---------- Forwarded message ----------
From: Preston Rhea <prestonrhea(a)opentechinstitute.org>
Date: Thu, Nov 7, 2013 at 6:49 AM
Subject: Fwd: [Commotion-discuss] Seattle Police mesh network for
surveillance?
To: Jenny Ryan <jenny(a)thepyre.org>, Shaun Houlihan <shaunhoulihan(a)gmail.com>
Thought this would interest y'all, I don't know if you are already on
the Commotion listserv Jenny.
---------- Forwarded message ----------
From: Dan Staples <danstaples(a)opentechinstitute.org>
Date: Wed, Nov 6, 2013 at 9:32 PM
Subject: [Commotion-discuss] Seattle Police mesh network for surveillance?
To: commotion-discuss <commotion-discuss(a)lists.chambana.net>
http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143…
You Are a Rogue Device
A New Apparatus Capable of Spying on You Has Been Installed Throughout
Downtown Seattle. Very Few Citizens Know What It Is, and Officials Don’t
Want to Talk About It.
by Matt Fikse-Verkerk and Brendan Kiley
If you're walking around downtown Seattle, look up: You'll see off-white
boxes, each one about a foot tall with vertical antennae, attached to
utility poles. If you're walking around downtown while looking at a
smartphone, you will probably see at least one—and more likely two or
three—Wi-Fi networks named after intersections: "4th&Seneca,"
"4th&Union," "4th&University," and so on. That is how you can see the
Seattle Police Department's new wireless mesh network, bought from a
California-based company called Aruba Networks, whose clients include
the Department of Defense, school districts in Canada, oil-mining
interests in China, and telecommunications companies in Saudi Arabia.
The question is: How well can this mesh network see you?
How accurately can it geo-locate and track the movements of your phone,
laptop, or any other wireless device by its MAC address (its "media
access control address"—nothing to do with Macintosh—which is analogous
to a device's thumbprint)? Can the network send that information to a
database, allowing the SPD to reconstruct who was where at any given
time, on any given day, without a warrant? Can the network see you now?
The SPD declined to answer more than a dozen questions from The
Stranger, including whether the network is operational, who has access
to its data, what it might be used for, and whether the SPD has used it
(or intends to use it) to geo-locate people's devices via their MAC
addresses or other identifiers.
Seattle Police detective Monty Moss, one of the leaders of the
mesh-network project—one part of a $2.7 million effort, paid for by the
Department of Homeland Security—wrote in an e-mail that the department
"is not comfortable answering policy questions when we do not yet have a
policy." But, Detective Moss added, the SPD "is actively collaborating
with the mayor's office, city council, law department, and the ACLU on a
use policy." The ACLU, at least, begs to differ: "Actively
collaborating" is not how they would put it. Jamela Debelak, technology
and liberty director of the Seattle office, says the ACLU submitted
policy-use suggestions months ago and has been waiting for a response.
Detective Moss also added that the mesh network would not be used for
"surveillance purposes... without City Council's approval and the
appropriate court authorization." Note that he didn't say the mesh
network couldn't be used for the surveillance functions we asked about,
only that it wouldn't—at least until certain people in power say it can.
That's the equivalent of a "trust us" and a handshake.
His answer is inadequate for other reasons as well. First, the city
council passed an ordinance earlier this year stating that any potential
surveillance equipment must submit protocols to the city council for
public review and approval within 30 days of its acquisition and
implementation. This mesh network has been around longer than that, as
confirmed by Cascade Networks, Inc., which helped install it. Still, the
SPD says it doesn't have a policy for its use yet. Mayor McGinn's office
says it expects to see draft protocols sometime in December—nearly nine
months late, according to the new ordinance.
Second, and more importantly, this mesh network is part of a whole new
arsenal of surveillance technologies that are moving faster than the
laws that govern them are being written. As Stephanie K. Pell (former
counsel to the House Judiciary Committee) and Christopher Soghoian
(senior policy analyst at the ACLU) wrote in a 2012 essay for the
Berkeley Technology Law Journal:
The use of location information by law enforcement agencies is
common and becoming more so as technological improvements enable
collection of more accurate and precise location data. The legal mystery
surrounding the proper law enforcement access standard for prospective
location data remains unsolved. This mystery, along with conflicting
rulings over the appropriate law enforcement access standards for both
prospective and historical location data, has created a messy,
inconsistent legal landscape where even judges in the same district may
require law enforcement to meet different standards to compel location
data.
In other words, law enforcement has new tools—powerful tools. We didn't
ask for them, but they're here. And nobody knows the rules for how they
should be used.
This isn't the first time the SPD has purchased surveillance equipment
(or, as they might put it, public-safety equipment that happens to have
powerful surveillance capabilities) without telling the rest of the
city. There was the drones controversy this past winter, when the public
and elected officials discovered that the SPD had bought two unmanned
aerial vehicles with the capacity to spy on citizens. There was an
uproar, and a few SPD officers embarked on a mea culpa tour of community
meetings where they answered questions and endured (sometimes raucous)
criticism. In February, Mayor Mike McGinn announced he was grounding the
drones, but a new mayor could change his mind. Those SPD drones are
sitting somewhere right now on SPD property.
Meanwhile, the SPD was also dealing with the port-camera surveillance
scandal. That kicked off in late January, when people in West Seattle
began wondering aloud about the 30 cameras that had appeared unannounced
on utility poles along the waterfront. The West Seattle neighborhood
blog (westseattleblog.com) sent questions to city utility companies, and
the utilities in turn pointed at SPD, which eventually admitted that it
had purchased and installed 30 surveillance cameras with federal money
for "port security." That resulted in an additional uproar and another
mea culpa tour, much like they did with the drones, during which
officers repeated that they should have done a better job of educating
the public about what they were up to with the cameras on Alki.
(Strangely, the Port of Seattle and the US Coast Guard didn't seem very
involved in this "port security" project—their names only appear in a
few cursory places in the budgets and contracts. The SPD is clearly the
driving agency behind the project. For example, their early tests of
sample Aruba products—beginning with a temporary Aruba mesh network set
up in Pioneer Square for Mardi Gras in 2009—didn't have anything to do
with the port whatsoever.)
The cameras attracted the controversy, but they were only part of the
project. In fact, the 30 pole-mounted cameras on Alki that caused the
uproar cost $82,682—just 3 percent of the project's $2.7 million
Homeland Security–funded budget. The project's full title was "port
security video surveillance system with wireless mesh network." People
raised a fuss about the cameras. But what about the mesh network?
Detective Moss and Assistant Chief Paul McDonagh mentioned the downtown
mesh network during those surveillance-camera community meetings, saying
it would help cops and firefighters talk to each other by providing a
wireless network for their exclusive use, with the potential for others
to use overlaid networks handled by the same equipment. (Two-way radios
already allow police officers to talk to each other, but officers still
use wireless networks to access data, such as the information an officer
looks for by running your license plate number when you've been pulled
over.)
As Brian Magnuson of Cascade Networks, Inc., which helped install the
Aruba system, explained the possible use of such a system: "A normal
cell-phone network is a beautiful thing right up until the time you
really need it—say you've just had an earthquake or a large storm, and
then what happens? Everybody picks up their phone and overloads the
system." The network is most vulnerable precisely when it's most needed.
A mesh network could be a powerful tool for streaming video from
surveillance cameras or squad car dash-cams across the network, allowing
officers "real-time situational awareness" even when other communication
systems have been overloaded, as Detective Moss explained in those
community meetings.
But the Aruba mesh network is not just for talking, it's also for tracking.
After reviewing Aruba's technical literature, as well as talking to IT
directors and systems administrators around the country who work with
Aruba products, it's clear that their networks are adept at seeing all
the devices that move through their coverage area and visually mapping
the locations of those devices in real time for the system
administrators' convenience. In fact, one of Aruba's major selling
points is its ability to locate "rogue" or "unassociated" devices—that
is, any device that hasn't been authorized by (and maybe hasn't even
asked to be part of) the network.
Which is to say, your device. The cell phone in your pocket, for instance.
The user's guide for one of Aruba's recent software products states:
"The wireless network has a wealth of information about unassociated and
associated devices." That software includes "a location engine that
calculates associated and unassociated device location every 30 seconds
by default... The last 1,000 historical locations are stored for each
MAC address."
For now, Seattle's mesh network is concentrated in the downtown area.
But the SPD has indicated in PowerPoint presentations—also acquired by
The Stranger—that it hopes to eventually have "citywide deployment" of
the system that, again, has potential surveillance capabilities that the
SPD declined to answer questions about. That could give a whole new
meaning to the phrase "real-time situational awareness."
So how does Aruba's mesh network actually function?
Each of those off-white boxes you see downtown is a wireless access
point (AP) with four radios inside it that work to shove giant amounts
of data to, through, and around the network, easily handling
bandwidth-hog uses such as sending live, high-resolution video to or
from moving vehicles. Because this grid of APs forms a latticelike mesh,
it works like the internet itself, routing traffic around bottlenecks
and "self-healing" by sending traffic around components that fail.
As Brian Magnuson at Cascade Networks explains: "When you have 10 people
talking to an AP, no problem. If you have 50, that's a problem." Aruba's
mesh solution is innovative—instead of building a few high-powered,
herculean APs designed to withstand an immense amount of traffic, Aruba
sprinkles a broad area with lots of lower-powered APs and lets them
figure out the best way to route all the data by talking to each other.
Aruba's technology is considered cutting-edge because its systems are
easy to roll out, administer, and integrate with other systems, and its
operating system visualizes what's happening on the network in a simple,
user-friendly digital map. The company is one of many firms in the
networking business, but, according to the tech-ranking firm Gartner,
Aruba ranks second (just behind Cisco) in "completeness of vision" and
third in "ability to execute" for its clever ways of getting around
technical hurdles.
Take Candlestick Park, the San Francisco 49ers football stadium, which,
Magnuson says, is just finishing up an Aruba mesh network installation.
The stadium has high-intensity cellular service needs—70,000 people can
converge there for a single event in one of the most high-tech cities in
America, full of high-powered, newfangled devices. "Aruba's solution was
ingenious," Magnuson says. It put 640 low-power APs under the stadium's
seats to diffuse the data load. "If you're at the stadium and trying to
talk to an AP," Magnuson says, "you're probably sitting on it!"
Another one of Aruba's selling points is its ability to detect rogue
devices—strangers to the system. Its promotional "case studies" trumpet
this capability, including one report about Cabela's hunting and
sporting goods chain, which is an Aruba client: "Because Cabela's stores
are in central shopping areas, the company captures huge quantities of
rogue data—as many as 20,000 events per day, mostly from neighboring
businesses." Aruba's network is identifying and distinguishing which
devices are allowed on the Cabela's network and which are within the
coverage area but are just passing through. The case study also
describes how Cabela's Aruba network was able to locate a lost
price-scanner gun in a large warehouse by mapping its location, as well
as track employees by the devices they were carrying.
It's one thing for a privately owned company to register devices it
already owns with a network. It's another for a local police department
to scale up that technology to blanket an entire downtown—or an entire city.
Aruba also sells a software product called "Analytics and Location
Engine 1.0." According to a document Aruba has created about the
product, ALE "calculates the location of associated and unassociated
wifi devices... even though a device has not associated to the network,
information about it is available. This includes the MAC address,
location, and RSSI information." ALE's default setting is anonymous,
which "allows for unique user tracking without knowing who the
individual user is." But, Aruba adds in the next sentence, "optionally
the anonymization can be disabled for richer analytics and user behavior
tracking." The network has the ability to see who you are—how deeply it
looks is up to whoever's using it. (The Aruba technology, as far as we
know, does not automatically associate a given MAC address with the name
on the device's account. But figuring out who owns the account—by asking
a cell-phone company, for example—would not be difficult for a
law-enforcement agency.)
Geo-location seems to be an area of intense interest for Aruba. Last
week, the Oregonian announced that Aruba had purchased a Portland
mapping startup called Meridian, which, according to the article, has
developed software that "pinpoints a smartphone's location inside a
venue, relying either on GPS technology or with localized wireless
networks." The technology, the article says, "helps people find their
way within large buildings, such as malls, stadiums, or airports and
enables marketing directed at a phone's precise location."
How does that geo-location work? Devices in the network's coverage area
are "heard" by more than one radio in those APs (the off-white boxes).
Once the network hears a device from multiple APs, it can compare the
strength and timing of the signal to locate where the device is. This is
classic triangulation, and users of Aruba's AirWave software—as in the
Cabela's example—report that their systems are able to locate devices to
within a few feet.
