Well, one question that's been on my mind is does it have to be a MAC address? I think ideally we would have something comparable to a fingerprint or randomly generated addresses that are assigned by the network. Also, in looking at SSL vs pre-shared keys, apparently its slower and more demanding of our resources to use SSL... but at the same time, I'm not sure how to securely distribute and verify pre-shared keys throughout a network. Also, it seems to me that speed and preventing any latency on the network is more important than the key itself, because anybody can join the network, and there's the possibility of generating keys every couple of hours.

I guess what I'm saying is that the internet depends on IPs, Meshes have been dependent on MACs, but I don't see why we have to depend on either.


On Sun, Nov 10, 2013 at 3:54 PM, Mitar <mitar@tnode.com> wrote:
Hi!

So we might create an app for people to install to change MAC addresses
randomly. :-) So a privacy preserving app for mesh networks.

It would make sure that your WiFi does not broadcast a list of known
networks as well.


Mitar

> I looked into this awhile ago and it's very easy to change mac addresses.
> Kali Linux Tutorials: How to Change or Spoof a MAC Address
> https://www.youtube.com/watch?v=JyP8aGtPZpA
>
>
> On Sun, Nov 10, 2013 at 3:03 PM, <mesh-request@lists.sudoroom.org> wrote:
>
>> Send mesh mailing list submissions to
>>         mesh@lists.sudoroom.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         http://lists.sudoroom.org/listinfo/mesh
>> or, via email, send a message with subject or body 'help' to
>>         mesh-request@lists.sudoroom.org
>>
>> You can reach the person managing the list at
>>         mesh-owner@lists.sudoroom.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of mesh digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for
>>       surveillance? (rhodey)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Sun, 10 Nov 2013 15:03:01 -0800
>> From: rhodey <rhodey@anhonesteffort.org>
>> To: mesh@lists.sudoroom.org
>> Subject: Re: [Mesh] Fwd: [Commotion-discuss] Seattle Police mesh
>>         network for surveillance?
>> Message-ID: <528010A5.8030704@anhonesteffort.org>
>> Content-Type: text/plain; charset=UTF-8
>>
>> Police, govt, and other evil adversaries are free to setup their own
>> hardware, their own mesh, the idea is not to prevent this but to prevent
>> the use of good mesh networks for evil. I want to give more thought to
>> this subject sometime in the near future but for now this is what I have...
>>
>> The major concern here (as I see it) is the persistence of MAC
>> addresses. The average user does not know how to change their MAC
>> address and in the case of most mobile devices it is not possible to
>> change the MAC address. We can ensure that IP addresses are cycled
>> frequent enough because we'll have control over a majority of the DHCP
>> servers on the mesh so I'll be focusing on MAC addresses.
>>
>> In any local network a MAC address can be associated with network
>> traffic, the obvious solution here is to use encryption. The problem
>> with MAC addresses in a mesh network is that they could also be
>> associated with a location.
>>
>> On any layer 2 network it is possible for any connected host to
>> determine the route to any other host using a MAC address as an
>> identifier. Because mesh nodes have a fixed (and likely known) physical
>> location it can be assumed that the last hop in the route corresponds to
>> the physical location of the specific host.
>>
>> It is important to realize that only mesh nodes (access points) have
>> *potential* knowledge of signal strength and other 802.11 broadcast type
>> frames-- sure Oakland PD can setup a device to listen to all 802.11
>> traffic, but remember we're only focusing on how existing hardware can
>> be abused. So, one host *cannot* triangulate the location of another
>> host. *From the perspective of a host on the mesh, a host can only be
>> connected to one mesh node or disconnected from the network.* In the
>> context of physical location, the privacy of a host on the mesh is a
>> function of the area covered by the mesh node it is connected to.
