10 Nov
2013
10 Nov
'13
4:48 p.m.
Okay, that's very true. Then what about interfacing nodes with clients on
MAC addresses, but then node to node with a different address? Wouldn't
that provide similar security as to what we're trying to do with exit
nodes? The MAC address for the phones only being known to the node, but
then not using it for delivery throughout the mesh.
On Sun, Nov 10, 2013 at 4:39 PM, <mesh-request(a)lists.sudoroom.org> wrote:
Send mesh mailing list submissions to
mesh(a)lists.sudoroom.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.sudoroom.org/listinfo/mesh
or, via email, send a message with subject or body 'help' to
mesh-request(a)lists.sudoroom.org
You can reach the person managing the list at
mesh-owner(a)lists.sudoroom.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of mesh digest..."
Today's Topics:
1. Re: Changing your MAC address (rhodey)
----------------------------------------------------------------------
Message: 1
Date: Sun, 10 Nov 2013 16:39:22 -0800
From: rhodey <rhodey(a)anhonesteffort.org>
To: mesh(a)lists.sudoroom.org
Subject: Re: [Mesh] Changing your MAC address
Message-ID: <5280273A.6060804(a)anhonesteffort.org>
Content-Type: text/plain; charset=UTF-8
----------------------------------------------------------------------
own
to
problem
have
802.11
another
The
spawn
further
and
http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143…
see
your
The
the
asked
any
and
enable
messy,
tools.
We
of
federal
million
network."
the
for
information
an
most
visually
for
30
giant
problem."
each
in a
stadium,
high-tech
it!"
studies"
also
an
the
the
the
a
off-white
is.
mystery"
the
in."
X's
historical
its
Coalition,
a
Seattle
SDOT,
a
chain-link
false
was
its
being
may
and
SPD
Homeland
sprinkle
an
43A9
'cvml',
https://lists.chambana.net/mailman/listinfo/commotion-discuss
--
http://mitar.tnode.com/
https://twitter.com/mitar_m
_______________________________________________
mesh mailing list
mesh(a)lists.sudoroom.org
http://lists.sudoroom.org/listinfo/mesh
------------------------------
_______________________________________________
mesh mailing list
mesh(a)lists.sudoroom.org
http://lists.sudoroom.org/listinfo/mesh
End of mesh Digest, Vol 10, Issue 20
************************************
> does it have to be a MAC address?
Yes. We only (at most) have control of the mesh nodes (access points) in
our network-- not the mesh clients (desktop, laptop, cellphone).
Desktops, laptops, cellphones all have networking stacks and they will
all use a MAC address. If they are cellphones it is likely that the MAC
address cannot be changed/spoofed without rooting the OS (not user
friendly).
--
-- rhodey ?????
On 11/10/2013 04:31 PM, Jeremy Entwistle wrote:
Well, one question that's been on my mind is
does it have to be a MAC
address? I think ideally we would have something comparable to a
fingerprint or randomly generated addresses that are assigned by the
network. Also, in looking at SSL vs pre-shared keys, apparently its
slower and more demanding of our resources to use SSL... but at the same
time, I'm not sure how to securely distribute and verify pre-shared keys
throughout a network. Also, it seems to me that speed and preventing any
latency on the network is more important than the key itself, because
anybody can join the network, and there's the possibility of generating
keys every couple of hours.
I guess what I'm saying is that the internet depends on IPs, Meshes have
been dependent on MACs, but I don't see why we have to depend on either.
On Sun, Nov 10, 2013 at 3:54 PM, Mitar <mitar(a)tnode.com
<mailto:mitar@tnode.com>> wrote:
Hi!
So we might create an app for people to install to change MAC
addresses
randomly. :-) So a privacy preserving app for
mesh networks.
It would make sure that your WiFi does not broadcast a list of known
networks as well.
Mitar
specific
I looked into this awhile ago and it's very
easy to change mac
addresses.
Kali Linux Tutorials: How to Change or Spoof a
MAC Address
https://www.youtube.com/watch?v=JyP8aGtPZpA
On Sun, Nov 10, 2013 at 3:03 PM, <mesh-request(a)lists.sudoroom.org
<mailto:mesh-request@lists.sudoroom.org>> wrote:
> Send mesh mailing list submissions to
> mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org>
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.sudoroom.org/listinfo/mesh
> or, via email, send a message with subject or body 'help' to
> mesh-request(a)lists.sudoroom.org
<mailto:mesh-request@lists.sudoroom.org>
>
> You can reach the person managing the list at
> mesh-owner(a)lists.sudoroom.org
<mailto:mesh-owner@lists.sudoroom.org>
>>
>> When replying, please edit your Subject line so it is more > than
"Re: Contents of mesh digest..."
