Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2016
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Professor, Baker & McKenzie Cyberspace Law & Policy Centre, University of N.S.W.
Visiting Fellow, Department of Computer Science, Australian National University
This is an enhanced version of notes originally prepared for the Information Privacy + M-Commerce Symposium, Queen's University, Kingston Ontario, 31 May 2003
Version of 18 October 2003
© Xamax Consultancy Pty Ltd, 2003
This document is at http://www.rogerclarke.com/EC/WMT.html
The Internet explosion that commenced in 1993 has been referred to as 'the wired revolution', because it enabled millions of people to connect their own devices to other distant devices, and hence with one another. The term 'wired' was intended to imply 'hip' and 'the height of fashion', but it actually reflected the fact that these new facilities depended on each device being physically connected to a network, by means of a cable or 'wire'.
During the last few years of the last century, technologies were deployed which made it increasingly feasible for large numbers of devices to be 'connected' without being 'connected'. That is to say that data did not necessarily have to be transmitted over physical cables, utilising variations in micro-voltages or photons of light. It was possible to instead transmit data using electromagnetic phenomena. The measure of 'hipness' suddenly flipped to going 'wireless', or 'unwired'.
Corporate strategists have been excitedly examining the scope for wireless technologies. A great deal of their focus has been on the concept of 'mobile computing', and its derivatives such as 'pervasive computing', 'ubiquitous computing' and 'mobile commerce'. The policy-oriented disciplines have also been studying these phenomena, and seeking to divine their significance.
Business and policy discussions of wireless and mobile technologies have several things in common. One is inherent excitement, and hence publishability. Another, unfortunately, is inherent exciteability. Far too many documents make glib assumptions about the technologies. All too often, the authors' grasp of the technologies is deficient, they swallow the hype perpretrated by their predecessors, they make unwarranted assumptions, their analysis of technological opportunities and threats is flawed, they misrepresent the future, and they pass on the defective meme.
Careful technology assessments should always start with a coherent, comprehensive and sufficiently deep description of the technologies in question. Analysts need to demonstrate that they have informed themselves about the relevant technologies in sufficient depth that they can be confident about their assessments of the technologies' potential applications, impacts and implications.
The purpose of this document is to provide a non-technical overview of wireless data transmission technologies that support mobility of devices and their uses, and to thereby establish a foundation for strategic and policy analyses, both by the author and by anyone else who cares to exploit it. It was originally drafted as an early section of an uncompleted paper on 'M-Commerce and Privacy', which was invited for a conference in Kingston Ontario in May 2003. It has been subsequently extended. Because of that context, the orientation is more towards policy than corporate strategic analysis, but is is readily applicable to alternative purposes.
The set of technologies focussed on are 'wireless', in the sense that data transmission is by means of a signal that uses some part of the elecromagnetic spectrum, without the need for the transmitting/receiving device to have a physical connection to any other device.
In some cases the signal is directed by means of a narrow beam. In most cases, however, the signal is 'broadcast', that is to say that it can be received across an area, rather than only being receivable in one specific location or by one specific device.
A device may use wireless technology to send data, to receive data, or to do both. During transmission, the device may need to be relatively still, or confined to a small area. Alternatively, it may be able to move, and even to move at considerable speed, during the act of communication. In some cases, it is imperative that the device moves at speed, because its operation depends on current induced by the transit of a coil that it contains through a magnetic field created by some nearby, static device.
There are many technologies that enable wireless transmission, and they have widely varying characteristics. The following sub-sections provide a brief overview of them, classified according to one particular characteristic: the size of the zone over which they operate.
Signals can be transmitted between satellites and devices on Earth. See, for example, Elbert (1999). The beam may be narrow, which saves energy and reduces the scope for interception of the data; but which requires precise targetting with directional antennae. Alternatively, the beam may be effectively broadcast, with a large 'footprint' on the Earth. In this case it may be able to be received by many devices scattered over a wide area, including by devices that are moving at considerable speed.
