Paper Suggests Letting The Government Use Your Router In An Emergency

from the not-as-crazy-as-it-sounds dept

Jon Brodkin, over at Ars Technica, has an interesting discussion about a paper from some researchers suggesting that we could augment first responder communications efforts by letting them make use of the public's WiFi routers. Basically, if I understand the proposal correctly, if turned on, it would make use of your router to try to form an ad hoc mesh network with other, similar routers in the area that, in theory would only be used by those public safety first responders. It's no secret that there are efforts underway to make sure that emergency personnel have better access to communications spectrum, and this is, at the very least, a creative way of attacking the problem.

The theory is that this doesn't impinge on anyone's security, because it would effectively carve out a separate service on the router, not unlike home WiFi routers that offer up different logins for residents and "guests." Of course, theory and reality aren't always one and the same, and Brodkin reached out to Bruce Schneier who raised his concerns:
“The problems are the same,” Schneier told Ars. “Once you build such a system, you have to build the security to ensure that only the good guys use it. And that's not an easy task. It is far more secure not to have the capabilities in the first place.”
That said, if such a system were purely voluntary, and individuals were able to offer up such connectivity for first responders (or even for anyone else), would that necessarily be so bad? I've been skeptical in the past of attempts to create truly comprehensive mesh networks building on people's home WiFi routers, and there hasn't been much success there. But, perhaps there's something interesting in special use cases, such as one involving first responders. I agree with Schneier that there could be some risks, but I'm not sure how they would be much different than running a basic guest access WiFi network that doesn't involve a password. As long as you're not using that network for sensitive and unencrypted info, it seems like a similar level of risk.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: first responders, government, mesh networks, privacy, routers, security, sharing


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 28 Aug 2012 @ 3:47am

    Seems like a pretty good idea to me.

    The only downside I could see is the potential for someone to hi-jack the system to direct emergency services incorrectly (to waste resources or even delay aid). Even that would be difficult/impractical if the system were only in use for full blown emergencies.

    link to this | view in chronology ]

    • icon
      Andrew (profile), 28 Aug 2012 @ 4:17am

      Re:

      Another downside is that a first responder (or someone pretending to be a first responder) would use it to download a film and then you'd get sued. But, other than that, I like the guest access / mesh idea generally, and this is an interesting extension.

      link to this | view in chronology ]

      • identicon
        abc gum, 28 Aug 2012 @ 4:57am

        Re: Re:

        I doubt the **AA would cut the victims any slack, tens of thousands per song and much more for a movie.

        This looks more like an excuse than an honest proposal. How hard is it to solve the problem and how is this the best solution?

        link to this | view in chronology ]

    • icon
      John Fenderson (profile), 28 Aug 2012 @ 8:44am

      Re:

      Another downside is that the emergency access could be leveraged to gain access to your private home network, and result in a means by which hackers could attack.

      Of course, that's true when you're running a WAP right now anyway, so perhaps the risk isn't much greater.

      link to this | view in chronology ]

  • icon
    AG Wright (profile), 28 Aug 2012 @ 4:06am

    Can't imagine it working

    First, within days of this being implemented someone would publish an exploit to take advantage of this.
    Second someone would make use of it to distribute some porn or malware and then it would make the old routers unstable.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Aug 2012 @ 4:29am

    and as this is not a good idea, you can bet your bottom dollar that senators will be queuing up to propose this goes forward into law as soon as possible, with the usual 'whatever goes wrong, the tech guys will be able to fix it'! fucking morons!!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Aug 2012 @ 4:40am

    802.11u

    The 802.11u standard has provision for both emergency services (providing access for emergency responders) and emergency alerts (like the U.S. national public warning system). It is also used by Wi-Fi Alliance's "Hotspot 2.0".

    It is not like a normal "open" guest network. It is more like Hotspot 2.0 (no surprise, since both use the same standard). I did not find it on a quick read of the 802.11u standard, but the emergency responders would probably be authenticated by a remote server via EAP-TLS, be restricted to accessing a few specific networks, or both.

