in a few cursory places in the budgets and contracts. The SPD is clearly the driving agency behind the project. For example, their early tests of sample Aruba products—beginning with a temporary Aruba mesh network set up in Pioneer Square for Mardi Gras in 2009—didn't have anything to do with the port whatsoever.) The cameras attracted the controversy, but they were only part of the project. In fact, the 30 pole-mounted cameras on Alki that caused the uproar cost $82,682—just 3 percent of the project's $2.7 million Homeland Security–funded budget. The project's full title was "port security video surveillance system with wireless mesh network." People raised a fuss about the cameras. But what about the mesh network? Detective Moss and Assistant Chief Paul McDonagh mentioned the downtown mesh network during those surveillance-camera community meetings, saying it would help cops and firefighters talk to each other by providing a wireless network for their exclusive use, with the potential for others to use overlaid networks handled by the same equipment. (Two-way radios already allow police officers to talk to each other, but officers still use wireless networks to access data, such as the information an officer looks for by running your license plate number when you've been pulled over.) As Brian Magnuson of Cascade Networks, Inc., which helped install the Aruba system, explained the possible use of such a system: "A normal cell-phone network is a beautiful thing right up until the time you really need it—say you've just had an earthquake or a large storm, and then what happens? Everybody picks up their phone and overloads the system." The network is most vulnerable precisely when it's most needed. A mesh network could be a powerful tool for streaming video from surveillance cameras or squad car dash-cams across the network, allowing officers "real-time situational awareness" even when other communication systems have been overloaded, as Detective Moss explained in those community meetings. But the Aruba mesh network is not just for talking, it's also for tracking. After reviewing Aruba's technical literature, as well as talking to IT directors and systems administrators around the country who work with Aruba products, it's clear that their networks are adept at seeing all the devices that move through their coverage area and visually mapping the locations of those devices in real time for the system administrators' convenience. In fact, one of Aruba's major selling points is its ability to locate "rogue" or "unassociated" devices—that is, any device that hasn't been authorized by (and maybe hasn't even asked to be part of) the network. Which is to say, your device. The cell phone in your pocket, for instance. The user's guide for one of Aruba's recent software products states: "The wireless network has a wealth of information about unassociated and associated devices." That software includes "a location engine that calculates associated and unassociated device location every 30 seconds by default... The last 1,000 historical locations are stored for each MAC address." For now, Seattle's mesh network is concentrated in the downtown area. But the SPD has indicated in PowerPoint presentations—also acquired by The Stranger—that it hopes to eventually have "citywide deployment" of the system that, again, has potential surveillance capabilities that the SPD declined to answer questions about. That could give a whole new meaning to the phrase "real-time situational awareness." So how does Aruba's mesh network actually function? Each of those off-white boxes you see downtown is a wireless access point (AP) with four radios inside it that work to shove giant amounts of data to, through, and around the network, easily handling bandwidth-hog uses such as sending live, high-resolution video to or from moving vehicles. Because this grid of APs forms a latticelike mesh, it works like the internet itself, routing traffic around bottlenecks and "self-healing" by sending traffic around components that fail. As Brian Magnuson at Cascade Networks explains: "When you have 10 people talking to an AP, no problem. If you have 50, that's a problem." Aruba's mesh solution is innovative—instead of building a few high-powered, herculean APs designed to withstand an immense amount of traffic, Aruba sprinkles a broad area with lots of lower-powered APs and lets them figure out the best way to route all the data by talking to each other. Aruba's technology is considered cutting-edge because its systems are easy to roll out, administer, and integrate with other systems, and its operating system visualizes what's happening on the network in a simple, user-friendly digital map. The company is one of many firms in the networking business, but, according to the tech-ranking firm Gartner, Aruba ranks second (just behind Cisco) in "completeness of vision" and third in "ability to execute" for its clever ways of getting around technical hurdles. Take Candlestick Park, the San Francisco 49ers football stadium, which, Magnuson says, is just finishing up an Aruba mesh network installation. The stadium has high-intensity cellular service needs—70,000 people can converge there for a single event in one of the most high-tech cities in America, full of high-powered, newfangled devices. "Aruba's solution was ingenious," Magnuson says. It put 640 low-power APs under the stadium's seats to diffuse the data load. "If you're at the stadium and trying to talk to an AP," Magnuson says, "you're probably sitting on it!" Another one of Aruba's selling points is its ability to detect rogue devices—strangers to the system. Its promotional "case studies" trumpet this capability, including one report about Cabela's hunting and sporting goods chain, which is an Aruba client: "Because Cabela's stores are in central shopping areas, the company captures huge quantities of rogue data—as many as 20,000 events per day, mostly from neighboring businesses." Aruba's network is identifying and distinguishing which devices are allowed on the Cabela's network and which are within the coverage area but are just passing through. The case study also describes how Cabela's Aruba network was able to locate a lost price-scanner gun in a large warehouse by mapping its location, as well as track employees by the devices they were carrying. It's one thing for a privately owned company to register devices it already owns with a network. It's another for a local police department to scale up that technology to blanket an entire downtown—or an entire city. Aruba also sells a software product called "Analytics and Location Engine 1.0." According to a document Aruba has created about the product, ALE "calculates the location of associated and unassociated wifi devices... even though a device has not associated to the network, information about it is available. This includes the MAC address, location, and RSSI information." ALE's default setting is anonymous, which "allows for unique user tracking without knowing who the individual user is." But, Aruba adds in the next sentence, "optionally the anonymization can be disabled for richer analytics and user behavior tracking." The network has the ability to see who you are—how deeply it looks is up to whoever's using it. (The Aruba technology, as far as we know, does not automatically associate a given MAC address with the name on the device's account. But figuring out who owns the account—by asking a cell-phone company, for example—would not be difficult for a law-enforcement agency.) Geo-location seems to be an area of intense interest for Aruba. Last week, the Oregonian announced that Aruba had purchased a Portland mapping startup called Meridian, which, according to the article, has developed software that "pinpoints a smartphone's location inside a venue, relying either on GPS technology or with localized wireless networks." The technology, the article says, "helps people find their way within large buildings, such as malls, stadiums, or airports and enables marketing directed at a phone's precise location." How does that geo-location work? Devices in the network's coverage area are "heard" by more than one radio in those APs (the off-white boxes). Once the network hears a device from multiple APs, it can compare the strength and timing of the signal to locate where the device is. This is classic triangulation, and users of Aruba's AirWave software—as in the Cabela's example—report that their systems are able to locate devices to within a few feet. In the case of large, outdoor installations where APs are more spread out, the ability to know what devices are passing through is useful—especially, perhaps, to policing agencies, which could log that data for long-term storage. As networking products and their uses continue to evolve, they will only compound the "legal mystery" around how this technology could and should be used that Pell and Soghoian described in their Berkeley Technology Law Journal piece. Aruba's mesh network is state-of-the-art, but something significantly smarter and more sensitive will surely be on the market this time next year. And who knows how much better the software will get. An official spokesperson for Aruba wrote in an e-mail that the company could not answer The Stranger's questions because they pertained "to a new product announcement" that would not happen until Thanksgiving. "Aruba's technology," the spokesperson added, "is designed for indoor (not outdoor) usage and is for consumer apps where they opt in." This is in direct contradiction to Aruba's own user's manuals, as well as the fact that the Seattle Police Department installed an outdoor Aruba mesh network earlier this year. One engineer familiar with Aruba products and similar systems—who requested anonymity—confirmed that the mesh network and its software are powerful tools. "But like anything," the engineer said, it "can be used inappropriately... You can easily see how a user might abuse this ability (network admin has a crush on user X, monitors user X's location specifically)." As was widely reported earlier this year, such alleged abuses within the NSA have included a man who spied on nine women over a five-year period, a woman who spied on prospective boyfriends, a man who spied on his girlfriend, a husband who spied on his wife, and even a man who spied on his ex-girlfriend "on his first day of access to the NSA's surveillance system," according to the Washington Post. The practice was so common within the NSA, it got its own classification: "LOVEINT." Other Aruba clients—such as a university IT director, a university vice president, and systems administrators—around the country confirmed it wouldn't be difficult to use the mesh network to track the movement of devices by their MAC addresses, and that building a historical database of their movements would be relatively trivial from a data-storage perspective. As Bruce Burton, an information technology manager at the University of Cincinnati (which uses an Aruba network), put it in an e-mail: "This mesh network will have the capability to track devices (MAC addresses) throughout the city." Not that the SPD would do that—but we don't know. "We definitely feel like the public doesn't have a handle on what the capabilities are," says Debelak of the ACLU. "We're not even sure the police department does." It all depends on what the SPD says when it releases its mesh-network protocols. "They're long overdue," says Lee Colleton, a systems administrator at Google who is also a member of the Seattle Privacy Coalition, a grassroots group that formed in response to SPD's drone and surveillance-camera controversies. "If we don't deal with this kind of thing now, and establish norms and policies, we'll find ourselves in an unpleasant situation down the road that will be harder to change." The city is already full of surveillance equipment. The Seattle Department of Transportation, for example, uses license-plate scanners, sensors embedded in the pavement, and other mechanisms to monitor individual vehicles and help estimate traffic volume and wait time. "But as soon as that data is extrapolated," says Adiam Emery of SDOT, "it's gone." They couldn't turn it over to a judge if they tried. Not that license-plate scanners have always been so reliable. Doug Honig of the ACLU remembers a story he heard from a former staffer a couple of years ago about automatic license-plate readers on police cars in Spokane. Automatic license-plate readers "will read a chain-link fence as XXXXX," Honig says, "which at the time also matched the license plate of a stolen car in Mississippi, resulting in a number of false alerts to pull over the fence." Seattle's mesh network is only one instance in a trend of Homeland Security funding domestic surveillance equipment. Earlier this month, the New York Times ran a story about a $7 million Homeland Security grant earmarked for "port security"—just like the SPD's mesh-network funding—in Oakland. "But instead," the Times reports, "the money is going to a police initiative that will collect and analyze reams of surveillance data from around town—from gunshot- detection sensors in the barrios of East Oakland to license plate readers mounted on police cars patrolling the city's upscale hills." The Oakland "port security" project, which the Times reports was formerly known as the "Domain Awareness Center," will "electronically gather data around the clock from a variety of sensors and databases, analyze that data, and display some of the information on a bank of giant monitors." The Times doesn't detail what kind of "sensors and databases" the federally funded "port security" project will pay for, but perhaps it's something like Seattle's mesh network with its ability to ping, log, and visually map the movement of devices in and out of its coverage area. Which brings up some corollary issues, ones with implications much larger than the SPD's ability to call up a given time on a given day and see whether you were at work, at home, at someone's else home, at a bar, or at a political demonstration: What does it mean when money from a federal agency like the Department of Homeland Security is being funneled to local police departments like SPD to purchase and use high-powered surveillance gear? For federal surveillance projects, the NSA and other federal spying organizations have at least some oversight—as flawed as it may be—from the Foreign Intelligence Surveillance Court (also known as the FISA court) and the US Congress. But local law enforcement doesn't have that kind of oversight and, in Seattle at least, has been buying and installing DHS-funded surveillance equipment without explaining what it's up to. The city council's surveillance ordinance earlier this year was an attempt to provide local oversight on that kind of policing, but it has proven toothless. It's reasonable to assume that locally gleaned information will be shared with other organizations, including federal ones. An SPD diagram of the mesh network, for example, shows its information heading to institutions large and small, including the King County Sheriff's Office, the US Coast Guard, and our local fusion center. Fusion centers, if you're unfamiliar with the term, are information-sharing hubs, defined by the Department of Homeland Security as "focal points" for the "receipt, analysis, gathering, and sharing" of surveillance information. If federally funded, locally built surveillance systems with little to no oversight can dump their information in a fusion center—think of it as a gun show for surveillance, where agencies freely swap information with little restriction or oversight—that could allow federal agencies such as the FBI and the NSA to do an end-run around any limitations set by Congress or the FISA court. If that's their strategy in Seattle, Oakland, and elsewhere, it's an ingenious one—instead of maintaining a few high-powered, herculean surveillance agencies designed to digest an immense amount of traffic and political scrutiny, the federal government could sprinkle an entire nation with lots of low-powered surveillance nodes and let them figure out the best way to route the data by talking to each other. By diffusing the way the information flows, they can make it flow more efficiently. It's an innovative solution—much like the Aruba mesh network itself. The Department of Homeland Security has not responded to requests for comment. -- Dan Staples Open Technology Institute https://commotionwireless.net OpenPGP key: http://disman.tl/pgp.asc Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9 _______________________________________________ Commotion-discuss mailing list Commotion-discuss(a)lists.chambana.net https://lists.chambana.net/mailman/listinfo/commotion-discuss -- Preston Rhea Field Analyst, Open Technology Institute New America Foundation +1-202-570-9770 Twitter: @prestonrhea