In the case of large, outdoor installations where APs are more spread
out, the ability to know what devices are passing through is
useful—especially, perhaps, to policing agencies, which could log that
data for long-term storage. As networking products and their uses
continue to evolve, they will only compound the "legal mystery" around
how this technology could and should be used that Pell and Soghoian
described in their Berkeley Technology Law Journal piece. Aruba's mesh
network is state-of-the-art, but something significantly smarter and
more sensitive will surely be on the market this time next year. And who
knows how much better the software will get.
An official spokesperson for Aruba wrote in an e-mail that the company
could not answer The Stranger's questions because they pertained "to a
new product announcement" that would not happen until Thanksgiving.
"Aruba's technology," the spokesperson added, "is designed for indoor
(not outdoor) usage and is for consumer apps where they opt in." This is
in direct contradiction to Aruba's own user's manuals, as well as the
fact that the Seattle Police Department installed an outdoor Aruba mesh
network earlier this year.
One engineer familiar with Aruba products and similar systems—who
requested anonymity—confirmed that the mesh network and its software are
powerful tools. "But like anything," the engineer said, it "can be used
inappropriately... You can easily see how a user might abuse this
ability (network admin has a crush on user X, monitors user X's location
specifically)." As was widely reported earlier this year, such alleged
abuses within the NSA have included a man who spied on nine women over a
five-year period, a woman who spied on prospective boyfriends, a man who
spied on his girlfriend, a husband who spied on his wife, and even a man
who spied on his ex-girlfriend "on his first day of access to the NSA's
surveillance system," according to the Washington Post. The practice was
so common within the NSA, it got its own classification: "LOVEINT."
Other Aruba clients—such as a university IT director, a university vice
president, and systems administrators—around the country confirmed it
wouldn't be difficult to use the mesh network to track the movement of
devices by their MAC addresses, and that building a historical database
of their movements would be relatively trivial from a data-storage
perspective.
As Bruce Burton, an information technology manager at the University of
Cincinnati (which uses an Aruba network), put it in an e-mail: "This
mesh network will have the capability to track devices (MAC addresses)
throughout the city."
Not that the SPD would do that—but we don't know. "We definitely feel
like the public doesn't have a handle on what the capabilities are,"
says Debelak of the ACLU. "We're not even sure the police department
does." It all depends on what the SPD says when it releases its
mesh-network protocols.
"They're long overdue," says Lee Colleton, a systems administrator at
Google who is also a member of the Seattle Privacy Coalition, a
grassroots group that formed in response to SPD's drone and
surveillance-camera controversies. "If we don't deal with this kind of
thing now, and establish norms and policies, we'll find ourselves in an
unpleasant situation down the road that will be harder to change."
The city is already full of surveillance equipment. The Seattle
Department of Transportation, for example, uses license-plate scanners,
sensors embedded in the pavement, and other mechanisms to monitor
individual vehicles and help estimate traffic volume and wait time. "But
as soon as that data is extrapolated," says Adiam Emery of SDOT, "it's
gone." They couldn't turn it over to a judge if they tried.
Not that license-plate scanners have always been so reliable. Doug Honig
of the ACLU remembers a story he heard from a former staffer a couple of
years ago about automatic license-plate readers on police cars in
Spokane. Automatic license-plate readers "will read a chain-link fence
as XXXXX," Honig says, "which at the time also matched the license plate
of a stolen car in Mississippi, resulting in a number of false alerts to
pull over the fence."
Seattle's mesh network is only one instance in a trend of Homeland
Security funding domestic surveillance equipment. Earlier this month,
the New York Times ran a story about a $7 million Homeland Security
grant earmarked for "port security"—just like the SPD's mesh-network
funding—in Oakland.
"But instead," the Times reports, "the money is going to a police
initiative that will collect and analyze reams of surveillance data from
around town—from gunshot- detection sensors in the barrios of East
Oakland to license plate readers mounted on police cars patrolling the
city's upscale hills."
The Oakland "port security" project, which the Times reports was
formerly known as the "Domain Awareness Center," will "electronically
gather data around the clock from a variety of sensors and databases,
analyze that data, and display some of the information on a bank of
giant monitors." The Times doesn't detail what kind of "sensors and
databases" the federally funded "port security" project will pay for,
but perhaps it's something like Seattle's mesh network with its ability
to ping, log, and visually map the movement of devices in and out of its
coverage area.
Which brings up some corollary issues, ones with implications much
larger than the SPD's ability to call up a given time on a given day and
see whether you were at work, at home, at someone's else home, at a bar,
or at a political demonstration: What does it mean when money from a
federal agency like the Department of Homeland Security is being
funneled to local police departments like SPD to purchase and use
high-powered surveillance gear?
For federal surveillance projects, the NSA and other federal spying
organizations have at least some oversight—as flawed as it may be—from
the Foreign Intelligence Surveillance Court (also known as the FISA
court) and the US Congress. But local law enforcement doesn't have that
kind of oversight and, in Seattle at least, has been buying and
installing DHS-funded surveillance equipment without explaining what
it's up to. The city council's surveillance ordinance earlier this year
was an attempt to provide local oversight on that kind of policing, but
it has proven toothless.
It's reasonable to assume that locally gleaned information will be
shared with other organizations, including federal ones. An SPD diagram
of the mesh network, for example, shows its information heading to
institutions large and small, including the King County Sheriff's
Office, the US Coast Guard, and our local fusion center.
Fusion centers, if you're unfamiliar with the term, are
information-sharing hubs, defined by the Department of Homeland Security
as "focal points" for the "receipt, analysis, gathering, and sharing" of
surveillance information.
If federally funded, locally built surveillance systems with little to
no oversight can dump their information in a fusion center—think of it
as a gun show for surveillance, where agencies freely swap information
with little restriction or oversight—that could allow federal agencies
such as the FBI and the NSA to do an end-run around any limitations set
by Congress or the FISA court.
If that's their strategy in Seattle, Oakland, and elsewhere, it's an
ingenious one—instead of maintaining a few high-powered, herculean
surveillance agencies designed to digest an immense amount of traffic
and political scrutiny, the federal government could sprinkle an entire
nation with lots of low-powered surveillance nodes and let them figure
out the best way to route the data by talking to each other. By
diffusing the way the information flows, they can make it flow more
efficiently.
It's an innovative solution—much like the Aruba mesh network itself.
The Department of Homeland Security has not responded to requests for
comment.
--
Dan Staples
Open Technology Institute
https://commotionwireless.net
OpenPGP key: http://disman.tl/pgp.asc
Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9
_______________________________________________
Commotion-discuss mailing list
Commotion-discuss(a)lists.chambana.net
https://lists.chambana.net/mailman/listinfo/commotion-discuss
--
Preston Rhea
Field Analyst, Open Technology Institute
New America Foundation
+1-202-570-9770
Twitter: @prestonrhea
Hi ya'll,
I was up perusing the site and wiki and noticed there's not a
clear/intuitive way to join the mesh.
I understand this undertaking may be more difficult than just completing an
online webform.
However, we could add a page to PeoplesOpen which gives detailed
instructions on how to start the process of adding a new node to the Mesh.
Thoughts?
-Luis
Hi!
Interesting as well.
Mitar
-------- Original Message --------
From: Carolyn Winter <cawinter(a)eecs.berkeley.edu>
Subject: [secreadgroup] TRUST Security Seminar, Harlan Yu, Thursday,
November 14, 1:00 pm
To: trustlocal(a)truststc.org, trustseminar(a)truststc.org,
eecs-announce(a)eecs.berkeley.edu, secreadgroup(a)lists.berkeley.edu
Please join us for the next TRUST
seminar<http://www.truststc.org/seminar/index.html>
:
*Collateral Freedom: A Snapshot of Chinese Internet Users Circumventing
Censorship*
Harlan Yu, Robinson + Yu
Thursday, *November 14,* at 1:00 PM
Soda Hall, Wozniak Lounge
Abstract:
What’s the best way to provide Internet freedom for users in mainland
China? “Collateral Freedom,” a recent report based on a new survey of
Chinese users, found some surprising answers. Many of the purpose-built
Internet freedom tools aimed at dissidents no longer work, while simpler
technologies that are widely used by businesses (such as VPNs) have emerged
as the primary means for individual Chinese users to access censored
information. The most effective strategies rely not on technological
stealth, but instead on leveraging the regime’s commercial incentives,
suggesting that Internet freedom in China may be at least as much a matter
of commercial diplomacy as of human rights. Harlan Yu will discuss the
report's methods, findings, and the next steps coming out of this work.
Bio:
Harlan Yu is a principal at Robinson + Yu, a Washington D.C.-based
consulting firm. His firm works for social sector clients on a range of
technology policy issues, including online privacy and civil rights,
Internet freedom, and open government. He holds a Ph.D. in computer science
from Princeton University, where he was affiliated with its Center for
Information Technology Policy (CITP). He has extensive hands-on experience
at the intersection of technology and policy, including past roles at
Google, the Electronic Frontier Foundation, and the U.S. Department of
Labor. In addition to his Ph.D., he holds a B.S. in electrical engineering
and computer sciences from UC Berkeley.
---
Carolyn Winter
Program Manager, TRUST
University of California, Berkeley
337F Cory Hall, #1774
Berkeley, CA 94720
(510) 643-8425
www.truststc.org
--
http://mitar.tnode.com/https://twitter.com/mitar_m
Hi!
Interesting.
Mitar
-------- Original Message --------
From: Michael Buckland <buckland(a)berkeley.edu>
Subject: [i-announce@ischool] Friday Afternoon Seminar: Nov 15: Nick
Merrill & Clifford Lynch
To: friday(a)ischool.berkeley.edu, I School Announcement
<i-announce(a)ischool.berkeley.edu>
FRIDAY AFTERNOON SEMINAR ON INFORMATION ACCESS.
South Hall 107, Fridays 3-5 pm
http://courses.ischool.berkeley.edu/i296a-ia/f13/schedule.html
Open to the public. Everyone interested is welcome!
*Friday, Nov 15: Nick MERRILL and Clifford LYNCH.
Nick MERRILL: Alternative Visions of Internet Connectivity.*
A short progress report will include discussion on the following
projects:
- /Namecoin/, a widely distributed DNS that relies on a proof-of-work
cryptosystem to align the database over many peers;
- /tent.io/ - a novel approach to cloud-based application development
in which users store their personal data locally; and
- /commotion wireless/, a cross-platform mesh network protcol with
its eye on more than simple router replacement; and
- /vole/ and its cousin /idas blue/ with shoutout to /blogracy/ ---
attempts at peer-to-peer messaging that seem to slip below the great
firewall of China.
* Clifford LYNCH: The Failure of Stewardship Organizations and the
Transfer or Conservation of Cultural Materials.*
Continued from Sept 27: In the past decade or so, we've seen many
examples of stewardship organizations abandoning their management of
collections, usually for economic reasons. In some cases, these
situations raise very interesting governance, legal and public policy
problems as well as financial and operational issues. In this
discussion, I'll examine a number of representative case studies, and
focus on how the ability to create very high quality digital
representations of physical items or collections may change the
situation. Time permitting, I'll also begin a discussion of how these
situations may play out when the collections are themselves inherently
digital.
FORTHCOMING
Friday, Nov 22 in South Hall 205: Change of program: Marilyn
TREMAINE: Investigating What Makes 3D Visualizations Difficult.
Friday, Nov 29: Thanksgiving: No seminar meeting.
Friday, Dec 6: Nick MERRILL: Alternative Visions of Internet
Connectivity.
Karen SMITH-YOSHIMURA: Registering Researchers in Authority Files.
--
Michael Buckland, School of Information,
University of California, Berkeley, CA 94720-4600
(510) 642 3159 buckland(a)ischool.berkeley.edu
http://www.berkeley.edu/~buckland
Co-Director, Electronic Cultural Atlas Initiative
--
http://mitar.tnode.com/https://twitter.com/mitar_m
*He wants to follow her around the city or simply learn where she lives.