>
>
> Today's Topics:
>
> 1. Re: Fwd: [Commotion-discuss] Seattle Police mesh network for
> surveillance? (rhodey)
>
>
>
>
> Message: 1
> Date: Sun, 10 Nov 2013 15:03:01 -0800
> From: rhodey <rhodey(a)anhonesteffort.org
<mailto:rhodey@anhonesteffort.org>>
> To: mesh(a)lists.sudoroom.org
<mailto:mesh@lists.sudoroom.org>
> Subject: Re: [Mesh] Fwd: [Commotion-discuss] Seattle Police mesh
> network for surveillance?
> Message-ID: <528010A5.8030704(a)anhonesteffort.org
<mailto:528010A5.8030704@anhonesteffort.org>>
>> Content-Type: text/plain; charset=UTF-8
>>
>> Police, govt, and other evil adversaries are free to setup their >
hardware, their own mesh, the idea is not to prevent this but to
prevent
> the use of good mesh networks for evil. I
want to give more
thought to
> this subject sometime in the near future but
for now this is what
I have...
>>
>> The major concern here (as I see it) is the persistence of MAC
>> addresses. The average user does not know how to change their MAC
>> address and in the case of most mobile devices it is not possible >
change the MAC address. We can ensure that IP addresses are cycled
> frequent enough because we'll have control over a majority of the
DHCP
>> servers on the mesh so I'll be focusing on MAC addresses.
>>
>> In any local network a MAC address can be associated with network
>> traffic, the obvious solution here is to use encryption. The > with
MAC addresses in a mesh network is that they could also be
> associated with a location.
>
> On any layer 2 network it is possible for any connected host to
> determine the route to any other host using a MAC address as an
> identifier. Because mesh nodes have a fixed (and likely known)
physical
> location it can be assumed that the last hop
in the route
corresponds to
>> the physical location of the specific host.
>>
>> It is important to realize that only mesh nodes (access points) >
*potential* knowledge of signal strength and other 802.11
broadcast type
>> frames-- sure Oakland PD can setup a device to listen to all >
traffic, but remember we're only focusing on how existing
hardware can
>> be abused. So, one host *cannot* triangulate the location of >> host. *From the perspective of a
host on the mesh, a host can
only be
>> connected to one mesh node or
disconnected from the network.* In
the
>> context of physical location, the
privacy of a host on the mesh
is a
>
function of the area covered by the mesh node it is connected to.
>
> To increase user privacy I would like to experiment with a MAC
address
>> spoofing service that could run on mesh nodes or volunteer hosts. >
service would basically pretend to be just another host on the
network
>> identified by some MAC address. The service could intelligently >> fake hosts depending on the number
of other hosts connected to the
>> shared mesh node. Mesh nodes with fewer connected hosts need more
>> spoofed hosts to increase privacy, etc. But it is not that simple
of
>
course, because spoofed MAC addresses need to persist just as
legitimate
> MAC addresses do, and move about in the
physical world (connect to
> different mesh nodes) just as other legitimate users will. I've
thought
>> some of this through but it is a large undertaking that needs >> planning.
>>
>> Another thing to keep in mind is that although MAC addresses
could
be
> used
as a persistent identifier *they alone do not represent any
> identity.* It is not until an adversary obtains additional
information
> that a MAC address could be used to identify
an individual
person. Not
> to say the surveillance of pseudo-anonymous
individual and group
> movement is negligible, just pointing this out.
>
> In conclusion (for now) by keeping our software and build
processes open
> we can convince reasonable users that it is
not possible for us
to track
>> them with more than neighborhood level accuracy. If we go further >
deploy something like the MAC spoofing service it could be
possible to
> extend this guarantee further. I think it is
also likely that
this MAC
> spoofing service could be designed to
prevent/degrade 802.11 style
> surveillance by hardware outside our control.
>
> --
> -- rhodey ?????
>
> On 11/10/2013 11:44 AM, Steve Berl wrote:
>> Couldn't a community mesh network be suspected of having the
same
sort
>> of tracking abilities?