10 years, 10 months

Smallest Federated Wiki

by Mitar

Hi! Maybe we could get this to run on every node? https://github.com/WardCunningham/Smallest-Federated-Wiki (Probably not, it is Ruby.) Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m

10 years, 10 months

How do I join the Mesh and add my own node?

by Luis Murillo

Hi ya'll, I was up perusing the site and wiki and noticed there's not a clear/intuitive way to join the mesh. I understand this undertaking may be more difficult than just completing an online webform. However, we could add a page to PeoplesOpen which gives detailed instructions on how to start the process of adding a new node to the Mesh. Thoughts? -Luis

10 years, 10 months

Fwd: [secreadgroup] TRUST Security Seminar, Harlan Yu, Thursday, November 14, 1:00 pm

by Mitar

Hi! Interesting as well. Mitar -------- Original Message -------- From: Carolyn Winter <cawinter(a)eecs.berkeley.edu> Subject: [secreadgroup] TRUST Security Seminar, Harlan Yu, Thursday, November 14, 1:00 pm To: trustlocal(a)truststc.org, trustseminar(a)truststc.org, eecs-announce(a)eecs.berkeley.edu, secreadgroup(a)lists.berkeley.edu Please join us for the next TRUST seminar<http://www.truststc.org/seminar/index.html> : *Collateral Freedom: A Snapshot of Chinese Internet Users Circumventing Censorship* Harlan Yu, Robinson + Yu Thursday, *November 14,* at 1:00 PM Soda Hall, Wozniak Lounge Abstract: What’s the best way to provide Internet freedom for users in mainland China? “Collateral Freedom,” a recent report based on a new survey of Chinese users, found some surprising answers. Many of the purpose-built Internet freedom tools aimed at dissidents no longer work, while simpler technologies that are widely used by businesses (such as VPNs) have emerged as the primary means for individual Chinese users to access censored information. The most effective strategies rely not on technological stealth, but instead on leveraging the regime’s commercial incentives, suggesting that Internet freedom in China may be at least as much a matter of commercial diplomacy as of human rights. Harlan Yu will discuss the report's methods, findings, and the next steps coming out of this work. Bio: Harlan Yu is a principal at Robinson + Yu, a Washington D.C.-based consulting firm. His firm works for social sector clients on a range of technology policy issues, including online privacy and civil rights, Internet freedom, and open government. He holds a Ph.D. in computer science from Princeton University, where he was affiliated with its Center for Information Technology Policy (CITP). He has extensive hands-on experience at the intersection of technology and policy, including past roles at Google, the Electronic Frontier Foundation, and the U.S. Department of Labor. In addition to his Ph.D., he holds a B.S. in electrical engineering and computer sciences from UC Berkeley. --- Carolyn Winter Program Manager, TRUST University of California, Berkeley 337F Cory Hall, #1774 Berkeley, CA 94720 (510) 643-8425 www.truststc.org -- http://mitar.tnode.com/ https://twitter.com/mitar_m

10 years, 10 months

Fwd: [i-announce@ischool] Friday Afternoon Seminar: Nov 15: Nick Merrill & Clifford Lynch

by Mitar

Hi! Interesting. Mitar -------- Original Message -------- From: Michael Buckland <buckland(a)berkeley.edu> Subject: [i-announce@ischool] Friday Afternoon Seminar: Nov 15: Nick Merrill & Clifford Lynch To: friday(a)ischool.berkeley.edu, I School Announcement <i-announce(a)ischool.berkeley.edu> FRIDAY AFTERNOON SEMINAR ON INFORMATION ACCESS. South Hall 107, Fridays 3-5 pm http://courses.ischool.berkeley.edu/i296a-ia/f13/schedule.html Open to the public. Everyone interested is welcome! *Friday, Nov 15: Nick MERRILL and Clifford LYNCH. Nick MERRILL: Alternative Visions of Internet Connectivity.* A short progress report will include discussion on the following projects: - /Namecoin/, a widely distributed DNS that relies on a proof-of-work cryptosystem to align the database over many peers; - /tent.io/ - a novel approach to cloud-based application development in which users store their personal data locally; and - /commotion wireless/, a cross-platform mesh network protcol with its eye on more than simple router replacement; and - /vole/ and its cousin /idas blue/ with shoutout to /blogracy/ --- attempts at peer-to-peer messaging that seem to slip below the great firewall of China. * Clifford LYNCH: The Failure of Stewardship Organizations and the Transfer or Conservation of Cultural Materials.* Continued from Sept 27: In the past decade or so, we've seen many examples of stewardship organizations abandoning their management of collections, usually for economic reasons. In some cases, these situations raise very interesting governance, legal and public policy problems as well as financial and operational issues. In this discussion, I'll examine a number of representative case studies, and focus on how the ability to create very high quality digital representations of physical items or collections may change the situation. Time permitting, I'll also begin a discussion of how these situations may play out when the collections are themselves inherently digital. FORTHCOMING Friday, Nov 22 in South Hall 205: Change of program: Marilyn TREMAINE: Investigating What Makes 3D Visualizations Difficult. Friday, Nov 29: Thanksgiving: No seminar meeting. Friday, Dec 6: Nick MERRILL: Alternative Visions of Internet Connectivity. Karen SMITH-YOSHIMURA: Registering Researchers in Authority Files. -- Michael Buckland, School of Information, University of California, Berkeley, CA 94720-4600 (510) 642 3159 buckland(a)ischool.berkeley.edu http://www.berkeley.edu/~buckland Co-Director, Electronic Cultural Atlas Initiative -- http://mitar.tnode.com/ https://twitter.com/mitar_m

10 years, 10 months

Call to arms: How hackers can help Haiyan recovery in the Philippines

by Jenny Ryan

Help, mesh hackers!: http://www.govloop.com/forum/topics/call-to-arms-how-hackers-can-help-haiya… Jenny http://jennyryan.net http://thepyre.org http://thevirtualcampfire.org http://technomadic.tumblr.com `~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~` "Technology is the campfire around which we tell our stories." -Laurie Anderson "Storytelling reveals meaning without committing the error of defining it." -Hannah Arendt "To define is to kill. To suggest is to create." -Stéphane Mallarmé ~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`

