Source: http://www.privacyworld.com/
Neighborhood Network Watch: Spies in Government Clothing?
When I was a police officer and now as a citizen, I have always been
an advocate of the neighborhood watch program. It's about communities
getting together and learning how to look out for one another's
interests. It encourages neighbors to meet and get to know one
another better and work as a team, along with the local law
enforcement agency, against burglars and other criminals. If you
notice a stranger hanging around next door when you know your neighbor
is gone, you report it to him/her and/or the police. Prominently
displayed signs warn potential intruders that the program is in
effect.
So why is it that I wasn't at all thrilled with the Neighborhood
Network Watch program that recently announced a new "community"
program called the Home Network Awareness Program (HNAP)? Check out
the website and you might get an inkling of the reason it made me
uneasy: http://www.wxpnews.com/SH7563/080429-HNAP
Let's click that "Full story" link on the first page and read the
announcement that was released last month: "Participants in HNAP would
collect sample network traffic from their own home networks as well as
samples from networks within the vicinity [emphasis added]. The
Neighborhood Network Watch will be making a set of freely available
instructions on how to capture network traffic, using the open source
packet sniffer TCPDUMP, and how to log onto nearby wireless networks
that maybe being operated by neighbors... These samples of network
traffic would then be sent to the Neighborhood Network Watch for
analysis using the latest revision of the NNWKAA."
Wait a minute. This site is encouraging you to log onto your
neighbor's wireless network (it says nothing here about obtaining
permission first), collecting data with a sniffer, and sending it to
this organization? In most states, accessing a private network
without permission is illegal, even if that network is "open"
(unencrypted).
But hey, we're not just talking about open networks here. Click the
link that says "Official HNAP Manual is Released" on the right-hand
side of the page and then download the PDF. On page 9, you'll find
tips on how to get the password to connect to an encrypted network.
Although they don't go so far as to tell you how to hack the password,
nowhere do they caution you that to do so may be a violation of the
law. Oh, but it's all in the name of preventing terrorism, so it must
be okay.
The PDF tells you that the easiest way for you to find a network to
monitor is to simply take a look at the networks that are available to
your wireless networking card, or use Wi-Fi Stumbler software (the
same software used by "war drivers") to find one. They also suggest
monitoring the networks of coffee shops, Apple stores and other local
retailers, as well as public municipal networks.
Let's take a look at the site's FAQ, particularly the last question on
the page: "Isn't this invading my privacy?" Read the answer to that
one and weep (for those who may not be able to access the page for
some reason, it's "In many ways, yes, but in a post 9-11 world the
government and most communities across the United States believe that
these sorts of measures are necessary to prevent our nation from being
attacked by ruthless terrorists").
Now I'm just as much in favor of protecting our nation from terrorists
as anyone - with my law enforcement background, probably more so than
most. But I'm not in favor of creating a society in which we're
encouraged to spy on our neighbors. That was not the intent of the
original Neighborhood Watch Program as promoted by my police
department in the 1980s and 90s. In fact, it was exactly the
opposite: looking out for your neighbors. We certainly didn't
advocate breaking into your neighbor's home and taking photos to send
to the Community Watch supervisors - but that's analogous to what the
NNW is asking you to do here.
They recommend that you collect data transmitted by ports 20, 25, 80,
110, 119, 5050 and others. This translates to the traffic generated
by web browsers, email clients, instant message clients, IRC (chat)
clients and FTP (File Transfer Protocol) clients. In other words,
they're asking you to capture your neighbors' or other users' private
email, IM and chat conversations, and send it to them.
And who are "they," anyway? If you're observant, you may have noticed
the "dhs" in the URL and assumed it stands for "Department of Homeland
Security." But if you're even more observant, you might also have
noticed that the top level domain is not ".gov" as is usually the case
with the web sites of agencies of the federal government.
Although the "History" page on the site invokes Tom Ridge and Michael
Chertoff and the PDF is emblazoned with the DHS logo, in the FAQ we're
told that the Network Neighborhood Watch is not a government agency,
but a "community based and staffed organization." It does, however,
claim to be "affiliated" with the DHS, and contains links to the DHS,
White House and other government web sites.
When I first saw it, I was amazed at the idea that the government
would openly endorse such an idea. I thought the people who came up
with this idea probably had the best of intentions. The threat of
terrorist activity is ever-present and our government's diligence can,
at least in part, be credited with preventing more attacks on American
soil subsequent to 9-11.
But there's a point at which diligence turns into something much less
benign. To those who have studied history, what's being proposed on
this site comes a little too close for comfort to the Nazis' and
Communists' practice of encouraging neighbors to spy on each other,
teaching children to spy on their parents, etc.
On the other hand, one would assume that if the site wasn't really
approved by the government, it would have been shut down. But some
research unearthed the fact that this site apparently is not exactly
what it claims to be. In fact, although you won't find the info on
the site itself, the blog of Emery Martin, the person who runs the
site, reveals that it is actually a thesis project.
http://www.wxpnews.com/SH7563/080429-Thesis
The blog states, however, that "The Neighborhood Network Watch will
operate as if it were an actual government backed entity along with
actually carrying out collections of real data and doing actual
analysis on this data to create statistical results." So what we have
here is a college student masquerading as a government approved
organization, telling people to illegally access other peoples'
networks and communications and fooling them into sending that
information to him. Yet even though he's obtaining personal
information through a fraudulent web site, most phishing filters do
not flag the site.
Many references to the site on the web show that a lot of people have
been fooled by it. They're outraged at the government for "endorsing"
such a program - which may very well have been the intent. The
Register did print an article last month that exposes the site:
http://www.wxpnews.com/SH7563/080429-Unmasked
I'm not amused. Claiming to be affiliated with the government when
you aren't is lying in my book. That Martin hides under the cloak of
an academic project doesn't make it any less dishonest. His blog
states that one of his goals is essentially to make people angry with
the government: "Since the NNW operates as if it were a government
agency it will bring to the forefront the methods and tactics used by
these bodies to disseminate fear and exercise social control." If
that's what he wants to do, he should expose real examples of real
government abuse, instead of perpetrating fraud on the public.
Thanks goes to SR, a subscriber, for the above.
Until our next issue, stay cool and remain low profile!
Privacy World |