>>
>> To increase user privacy I would like to experiment with a MAC address
>> spoofing service that could run on mesh nodes or volunteer hosts. The
>> service would basically pretend to be just another host on the network
>> identified by some MAC address. The service could intelligently spawn
>> fake hosts depending on the number of other hosts connected to the
>> shared mesh node. Mesh nodes with fewer connected hosts need more
>> spoofed hosts to increase privacy, etc. But it is not that simple of
>> course, because spoofed MAC addresses need to persist just as legitimate
>> MAC addresses do, and move about in the physical world (connect to
>> different mesh nodes) just as other legitimate users will. I've thought
>> some of this through but it is a large undertaking that needs further
>> planning.
>>
>> Another thing to keep in mind is that although MAC addresses could be
>> used as a persistent identifier *they alone do not represent any
>> identity.* It is not until an adversary obtains additional information
>> that a MAC address could be used to identify an individual person. Not
>> to say the surveillance of pseudo-anonymous individual and group
>> movement is negligible, just pointing this out.
>>
>> In conclusion (for now) by keeping our software and build processes open
>> we can convince reasonable users that it is not possible for us to track
>> them with more than neighborhood level accuracy. If we go further and
>> deploy something like the MAC spoofing service it could be possible to
>> extend this guarantee further. I think it is also likely that this MAC
>> spoofing service could be designed to prevent/degrade 802.11 style
>> surveillance by hardware outside our control.
>>
>> --
>> -- rhodey ?????
>>
>> On 11/10/2013 11:44 AM, Steve Berl wrote:
>>> Couldn't a community mesh network be suspected of having the same sort
>>> of tracking abilities?
>>> How do we convince potential mesh network users that we aren't
>>> collecting location data on them?
>>>
>>> Steve
>>>
>>>
>>> On Friday, November 8, 2013, Jenny Ryan wrote:
>>>
>>>
>>>
>>>     ---------- Forwarded message ----------
>>>     From: *Preston Rhea* <prestonrhea@opentechinstitute.org
>>>     <javascript:_e({}, 'cvml', 'prestonrhea@opentechinstitute.org');>>
>>>     Date: Thu, Nov 7, 2013 at 6:49 AM
>>>     Subject: Fwd: [Commotion-discuss] Seattle Police mesh network for
>>>     surveillance?
>>>     To: Jenny Ryan <jenny@thepyre.org <javascript:_e({}, 'cvml',
>>>     'jenny@thepyre.org');>>, Shaun Houlihan <shaunhoulihan@gmail.com
>>>     <javascript:_e({}, 'cvml', 'shaunhoulihan@gmail.com');>>
>>>
>>>
>>>     Thought this would interest y'all, I don't know if you are already on
>>>     the Commotion listserv Jenny.
>>>
>>>
>>>     ---------- Forwarded message ----------
>>>     From: Dan Staples <danstaples@opentechinstitute.org
>>>     <javascript:_e({}, 'cvml', 'danstaples@opentechinstitute.org');>>
>>>     Date: Wed, Nov 6, 2013 at 9:32 PM
>>>     Subject: [Commotion-discuss] Seattle Police mesh network for
>>>     surveillance?
>>>     To: commotion-discuss <commotion-discuss@lists.chambana.net
>>>     <javascript:_e({}, 'cvml', 'commotion-discuss@lists.chambana.net
>> ');>>
>>>
>>>
>>>
>> http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143845
>>>
>>>     You Are a Rogue Device
>>>     A New Apparatus Capable of Spying on You Has Been Installed
>> Throughout
>>>     Downtown Seattle. Very Few Citizens Know What It Is, and Officials
>> Don?t
>>>     Want to Talk About It.
>>>
>>>     by Matt Fikse-Verkerk and Brendan Kiley
>>>
>>>     If you're walking around downtown Seattle, look up: You'll see
>> off-white
>>>     boxes, each one about a foot tall with vertical antennae, attached to
>>>     utility poles. If you're walking around downtown while looking at a
>>>     smartphone, you will probably see at least one?and more likely two or
>>>     three?Wi-Fi networks named after intersections: "4th&Seneca,"
>>>     "4th&Union," "4th&University," and so on. That is how you can see the
>>>     Seattle Police Department's new wireless mesh network, bought from a
>>>     California-based company called Aruba Networks, whose clients include
>>>     the Department of Defense, school districts in Canada, oil-mining
>>>     interests in China, and telecommunications companies in Saudi Arabia.