Satellites might be close to the Earth, as in the case of the Iridium project, in which case they have to move quickly relative to the Earth's surface in order to avoid being captured by its gravity. Hence the earth-station's antenna may need to continuously track the satellite, and, as it approaches the horizon, periodically switch its attention to the next satellite in the set.
Alternatively, the satellite may be in 'geo-synchronous' orbit, as originally popularised by Arthur C. Clarke (1945). In this case, its position relative to the device is stable. On the other hand, the distance to a satellite in geo-synchronous orbit is about 35,000 km, and involves very high (c. 2 second) signal transmission-time or 'latency'.
The data rate (commonly called 'bandwidth') that is available over satellite circuits may be substantial, but it has to be shared among many wireless devices and hence the bandwidth available per device may be relatively narrow.
Various services are currently available using satellite circuits, including
voice transmission by means of 'satellite telephones', and broadband data
connections which are marketed in rural and remote areas that lack
cabling and hence do not have access to
A service of a very particular kind is provided by the Global Positioning
System (GPS). See, for example,
(1999-). This provides one-way signals from multiple satellites down to
wireless, portable terrestrial devices, which enable them to compute their
location on the earth's surface with a high degree of accuracy (variously to
within 10-100 metres). At present only one such system exists, which is run by
the U.S.A. government; but one or more others may be launched.
Wide Area Wireless Networks (WANs)
A service of a very particular kind is provided by the Global Positioning System (GPS). See, for example, Trimble (1996) and GPS (1999-). This provides one-way signals from multiple satellites down to wireless, portable terrestrial devices, which enable them to compute their location on the earth's surface with a high degree of accuracy (variously to within 10-100 metres). At present only one such system exists, which is run by the U.S.A. government; but one or more others may be launched.
Satellites act as hubs, relaying signals among devices on the earth's surface. The same function can be performed by terrestrial base-stations. The nature of most electromagnetic radiation is such that these transmissions are generally restricted to line-of-sight communications. Because of the curvature of the earth's surface and practical limitations on the height of towers to support the antennae of base stations, devices need to be within about 20km of base-stations they want to communicate with. That gives rise to the notion of a terrestrial 'cell' and the term 'cellular mobile technology'.
Cellular wireless technologies generally have substantial overall bandwidth. But they involve broadcast rather than station-with-single-device communications, and hence provide only limited bandwidth per wireless device. See. for example, Farley (2000a). Technologies include:
Digital cellular WANs are well-established for voice services, but to date they have been less effective for data transmission. Technology providers and service providers have made considerable investments in security features; but the trapdoors that were required to be provided for national security and law enforcement agencies create weaknesses, and further vulnerabilities are discovered from time to time.
Since the early-mid 1990s, technologies have been deployed that support wireless communications across smaller areas than cellular wireless, typically within a radius of about 10-100 metres of the base-station or hub. The acronym 'WLAN' has some currency. The industry association uses the term 'WiFi' (from 'wireless fidelity').
The first of these to have widespread impact has been that utilising the IEEE 802.11b standard. An early product-set was launched by Apple in 1999 as 'Airport', and another has become available from Intel since early 2003 as 'Centrino'.
The marketing term 'hot spot' has been used to refer to each zone within which wireless communication is available. Because security in such zones is loose, it may be feasible for any passer-by to use such services. The term 'war-chalking' was in vogue for a short time, to refer to marks made to indicate a zone in which 'free-loaders' could gain access to the Internet via an insufficiently-protected wireless LAN.
A new round is being promised using the IEEE standards 802.11g (which is compatible with 802.11b, and is already deployed by Apple as 'Airport Extreme') and 802.11a (which is a distinctly different technology from 802.11b, and which was approved at the same time as 11b, but has taken far longer to become commercially available).
802.11b has an effective data-rate that can currently be described as the lower end of broadband (1-10 Mbps). The later versions offer higher bandwidths. Because they involve broadcast, the bandwidth is shared by all devices that are active within the zone at the time. Security was not originally a high priority in the design and development of these technologies, and although some progress is being made it remains a concern (e.g. Gast 2002).