    The 802.11u standard also has provisions for an emergency alert service, similar to the U.S. national public warning system.

    link to this | view in chronology ]

  • icon
    Richard (profile), 28 Aug 2012 @ 4:55am

    Schneier

    He works for BT doesn't he?

    BT already has a system whereby any BT ISP user can user any other user's wifi via their home login - Surely Schneier would have been consulted about this one.

    Is this also the same Bruce Schneier who keeps (kept until recently?) his home wifi open to anyone?

    link to this | view in chronology ]

  • icon
    Dan (profile), 28 Aug 2012 @ 5:00am

    Who are the 'bad guys' again?

    “Once you build such a system, you have to build the security to ensure that only the good guys use it."

    And who are the bad guys again? Oh right, the bad guys are those people that download illegal content through an unsecured wi-fi connection. We certainly can't let those public service connections happen. We can't upset the MAFIAA, can we? Not for something as mundane as emergency services.

    link to this | view in chronology ]

    • icon
      Brent Ashley (profile), 28 Aug 2012 @ 5:55am

      Re: Who are the 'bad guys' again?

      And who are the good guys again? Oh right, the Department of Homeland Security. Or perhaps the fine folks at RIAA and MPAA will be bestowed emergency powers themselves when the threat level reaches vermilion due to the rising tide of copyrighterrism.

      link to this | view in chronology ]

    • icon
      Wally (profile), 28 Aug 2012 @ 6:01am

      Re: Who are the 'bad guys' again?

      In the case of first responders, you can set up a Wireless router in the 5GHz spectrum to allocate bandwidth and separate radio frequencies so they can utilize them freely without worrying about people pretending to be them.

      So as public WiFi guest accounts idea fails, we still have ways to set the router to allow them specific access.

      link to this | view in chronology ]

      • icon
        Dan (profile), 28 Aug 2012 @ 7:15am

        Re: Re: Who are the 'bad guys' again?

        I think rather than go through all this 'hoop jumping' it may be better to redefine 'bad guys'. I'm not so sure about "So as public WiFi guest accounts idea fails". Do I really have someone that WANTS to break into my router to perform malicious action rather then just mooch off my internet?

        I'm sure there are some, but the vast majority are the latter case. But to the MAFIAA one use is no [criminally] different then the other, hence my point. They're the only thing really standing in the way of a general government statement of position that we can leave our wifi open and not be held personally liable for civil misuse.

        link to this | view in chronology ]

  • icon
    Bt Garner (profile), 28 Aug 2012 @ 5:04am

    Wait a second ...

    On the surface, this sounds like a good use of technology, but then you have to realize, in a time of public emergency, what happens to the power that those routers need? Yeah, electricity is generally one of the first services lost.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Aug 2012 @ 6:39am

      Re: Wait a second ...

      I don't see WiFi coverage being consistent enough to make this practical and I think there are other potential problems.

      Scenario 1: Disaster happens, a child dies, and emergency communications fail because the nearest router (yours) doesn't support the feature or you chose to disable it (It's voluntary, remember?). Parents of the dead child sue you, the owner of the router. You might prevail, but it would suck to be you.

      Scenario 2: same as above, but rather than suing, the parents instead lobby Congress that a law is required, in the child's name of course, to make the Emergency Communication feature mandatory on all routers so this tragedy "will never happens again" (Think of the Children, Key to the Constitution, and all that). This would make all non-compliant routers illegal.

      If home router manufacturers begin providing the capability to support Emergency Responders I see the probability of both scenarios occuring. I see Scenario 2 being more likely after a large disaster or if several children are affected.

      If the general public is to provide and support any Emergency Response communications I see potential problems without strict liability protections in place.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Aug 2012 @ 7:07am

      Re: Wait a second ...

      This solution certainly doesn't meet the standards of reliability in every situation, but public emergencies take many forms.

      For example, a fire at a transformer recycling plant is unlikely to cause any power outage, but is certainly an emergency.