>>>
>>>     The question is: How well can this mesh network see you?
>>>
>>>     How accurately can it geo-locate and track the movements of your
>> phone,
>>>     laptop, or any other wireless device by its MAC address (its "media
>>>     access control address"?nothing to do with Macintosh?which is
>> analogous
>>>     to a device's thumbprint)? Can the network send that information to a
>>>     database, allowing the SPD to reconstruct who was where at any given
>>>     time, on any given day, without a warrant? Can the network see you
>> now?
>>>
>>>     The SPD declined to answer more than a dozen questions from The
>>>     Stranger, including whether the network is operational, who has
>> access
>>>     to its data, what it might be used for, and whether the SPD has used
>> it
>>>     (or intends to use it) to geo-locate people's devices via their MAC
>>>     addresses or other identifiers.
>>>
>>>     Seattle Police detective Monty Moss, one of the leaders of the
>>>     mesh-network project?one part of a $2.7 million effort, paid for by
>> the
>>>     Department of Homeland Security?wrote in an e-mail that the
>> department
>>>     "is not comfortable answering policy questions when we do not yet
>> have a
>>>     policy." But, Detective Moss added, the SPD "is actively
>> collaborating
>>>     with the mayor's office, city council, law department, and the ACLU
>> on a
>>>     use policy." The ACLU, at least, begs to differ: "Actively
>>>     collaborating" is not how they would put it. Jamela Debelak,
>> technology
>>>     and liberty director of the Seattle office, says the ACLU submitted
>>>     policy-use suggestions months ago and has been waiting for a
>> response.
>>>
>>>     Detective Moss also added that the mesh network would not be used for
>>>     "surveillance purposes... without City Council's approval and the
>>>     appropriate court authorization." Note that he didn't say the mesh
>>>     network couldn't be used for the surveillance functions we asked
>> about,
>>>     only that it wouldn't?at least until certain people in power say it
>> can.
>>>     That's the equivalent of a "trust us" and a handshake.
>>>
>>>     His answer is inadequate for other reasons as well. First, the city
>>>     council passed an ordinance earlier this year stating that any
>> potential
>>>     surveillance equipment must submit protocols to the city council for
>>>     public review and approval within 30 days of its acquisition and
>>>     implementation. This mesh network has been around longer than that,
>> as
>>>     confirmed by Cascade Networks, Inc., which helped install it. Still,
>> the
>>>     SPD says it doesn't have a policy for its use yet. Mayor McGinn's
>> office
>>>     says it expects to see draft protocols sometime in December?nearly
>> nine
>>>     months late, according to the new ordinance.
>>>
>>>     Second, and more importantly, this mesh network is part of a whole
>> new
>>>     arsenal of surveillance technologies that are moving faster than the
>>>     laws that govern them are being written. As Stephanie K. Pell (former
>>>     counsel to the House Judiciary Committee) and Christopher Soghoian
>>>     (senior policy analyst at the ACLU) wrote in a 2012 essay for the
>>>     Berkeley Technology Law Journal:
>>>
>>>         The use of location information by law enforcement agencies is
>>>     common and becoming more so as technological improvements enable
>>>     collection of more accurate and precise location data. The legal
>> mystery
>>>     surrounding the proper law enforcement access standard for
>> prospective
>>>     location data remains unsolved. This mystery, along with conflicting
>>>     rulings over the appropriate law enforcement access standards for
>> both
>>>     prospective and historical location data, has created a messy,
>>>     inconsistent legal landscape where even judges in the same district
>> may
>>>     require law enforcement to meet different standards to compel
>> location
>>>     data.
>>>
>>>     In other words, law enforcement has new tools?powerful tools. We
>> didn't
>>>     ask for them, but they're here. And nobody knows the rules for how
>> they
>>>     should be used.