>> How do we convince potential mesh network users that we aren't
>> collecting location data on them?
>>
>> Steve
>>
>>
>> On Friday, November 8, 2013, Jenny Ryan wrote:
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: *Preston Rhea* <prestonrhea(a)opentechinstitute.org
<mailto:prestonrhea@opentechinstitute.org>
>> <javascript:_e({}, 'cvml',
'prestonrhea(a)opentechinstitute.org
<mailto:prestonrhea@opentechinstitute.org>');>>
>> Date: Thu, Nov 7, 2013 at 6:49 AM
>> Subject: Fwd: [Commotion-discuss] Seattle Police mesh
network for
>> surveillance?
>> To: Jenny Ryan <jenny(a)thepyre.org <mailto:jenny@thepyre.org>
<javascript:_e({}, 'cvml',
>> 'jenny(a)thepyre.org
<mailto:jenny@thepyre.org>');>>, Shaun
Houlihan
<shaunhoulihan(a)gmail.com <mailto:shaunhoulihan@gmail.com>
>> <javascript:_e({}, 'cvml',
'shaunhoulihan(a)gmail.com
<mailto:shaunhoulihan@gmail.com>');>>
>>
>>
>> Thought this would interest y'all, I don't know if you are
already on
>> the Commotion listserv Jenny.
>>
>>
>> ---------- Forwarded message ----------
>> From: Dan Staples <danstaples(a)opentechinstitute.org
<mailto:danstaples@opentechinstitute.org>
>> <javascript:_e({}, 'cvml',
'danstaples(a)opentechinstitute.org
<mailto:danstaples@opentechinstitute.org>');>>
>> Date: Wed, Nov 6, 2013 at 9:32 PM
>> Subject: [Commotion-discuss] Seattle Police mesh network for
>> surveillance?
>> To: commotion-discuss <commotion-discuss(a)lists.chambana.net
<mailto:commotion-discuss@lists.chambana.net>
>> <javascript:_e({}, 'cvml',
'commotion-discuss(a)lists.chambana.net
<mailto:commotion-discuss@lists.chambana.net>
> ');>>
>>
>>
>>
>
>>
>> You Are a Rogue Device
>> A New Apparatus Capable of Spying on You Has Been Installed
> Throughout
>> Downtown Seattle. Very Few Citizens Know What It Is, and
Officials
>> Don?t
>>> Want to Talk About It.
>>>
>>> by Matt Fikse-Verkerk and Brendan Kiley
>>>
>>> If you're walking around downtown Seattle, look up: You'll
>
off-white
>> boxes, each one about a foot tall with vertical antennae,
attached
to
>> utility poles. If you're walking
around downtown while
looking at a
>> smartphone, you will probably see at
least one?and more
likely two or
>> three?Wi-Fi networks named after
intersections: "4th&Seneca,"
>> "4th&Union," "4th&University," and so on. That is
how you
can see the
>> Seattle Police Department's new
wireless mesh network,
bought from a
>> California-based company called Aruba
Networks, whose
clients include
>> the Department of Defense, school
districts in Canada,
oil-mining
>> interests in China, and
telecommunications companies in
Saudi Arabia.
>>>
>>> The question is: How well can this mesh network see you?
>>>
>>> How accurately can it geo-locate and track the movements of >
phone,
>> laptop, or any other wireless device by its MAC address (its
"media
>> access control address"?nothing
to do with Macintosh?which is
> analogous
>> to a device's thumbprint)? Can the network send that
information to a
>> database, allowing the SPD to
reconstruct who was where at
any given
>> time, on any given day, without a
warrant? Can the network
see you
>> now?
>>>
>>> The SPD declined to answer more than a dozen questions from >>> Stranger, including whether
the network is operational, who
has
>
access
>> to its data, what it might be used for, and whether the SPD
has
used
> it
>> (or intends to use it) to geo-locate people's devices via
their MAC
>>> addresses or other identifiers.
>>>
>>> Seattle Police detective Monty Moss, one of the leaders of >>
mesh-network project?one part of a $2.7 million effort, paid
for by
> the
>> Department of Homeland Security?wrote in an e-mail that the
> department
>> "is not comfortable answering policy questions when we do
not
yet
> have a
>> policy." But, Detective Moss added, the SPD "is actively
> collaborating
>> with the mayor's office, city council, law department, and
the
ACLU
> on a
>> use policy." The ACLU, at least, begs to differ: "Actively
>> collaborating" is not how they would put it. Jamela Debelak,
> technology
>> and liberty director of the Seattle office, says the ACLU
submitted
>> policy-use suggestions months ago and
has been waiting for a
> response.