10 years, 10 months

Changing the MAC address

by Jeremy Entwistle

*He wants to follow her around the city or simply learn where she lives. Using the node map, which includes node IP addresses (or because he simply drove around the city and mapped them out himself) he knows the IP/MAC to physical location mapping of all nodes.* I think this is a concern. I don't think anybody wants to go from the government having this ability to anybody having this ability. I'm not sure the best idea of implementing this, but what it sounds like it comes down to is the identifier. We need something on the mesh which will allow 1) nodes communicate to nodes on the mesh and 2) nodes communicate to nodes through the internet (via a tunnelling program). Currently batman does this with MAC addresses, however, as we mentioned in a previous meeting, you can have duplicate MAC addresses because of the manufacturer (most likely problem) or randomly generated. I think it's possible to do the following: Client <-- MAC addresses --> Node Node <-- unique keys --> Node Exit Node < -- IP addresses --> Internet (or Tor Network) In the same way that the exit node serves as a barrier for the mesh to the internet, I think a node can do the same for MAC addresses of phones and it's locally connected devices. This should eliminate the need for disabling the traceroute function, which from what understand needs to be there in order for batman to determine a reliable and quick connection between nodes. The only complication I can think of being able to create your own unique key is to verify on the network that it's unique. It probably can be figured out with working with the DAT files. http://www.open-mesh.org/projects/batman-adv/wiki/DistributedArpTable *I see the localization possibilities as a feature which can empower local communities, where users can get services and content based on where in the mesh network they are. I see mesh networks as connections between people.* Agreed! I don't think by being the protocol to be anonymous makes it so that you have to remain anonymous. It just allows you to be anonymous by default. In my mind, I think it would be amazing to implement into the protocol something comparable to the networks on social media sites. Such that, I have a unique key as my address on the mesh, I run a server from my node and I want people to have access to it. However, maybe I have very good reason to want to change my key every couple of days, but I want to a specific group of nodes to know my address change. Then I think it would be important to allow that node update this group of nodes with your key change, once verified with the network as being unique. Or as mentioned, only sharing your key to a group of nodes (or a certain number of hops) then the packets being carried out by another identifier beyond that point. All that being said... I'm still learning and this may not work at all. Feedback please! :) On Mon, Nov 11, 2013 at 2:36 AM, <mesh-request(a)lists.sudoroom.org> wrote: > Send mesh mailing list submissions to > mesh(a)lists.sudoroom.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.sudoroom.org/listinfo/mesh > or, via email, send a message with subject or body 'help' to > mesh-request(a)lists.sudoroom.org > > You can reach the person managing the list at > mesh-owner(a)lists.sudoroom.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of mesh digest..." > > > Today's Topics: > > 1. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for > surveillance? (Marc Juul) > 2. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for > surveillance? (Mitar) > 3. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for > surveillance? (Marc Juul) > 4. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for > surveillance? (Mitar) > 5. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for > surveillance? (Marc Juul) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 10 Nov 2013 21:22:32 -0800 > From: Marc Juul <juul(a)labitat.dk> > To: rhodey <rhodey(a)anhonesteffort.org> > Cc: "mesh(a)lists.sudoroom.org" <mesh(a)lists.sudoroom.org> > Subject: Re: [Mesh] Fwd: [Commotion-discuss] Seattle Police mesh > network for surveillance? > Message-ID: > <CAL4ejvRY+Specdgjh_w1hOfHY==BP8t5+3n4= > HwH_gBCWf+OPw(a)mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > On Sun, Nov 10, 2013 at 5:00 PM, rhodey <rhodey(a)anhonesteffort.org> wrote: > > > > Not really. Routing protocol measures packet loss from all neighboring > > > nodes to the client to determine how to best route traffic to the > > > client. You can possible use this as a signal strength indicator. > > > > Aha! Awesome idea Mitar, very tricky. Now we need to configure mesh > > nodes to arbitrarily drop packets :P > > > > > You can maybe try to repurpose ARP proxy support in Linux: > > > > > > https://en.wikipedia.org/wiki/Proxy_ARP > > > > Thanks, I'll take a look. > > > > It seems to me that both of these solutions are likely to degrade the > performance of the mesh. > > Creating a bunch of fake nodes with fake MAC addresses could make it more > difficult to initially identify the MAC address of a target node (because > it is easy to associate a MAC with a physical device if there is only one > device in that area), but I don't think it would actually accomplish much, > since most modern operating systems broadcast stuff like their hostnames > and shared files/music. It's often easy to associate a host and MAC/IP. > Once you know the MAC of your target, you can track them until they change > their MAC. Perhaps it would benefit people who often change their MAC > address. It would cause a lot of extra network-wide broadcast of > originator-messages. > > Perhaps there is a better way to deal with the problem. If I understand > batman-adv correctly, no node requires knowledge of anything but the next > hop for every destination. This should mean that we don't need the layer 2 > traceroute functionality that batman-adv includes. If we change batman-adv > such that a node can only ever know the next hop for a given destination, > that leaks limited location information (though it could leak info such as > general location if e.g. you're in west oakland and you're simultaneously > connected to a node that only links to berkeley and another that only links > to east oakland). If we need the layer 2 traceroute as network admins, then > we can implement crypto such that nodes only respond to layer 2 traceroutes > if request has a valid signature. This would not be very difficult since > Linux Kernel 3.7+ implements RSA signature verification. > > -- > Marc/Juul > > > > -- > > -- rhodey ? ??? > > > > On 11/10/2013 04:57 PM, Mitar wrote: > > > Hi! > > > > > >> We can ensure that IP addresses are cycled frequent enough because > > >> we'll have control over a majority of the DHCP servers on the mesh so > > >> I'll be focusing on MAC addresses. > > > > > > Not to mention that IP addresses will be private and there will be NAT > > > for Internet. > > > > > > And for IPv6 you will probably use autoconfiguration based on the MAC > > > anyway, no? > > > > > > So the question is just MAC at the end. > > > > > >> It is important to realize that only mesh nodes (access points) have > > >> *potential* knowledge of signal strength > > > > > > Not really. Routing protocol measures packet loss from all neighboring > > > nodes to the client to determine how to best route traffic to the > > > client. You can possible use this as a signal strength indicator. > > > > > > Depending on the routing protocol this information might not be > > > available further down the routing path. In BATMAN I believe only > direct > > > neighbors know this information. > > > > > > But on the other hand, you often want to collect this information > > > globally to be able to improve network performance. But we could be > > > collecting this information in a way that clients are anonymized, while > > > we still get link/topology data. > > > > > >> To increase user privacy I would like to experiment with a MAC address > > >> spoofing service that could run on mesh nodes or volunteer hosts. > > > > > > You can maybe try to repurpose ARP proxy support in Linux: > > > > > > https://en.wikipedia.org/wiki/Proxy_ARP > > > > > >> But it is not that simple of course, because spoofed MAC addresses > > >> need to persist just as legitimate MAC addresses do, and move about > > >> in the physical world (connect to different mesh nodes) just as other > > >> legitimate users will. > > > > > > And of course produce unique traffic as well. > > > > > > > > > Mitar > > > > > _______________________________________________ > > mesh mailing list > > mesh(a)lists.sudoroom.org > > http://lists.sudoroom.org/listinfo/mesh > > >