>>>
>>>     This isn't the first time the SPD has purchased surveillance
>> equipment
>>>     (or, as they might put it, public-safety equipment that happens to
>> have
>>>     powerful surveillance capabilities) without telling the rest of the
>>>     city. There was the drones controversy this past winter, when the
>> public
>>>     and elected officials discovered that the SPD had bought two unmanned
>>>     aerial vehicles with the capacity to spy on citizens. There was an
>>>     uproar, and a few SPD officers embarked on a mea culpa tour of
>> community
>>>     meetings where they answered questions and endured (sometimes
>> raucous)
>>>     criticism. In February, Mayor Mike McGinn announced he was grounding
>> the
>>>     drones, but a new mayor could change his mind. Those SPD drones are
>>>     sitting somewhere right now on SPD property.
>>>
>>>     Meanwhile, the SPD was also dealing with the port-camera surveillance
>>>     scandal. That kicked off in late January, when people in West Seattle
>>>     began wondering aloud about the 30 cameras that had appeared
>> unannounced
>>>     on utility poles along the waterfront. The West Seattle neighborhood
>>>     blog (westseattleblog.com <http://westseattleblog.com>) sent
>>>     questions to city utility companies, and
>>>     the utilities in turn pointed at SPD, which eventually admitted that
>> it
>>>     had purchased and installed 30 surveillance cameras with federal
>> money
>>>     for "port security." That resulted in an additional uproar and
>> another
>>>     mea culpa tour, much like they did with the drones, during which
>>>     officers repeated that they should have done a better job of
>> educating
>>>     the public about what they were up to with the cameras on Alki.
>>>     (Strangely, the Port of Seattle and the US Coast Guard didn't seem
>> very
>>>     involved in this "port security" project?their names only appear in a
>>>     few cursory places in the budgets and contracts. The SPD is clearly
>> the
>>>     driving agency behind the project. For example, their early tests of
>>>     sample Aruba products?beginning with a temporary Aruba mesh network
>> set
>>>     up in Pioneer Square for Mardi Gras in 2009?didn't have anything to
>> do
>>>     with the port whatsoever.)
>>>
>>>     The cameras attracted the controversy, but they were only part of the
>>>     project. In fact, the 30 pole-mounted cameras on Alki that caused the
>>>     uproar cost $82,682?just 3 percent of the project's $2.7 million
>>>     Homeland Security?funded budget. The project's full title was "port
>>>     security video surveillance system with wireless mesh network."
>> People
>>>     raised a fuss about the cameras. But what about the mesh network?
>>>
>>>     Detective Moss and Assistant Chief Paul McDonagh mentioned the
>> downtown
>>>     mesh network during those surveillance-camera community meetings,
>> saying
>>>     it would help cops and firefighters talk to each other by providing a
>>>     wireless network for their exclusive use, with the potential for
>> others
>>>     to use overlaid networks handled by the same equipment. (Two-way
>> radios
>>>     already allow police officers to talk to each other, but officers
>> still
>>>     use wireless networks to access data, such as the information an
>> officer
>>>     looks for by running your license plate number when you've been
>> pulled
>>>     over.)
>>>
>>>     As Brian Magnuson of Cascade Networks, Inc., which helped install the
>>>     Aruba system, explained the possible use of such a system: "A normal
>>>     cell-phone network is a beautiful thing right up until the time you
>>>     really need it?say you've just had an earthquake or a large storm,
>> and
>>>     then what happens? Everybody picks up their phone and overloads the
>>>     system." The network is most vulnerable precisely when it's most
>> needed.
>>>     A mesh network could be a powerful tool for streaming video from
>>>     surveillance cameras or squad car dash-cams across the network,
>> allowing
>>>     officers "real-time situational awareness" even when other
>> communication
>>>     systems have been overloaded, as Detective Moss explained in those
>>>     community meetings.
>>>
>>>     But the Aruba mesh network is not just for talking, it's also for
>>>     tracking.