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 28 Aug 2012 @ 8:48am

      Re: Wait a second ...

      I have my broadband equipment and WAP plugged into a UPS that can run it for a couple of days if the power goes out. Doesn't everybody?

      link to this | view in chronology ]

  • icon
    meddle (profile), 28 Aug 2012 @ 5:18am

    I'll look at their proposal. As long they get rid of all the taxes on my connection and it does not compromise security, I'm in. I don't think people are lining up to download porn when the neighbor's house is on fire, but if they do I will be able to show the log that says my connection was preempted.

    link to this | view in chronology ]

  • icon
    Wally (profile), 28 Aug 2012 @ 5:33am

    Setting Up

    "But, perhaps there's something interesting in special use cases, such as one involving first responders. I agree with Schneier that there could be some risks, but I'm not sure how they would be much different than running a basic guest access WiFi network that doesn't involve a password. As long as you're not using that network for sensitive and unencrypted info, it seems like a similar level of risk."

    I think I have a solution to the issue of someone using your network outside your house. You can allow them to set your router to assign specific MAC addresses to access your network as they pass by. That way it automatically connects the first responders.
    The first responders would have a totally different network space and only would be allowed guest access.

    There are two things I see that would concern me. Viruses getting into the network from the people running them. The other is people being able to hack police records.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 28 Aug 2012 @ 8:53am

      Re: Setting Up

      You can allow them to set your router to assign specific MAC addresses to access your network as they pass by.


      But you'd have to know the MAC addresses they use in advance.

      Personally, I run my wifi open anyway, specifically so that random strangers can use my internet feed, but have a fancy firewall to segregate that traffic out from my personal LAN traffic (and to let me blacklist machines if needed).

      Viruses getting into the network from the people running them.


      If you set this up right (it's not hard), then this can't happen as you won't be sharing traffic between the public and private sides at all.

      The other is people being able to hack police records.


      That's an interesting thought...

      link to this | view in chronology ]

  • identicon
    me, 28 Aug 2012 @ 5:42am

    I don't see the point

    Why not just give away a separate device to anyone who will take one that does nothing but emergency mesh networking? One that can't communicate with my wireless router .... give it to me and ask me to plug it in in a corner of my living room and forget about -- happy to do that for the good of the community.

    link to this | view in chronology ]

    • icon
      Wally (profile), 28 Aug 2012 @ 5:54am

      Re: I don't see the point

      You make a very good point as well as to why there is a point. The only real place I can see this working is in small towns and cities like Mount Vernon, Ohio. Franklyn County, Ohio has a public WiFi network meshed throughout various majorly populated areas, especially in down town Columbus.

      Can we agree that maybe it be a good idea for small towns and cities , but not largely populated areas, to have people living in the town to mesh the network?

      link to this | view in chronology ]

      • icon
        meddle (profile), 28 Aug 2012 @ 6:31am

        Re: Re: I don't see the point

        Why not large cities? Wouldn't that work even better? If it is the number of devices, Couldn't a device go into standby if it senses too many other ones in it's range? Wouldn't you be able to use some sort of spanning tree to avoid circuitous routing? One of these device in every apartment and business in NYC, each with a battery to last between six and 24 hours, and you would have an awesome network.

        link to this | view in chronology ]

        • icon
          Wally (profile), 28 Aug 2012 @ 6:54am

          Re: Re: Re: I don't see the point

          meddle, you raise an excellent point which I completely missed. Bare with me, I just had an excellent thought.

          It is absolutely a great idea. It is the same for Columbus as well now that I think of it. You nailed it completely with

          "One of these device in every apartment and business in NYC, each with a battery to last between six and 24 hours, and you would have an awesome network."

          You are right. Some major cities technically already have it. Now the problem lays within small rural cities or towns. The logistics could turn out to be a nightmare for setting it up for residents in small towns. But you do raise a good point.

          link to this | view in chronology ]

        • icon
          PlagueSD (profile), 28 Aug 2012 @ 8:49am

          Re: Re: Re: I don't see the point

          Large cities already have mobile network coverage...It's called the cellular network (for cell phones) They already have the infrastructure set up. Small towns on the other hand have very unreliable cell coverage.