>>
>> Detective Moss also added that the mesh network would not be
used
for
>> "surveillance purposes...
without City Council's approval
and the
>> appropriate court
authorization." Note that he didn't say
the mesh
>>> network couldn't be used for the surveillance functions we
>
about,
>> only that it wouldn't?at least until certain people in power
say it
> can.
>> That's the equivalent of a "trust us" and a handshake.
>>
>> His answer is inadequate for other reasons as well. First,
the
city
>>> council passed an ordinance earlier this year stating that >
potential
>> surveillance equipment must submit protocols to the city
council
for
>>> public review and approval within 30 days of its acquisition >>
implementation. This mesh network has been around longer
than that,
> as
>> confirmed by Cascade Networks, Inc., which helped install
it.
Still,
> the
>> SPD says it doesn't have a policy for its use yet. Mayor
McGinn's
> office
>> says it expects to see draft protocols sometime in
December?nearly
> nine
>> months late, according to the new ordinance.
>>
>> Second, and more importantly, this mesh network is part of a
whole
> new
>> arsenal of surveillance technologies that are moving faster
than
the
>> laws that govern them are being
written. As Stephanie K.
Pell (former
>> counsel to the House Judiciary
Committee) and Christopher
Soghoian
>> (senior policy analyst at the ACLU)
wrote in a 2012 essay
for the
>> Berkeley Technology Law Journal:
>>
>> The use of location information by law enforcement
agencies
is
>>> common and becoming more so as technological improvements >>> collection of more accurate
and precise location data. The
legal
>
mystery
>> surrounding the proper law enforcement access standard for
> prospective
>> location data remains unsolved. This mystery, along with
conflicting
>> rulings over the appropriate law
enforcement access
standards for
>> both
>>> prospective and historical location data, has created a >>
inconsistent legal landscape where even judges in the same
district
>> may
>>> require law enforcement to meet different standards to compel
>> location
>>> data.
>>>
>>> In other words, law enforcement has new tools?powerful >
didn't
>> ask for them, but they're here. And nobody knows the rules
for
how
> they
>> should be used.
>>
>> This isn't the first time the SPD has purchased surveillance
> equipment
>> (or, as they might put it, public-safety equipment that
happens
to
> have
>> powerful surveillance capabilities) without telling the rest
of
the
>> city. There was the drones
controversy this past winter,
when the
> public
>> and elected officials discovered that the SPD had bought two
unmanned
>> aerial vehicles with the capacity to
spy on citizens. There
was an
>>> uproar, and a few SPD officers embarked on a mea culpa tour >
community
>> meetings where they answered questions and endured (sometimes
> raucous)
>> criticism. In February, Mayor Mike McGinn announced he was
grounding
> the
>> drones, but a new mayor could change his mind. Those SPD
drones
are
>> sitting somewhere right now on SPD
property.
>>
>> Meanwhile, the SPD was also dealing with the port-camera
surveillance
>> scandal. That kicked off in late
January, when people in
West Seattle
>> began wondering aloud about the 30
cameras that had appeared
> unannounced
>> on utility poles along the waterfront. The West Seattle
neighborhood
>> blog (westseattleblog.com
<http://westseattleblog.com>
<http://westseattleblog.com>) sent
>> questions to city utility companies,
and
>> the utilities in turn pointed at SPD, which eventually
admitted
that
>> it
>>> had purchased and installed 30 surveillance cameras with >> money
>>> for "port security." That resulted in an additional uproar
and
>> another
>>> mea culpa tour, much like they did with the drones, during
which
>>> officers repeated that they
should have done a better job of
>> educating
>>> the public about what they were up to with the cameras on
Alki.
>>
(Strangely, the Port of Seattle and the US Coast Guard
didn't seem
> very
>> involved in this "port security" project?their names only
appear in a
>> few cursory places in the budgets and
contracts. The SPD is
clearly
> the
>> driving agency behind the project. For example, their early
tests
of
>> sample Aruba products?beginning with
a temporary Aruba mesh
network
> set
>> up in Pioneer Square for Mardi Gras in 2009?didn't have
anything to
> do
>> with the port whatsoever.)