>>>
>>>     After reviewing Aruba's technical literature, as well as talking to
>> IT
>>>     directors and systems administrators around the country who work with
>>>     Aruba products, it's clear that their networks are adept at seeing
>> all
>>>     the devices that move through their coverage area and visually
>> mapping
>>>     the locations of those devices in real time for the system
>>>     administrators' convenience. In fact, one of Aruba's major selling
>>>     points is its ability to locate "rogue" or "unassociated"
>> devices?that
>>>     is, any device that hasn't been authorized by (and maybe hasn't even
>>>     asked to be part of) the network.
>>>
>>>     Which is to say, your device. The cell phone in your pocket, for
>>>     instance.
>>>
>>>     The user's guide for one of Aruba's recent software products states:
>>>     "The wireless network has a wealth of information about unassociated
>> and
>>>     associated devices." That software includes "a location engine that
>>>     calculates associated and unassociated device location every 30
>> seconds
>>>     by default... The last 1,000 historical locations are stored for each
>>>     MAC address."
>>>
>>>     For now, Seattle's mesh network is concentrated in the downtown area.
>>>     But the SPD has indicated in PowerPoint presentations?also acquired
>> by
>>>     The Stranger?that it hopes to eventually have "citywide deployment"
>> of
>>>     the system that, again, has potential surveillance capabilities that
>> the
>>>     SPD declined to answer questions about. That could give a whole new
>>>     meaning to the phrase "real-time situational awareness."
>>>
>>>     So how does Aruba's mesh network actually function?
>>>
>>>     Each of those off-white boxes you see downtown is a wireless access
>>>     point (AP) with four radios inside it that work to shove giant
>> amounts
>>>     of data to, through, and around the network, easily handling
>>>     bandwidth-hog uses such as sending live, high-resolution video to or
>>>     from moving vehicles. Because this grid of APs forms a latticelike
>> mesh,
>>>     it works like the internet itself, routing traffic around bottlenecks
>>>     and "self-healing" by sending traffic around components that fail.
>>>
>>>     As Brian Magnuson at Cascade Networks explains: "When you have 10
>> people
>>>     talking to an AP, no problem. If you have 50, that's a problem."
>> Aruba's
>>>     mesh solution is innovative?instead of building a few high-powered,
>>>     herculean APs designed to withstand an immense amount of traffic,
>> Aruba
>>>     sprinkles a broad area with lots of lower-powered APs and lets them
>>>     figure out the best way to route all the data by talking to each
>> other.
>>>
>>>     Aruba's technology is considered cutting-edge because its systems are
>>>     easy to roll out, administer, and integrate with other systems, and
>> its
>>>     operating system visualizes what's happening on the network in a
>> simple,
>>>     user-friendly digital map. The company is one of many firms in the
>>>     networking business, but, according to the tech-ranking firm Gartner,
>>>     Aruba ranks second (just behind Cisco) in "completeness of vision"
>> and
>>>     third in "ability to execute" for its clever ways of getting around
>>>     technical hurdles.
>>>
>>>     Take Candlestick Park, the San Francisco 49ers football stadium,
>> which,
>>>     Magnuson says, is just finishing up an Aruba mesh network
>> installation.
>>>     The stadium has high-intensity cellular service needs?70,000 people
>> can
>>>     converge there for a single event in one of the most high-tech
>> cities in
>>>     America, full of high-powered, newfangled devices. "Aruba's solution
>> was
>>>     ingenious," Magnuson says. It put 640 low-power APs under the
>> stadium's
>>>     seats to diffuse the data load. "If you're at the stadium and trying
>> to
>>>     talk to an AP," Magnuson says, "you're probably sitting on it!"
>>>
>>>     Another one of Aruba's selling points is its ability to detect rogue
>>>     devices?strangers to the system. Its promotional "case studies"
>> trumpet
>>>     this capability, including one report about Cabela's hunting and
>>>     sporting goods chain, which is an Aruba client: "Because Cabela's
>> stores
>>>     are in central shopping areas, the company captures huge quantities
>> of
>>>     rogue data?as many as 20,000 events per day, mostly from neighboring
>>>     businesses." Aruba's network is identifying and distinguishing which
>>>     devices are allowed on the Cabela's network and which are within the
>>>     coverage area but are just passing through. The case study also
>>>     describes how Cabela's Aruba network was able to locate a lost
>>>     price-scanner gun in a large warehouse by mapping its location, as
>> well
>>>     as track employees by the devices they were carrying.
