I feel like “putting wifi in my home” is similar to “putting bodies that emit heat in my home”. Neither of which implicitly grant law enforcement to come and observe either through the walls of my home.
I am not a lawyer, nor am I familiar with the SCOTUS case referenced in the article. But I really hope it is precedent enough to make any judge throw out any such violations without any hassle.
Still enables parallel construction. They can illegally search and surveil you without your knowledge and there's not much anyone can do about it. They can't submit any findings as evidence but they can totally anonymously tip off other authorities or something.
It must be physically impossible to violate our privacy or it doesn't work.
Parallel construction only works if you've actually committed a crime and left evidence somewhere it can be plausibly found - i.e. "a random search of the public woods near your area found a shallow grave, and tire-tracks matching your car" - but the search was conducted because what actually happened was you were telling a guy "yes I definitely killed Tony and buried him in the woods".
People keep using the term as though it implies some legal means of fabricating evidence against someone: which is ridiculous because if you're willing to fabricate evidence, you don't need to actually find any.
It's also worth noting that in the case of incidental wifi surveillance, it's likely the plain-sight doctrine would apply: if you're being imaged and positioned by broadcasts you yourself are making and nearby devices can receive, then this would be ruled in plain sight and rightly so (I can't stop my routers and devices from detecting nearby devices as part of interference avoidance).
A Harvard professor wrote a book titled Three Felonies A Day which argues that there are so many laws to break that an average working professional in America will commit an average of three felonies every day. I do not know the accuracy of the claim but this idea of over-criminalization is an interesting one to think about.
Specifically, how likely is it for a person to have unknowingly committed a crime and left evidence? (Of course, it’s not a violent crime assuming a regular sane individual.) Are you certain you’ve never left evidence for any sort of “white collar” crime which you unwittingly committed?
There are (at least) two ways to think about the law. One (which technical people tend to subscribe to) is that the law is analogous to a computer code for the society and the ideal is that it is followed at all times. The second is that the law is there as a backup when someone is clearly causing trouble and other, more informal means to stop them have failed.
In the second interpretation, it is desirable to have some sort of law always ready to apply when a problematic situation arises, and everyone committing technical felonies every now and then is just a (mostly) harmless side effect of the system working as intended.
The second interpretation is, I believe, also often applied when new laws are written. Usually the logic is: there is some kind of a problem that the politicians need to address, and the problem itself is too complex to directly address so some kind of proxy law is made that gives an excuse to throw problematic people in jail. See e.g. loitering laws.
I am skeptical of the claim but not the conclusion. I take the claim anyway to be a bit of hyperbole to sell more books.
One of the biggest problems in law is what IT/CS people might call technical debt. New laws get added all the time while old, often-outdated or useless laws rarely get removed. The problem is that those old, even outdated and useless laws can sometimes be leveraged against you in new or novel ways, sometimes that the drafters of the laws never would have expected. Legislative intent is not always clear and not always decisive.
Even if you committed a crime, police should not be able to find out about it through illegal means. Police should not be allowed to run SIGINT operations on citizens. They should not even have that capability. Why is it normal for police to have these literal spy movie technologies?
Because in the typical American mind a thee-not-me-mentality is very prevalent. They are the sole protagonists of their own lives and they believe they have invincible plot armor like the protagonists in the action movies.
That means people believe the police having Gestapo-capabilities will only ever hurt others (who must then have deserved it!) and never them.
That a free democracy is a finely balanced system between the power of the people and the powers of the three branches isn't something they ever consider. That capabilities can breed their own perverse incentives and a culture of disservice is a few complexity levels further up the tree still.
> But if someone stole your bike, usually police wont find it.
That is a "we're not in a post-scarcity society" problem - stolen bikes tend to be below the cut-off point of cases the police can afford to take on. It's not like they have nothing more important to do.
Unfortunately, there aren't many good solutions to this, and the most direct one involves giving even more spy movie tech to the police, so that bike theft case can be solved with a click of a button - but we probably wouldn't want to live in a world where police can actually do that.
There may be a camera on every corner, but I bet half of these cameras are fake, and most of the rest are privately owned, therefore a huge hassle to get footage from.
the police absolutely found my bike. it had a tracker on it and very distinctive paint.
if you go to them and say "my bike is gone" they'll ask what details you can provide. if the answer is "none" then they're not going to try that hard. hundreds of other missing goods cases too, and many of those could be more than your bike, and have actual leads.
> Parallel construction only works if you've actually committed a crime and left evidence somewhere it can be plausibly found...
> if you're willing to fabricate evidence, you don't need to actually find any.
I am reminded of "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
Or, in the not famous enough "Don't talk to the police" lecture[1], the policeman telling how he can just surveil anyone for long enough and they will break the law, because, as the lawyer points out in his part of the talk, there are so many laws that it's basically impossible not to breach one at some point.