Technologies are now on offer that provide wireless services over even smaller ranges, a radius of about 1-10 metres. These generally support low data-rate ('narrowband') capacity (56Kbps-1Mbps). The primary examples are:
These services were originally envisaged as connecting such devices as a person's keyboard and PC. The technology providers' aims have become much more ambitious, however, and the scope now encompasses telephone handset and telephone headset, microphone, speakers, desktop PC, laptop, PDA/handheld, digital camera, games console and, in time, virtual reality goggles and gloves.
Several other technologies exist which work rather differently from those described above, but which also provide forms of wireless data transmission. Examples include:
These technologies generally involve very small devices, which carry little or nothing in way of a power-source. They are therefore envisaged as drawing power from their environment, in particular through the induction of current by passing through a magnetic field generated by a device such as a contactless smart card reader.
To date, these technologies depend on close proximity (about 2cm up to perhaps 5m), support only low data-rate communications, can only sustain short bursts of activity, and hence only enable a very limited number of transmissions and volume of data. However they are already tenable for such applications as ticketing and tolling (including decrementing a counter on a moving smartcard), and the identification of items passing along a conveyor belt.
It is feasible to link any of the wireless networks described in this section with other networks of the same kind, with other wireless networks covering other areas at the same level, with other wireless networks operating at broader and narrower levels, and with wired networks. The integration is performed by means of intermediating nodes called by various names depending on the specific function that they perform, including switches, bridges, routers and gateways.
The many different wireless technologies utilise various parts of the electromagnetic spectrum in many different ways. For that reason, they have very different characteristics, across far more dimensions than just the range and bandwidth mentioned in the preceding paragraphs. For example, they adopt different techniques for recognising devices, they are subject to interference to differing degrees, they have different vulnerabilities, and the security features that they embody vary from very limited to highly sophisticated.
The wireless transmission of data gives rise to many different characteristics of devices, of services accessible using devices, and of relationships between device-users and remote organisations. As a result, there is ample scope for people to mean different things when they use the word 'mobile'.
Possible interpretations of the term 'mobile' include the following:
It is critical to any analysis of the applications, impacts and implications of wireless technologies that the sense in which the term 'mobile' is being used is made explicit. Moreover, in drawing on other sources, an analysis must consider the sense or senses in which the source's author is using the term. A great deal of publishing in the wireless arena is undisciplined in this regard, not only in the popular press, but also in more formal papers especially of a policy or a business and strategy nature, but even in the technical literature.
The question arises as to the manner and extent to which the identity of a device is disclosed when it uses wireless transmission services. The analysis in this section also applies to the manner and extent to which the content of messages is disclosed.
The Internet Protocol Suite, and indeed all recent alternative means for transporting messages over large-scale networks, are organised in a set of nested layers, conventionally referred to as a 'protocol stack'. Applications are at the uppermost level. The lower levels perform increasingly deeply-nested technical functions, whose workings do not need to be known by the upper layers.
In a properly-implemented intermediating node within the network, each layer focuses on its own responsibilities, and hence each layer knows only as much about packets passing through it as it needs to know in order to perform its own functions. The result is that intermediating nodes do not generally have much information about the two devices at the ends of a message-exchange. They are, however, aware of the network location (IP-address) of the message's destination. Properly-implemented intermediating nodes are also not generally aware of the content of messages that they relay onwards.
Three exceptions arise. One is where a person who is not a participant in the network gains access to traffic, e.g. by listening in to broadcasts, or by 'tapping' into a cable that carries Internet traffic. A few wireless services are designed to direct signals from one device to another; but most involve broadcast of the signal over an area. The signals are therefore by definition subject to receipt by any device in that area. Tapping of wired Internet traffic by outsiders is, on the other hand, fraught with serious difficulties.
A second exception is where the function of the intermediating node is perverted in order to provide additional data to the person that operates it. An example is a systems administrator who monitors traffic in an endeavour to accumulate collections of people's passwords or credit card details. This is widely regarded as a 'cybercrime', and in some jurisdictions legislation has been passed to ensure that it is a crime in law as well as from a moral perspective.