>>>
>>>     It's one thing for a privately owned company to register devices it
>>>     already owns with a network. It's another for a local police
>> department
>>>     to scale up that technology to blanket an entire downtown?or an
>>>     entire city.
>>>
>>>     Aruba also sells a software product called "Analytics and Location
>>>     Engine 1.0." According to a document Aruba has created about the
>>>     product, ALE "calculates the location of associated and unassociated
>>>     wifi devices... even though a device has not associated to the
>> network,
>>>     information about it is available. This includes the MAC address,
>>>     location, and RSSI information." ALE's default setting is anonymous,
>>>     which "allows for unique user tracking without knowing who the
>>>     individual user is." But, Aruba adds in the next sentence,
>> "optionally
>>>     the anonymization can be disabled for richer analytics and user
>> behavior
>>>     tracking." The network has the ability to see who you are?how deeply
>> it
>>>     looks is up to whoever's using it. (The Aruba technology, as far as
>> we
>>>     know, does not automatically associate a given MAC address with the
>> name
>>>     on the device's account. But figuring out who owns the account?by
>> asking
>>>     a cell-phone company, for example?would not be difficult for a
>>>     law-enforcement agency.)
>>>
>>>     Geo-location seems to be an area of intense interest for Aruba. Last
>>>     week, the Oregonian announced that Aruba had purchased a Portland
>>>     mapping startup called Meridian, which, according to the article, has
>>>     developed software that "pinpoints a smartphone's location inside a
>>>     venue, relying either on GPS technology or with localized wireless
>>>     networks." The technology, the article says, "helps people find their
>>>     way within large buildings, such as malls, stadiums, or airports and
>>>     enables marketing directed at a phone's precise location."
>>>
>>>     How does that geo-location work? Devices in the network's coverage
>> area
>>>     are "heard" by more than one radio in those APs (the off-white
>> boxes).
>>>     Once the network hears a device from multiple APs, it can compare the
>>>     strength and timing of the signal to locate where the device is.
>> This is
>>>     classic triangulation, and users of Aruba's AirWave software?as in
>> the
>>>     Cabela's example?report that their systems are able to locate
>> devices to
>>>     within a few feet.
>>>
>>>     In the case of large, outdoor installations where APs are more spread
>>>     out, the ability to know what devices are passing through is
>>>     useful?especially, perhaps, to policing agencies, which could log
>> that
>>>     data for long-term storage. As networking products and their uses
>>>     continue to evolve, they will only compound the "legal mystery"
>> around
>>>     how this technology could and should be used that Pell and Soghoian
>>>     described in their Berkeley Technology Law Journal piece. Aruba's
>> mesh
>>>     network is state-of-the-art, but something significantly smarter and
>>>     more sensitive will surely be on the market this time next year. And
>> who
>>>     knows how much better the software will get.
>>>
>>>     An official spokesperson for Aruba wrote in an e-mail that the
>> company
>>>     could not answer The Stranger's questions because they pertained "to
>> a
>>>     new product announcement" that would not happen until Thanksgiving.
>>>     "Aruba's technology," the spokesperson added, "is designed for indoor
>>>     (not outdoor) usage and is for consumer apps where they opt in."
>> This is
>>>     in direct contradiction to Aruba's own user's manuals, as well as the
>>>     fact that the Seattle Police Department installed an outdoor Aruba
>> mesh
>>>     network earlier this year.
>>>
>>>     One engineer familiar with Aruba products and similar systems?who
>>>     requested anonymity?confirmed that the mesh network and its software
>> are
>>>     powerful tools. "But like anything," the engineer said, it "can be
>> used
>>>     inappropriately... You can easily see how a user might abuse this
>>>     ability (network admin has a crush on user X, monitors user X's
>> location
>>>     specifically)." As was widely reported earlier this year, such
>> alleged
>>>     abuses within the NSA have included a man who spied on nine women
>> over a
>>>     five-year period, a woman who spied on prospective boyfriends, a man
>> who
>>>     spied on his girlfriend, a husband who spied on his wife, and even a
>> man
>>>     who spied on his ex-girlfriend "on his first day of access to the
>> NSA's
>>>     surveillance system," according to the Washington Post. The practice
>> was
>>>     so common within the NSA, it got its own classification: "LOVEINT."
