© Jonathan Gallagher 2012-2019
Week 1 Definitions 03/09/15
Privacy is the ability to perform actions without the knowledge of another party or the ability to withhold information from undesired parties. Privacy is the perception that shared information will either only reach its intended recipient or remain with the originator of that information. Privacy is the absence or protection from the efforts of others to observe or record your actions or information.
Surveillance is the gathering of information on a subject, whether an individual or population. Surveillance will typically involve observation of the actions of a subject, behavorial patterns, or in terms of the surveillance of a large population pre-established patterns that denote a certain characteristic or behaviour may be sought out. Effective surveillance presumes a lack of its knowledge on the part of those being observed.
Interrogation is a forced path of questioning in which the power lies on the side of those asking the questions (interrogators) and an answer to the questions posed is expected from the ones being questioned by the end. Coercion, either physical or mental may be employed to this end on the part of the interrogators. The information is presumed to be withheld on the part of those being questioned.
Midterm : Flanopticon 15/10/15
My portrait is based on the concept of a benevolent systems administrator. Imagined here as a set of protocols and standards entirely free from human interaction once up and running within the org box installed in the building or community. In my mind this abstraction was necessary to protect the network from being subverted from its original intended use. Everything happens within the black box of the org box. The organisation manages updates and monitors for alerts but cannot see residents’ traffic.
The box can still alert when human intervention is required because it sends out error codes based off of events to a central data center, its capacity for doing such adapting with each firmware update. The org cannot even see the twice weekly reports that the box generates for the building’s residents unless the box alerts them that their intervention is required. If everything runs as it should the box effectively makes that building an island in the internet. All the traffic coming out is anonymised, not even containing the central boxes location. The building’s residents consume the internet while being safeguarded from any attempts to track them.
The benefits of a mesh network but installed and administered by an organisation. In this case the node of the network that is connected to the internet is highly secured with the latest standards of encryption and constantly updated with a new blacklist of tracking technologies to protect against while anonymizing the traffic of every other node connected to it. It differs from the standard mesh network seen until now because the Org box installed within the community is more like the central access point for each individual resident’s router. The different, resident level nodes within the building are isolated from each other by design for security.
Problems with the network, and solutions where found
The box as a central repository of all of the building’s data presents a high value target. Although the box is set to wipe all cached data regularly and at users’ requests and the data is heavily encrypted the possibility of someone breaking in undetected and decrypting the building’s traffic has to be entertained. This is a weak point of any centralised network architecture. While the standards of digital encryption are the best possible for today and are changed and upgraded with every firmware upgrade sent to the box, the hardware of the box will become outdated in a period possibly as short as five or ten years. This adds exponentially increasing cost to the org if Flanopticon is adapted by many communities and it needs to replace boxes to remain secure.
Preliminary Flowchart for Network Architecture
Sample Report in Context with “Geary” Email client running on Ubuntu
The organisation’s goal is to make it exponentially harder for web and network based tracking to be implemented for gain.
The organisation is structured as a non profit and would be run on a part time volunteer basis from the outset with hopes of attaining donations and sponsorship following the initial few pilot installations in communities. This structure is key to ensuring that there is no incentive to monetise or otherwise try to gain control of the users’ data. The organisation must be built on trust in order for it to function and cannot behave like a data mining tech giant even if it scales to a position to be able to do so.
The intention of installing these systems is to foster a chilling effect on the practicality of tracking that gets stronger the more communities choose to use Flanopticon. Although installations of the Flanopticon system would be performed as they are asked for by willing and interested communities, by design, hopefully organically region by region as entire swathes of a city’s population become untrackable it will
The organisation would seek to leverage the benefits of a large developer base provided by an open source model rather than operating proprietary software for its boxes as it believes the benefits of the proprietary model to be negligible given available software for reverse engineering compiled code such as IDA PRO.
Why hasn’t a similar solution to this been implemented widely before now? Why is this not the standard?
Although Mesh Networks which Flanopticon draws heavily from and shares much of a featureset with have been around for a while in tech terms their adoption has not been so widespread or immediate as their proponents had envisioned. I think that part of the reason for this is that networking architecture was built by telecoms companies on the same basis as phone lines used to be built: a large organisation footing the cost of infrastructure and then renting out its capability to local or lower level organisations. Only recently do we see initiatives such as NYC mesh really taking off in an implementation sense. This is in part due to a complete lack of support by large companies and organisations traditionally in the networking space, as alternate forms (and almost any alternate form is preferable to the status quo) of networking threaten their business model.
Technology such as Flanopticon, though largely technically and perhaps even organisationally possible today is still largely in the realm of enthusiasts: either privacy, tech or legal. This is of course where everything starts but there has been no push backed by a large scale organisation to educate the public on the workings and benefits of mesh networking and one could argue privacy technology at large.
Next Steps: Prototype
I have purchased a Raspberry Pi for the purposes of this project as well as a WiFi adapter for it. I am still coming to grips with Openwrt and its capabilities but by using Cloak I hope to mimic the behaviour and functionality that I imagined Flanopticon would have. Progress will be posted here.
Security Flaw examples from PDF courtesy of Adam Harvey.