          I kind of agree with meddle. Having a battery-backup powered router in the town hall and maybe a few businesses around the area to help cover the cell network's dead zones seems to be the best idea. With most ISP's now considering download limits, I'm in no way even considering opening my wifi network for "guest" access.

          link to this | view in chronology ]

    • icon
      Jeremy Lyman (profile), 28 Aug 2012 @ 6:45am

      Re: I don't see the point

      I could understand no wanting to necessitate the manufacture and distribution of devices, they're probably banking on leveraging existing property to cut costs.

      But the part I like best about your proposal is that participation is optional. I would also gladly opt to enable a feature like this on my router, provided I could weigh the pros and cons of doing so. But to have a back-door forced on me by the government seems unacceptable.

      I may not like it, but my car may be commandeered in an emergency. That is different than preparing in advance for the action by distributing copies of my key to all emergency personnel. The latter effects my security, the operation of my property, and exposes me to more potential abuse of power.

      link to this | view in chronology ]

    • icon
      Jeremy Lyman (profile), 28 Aug 2012 @ 6:49am

      Re: I don't see the point

      I could understand no wanting to necessitate the manufacture and distribution of devices, they're probably banking on leveraging existing property to cut costs.

      But the part I like best about your proposal is that participation is optional. I would also gladly opt to enable a feature like this on my router, provided I could weigh the pros and cons of doing so. But to have a back-door forced on me by the government seems unacceptable.

      I may not like it, but my car may be commandeered in an emergency. That is different than preparing in advance for the action by distributing copies of my key to all emergency personnel. The latter effects my security, the operation of my property, and exposes me to more potential abuse of power.

      link to this | view in chronology ]

  • identicon
    joenonymous, 28 Aug 2012 @ 6:29am

    What problem are we trying to solve?

    link to this | view in chronology ]

    • icon
      Jeremy Lyman (profile), 28 Aug 2012 @ 6:53am

      Re:

      You'll never win a congressional seat asking questions like that.

      link to this | view in chronology ]

    • icon
      Wally (profile), 28 Aug 2012 @ 6:57am

      Re:

      How to set up a makeshift WiFi network dedicated to emergency services using private home or household networks as a mesh.

      Glad to help :-)

      link to this | view in chronology ]

    • icon
      art guerrilla (profile), 28 Aug 2012 @ 8:04am

      Re:

      1. how to destroy the HAM, CB, walkie-talkie, radio communities ? ? ?
      (they must be infringin' or sumpin'! ! !)
      2. um, don't 'emergency responders' already have these new-fangled wireless-radio thingies ? ? ? *what* is wrong with them ?
      3. again, as many posters have pointed out: 90% of the 'disasters' we have are where the power goes out (kinda what makes a disaster a disaster); what will this do ?
      am i supposed to hook up my little hand-cranked generator radio to power my router ?
      4. further, as others have said, don't trust either the gummint (or their overpaid subcontractors) to 'do this right', and only think they will make my system LESS secure, and MORE vulnerable...
      DO.NOT.TRUST.THE.BASTARDS.
      art guerrilla
      aka ann archy
      eof

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Aug 2012 @ 6:31am

    The government is big enough and spending wastefully already. It doesn't need this.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Aug 2012 @ 6:32am

    And it would abuse this system, regardless--just like they do with so many other things (NSA, anyone?)

    link to this | view in chronology ]

  • identicon
    PBC, 28 Aug 2012 @ 6:56am

    Can't they already do this?

    Don't routers have that fun FCC sticker that everything (TI-83 calculator inclusive) that says

    1. This device cannot be rigged to cause harmful interferance
    2. This device must accept any harmful intereferance, even if it causes undesired operation

    I figured that was the government catch-all "I need to appropriate your electrons for a minute" coverage.

    link to this | view in chronology ]

    • icon
      Jeremy Lyman (profile), 28 Aug 2012 @ 7:14am

      Re: Can't they already do this?