Using the node map, which includes node IP addresses (or because he simply
drove around the city and mapped them out himself) he knows the IP/MAC to
physical location mapping of all nodes.*
I think this is a concern. I don't think anybody wants to go from the
government having this ability to anybody having this ability. I'm not sure
the best idea of implementing this, but what it sounds like it comes down
to is the identifier. We need something on the mesh which will allow 1)
nodes communicate to nodes on the mesh and 2) nodes communicate to nodes
through the internet (via a tunnelling program). Currently batman does this
with MAC addresses, however, as we mentioned in a previous meeting, you can
have duplicate MAC addresses because of the manufacturer (most likely
problem) or randomly generated. I think it's possible to do the following:
Client <-- MAC addresses --> Node
Node <-- unique keys --> Node
Exit Node < -- IP addresses --> Internet (or Tor Network)
In the same way that the exit node serves as a barrier for the mesh to the
internet, I think a node can do the same for MAC addresses of phones and
it's locally connected devices. This should eliminate the need for
disabling the traceroute function, which from what understand needs to be
there in order for batman to determine a reliable and quick connection
between nodes. The only complication I can think of being able to create
your own unique key is to verify on the network that it's unique. It
probably can be figured out with working with the DAT files.
http://www.open-mesh.org/projects/batman-adv/wiki/DistributedArpTable
*I see the localization possibilities as a feature which can empower local
communities, where users can get services and content based on where in the
mesh network they are. I see mesh networks as connections between people.*
Agreed! I don't think by being the protocol to be anonymous makes it so
that you have to remain anonymous. It just allows you to be anonymous by
default. In my mind, I think it would be amazing to implement into the
protocol something comparable to the networks on social media sites. Such
that, I have a unique key as my address on the mesh, I run a server from my
node and I want people to have access to it. However, maybe I have very
good reason to want to change my key every couple of days, but I want to a
specific group of nodes to know my address change. Then I think it would be
important to allow that node update this group of nodes with your key
change, once verified with the network as being unique. Or as mentioned,
only sharing your key to a group of nodes (or a certain number of hops)
then the packets being carried out by another identifier beyond that point.
All that being said... I'm still learning and this may not work at all.
Feedback please! :)
On Mon, Nov 11, 2013 at 2:36 AM, <mesh-request(a)lists.sudoroom.org> wrote:
> Send mesh mailing list submissions to
> mesh(a)lists.sudoroom.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.sudoroom.org/listinfo/mesh
> or, via email, send a message with subject or body 'help' to
> mesh-request(a)lists.sudoroom.org
>
> You can reach the person managing the list at
> mesh-owner(a)lists.sudoroom.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of mesh digest..."
>
>
> Today's Topics:
>
> 1. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for
> surveillance? (Marc Juul)
> 2. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for
> surveillance? (Mitar)
> 3. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for
> surveillance? (Marc Juul)
> 4. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for
> surveillance? (Mitar)
> 5. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for
> surveillance? (Marc Juul)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 10 Nov 2013 21:22:32 -0800
> From: Marc Juul <juul(a)labitat.dk>
> To: rhodey <rhodey(a)anhonesteffort.org>
> Cc: "mesh(a)lists.sudoroom.org" <mesh(a)lists.sudoroom.org>
> Subject: Re: [Mesh] Fwd: [Commotion-discuss] Seattle Police mesh
> network for surveillance?
> Message-ID:
> <CAL4ejvRY+Specdgjh_w1hOfHY==BP8t5+3n4=
> HwH_gBCWf+OPw(a)mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> On Sun, Nov 10, 2013 at 5:00 PM, rhodey <rhodey(a)anhonesteffort.org> wrote:
>
> > > Not really. Routing protocol measures packet loss from all neighboring
> > > nodes to the client to determine how to best route traffic to the
> > > client. You can possible use this as a signal strength indicator.
> >
> > Aha! Awesome idea Mitar, very tricky. Now we need to configure mesh
> > nodes to arbitrarily drop packets :P
> >
> > > You can maybe try to repurpose ARP proxy support in Linux:
> > >
> > > https://en.wikipedia.org/wiki/Proxy_ARP
> >
> > Thanks, I'll take a look.
> >
>
> It seems to me that both of these solutions are likely to degrade the
> performance of the mesh.
>
> Creating a bunch of fake nodes with fake MAC addresses could make it more
> difficult to initially identify the MAC address of a target node (because
> it is easy to associate a MAC with a physical device if there is only one
> device in that area), but I don't think it would actually accomplish much,
> since most modern operating systems broadcast stuff like their hostnames
> and shared files/music. It's often easy to associate a host and MAC/IP.
> Once you know the MAC of your target, you can track them until they change
> their MAC. Perhaps it would benefit people who often change their MAC
> address. It would cause a lot of extra network-wide broadcast of
> originator-messages.
>
> Perhaps there is a better way to deal with the problem. If I understand
> batman-adv correctly, no node requires knowledge of anything but the next
> hop for every destination. This should mean that we don't need the layer 2
> traceroute functionality that batman-adv includes. If we change batman-adv
> such that a node can only ever know the next hop for a given destination,
> that leaks limited location information (though it could leak info such as
> general location if e.g. you're in west oakland and you're simultaneously
> connected to a node that only links to berkeley and another that only links
> to east oakland). If we need the layer 2 traceroute as network admins, then
> we can implement crypto such that nodes only respond to layer 2 traceroutes
> if request has a valid signature. This would not be very difficult since
> Linux Kernel 3.7+ implements RSA signature verification.
>
> --
> Marc/Juul
>
>
> > --
> > -- rhodey ? ???
> >
> > On 11/10/2013 04:57 PM, Mitar wrote:
> > > Hi!
> > >
> > >> We can ensure that IP addresses are cycled frequent enough because
> > >> we'll have control over a majority of the DHCP servers on the mesh so
> > >> I'll be focusing on MAC addresses.
> > >
> > > Not to mention that IP addresses will be private and there will be NAT
> > > for Internet.
> > >
> > > And for IPv6 you will probably use autoconfiguration based on the MAC
> > > anyway, no?
> > >
> > > So the question is just MAC at the end.
> > >
> > >> It is important to realize that only mesh nodes (access points) have
> > >> *potential* knowledge of signal strength
> > >
> > > Not really. Routing protocol measures packet loss from all neighboring
> > > nodes to the client to determine how to best route traffic to the
> > > client. You can possible use this as a signal strength indicator.
> > >
> > > Depending on the routing protocol this information might not be
> > > available further down the routing path. In BATMAN I believe only
> direct
> > > neighbors know this information.
> > >
> > > But on the other hand, you often want to collect this information
> > > globally to be able to improve network performance. But we could be
> > > collecting this information in a way that clients are anonymized, while
> > > we still get link/topology data.
> > >
> > >> To increase user privacy I would like to experiment with a MAC address
> > >> spoofing service that could run on mesh nodes or volunteer hosts.
> > >
> > > You can maybe try to repurpose ARP proxy support in Linux:
> > >
> > > https://en.wikipedia.org/wiki/Proxy_ARP
> > >
> > >> But it is not that simple of course, because spoofed MAC addresses
> > >> need to persist just as legitimate MAC addresses do, and move about
> > >> in the physical world (connect to different mesh nodes) just as other
> > >> legitimate users will.
> > >
> > > And of course produce unique traffic as well.
> > >
> > >
> > > Mitar
> > >
> > _______________________________________________
> > mesh mailing list
> > mesh(a)lists.sudoroom.org
> > http://lists.sudoroom.org/listinfo/mesh
> >
>
Okay, that's very true. Then what about interfacing nodes with clients on
MAC addresses, but then node to node with a different address? Wouldn't
that provide similar security as to what we're trying to do with exit
nodes? The MAC address for the phones only being known to the node, but
then not using it for delivery throughout the mesh.
On Sun, Nov 10, 2013 at 4:39 PM, <mesh-request(a)lists.sudoroom.org> wrote:
> Send mesh mailing list submissions to
> mesh(a)lists.sudoroom.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.sudoroom.org/listinfo/mesh
> or, via email, send a message with subject or body 'help' to
> mesh-request(a)lists.sudoroom.org
>
> You can reach the person managing the list at
> mesh-owner(a)lists.sudoroom.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of mesh digest..."
>
>
> Today's Topics:
>
> 1. Re: Changing your MAC address (rhodey)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 10 Nov 2013 16:39:22 -0800
> From: rhodey <rhodey(a)anhonesteffort.org>
> To: mesh(a)lists.sudoroom.org
> Subject: Re: [Mesh] Changing your MAC address
> Message-ID: <5280273A.6060804(a)anhonesteffort.org>
> Content-Type: text/plain; charset=UTF-8
>
> >> does it have to be a MAC address?
>
> Yes. We only (at most) have control of the mesh nodes (access points) in
> our network-- not the mesh clients (desktop, laptop, cellphone).
>
> Desktops, laptops, cellphones all have networking stacks and they will
> all use a MAC address. If they are cellphones it is likely that the MAC
> address cannot be changed/spoofed without rooting the OS (not user
> friendly).
>
> --
> -- rhodey ?????
>
> On 11/10/2013 04:31 PM, Jeremy Entwistle wrote:
> > Well, one question that's been on my mind is does it have to be a MAC
> > address? I think ideally we would have something comparable to a
> > fingerprint or randomly generated addresses that are assigned by the
> > network. Also, in looking at SSL vs pre-shared keys, apparently its
> > slower and more demanding of our resources to use SSL... but at the same
> > time, I'm not sure how to securely distribute and verify pre-shared keys
> > throughout a network. Also, it seems to me that speed and preventing any
> > latency on the network is more important than the key itself, because
> > anybody can join the network, and there's the possibility of generating
> > keys every couple of hours.
> >
> > I guess what I'm saying is that the internet depends on IPs, Meshes have
> > been dependent on MACs, but I don't see why we have to depend on either.
> >
> >
> > On Sun, Nov 10, 2013 at 3:54 PM, Mitar <mitar(a)tnode.com
> > <mailto:mitar@tnode.com>> wrote:
> >
> > Hi!
> >
> > So we might create an app for people to install to change MAC
> addresses
> > randomly. :-) So a privacy preserving app for mesh networks.
> >
> > It would make sure that your WiFi does not broadcast a list of known
> > networks as well.
> >
> >
> > Mitar
> >
> > > I looked into this awhile ago and it's very easy to change mac
> > addresses.
> > > Kali Linux Tutorials: How to Change or Spoof a MAC Address
> > > https://www.youtube.com/watch?v=JyP8aGtPZpA
> > >
> > >
> > > On Sun, Nov 10, 2013 at 3:03 PM, <mesh-request(a)lists.sudoroom.org
> > <mailto:mesh-request@lists.sudoroom.org>> wrote:
> > >
> > >> Send mesh mailing list submissions to
> > >> mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org>
> > >>
> > >> To subscribe or unsubscribe via the World Wide Web, visit
> > >> http://lists.sudoroom.org/listinfo/mesh
> > >> or, via email, send a message with subject or body 'help' to
> > >> mesh-request(a)lists.sudoroom.org
> > <mailto:mesh-request@lists.sudoroom.org>
> > >>
> > >> You can reach the person managing the list at
> > >> mesh-owner(a)lists.sudoroom.org
> > <mailto:mesh-owner@lists.sudoroom.org>
> > >>
> > >> When replying, please edit your Subject line so it is more
> specific
> > >> than "Re: Contents of mesh digest..."
> > >>
> > >>
> > >> Today's Topics:
> > >>
> > >> 1. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for
> > >> surveillance? (rhodey)
> > >>
> > >>
> > >>
> >
> ----------------------------------------------------------------------
> > >>
> > >> Message: 1
> > >> Date: Sun, 10 Nov 2013 15:03:01 -0800
> > >> From: rhodey <rhodey(a)anhonesteffort.org
> > <mailto:rhodey@anhonesteffort.org>>
> > >> To: mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org>
> > >> Subject: Re: [Mesh] Fwd: [Commotion-discuss] Seattle Police mesh
> > >> network for surveillance?
> > >> Message-ID: <528010A5.8030704(a)anhonesteffort.org
> > <mailto:528010A5.8030704@anhonesteffort.org>>
> > >> Content-Type: text/plain; charset=UTF-8
> > >>
> > >> Police, govt, and other evil adversaries are free to setup their
> own
> > >> hardware, their own mesh, the idea is not to prevent this but to
> > prevent
> > >> the use of good mesh networks for evil. I want to give more
> > thought to
> > >> this subject sometime in the near future but for now this is what
> > I have...
> > >>
> > >> The major concern here (as I see it) is the persistence of MAC
> > >> addresses. The average user does not know how to change their MAC
> > >> address and in the case of most mobile devices it is not possible
> to
> > >> change the MAC address. We can ensure that IP addresses are cycled
> > >> frequent enough because we'll have control over a majority of the
> > DHCP
> > >> servers on the mesh so I'll be focusing on MAC addresses.
