When Aaron Swartz Spoofed His MAC Address, It Proved He Was A Criminal; When Apple Does It, It's Good For Everyone
from the only-the-second-one-is-true dept
Whenever we write about Aaron Swartz and the criminal prosecution against him, some of our (and Aaron's) critics scream that it was "obvious" that he knew he was up to no good, because he chose to spoof his MAC address on the machine he used to download JSTOR articles. Of course, as many people explained, spoofing a MAC address isn't some crazy nefarious thing to do, and often makes a lot of sense. In fact, Apple recently announced that iOS 8 will have randomized MAC addresses to better protect people's privacy. Simply speaking: Apple is making "MAC spoofing" standard. And, as the folks over at EFF are noting, this is a very good thing for your privacy.As Cory Doctorow points out, this highlights the ridiculousness of MAC spoofing being used as evidence against Swartz, when now it's going to be a standard feature of iPhones and iPads (and, hopefully, other device makers will quickly follow suit).
This, of course, is one of the unfortunate results when you have law enforcement folks who simply don't understand much technology. People who actually understand both privacy and the ways you might approach problems you face on the internet, recognize that things like MAC spoofing are perfectly reasonable to do at times -- but such actions are twisted by law enforcement as being nefarious and dangerous because it makes it easier to "build a case" and because they don't understand how perfectly common such actions are.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: aaron swartz, ios, mac address, privacy, spoofing
Reader Comments
Subscribe: RSS
View by: Time | Thread
The context is different
[ link to this | view in chronology ]
Re: The context is different
Which is essentially what Aaron was doing. The argument is over when it's criminal to do that.
[ link to this | view in chronology ]
Context counts in criminal trials
It isn't as simple as "switching MAC addresses" is criminal when Swartz did vs "switching MAC addresses" is good when Apple does it any more than "driving" is bad when someone drives away from a bank robbery, but driving is good when Google Maps drives. The context does make a difference. And if MAC address switching had been a standard feature, enabled by default by the manufacturer, on his laptop, it wouldn't have been an issue at trial. The issue was that he specifically invoked it to get around security measures. Now, I don't think that rose to the level of criminality alleged by the publicity happy fed, nor that it necessarily was sufficient evidence that he violated the Computer Fraud and Abuse act, but it was evidence that he knew what he was doing wasn't within the way the network was designed to be accessed.
[ link to this | view in chronology ]
Re: Context counts in criminal trials
Correct me if I'm wrong...but what I'm reading into this is that if someone does something bad with a laptop, at trial, any functionality that wasn't present in the laptop at the time of its manufacture is deemed bad?
So let's say I get an old laptop that at the time of manufacture has an 802.11b/g/n wifi module. I get a USB 802.11ac device, plug it in, and use that to hack into my neighbour's 802.11ac router. Now suddenly, according to what you wrote, the fact that my laptop didn't have ac functionality at the time of manufacture is deemed bad?
[ link to this | view in chronology ]
Uh, no.
No, it isn't deemed "bad".
The the point is that if you take *specific* steps to avoid the security in place that can be used as evidence that you A) knew there was security in place B) that you took steps to avoid it, which can be used as evidence that C) you knew what you were doing was prohibited.
[ link to this | view in chronology ]
Re: Uh, no.
In other words if you always spoof your address because you are either paranoid or otherwise , and it seems with good reason nowadays, the intent element doesn't hold water. Also the onus is on the prosecution that someone in your field, doing exactly the same thing with same knowledge would NOT do that always. And as anyone in the networking or security field understands that would be pulled to shreds by any capable defense.
Oh and MAC address's aren't for the "security" purposes you are alluding that they are for.
[ link to this | view in chronology ]
Re: Uh, no.
Here, you aren't defining what security is. Not very likely, but it could very well be that the neighbour's security is the fact his router is ac (which is not very common yet), and his thinking is that since only a few people have ac wifi capability in their devices, it acts as a form of security through obscurity.
Now suddenly here I come with my laptop, I stick in my ac USB device into my laptop, and am able to access the neighbour's router (let's say he's stupid enough to not have a password). Using your reasoning from above, I took a specific step to avoid his security (using an ac device), I knew the ac 'security' was there, thus this then means that anyone using an 802.11ac USB device has done something illegal.
Which is the problem with the mac address spoofing that is being focused on. Something that millions of IT professionals do on a regular basis, which is a basic concept (spoofing MAC address/using an ac wifi device) becomes determined bad by the court.
[ link to this | view in chronology ]
Re: Uh, no.