10 years, 10 months

Re: [Mesh] mesh Digest, Vol 10, Issue 20

by Jeremy Entwistle

Okay, that's very true. Then what about interfacing nodes with clients on MAC addresses, but then node to node with a different address? Wouldn't that provide similar security as to what we're trying to do with exit nodes? The MAC address for the phones only being known to the node, but then not using it for delivery throughout the mesh. On Sun, Nov 10, 2013 at 4:39 PM, <mesh-request(a)lists.sudoroom.org> wrote: > Send mesh mailing list submissions to > mesh(a)lists.sudoroom.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.sudoroom.org/listinfo/mesh > or, via email, send a message with subject or body 'help' to > mesh-request(a)lists.sudoroom.org > > You can reach the person managing the list at > mesh-owner(a)lists.sudoroom.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of mesh digest..." > > > Today's Topics: > > 1. Re: Changing your MAC address (rhodey) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 10 Nov 2013 16:39:22 -0800 > From: rhodey <rhodey(a)anhonesteffort.org> > To: mesh(a)lists.sudoroom.org > Subject: Re: [Mesh] Changing your MAC address > Message-ID: <5280273A.6060804(a)anhonesteffort.org> > Content-Type: text/plain; charset=UTF-8 > > >> does it have to be a MAC address? > > Yes. We only (at most) have control of the mesh nodes (access points) in > our network-- not the mesh clients (desktop, laptop, cellphone). > > Desktops, laptops, cellphones all have networking stacks and they will > all use a MAC address. If they are cellphones it is likely that the MAC > address cannot be changed/spoofed without rooting the OS (not user > friendly). > > -- > -- rhodey ????? > > On 11/10/2013 04:31 PM, Jeremy Entwistle wrote: > > Well, one question that's been on my mind is does it have to be a MAC > > address? I think ideally we would have something comparable to a > > fingerprint or randomly generated addresses that are assigned by the > > network. Also, in looking at SSL vs pre-shared keys, apparently its > > slower and more demanding of our resources to use SSL... but at the same > > time, I'm not sure how to securely distribute and verify pre-shared keys > > throughout a network. Also, it seems to me that speed and preventing any > > latency on the network is more important than the key itself, because > > anybody can join the network, and there's the possibility of generating > > keys every couple of hours. > > > > I guess what I'm saying is that the internet depends on IPs, Meshes have > > been dependent on MACs, but I don't see why we have to depend on either. > > > > > > On Sun, Nov 10, 2013 at 3:54 PM, Mitar <mitar(a)tnode.com > > <mailto:mitar@tnode.com>> wrote: > > > > Hi! > > > > So we might create an app for people to install to change MAC > addresses > > randomly. :-) So a privacy preserving app for mesh networks. > > > > It would make sure that your WiFi does not broadcast a list of known > > networks as well. > > > > > > Mitar > > > > > I looked into this awhile ago and it's very easy to change mac > > addresses. > > > Kali Linux Tutorials: How to Change or Spoof a MAC Address > > > https://www.youtube.com/watch?v=JyP8aGtPZpA > > > > > > > > > On Sun, Nov 10, 2013 at 3:03 PM, <mesh-request(a)lists.sudoroom.org > > <mailto:mesh-request@lists.sudoroom.org>> wrote: > > > > > >> Send mesh mailing list submissions to > > >> mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org> > > >> > > >> To subscribe or unsubscribe via the World Wide Web, visit > > >> http://lists.sudoroom.org/listinfo/mesh > > >> or, via email, send a message with subject or body 'help' to > > >> mesh-request(a)lists.sudoroom.org > > <mailto:mesh-request@lists.sudoroom.org> > > >> > > >> You can reach the person managing the list at > > >> mesh-owner(a)lists.sudoroom.org > > <mailto:mesh-owner@lists.sudoroom.org> > > >> > > >> When replying, please edit your Subject line so it is more > specific > > >> than "Re: Contents of mesh digest..." > > >> > > >> > > >> Today's Topics: > > >> > > >> 1. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for > > >> surveillance? (rhodey) > > >> > > >> > > >> > > > ---------------------------------------------------------------------- > > >> > > >> Message: 1 > > >> Date: Sun, 10 Nov 2013 15:03:01 -0800 > > >> From: rhodey <rhodey(a)anhonesteffort.org > > <mailto:rhodey@anhonesteffort.org>> > > >> To: mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org> > > >> Subject: Re: [Mesh] Fwd: [Commotion-discuss] Seattle Police mesh > > >> network for surveillance? > > >> Message-ID: <528010A5.8030704(a)anhonesteffort.org > > <mailto:528010A5.8030704@anhonesteffort.org>> > > >> Content-Type: text/plain; charset=UTF-8 > > >> > > >> Police, govt, and other evil adversaries are free to setup their > own > > >> hardware, their own mesh, the idea is not to prevent this but to > > prevent > > >> the use of good mesh networks for evil. I want to give more > > thought to > > >> this subject sometime in the near future but for now this is what > > I have... > > >> > > >> The major concern here (as I see it) is the persistence of MAC > > >> addresses. The average user does not know how to change their MAC > > >> address and in the case of most mobile devices it is not possible > to > > >> change the MAC address. We can ensure that IP addresses are cycled > > >> frequent enough because we'll have control over a majority of the > > DHCP > > >> servers on the mesh so I'll be focusing on MAC addresses. > > >> > > >> In any local network a MAC address can be associated with network > > >> traffic, the obvious solution here is to use encryption. The > problem > > >> with MAC addresses in a mesh network is that they could also be > > >> associated with a location. > > >> > > >> On any layer 2 network it is possible for any connected host to > > >> determine the route to any other host using a MAC address as an > > >> identifier. Because mesh nodes have a fixed (and likely known) > > physical > > >> location it can be assumed that the last hop in the route > > corresponds to > > >> the physical location of the specific host. > > >> > > >> It is important to realize that only mesh nodes (access points) > have > > >> *potential* knowledge of signal strength and other 802.11 > > broadcast type > > >> frames-- sure Oakland PD can setup a device to listen to all > 802.11 > > >> traffic, but remember we're only focusing on how existing > > hardware can > > >> be abused. So, one host *cannot* triangulate the location of > another > > >> host. *From the perspective of a host on the mesh, a host can > only be > > >> connected to one mesh node or disconnected from the network.* In > the > > >> context of physical location, the privacy of a host on the mesh > is a > > >> function of the area covered by the mesh node it is connected to. > > >> > > >> To increase user privacy I would like to experiment with a MAC > > address > > >> spoofing service that could run on mesh nodes or volunteer hosts. > The > > >> service would basically pretend to be just another host on the > > network > > >> identified by some MAC address. The service could intelligently > spawn > > >> fake hosts depending on the number of other hosts connected to the > > >> shared mesh node. Mesh nodes with fewer connected hosts need more > > >> spoofed hosts to increase privacy, etc. But it is not that simple > of > > >> course, because spoofed MAC addresses need to persist just as > > legitimate > > >> MAC addresses do, and move about in the physical world (connect to > > >> different mesh nodes) just as other legitimate users will. I've > > thought > > >> some of this through but it is a large undertaking that needs > further > > >> planning. > > >> > > >> Another thing to keep in mind is that although MAC addresses > could be > > >> used as a persistent identifier *they alone do not represent any > > >> identity.* It is not until an adversary obtains additional > > information > > >> that a MAC address could be used to identify an individual > > person. Not > > >> to say the surveillance of pseudo-anonymous individual and group > > >> movement is negligible, just pointing this out. > > >> > > >> In conclusion (for now) by keeping our software and build > > processes open > > >> we can convince reasonable users that it is not possible for us > > to track > > >> them with more than neighborhood level accuracy. If we go further > and > > >> deploy something like the MAC spoofing service it could be > > possible to > > >> extend this guarantee further. I think it is also likely that > > this MAC > > >> spoofing service could be designed to prevent/degrade 802.11 style > > >> surveillance by hardware outside our control. > > >> > > >> -- > > >> -- rhodey ????? > > >> > > >> On 11/10/2013 11:44 AM, Steve Berl wrote: > > >>> Couldn't a community mesh network be suspected of having the > > same sort > > >>> of tracking abilities? > > >>> How do we convince potential mesh network users that we aren't > > >>> collecting location data on them? > > >>> > > >>> Steve > > >>> > > >>> > > >>> On Friday, November 8, 2013, Jenny Ryan wrote: > > >>> > > >>> > > >>> > > >>> ---------- Forwarded message ---------- > > >>> From: *Preston Rhea* <prestonrhea(a)opentechinstitute.org > > <mailto:prestonrhea@opentechinstitute.org> > > >>> <javascript:_e({}, 'cvml', > > 'prestonrhea(a)opentechinstitute.org > > <mailto:prestonrhea@opentechinstitute.org>');>> > > >>> Date: Thu, Nov 7, 2013 at 6:49 AM > > >>> Subject: Fwd: [Commotion-discuss] Seattle Police mesh > > network for > > >>> surveillance? > > >>> To: Jenny Ryan <jenny(a)thepyre.org <mailto:jenny@thepyre.org> > > <javascript:_e({}, 'cvml', > > >>> 'jenny(a)thepyre.org <mailto:jenny@thepyre.org>');>>, Shaun > > Houlihan <shaunhoulihan(a)gmail.com <mailto:shaunhoulihan@gmail.com> > > >>> <javascript:_e({}, 'cvml', 'shaunhoulihan(a)gmail.com > > <mailto:shaunhoulihan@gmail.com>');>> > > >>> > > >>> > > >>> Thought this would interest y'all, I don't know if you are > > already on > > >>> the Commotion listserv Jenny. > > >>> > > >>> > > >>> ---------- Forwarded message ---------- > > >>> From: Dan Staples <danstaples(a)opentechinstitute.org > > <mailto:danstaples@opentechinstitute.org> > > >>> <javascript:_e({}, 'cvml', 'danstaples(a)opentechinstitute.org > > <mailto:danstaples@opentechinstitute.org>');>> > > >>> Date: Wed, Nov 6, 2013 at 9:32 PM > > >>> Subject: [Commotion-discuss] Seattle Police mesh network for > > >>> surveillance? > > >>> To: commotion-discuss <commotion-discuss(a)lists.chambana.net > > <mailto:commotion-discuss@lists.chambana.net> > > >>> <javascript:_e({}, 'cvml', > > 'commotion-discuss(a)lists.chambana.net > > <mailto:commotion-discuss@lists.chambana.net> > > >> ');>> > > >>> > > >>> > > >>> > > >> > > > http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143… > > >>> > > >>> You Are a Rogue Device > > >>> A New Apparatus Capable of Spying on You Has Been Installed > > >> Throughout > > >>> Downtown Seattle. Very Few Citizens Know What It Is, and > > Officials > > >> Don?t > > >>> Want to Talk About It. > > >>> > > >>> by Matt Fikse-Verkerk and Brendan Kiley > > >>> > > >>> If you're walking around downtown Seattle, look up: You'll > see > > >> off-white > > >>> boxes, each one about a foot tall with vertical antennae, > > attached to > > >>> utility poles. If you're walking around downtown while > > looking at a > > >>> smartphone, you will probably see at least one?and more > > likely two or > > >>> three?Wi-Fi networks named after intersections: "4th&Seneca," > > >>> "4th&Union," "4th&University," and so on. That is how you > > can see the > > >>> Seattle Police Department's new wireless mesh network, > > bought from a > > >>> California-based company called Aruba Networks, whose > > clients include > > >>> the Department of Defense, school districts in Canada, > > oil-mining > > >>> interests in China, and telecommunications companies in > > Saudi Arabia. > > >>> > > >>> The question is: How well can this mesh network see you? > > >>> > > >>> How accurately can it geo-locate and track the movements of > your > > >> phone, > > >>> laptop, or any other wireless device by its MAC address (its > > "media > > >>> access control address"?nothing to do with Macintosh?which is > > >> analogous > > >>> to a device's thumbprint)? Can the network send that > > information to a > > >>> database, allowing the SPD to reconstruct who was where at > > any given > > >>> time, on any given day, without a warrant? Can the network > > see you > > >> now? > > >>> > > >>> The SPD declined to answer more than a dozen questions from > The > > >>> Stranger, including whether the network is operational, who > has > > >> access > > >>> to its data, what it might be used for, and whether the SPD > > has used > > >> it > > >>> (or intends to use it) to geo-locate people's devices via > > their MAC > > >>> addresses or other identifiers. > > >>> > > >>> Seattle Police detective Monty Moss, one of the leaders of > the > > >>> mesh-network project?one part of a $2.7 million effort, paid > > for by > > >> the > > >>> Department of Homeland Security?wrote in an e-mail that the > > >> department > > >>> "is not comfortable answering policy questions when we do > > not yet > > >> have a > > >>> policy." But, Detective Moss added, the SPD "is actively > > >> collaborating > > >>> with the mayor's office, city council, law department, and > > the ACLU > > >> on a > > >>> use policy." The ACLU, at least, begs to differ: "Actively > > >>> collaborating" is not how they would put it. Jamela Debelak, > > >> technology > > >>> and liberty director of the Seattle office, says the