> It's also worth noting that in the case of incidental wifi surveillance, it's likely the plain-sight doctrine would apply
Plain-sight should mean observation with the natural human senses, and I think the courts agree. There is nothing "plain" about radio signals leaking through walls. The thermal imaging example in the article as well.
> the drone observed “each window of Plaintiffs’ residence and outbuildings” and was “outside [law enforcement’s] visual line of sight,” violating both federal and Indiana law.
Placing a device outside a home to collect WiFi signals doesn't sound like "visual line of sight". I.E. clearly a 4th amendment search requiring a warrant.
Collecting records stored by devices that had been in the area already seems plausible, but would presumably require a legal justification to search those (warrant, consent, etc). But to my understanding, devices don't store such records.
Parallel construction is foremost a run-around of the "fruit of the poisonous tree doctrine".[1]
It allows law enforcement to use methods that might amount to illegal searches, and then avoid judicial scrutiny of those methods.
See, for examples of such methods, Stringrays, "persistent surveillance"[2] aircraft, and NSA information sharing agreements.[3]
"Plain sight" doctrine isn't going to apply to these methods. You aren't allowed to use deconvolution to look through frosted glass and call it "plain sight", just as you can't use methods not in typical use to abuse WiFi as an imaging service. You can probably use WiFi traffic metadata, however, just as you can retrospectively use cell tower data.
> Parallel construction only works if you've actually committed a crime
What about if you're doing something that isn't illegal yet, but a new Politician decides he doesn't like the cut of your hair and then targets you later because you were doing it.
What about if you just have someone come over to visit your home who is known to disagree with someone that becomes a Political leader in the future and they punish you for it.
etc. etc.
There are a million reasons why privacy is very important.
> What about if you're doing something that isn't illegal yet, but a new Politician decides he doesn't like the cut of your hair and then targets you later because you were doing it.
That would have nothing to do with parallel construction and everything to do with someone having sufficient political power to change the law to target you - either specifically or generally.
Someone with that much power could also just wipe out illegal search and seizure restrictions.
But again this is also based on a misunderstanding of the process: you can't use parallel construction to make illegally obtained evidence valid to use. You can only use it to indirectly guide the discovery of other evidence which must already exist and be plausibly findable by regular means.
i.e. if the police stop on the high way and notice disturbed ground and discover a dead body, that's something which could happen by pure chance. Parallel construction is suggesting that a police car should stop at a particular point on a highway, and have a good look around.
The one upside to this being based on open standards also means that there is no reason this tech can't be used against say, police, politicians, executives.
Though I'd like to actually look at how it is practically done first, for all I know this could require more than just access to an AP. This is not my area of expertise so maybe someone that is an expert can confirm my intuition that beamforming even on enterprise grade access points isn't locative (if that is the right word?) enough on it's own, I'd imagine this would require some type of kit to be deployed in order to accurately map a room?
Also plaster walls or at least my plaster walls seem to be great at blocking anything over 2.4GHz :\
Here is where it gets interesting... No mesh, it is lath and plaster. I've had to cut into it in a few rooms and if there is a mesh I have yet to see it. I am wondering what was used in the plaster at this point.
Huh. I know lime plaster can contain significant levels of iron impurities, but I think even in the worst case those would be low enough to have an insignificant effect. Now I'm really curious too.
If someone is worried that their government could be flashing the firmware of their WiFi router to use the beamforming antennae of the router to track them walking around their home....
Then they should be way more worried that their government is using any access to their wifi router at all. Like, you got way bigger things to worry about at that point, right?
There are a million surveillance side-channels that could be used to build profile-able information about what is happening inside a home from the outside. The concern isn't that those things are possible (they always will be) the concern should be that there are authorities who could be (mis)using such avenues and not explicitly being disallowed in the first place.
I disagree. The trajectory of technology generally is:
possible -> prototype -> product -> common -> common and cheap
If Wi-Fi surveillance were to become common and cheap, other methods would be produced to make data harvesting common and cheap to the surveillance state/bigco. The best way to avoid that dystopia is to safeguard it early in the process.
What I'm trying to get at is, even if this type of Wifi surveillance becomes commong and cheap, it still requires access at a low level to the wifi router itself. Which should be hands-off in the first place. It's like having cameras in your house on your local network... if the police could legally hack into your network, they could watch you on the cameras to see if you are committing crimes! But... the point is they shouldn't be able to do that, regardless if you have the cameras or not... the line is drawn at the access.
Same thing there. It shouldn't matter if the tech is possible, produced, cheap, and installed in your home.... it's all moot if the act of the surveillance isn't followed through. We need to work towards ways to prevent the acts themselves, as we simply aren't going to be able to prevent the possible sidechannel attacks from being possible. They are always possible.
