{"id":1114,"date":"2010-06-06T16:04:01","date_gmt":"2010-06-07T00:04:01","guid":{"rendered":"\/?p=1114"},"modified":"2010-06-19T23:21:07","modified_gmt":"2010-06-20T07:21:07","slug":"changing-the-whole-wireless-infrastructure","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1114","title":{"rendered":"How to prevent wirelesstapping"},"content":{"rendered":"<p>Responding to &#8220;<a href=\"\/?p=1111\">What harm can possibly come from a MAC address<\/a>&#8220;, Hal Berenson writes:<\/p>\n<p style=\"PADDING-LEFT: 30px\">&#8220;The real problem here is technological not legal. You could ban collecting SSIDs and MAC addresses and why would it matter? Your sexual predator scenario wouldn\u2019t be prevented (as (s)he is already committing a far more heinous crime it just isn\u2019t going to deter them). The real problem is that WIFI (a) still doesn\u2019t encrypt properly and (b) nearly all public hotspots avoid encryption altogether. I\u2019ll almost leave (b) alone because it is so obvious, yet despite that we have companies like AT&amp;T pushing us (by eliminating unlimited data plans) to use hotspots rather than their (better) protected 3G access.<\/p>\n<p style=\"PADDING-LEFT: 30px\">&#8220;Sure my iPad connects nicely via WIFI when I\u2019m in the United Red Carpet Club, but it also leaves much of my communications easily intercepted (3G may be vulnerable, but it does take some expertise and special equipment to set up my own cell). But what the *&amp;#$#&amp;*^$ is going on with encrypted WIFI not encrypting the MAC addresses? If something needs to be exposed it should be a locally unique address, not a globally unique one! I seem to recall that when I first looked at cryptography in the early 70s I read articles about how traffic analysis on encrypted data was nearly as useful as being able to decrypt the data itself. There were all kinds of examples of tracking troop movements, launch orders, etc. using traffic analysis. It is almost 40 years later and we still haven\u2019t learned our lesson.&#8221;<\/p>\n<p>I assume Hal is using &#8220;*&amp;#$#&amp;*^$&#8221; as a form of encryption.\u00a0 Anyway, I totally agree with the technical points being made.\u00a0 WIreless networks used the static MAC concept they inherited from wired systems in order to facilitate interoperability with them.\u00a0 Designers didn&#39;t think the fact that the MAC addresses would be visible to eavesdroppers would be very important &#8211; the payload was all they cared about.\u00a0\u00a0 As I said in the Fourth Law of Identity:<\/p>\n<p style=\"padding-left: 30px;\">Bluetooth and other wireless technologies have not so far conformed to the fourth law. They use public beacons for private entities.<\/p>\n<p>I&#39;d love to figure out how we would\u00a0get agreement on &#8220;fixing&#8221; the wireless infrastructure.\u00a0 But one thing is for sure:\u00a0 it is really hard and would take a while!\u00a0 I don&#39;t think, in the meantime,\u00a0we should simply allow our private space to be invaded.\u00a0 Just because technology allows theft of the identifiers doesn&#39;t mean society should.<\/p>\n<p>Similarly, in\u00a0reference to\u00a0the predator scenario, the fact that\u00a0laws don&#39;t\u00a0prevent crime\u00a0has never meant there shouldn&#39;t be laws.\u00a0 Regulation of &#8220;wirelesstapping&#8221; would make the emergence of this new kind of crime less likely.<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What the *&#038;#$#&#038;*^$ is going on with encrypting WIFI and not encrypting the MAC addresses?<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[63,3,47,77],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1114"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1114"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1114\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}