      I think that has more to do with operating on unlicensed spectrum than intentional coercion of the device.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Aug 2012 @ 7:14am

    This is no Joke; this type of mesh networking is absolutely needed.

    Here in the USA, we no longer have a government 'of the people, for the people and by the people'. We have a government that is trying as hard as possible to suppress our freedoms and to limit our constitutional rights.

    When the revolution comes and the people of the United States try to take back the government and restore our constitutional rights, the first thing to go will be communications.

    The administration will use 'emergency powers' to cut off all traditional, cell phone and internet communication. At that point, a mesh network will allow 'we the people' to communicate and organize an effort to restore our constitutional rights. If using the excuse of 'emergency responders' to get the mesh network up and running works, then I’m all for it.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Aug 2012 @ 7:20am

    Yeah, because they wouldn't ever abuse it.

    link to this | view in chronology ]

  • identicon
    Lord Binky, 28 Aug 2012 @ 8:30am

    Um, what was wrong with people being nice and leaving guest/open wifi ? Oh yeah, the government wanted everyone to think that was immoral and damn near a crime in itself. But now they want access again? I think no.

    link to this | view in chronology ]

  • identicon
    Caey, 28 Aug 2012 @ 8:46am

    No....

    How long would it take for this to be cracked? A couple days? Maybe? Nothing is totally secure, this included.

    Would they reimburse people on data caps? Sorry there is an emergency, but ever since some companies started charging $10 per GB overages, I think people better be reimbursed.

    And of course there is the untrustworthy government issues.

    link to this | view in chronology ]

  • icon
    Beta (profile), 28 Aug 2012 @ 9:10am

    not as bad as police, but still...

    If I can be held legally liable for everything that goes through my router, I do not want to hand the keys to my router to every fireman in town.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Aug 2012 @ 9:49am

    Won't happen.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Aug 2012 @ 10:01am

    For every good guy using it there will be most likely be about 5 bad guys abusing it.

    If it can be made it can be hacked.

    link to this | view in chronology ]

  • icon
    cosmicrat (profile), 28 Aug 2012 @ 10:13am

    A prelude to further intrusion

    First of all, I support the general concept, and if we lived in a world where federal agencies respected the spirit of the constitution more than the desires of corporations and their ***AA lackeys I would probably support he specific proposal.

    But I'm afraid it is a prelude to building in access for any agency with any vaguely defined national security/cyberthreat/copyright infringement etc. etc. agenda. In other words I'm afraid it will be expanded and abused, and I'm speaking more from a public policy and legal perspective, although the technical and hardware aspects are also relevant.

    link to this | view in chronology ]

  • identicon
    Simon, 28 Aug 2012 @ 12:44pm

    Pay me...

    The thought of this being imposed on anyone is worrying and would be a hackers dream if they could break into that part of your router to do any number of things that would ultimately have *your* fingerprints on it.

    That said, if my city offered me amnesty on that portion of my router and some form of relief on my yearly property tax then I'd happy install whatever router mod they had (obviously I'd install another router for myself).

    Actually, would make more sense if they simply gave me a generic router than I plug into my network but I can't access — I would still want amnesty on whatever the hell goes through it though.

    link to this | view in chronology ]

  • icon
    Gerald Robinson (profile), 29 Aug 2012 @ 9:56am

    First responder WiFi

    While this sound like a good idea it is a really bad idea. I am currently with a Fire Department and as an EMT for 20+ years. Today we are being required to upgrade our communications to a very expensive digital system. We don't have the funds to add some other WiFi thing nor could it really be of use given our training constraints. Most of our folks are volunteers and we need to train on Urban Interface fires like the recent Waldo Canyon fire, HAZMAT etc. not on an obscure alternate communications method.

    The big question that is unanswered is how do we know to switch to it? With our that it is useless at best and at worst will get someone killed.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.