Wireless Mesh Network Surveillance
With the spread of consumer Wi-Fi technology, many cities across the country have begun to explore the idea of installing citywide wireless “mesh” networks. These networks connect wireless devices across an expansive geographic area seamlessly. For cities, a mesh network offers two major benefits. First, it improves the local emergency communications system. In the event of a natural disaster or major accident, existing communications systems may be damaged or overloaded. A mesh network provides a parallel system that responders can use in such a situation. Second, it provides convenient internet access to the public, including some people who may not be able to afford it on their own. But as a device connects to the various access points (or “nodes”) that comprise the network, its location can be recorded in the network’s logs. This means that network administrators could easily to track the location of cellphones, tablets, laptops – anything with a wireless card. In addition, governments could also conceivably monitor the traffic taking place on the network, using deep packet inspection or similar methods of surveillance.
CIVIL LIBERTIES CONCERNS
Police technicians can easily configure the network to collect very sensitive information about people’s movements. Over time, for instance, police could use this data to build a historical map of your movements within the network. It might cover the course of a day, a week, a month, or any amount of time an investigator would like to see. Conversely, the mesh node data could identify all the cellphones that were within a certain area at a certain time. For example, police might use it to build a list of people who attended a protest or shopped at a particular store on a particular day. Since tracking the movements of individuals reveals an extraordinary amount of information about their habits, livelihoods, relationships, and values, elected officials should establish strict rules to protect the privacy of people walking down the street. The government shouldn’t collect such information without probable cause of criminal activity and judicial oversight.
Most of us are familiar with Wi-Fi internet connections – you plug your modem into a wireless router, which establishes connections to your computer, phone, or tablet. In your home Wi-Fi network, if your router stops working, the entire network goes down.
- In a wireless mesh network, the work of the router is duplicated across many individual “nodes” that all talk to each other. Mesh nodes send and receive radio signals to and from devices like phones and computers, as well as one another. Each node can function like a router and can instantly take over for other nodes that fail or disappear from the network. This allows a mesh network to cover a large area without a single point of failure.
- This redundancy enables the network to track your location. Every computer, cellphone, and tablet has a unique Media Access Control identifier, called a hardware or a “MAC” address. (Note that this has nothing to do with Macintosh-brand devices.) The node may record the MAC addresses of connected devices to a log file. Network administrators can then combine the logs of several nodes to track your movements through a space covered by a mesh network.
While many cities have considered building wireless mesh networks, most projects remain in the planning stages. Setting up a mesh network for location tracking is relatively easy to do. However, the ACLU’s investigation of this technology shows that a city must make a proactive decision to use the network for that purpose.
Examples of Use
- Location::Seattle, WASeattle’s Mesh Network Roll-Out Illustrates Need For Transparency And Public Input
In fall 2013, Seattle Police Department documents leaked to local media revealed that the department had quietly built an expansive wireless mesh network over the previous two years. Helped by a $2.7 million grant from the Department of Homeland Security, the SPD undertook the project with little or no input or oversight from outside technology experts, lawmakers, or the public. By the time news of the project was made public, police had already activated the network in many parts of the city. Additionally, they had integrated it with networks of surveillance cameras in the downtown business core, the port, and several parks. The SPD had not yet configured the network for location tracking. However, the department had not adopted an official policy governing the use of the network, nor had it set any initial safeguards in place to protect the privacy of people walking down the street. Facing a public backlash over its failure to involve the public, the SPD temporarily deactivated the system. The department will not reactivate the network until the City Council has approved new rules. Seattle’s experience illustrates what cities should not do. For sensitive new technologies, agencies should establish rules and involve the public long before the technology goes online.
When government agencies consider acquiring and using surveillance systems, communities and their elected officials must both weigh the benefits against the costs to civil liberties and carefully craft policies and procedures that help to limit the negative effects that surveillance will have on fundamental rights. For a useful list of considerations, please visit the recommendations page.