>>
>> The cameras attracted the controversy, but they were only
part of
the
>> project. In fact, the 30 pole-mounted
cameras on Alki that
caused the
>>> uproar cost $82,682?just 3 percent of the project's $2.7 >>
Homeland Security?funded budget. The project's full title
was "port
>>> security video surveillance system with wireless mesh >
People
>> raised a fuss about the cameras. But what about the mesh
network?
>>>
>>> Detective Moss and Assistant Chief Paul McDonagh mentioned >
downtown
>> mesh network during those surveillance-camera community
meetings,
> saying
>> it would help cops and firefighters talk to each other by
providing a
>>> wireless network for their exclusive use, with the potential >> others
>>> to use overlaid networks handled by the same equipment.
(Two-way
>
radios
>> already allow police officers to talk to each other, but
officers
>> still
>>> use wireless networks to access data, such as the >> officer
>>> looks for by running your license plate number when you've
been
>
pulled
>> over.)
>>
>> As Brian Magnuson of Cascade Networks, Inc., which helped
install
the
>> Aruba system, explained the possible
use of such a system:
"A normal
>> cell-phone network is a beautiful
thing right up until the
time you
>> really need it?say you've just
had an earthquake or a large
storm,
> and
>> then what happens? Everybody picks up their phone and
overloads
the
>>> system." The network is most vulnerable precisely when it's
>> needed.
>>> A mesh network could be a powerful tool for streaming video
from
>>> surveillance cameras or
squad car dash-cams across the
network,
>
allowing
>> officers "real-time situational awareness" even when other
> communication
>> systems have been overloaded, as Detective Moss explained in
those
>> community meetings.
>>
>> But the Aruba mesh network is not just for talking, it's
also
for
>> tracking.
>>
>> After reviewing Aruba's technical literature, as well as
talking to
> IT
>> directors and systems administrators around the country who
work
with
>> Aruba products, it's clear that
their networks are adept at
seeing
>> all
>>> the devices that move through their coverage area and >
mapping
>> the locations of those devices in real time for the system
>> administrators' convenience. In fact, one of Aruba's major
selling
>> points is its ability to locate
"rogue" or "unassociated"
> devices?that
>> is, any device that hasn't been authorized by (and maybe
hasn't even
>>> asked to be part of) the network.
>>>
>>> Which is to say, your device. The cell phone in your pocket, >>
instance.
>>
>> The user's guide for one of Aruba's recent software products
states:
>> "The wireless network has a
wealth of information about
unassociated
> and
>> associated devices." That software includes "a location
engine that
>>> calculates associated and unassociated device location every >
seconds
>> by default... The last 1,000 historical locations are stored
for
each
>> MAC address."
>>
>> For now, Seattle's mesh network is concentrated in the
downtown area.
>> But the SPD has indicated in
PowerPoint presentations?also
acquired
> by
>> The Stranger?that it hopes to eventually have "citywide
deployment"
> of
>> the system that, again, has potential surveillance
capabilities
that
> the
>> SPD declined to answer questions about. That could give a
whole
new
>> meaning to the phrase "real-time
situational awareness."
>>
>> So how does Aruba's mesh network actually function?
>>
>> Each of those off-white boxes you see downtown is a wireless
access
>>> point (AP) with four radios inside it that work to shove >
amounts
>> of data to, through, and around the network, easily handling
>> bandwidth-hog uses such as sending live, high-resolution
video to
or
>> from moving vehicles. Because this
grid of APs forms a
latticelike
> mesh,
>> it works like the internet itself, routing traffic around
bottlenecks
>> and "self-healing" by
sending traffic around components that
fail.
>>
>> As Brian Magnuson at Cascade Networks explains: "When you
have 10
>> people
>>> talking to an AP, no problem. If you have 50, that's a >
Aruba's
>> mesh solution is innovative?instead of building a few
high-powered,
>> herculean APs designed to withstand
an immense amount of
traffic,
> Aruba
>> sprinkles a broad area with lots of lower-powered APs and
lets
them
>>> figure out the best way to route all the data by talking to >
other.