>>>
>>>     Other Aruba clients?such as a university IT director, a university
>> vice
>>>     president, and systems administrators?around the country confirmed it
>>>     wouldn't be difficult to use the mesh network to track the movement
>> of
>>>     devices by their MAC addresses, and that building a historical
>> database
>>>     of their movements would be relatively trivial from a data-storage
>>>     perspective.
>>>
>>>     As Bruce Burton, an information technology manager at the University
>> of
>>>     Cincinnati (which uses an Aruba network), put it in an e-mail: "This
>>>     mesh network will have the capability to track devices (MAC
>> addresses)
>>>     throughout the city."
>>>
>>>     Not that the SPD would do that?but we don't know. "We definitely feel
>>>     like the public doesn't have a handle on what the capabilities are,"
>>>     says Debelak of the ACLU. "We're not even sure the police department
>>>     does." It all depends on what the SPD says when it releases its
>>>     mesh-network protocols.
>>>
>>>     "They're long overdue," says Lee Colleton, a systems administrator at
>>>     Google who is also a member of the Seattle Privacy Coalition, a
>>>     grassroots group that formed in response to SPD's drone and
>>>     surveillance-camera controversies. "If we don't deal with this kind
>> of
>>>     thing now, and establish norms and policies, we'll find ourselves in
>> an
>>>     unpleasant situation down the road that will be harder to change."
>>>
>>>     The city is already full of surveillance equipment. The Seattle
>>>     Department of Transportation, for example, uses license-plate
>> scanners,
>>>     sensors embedded in the pavement, and other mechanisms to monitor
>>>     individual vehicles and help estimate traffic volume and wait time.
>> "But
>>>     as soon as that data is extrapolated," says Adiam Emery of SDOT,
>> "it's
>>>     gone." They couldn't turn it over to a judge if they tried.
>>>
>>>     Not that license-plate scanners have always been so reliable. Doug
>> Honig
>>>     of the ACLU remembers a story he heard from a former staffer a
>> couple of
>>>     years ago about automatic license-plate readers on police cars in
>>>     Spokane. Automatic license-plate readers "will read a chain-link
>> fence
>>>     as XXXXX," Honig says, "which at the time also matched the license
>> plate
>>>     of a stolen car in Mississippi, resulting in a number of false
>> alerts to
>>>     pull over the fence."
>>>
>>>     Seattle's mesh network is only one instance in a trend of Homeland
>>>     Security funding domestic surveillance equipment. Earlier this month,
>>>     the New York Times ran a story about a $7 million Homeland Security
>>>     grant earmarked for "port security"?just like the SPD's mesh-network
>>>     funding?in Oakland.
>>>
>>>     "But instead," the Times reports, "the money is going to a police
>>>     initiative that will collect and analyze reams of surveillance data
>> from
>>>     around town?from gunshot- detection sensors in the barrios of East
>>>     Oakland to license plate readers mounted on police cars patrolling
>> the
>>>     city's upscale hills."
>>>
>>>     The Oakland "port security" project, which the Times reports was
>>>     formerly known as the "Domain Awareness Center," will "electronically
>>>     gather data around the clock from a variety of sensors and databases,
>>>     analyze that data, and display some of the information on a bank of
>>>     giant monitors." The Times doesn't detail what kind of "sensors and
>>>     databases" the federally funded "port security" project will pay for,
>>>     but perhaps it's something like Seattle's mesh network with its
>> ability
>>>     to ping, log, and visually map the movement of devices in and out of
>> its
>>>     coverage area.