> > >>
> > >> In any local network a MAC address can be associated with network
> > >> traffic, the obvious solution here is to use encryption. The
> problem
> > >> with MAC addresses in a mesh network is that they could also be
> > >> associated with a location.
> > >>
> > >> On any layer 2 network it is possible for any connected host to
> > >> determine the route to any other host using a MAC address as an
> > >> identifier. Because mesh nodes have a fixed (and likely known)
> > physical
> > >> location it can be assumed that the last hop in the route
> > corresponds to
> > >> the physical location of the specific host.
> > >>
> > >> It is important to realize that only mesh nodes (access points)
> have
> > >> *potential* knowledge of signal strength and other 802.11
> > broadcast type
> > >> frames-- sure Oakland PD can setup a device to listen to all
> 802.11
> > >> traffic, but remember we're only focusing on how existing
> > hardware can
> > >> be abused. So, one host *cannot* triangulate the location of
> another
> > >> host. *From the perspective of a host on the mesh, a host can
> only be
> > >> connected to one mesh node or disconnected from the network.* In
> the
> > >> context of physical location, the privacy of a host on the mesh
> is a
> > >> function of the area covered by the mesh node it is connected to.
> > >>
> > >> To increase user privacy I would like to experiment with a MAC
> > address
> > >> spoofing service that could run on mesh nodes or volunteer hosts.
> The
> > >> service would basically pretend to be just another host on the
> > network
> > >> identified by some MAC address. The service could intelligently
> spawn
> > >> fake hosts depending on the number of other hosts connected to the
> > >> shared mesh node. Mesh nodes with fewer connected hosts need more
> > >> spoofed hosts to increase privacy, etc. But it is not that simple
> of
> > >> course, because spoofed MAC addresses need to persist just as
> > legitimate
> > >> MAC addresses do, and move about in the physical world (connect to
> > >> different mesh nodes) just as other legitimate users will. I've
> > thought
> > >> some of this through but it is a large undertaking that needs
> further
> > >> planning.
> > >>
> > >> Another thing to keep in mind is that although MAC addresses
> could be
> > >> used as a persistent identifier *they alone do not represent any
> > >> identity.* It is not until an adversary obtains additional
> > information
> > >> that a MAC address could be used to identify an individual
> > person. Not
> > >> to say the surveillance of pseudo-anonymous individual and group
> > >> movement is negligible, just pointing this out.
> > >>
> > >> In conclusion (for now) by keeping our software and build
> > processes open
> > >> we can convince reasonable users that it is not possible for us
> > to track
> > >> them with more than neighborhood level accuracy. If we go further
> and
> > >> deploy something like the MAC spoofing service it could be
> > possible to
> > >> extend this guarantee further. I think it is also likely that
> > this MAC
> > >> spoofing service could be designed to prevent/degrade 802.11 style
> > >> surveillance by hardware outside our control.
> > >>
> > >> --
> > >> -- rhodey ?????
> > >>
> > >> On 11/10/2013 11:44 AM, Steve Berl wrote:
> > >>> Couldn't a community mesh network be suspected of having the
> > same sort
> > >>> of tracking abilities?
> > >>> How do we convince potential mesh network users that we aren't
> > >>> collecting location data on them?
> > >>>
> > >>> Steve
> > >>>
> > >>>
> > >>> On Friday, November 8, 2013, Jenny Ryan wrote:
> > >>>
> > >>>
> > >>>
> > >>> ---------- Forwarded message ----------
> > >>> From: *Preston Rhea* <prestonrhea(a)opentechinstitute.org
> > <mailto:prestonrhea@opentechinstitute.org>
> > >>> <javascript:_e({}, 'cvml',
> > 'prestonrhea(a)opentechinstitute.org
> > <mailto:prestonrhea@opentechinstitute.org>');>>
> > >>> Date: Thu, Nov 7, 2013 at 6:49 AM
> > >>> Subject: Fwd: [Commotion-discuss] Seattle Police mesh
> > network for
> > >>> surveillance?
> > >>> To: Jenny Ryan <jenny(a)thepyre.org <mailto:jenny@thepyre.org>
> > <javascript:_e({}, 'cvml',
> > >>> 'jenny(a)thepyre.org <mailto:jenny@thepyre.org>');>>, Shaun
> > Houlihan <shaunhoulihan(a)gmail.com <mailto:shaunhoulihan@gmail.com>
> > >>> <javascript:_e({}, 'cvml', 'shaunhoulihan(a)gmail.com
> > <mailto:shaunhoulihan@gmail.com>');>>
> > >>>
> > >>>
> > >>> Thought this would interest y'all, I don't know if you are
> > already on
> > >>> the Commotion listserv Jenny.
> > >>>
> > >>>
> > >>> ---------- Forwarded message ----------
> > >>> From: Dan Staples <danstaples(a)opentechinstitute.org
> > <mailto:danstaples@opentechinstitute.org>
> > >>> <javascript:_e({}, 'cvml', 'danstaples(a)opentechinstitute.org
> > <mailto:danstaples@opentechinstitute.org>');>>
> > >>> Date: Wed, Nov 6, 2013 at 9:32 PM
> > >>> Subject: [Commotion-discuss] Seattle Police mesh network for
> > >>> surveillance?
> > >>> To: commotion-discuss <commotion-discuss(a)lists.chambana.net
> > <mailto:commotion-discuss@lists.chambana.net>
> > >>> <javascript:_e({}, 'cvml',
> > 'commotion-discuss(a)lists.chambana.net
> > <mailto:commotion-discuss@lists.chambana.net>
> > >> ');>>
> > >>>
> > >>>
> > >>>
> > >>
> >
> http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143…
> > >>>
> > >>> You Are a Rogue Device
> > >>> A New Apparatus Capable of Spying on You Has Been Installed
> > >> Throughout
> > >>> Downtown Seattle. Very Few Citizens Know What It Is, and
> > Officials
> > >> Don?t
> > >>> Want to Talk About It.
> > >>>
> > >>> by Matt Fikse-Verkerk and Brendan Kiley
> > >>>
> > >>> If you're walking around downtown Seattle, look up: You'll
> see
> > >> off-white
> > >>> boxes, each one about a foot tall with vertical antennae,
> > attached to
> > >>> utility poles. If you're walking around downtown while
> > looking at a
> > >>> smartphone, you will probably see at least one?and more
> > likely two or
> > >>> three?Wi-Fi networks named after intersections: "4th&Seneca,"
> > >>> "4th&Union," "4th&University," and so on. That is how you
> > can see the
> > >>> Seattle Police Department's new wireless mesh network,
> > bought from a
> > >>> California-based company called Aruba Networks, whose
> > clients include
> > >>> the Department of Defense, school districts in Canada,
> > oil-mining
> > >>> interests in China, and telecommunications companies in
> > Saudi Arabia.
> > >>>
> > >>> The question is: How well can this mesh network see you?
> > >>>
> > >>> How accurately can it geo-locate and track the movements of
> your
> > >> phone,
> > >>> laptop, or any other wireless device by its MAC address (its
> > "media
> > >>> access control address"?nothing to do with Macintosh?which is
> > >> analogous
> > >>> to a device's thumbprint)? Can the network send that
> > information to a
> > >>> database, allowing the SPD to reconstruct who was where at
> > any given
> > >>> time, on any given day, without a warrant? Can the network
> > see you
> > >> now?
> > >>>
> > >>> The SPD declined to answer more than a dozen questions from
> The
> > >>> Stranger, including whether the network is operational, who
> has
> > >> access
> > >>> to its data, what it might be used for, and whether the SPD
> > has used
> > >> it
> > >>> (or intends to use it) to geo-locate people's devices via
> > their MAC
> > >>> addresses or other identifiers.
> > >>>
> > >>> Seattle Police detective Monty Moss, one of the leaders of
> the
> > >>> mesh-network project?one part of a $2.7 million effort, paid
> > for by
> > >> the
> > >>> Department of Homeland Security?wrote in an e-mail that the
> > >> department
> > >>> "is not comfortable answering policy questions when we do
> > not yet
> > >> have a
> > >>> policy." But, Detective Moss added, the SPD "is actively
> > >> collaborating
> > >>> with the mayor's office, city council, law department, and
> > the ACLU
> > >> on a
> > >>> use policy." The ACLU, at least, begs to differ: "Actively
> > >>> collaborating" is not how they would put it. Jamela Debelak,
> > >> technology
> > >>> and liberty director of the Seattle office, says the ACLU
> > submitted
> > >>> policy-use suggestions months ago and has been waiting for a
> > >> response.
> > >>>
> > >>> Detective Moss also added that the mesh network would not be
> > used for
> > >>> "surveillance purposes... without City Council's approval
> > and the
> > >>> appropriate court authorization." Note that he didn't say
> > the mesh
> > >>> network couldn't be used for the surveillance functions we
> asked
> > >> about,
> > >>> only that it wouldn't?at least until certain people in power
> > say it
> > >> can.
> > >>> That's the equivalent of a "trust us" and a handshake.
> > >>>
> > >>> His answer is inadequate for other reasons as well. First,
> > the city
> > >>> council passed an ordinance earlier this year stating that
> any
> > >> potential
> > >>> surveillance equipment must submit protocols to the city
> > council for
> > >>> public review and approval within 30 days of its acquisition
> and
> > >>> implementation. This mesh network has been around longer
> > than that,
> > >> as
> > >>> confirmed by Cascade Networks, Inc., which helped install
> > it. Still,
> > >> the
> > >>> SPD says it doesn't have a policy for its use yet. Mayor
> > McGinn's
> > >> office
> > >>> says it expects to see draft protocols sometime in
> > December?nearly
> > >> nine
> > >>> months late, according to the new ordinance.
> > >>>
> > >>> Second, and more importantly, this mesh network is part of a
> > whole
> > >> new
> > >>> arsenal of surveillance technologies that are moving faster
> > than the
> > >>> laws that govern them are being written. As Stephanie K.
> > Pell (former
> > >>> counsel to the House Judiciary Committee) and Christopher
> > Soghoian
> > >>> (senior policy analyst at the ACLU) wrote in a 2012 essay
> > for the
> > >>> Berkeley Technology Law Journal:
> > >>>
> > >>> The use of location information by law enforcement
> > agencies is
> > >>> common and becoming more so as technological improvements
> enable
> > >>> collection of more accurate and precise location data. The
> legal
> > >> mystery
> > >>> surrounding the proper law enforcement access standard for
> > >> prospective
> > >>> location data remains unsolved. This mystery, along with
> > conflicting
> > >>> rulings over the appropriate law enforcement access
> > standards for
> > >> both
> > >>> prospective and historical location data, has created a
> messy,
> > >>> inconsistent legal landscape where even judges in the same
> > district
> > >> may
> > >>> require law enforcement to meet different standards to compel
> > >> location
> > >>> data.
> > >>>
> > >>> In other words, law enforcement has new tools?powerful
> tools. We
> > >> didn't
> > >>> ask for them, but they're here. And nobody knows the rules
> > for how
> > >> they
> > >>> should be used.
> > >>>
> > >>> This isn't the first time the SPD has purchased surveillance
> > >> equipment
> > >>> (or, as they might put it, public-safety equipment that
> > happens to
> > >> have
> > >>> powerful surveillance capabilities) without telling the rest
> > of the
> > >>> city. There was the drones controversy this past winter,
> > when the
> > >> public
> > >>> and elected officials discovered that the SPD had bought two
> > unmanned
> > >>> aerial vehicles with the capacity to spy on citizens. There
> > was an
> > >>> uproar, and a few SPD officers embarked on a mea culpa tour
> of
> > >> community
> > >>> meetings where they answered questions and endured (sometimes
> > >> raucous)
> > >>> criticism. In February, Mayor Mike McGinn announced he was
> > grounding
> > >> the
> > >>> drones, but a new mayor could change his mind. Those SPD
> > drones are
> > >>> sitting somewhere right now on SPD property.
> > >>>
> > >>> Meanwhile, the SPD was also dealing with the port-camera
> > surveillance
> > >>> scandal. That kicked off in late January, when people in
> > West Seattle
> > >>> began wondering aloud about the 30 cameras that had appeared
> > >> unannounced
> > >>> on utility poles along the waterfront. The West Seattle
> > neighborhood
> > >>> blog (westseattleblog.com <http://westseattleblog.com>
> > <http://westseattleblog.com>) sent
> > >>> questions to city utility companies, and
> > >>> the utilities in turn pointed at SPD, which eventually
> > admitted that
> > >> it
> > >>> had purchased and installed 30 surveillance cameras with
> federal
> > >> money
> > >>> for "port security." That resulted in an additional uproar
> and
> > >> another
> > >>> mea culpa tour, much like they did with the drones, during
> which
> > >>> officers repeated that they should have done a better job of
> > >> educating
> > >>> the public about what they were up to with the cameras on
> Alki.