>>
>> Aruba's technology is considered cutting-edge because its
systems are
>> easy to roll out, administer, and
integrate with other
systems, and
>> its
>>> operating system visualizes what's happening on the network
>
simple,
>> user-friendly digital map. The company is one of many firms
in
the
>> networking business, but, according
to the tech-ranking firm
Gartner,
>> Aruba ranks second (just behind
Cisco) in "completeness of
vision"
> and
>> third in "ability to execute" for its clever ways of getting
around
>>> technical hurdles.
>>>
>>> Take Candlestick Park, the San Francisco 49ers football >
which,
>> Magnuson says, is just finishing up an Aruba mesh network
> installation.
>> The stadium has high-intensity cellular service needs?70,000
people
>> can
>>> converge there for a single event in one of the most >
cities in
>> America, full of high-powered, newfangled devices. "Aruba's
solution
> was
>> ingenious," Magnuson says. It put 640 low-power APs under the
> stadium's
>> seats to diffuse the data load. "If you're at the stadium
and trying
>> to
>>> talk to an AP," Magnuson says, "you're probably
sitting on >>
>> Another one of Aruba's selling points is its ability to
detect
rogue
>>> devices?strangers to the system. Its promotional "case >> trumpet
>>> this capability, including one report about Cabela's hunting
and
>>
sporting goods chain, which is an Aruba client: "Because
Cabela's
> stores
>> are in central shopping areas, the company captures huge
quantities
> of
>> rogue data?as many as 20,000 events per day, mostly from
neighboring
>> businesses." Aruba's network
is identifying and
distinguishing which
>> devices are allowed on the
Cabela's network and which are
within the
>>> coverage area but are just passing through. The case study >>> describes how Cabela's
Aruba network was able to locate a
lost
>>
price-scanner gun in a large warehouse by mapping its
location, as
> well
>> as track employees by the devices they were carrying.
>>
>> It's one thing for a privately owned company to register
devices it
>>> already owns with a network. It's another for a local police
>> department
>>> to scale up that technology to blanket an entire downtown?or >>
entire city.
>>
>> Aruba also sells a software product called "Analytics and
Location
>>> Engine 1.0." According to a document Aruba has created about
>>
product, ALE "calculates the location of associated and
unassociated
>>> wifi devices... even though a device has not associated to >
network,
>> information about it is available. This includes the MAC
address,
>> location, and RSSI information."
ALE's default setting is
anonymous,
>>> which "allows for unique user tracking without knowing who
>>> individual user is."
But, Aruba adds in the next sentence,
>> "optionally
>>> the anonymization can be disabled for richer analytics and
user
>
behavior
>> tracking." The network has the ability to see who you
are?how
deeply
> it
>> looks is up to whoever's using it. (The Aruba technology, as
far as
> we
>> know, does not automatically associate a given MAC address
with
the
> name
>> on the device's account. But figuring out who owns the
account?by
>> asking
>>> a cell-phone company, for example?would not be difficult for >>
law-enforcement agency.)
>>
>> Geo-location seems to be an area of intense interest for
Aruba.
Last
>> week, the Oregonian announced that
Aruba had purchased a
Portland
>> mapping startup called Meridian,
which, according to the
article, has
>> developed software that
"pinpoints a smartphone's location
inside a
>> venue, relying either on GPS
technology or with localized
wireless
>> networks." The technology, the
article says, "helps people
find their
>> way within large buildings, such as
malls, stadiums, or
airports and
>> enables marketing directed at a
phone's precise location."
>>
>> How does that geo-location work? Devices in the network's
coverage
>> area
>>> are "heard" by more than one radio in those APs (the
>
boxes).
>> Once the network hears a device from multiple APs, it can
compare
the
>>> strength and timing of the signal to locate where the device > This
is
>> classic triangulation, and users of Aruba's AirWave
software?as in
> the
>> Cabela's example?report that their systems are able to locate
> devices to
>> within a few feet.
>>
>> In the case of large, outdoor installations where APs are
more
spread
>> out, the ability to know what devices
are passing through is
>> useful?especially, perhaps, to policing agencies, which
could log
> that
>> data for long-term storage. As networking products and their
uses
>>> continue to evolve, they will only compound the "legal >
around
>> how this technology could and should be used that Pell and
Soghoian
>> described in their Berkeley
Technology Law Journal piece.
Aruba's
> mesh
>> network is state-of-the-art, but something significantly
smarter
and
>> more sensitive will surely be on the
market this time next
year. And
>> who
>>> knows how much better the software will get.