>>>
>>>     Which brings up some corollary issues, ones with implications much
>>>     larger than the SPD's ability to call up a given time on a given day
>> and
>>>     see whether you were at work, at home, at someone's else home, at a
>> bar,
>>>     or at a political demonstration: What does it mean when money from a
>>>     federal agency like the Department of Homeland Security is being
>>>     funneled to local police departments like SPD to purchase and use
>>>     high-powered surveillance gear?
>>>
>>>     For federal surveillance projects, the NSA and other federal spying
>>>     organizations have at least some oversight?as flawed as it may
>> be?from
>>>     the Foreign Intelligence Surveillance Court (also known as the FISA
>>>     court) and the US Congress. But local law enforcement doesn't have
>> that
>>>     kind of oversight and, in Seattle at least, has been buying and
>>>     installing DHS-funded surveillance equipment without explaining what
>>>     it's up to. The city council's surveillance ordinance earlier this
>> year
>>>     was an attempt to provide local oversight on that kind of policing,
>> but
>>>     it has proven toothless.
>>>
>>>     It's reasonable to assume that locally gleaned information will be
>>>     shared with other organizations, including federal ones. An SPD
>> diagram
>>>     of the mesh network, for example, shows its information heading to
>>>     institutions large and small, including the King County Sheriff's
>>>     Office, the US Coast Guard, and our local fusion center.
>>>
>>>     Fusion centers, if you're unfamiliar with the term, are
>>>     information-sharing hubs, defined by the Department of Homeland
>> Security
>>>     as "focal points" for the "receipt, analysis, gathering, and
>> sharing" of
>>>     surveillance information.
>>>
>>>     If federally funded, locally built surveillance systems with little
>> to
>>>     no oversight can dump their information in a fusion center?think of
>> it
>>>     as a gun show for surveillance, where agencies freely swap
>> information
>>>     with little restriction or oversight?that could allow federal
>> agencies
>>>     such as the FBI and the NSA to do an end-run around any limitations
>> set
>>>     by Congress or the FISA court.
>>>
>>>     If that's their strategy in Seattle, Oakland, and elsewhere, it's an
>>>     ingenious one?instead of maintaining a few high-powered, herculean
>>>     surveillance agencies designed to digest an immense amount of traffic
>>>     and political scrutiny, the federal government could sprinkle an
>> entire
>>>     nation with lots of low-powered surveillance nodes and let them
>> figure
>>>     out the best way to route the data by talking to each other. By
>>>     diffusing the way the information flows, they can make it flow more
>>>     efficiently.
>>>
>>>     It's an innovative solution?much like the Aruba mesh network itself.
>>>
>>>     The Department of Homeland Security has not responded to requests for
>>>     comment.
>>>
>>>     --
>>>     Dan Staples
>>>
>>>     Open Technology Institute
>>>     https://commotionwireless.net
>>>     OpenPGP key: http://disman.tl/pgp.asc
>>>     Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 43A9
>>>     _______________________________________________
>>>     Commotion-discuss mailing list
>>>     Commotion-discuss@lists.chambana.net <javascript:_e({}, 'cvml',
>>>     'Commotion-discuss@lists.chambana.net');>
>>>     https://lists.chambana.net/mailman/listinfo/commotion-discuss
>>>
>>>
>>>
>>>     --
>>>     Preston Rhea
>>>     Field Analyst, Open Technology Institute
>>>     New America Foundation
>>>     +1-202-570-9770 <tel:%2B1-202-570-9770>
>>>     Twitter: @prestonrhea
>>>
>>>
>>>
>>> --
>>> -steve
>>>
>>>
>>> _______________________________________________
>>> mesh mailing list
>>> mesh@lists.sudoroom.org
>>> http://lists.sudoroom.org/listinfo/mesh
>>>
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> mesh mailing list
>> mesh@lists.sudoroom.org
>> http://lists.sudoroom.org/listinfo/mesh
>>
>>
>> End of mesh Digest, Vol 10, Issue 16
>> ************************************
>>
>
>
>
> _______________________________________________
> mesh mailing list
> mesh@lists.sudoroom.org
> http://lists.sudoroom.org/listinfo/mesh
>

--
http://mitar.tnode.com/
https://twitter.com/mitar_m