> > >>> (Strangely, the Port of Seattle and the US Coast Guard
> > didn't seem
> > >> very
> > >>> involved in this "port security" project?their names only
> > appear in a
> > >>> few cursory places in the budgets and contracts. The SPD is
> > clearly
> > >> the
> > >>> driving agency behind the project. For example, their early
> > tests of
> > >>> sample Aruba products?beginning with a temporary Aruba mesh
> > network
> > >> set
> > >>> up in Pioneer Square for Mardi Gras in 2009?didn't have
> > anything to
> > >> do
> > >>> with the port whatsoever.)
> > >>>
> > >>> The cameras attracted the controversy, but they were only
> > part of the
> > >>> project. In fact, the 30 pole-mounted cameras on Alki that
> > caused the
> > >>> uproar cost $82,682?just 3 percent of the project's $2.7
> million
> > >>> Homeland Security?funded budget. The project's full title
> > was "port
> > >>> security video surveillance system with wireless mesh
> network."
> > >> People
> > >>> raised a fuss about the cameras. But what about the mesh
> > network?
> > >>>
> > >>> Detective Moss and Assistant Chief Paul McDonagh mentioned
> the
> > >> downtown
> > >>> mesh network during those surveillance-camera community
> > meetings,
> > >> saying
> > >>> it would help cops and firefighters talk to each other by
> > providing a
> > >>> wireless network for their exclusive use, with the potential
> for
> > >> others
> > >>> to use overlaid networks handled by the same equipment.
> (Two-way
> > >> radios
> > >>> already allow police officers to talk to each other, but
> > officers
> > >> still
> > >>> use wireless networks to access data, such as the
> information an
> > >> officer
> > >>> looks for by running your license plate number when you've
> been
> > >> pulled
> > >>> over.)
> > >>>
> > >>> As Brian Magnuson of Cascade Networks, Inc., which helped
> > install the
> > >>> Aruba system, explained the possible use of such a system:
> > "A normal
> > >>> cell-phone network is a beautiful thing right up until the
> > time you
> > >>> really need it?say you've just had an earthquake or a large
> > storm,
> > >> and
> > >>> then what happens? Everybody picks up their phone and
> > overloads the
> > >>> system." The network is most vulnerable precisely when it's
> most
> > >> needed.
> > >>> A mesh network could be a powerful tool for streaming video
> from
> > >>> surveillance cameras or squad car dash-cams across the
> network,
> > >> allowing
> > >>> officers "real-time situational awareness" even when other
> > >> communication
> > >>> systems have been overloaded, as Detective Moss explained in
> > those
> > >>> community meetings.
> > >>>
> > >>> But the Aruba mesh network is not just for talking, it's
> > also for
> > >>> tracking.
> > >>>
> > >>> After reviewing Aruba's technical literature, as well as
> > talking to
> > >> IT
> > >>> directors and systems administrators around the country who
> > work with
> > >>> Aruba products, it's clear that their networks are adept at
> > seeing
> > >> all
> > >>> the devices that move through their coverage area and
> visually
> > >> mapping
> > >>> the locations of those devices in real time for the system
> > >>> administrators' convenience. In fact, one of Aruba's major
> > selling
> > >>> points is its ability to locate "rogue" or "unassociated"
> > >> devices?that
> > >>> is, any device that hasn't been authorized by (and maybe
> > hasn't even
> > >>> asked to be part of) the network.
> > >>>
> > >>> Which is to say, your device. The cell phone in your pocket,
> for
> > >>> instance.
> > >>>
> > >>> The user's guide for one of Aruba's recent software products
> > states:
> > >>> "The wireless network has a wealth of information about
> > unassociated
> > >> and
> > >>> associated devices." That software includes "a location
> > engine that
> > >>> calculates associated and unassociated device location every
> 30
> > >> seconds
> > >>> by default... The last 1,000 historical locations are stored
> > for each
> > >>> MAC address."
> > >>>
> > >>> For now, Seattle's mesh network is concentrated in the
> > downtown area.
> > >>> But the SPD has indicated in PowerPoint presentations?also
> > acquired
> > >> by
> > >>> The Stranger?that it hopes to eventually have "citywide
> > deployment"
> > >> of
> > >>> the system that, again, has potential surveillance
> > capabilities that
> > >> the
> > >>> SPD declined to answer questions about. That could give a
> > whole new
> > >>> meaning to the phrase "real-time situational awareness."
> > >>>
> > >>> So how does Aruba's mesh network actually function?
> > >>>
> > >>> Each of those off-white boxes you see downtown is a wireless
> > access
> > >>> point (AP) with four radios inside it that work to shove
> giant
> > >> amounts
> > >>> of data to, through, and around the network, easily handling
> > >>> bandwidth-hog uses such as sending live, high-resolution
> > video to or
> > >>> from moving vehicles. Because this grid of APs forms a
> > latticelike
> > >> mesh,
> > >>> it works like the internet itself, routing traffic around
> > bottlenecks
> > >>> and "self-healing" by sending traffic around components that
> > fail.
> > >>>
> > >>> As Brian Magnuson at Cascade Networks explains: "When you
> > have 10
> > >> people
> > >>> talking to an AP, no problem. If you have 50, that's a
> problem."
> > >> Aruba's
> > >>> mesh solution is innovative?instead of building a few
> > high-powered,
> > >>> herculean APs designed to withstand an immense amount of
> > traffic,
> > >> Aruba
> > >>> sprinkles a broad area with lots of lower-powered APs and
> > lets them
> > >>> figure out the best way to route all the data by talking to
> each
> > >> other.
> > >>>
> > >>> Aruba's technology is considered cutting-edge because its
> > systems are
> > >>> easy to roll out, administer, and integrate with other
> > systems, and
> > >> its
> > >>> operating system visualizes what's happening on the network
> in a
> > >> simple,
> > >>> user-friendly digital map. The company is one of many firms
> > in the
> > >>> networking business, but, according to the tech-ranking firm
> > Gartner,
> > >>> Aruba ranks second (just behind Cisco) in "completeness of
> > vision"
> > >> and
> > >>> third in "ability to execute" for its clever ways of getting
> > around
> > >>> technical hurdles.
> > >>>
> > >>> Take Candlestick Park, the San Francisco 49ers football
> stadium,
> > >> which,
> > >>> Magnuson says, is just finishing up an Aruba mesh network
> > >> installation.
> > >>> The stadium has high-intensity cellular service needs?70,000
> > people
> > >> can
> > >>> converge there for a single event in one of the most
> high-tech
> > >> cities in
> > >>> America, full of high-powered, newfangled devices. "Aruba's
> > solution
> > >> was
> > >>> ingenious," Magnuson says. It put 640 low-power APs under the
> > >> stadium's
> > >>> seats to diffuse the data load. "If you're at the stadium
> > and trying
> > >> to
> > >>> talk to an AP," Magnuson says, "you're probably sitting on
> it!"
> > >>>
> > >>> Another one of Aruba's selling points is its ability to
> > detect rogue
> > >>> devices?strangers to the system. Its promotional "case
> studies"
> > >> trumpet
> > >>> this capability, including one report about Cabela's hunting
> and
> > >>> sporting goods chain, which is an Aruba client: "Because
> > Cabela's
> > >> stores
> > >>> are in central shopping areas, the company captures huge
> > quantities
> > >> of
> > >>> rogue data?as many as 20,000 events per day, mostly from
> > neighboring
> > >>> businesses." Aruba's network is identifying and
> > distinguishing which
> > >>> devices are allowed on the Cabela's network and which are
> > within the
> > >>> coverage area but are just passing through. The case study
> also
> > >>> describes how Cabela's Aruba network was able to locate a
> lost
> > >>> price-scanner gun in a large warehouse by mapping its
> > location, as
> > >> well
> > >>> as track employees by the devices they were carrying.
> > >>>
> > >>> It's one thing for a privately owned company to register
> > devices it
> > >>> already owns with a network. It's another for a local police
> > >> department
> > >>> to scale up that technology to blanket an entire downtown?or
> an
> > >>> entire city.
> > >>>
> > >>> Aruba also sells a software product called "Analytics and
> > Location
> > >>> Engine 1.0." According to a document Aruba has created about
> the
> > >>> product, ALE "calculates the location of associated and
> > unassociated
> > >>> wifi devices... even though a device has not associated to
> the
> > >> network,
> > >>> information about it is available. This includes the MAC
> > address,
> > >>> location, and RSSI information." ALE's default setting is
> > anonymous,
> > >>> which "allows for unique user tracking without knowing who
> the
> > >>> individual user is." But, Aruba adds in the next sentence,
> > >> "optionally
> > >>> the anonymization can be disabled for richer analytics and
> user
> > >> behavior
> > >>> tracking." The network has the ability to see who you
> > are?how deeply
> > >> it
> > >>> looks is up to whoever's using it. (The Aruba technology, as
> > far as
> > >> we
> > >>> know, does not automatically associate a given MAC address
> > with the
> > >> name
> > >>> on the device's account. But figuring out who owns the
> > account?by
> > >> asking
> > >>> a cell-phone company, for example?would not be difficult for
> a
> > >>> law-enforcement agency.)
> > >>>
> > >>> Geo-location seems to be an area of intense interest for
> > Aruba. Last
> > >>> week, the Oregonian announced that Aruba had purchased a
> > Portland
> > >>> mapping startup called Meridian, which, according to the
> > article, has
> > >>> developed software that "pinpoints a smartphone's location
> > inside a
> > >>> venue, relying either on GPS technology or with localized
> > wireless
> > >>> networks." The technology, the article says, "helps people
> > find their
> > >>> way within large buildings, such as malls, stadiums, or
> > airports and
> > >>> enables marketing directed at a phone's precise location."
> > >>>
> > >>> How does that geo-location work? Devices in the network's
> > coverage
> > >> area
> > >>> are "heard" by more than one radio in those APs (the
> off-white
> > >> boxes).
> > >>> Once the network hears a device from multiple APs, it can
> > compare the
> > >>> strength and timing of the signal to locate where the device
> is.
> > >> This is
> > >>> classic triangulation, and users of Aruba's AirWave
> > software?as in
> > >> the
> > >>> Cabela's example?report that their systems are able to locate
> > >> devices to
> > >>> within a few feet.
> > >>>
> > >>> In the case of large, outdoor installations where APs are
> > more spread
> > >>> out, the ability to know what devices are passing through is
> > >>> useful?especially, perhaps, to policing agencies, which
> > could log
> > >> that
> > >>> data for long-term storage. As networking products and their
> > uses
> > >>> continue to evolve, they will only compound the "legal
> mystery"
> > >> around
> > >>> how this technology could and should be used that Pell and
> > Soghoian
> > >>> described in their Berkeley Technology Law Journal piece.
> > Aruba's
> > >> mesh
> > >>> network is state-of-the-art, but something significantly
> > smarter and
> > >>> more sensitive will surely be on the market this time next
> > year. And
> > >> who
> > >>> knows how much better the software will get.
> > >>>
> > >>> An official spokesperson for Aruba wrote in an e-mail that
> the
> > >> company
> > >>> could not answer The Stranger's questions because they
> > pertained "to
> > >> a
> > >>> new product announcement" that would not happen until
> > Thanksgiving.
> > >>> "Aruba's technology," the spokesperson added, "is designed
> > for indoor
> > >>> (not outdoor) usage and is for consumer apps where they opt
> in."
> > >> This is
> > >>> in direct contradiction to Aruba's own user's manuals, as
> > well as the
> > >>> fact that the Seattle Police Department installed an outdoor
> > Aruba
> > >> mesh
> > >>> network earlier this year.
> > >>>
> > >>> One engineer familiar with Aruba products and similar
> > systems?who
> > >>> requested anonymity?confirmed that the mesh network and its
> > software
> > >> are
> > >>> powerful tools. "But like anything," the engineer said, it
> > "can be
> > >> used
> > >>> inappropriately... You can easily see how a user might abuse
> > this
> > >>> ability (network admin has a crush on user X, monitors user
> X's
> > >> location
> > >>> specifically)." As was widely reported earlier this year,
> such
> > >> alleged
> > >>> abuses within the NSA have included a man who spied on nine
> > women
> > >> over a
> > >>> five-year period, a woman who spied on prospective
> > boyfriends, a man
> > >> who
> > >>> spied on his girlfriend, a husband who spied on his wife,
> > and even a
> > >> man
> > >>> who spied on his ex-girlfriend "on his first day of access
> > to the
> > >> NSA's
> > >>> surveillance system," according to the Washington Post. The
> > practice
> > >> was
> > >>> so common within the NSA, it got its own classification:
> > "LOVEINT."
