We've explored many of the basic issues of WiFi snooping. I would now like to go directly to the core of the matter: why do large centralized databases of MAC addresses linked to our street addresses have really serious consequences for peoples’ privacy? I'd like to approach this through an example:
Consider the case of someone attending a conference at which people are using laptops and phones over a wireless network. We picture the devices within range of a given attendee in Figure 1:
The green dot represents the WiFi access point through which conference attendees gain access to the Internet. For now, let's assume this is a permanent WiFi network. Let's therefore assume its MAC address and location are present within the linking database that also contains our residential MAC to street address mapping.
Now suppose one or more people at the conference have opted into a geo-location service that makes use of the database. And let's assume that the way this service works is to listen for nearby MAC addresses (all the little circles in the figure) and submit them to the geo-location system for analysis.
The geo-location system will learn that the opted-in user (let's call him Red) is near the given WiFi point, and thus will know Red is at a given location. If the geo-location system is also capable of searching the web (as one would expect that Google's could), it will also be able to infer that Red is in a given hotel, and that the hotel is hosting a conference C on the date in question.
If Red stays in the same location for some time, and is surrounded by a number of other people who are in the same location (discernable because their MAC addresses continue to be near by), the smart service will be able to infer that Red is attending conference C being held in the hotel.
So far, there's nothing wrong with this, since Red has opted in to the geo-location service, and presumably been told that's how it works.
However, note that the geo-location system also learns about the MAC addresses of all the attendees within range who have NOT opted into the system (Green). And if they remain within range over time, it can also deduce that they too are present at conference C. Further, it can look up their MAC addresses in the database to discover their street addresses. This in turn can be used to make many inferences about who the attendees at the conference are, since a lot of information is keyed to their street addresses. That can itself become further profile information.
Opting out doesn't help
The problem here is this: The geo-location system is perfectly capable of tracking your location and associating it with your home street address whether you opt in or not. Home address is a key to many aspects of your identity. Presto – you have linked many aspects of your identity to your location, and this becomes intellectual property that the geo-location can service sell and benefit from in a myriad of ways.
Is this the way any particular geo-location services would actually work? I have no idea. But that's not the point. The point is that this is the capability one enables by building the giant central database of laptop and phone MAC addresses linked to street addresses.
Commercial interest will naturally tend towards maximal use of these capabilities and the information at hand.
That is why we need to fully understand the implications of wirelesstapping on a massive scale and figure out if and where we want to draw the line. How does the collection of MAC addresses using WiFi trucks relate to the regulations involving data collection, proportionality and consent? Are there limits on the usage of this data?
One thing for sure. Breaking the Fourth Law, and turning a unidirectional identifier into a universal identifier is like the story of the Sorcerer's Apprentice. All the brooms have started dancing. I wonder if Mickey will get out of this one?