The other exception is where the intervening node performs functions at the same level as the applications software in the two end-devices. One example is a 'caching server', best-known in the context of the world-wide web. This stores popular files that are likely to be accessed by many other devices in that segment of the network. Another example is a 'gateway', which converts message-formats between two distinctly different networks, e.g. between the Internet Protocol Suite and the Wireless Applications Protocol (WAP) stack.
The most pertinent example, however, is a 'proxy-server'. This is a program that runs on an intermediating node, and that gains access to the messages passing between end-devices. Proxy-servers have been used by a variety of repressive regimes. The People's Republic of China uses it in an endeavour to prevent people in that country gaining access to particular web-sites, or to a particular search-engine (at least when particular search-strings are used, such as 'Falun Gong' or 'Jiang Xemin'). It has also been applied by Singapore and Australia in a (forlorn) attempt to prevent access to sites of which the relevant government agency disapproves (e.g. sites making pornography of varying degrees available, offering access to dissident literature, or providing on-line gambling services).
A further consideration is that countermeasures are available, whereby a sender can reduce the amount of information that an interceptor can gather about the sender, about the receiver, and about the content of the message being transmitted.
One form of countermeasure is encryption of the message-content. If effectively performed, this precludes anyone other than the intended recipient from understanding the content. But it does not protect against what is commonly referred to as 'traffic analysis'. That is to say that an interceptor may not know what the content is, but may be aware that a message passed from one specific network address to another, at a particular date and time.
A second form of counter-measure is an application of proxy-servers to protect people's privacy and freedoms. An anonymising proxy-server can enable a user to obscure their Internet address when performing functions such as sending email or requesting a web-page. A number of such services exist, and have been used for a variety of purposes.
A further form of protection against traffic analysis is referred to as a 'virtual private network' (VPN) or 'tunnelling'. The technique involves messages being wrapped in an additional envelope. The sending and destination IP-addresses are therefore not visible to the intermediating nodes.
It is entirely feasible for organisations and modestly well-informed individuals to apply these countermeasures when they use conventional PCs/workstations. Some do; the vast majority do not. It is also feasible for these countermeasures to be built into devices that use wireless transmissions. One constraining factor is the capacity limitations inherent in small devices. On the other hand, security concerns are increasing, and it seems fairly likely that such features will be incorporated into products targeted at the corporate market. Once designed and implemented, they need not be unduly expensive, and hence seem likely to be reasonably accessible to individuals as well. In addition, individuals are likely to be able to retro-fit them to at least upper-end consumer products.
There is no doubt that circumstances arise in which organisations that provide services within a network may gain access to information about messages between end-devices, and may even gain access to the content of those messages. It is important to appreciate, however, that these are exceptional, rather than being intrinsic to the operation of the Internet.
Observers are justified in being concerned about the security of device-identities and message-content in the Internet context generally, and in the case of wireless transmissions in particular. But it is important to avoid simple-minded assumptions that security is impossible (and that as a result privacy is dead). Careful analysis needs to be undertaken, in order to establish what threats and vulnerabilities exist in respect of each particular application of each particular wireless technology.
When considering consumer and privacy impacts, two fundamentally different contexts need to be considered:
Dealing with the former context first, there are several circumstances in which the mobile party discloses little or no location data to other parties.
A very common context is where only one-way communications exist, with no back-channel from the mobile party. One example is the broadcast of messages to many recipients across a large cachement area, as is the case with both broadcast television and radio, and many satellite services. An important special case of this is the passive use of GPS by a mobile party in order to compute their location.
There are several contexts in which two-way communications exist, but there is nonetheless no disclosure of positional data by the mobile party. These include the following:
There is a variety of circumstances in which the mobile party discloses information about their location to other parties.
A mobile party may expressly disclose their location to another party, as part of the content of the communications. This act may be voluntary or involuntary, conscious or inadvertant, and freely offered or induced. For a discussion of consent in electronic contexts, see Clarke (2002).