> > >>>
> > >>> Other Aruba clients?such as a university IT director, a
> > university
> > >> vice
> > >>> president, and systems administrators?around the country
> > confirmed it
> > >>> wouldn't be difficult to use the mesh network to track the
> > movement
> > >> of
> > >>> devices by their MAC addresses, and that building a
> historical
> > >> database
> > >>> of their movements would be relatively trivial from a
> > data-storage
> > >>> perspective.
> > >>>
> > >>> As Bruce Burton, an information technology manager at the
> > University
> > >> of
> > >>> Cincinnati (which uses an Aruba network), put it in an
> > e-mail: "This
> > >>> mesh network will have the capability to track devices (MAC
> > >> addresses)
> > >>> throughout the city."
> > >>>
> > >>> Not that the SPD would do that?but we don't know. "We
> > definitely feel
> > >>> like the public doesn't have a handle on what the
> > capabilities are,"
> > >>> says Debelak of the ACLU. "We're not even sure the police
> > department
> > >>> does." It all depends on what the SPD says when it releases
> its
> > >>> mesh-network protocols.
> > >>>
> > >>> "They're long overdue," says Lee Colleton, a systems
> > administrator at
> > >>> Google who is also a member of the Seattle Privacy
> Coalition, a
> > >>> grassroots group that formed in response to SPD's drone and
> > >>> surveillance-camera controversies. "If we don't deal with
> > this kind
> > >> of
> > >>> thing now, and establish norms and policies, we'll find
> > ourselves in
> > >> an
> > >>> unpleasant situation down the road that will be harder to
> > change."
> > >>>
> > >>> The city is already full of surveillance equipment. The
> Seattle
> > >>> Department of Transportation, for example, uses license-plate
> > >> scanners,
> > >>> sensors embedded in the pavement, and other mechanisms to
> > monitor
> > >>> individual vehicles and help estimate traffic volume and
> > wait time.
> > >> "But
> > >>> as soon as that data is extrapolated," says Adiam Emery of
> SDOT,
> > >> "it's
> > >>> gone." They couldn't turn it over to a judge if they tried.
> > >>>
> > >>> Not that license-plate scanners have always been so
> > reliable. Doug
> > >> Honig
> > >>> of the ACLU remembers a story he heard from a former staffer
> a
> > >> couple of
> > >>> years ago about automatic license-plate readers on police
> > cars in
> > >>> Spokane. Automatic license-plate readers "will read a
> chain-link
> > >> fence
> > >>> as XXXXX," Honig says, "which at the time also matched the
> > license
> > >> plate
> > >>> of a stolen car in Mississippi, resulting in a number of
> false
> > >> alerts to
> > >>> pull over the fence."
> > >>>
> > >>> Seattle's mesh network is only one instance in a trend of
> > Homeland
> > >>> Security funding domestic surveillance equipment. Earlier
> > this month,
> > >>> the New York Times ran a story about a $7 million Homeland
> > Security
> > >>> grant earmarked for "port security"?just like the SPD's
> > mesh-network
> > >>> funding?in Oakland.
> > >>>
> > >>> "But instead," the Times reports, "the money is going to a
> > police
> > >>> initiative that will collect and analyze reams of
> > surveillance data
> > >> from
> > >>> around town?from gunshot- detection sensors in the barrios
> > of East
> > >>> Oakland to license plate readers mounted on police cars
> > patrolling
> > >> the
> > >>> city's upscale hills."
> > >>>
> > >>> The Oakland "port security" project, which the Times reports
> was
> > >>> formerly known as the "Domain Awareness Center," will
> > "electronically
> > >>> gather data around the clock from a variety of sensors and
> > databases,
> > >>> analyze that data, and display some of the information on a
> > bank of
> > >>> giant monitors." The Times doesn't detail what kind of
> > "sensors and
> > >>> databases" the federally funded "port security" project will
> > pay for,
> > >>> but perhaps it's something like Seattle's mesh network with
> its
> > >> ability
> > >>> to ping, log, and visually map the movement of devices in
> > and out of
> > >> its
> > >>> coverage area.
> > >>>
> > >>> Which brings up some corollary issues, ones with
> > implications much
> > >>> larger than the SPD's ability to call up a given time on a
> > given day
> > >> and
> > >>> see whether you were at work, at home, at someone's else
> > home, at a
> > >> bar,
> > >>> or at a political demonstration: What does it mean when
> > money from a
> > >>> federal agency like the Department of Homeland Security is
> being
> > >>> funneled to local police departments like SPD to purchase
> > and use
> > >>> high-powered surveillance gear?
> > >>>
> > >>> For federal surveillance projects, the NSA and other federal
> > spying
> > >>> organizations have at least some oversight?as flawed as it
> may
> > >> be?from
> > >>> the Foreign Intelligence Surveillance Court (also known as
> > the FISA
> > >>> court) and the US Congress. But local law enforcement
> > doesn't have
> > >> that
> > >>> kind of oversight and, in Seattle at least, has been buying
> and
> > >>> installing DHS-funded surveillance equipment without
> > explaining what
> > >>> it's up to. The city council's surveillance ordinance
> > earlier this
> > >> year
> > >>> was an attempt to provide local oversight on that kind of
> > policing,
> > >> but
> > >>> it has proven toothless.
> > >>>
> > >>> It's reasonable to assume that locally gleaned information
> > will be
> > >>> shared with other organizations, including federal ones. An
> SPD
> > >> diagram
> > >>> of the mesh network, for example, shows its information
> > heading to
> > >>> institutions large and small, including the King County
> > Sheriff's
> > >>> Office, the US Coast Guard, and our local fusion center.
> > >>>
> > >>> Fusion centers, if you're unfamiliar with the term, are
> > >>> information-sharing hubs, defined by the Department of
> Homeland
> > >> Security
> > >>> as "focal points" for the "receipt, analysis, gathering, and
> > >> sharing" of
> > >>> surveillance information.
> > >>>
> > >>> If federally funded, locally built surveillance systems with
> > little
> > >> to
> > >>> no oversight can dump their information in a fusion
> > center?think of
> > >> it
> > >>> as a gun show for surveillance, where agencies freely swap
> > >> information
> > >>> with little restriction or oversight?that could allow federal
> > >> agencies
> > >>> such as the FBI and the NSA to do an end-run around any
> > limitations
> > >> set
> > >>> by Congress or the FISA court.
> > >>>
> > >>> If that's their strategy in Seattle, Oakland, and elsewhere,
> > it's an
> > >>> ingenious one?instead of maintaining a few high-powered,
> > herculean
> > >>> surveillance agencies designed to digest an immense amount
> > of traffic
> > >>> and political scrutiny, the federal government could
> sprinkle an
> > >> entire
> > >>> nation with lots of low-powered surveillance nodes and let
> them
> > >> figure
> > >>> out the best way to route the data by talking to each other.
> By
> > >>> diffusing the way the information flows, they can make it
> > flow more
> > >>> efficiently.
> > >>>
> > >>> It's an innovative solution?much like the Aruba mesh network
> > itself.
> > >>>
> > >>> The Department of Homeland Security has not responded to
> > requests for
> > >>> comment.
> > >>>
> > >>> --
> > >>> Dan Staples
> > >>>
> > >>> Open Technology Institute
> > >>> https://commotionwireless.net
> > >>> OpenPGP key: http://disman.tl/pgp.asc
> > >>> Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86
> 43A9
> > >>> _______________________________________________
> > >>> Commotion-discuss mailing list
> > >>> Commotion-discuss(a)lists.chambana.net
> > <mailto:Commotion-discuss@lists.chambana.net> <javascript:_e({},
> 'cvml',
> > >>> 'Commotion-discuss(a)lists.chambana.net
> > <mailto:Commotion-discuss@lists.chambana.net>');>
> > >>>
> https://lists.chambana.net/mailman/listinfo/commotion-discuss
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> Preston Rhea
> > >>> Field Analyst, Open Technology Institute
> > >>> New America Foundation
> > >>> +1-202-570-9770 <tel:%2B1-202-570-9770>
> > >>> Twitter: @prestonrhea
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> -steve
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>> mesh mailing list
> > >>> mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org>
> > >>> http://lists.sudoroom.org/listinfo/mesh
> > >>>
> > >>
> > >>
> > >> ------------------------------
> > >>
> > >> _______________________________________________
> > >> mesh mailing list
> > >> mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org>
> > >> http://lists.sudoroom.org/listinfo/mesh
> > >>
> > >>
> > >> End of mesh Digest, Vol 10, Issue 16
> > >> ************************************
> > >>
> > >
> > >
> > >
> > > _______________________________________________
> > > mesh mailing list
> > > mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org>
> > > http://lists.sudoroom.org/listinfo/mesh
> > >
> >
> > --
> > http://mitar.tnode.com/
> > https://twitter.com/mitar_m
> >
> >
> >
> >
> > _______________________________________________
> > mesh mailing list
> > mesh(a)lists.sudoroom.org
> > http://lists.sudoroom.org/listinfo/mesh
> >
>
>
> ------------------------------
>
> _______________________________________________
> mesh mailing list
> mesh(a)lists.sudoroom.org
> http://lists.sudoroom.org/listinfo/mesh
>
>
> End of mesh Digest, Vol 10, Issue 20
> ************************************
>
I looked into this awhile ago and it's very easy to change mac addresses.
Kali Linux Tutorials: How to Change or Spoof a MAC Address
https://www.youtube.com/watch?v=JyP8aGtPZpA
On Sun, Nov 10, 2013 at 3:03 PM, <mesh-request(a)lists.sudoroom.org> wrote:
> Send mesh mailing list submissions to
> mesh(a)lists.sudoroom.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.sudoroom.org/listinfo/mesh
> or, via email, send a message with subject or body 'help' to
> mesh-request(a)lists.sudoroom.org
>
> You can reach the person managing the list at
> mesh-owner(a)lists.sudoroom.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of mesh digest..."
>
>
> Today's Topics:
>
> 1. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for
> surveillance? (rhodey)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 10 Nov 2013 15:03:01 -0800
> From: rhodey <rhodey(a)anhonesteffort.org>
> To: mesh(a)lists.sudoroom.org
> Subject: Re: [Mesh] Fwd: [Commotion-discuss] Seattle Police mesh
> network for surveillance?
> Message-ID: <528010A5.8030704(a)anhonesteffort.org>
> Content-Type: text/plain; charset=UTF-8
>
> Police, govt, and other evil adversaries are free to setup their own
> hardware, their own mesh, the idea is not to prevent this but to prevent
> the use of good mesh networks for evil. I want to give more thought to
> this subject sometime in the near future but for now this is what I have...
>
> The major concern here (as I see it) is the persistence of MAC
> addresses. The average user does not know how to change their MAC
> address and in the case of most mobile devices it is not possible to
> change the MAC address. We can ensure that IP addresses are cycled
> frequent enough because we'll have control over a majority of the DHCP
> servers on the mesh so I'll be focusing on MAC addresses.
>
> In any local network a MAC address can be associated with network
> traffic, the obvious solution here is to use encryption. The problem
> with MAC addresses in a mesh network is that they could also be
> associated with a location.
>
> On any layer 2 network it is possible for any connected host to
> determine the route to any other host using a MAC address as an
> identifier. Because mesh nodes have a fixed (and likely known) physical
> location it can be assumed that the last hop in the route corresponds to
> the physical location of the specific host.
>
> It is important to realize that only mesh nodes (access points) have
> *potential* knowledge of signal strength and other 802.11 broadcast type
> frames-- sure Oakland PD can setup a device to listen to all 802.11
> traffic, but remember we're only focusing on how existing hardware can
> be abused. So, one host *cannot* triangulate the location of another
> host. *From the perspective of a host on the mesh, a host can only be
> connected to one mesh node or disconnected from the network.* In the
> context of physical location, the privacy of a host on the mesh is a
> function of the area covered by the mesh node it is connected to.