> it still requires access at a low level to the wifi router itself
Nope, remote sensing only requires custom radio firmware on the passive surveillance receiver (<$20) that is monitoring Wi-Fi reflections from standard consumer routers which are "near" the target, https://news.ycombinator.com/item?id=34480760
Wi-Fi access points are often provided by ISPs. ISPs, especially in the US, are not to be trusted; https://security.stackexchange.com/q/71834 is just one example of that.
In Australia we have the Assistance and Access amendment to the Telecommunications Act 1997, which allows the government to demand that companies or individuals insert backdoors into their products for use by law enforcement. My WAP/router already tries to update its own firmware, what’s to stop the govt forcing in new firmware with full cooperation from the vendors that enable this passive sensing and allow access to the output?
Well someone has to pay for the tech. Its not free. And that puts an automatic upper limit on what happens.
People have no idea how much debt Police depts (lets not even talk about the military) have racked up playing with high tech toys and paying off compensation every 2 days for people they accidentally harm or kill. So whats funny here as Big Bro gets access to more and more tools the more broke he gets.
And guess what the financiers of this debt will do when it cant be paid off. Raid police pension funds. Thats how financialization of public service works
No free lunch big bro. Have fun with all the "cool toys" while the good times last.
The linked paper "Et Tu Alexa?" uses a single smartphone positioned outside of the property
> We show that just by sniffing existing WiFi signals, an
adversary can accurately detect and track movements of users
inside a building. This is made possible by our new signal model
that links together human motion near WiFi transmitters and
variance of multipath signal propagation seen by the attacker
sniffer outside of the property.
> Then they should be way more worried that their government is using any access to their wifi router at all.
We should be worried about ISPs too. They give themselves access to their customer premises equipment. I had to hack their router to put it into bridge mode and then use another router with software I control to connect.
You don't think that there is some agency like the NSA or such that can access your full Google search history and location in real time? There might even be some individuals with access that doesn't even require search warrants or anything.
I’m curious as to which government you think isn’t going to use surveillance tools on you, even if they aren’t exactly legal. I mean, after Echelon we still had the tinfoil disbelief to fall back on, but in a post-Snowden world it’s hard to imagine why you would think your government wouldn’t do this.
You’re not exactly wrong in that you should also be worrying about: Boundless Information, Bullrun, Carnivore, DSCNet, Fairview, ICREACH, Magic Lantern, Main Core, Mainway, Media Monitoring Services, Muscular, Mystic, Nationwide Suspicious Activity Reporting Initiative, NSA Ant Catalog, PRISM, Room641A, Sentry Eagle, Special Collection Service, Stellar Wind, Tailored Access Operarions, Turbulence, and, X-Keyscore if you’re American. But that doesn’t mean you shouldn’t also worry about this, just as much.
Apropos of nothing, a conductive mesh with 1/2" holes suffices to block 2.4 Ghz signals, while 1/4" holes suffice to block 5 Ghz signals. https://www.homedepot.com/s/hardware%20cloth
Hah, I remember having a tiny condo and was unable to get wifi throughout it because it was constructed with a metal-mesh backing[1] instead of wooden lath for the plaster. Was like a 60db drop putting a device on the opposite side of a wall made from one of these.
> We report results on two protocols: (1) Same layout: We train
on the training set in all 16 spatial layouts, and test on remaining
frames. Following [31], we randomly select 80% of the samples to
be our training set, and the rest to be our testing set. The training
and testing samples are different in the person’s location and pose,
but share the same person’s identities and background. This is a
reasonable assumption since the WiFi device is usually installed
in a fixed location. (2) Different layout: We train on 15 spatial
layouts and test on 1 unseen spatial layout. The unseen layout is in
the classroom scenarios.
Depending on how they selected various frames -- let's just say it was random -- the model could have learned something to effect of "this RF pattern is most similar to these two other readings I'm familiar with" (from the surrounding frames) and can therefore just interpolate between the resulting poses associated with those RF patterns (that the model has compressed/memorized into trained weights).
If you look at the meshes between the image ground truth and the paper's results, you'll see that they are strikingly similar. I find this also suspect because WiFi-band RF interacts a lot more with water than with clothes and so you would expect the outline/mesh to get the "meat-bag" parts of you correct but not be able to guess the contours of baggy clothes. That is... unless it has memorized them from the training set.
> It should be noted that many WiFi routers, such as TP-Link AC1750, come with 3 antennas, so our method only requires 2 of these routers.
> WiFi-based perception is based on the Channel-state-information (CSI) that represents the ratio between the transmitted signal wave and the received signal wave. The CSIs are complex decimal sequences that do not have spatial correspondence to spatial locations
AFAIK, access to raw CSI data is not available on consumer routers. You need specific FPGA/SDR boards which happens to speak the WIFI 2.4G/5G protocol.