1. You've taken a big step back, from "criminal" to "prohibited".
2. Step B seems superfluous; whether I know that something is prohibited or not does not depend on whether I'm doing it.
3. It's extremely weak evidence in any case.
[ link to this | view in chronology ]
Re: Uh, no.
Like the *specific* step of choosing to use a device running iOS 8. It's not like there aren't other devices. So, usage of iOS 8 can be used as evidence that you A) knew there was security in place B) that you took steps to avoid it, which can be used as evidence that C) you knew what you were doing was prohibited.
Yeah, I see how that works.
[ link to this | view in chronology ]
Re: Context counts in criminal trials
I don't doubt it, but it's a strange world when "default option" Is what it takes to avoid prosecution.
[ link to this | view in chronology ]
Re: Context counts in criminal trials
An ability to edit the MAC address is standard in most network utilities on Linux systems.
[ link to this | view in chronology ]
Re: Re: Context counts in criminal trials
The ability to edit the MAC address is REQUIRED for some protocols. There was a now-defunct protocol which changed the MAC address to identify the node (forgot which one it was); but there are also some modern router redundancy protocols like VRRP which share a MAC address between two (or more) routers (or hosts).
So, yeah, MAC address switching is a standard feature.
[ link to this | view in chronology ]
Re: now-defunct protocol which changed the MAC address to identify the node
[ link to this | view in chronology ]
Re: Re: Context counts in criminal trials
[ link to this | view in chronology ]
Re: Re: Re: Context counts in criminal trials
Of course, they'll probably argue that simply knowing where these things are and editing them constitutes hacking, even if the OS allows you to do it with no further work from yourself...
[ link to this | view in chronology ]
Re: Re: Re: Re: Context counts in criminal trials
[ link to this | view in chronology ]
Re: Context counts in criminal trials
[ link to this | view in chronology ]
Re: Re: Context counts in criminal trials
Entering stolen passwords (not that Swartz did that) would be utilizing a "standard feature" without writing any code, too. Yet doing so would be evidence of hacking. *Context* matters. Changing MAC addresses isn't inherently criminal, but if you can show that it was specifically done to avoid network security measures (and I'm using that in the broad sense) then it can be evidence that the person doing that knew they were doing something they weren't supposed to be doing on the network.
[ link to this | view in chronology ]
Re: Re: Re: Context counts in criminal trials
There is nothing about a MAC address not working on a network that indicates a security reason, its just not working. The fact that changing a MAC address is as easy as it is, would indicate that a MAC address blocking is not be a security measure.
[ link to this | view in chronology ]
Re: Context counts in criminal trials
If he took steps to circumvent barriers, and those steps were of themselves criminal, then those actions were themselves criminal, not evidence about something else.
If those steps were not criminal in and of themselves, then I don't see how taking them was evidence of anything except ingenuity (which, I'll grant you, is being slowly criminalized).
[ link to this | view in chronology ]
Re: Context counts in criminal trials
But, when I accidentally scratch my watch and try to get a refund, or sell it, it is illegal.
---
When my garage door opener stops working, and I need a new one, and I go to a competitor for a replacement door (or Arduino)... that is DRM...and illegal?
------
No, I disagree. This is called innovation and progress...and DRM is flawed.
[ link to this | view in chronology ]
Re: Context counts in criminal trials
[ link to this | view in chronology ]
Re: Re: The context is different
[ link to this | view in chronology ]
Re: Re: The context is different
There's a large difference between doing it on a private network to get around (weak) security and rotating what you present to random public access points.
[ link to this | view in chronology ]
Re: Re: Re: The context is different
going to the store, and buying a product where it says "Limit 2";
putting on sunglasses, and doing it again
putting on a hat, and doing it again
[ link to this | view in chronology ]
Re: The context is different
Nope, disagree completely. Network admins were tracking and blocking Aaron by MAC address.
Apple rotates MAC addresses to prevent tracking, a PREREQUISITE to blocking.
It's exactly the same thing.
[ link to this | view in chronology ]
Re: Re: The context is different
[ link to this | view in chronology ]
Re: Re: Re: The context is different
The only thing different is he change his MAC address and attempted to download a lot of works at once via a high speed connection that he shouldn't have used.
[ link to this | view in chronology ]
Re: Re: Re: Re: The context is different
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: The context is different
What Aaron did, he was AUTHORIZED to do on a smaller scale. He had access to the system and was allowed to download the documents, but the system was designed to limit how many of them he could really get for a given time period (I don't remember the specifics). He noticed that the system determined the limit based on the MAC address that was accessing it and he worked around that limit by rotating his MAC address.