ACLU > > submitted > > >>> policy-use suggestions months ago and has been waiting for a > > >> response. > > >>> > > >>> Detective Moss also added that the mesh network would not be > > used for > > >>> "surveillance purposes... without City Council's approval > > and the > > >>> appropriate court authorization." Note that he didn't say > > the mesh > > >>> network couldn't be used for the surveillance functions we > asked > > >> about, > > >>> only that it wouldn't?at least until certain people in power > > say it > > >> can. > > >>> That's the equivalent of a "trust us" and a handshake. > > >>> > > >>> His answer is inadequate for other reasons as well. First, > > the city > > >>> council passed an ordinance earlier this year stating that > any > > >> potential > > >>> surveillance equipment must submit protocols to the city > > council for > > >>> public review and approval within 30 days of its acquisition > and > > >>> implementation. This mesh network has been around longer > > than that, > > >> as > > >>> confirmed by Cascade Networks, Inc., which helped install > > it. Still, > > >> the > > >>> SPD says it doesn't have a policy for its use yet. Mayor > > McGinn's > > >> office > > >>> says it expects to see draft protocols sometime in > > December?nearly > > >> nine > > >>> months late, according to the new ordinance. > > >>> > > >>> Second, and more importantly, this mesh network is part of a > > whole > > >> new > > >>> arsenal of surveillance technologies that are moving faster > > than the > > >>> laws that govern them are being written. As Stephanie K. > > Pell (former > > >>> counsel to the House Judiciary Committee) and Christopher > > Soghoian > > >>> (senior policy analyst at the ACLU) wrote in a 2012 essay > > for the > > >>> Berkeley Technology Law Journal: > > >>> > > >>> The use of location information by law enforcement > > agencies is > > >>> common and becoming more so as technological improvements > enable > > >>> collection of more accurate and precise location data. The > legal > > >> mystery > > >>> surrounding the proper law enforcement access standard for > > >> prospective > > >>> location data remains unsolved. This mystery, along with > > conflicting > > >>> rulings over the appropriate law enforcement access > > standards for > > >> both > > >>> prospective and historical location data, has created a > messy, > > >>> inconsistent legal landscape where even judges in the same > > district > > >> may > > >>> require law enforcement to meet different standards to compel > > >> location > > >>> data. > > >>> > > >>> In other words, law enforcement has new tools?powerful > tools. We > > >> didn't > > >>> ask for them, but they're here. And nobody knows the rules > > for how > > >> they > > >>> should be used. > > >>> > > >>> This isn't the first time the SPD has purchased surveillance > > >> equipment > > >>> (or, as they might put it, public-safety equipment that > > happens to > > >> have > > >>> powerful surveillance capabilities) without telling the rest > > of the > > >>> city. There was the drones controversy this past winter, > > when the > > >> public > > >>> and elected officials discovered that the SPD had bought two > > unmanned > > >>> aerial vehicles with the capacity to spy on citizens. There > > was an > > >>> uproar, and a few SPD officers embarked on a mea culpa tour > of > > >> community > > >>> meetings where they answered questions and endured (sometimes > > >> raucous) > > >>> criticism. In February, Mayor Mike McGinn announced he was > > grounding > > >> the > > >>> drones, but a new mayor could change his mind. Those SPD > > drones are > > >>> sitting somewhere right now on SPD property. > > >>> > > >>> Meanwhile, the SPD was also dealing with the port-camera > > surveillance > > >>> scandal. That kicked off in late January, when people in > > West Seattle > > >>> began wondering aloud about the 30 cameras that had appeared > > >> unannounced > > >>> on utility poles along the waterfront. The West Seattle > > neighborhood > > >>> blog (westseattleblog.com <http://westseattleblog.com> > > <http://westseattleblog.com>) sent > > >>> questions to city utility companies, and > > >>> the utilities in turn pointed at SPD, which eventually > > admitted that > > >> it > > >>> had purchased and installed 30 surveillance cameras with > federal > > >> money > > >>> for "port security." That resulted in an additional uproar > and > > >> another > > >>> mea culpa tour, much like they did with the drones, during > which > > >>> officers repeated that they should have done a better job of > > >> educating > > >>> the public about what they were up to with the cameras on > Alki. > > >>> (Strangely, the Port of Seattle and the US Coast Guard > > didn't seem > > >> very > > >>> involved in this "port security" project?their names only > > appear in a > > >>> few cursory places in the budgets and contracts. The SPD is > > clearly > > >> the > > >>> driving agency behind the project. For example, their early > > tests of > > >>> sample Aruba products?beginning with a temporary Aruba mesh > > network > > >> set > > >>> up in Pioneer Square for Mardi Gras in 2009?didn't have > > anything to > > >> do > > >>> with the port whatsoever.) > > >>> > > >>> The cameras attracted the controversy, but they were only > > part of the > > >>> project. In fact, the 30 pole-mounted cameras on Alki that > > caused the > > >>> uproar cost $82,682?just 3 percent of the project's $2.7 > million > > >>> Homeland Security?funded budget. The project's full title > > was "port > > >>> security video surveillance system with wireless mesh > network." > > >> People > > >>> raised a fuss about the cameras. But what about the mesh > > network? > > >>> > > >>> Detective Moss and Assistant Chief Paul McDonagh mentioned > the > > >> downtown > > >>> mesh network during those surveillance-camera community > > meetings, > > >> saying > > >>> it would help cops and firefighters talk to each other by > > providing a > > >>> wireless network for their exclusive use, with the potential > for > > >> others > > >>> to use overlaid networks handled by the same equipment. > (Two-way > > >> radios > > >>> already allow police officers to talk to each other, but > > officers > > >> still > > >>> use wireless networks to access data, such as the > information an > > >> officer > > >>> looks for by running your license plate number when you've > been > > >> pulled > > >>> over.) > > >>> > > >>> As Brian Magnuson of Cascade Networks, Inc., which helped > > install the > > >>> Aruba system, explained the possible use of such a system: > > "A normal > > >>> cell-phone network is a beautiful thing right up until the > > time you > > >>> really need it?say you've just had an earthquake or a large > > storm, > > >> and > > >>> then what happens? Everybody picks up their phone and > > overloads the > > >>> system." The network is most vulnerable precisely when it's > most > > >> needed. > > >>> A mesh network could be a powerful tool for streaming video > from > > >>> surveillance cameras or squad car dash-cams across the > network, > > >> allowing > > >>> officers "real-time situational awareness" even when other > > >> communication > > >>> systems have been overloaded, as Detective Moss explained in > > those > > >>> community meetings. > > >>> > > >>> But the Aruba mesh network is not just for talking, it's > > also for > > >>> tracking. > > >>> > > >>> After reviewing Aruba's technical literature, as well as > > talking to > > >> IT > > >>> directors and systems administrators around the country who > > work with > > >>> Aruba products, it's clear that their networks are adept at > > seeing > > >> all > > >>> the devices that move through their coverage area and > visually > > >> mapping > > >>> the locations of those devices in real time for the system > > >>> administrators' convenience. In fact, one of Aruba's major > > selling > > >>> points is its ability to locate "rogue" or "unassociated" > > >> devices?that > > >>> is, any device that hasn't been authorized by (and maybe > > hasn't even > > >>> asked to be part of) the network. > > >>> > > >>> Which is to say, your device. The cell phone in your pocket, > for > > >>> instance. > > >>> > > >>> The user's guide for one of Aruba's recent software products > > states: > > >>> "The wireless network has a wealth of information about > > unassociated > > >> and > > >>> associated devices." That software includes "a location > > engine that > > >>> calculates associated and unassociated device location every > 30 > > >> seconds > > >>> by default... The last 1,000 historical locations are stored > > for each > > >>> MAC address." > > >>> > > >>> For now, Seattle's mesh network is concentrated in the > > downtown area. > > >>> But the SPD has indicated in PowerPoint presentations?also > > acquired > > >> by > > >>> The Stranger?that it hopes to eventually have "citywide > > deployment" > > >> of > > >>> the system that, again, has potential surveillance > > capabilities that > > >> the > > >>> SPD declined to answer questions about. That could give a > > whole new > > >>> meaning to the phrase "real-time situational awareness." > > >>> > > >>> So how does Aruba's mesh network actually function? > > >>> > > >>> Each of those off-white boxes you see downtown is a wireless > > access > > >>> point (AP) with four radios inside it that work to shove > giant > > >> amounts > > >>> of data to, through, and around the network, easily handling > > >>> bandwidth-hog uses such as sending live, high-resolution > > video to or > > >>> from moving vehicles. Because this grid of APs forms a > > latticelike > > >> mesh, > > >>> it works like the internet itself, routing traffic around > > bottlenecks > > >>> and "self-healing" by sending traffic around components that > > fail. > > >>> > > >>> As Brian Magnuson at Cascade Networks explains: "When you > > have 10 > > >> people > > >>> talking to an AP, no problem. If you have 50, that's a > problem." > > >> Aruba's > > >>> mesh solution is innovative?instead of building a few > > high-powered, > > >>> herculean APs designed to withstand an immense amount of > > traffic, > > >> Aruba > > >>> sprinkles a broad area with lots of lower-powered APs and > > lets them > > >>> figure out the best way to route all the data by talking to > each > > >> other. > > >>> > > >>> Aruba's technology is considered cutting-edge because its > > systems are > > >>> easy to roll out, administer, and integrate with other > > systems, and > > >> its > > >>> operating system visualizes what's happening on the network > in a > > >> simple, > > >>> user-friendly digital map. The company is one of many firms > > in the > > >>> networking business, but, according to the tech-ranking firm > > Gartner, > > >>> Aruba ranks second (just behind Cisco) in "completeness of > > vision" > > >> and > > >>> third in "ability to execute" for its clever ways of getting > > around > > >>> technical hurdles. > > >>> > > >>> Take Candlestick Park, the San Francisco 49ers football > stadium, > > >> which, > > >>> Magnuson says, is just finishing up an Aruba mesh network > > >> installation. > > >>> The stadium has high-intensity cellular service needs?70,000 > > people > > >> can > > >>> converge there for a single event in one of the most > high-tech > > >> cities in > > >>> America, full of high-powered, newfangled devices. "Aruba's > > solution > > >> was > > >>> ingenious," Magnuson says. It put 640 low-power APs under the > > >> stadium's > > >>> seats to diffuse the data load. "If you're at the stadium > > and trying > > >> to > > >>> talk to an AP," Magnuson says, "you're probably sitting on > it!" > > >>> > > >>> Another one of Aruba's selling points is its ability to > > detect rogue > > >>> devices?strangers to the system. Its promotional "case > studies" > > >> trumpet > > >>> this capability, including one report about Cabela's hunting > and > > >>> sporting goods chain, which is an Aruba client: "Because > > Cabela's > > >> stores > > >>> are in central shopping areas, the company captures huge > > quantities > > >> of > > >>> rogue data?as many as 20,000 events per day, mostly from > > neighboring > > >>> businesses." Aruba's network is identifying and > > distinguishing which > > >>> devices are allowed on the Cabela's network and which are > > within the > > >>> coverage area but are just passing through. The case study > also > > >>> describes how Cabela's Aruba network was able to locate a > lost > > >>> price-scanner gun in a large warehouse by mapping its > > location, as > > >> well > > >>> as track employees by the devices they were carrying. > > >>> > > >>> It's one thing for a privately owned company to register > > devices it > > >>> already owns with a network. It's another for a local police > > >> department > > >>> to scale up that technology to blanket an entire downtown?or > an > > >>> entire city. > > >>> > > >>> Aruba also sells a software product called "Analytics and > > Location > > >>> Engine 1.0." According to a document Aruba has created about > the > > >>> product, ALE "calculates the location of associated and > > unassociated > > >>> wifi devices... even though a device has not associated to > the > > >> network, > > >>> information about it is available. This includes the MAC > > address, > > >>> location, and RSSI information." ALE's default setting is > > anonymous, > > >>> which "allows for unique user tracking without knowing who > the > > >>> individual user is." But, Aruba adds in the next sentence, > > >> "optionally > > >>> the anonymization can be disabled for richer analytics and > user > > >> behavior > > >>> tracking." The network has the ability to see who you > > are?how deeply > > >> it > > >>> looks is up to whoever's using it. (The Aruba technology, as > > far as > > >> we > > >>> know, does not automatically associate a given MAC address > > with the > > >> name > > >>> on the device's account. But figuring out who owns the > > account?by > > >> asking > > >>> a cell-phone company, for example?would not be difficult for > a > > >>> law-enforcement agency.) > > >>> > > >>> Geo-location seems to be an area of intense interest for > > Aruba. Last > > >>> week, the Oregonian announced that Aruba had purchased a > > Portland > > >>> mapping startup called Meridian, which, according to the > > article, has > > >>> developed software that "pinpoints a smartphone's location > > inside a > > >>> venue, relying either on GPS technology or with localized > > wireless > > >>> networks." The technology, the article says, "helps people > > find their > > >>> way within large buildings, such as malls, stadiums, or > > airports and > > >>> enables marketing directed at a phone's precise location." > > >>> > > >>> How does that geo-location work? Devices in the network's > > coverage > > >> area > > >>> are "heard" by more than one radio in those APs (the > off-white > > >> boxes). > > >>> Once the network hears a device from multiple APs, it can > > compare the > > >>> strength and timing of the signal to locate where the device > is. > > >> This is > > >>> classic triangulation, and users of Aruba's AirWave > > software?as in > > >> the > > >>> Cabela's example?report that their systems are able to locate > > >> devices to > > >>> within a few feet. > > >>> > > >>> In the case of large, outdoor installations where APs are > > more spread > > >>> out, the ability to know what devices are passing through is > > >>> useful?especially, perhaps, to policing agencies, which > > could log > > >> that > > >>> data for long-term storage. As networking products and their > > uses > > >>> continue to evolve, they will only compound the "legal > mystery" > > >> around > > >>> how this technology could and should be used that Pell and > > Soghoian > > >>> described in their Berkeley Technology Law Journal piece. > > Aruba's > > >> mesh > > >>> network is state-of-the-art, but something significantly > > smarter and > > >>> more sensitive will surely be on the market this time next > > year. And > > >> who > > >>> knows how much better the software will get. > > >>> > > >>> An official spokesperson for Aruba wrote in an e-mail that > the > > >> company > > >>> could not answer The Stranger's questions because they > > pertained "to > > >> a > > >>> new product announcement" that would not happen until > > Thanksgiving. > > >>> "Aruba's technology," the spokesperson added, "is designed > > for indoor > > >>> (not outdoor) usage and is for consumer apps where they opt > in." > > >> This is > > >>> in direct contradiction to Aruba's own user's manuals, as > > well as the > > >>> fact that the Seattle Police Department installed an outdoor > > Aruba > > >> mesh > > >>> network earlier this year. > > >>> > > >>> One engineer familiar with Aruba products and similar > > systems?who > > >>> requested anonymity?confirmed that the mesh network and its > > software > > >> are > > >>> powerful tools. "But like anything," the engineer said, it > > "can be > > >> used > > >>> inappropriately... You can easily see how a user might abuse > > this > > >>> ability (network admin has a crush on user X, monitors user > X's > > >> location > > >>> specifically)." As was widely reported earlier this year, > such > > >> alleged > > >>> abuses within the NSA have included a man who spied on nine > > women > > >> over a > > >>> five-year period, a woman who spied on prospective > > boyfriends, a man > > >> who > > >>> spied on his girlfriend, a husband who spied on his wife, > > and even a > > >> man > > >>> who spied on his ex-girlfriend "on his first day of access > > to the > > >> NSA's > > >>> surveillance system," according to the Washington Post. The > > practice > > >> was > > >>> so common within the NSA, it got its own classification: > > "LOVEINT." > > >>> > > >>> Other Aruba clients?such as a university IT director, a > > university > > >> vice > > >>> president, and systems administrators?around the country > > confirmed it > > >>> wouldn't be difficult to use the mesh network to track the > > movement > > >> of > > >>> devices by their MAC addresses, and that building a > historical > > >> database > > >>> of their movements would be relatively trivial from a > > data-storage > > >>> perspective. > > >>> > > >>> As Bruce Burton, an information technology manager at the > > University > > >> of > > >>> Cincinnati (which uses an Aruba network), put it in an > > e-mail: "This > > >>> mesh network will have the capability to track devices (MAC > > >> addresses) > > >>> throughout the city." > > >>> > > >>> Not that the SPD would do that?but we don't know. "We > > definitely feel > > >>> like the public doesn't have a handle on what the > > capabilities are," > > >>> says Debelak of the ACLU. "We're not even sure the police > > department > > >>> does." It all depends on what the SPD says when it releases > its > > >>> mesh-network protocols. > > >>> > > >>> "They're long overdue," says Lee Colleton, a systems > > administrator at > > >>> Google who is also a member of the Seattle Privacy > Coalition, a > > >>> grassroots group that formed in response to SPD's drone and > > >>> surveillance-camera controversies. "If we don't deal with > > this kind > > >> of > > >>> thing now, and establish norms and policies, we'll find > > ourselves in > > >> an > > >>> unpleasant situation down the road that will be harder to > > change." > > >>> > > >>> The city is already full of surveillance equipment. The > Seattle > > >>> Department of Transportation, for example, uses license-plate > > >> scanners, > > >>> sensors embedded in the pavement, and other mechanisms to > > monitor > > >>> individual vehicles and help estimate traffic volume and > > wait time. > > >> "But > > >>> as soon as that data is extrapolated," says Adiam Emery of > SDOT, > > >> "it's > > >>> gone." They couldn't turn it over to a judge if they tried. > > >>> > > >>> Not that license-plate scanners have always been so > > reliable. Doug > > >> Honig > > >>> of the ACLU remembers a story he heard from a former staffer > a > > >> couple of > > >>> years ago about automatic license-plate readers on police > > cars in > > >>> Spokane. Automatic license-plate readers "will read a > chain-link > > >> fence > > >>> as XXXXX," Honig says, "which at the time also matched the > > license > > >> plate > > >>> of a stolen car in Mississippi, resulting in a number of > false > > >> alerts to > > >>> pull over the fence." > > >>> > > >>> Seattle's mesh network is only one instance in a trend of > > Homeland > > >>> Security funding domestic surveillance equipment. Earlier > > this month, > > >>> the New York Times ran a story about a $7 million Homeland > > Security > > >>> grant earmarked for "port security"?just like the SPD's > > mesh-network > > >>> funding?in Oakland. > > >>> > > >>> "But instead," the Times reports, "the money is going to a > > police > > >>> initiative that will collect and analyze reams of > > surveillance data > > >> from > > >>> around town?from gunshot- detection sensors in the barrios > > of East > > >>> Oakland to license plate readers mounted on police cars > > patrolling > > >> the > > >>> city's upscale hills." > > >>> > > >>> The Oakland "port security" project, which the Times reports > was > > >>> formerly known as the "Domain Awareness Center," will > > "electronically > > >>> gather data around the clock from a variety of sensors and > > databases, > > >>> analyze that data, and display some of the information on a > > bank of > > >>> giant monitors." The Times doesn't detail what kind of > > "sensors and > > >>> databases" the federally funded "port security" project will > > pay for, > > >>> but perhaps it's something like Seattle's mesh network with > its > > >> ability > > >>> to ping, log, and visually map the movement of devices in > > and out of > > >> its > > >>> coverage area. > > >>> > > >>> Which brings up some corollary issues, ones with > > implications much > > >>> larger than the SPD's ability to call up a given time on a > > given day > > >> and > > >>> see whether you were at work, at home, at someone's else > > home, at a > > >> bar, > > >>> or at a political demonstration: What does it mean when > > money from a > > >>> federal agency like the Department of Homeland Security is > being > > >>> funneled to local police departments like SPD to purchase > > and use > > >>> high-powered surveillance gear? > > >>> > > >>> For federal surveillance projects, the NSA and other federal > > spying > > >>> organizations have at least some oversight?as flawed as it > may > > >> be?from > > >>> the Foreign Intelligence Surveillance Court (also known as > > the FISA > > >>> court) and the US Congress. But local law enforcement > > doesn't have > > >> that > > >>> kind of oversight and, in Seattle at least, has been buying > and > > >>> installing DHS-funded surveillance equipment without > > explaining what > > >>> it's up to. The city council's surveillance ordinance > > earlier this > > >> year > > >>> was an attempt to provide local oversight on that kind of > > policing, > > >> but > > >>> it has proven toothless. > > >>> > > >>> It's reasonable to assume that locally gleaned information > > will be > > >>> shared with other organizations, including federal ones. An > SPD > > >> diagram > > >>> of the mesh network, for example, shows its information > > heading to > > >>> institutions large and small, including the King County > > Sheriff's > > >>> Office, the US Coast Guard, and our local fusion center. > > >>> > > >>> Fusion centers, if you're unfamiliar with the term, are > > >>> information-sharing hubs, defined by the Department of > Homeland > > >> Security > > >>> as "focal points" for the "receipt, analysis, gathering, and > > >> sharing" of > > >>> surveillance information. > > >>> > > >>> If federally funded, locally built surveillance systems with > > little > > >> to > > >>> no oversight can dump their information in a fusion > > center?think of > > >> it > > >>> as a gun show for surveillance, where agencies freely swap > > >> information > > >>> with little restriction or oversight?that could allow federal > > >> agencies > > >>> such as the FBI and the NSA to do an end-run around any > > limitations > > >> set > > >>> by Congress or the FISA court. > > >>> > > >>> If that's their strategy in Seattle, Oakland, and elsewhere, > > it's an > > >>> ingenious one?instead of maintaining a few high-powered, > > herculean > > >>> surveillance agencies designed to digest an immense amount > > of traffic > > >>> and political scrutiny, the federal government could > sprinkle an > > >> entire > > >>> nation with lots of low-powered surveillance nodes and let > them > > >> figure > > >>> out the best way to route the data by talking to each other. > By > > >>> diffusing the way the information flows, they can make it > > flow more > > >>> efficiently. > > >>> > > >>> It's an innovative solution?much like the Aruba mesh network > > itself. > > >>> > > >>> The Department of Homeland Security has not responded to > > requests for > > >>> comment. > > >>> > > >>> -- > > >>> Dan Staples > > >>> > > >>> Open Technology Institute > > >>> https://commotionwireless.net > > >>> OpenPGP key: http://disman.tl/pgp.asc > > >>> Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 > 43A9 > > >>> _______________________________________________ > > >>> Commotion-discuss mailing list > > >>> Commotion-discuss(a)lists.chambana.net > > <mailto:Commotion-discuss@lists.chambana.net> <javascript:_e({}, > 'cvml', > > >>> 'Commotion-discuss(a)lists.chambana.net > > <mailto:Commotion-discuss@lists.chambana.net>');> > > >>> > https://lists.chambana.net/mailman/listinfo/commotion-discuss > > >>> > > >>> > > >>> > > >>> -- > > >>> Preston Rhea > > >>> Field Analyst, Open Technology Institute > > >>> New America Foundation > > >>> +1-202-570-9770 <tel:%2B1-202-570-9770> > > >>> Twitter: @prestonrhea > > >>> > > >>> > > >>> > > >>> -- > > >>> -steve > > >>> > > >>> > > >>> _______________________________________________ > > >>> mesh mailing list > > >>> mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org> > > >>> http://lists.sudoroom.org/listinfo/mesh > > >>> > > >> > > >> > > >> ------------------------------ > > >> > > >> _______________________________________________ > > >> mesh mailing list > > >> mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org> > > >> http://lists.sudoroom.org/listinfo/mesh > > >> > > >> > > >> End of mesh Digest, Vol 10, Issue 16 > > >> ************************************ > > >> > > > > > > > > > > > > _______________________________________________ > > > mesh mailing list > > > mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org> > > > http://lists.sudoroom.org/listinfo/mesh > > > > > > > -- > > http://mitar.tnode.com/ > > https://twitter.com/mitar_m > > > > > > > > > > _______________________________________________ > > mesh mailing list > > mesh(a)lists.sudoroom.org > > http://lists.sudoroom.org/listinfo/mesh > > > > > ------------------------------ > > _______________________________________________ > mesh mailing list > mesh(a)lists.sudoroom.org > http://lists.sudoroom.org/listinfo/mesh > > > End of mesh Digest, Vol 10, Issue 20 > ************************************ >