Since the 1990s, information about a caller's location is communicated to recipients through disclosure of caller-ID from fixed phones. CND/Caller-ID has been established by most telcos and PTTs around the world as default-on / opt-out / non-consensual, because it was in their commercial interests to do so, and regulators and parliaments failed to act in the public's interest to impose default-off / opt-in / consent-based schemes.
In most national numbering schemes, the prefix of the calling number discloses the caller's location to within a few kilometres (in urban areas) or a few hundred kilometres (in relatively remote areas). In principle, the remainder of the number discloses nothing. But where the recipient of the call has access to 'reverse white-pages' functionality and the number is 'listed' in whatever database the recipient is working from, it is likely that it also discloses street-address and subscriber name. Many national operators (such as Telstra and Sensis in Australia) refuse to disclose the proportion of subscribers who pay to 'go ex-directory', but in Australia it is rumoured to be 20%, and in Los Angeles as high as 50%. That could conceivably decline, however, if current initiatives to rein in the tele-marketing epidemic are successful.
Another leakage of location information is through disclosure of the cell from within which a mobile party is communicating. It is an operational necessity for this data to be known by the provider of the cellular wireless service. At present, it would appear that this data is not generally accessible to other parties, other than law enforcement agencies in particular circumstances defined by laws within the particular jurisdiction. But there are very likely to be business incentives for it to become more widely accessible, and where regulatory constraints exist they could be bought off, as they so often have been in the past.
There are moves afoot to achieve disclosure of a more precise location within the cell from within which a mobile party is communicating. This would appear to be feasible through at least three technical means:
Alliances of telcos, telco technology providers, consumer marketing corporations, law enforcement agencies and national security agencies have been working on this for many years. They have used as a blind the application of such a technology to emergency services, with cars trapped in snowdrifts featuring strongly in the public relations campaigns (indeed it has been widely promoted as the 'E-911' initiative).
A further approach is self-identification by devices as they pass by detectors of various kinds. For example, taxis and trucks carry devices which include transponders, which transmit vehicle-identifiers to receivers installed at strategic locations such as major intersections.
Smartcards using non-contact chips include a coil. When the card passes through a magnetic field, current is induced in the coil, and a short message can be broadcast, and picked up by a nearby device designed for that purpose. Smartcard-based public transport payment cards apply this technology. Where the payment card is designed so as not to be associable with the person who is carrying it, the technology provides an efficient and unthreatening tool.
But unfortunately such cards can in many cases produce an identified data trail. Transmission of a chip-ID of perhaps 128 bits may be quite adequate to achieve this, provided that an index exists that ties the chip-ID to the artefact that it's embedded within (e.g. a person's credit-card, driver's licence, or passport), or some other basis can be contrived to relate the artefact to a person.
RFID (radio frequency identification) tags are a minituarised version of this kind of potentially ubiquitous surveillance, whereby the chips are extremely small and can be embedded in, for example, Benetton clothing. For an investigation of implications, read Neal Stephenson's 'Diamond Age'.
It is all too common to see authors making assumptions along the lines of the following:
Wireless technologies do indeed harbour potentials of this nature. And there are powerful organisations that perceive advantage for themselves in such arrangements. But the technologies are highly diverse, and are subject to significant limitations. And the designs will be the result of the political processes of standards-setting interleaved with the diversity-generating processes of competition.
It is therefore vital that analyses be based on a sufficiently comprehensive and deep appreciation of the technologies involved. In addition, the tone of such analyses needs to be realistic rather than accepting of the mythology of the technological imperative.