This technical measure was, in fact, a violation of the TOS, but seems hardly worthy of prosecution for hacking.
[ link to this | view in chronology ]
I hope this is just the beginning and Apple will eventually use random addresses all the time. There are 46 randomized bits, so collisions won't be a problem until there are several million devices in the broadcast domain (and then you'll have bigger problems than address collisions).
[ link to this | view in chronology ]
Re:
Actually that's not quite correct. Vendors are supposed to use specifically unique addresses per device, but of course this has long been forgotten. I've run across several instances with specifically an HP laptop and HP Desktop using the same address and crashed a vlan, as well as two Linksys routers having the same MAC Address and take out a satellite link. Most network admins in large campus situations have experienced the same, I'm sure of it. And if you've ever run VMware ESXi, remember to change your vCenter ID per node....
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
as the first comment days t
[ link to this | view in chronology ]
Prosecutor Spoofing
Sure, in reality the Justice Department's prosecutor swear to uphold the law and the Constitution, base their actions on ethics, rationality and blah blah blah.
But just like "MAC spoofing is perfectly reasonable to do at times" - making your device appear like an entirely different device - it's perfectly reasonable for the country's Justice Department to appear to be from an entirely different country.
And so Aaron Swartz and others often get a what appears to be a Justice Department that appears to be from a totalitarian dictatorship. One which also which also leaves the wealthy and those in the secret police untouched.
Because prosecution is so much easier when you have the power to leave the accused wondering what country they're in.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
My favorite so far is similar to the Comfy Chair torture in Monty Python's "Spanish Inquisition" sketch, but in a "Tron" setting, and with Vincent Price if at all possible.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Even with mac spoofing, they can still track you
The collection of named wifi networks you've connected to more accurately identifies you than your mac address does, so mac spoofing does very little for that. Target uses this wifi-beacon approach, and probably does that to aggregate members of a household together.
Now, if Apple would let you delete saved info for wifis you've connected to in the past *even when you're not currently connected to them*, that would be useful.
[ link to this | view in chronology ]
Re: Even with mac spoofing, they can still track you
Does it really do that? If it's like Android (and I'd guess it is), it'll only sends these probe requests if you added the network by its name (that is, it was a "hidden SSID" network) instead of choosing the network from the list of visible networks.
One more reason to never hide your SSID, by the way.
If you want to take a look, Wireshark has a mode where it captures raw 802.11 packets. It's very instructive to look at the beacons and probe requests around you. Turn on your phone's wifi while sniffing and you'll see the probe requests.
[ link to this | view in chronology ]
Re: Re: Even with mac spoofing, they can still track you
[ link to this | view in chronology ]
Good
[ link to this | view in chronology ]
[ link to this | view in chronology ]
A Neat Trick
Similarly, MAC spoofing is something that sounds nefarious, because of the word "spoof", but is really just a way to get some privacy, or to get services on a second device that were provisioned for your first device.
Some people just don't understand the use of jargon inside of a trade or community. These same people would think card players are cheating at Gin when they win a "trick", or that they are The Donald when they play a "Trump" card.
[ link to this | view in chronology ]
It's not just privacy issues
But there is an easy way around this problem. Spoofing your MAC address (and re-logging in) before starting a new download resets this clock, thereby giving you the full uninterrupted period that the "gatekeeper" software allows.
[ link to this | view in chronology ]
Not really a good argument that spoofing is innocent.
Your advice may be practical and expedient, but it is an example that is in line with what Swartz was doing, knowingly working around deliberate limitations of the network.
[ link to this | view in chronology ]
Re: really a good argument that spoofing is innocent.
[ link to this | view in chronology ]
Right...
/s
[ link to this | view in chronology ]
Re: Right...
[ link to this | view in chronology ]
Re: Re: Right...
[ link to this | view in chronology ]
Re: Re: Re: Right...
P.S. Sorry to take so long replying-- I didn't check this thread for replies because I honestly didn't think you'd keep at it.
[ link to this | view in chronology ]
Different laws for different folks.
[ link to this | view in chronology ]
Putting it into Context
[ link to this | view in chronology ]
Is hiring a lawyer when asked to speak to police? Of course not, but some police (maybe most) would wonder why you would need a lawyer if you were not guilty?
Things can be legal or illegal depending on context. A cop carrying a gun isn't illegal, but a NJ cop was charged with unlawful possession of a handgun (her service revolver) when she got drunk and emptied it out into someones car.
[ link to this | view in chronology ]
NO NO NO NO NO Apple Devs!!! NO! BAD DEVS!
[ link to this | view in chronology ]
[ link to this | view in chronology ]