10 years, 11 months

Changing your MAC address

by Jeremy Entwistle

I looked into this awhile ago and it's very easy to change mac addresses. Kali Linux Tutorials: How to Change or Spoof a MAC Address https://www.youtube.com/watch?v=JyP8aGtPZpA On Sun, Nov 10, 2013 at 3:03 PM, <mesh-request(a)lists.sudoroom.org> wrote: > Send mesh mailing list submissions to > mesh(a)lists.sudoroom.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.sudoroom.org/listinfo/mesh > or, via email, send a message with subject or body 'help' to > mesh-request(a)lists.sudoroom.org > > You can reach the person managing the list at > mesh-owner(a)lists.sudoroom.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of mesh digest..." > > > Today's Topics: > > 1. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for > surveillance? (rhodey) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 10 Nov 2013 15:03:01 -0800 > From: rhodey <rhodey(a)anhonesteffort.org> > To: mesh(a)lists.sudoroom.org > Subject: Re: [Mesh] Fwd: [Commotion-discuss] Seattle Police mesh > network for surveillance? > Message-ID: <528010A5.8030704(a)anhonesteffort.org> > Content-Type: text/plain; charset=UTF-8 > > Police, govt, and other evil adversaries are free to setup their own > hardware, their own mesh, the idea is not to prevent this but to prevent > the use of good mesh networks for evil. I want to give more thought to > this subject sometime in the near future but for now this is what I have... > > The major concern here (as I see it) is the persistence of MAC > addresses. The average user does not know how to change their MAC > address and in the case of most mobile devices it is not possible to > change the MAC address. We can ensure that IP addresses are cycled > frequent enough because we'll have control over a majority of the DHCP > servers on the mesh so I'll be focusing on MAC addresses. > > In any local network a MAC address can be associated with network > traffic, the obvious solution here is to use encryption. The problem > with MAC addresses in a mesh network is that they could also be > associated with a location. > > On any layer 2 network it is possible for any connected host to > determine the route to any other host using a MAC address as an > identifier. Because mesh nodes have a fixed (and likely known) physical > location it can be assumed that the last hop in the route corresponds to > the physical location of the specific host. > > It is important to realize that only mesh nodes (access points) have > *potential* knowledge of signal strength and other 802.11 broadcast type > frames-- sure Oakland PD can setup a device to listen to all 802.11 > traffic, but remember we're only focusing on how existing hardware can > be abused. So, one host *cannot* triangulate the location of another > host. *From the perspective of a host on the mesh, a host can only be > connected to one mesh node or disconnected from the network.* In the > context of physical location, the privacy of a host on the mesh is a > function of the area covered by the mesh node it is connected to. > > To increase user privacy I would like to experiment with a MAC address > spoofing service that could run on mesh nodes or volunteer hosts. The > service would basically pretend to be just another host on the network > identified by some MAC address. The service could intelligently spawn > fake hosts depending on the number of other hosts connected to the > shared mesh node. Mesh nodes with fewer connected hosts need more > spoofed hosts to increase privacy, etc. But it is not that simple of > course, because spoofed MAC addresses need to persist just as legitimate > MAC addresses do, and move about in the physical world (connect to > different mesh nodes) just as other legitimate users will. I've thought > some of this through but it is a large undertaking that needs further > planning. > > Another thing to keep in mind is that although MAC addresses could be > used as a persistent identifier *they alone do not represent any > identity.* It is not until an adversary obtains additional information > that a MAC address could be used to identify an individual person. Not > to say the surveillance of pseudo-anonymous individual and group > movement is negligible, just pointing this out. > > In conclusion (for now) by keeping our software and build processes open > we can convince reasonable users that it is not possible for us to track > them with more than neighborhood level accuracy. If we go further and > deploy something like the MAC spoofing service it could be possible to > extend this guarantee further. I think it is also likely that this MAC > spoofing service could be designed to prevent/degrade 802.11 style > surveillance by hardware outside our control. > > -- > -- rhodey ????? > > On 11/10/2013 11:44 AM, Steve Berl wrote: > > Couldn't a community mesh network be suspected of having the same sort > > of tracking abilities? > > How do we convince potential mesh network users that we aren't > > collecting location data on them? > > > > Steve > > > > > > On Friday, November 8, 2013, Jenny Ryan wrote: > > > > > > > > ---------- Forwarded message ---------- > > From: *Preston Rhea* <prestonrhea(a)opentechinstitute.org > > <javascript:_e({}, 'cvml', 'prestonrhea(a)opentechinstitute.org');>> > > Date: Thu, Nov 7, 2013 at 6:49 AM > > Subject: Fwd: [Commotion-discuss] Seattle Police mesh network for > > surveillance? > > To: Jenny Ryan <jenny(a)thepyre.org <javascript:_e({}, 'cvml', > > 'jenny(a)thepyre.org');>>, Shaun Houlihan <shaunhoulihan(a)gmail.com > > <javascript:_e({}, 'cvml', 'shaunhoulihan(a)gmail.com');>> > > > > > > Thought this would interest y'all, I don't know if you are already on > > the Commotion listserv Jenny. > > > > > > ---------- Forwarded message ---------- > > From: Dan Staples <danstaples(a)opentechinstitute.org > > <javascript:_e({}, 'cvml', 'danstaples(a)opentechinstitute.org');>> > > Date: Wed, Nov 6, 2013 at 9:32 PM > > Subject: [Commotion-discuss] Seattle Police mesh network for > > surveillance? > > To: commotion-discuss <commotion-discuss(a)lists.chambana.net > > <javascript:_e({}, 'cvml', 'commotion-discuss(a)lists.chambana.net > ');>> > > > > > > > http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143… > > > > You Are a Rogue Device > > A New Apparatus Capable of Spying on You Has Been Installed > Throughout > > Downtown Seattle. Very Few Citizens Know What It Is, and Officials > Don?t > > Want to Talk About It. > > > > by Matt Fikse-Verkerk and Brendan Kiley > > > > If you're walking around downtown Seattle, look up: You'll see > off-white > > boxes, each one about a foot tall with vertical antennae, attached to > > utility poles. If you're walking around downtown while looking at a > > smartphone, you will probably see at least one?and more likely two or > > three?Wi-Fi networks named after intersections: "4th&Seneca," > > "4th&Union," "4th&University," and so on. That is how you can see the > > Seattle Police Department's new wireless mesh network, bought from a > > California-based company called Aruba Networks, whose clients include > > the Department of Defense, school districts in Canada, oil-mining > > interests in China, and telecommunications companies in Saudi Arabia. > > > > The question is: How well can this mesh network see you? > > > > How accurately can it geo-locate and track the movements of your > phone, > > laptop, or any other wireless device by its MAC address (its "media > > access control address"?nothing to do with Macintosh?which is > analogous > > to a device's thumbprint)? Can the network send that information to a > > database, allowing the SPD to reconstruct who was where at any given > > time, on any given day, without a warrant? Can the network see you > now? > > > > The SPD declined to answer more than a dozen questions from The > > Stranger, including whether the network is operational, who has > access > > to its data, what it might be used for, and whether the SPD has used > it > > (or intends to use it) to geo-locate people's devices via their MAC > > addresses or other identifiers. > > > > Seattle Police detective Monty Moss, one of the leaders of the > > mesh-network project?one part of a $2.7 million effort, paid for by > the > > Department of Homeland Security?wrote in an e-mail that the > department > > "is not comfortable answering policy questions when we do not yet > have a > > policy." But, Detective Moss added, the SPD "is actively > collaborating > > with the mayor's office, city council, law department, and the ACLU > on a > > use policy." The ACLU, at least, begs to differ: "Actively > > collaborating" is not how they would put it. Jamela Debelak, > technology > > and liberty director of the Seattle office, says the ACLU submitted > > policy-use suggestions months ago and has been waiting for a > response. > > > > Detective Moss also added that the mesh network would not be used for > > "surveillance purposes... without City Council's approval and the > > appropriate court authorization." Note that he didn't say the mesh > > network couldn't be used for the surveillance functions we asked > about, > > only that it wouldn't?at least until certain people in power say it > can. > > That's the equivalent of a "trust us" and a handshake. > > > > His answer is inadequate for other reasons as well. First, the city > > council passed an ordinance earlier this year stating that any > potential > > surveillance equipment must submit protocols to the city council for > > public review and approval within 30 days of its acquisition and > > implementation. This mesh network has been around longer than that, > as > > confirmed by Cascade Networks, Inc., which helped install it. Still, > the > > SPD says it doesn't have a policy for its use yet. Mayor McGinn's > office > > says it expects to see draft protocols sometime in December?nearly > nine > > months late, according to the new ordinance. > > > > Second, and more importantly, this mesh network is part of a whole > new > > arsenal of surveillance technologies that are moving faster than the > > laws that govern them are being written. As Stephanie K. Pell (former > > counsel to the House Judiciary Committee) and Christopher Soghoian > > (senior policy analyst at the ACLU) wrote in a 2012 essay for the > > Berkeley Technology Law Journal: > > > > The use of location information by law enforcement agencies is > > common and becoming more so as technological improvements enable > > collection of more accurate and precise location data. The legal > mystery > > surrounding the proper law enforcement access standard for > prospective > > location data remains unsolved. This mystery, along with conflicting > > rulings over the appropriate law enforcement access standards for > both > > prospective and historical location data, has created a messy, > > inconsistent legal landscape where even judges in the same district > may > > require law enforcement to meet different standards to compel > location > > data. > > > > In other words, law enforcement has new tools?powerful tools. We > didn't > > ask for them, but they're here. And nobody knows the rules for how > they > > should be used. > > > > This isn't the first time the SPD has purchased surveillance > equipment > > (or, as they might put it, public-safety equipment that happens to > have > > powerful surveillance capabilities) without telling the rest of the > > city. There was the drones controversy this past winter, when the > public > > and elected officials discovered that the SPD had bought two unmanned > > aerial vehicles with the capacity to spy on citizens. There was an > > uproar, and a few SPD officers embarked on a mea culpa tour of > community > > meetings where they answered questions and endured (sometimes > raucous) > > criticism. In February, Mayor Mike McGinn announced he was grounding > the > > drones, but a new mayor could change his mind. Those SPD drones are > > sitting somewhere right now on SPD property. > > > > Meanwhile, the SPD was also dealing with the port-camera surveillance > > scandal. That kicked off in late January, when people in West Seattle > > began wondering aloud about the 30 cameras that had appeared > unannounced > > on utility poles along the waterfront. The West Seattle neighborhood > > blog (westseattleblog.com <http://westseattleblog.com>) sent > > questions to city utility companies, and > > the utilities in turn pointed at SPD, which eventually admitted that > it > > had purchased and installed 30 surveillance cameras with federal > money > > for "port security." That resulted in an additional uproar and > another > > mea culpa tour, much like they did with the drones, during which > > officers repeated that they should have done a better job of > educating > > the public about what they were up to with the cameras on Alki. > > (Strangely, the Port of Seattle and the US Coast Guard didn't seem > very > > involved in this "port security" project?their names only appear in a > > few cursory places in the budgets and contracts. The SPD is clearly > the > > driving agency behind the project. For example, their early tests of > > sample Aruba products?beginning with a temporary Aruba mesh network > set > > up in Pioneer Square for Mardi Gras in 2009?didn't have anything to > do > > with the port whatsoever.) > > > > The cameras attracted the controversy, but they were only part of the > > project. In fact, the 30 pole-mounted cameras on Alki that caused the > > uproar cost $82,682?just 3 percent of the project's $2.7 million > > Homeland Security?funded budget. The project's full title was "port > > security video surveillance system with wireless mesh network." > People > > raised a fuss about the cameras. But what about the mesh network? > > > > Detective Moss and Assistant Chief Paul McDonagh mentioned the > downtown > > mesh network during those surveillance-camera community meetings, > saying > > it would help cops and firefighters talk to each other by providing a > > wireless network for their exclusive use, with the potential for > others > > to use overlaid networks handled by the same equipment. (Two-way > radios > > already allow police officers to talk to each other, but officers > still > > use wireless networks to access data, such as the information an > officer > > looks for by running your license plate number when you've been > pulled > > over.) > > > > As Brian Magnuson of Cascade Networks, Inc., which helped install the > > Aruba system, explained the possible use of such a system: "A normal > > cell-phone network is a beautiful thing right up until the time you > > really need it?say you've just had an earthquake or a large storm, > and > > then what happens? Everybody picks up their phone and overloads the > > system." The network is most vulnerable precisely when it's most > needed. > > A mesh network could be a powerful tool for streaming video from > > surveillance cameras or squad car dash-cams across the network, > allowing > > officers "real-time situational awareness" even when other > communication > > systems have been overloaded, as Detective Moss explained in those > > community meetings. > > > > But the Aruba mesh network is not just for talking, it's also for > > tracking. > > > > After reviewing Aruba's technical literature, as well as talking to > IT > > directors and systems administrators around the country who work with > > Aruba products, it's clear that their networks are adept at seeing > all > > the devices that move through their coverage area and visually > mapping > > the locations of those devices in real time for the system > > administrators' convenience. In fact, one of Aruba's major selling > > points is its ability to locate "rogue" or "unassociated" > devices?that > > is, any device that hasn't been authorized by (and maybe hasn't even > > asked to be part of) the network. > > > > Which is to say, your device. The cell phone in your pocket, for > > instance. > > > > The user's guide for one of Aruba's recent software products states: > > "The wireless network has a