Clarke A.C. (1945) 'Extra-Terrestrial Relays' Wireless World, October 1945
Clarke R. (1988) 'Information Technology and Dataveillance' Comm. ACM 31,5 (May 1988) Re-published in C. Dunlop and R. Kling (Eds.), 'Controversies in Computing', Academic Press, 1991, at http://www.rogerclarke.com/DV/CACM88.html
Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues', Information Technology & People 7,4 (December 1994) 6-37, at http://www.rogerclarke.com/DV/HumanID.html
Clarke R. (1999) 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' Proc. User Identification & Privacy Protection Conference, Stockholm, 14-15 June 1999, at http://www.rogerclarke.com/DV/UIPP99.html
Clarke R. (1999) 'Person-Location and Person-Tracking: Technologies, Risks and Policy Implications' Proc. 21st International Conference on Privacy and Personal Data Protection, pp.131-150, Hong Kong, 13-15 September 1999. Revised version in Information Technology & People 14, 2 (Summer 2001) 206-231, at http://www.rogerclarke.com/DV/PLT.html
Clarke R., Dempsey G., Ooi C.N. & O'Connor R.F. (1998b) 'A Primer on Internet Technology', at http://www.rogerclarke.com/II/IPrimer.html
Elbert B.R. (1999) 'Introduction to Satellite Communication' Artech House, 1999
EPIC (1998) 'Caller ID', 1998, at http://www.epic.org/privacy/caller_id/
Farley T. (2000a) 'Digital Wireless Basics', at http://privateline.com/PCS/PCS.htm, accessed 18 October 2003
Farley T. (2000)b 'Cellular Telephone Basics: Amps & Beyond ', at http://privateline.com/Cellbasics/Cellbasics.html, accessed 18 October 2003
Gast M. (2002) 'Seven Security Problems of 802.11 Wireless' May, 2002, at http://www.oreillynet.com/pub/a/wireless/2002/05/24/wlan.html, accessed 18 October 2003
GPS (1999-) 'GPS Tutorial', Gemini Positioning Systems Ltd, at http://www.gps1.com/Tutorial.html, accessed 18 October 2003
Halpern, S.W. (1994) 'The Traffic in Souls: Privacy Interests and the Intelligent Vehicle-Highway Systems', Santa Clara Computer and High Technology Law Journal, 11, 1
ITSA (1995-2000) 'Interim Intelligent Transportation Systems Fair Information and Privacy Principles', 1995, revs. 1999 and 2000, at ITSA, accessed 13 December 2000
ITU (1998a) 'Public land mobile communication systems location', International Telecommunication Union, M.624, March 1998
ITU (1998b) 'Automatic determination of location and guidance in the land mobile services', International Telecommunication Union, M.1307, May 1998
Kirby C. (2000) 'New Technology Can Pinpoint Cell-Phone Users' Locations' San Francisco Chronicle, 23 October 2000, at http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/10/23/BU77211.DTL
Lappin T. (1995) 'Truckin'' Wired 3.01 (Jan 1995), at http://www.wired.com/wired/archive/3.01/truckin_pr.html
Megowan P.J., Suvak D.W. & Knutson C.D. (2002) 'IrDA Infrared Communications: An Overview', at http://www.irda.org/use/pubs/Overview.PDF, accessed 18 October 2003
Proust A. (2000) 'A Bluetooth Primer', at http://www.oreillynet.com/pub/a/wireless/2000/11/03/bluetooth.html, accessed 18 October 2003
Scourias J. (1997) 'Overview of the Global System for Mobile Communications ', at http://www.shoshin.uwaterloo.ca/~jscouria/GSM/gsmreport.html, accessed 18 October 2003
Trimble (1996) 'All About GPS', Trimble Navigation Limited, at http://www.trimble.com/gps/index.htm, accessed 18 October 2003
Waters P., Simpson A. & McDonough A. (1998) 'Mobile Services In Australia: A Mobile Phone In Every Pocket', Gilbert & Tobin, October 1998, at http://www.gtlaw.com.au/pubs/mobileservices.html
Wiesenfelder J. (1996) 'The Information Superhighway (This is not a metaphor)', Wired 4.02, Feb 1996, at http://www.wired.com/wired/archive/4.02/smart.cars_pr.html
Wigan M.R. (1995) 'The realizability of the potential benefits of intelligent vehicle-highway systems: the influence of public acceptance', Information Technology and People, 7, 4 (1995) 48-62
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 15 May 2003 - Last Amended: 18 October 2003 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/WMT.html