Good reporting, though I wish the author wouldn't bury the most important paragraph at the end of a longish piece.
This is not a purely local issue. It's a coordinated Federal surveillance program masquerading as a local initiative.
If federally funded, locally built surveillance systems with
little to no oversight can dump their information in a fusion
center—think of it as a gun show for surveillance, where agencies
freely swap information with little restriction or
oversight—that could allow federal agencies such as the FBI and
the NSA to do an end-run around any limitations set by Congress
or the FISA court.
Federal government will say it's a local issue, talk to SPD. SPD will eventually cite confidentiality agreements with Aruba Networks. When pressed, one of them will provide outdated and/or incomplete data citing jurisdictional boundaries and pleading lack of technical resources to adequately address the request.
They've already repeated the drone playbook, public apologies and assertions that only certain capabilities will be used.
Your answer sounds suspiciously like "give up before trying". I say the correct answer is try, and if you're thwarted, think about it and try some more.
If anyone is interested in getting involved, you can call or email the EFF. [1] They've done stuff like this before, and they'll help you get started. If you want someone else to get involved, donate to the EFF. [2] Or even the ACLU [3], because they'll eventually be the ones to defend some victim of the system.
Is no one else in the least bit cynical about the timing of MAC randomisation from Apple? Release iBeacon, then shut off an approach others could use to build a competing system.
Realistically, MACs were invented for one purpose (which they still serve) but many other purposes piggy-backed over the years. This is typical for many technical artifacts. Now that we have realized what we want, that we were getting from MACs, albeit poorly, we can build exactly that. Or Apple can, anyway.
I'm moderately cynical about Apple's motivations. I think they've done it because it helps them make money, not for any altruistic reason. Having this feature helps Apple sell iPhones to us, and the iBeacon platform to advertisers.
I don't think that makes a difference though, because Bluetooth LE beacons (iBeacons) are better in this respect - regardless of Apple's motivations.
If your Alice's iPhone senses Bob's iBeacon then no information is revealed to Bob about Alice - an iBeacon can't receive, they're transmit only [1]. It's only once Alice installs Bob's app that Bob can get an indication that Alice is near one of his iBeacons.
Isn't iBeacon a transmit-only technology? So there's no way for the iBeacon to log nearby devices. Then it's two completely different types of systems; one can auto-track users and the other cannot.
I don't think Apple does this, but if the iBeacon transmitter device sends an ID to identify itself, the iOS device could log and send the event to a web server by itself.
If it is the operating system you are worried about, there are other things (like continuous GPS and wifi BSSID logging) that would be more effective for tracking a user's location world-wide all the time.
I'm cynical about the "timing" in another way. that if an AP captures a sequence of the "random" addresses an institution can subpena whatever unique seed was assigned to each iDevice to feed whatever PRNG is shuffling the MAC addresses
I'd have more privacy without a phone, but we all make tradeoffs. In this case, iOS offers distinct advantages not yet advertised in Android or Windows Phone. Of course, my privacy depends on many factors, including the apps I choose to use. But Apple's clear improvements to location tracking, with popups to further allow background location checking both enhances privacy and battery life. I'll still leak data like crazy, but at least the NSA won't have quite as much context, and non-NSA players like advertisers, lesser still.
If your wifi is on, cities are not the only people tracking your location. It's a huge industry - Euclid Analytics, Cisco, and others are providing stores with a customer's path, dwell times, etc. Connecting your MAC to your person is trivial with more than one visit to a store in which you pay with a credit card.
It should be noted that iOS 8 randomizes the MAC address during wifi probes, so with iOS 8 you will not be trackable unless you install the store's app.
"infect" doesnt quite seem to fit, but yeah +1 for Pry-Fi. I just wish it would let me set a specific MAC for a specific SSID. ie xfinitywifi will let you on if your mac is 00:11:22:33:44:55
A single visit or even a walk-by can reveal a lot too. As I understand it, SSID probing basically reveals all the networks your device knows about to any AP [1]. This can give away a lot of information too.
In the game, the fictional Blume Industries sets up a massive, city-wide network, connecting almost everything to the central ctOS supercomputer. One of the ways they build public support for this system is by first providing free wifi to the public in and around Chicago.
I know this isn't perfectly analogous, but wifi networks popping up for ostensibly benevolent purposes and then being used to track people seems close enough to warrant a mention.
Isn't it much more likely that they're building this network for their own internal needs? Police cars have computers, fire department personnel sometimes need to download building plans on site, etc.
I'm sure that is part of what they are building it for. But given all the data from Aruba about the system's tracking capabilities, and the department's dodgy answers about its intended use, I think it would honestly be a stretch at this point to think that's all they are building it for.
You can probably request a copy of their grant proposal via FOIA. Having seen similar grant proposals for other cities (admittedly not in a few years) I would guess that their primary rationale is ensuring connectivity for first responders even if the cell network is down due to a disaster or some other event. I would be surprised if they considered surveillance to be a factor.
I must protest. There is no way that they're building this with anything but municipal public-safety networking capabilities in mind.
No off-the-shelf software from Aruba is aimed at citywide location-tracking capabilities. You could write one, or you could sort of hack away with a tool not designed for the job, but if you're really going for surveillance you'd focus on getting better tooling.