>
> To increase user privacy I would like to experiment with a MAC address
> spoofing service that could run on mesh nodes or volunteer hosts. The
> service would basically pretend to be just another host on the network
> identified by some MAC address. The service could intelligently spawn
> fake hosts depending on the number of other hosts connected to the
> shared mesh node. Mesh nodes with fewer connected hosts need more
> spoofed hosts to increase privacy, etc. But it is not that simple of
> course, because spoofed MAC addresses need to persist just as legitimate
> MAC addresses do, and move about in the physical world (connect to
> different mesh nodes) just as other legitimate users will. I've thought
> some of this through but it is a large undertaking that needs further
> planning.
>
> Another thing to keep in mind is that although MAC addresses could be
> used as a persistent identifier *they alone do not represent any
> identity.* It is not until an adversary obtains additional information
> that a MAC address could be used to identify an individual person. Not
> to say the surveillance of pseudo-anonymous individual and group
> movement is negligible, just pointing this out.
>
> In conclusion (for now) by keeping our software and build processes open
> we can convince reasonable users that it is not possible for us to track
> them with more than neighborhood level accuracy. If we go further and
> deploy something like the MAC spoofing service it could be possible to
> extend this guarantee further. I think it is also likely that this MAC
> spoofing service could be designed to prevent/degrade 802.11 style
> surveillance by hardware outside our control.
>
> --
> -- rhodey ?????
>
> On 11/10/2013 11:44 AM, Steve Berl wrote:
> > Couldn't a community mesh network be suspected of having the same sort
> > of tracking abilities?
> > How do we convince potential mesh network users that we aren't
> > collecting location data on them?
> >
> > Steve
> >
> >
> > On Friday, November 8, 2013, Jenny Ryan wrote:
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: *Preston Rhea* <prestonrhea(a)opentechinstitute.org
> > <javascript:_e({}, 'cvml', 'prestonrhea(a)opentechinstitute.org');>>
> > Date: Thu, Nov 7, 2013 at 6:49 AM
> > Subject: Fwd: [Commotion-discuss] Seattle Police mesh network for
> > surveillance?
> > To: Jenny Ryan <jenny(a)thepyre.org <javascript:_e({}, 'cvml',
> > 'jenny(a)thepyre.org');>>, Shaun Houlihan <shaunhoulihan(a)gmail.com
> > <javascript:_e({}, 'cvml', 'shaunhoulihan(a)gmail.com');>>
> >
> >
> > Thought this would interest y'all, I don't know if you are already on
> > the Commotion listserv Jenny.
> >
> >
> > ---------- Forwarded message ----------
> > From: Dan Staples <danstaples(a)opentechinstitute.org
> > <javascript:_e({}, 'cvml', 'danstaples(a)opentechinstitute.org');>>
> > Date: Wed, Nov 6, 2013 at 9:32 PM
> > Subject: [Commotion-discuss] Seattle Police mesh network for
> > surveillance?
> > To: commotion-discuss <commotion-discuss(a)lists.chambana.net
> > <javascript:_e({}, 'cvml', 'commotion-discuss(a)lists.chambana.net
> ');>>
> >
> >
> >
> http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143…
> >
> > You Are a Rogue Device
> > A New Apparatus Capable of Spying on You Has Been Installed
> Throughout
> > Downtown Seattle. Very Few Citizens Know What It Is, and Officials
> Don?t
> > Want to Talk About It.
> >
> > by Matt Fikse-Verkerk and Brendan Kiley
> >
> > If you're walking around downtown Seattle, look up: You'll see
> off-white
> > boxes, each one about a foot tall with vertical antennae, attached to
> > utility poles. If you're walking around downtown while looking at a
> > smartphone, you will probably see at least one?and more likely two or
> > three?Wi-Fi networks named after intersections: "4th&Seneca,"
> > "4th&Union," "4th&University," and so on. That is how you can see the
> > Seattle Police Department's new wireless mesh network, bought from a
> > California-based company called Aruba Networks, whose clients include
> > the Department of Defense, school districts in Canada, oil-mining
> > interests in China, and telecommunications companies in Saudi Arabia.
> >
> > The question is: How well can this mesh network see you?
> >
> > How accurately can it geo-locate and track the movements of your
> phone,
> > laptop, or any other wireless device by its MAC address (its "media
> > access control address"?nothing to do with Macintosh?which is
> analogous
> > to a device's thumbprint)? Can the network send that information to a
> > database, allowing the SPD to reconstruct who was where at any given
> > time, on any given day, without a warrant? Can the network see you
> now?
> >
> > The SPD declined to answer more than a dozen questions from The
> > Stranger, including whether the network is operational, who has
> access
> > to its data, what it might be used for, and whether the SPD has used
> it
> > (or intends to use it) to geo-locate people's devices via their MAC
> > addresses or other identifiers.
> >
> > Seattle Police detective Monty Moss, one of the leaders of the
> > mesh-network project?one part of a $2.7 million effort, paid for by
> the
> > Department of Homeland Security?wrote in an e-mail that the
> department
> > "is not comfortable answering policy questions when we do not yet
> have a
> > policy." But, Detective Moss added, the SPD "is actively
> collaborating
> > with the mayor's office, city council, law department, and the ACLU
> on a
> > use policy." The ACLU, at least, begs to differ: "Actively
> > collaborating" is not how they would put it. Jamela Debelak,
> technology
> > and liberty director of the Seattle office, says the ACLU submitted
> > policy-use suggestions months ago and has been waiting for a
> response.
> >
> > Detective Moss also added that the mesh network would not be used for
> > "surveillance purposes... without City Council's approval and the
> > appropriate court authorization." Note that he didn't say the mesh
> > network couldn't be used for the surveillance functions we asked
> about,
> > only that it wouldn't?at least until certain people in power say it
> can.
> > That's the equivalent of a "trust us" and a handshake.
> >
> > His answer is inadequate for other reasons as well. First, the city
> > council passed an ordinance earlier this year stating that any
> potential
> > surveillance equipment must submit protocols to the city council for
> > public review and approval within 30 days of its acquisition and
> > implementation. This mesh network has been around longer than that,
> as
> > confirmed by Cascade Networks, Inc., which helped install it. Still,
> the
> > SPD says it doesn't have a policy for its use yet. Mayor McGinn's
> office
> > says it expects to see draft protocols sometime in December?nearly
> nine
> > months late, according to the new ordinance.
> >
> > Second, and more importantly, this mesh network is part of a whole
> new
> > arsenal of surveillance technologies that are moving faster than the
> > laws that govern them are being written. As Stephanie K. Pell (former
> > counsel to the House Judiciary Committee) and Christopher Soghoian
> > (senior policy analyst at the ACLU) wrote in a 2012 essay for the
> > Berkeley Technology Law Journal:
> >
> > The use of location information by law enforcement agencies is
> > common and becoming more so as technological improvements enable
> > collection of more accurate and precise location data. The legal
> mystery
> > surrounding the proper law enforcement access standard for
> prospective
> > location data remains unsolved. This mystery, along with conflicting
> > rulings over the appropriate law enforcement access standards for
> both
> > prospective and historical location data, has created a messy,
> > inconsistent legal landscape where even judges in the same district
> may
> > require law enforcement to meet different standards to compel
> location
> > data.
> >
> > In other words, law enforcement has new tools?powerful tools. We
> didn't
> > ask for them, but they're here. And nobody knows the rules for how
> they
> > should be used.
> >
> > This isn't the first time the SPD has purchased surveillance
> equipment
> > (or, as they might put it, public-safety equipment that happens to
> have
> > powerful surveillance capabilities) without telling the rest of the
> > city. There was the drones controversy this past winter, when the
> public
> > and elected officials discovered that the SPD had bought two unmanned
> > aerial vehicles with the capacity to spy on citizens. There was an
> > uproar, and a few SPD officers embarked on a mea culpa tour of
> community
> > meetings where they answered questions and endured (sometimes
> raucous)
> > criticism. In February, Mayor Mike McGinn announced he was grounding
> the
> > drones, but a new mayor could change his mind. Those SPD drones are
> > sitting somewhere right now on SPD property.
> >
> > Meanwhile, the SPD was also dealing with the port-camera surveillance
> > scandal. That kicked off in late January, when people in West Seattle
> > began wondering aloud about the 30 cameras that had appeared
> unannounced
> > on utility poles along the waterfront. The West Seattle neighborhood
> > blog (westseattleblog.com <http://westseattleblog.com>) sent
> > questions to city utility companies, and
> > the utilities in turn pointed at SPD, which eventually admitted that
> it
> > had purchased and installed 30 surveillance cameras with federal
> money
> > for "port security." That resulted in an additional uproar and
> another
> > mea culpa tour, much like they did with the drones, during which
> > officers repeated that they should have done a better job of
> educating
> > the public about what they were up to with the cameras on Alki.
> > (Strangely, the Port of Seattle and the US Coast Guard didn't seem
> very
> > involved in this "port security" project?their names only appear in a
> > few cursory places in the budgets and contracts. The SPD is clearly
> the
> > driving agency behind the project. For example, their early tests of
> > sample Aruba products?beginning with a temporary Aruba mesh network
> set
> > up in Pioneer Square for Mardi Gras in 2009?didn't have anything to
> do
> > with the port whatsoever.)
> >
> > The cameras attracted the controversy, but they were only part of the
> > project. In fact, the 30 pole-mounted cameras on Alki that caused the
> > uproar cost $82,682?just 3 percent of the project's $2.7 million
> > Homeland Security?funded budget. The project's full title was "port
> > security video surveillance system with wireless mesh network."
> People
> > raised a fuss about the cameras. But what about the mesh network?
> >
> > Detective Moss and Assistant Chief Paul McDonagh mentioned the
> downtown
> > mesh network during those surveillance-camera community meetings,
> saying
> > it would help cops and firefighters talk to each other by providing a
> > wireless network for their exclusive use, with the potential for
> others
> > to use overlaid networks handled by the same equipment. (Two-way
> radios
> > already allow police officers to talk to each other, but officers
> still
> > use wireless networks to access data, such as the information an
> officer
> > looks for by running your license plate number when you've been
> pulled
> > over.)
> >
> > As Brian Magnuson of Cascade Networks, Inc., which helped install the
> > Aruba system, explained the possible use of such a system: "A normal
> > cell-phone network is a beautiful thing right up until the time you
> > really need it?say you've just had an earthquake or a large storm,
> and
> > then what happens? Everybody picks up their phone and overloads the
> > system." The network is most vulnerable precisely when it's most
> needed.
> > A mesh network could be a powerful tool for streaming video from
> > surveillance cameras or squad car dash-cams across the network,
> allowing
> > officers "real-time situational awareness" even when other
> communication
> > systems have been overloaded, as Detective Moss explained in those
> > community meetings.
> >
> > But the Aruba mesh network is not just for talking, it's also for
> > tracking.
> >
> > After reviewing Aruba's technical literature, as well as talking to
> IT
> > directors and systems administrators around the country who work with
> > Aruba products, it's clear that their networks are adept at seeing
> all
> > the devices that move through their coverage area and visually
> mapping
> > the locations of those devices in real time for the system
> > administrators' convenience. In fact, one of Aruba's major selling
> > points is its ability to locate "rogue" or "unassociated"
> devices?that
> > is, any device that hasn't been authorized by (and maybe hasn't even
> > asked to be part of) the network.
> >
> > Which is to say, your device. The cell phone in your pocket, for
> > instance.
> >
> > The user's guide for one of Aruba's recent software products states:
> > "The wireless network has a wealth of information about unassociated
> and
> > associated devices." That software includes "a location engine that
> > calculates associated and unassociated device location every 30
> seconds
> > by default... The last 1,000 historical locations are stored for each
> > MAC address."
> >
> > For now, Seattle's mesh network is concentrated in the downtown area.
> > But the SPD has indicated in PowerPoint presentations?also acquired
> by
> > The Stranger?that it hopes to eventually have "citywide deployment"
> of
> > the system that, again, has potential surveillance capabilities that
> the
> > SPD declined to answer questions about. That could give a whole new
> > meaning to the phrase "real-time situational awareness."
> >
> > So how does Aruba's mesh network actually function?
> >
> > Each of those off-white boxes you see downtown is a wireless access
> > point (AP) with four radios inside it that work to shove giant
> amounts
> > of data to, through, and around the network, easily handling
> > bandwidth-hog uses such as sending live, high-resolution video to or
> > from moving vehicles. Because this grid of APs forms a latticelike
> mesh,
> > it works like the internet itself, routing traffic around bottlenecks
> > and "self-healing" by sending traffic around components that fail.
> >
> > As Brian Magnuson at Cascade Networks explains: "When you have 10
> people
> > talking to an AP, no problem. If you have 50, that's a problem."