>>>
>>> An official spokesperson for Aruba wrote in an e-mail that >
company
>> could not answer The Stranger's questions because they
pertained "to
> a
>> new product announcement" that would not happen until
Thanksgiving.
>> "Aruba's technology,"
the spokesperson added, "is designed
for indoor
>>> (not outdoor) usage and is for consumer apps where they opt > This
is
>> in direct contradiction to Aruba's own user's manuals, as
well as the
>> fact that the Seattle Police
Department installed an outdoor
Aruba
> mesh
>> network earlier this year.
>>
>> One engineer familiar with Aruba products and similar
systems?who
>> requested anonymity?confirmed that
the mesh network and its
software
> are
>> powerful tools. "But like anything," the engineer said, it
"can be
> used
>> inappropriately... You can easily see how a user might abuse
this
>>> ability (network admin has a crush on user X, monitors user >> location
>>> specifically)." As was widely reported earlier this year,
such
>
alleged
>> abuses within the NSA have included a man who spied on nine
women
> over a
>> five-year period, a woman who spied on prospective
boyfriends, a
man
> who
>> spied on his girlfriend, a husband who spied on his wife,
and even
a
> man
>> who spied on his ex-girlfriend "on his first day of access
to
the
> NSA's
>> surveillance system," according to the Washington Post. The
practice
> was
>> so common within the NSA, it got its own classification:
"LOVEINT."
>>
>> Other Aruba clients?such as a university IT director, a
university
> vice
>> president, and systems administrators?around the country
confirmed
it
>> wouldn't be difficult to use the
mesh network to track the
movement
>> of
>>> devices by their MAC addresses, and that building a >
database
>> of their movements would be relatively trivial from a
data-storage
>> perspective.
>>
>> As Bruce Burton, an information technology manager at the
University
> of
>> Cincinnati (which uses an Aruba network), put it in an
e-mail:
"This
>> mesh network will have the capability
to track devices (MAC
> addresses)
>> throughout the city."
>>
>> Not that the SPD would do that?but we don't know. "We
definitely feel
>> like the public doesn't have a
handle on what the
capabilities are,"
>> says Debelak of the ACLU.
"We're not even sure the police
department
>>> does." It all depends on what the SPD says when it releases
>>
mesh-network protocols.
>>
>> "They're long overdue," says Lee Colleton, a systems
administrator at
>>> Google who is also a member of the Seattle Privacy >>
grassroots group that formed in response to SPD's drone and
>> surveillance-camera controversies. "If we don't deal with
this kind
> of
>> thing now, and establish norms and policies, we'll find
ourselves in
> an
>> unpleasant situation down the road that will be harder to
change."
>>>
>>> The city is already full of surveillance equipment. The >>
Department of Transportation, for example, uses license-plate
> scanners,
>> sensors embedded in the pavement, and other mechanisms to
monitor
>> individual vehicles and help estimate
traffic volume and
wait time.
>> "But
>>> as soon as that data is extrapolated," says Adiam Emery of
>
"it's
>> gone." They couldn't turn it over to a judge if they tried.
>>
>> Not that license-plate scanners have always been so
reliable.
Doug
>> Honig
>>> of the ACLU remembers a story he heard from a former staffer >
couple of
>> years ago about automatic license-plate readers on police
cars in
>>> Spokane. Automatic license-plate readers "will read a >
fence
>> as XXXXX," Honig says, "which at the time also matched the
license
>> plate
>>> of a stolen car in Mississippi, resulting in a number of >
alerts to
>> pull over the fence."
>>
>> Seattle's mesh network is only one instance in a trend of
Homeland
>> Security funding domestic
surveillance equipment. Earlier
this month,
>> the New York Times ran a story about
a $7 million Homeland
Security
>> grant earmarked for "port
security"?just like the SPD's
mesh-network
>> funding?in Oakland.
>>
>> "But instead," the Times reports, "the money is going to a
police
>> initiative that will collect and
analyze reams of
surveillance data
> from
>> around town?from gunshot- detection sensors in the barrios
of
East
>> Oakland to license plate readers
mounted on police cars
patrolling
>> the
>>> city's upscale hills."