So instead, they'll think of any tracking capabilities will be a handy added bonus. :) :(
Why not both? If they just needed tracking and internet for government personnel around the city, wouldn't it be cheaper to just give them all a GPS device and a mobile hotspot?
And even if the primary purpose is their own internal needs, it's entirely possible for this system to track people the way the article mentions. Even if it isn't used, it's kind of creepy that they have the capability to do that, and that we can never really know for sure that they aren't.
>wouldn't it be cheaper to just give them all a GPS device and a mobile hotspot?
That's not really how public safety people think. How useful would a mobile hotspot be during, say, the Boston marathon bombings, when cell service was inoperable? Most likely they'll have multiple systems with different capabilities.
Considering the normal cell-system was shut-down by the operators due to fears about mobile-controlled IEDs (aka pressure cookers with archaic timing systems) it could be very useful, as long as the cell-system operators can discriminate on a device-level which we all know to be true at this point.
And who gives fig what "public-safety" people think if it's old-fashioned? They need to step their game up and gladly join our Total Information Awareness world. I'm not paying the taxes I am for some sort of half-assed sort-of-oppressing oppression. Why did they compromise the telcos so thoroughly if not for this exact purpose?
Fascismo with no joy in wielding its ultimate authoritarian stick is nothing worthwhile for these US of As. Gotta give that 110%, idolators of power and authority for their own sake...
I currently live in Seattle and, in the past, I worked on mesh networks for another city. In that other city, the motivating factor for their public safety people was entirely ensuring connectivity for their personnel (making sure that in the event of a disaster, when cell systems might be inoperable, the first responders can still use their devices). Nobody talked about surveillance.
you didn't have the ability to selectively shutdown the mobile network to allow only those emergency and Telco employees with with dual sim'd phones to access in an emergency?
From the documentation for Analytics and Location Engine 1.2.1 (ALE):
Location API
This API retrieves Retrieves historical location objects for a specific MAC client. The last 1000 historical locations
are stored for each MAC address. This API also publishes a location event if ALE receives an RSSI reading from a
single AP for a station....
The API appears to return an X/Y coord pair which is associated with a campus, building or floor map. It also returns an accuracy value for the XY pair.
I dug into this because I was curious if it was getting actual GPS coords but it looks like it's using access point data and floor maps and (now I'm guessing) it may be using multiple RF antennas per AP which lets it separate an area into pie slices. That and signal strength will give you not-too-bad location data.
Yeah, things like location engines aren't for an outdoor citywide deployment, they're really more for trilaterating your position within a controlled area so you can localize someone's device to one corner of the office. It also helps if you have information on the floor plan so you can adjust the signal strength for attenuation from walls -- that's the kind of precision you're looking at.
On a citywide level, though, you don't need that to get an idea of where people have been bringing their phones, just the detection by the access point in question is a major piece of information, readily placing you within a block or so of most APs. Of course, besides the wifi angle, the cell phone companies have something a lot like this too, and sometimes sell it or give it to law enforcement anyway.
Meraki APs have a similar system. The school I work IT for has used it to correctly identify vandals and thieves on several occasions, and recover stolen wireless devices. It's more than possible, it's already put into practice on many large wifi networks.
> How well can this mesh network see you? How accurately can it geo-locate and track the movements of your phone, laptop, or any other wireless device by its MAC address? Can the network send that information to a database, allowing the SPD to reconstruct who was where at any given time, on any given day, without a warrant? Can the network see you now?
I feel like Betteridge's law applies here. Yes, it could. Maybe it does. Do you have any evidence of these claims? Nope.
> Note that he didn't say the mesh network couldn't be used for the surveillance functions we asked about, only that it wouldn't.
Yes, that literally every enterprise access point in existence could be used for that type of surveillance, so of course he didn't say it couldn't be used for that. That would be lying. So what more assurance could we possibly have than "it wouldn't"?
I think there's a big difference between a large enterprise's access points and those that cover a city.
First off if your employer is spying on you, you at least have a chance to quit and get another job. Further that new job might not require that you move to avoid surveillance. Also many/most employers don't care enough about specifically where all their employees are to do such a thing. Finally a lot of the employers who do care enough have implemented ID badges. ID badges don't necessarily give you a happy feeling inside since they make it obvious that management doesn't trust everyone equally. But at least the tracking that they do is explicit: you know you're getting logged every time you badge through a door.
Imagine the outcry if a city implemented a badge ID system that you needed just to travel anywhere. That literally conjures images of "Papers, please" and the like.
The problem is that they have -- without any real, widespread public knowledge or approval -- implemented a small portion of a fairly draconian we-track-you-everywhere kind of system.
I think it'll "hold up in court", for certain definitions of "hold up" Judges are not stupid. No single piece of evidence is 100% reliable and enough to get a conviction. A MAC address will just be another piece of the puzzle. Judges will familiarize themselves with what they are and that they can be spoofed, and will take that into account when evaluating the evidence.
This is Detective Monty Moss.
http://i.ytimg.com/vi/MIg3We8iXbw/0.jpg
If you see him at a restaurant or shopping or out with the family, politely approach him and politely let him know that you don't appreciate his efforts.
This is not a purely local issue. It's a coordinated Federal surveillance program masquerading as a local initiative.