wealth of information about unassociated > and > > associated devices." That software includes "a location engine that > > calculates associated and unassociated device location every 30 > seconds > > by default... The last 1,000 historical locations are stored for each > > MAC address." > > > > For now, Seattle's mesh network is concentrated in the downtown area. > > But the SPD has indicated in PowerPoint presentations?also acquired > by > > The Stranger?that it hopes to eventually have "citywide deployment" > of > > the system that, again, has potential surveillance capabilities that > the > > SPD declined to answer questions about. That could give a whole new > > meaning to the phrase "real-time situational awareness." > > > > So how does Aruba's mesh network actually function? > > > > Each of those off-white boxes you see downtown is a wireless access > > point (AP) with four radios inside it that work to shove giant > amounts > > of data to, through, and around the network, easily handling > > bandwidth-hog uses such as sending live, high-resolution video to or > > from moving vehicles. Because this grid of APs forms a latticelike > mesh, > > it works like the internet itself, routing traffic around bottlenecks > > and "self-healing" by sending traffic around components that fail. > > > > As Brian Magnuson at Cascade Networks explains: "When you have 10 > people > > talking to an AP, no problem. If you have 50, that's a problem." > Aruba's > > mesh solution is innovative?instead of building a few high-powered, > > herculean APs designed to withstand an immense amount of traffic, > Aruba > > sprinkles a broad area with lots of lower-powered APs and lets them > > figure out the best way to route all the data by talking to each > other. > > > > Aruba's technology is considered cutting-edge because its systems are > > easy to roll out, administer, and integrate with other systems, and > its > > operating system visualizes what's happening on the network in a > simple, > > user-friendly digital map. The company is one of many firms in the > > networking business, but, according to the tech-ranking firm Gartner, > > Aruba ranks second (just behind Cisco) in "completeness of vision" > and > > third in "ability to execute" for its clever ways of getting around > > technical hurdles. > > > > Take Candlestick Park, the San Francisco 49ers football stadium, > which, > > Magnuson says, is just finishing up an Aruba mesh network > installation. > > The stadium has high-intensity cellular service needs?70,000 people > can > > converge there for a single event in one of the most high-tech > cities in > > America, full of high-powered, newfangled devices. "Aruba's solution > was > > ingenious," Magnuson says. It put 640 low-power APs under the > stadium's > > seats to diffuse the data load. "If you're at the stadium and trying > to > > talk to an AP," Magnuson says, "you're probably sitting on it!" > > > > Another one of Aruba's selling points is its ability to detect rogue > > devices?strangers to the system. Its promotional "case studies" > trumpet > > this capability, including one report about Cabela's hunting and > > sporting goods chain, which is an Aruba client: "Because Cabela's > stores > > are in central shopping areas, the company captures huge quantities > of > > rogue data?as many as 20,000 events per day, mostly from neighboring > > businesses." Aruba's network is identifying and distinguishing which > > devices are allowed on the Cabela's network and which are within the > > coverage area but are just passing through. The case study also > > describes how Cabela's Aruba network was able to locate a lost > > price-scanner gun in a large warehouse by mapping its location, as > well > > as track employees by the devices they were carrying. > > > > It's one thing for a privately owned company to register devices it > > already owns with a network. It's another for a local police > department > > to scale up that technology to blanket an entire downtown?or an > > entire city. > > > > Aruba also sells a software product called "Analytics and Location > > Engine 1.0." According to a document Aruba has created about the > > product, ALE "calculates the location of associated and unassociated > > wifi devices... even though a device has not associated to the > network, > > information about it is available. This includes the MAC address, > > location, and RSSI information." ALE's default setting is anonymous, > > which "allows for unique user tracking without knowing who the > > individual user is." But, Aruba adds in the next sentence, > "optionally > > the anonymization can be disabled for richer analytics and user > behavior > > tracking." The network has the ability to see who you are?how deeply > it > > looks is up to whoever's using it. (The Aruba technology, as far as > we > > know, does not automatically associate a given MAC address with the > name > > on the device's account. But figuring out who owns the account?by > asking > > a cell-phone company, for example?would not be difficult for a > > law-enforcement agency.) > > > > Geo-location seems to be an area of intense interest for Aruba. Last > > week, the Oregonian announced that Aruba had purchased a Portland > > mapping startup called Meridian, which, according to the article, has > > developed software that "pinpoints a smartphone's location inside a > > venue, relying either on GPS technology or with localized wireless > > networks." The technology, the article says, "helps people find their > > way within large buildings, such as malls, stadiums, or airports and > > enables marketing directed at a phone's precise location." > > > > How does that geo-location work? Devices in the network's coverage > area > > are "heard" by more than one radio in those APs (the off-white > boxes). > > Once the network hears a device from multiple APs, it can compare the > > strength and timing of the signal to locate where the device is. > This is > > classic triangulation, and users of Aruba's AirWave software?as in > the > > Cabela's example?report that their systems are able to locate > devices to > > within a few feet. > > > > In the case of large, outdoor installations where APs are more spread > > out, the ability to know what devices are passing through is > > useful?especially, perhaps, to policing agencies, which could log > that > > data for long-term storage. As networking products and their uses > > continue to evolve, they will only compound the "legal mystery" > around > > how this technology could and should be used that Pell and Soghoian > > described in their Berkeley Technology Law Journal piece. Aruba's > mesh > > network is state-of-the-art, but something significantly smarter and > > more sensitive will surely be on the market this time next year. And > who > > knows how much better the software will get. > > > > An official spokesperson for Aruba wrote in an e-mail that the > company > > could not answer The Stranger's questions because they pertained "to > a > > new product announcement" that would not happen until Thanksgiving. > > "Aruba's technology," the spokesperson added, "is designed for indoor > > (not outdoor) usage and is for consumer apps where they opt in." > This is > > in direct contradiction to Aruba's own user's manuals, as well as the > > fact that the Seattle Police Department installed an outdoor Aruba > mesh > > network earlier this year. > > > > One engineer familiar with Aruba products and similar systems?who > > requested anonymity?confirmed that the mesh network and its software > are > > powerful tools. "But like anything," the engineer said, it "can be > used > > inappropriately... You can easily see how a user might abuse this > > ability (network admin has a crush on user X, monitors user X's > location > > specifically)." As was widely reported earlier this year, such > alleged > > abuses within the NSA have included a man who spied on nine women > over a > > five-year period, a woman who spied on prospective boyfriends, a man > who > > spied on his girlfriend, a husband who spied on his wife, and even a > man > > who spied on his ex-girlfriend "on his first day of access to the > NSA's > > surveillance system," according to the Washington Post. The practice > was > > so common within the NSA, it got its own classification: "LOVEINT." > > > > Other Aruba clients?such as a university IT director, a university > vice > > president, and systems administrators?around the country confirmed it > > wouldn't be difficult to use the mesh network to track the movement > of > > devices by their MAC addresses, and that building a historical > database > > of their movements would be relatively trivial from a data-storage > > perspective. > > > > As Bruce Burton, an information technology manager at the University > of > > Cincinnati (which uses an Aruba network), put it in an e-mail: "This > > mesh network will have the capability to track devices (MAC > addresses) > > throughout the city." > > > > Not that the SPD would do that?but we don't know. "We definitely feel > > like the public doesn't have a handle on what the capabilities are," > > says Debelak of the ACLU. "We're not even sure the police department > > does." It all depends on what the SPD says when it releases its > > mesh-network protocols. > > > > "They're long overdue," says Lee Colleton, a systems administrator at > > Google who is also a member of the Seattle Privacy Coalition, a > > grassroots group that formed in response to SPD's drone and > > surveillance-camera controversies. "If we don't deal with this kind > of > > thing now, and establish norms and policies, we'll find ourselves in > an > > unpleasant situation down the road that will be harder to change." > > > > The city is already full of surveillance equipment. The Seattle > > Department of Transportation, for example, uses license-plate > scanners, > > sensors embedded in the pavement, and other mechanisms to monitor > > individual vehicles and help estimate traffic volume and wait time. > "But > > as soon as that data is extrapolated," says Adiam Emery of SDOT, > "it's > > gone." They couldn't turn it over to a judge if they tried. > > > > Not that license-plate scanners have always been so reliable. Doug > Honig > > of the ACLU remembers a story he heard from a former staffer a > couple of > > years ago about automatic license-plate readers on police cars in > > Spokane. Automatic license-plate readers "will read a chain-link > fence > > as XXXXX," Honig says, "which at the time also matched the license > plate > > of a stolen car in Mississippi, resulting in a number of false > alerts to > > pull over the fence." > > > > Seattle's mesh network is only one instance in a trend of Homeland > > Security funding domestic surveillance equipment. Earlier this month, > > the New York Times ran a story about a $7 million Homeland Security > > grant earmarked for "port security"?just like the SPD's mesh-network > > funding?in Oakland. > > > > "But instead," the Times reports, "the money is going to a police > > initiative that will collect and analyze reams of surveillance data > from > > around town?from gunshot- detection sensors in the barrios of East > > Oakland to license plate readers mounted on police cars patrolling > the > > city's upscale hills." > > > > The Oakland "port security" project, which the Times reports was > > formerly known as the "Domain Awareness Center," will "electronically > > gather data around the clock from a variety of sensors and databases, > > analyze that data, and display some of the information on a bank of > > giant monitors." The Times doesn't detail what kind of "sensors and > > databases" the federally funded "port security" project will pay for, > > but perhaps it's something like Seattle's mesh network with its > ability > > to ping, log, and visually map the movement of devices in and out of > its > > coverage area. > > > > Which brings up some corollary issues, ones with implications much > > larger than the SPD's ability to call up a given time on a given day > and > > see whether you were at work, at home, at someone's else home, at a > bar, > > or at a political demonstration: What does it mean when money from a > > federal agency like the Department of Homeland Security is being > > funneled to local police departments like SPD to purchase and use > > high-powered surveillance gear? > > > > For federal surveillance projects, the NSA and other federal spying > > organizations have at least some oversight?as flawed as it may > be?from > > the Foreign Intelligence Surveillance Court (also known as the FISA > > court) and the US Congress. But local law enforcement doesn't have > that > > kind of oversight and, in Seattle at least, has been buying and > > installing DHS-funded surveillance equipment without explaining what > > it's up to. The city council's surveillance ordinance earlier this > year > > was an attempt to provide local oversight on that kind of policing, > but > > it has proven toothless. > > > > It's reasonable to assume that locally gleaned information will be > > shared with other organizations, including federal ones. An SPD > diagram > > of the mesh network, for example, shows its information heading to > > institutions large and small, including the King County Sheriff's > > Office, the US Coast Guard, and our local fusion center. > > > > Fusion centers, if you're unfamiliar with the term, are > > information-sharing hubs, defined by the Department of Homeland > Security > > as "focal points" for the "receipt, analysis, gathering, and > sharing" of > > surveillance information. > > > > If federally funded, locally built surveillance systems with little > to > > no oversight can dump their information in a fusion center?think of > it > > as a gun show for surveillance, where agencies freely swap > information > > with little restriction or oversight?that could allow federal > agencies > > such as the FBI and the NSA to do an end-run around any limitations > set > > by Congress or the FISA court. > > > > If that's their strategy in Seattle, Oakland, and elsewhere, it's an > > ingenious one?instead of maintaining a few high-powered, herculean > > surveillance agencies designed to digest an immense amount of traffic > > and political scrutiny, the federal government could sprinkle an > entire > > nation with lots of low-powered surveillance nodes and let them > figure > > out the best way to route the data by talking to each other. By > > diffusing the way the information flows, they can make it flow more > > efficiently. > > > > It's an innovative solution?much like the Aruba mesh network itself. > > > > The Department of Homeland Security has not responded to requests for > > comment. > > > > -- > > Dan Staples > > > > Open Technology Institute > > https://commotionwireless.net > > OpenPGP key: http://disman.tl/pgp.asc > > Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9 > > _______________________________________________ > > Commotion-discuss mailing list > > Commotion-discuss(a)lists.chambana.net <javascript:_e({}, 'cvml', > > 'Commotion-discuss(a)lists.chambana.net');> > > https://lists.chambana.net/mailman/listinfo/commotion-discuss > > > > > > > > -- > > Preston Rhea > > Field Analyst, Open Technology Institute > > New America Foundation > > +1-202-570-9770 <tel:%2B1-202-570-9770> > > Twitter: @prestonrhea > > > > > > > > -- > > -steve > > > > > > _______________________________________________ > > mesh mailing list > > mesh(a)lists.sudoroom.org > > http://lists.sudoroom.org/listinfo/mesh > > > > > ------------------------------ > > _______________________________________________ > mesh mailing list > mesh(a)lists.sudoroom.org > http://lists.sudoroom.org/listinfo/mesh > > > End of mesh Digest, Vol 10, Issue 16 > ************************************ >

10 years, 11 months

How to Increase Your Wi-Fi Signal

by Mitar

Hi! https://www.youtube.com/watch?v=LY8Wi7XRXCA Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m

10 years, 11 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

mesh