Consider your typical day. You wake up and, before leaving the house, put a smartphone in your pocket, briefcase, or purse. You drive downtown and park before grabbing coffee at the corner shop; then you walk into work.
How did I know that? Every few seconds, your smartphone (or any other WiFi-enabled device that’s on—your tablet, for instance) sends out a message. It’s a simple message, called a probe request. The message is the digital equivalent of the following:
“Hi! My name is Brendan O’Connor’s iPhone. I’m looking for WiFi to connect to. I’ve connected to Brendan’s Home WiFi, LocalCoffeeShop, BigLawWiFi, CompetitorWiFi, ClientWiFi, LocalRestaurantWiFi, SecretClientWiFi, BookstoreWiFi, GirlfriendWiFi, LocalCourtWiFi, and BigGymChainWiFi. Are any of those around?”
It does this for a few apparently rational reasons. When you get home, it’s nice to have your phone automatically connect to WiFi there so it can run software updates, check e-mail, or generally be ready for your next command. Another reason is battery life; a device uses so much less power on WiFi than on cellular data services that it saves hours, or even days, of battery life to search for WiFi and use it where possible. It’s also part of the WiFi specification (IEEE 802.11, for the curious).
The concern is how much data is sent in each request. This data includes the name of every previously connected network (sometimes called your “Preferred Network List,” and difficult or impossible to edit on most mobile devices), the phone’s identifier (which, for many people, includes their real name), and a hardware unique identifier (called a MAC address, with no relation to any Apple product). By the way, this all happens even if the device is already connected to WiFi, and even if the WiFi is encrypted. These probes are always sent in plain text.
Anyone can monitor these probe requests; it requires neither specialized hardware nor software (despite the Ninth Circuit’s ruling in Joffe v. Google, No. 11-17483, 9th Cir. 2013). Just as your ears have to monitor a room to listen for someone calling your name, your WiFi adapter has to listen to the radio to hear when it’s receiving new data. WiFi, in other words, is not a “wire” to “tap”; it’s a crowded room with hundreds of devices screaming their heads off at all times, and free software can easily listen in.
Back to your hypothetical day. You sent all this data to anyone within 100 meters or so when you ran out for coffee. Because your phone is continually broadcasting, I can track your location throughout a city, just by listening for your phone (and its MAC address); if I throw a few sensors around a city, I can store and map your movement. I don’t need a lot of hardware to do so; the parts for each sensor cost just over $50, so I can track the largest part of a city’s downtown area for about $500. Even better, these collectors don’t need to be targeted to one person; the collectors can instead track every device that wanders by, and I can see later which ones do something interesting. This is the type of detailed, broad-spectrum data collection that people often think is confined to nation-state level intelligence agencies—but it’s available on your own laptop, for free.
Worse, applications you run—on your phone, laptop, etc.—routinely leak huge amounts of data, whether through lack of attention to detail or simply not thinking the data is private. These “shards” of identity—each tiny sliver from each app—combine with your location data to form a very complete picture of who you are.
Your coffee shop might be relatively trustworthy. What about every other place you’ve ever been? When you bring your phone to opposing counsel’s office for a deposition, are you sure that their system doesn’t log your list of previous networks—including, perhaps, the WiFi network names of your other clients or possible witnesses? If you practice criminal or family law, think about tracking every cell phone that goes to a jail, mental health agency, public defender’s firm, abortion clinic, gun shop, or crime scene—is it possible that someone might find that data useful? Remember that an attacker doesn’t have to know whose phone it is to record its location; an identity accidentally broadcast at a coffee shop can later be cross-referenced with its historical locations. One leak might be all it takes.
In addition, researchers have found that the more past WiFi networks people have in common in their probe requests, the more likely they are to know each other in “real life.” Those who look for someone’s association with “known bad influences” might use this information in unintended ways (“Signals from the Crowd: Uncovering Social Relationships through Smartphone Probes,” Marco V. Barbera, Alessandro Epasto, Alessandro Mei, Vasile C. Perta, and Julinda Stefa, Proceedings of the 2013 Internet Measurement Conference, conferences.sigcomm.org/imc/2013/papers/imc148-barberaSP106.pdf).
Confidentiality might thus go accidentally out the window, through an attorney’s phone’s side effect. Worse, privilege might go as well: A client’s continuous broadcast of sensitive information could be held to be an inadvertent waiver.
There is no simple solution to this problem. Modern attorneys cannot give up their electronics because they enable them to be more efficient with client time. The standard list of solutions—using secured WiFi, using a Virtual Private Network (VPN) to protect data in public, etc.—doesn’t solve the data leakage I’ve mentioned.
There are some mitigations: Turn off your WiFi completely when it’s not being used, don’t connect—ever—to open WiFi, and clear out the lists of old “preferred” networks (on iOS, “Reset Network Settings”). These don’t solve the underlying problem, but they do make it somewhat harder to do serious damage to confidentiality via your phone. The phones of colleagues and clients, of course, remain unprotected.
Ultimately, the solution is a cultural one. The burden falls on those who would preserve secrecy to do the work of protecting it, and that means disabling WiFi, educating clients, continuously checking for problems—and deleting unnecessary data wherever it lives, as well as refraining from collecting it in the first place. It’s a lot of hard work—but we must strive to quiet not just our voices, but those of the devices that control our world. Continuous vigilance is the only way we will be able to protect the idea that the legal profession is one that knows how to keep a secret.
More information on the underlying research, entitled “CreepyDOL” and presented at the Black Hat USA and DEF CON conferences, can be found at the author’s blog: blog.ussjoin.com/2013/08/creepydol.html.
ABA Section of Science and Technology Law
This article is an abridged and edited version of one that originally appeared on page 26 of The SciTech Lawyer, Winter 2014 (10:1).
For more information or to obtain a copy of the periodical in which the full article appears, please visit thescitechlawyer.com or call the ABA Service Center at 800/285-2221.
PERIODICALS: The SciTech Lawyer, quarterly magazine; Jurimetrics, quarterly scholarly journal; SciTech E-Merging News, quarterly electronic newsletter featuring up-to-date substantive practice perspectives and news on Section activities.
CLE AND OTHER PROGRAMS: The Section offers a variety of CLE and learning opportunities through webinars and in-person sessions throughout the year.
RECENT BOOKS: Bioinformatics Law; Health Care IT; Legal Guide to Botnet Research; Legal Guide to Cybersecurity Research; Legal Guide to Enterprise Mobile Device Management; Scientific Evidence Review; The Laws of Spaceflight.