> Aruba's
> > mesh solution is innovative?instead of building a few high-powered,
> > herculean APs designed to withstand an immense amount of traffic,
> Aruba
> > sprinkles a broad area with lots of lower-powered APs and lets them
> > figure out the best way to route all the data by talking to each
> other.
> >
> > Aruba's technology is considered cutting-edge because its systems are
> > easy to roll out, administer, and integrate with other systems, and
> its
> > operating system visualizes what's happening on the network in a
> simple,
> > user-friendly digital map. The company is one of many firms in the
> > networking business, but, according to the tech-ranking firm Gartner,
> > Aruba ranks second (just behind Cisco) in "completeness of vision"
> and
> > third in "ability to execute" for its clever ways of getting around
> > technical hurdles.
> >
> > Take Candlestick Park, the San Francisco 49ers football stadium,
> which,
> > Magnuson says, is just finishing up an Aruba mesh network
> installation.
> > The stadium has high-intensity cellular service needs?70,000 people
> can
> > converge there for a single event in one of the most high-tech
> cities in
> > America, full of high-powered, newfangled devices. "Aruba's solution
> was
> > ingenious," Magnuson says. It put 640 low-power APs under the
> stadium's
> > seats to diffuse the data load. "If you're at the stadium and trying
> to
> > talk to an AP," Magnuson says, "you're probably sitting on it!"
> >
> > Another one of Aruba's selling points is its ability to detect rogue
> > devices?strangers to the system. Its promotional "case studies"
> trumpet
> > this capability, including one report about Cabela's hunting and
> > sporting goods chain, which is an Aruba client: "Because Cabela's
> stores
> > are in central shopping areas, the company captures huge quantities
> of
> > rogue data?as many as 20,000 events per day, mostly from neighboring
> > businesses." Aruba's network is identifying and distinguishing which
> > devices are allowed on the Cabela's network and which are within the
> > coverage area but are just passing through. The case study also
> > describes how Cabela's Aruba network was able to locate a lost
> > price-scanner gun in a large warehouse by mapping its location, as
> well
> > as track employees by the devices they were carrying.
> >
> > It's one thing for a privately owned company to register devices it
> > already owns with a network. It's another for a local police
> department
> > to scale up that technology to blanket an entire downtown?or an
> > entire city.
> >
> > Aruba also sells a software product called "Analytics and Location
> > Engine 1.0." According to a document Aruba has created about the
> > product, ALE "calculates the location of associated and unassociated
> > wifi devices... even though a device has not associated to the
> network,
> > information about it is available. This includes the MAC address,
> > location, and RSSI information." ALE's default setting is anonymous,
> > which "allows for unique user tracking without knowing who the
> > individual user is." But, Aruba adds in the next sentence,
> "optionally
> > the anonymization can be disabled for richer analytics and user
> behavior
> > tracking." The network has the ability to see who you are?how deeply
> it
> > looks is up to whoever's using it. (The Aruba technology, as far as
> we
> > know, does not automatically associate a given MAC address with the
> name
> > on the device's account. But figuring out who owns the account?by
> asking
> > a cell-phone company, for example?would not be difficult for a
> > law-enforcement agency.)
> >
> > Geo-location seems to be an area of intense interest for Aruba. Last
> > week, the Oregonian announced that Aruba had purchased a Portland
> > mapping startup called Meridian, which, according to the article, has
> > developed software that "pinpoints a smartphone's location inside a
> > venue, relying either on GPS technology or with localized wireless
> > networks." The technology, the article says, "helps people find their
> > way within large buildings, such as malls, stadiums, or airports and
> > enables marketing directed at a phone's precise location."
> >
> > How does that geo-location work? Devices in the network's coverage
> area
> > are "heard" by more than one radio in those APs (the off-white
> boxes).
> > Once the network hears a device from multiple APs, it can compare the
> > strength and timing of the signal to locate where the device is.
> This is
> > classic triangulation, and users of Aruba's AirWave software?as in
> the
> > Cabela's example?report that their systems are able to locate
> devices to
> > within a few feet.
> >
> > In the case of large, outdoor installations where APs are more spread
> > out, the ability to know what devices are passing through is
> > useful?especially, perhaps, to policing agencies, which could log
> that
> > data for long-term storage. As networking products and their uses
> > continue to evolve, they will only compound the "legal mystery"
> around
> > how this technology could and should be used that Pell and Soghoian
> > described in their Berkeley Technology Law Journal piece. Aruba's
> mesh
> > network is state-of-the-art, but something significantly smarter and
> > more sensitive will surely be on the market this time next year. And
> who
> > knows how much better the software will get.
> >
> > An official spokesperson for Aruba wrote in an e-mail that the
> company
> > could not answer The Stranger's questions because they pertained "to
> a
> > new product announcement" that would not happen until Thanksgiving.
> > "Aruba's technology," the spokesperson added, "is designed for indoor
> > (not outdoor) usage and is for consumer apps where they opt in."
> This is
> > in direct contradiction to Aruba's own user's manuals, as well as the
> > fact that the Seattle Police Department installed an outdoor Aruba
> mesh
> > network earlier this year.
> >
> > One engineer familiar with Aruba products and similar systems?who
> > requested anonymity?confirmed that the mesh network and its software
> are
> > powerful tools. "But like anything," the engineer said, it "can be
> used
> > inappropriately... You can easily see how a user might abuse this
> > ability (network admin has a crush on user X, monitors user X's
> location
> > specifically)." As was widely reported earlier this year, such
> alleged
> > abuses within the NSA have included a man who spied on nine women
> over a
> > five-year period, a woman who spied on prospective boyfriends, a man
> who
> > spied on his girlfriend, a husband who spied on his wife, and even a
> man
> > who spied on his ex-girlfriend "on his first day of access to the
> NSA's
> > surveillance system," according to the Washington Post. The practice
> was
> > so common within the NSA, it got its own classification: "LOVEINT."
> >
> > Other Aruba clients?such as a university IT director, a university
> vice
> > president, and systems administrators?around the country confirmed it
> > wouldn't be difficult to use the mesh network to track the movement
> of
> > devices by their MAC addresses, and that building a historical
> database
> > of their movements would be relatively trivial from a data-storage
> > perspective.
> >
> > As Bruce Burton, an information technology manager at the University
> of
> > Cincinnati (which uses an Aruba network), put it in an e-mail: "This
> > mesh network will have the capability to track devices (MAC
> addresses)
> > throughout the city."
> >
> > Not that the SPD would do that?but we don't know. "We definitely feel
> > like the public doesn't have a handle on what the capabilities are,"
> > says Debelak of the ACLU. "We're not even sure the police department
> > does." It all depends on what the SPD says when it releases its
> > mesh-network protocols.
> >
> > "They're long overdue," says Lee Colleton, a systems administrator at
> > Google who is also a member of the Seattle Privacy Coalition, a
> > grassroots group that formed in response to SPD's drone and
> > surveillance-camera controversies. "If we don't deal with this kind
> of
> > thing now, and establish norms and policies, we'll find ourselves in
> an
> > unpleasant situation down the road that will be harder to change."
> >
> > The city is already full of surveillance equipment. The Seattle
> > Department of Transportation, for example, uses license-plate
> scanners,
> > sensors embedded in the pavement, and other mechanisms to monitor
> > individual vehicles and help estimate traffic volume and wait time.
> "But
> > as soon as that data is extrapolated," says Adiam Emery of SDOT,
> "it's
> > gone." They couldn't turn it over to a judge if they tried.
> >
> > Not that license-plate scanners have always been so reliable. Doug
> Honig
> > of the ACLU remembers a story he heard from a former staffer a
> couple of
> > years ago about automatic license-plate readers on police cars in
> > Spokane. Automatic license-plate readers "will read a chain-link
> fence
> > as XXXXX," Honig says, "which at the time also matched the license
> plate
> > of a stolen car in Mississippi, resulting in a number of false
> alerts to
> > pull over the fence."
> >
> > Seattle's mesh network is only one instance in a trend of Homeland
> > Security funding domestic surveillance equipment. Earlier this month,
> > the New York Times ran a story about a $7 million Homeland Security
> > grant earmarked for "port security"?just like the SPD's mesh-network
> > funding?in Oakland.
> >
> > "But instead," the Times reports, "the money is going to a police
> > initiative that will collect and analyze reams of surveillance data
> from
> > around town?from gunshot- detection sensors in the barrios of East
> > Oakland to license plate readers mounted on police cars patrolling
> the
> > city's upscale hills."
> >
> > The Oakland "port security" project, which the Times reports was
> > formerly known as the "Domain Awareness Center," will "electronically
> > gather data around the clock from a variety of sensors and databases,
> > analyze that data, and display some of the information on a bank of
> > giant monitors." The Times doesn't detail what kind of "sensors and
> > databases" the federally funded "port security" project will pay for,
> > but perhaps it's something like Seattle's mesh network with its
> ability
> > to ping, log, and visually map the movement of devices in and out of
> its
> > coverage area.
> >
> > Which brings up some corollary issues, ones with implications much
> > larger than the SPD's ability to call up a given time on a given day
> and
> > see whether you were at work, at home, at someone's else home, at a
> bar,
> > or at a political demonstration: What does it mean when money from a
> > federal agency like the Department of Homeland Security is being
> > funneled to local police departments like SPD to purchase and use
> > high-powered surveillance gear?
> >
> > For federal surveillance projects, the NSA and other federal spying
> > organizations have at least some oversight?as flawed as it may
> be?from
> > the Foreign Intelligence Surveillance Court (also known as the FISA
> > court) and the US Congress. But local law enforcement doesn't have
> that
> > kind of oversight and, in Seattle at least, has been buying and
> > installing DHS-funded surveillance equipment without explaining what
> > it's up to. The city council's surveillance ordinance earlier this
> year
> > was an attempt to provide local oversight on that kind of policing,
> but
> > it has proven toothless.
> >
> > It's reasonable to assume that locally gleaned information will be
> > shared with other organizations, including federal ones. An SPD
> diagram
> > of the mesh network, for example, shows its information heading to
> > institutions large and small, including the King County Sheriff's
> > Office, the US Coast Guard, and our local fusion center.
> >
> > Fusion centers, if you're unfamiliar with the term, are
> > information-sharing hubs, defined by the Department of Homeland
> Security
> > as "focal points" for the "receipt, analysis, gathering, and
> sharing" of
> > surveillance information.
> >
> > If federally funded, locally built surveillance systems with little
> to
> > no oversight can dump their information in a fusion center?think of
> it
> > as a gun show for surveillance, where agencies freely swap
> information
> > with little restriction or oversight?that could allow federal
> agencies
> > such as the FBI and the NSA to do an end-run around any limitations
> set
> > by Congress or the FISA court.
> >
> > If that's their strategy in Seattle, Oakland, and elsewhere, it's an
> > ingenious one?instead of maintaining a few high-powered, herculean
> > surveillance agencies designed to digest an immense amount of traffic
> > and political scrutiny, the federal government could sprinkle an
> entire
> > nation with lots of low-powered surveillance nodes and let them
> figure
> > out the best way to route the data by talking to each other. By
> > diffusing the way the information flows, they can make it flow more
> > efficiently.
> >
> > It's an innovative solution?much like the Aruba mesh network itself.
> >
> > The Department of Homeland Security has not responded to requests for
> > comment.
> >
> > --
> > Dan Staples
> >
> > Open Technology Institute
> > https://commotionwireless.net
> > OpenPGP key: http://disman.tl/pgp.asc
> > Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9
> > _______________________________________________
> > Commotion-discuss mailing list
> > Commotion-discuss(a)lists.chambana.net <javascript:_e({}, 'cvml',
> > 'Commotion-discuss(a)lists.chambana.net');>
> > https://lists.chambana.net/mailman/listinfo/commotion-discuss
> >
> >
> >
> > --
> > Preston Rhea
> > Field Analyst, Open Technology Institute
> > New America Foundation
> > +1-202-570-9770 <tel:%2B1-202-570-9770>
> > Twitter: @prestonrhea
> >
> >
> >
> > --
> > -steve
> >
> >
> > _______________________________________________
> > mesh mailing list
> > mesh(a)lists.sudoroom.org
> > http://lists.sudoroom.org/listinfo/mesh
> >
>
>
> ------------------------------
>
> _______________________________________________
> mesh mailing list
> mesh(a)lists.sudoroom.org
> http://lists.sudoroom.org/listinfo/mesh
>
>
> End of mesh Digest, Vol 10, Issue 16
> ************************************
>