>>>
>>> The Oakland "port security" project, which the Times
reports >>
formerly known as the "Domain Awareness Center," will
"electronically
>> gather data around the clock from a
variety of sensors and
databases,
>> analyze that data, and display some
of the information on a
bank of
>> giant monitors." The Times
doesn't detail what kind of
"sensors and
>> databases" the federally funded
"port security" project will
pay for,
>>> but perhaps it's something like Seattle's mesh network with
>
ability
>> to ping, log, and visually map the movement of devices in
and out
of
> its
>> coverage area.
>>
>> Which brings up some corollary issues, ones with
implications
much
>> larger than the SPD's ability to
call up a given time on a
given day
> and
>> see whether you were at work, at home, at someone's else
home,
at a
> bar,
>> or at a political demonstration: What does it mean when
money from
a
>>> federal agency like the Department of Homeland Security is >>
funneled to local police departments like SPD to purchase
and use
>> high-powered surveillance gear?
>>
>> For federal surveillance projects, the NSA and other federal
spying
>>> organizations have at least some oversight?as flawed as it >
be?from
>> the Foreign Intelligence Surveillance Court (also known as
the
FISA
>> court) and the US Congress. But local
law enforcement
doesn't have
>> that
>>> kind of oversight and, in Seattle at least, has been buying >>
installing DHS-funded surveillance equipment without
explaining what
>> it's up to. The city
council's surveillance ordinance
earlier this
> year
>> was an attempt to provide local oversight on that kind of
policing,
> but
>> it has proven toothless.
>>
>> It's reasonable to assume that locally gleaned information
will be
>>> shared with other organizations, including federal ones. An >
diagram
>> of the mesh network, for example, shows its information
heading
to
>> institutions large and small,
including the King County
Sheriff's
>>> Office, the US Coast Guard, and our local fusion center.
>>>
>>> Fusion centers, if you're unfamiliar with the term, are
>>> information-sharing hubs, defined by the Department of >
Security
>> as "focal points" for the "receipt, analysis, gathering, and
> sharing" of
>> surveillance information.
>>
>> If federally funded, locally built surveillance systems with
little
> to
>> no oversight can dump their information in a fusion
center?think
of
> it
>> as a gun show for surveillance, where agencies freely swap
> information
>> with little restriction or oversight?that could allow federal
> agencies
>> such as the FBI and the NSA to do an end-run around any
limitations
> set
>> by Congress or the FISA court.
>>
>> If that's their strategy in Seattle, Oakland, and elsewhere,
it's an
>> ingenious one?instead of maintaining
a few high-powered,
herculean
>> surveillance agencies designed to
digest an immense amount
of traffic
>>> and political scrutiny, the federal government could >> entire
>>> nation with lots of low-powered surveillance nodes and let
them
>> figure
>>> out the best way to route the data by talking to each other.
By
>>
diffusing the way the information flows, they can make it
flow more
>> efficiently.
>>
>> It's an innovative solution?much like the Aruba mesh network
itself.
>>
>> The Department of Homeland Security has not responded to
requests
for
>>> comment.
>>>
>>> --
>>> Dan Staples
>>>
>>> Open Technology Institute
>>> https://commotionwireless.net
>>> OpenPGP key: http://disman.tl/pgp.asc
>>> Fingerprint: 2480 095D 4B16 436F 35AB 7305 F670 74ED BD86 >>
_______________________________________________
>> Commotion-discuss mailing list
>> Commotion-discuss(a)lists.chambana.net
<mailto:Commotion-discuss@lists.chambana.net> <javascript:_e({}, >>
'Commotion-discuss(a)lists.chambana.net
<mailto:Commotion-discuss@lists.chambana.net>');>
>>> >
>
>
> --
> Preston Rhea
> Field Analyst, Open Technology Institute
> New America Foundation
> +1-202-570-9770 <tel:%2B1-202-570-9770>
> Twitter: @prestonrhea
>
>
>
> --
> -steve
>
>
> _______________________________________________
> mesh mailing list
> mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org>
> http://lists.sudoroom.org/listinfo/mesh
>
------------------------------
_______________________________________________
mesh mailing list
mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org>
http://lists.sudoroom.org/listinfo/mesh
End of mesh Digest, Vol 10, Issue 16
************************************
_______________________________________________
mesh mailing list
mesh(a)lists.sudoroom.org <mailto:mesh@lists.sudoroom.org>
http://lists.sudoroom.org/listinfo/mesh
3842
days inactive
3842
days old
0 comments
1 participants
participants (1)
-
Jeremy Entwistle