> The series takes place in a dystopian Milwaukee in the year 2074, where many countries have gone bankrupt .. In the absence of effective government, powerful multinational corporations have become de facto governments, controlling areas called Green Zones. The remaining territories are called Red Zones, where governance is weak or non-existent.
Consumer Wi-Fi 7 Sensing routers (estimated to arrive in 2024 with IEEE 802.11bf) can generate 3D images of human activity through the walls/floor/ceiling of homes and business, profiling human position, movements, breathing, keystrokes, emotion and more, https://news.ycombinator.com/item?id=34480760.
After standardization by IEEE in consumer routers, which remote parties would be interested in WFH WiFi Sensing Analytics? How could regulators, employers, employees and home-builders respond? Remote, through-wall, X-Ray vision monitoring can be entirely passive when there is ambient WiFi traffic, e.g. reflections from routers inside targeted urban buildings of interest. This has been possible for more than a decade, using either expensive LE equipment or low-cost DIY/RF/hacker toolsets. Will IEEE standardization of Wi-Fi 7 Sensing give X-ray vision superpowers to every neighbor?
On a positive note, there is some commercial interest in Li-Fi for wireless data transfer via optical light, so that data transfers will stop at a perimeter established by traditional walls. Until then, aluminum radiant barrier, conductive paint, RF shielding drywall (e.g. QuietRock) or metal mesh can reduce unwanted inbound/outbound RF signals. For temporary shielding of a room, consider a Zipwall-like tension pole frame supporting a cube of aluminum radiant barrier (USD $0.25 per square foot), plus shielded air ventilation.
Tomographic detection has been around for some time. There was a company that commercialized this and had a more or less real-time Harry Potter style “Marauder’s Map” of your home for a security system but they did a lousy job commercializing it.
I wonder if this will cause an interest in in Faraday Cage walls: outer wall sheetrock with a copper wire mesh support, with a ground to prevent re-radiating. You'd also need to have the same mesh on the house roof and attic walls. Copper would be best for conductivity. The mesh holes would need to no greater than 5mm to block 2.4Ghz and 5Ghz. This is rounded down to the nearest mm from the equation:
hole size (m) = speed (m/s) x frequency (Hz)
(.0599 = 299,792,458 * 5,000,000,000)
The better the conductivity of the metal the thinner the thickness can be. It's differences between 10s of microns though, so in practical terms thin copper fire should work. Even thin steel wire should work.
Your biggest leakage problem would be doors and windows. Window screens sized to stop mosquitos (1.2mm hole size) will help with this, for the windows. Metal screen doors should help.
This won't prevent all leakage, but should prevent most of it.
Looking at the source articles, this seems to require specialized equipment and large antennas that are fairly close to whatever is being imaged. So unless there's been some sort of breakthrough, this is not a case of "someone could hack your router and see you in your home".
I haven't worked there for years, so not sure what has changed since I was there but at least at the time it was decent. It could reliably detect movement, but was getting triggered by pets and such. They were working on solutions to that when I left.
Imaging like this is like scanning a scene with a one pixel camera. Cameras use a lens to focus an image onto a plane, and the plane has multiple sensors. What would that device look like for microwaves?
I don't understand, why the author's concern is focused around surveillance through wifi. The routers are private devices, so if secured properly, what kind of backdoor a third party could use to take imagery of your house insides?
Law enforcement for decades has used commercial cellular networks to spy on people, and with the modern 5g technologies these surveillance suites are very well developed and able to see EVERYONE at scale with centimeter precision.
The wifi router sees you (a bit like a mini radar), but someone outside your premises would still have to hack the router? Or do ISPs already have that access?
Also curious to know how far wifi routers 'see'? If it's more than a few meters there could be more potential surveillance by wifi router than by cctv!
- 'TR-069' is the name of a protocol by which (most) ISPs operate
- It gives ISPs the rights/ability to interact with your devices remotely (under the guise of maintenance and remote troubleshooting)
- This isn't something that's going to happen one day far in the future; it already applies to most(/all?) routers currently in use in countries whose ISPs abide by the protocol
So ISPs can already see inside customer homes?! (since they can already access the data necessary to use the WiFi device as a makeshift imaging system? - wowzers!
Fucking TR-069. BT used to reboot my router every day at 03:00, right when I was trying to read reddit.
To your point. ISPs send out the shittiest cheapest routers. I doubt they are physically capable of imaging to any reasonable degree. If you pay extra for a higher-grade WiFi router in your Internet package, then maybe.
Best to own your own device. I presume such a thing would not accept TR-069 commands, but that is worth checking.
"In order to comply with DOCSIS4.2 regulations, we require anonymous WiFi telemetry for 5GhZ or higher due to safety. You can disable this at any time and use 2.4GhZ."
WiFi can read through walls - https://news.ycombinator.com/item?id=37469920 - Sept 2023 (171 comments)