Introduction (Surprise!)

I got a new iPod Touch today and one of the first things I did was fire up wi-fi and launch google maps. I noticed a button that allowed the system to automatically zoom in to my “current location”. Because the iPod does not have a GPS chip, I was expecting it to use my IP to narrow me down to a city or even a province. Imagine my surprise when it narrowed me down with an accuracy 30 meters (~100 feet)!

The first time I tried this, I was at the university. I was not too surprised by this because I know that the university has static IPs that may well be in some geo-locator database. I was more surprised (and concerned) when this worked at home. My IP is dynamic, so there is no way it could be stored in a central database. For curiosity, I looked my current IP up in a geo-locator database and it pointed me to Kingston, ON, which is 500km off, but it makes sense because my ISP operates all over Canada.

Technical Explanation (With Limited Amounts of Geekiness)

So how did the iPod do it? A few minutes of googling took me to a company called Skyhook Wireless. Without getting too technical, what this company does is it sends out about 200 cars in all cities in North America and they do what is known as “wardriving”. Essentially, they take a unique ID (MAC address for the technically inclined) from all wireless routers and log the physical location of those routers in a central database. The MAC address is freely available, even from protected networks. To be perfectly clear: you do not need to connect to a network (and thus do not need any passwords) in order to get a MAC address.

Once the location is in a central database, it is available for triangulation. Say I’m walking down the street with my iPod and press the “locate me” button. The Wi-Fi radio on my iPod sends Skyhook the MAC addresses of all the routers around me in a 80-200 meter radius. If three of those are in Skyhook’s database, I am triangulated, and skyhook knows where I am (give or take a few meters). The data is sent back to me and I get a google map of my surroundings.

Implications (Why You Should Turn Off the Wi-Fi on Your Cell Phone/iPod)

The negative implications of this can be quite clear. What if, for example, you’re not the one who requested your location? What if it was done by a virus/trojan or spyware (brings a new meaning to the term, eh?)? But your location is probably of little use to petty hackers and virus-writers. It’s also not precise enough for someone to physically walk up to you, especially if you’re in a dense place such as any city center. 30 meters worth of error downtown Toronto (or even downtown London) is enough for someone to never find you.

But what if your location is wanted by someone who knows you personally? Let’s say a spouse/significant other who thinks you’re cheating. Then your location with a 30 meter margin of error becomes more than enough for that person to know what you’re doing.

Legal Issues (This is a Law Blog, right?)

I can’t definitively say whether any of this is an invasion of privacy. Skyhook’s technologies does not circumvent any security systems and uses only information that is publicly available. I am not sure whether posting a location of a MAC address constitutes invasion of privacy (an enterprising “enthusiast” found a way to query Skyhook’s database to get Lat/Lon coordinates associated with MAC addresses). There’s an argument to be made both ways and of course none of this has been tested by a court.

What’s more concerning is that router owners cannot opt out of this. Furthermore, once a router’s MAC address is in the database, it cannot come out. The company’s stance on the issue is the following:
“we cannot remove individual access points…every access point by
definition broadcasts a radio beacon …The only way to stop an access point from broadcasting its
presence is to unplug it….we don’t actually identify the location of access points, just the signals
that they create”
That statement is technically true, but misses the point entirely. “The signals” (MAC address broadcasts) can be definitively associated with the physical router because every router has a unique MAC address (otherwise their system wouldn’t work). So, yes, they are tracking the location of access points. It is true though that once that access point (router, switch, etc.) is no longer broadcasting, it cannot be identified. This is the same thing that was said by computer security experts back in the 1980′s:
“…the only truly safe computer system is one that is disconnected from the network, switched off and buried six feet under ground…and even then I’m not sure.”
Mitigating Factors (Why You Should Not Lose Sleep Over This)

I have already alluded to some of the mitigating circumstances. Some of them are social (i.e. your location within 30 meters is useless to 99.999999% of the population) others are more technical. For example, most devices that are not laptops shut off wi-fi connectivity when their screens turn off in order to conserve their batteries. This is certainly true for iPods and iPhones and is also true for every Windows Mobile device I ever owned. Also, an internet connection is not needed to establish your coordinates (unconnected wi-fi is enough), but an internet connection IS required in order to do anything with those coordinates (i.e. send them to someone).

Also note that there need to be at least three known broadcasting access points within at most 200 meters, which likely means that this positioning system will not work in rural areas.

Lastly, and perhaps most importantly, I did not find any evidence of this system being misused. So far, there has not been any malware written that would take advantage of Skyhook’s database to track people. That doesn’t mean it cannot happen, it just means that it is not something to worry about today.

For More Info…

For the more technically inclined, you can check out my source material:

http://thebmxr.googlepages.com/Don_t_Locate_me.pdf (Background and tricking the system, very technical)
http://en.wikipedia.org/wiki/Skyhook_Wireless (Wikipedia entry on skyhook. Describes the technology)
http://en.wikipedia.org/wiki/Wifi (Wikipedia entry on wifi. Look at “Reach” for wifi service ranges)

Today I had the pleasure of sitting through an introductory Legal Ethics and Professionalism lecture (I would have enjoyed the lecture much more if I hadn’t been sick, but that’s besides the point). The professor talked at great length about civility in communication, especially if the communication is in writing. It is far too easy in this connected world to send something off in the heat of the moment or without considering about what the message will look like to the receiving party. Of course the professor was talking about emails, instant messages, twitter, blogs, and other online media. But when I got home, I found a far more extreme example.

“Deidre Dare” (I put her name in quotes because I’m not sure if that’s her real name) is a former associate of Allen & Overy (a UK law firm). Part of what peaked my interest in this story is that Deidre Dare worked in the firm’s Moscow office. She put up a website with some material that her firm deemed objectionable. The material? A fictitious account of an expat living in Moscow and engaging in all kinds of questionable activity including drinking, drugs, sex, and (according to abovethelaw.com), something involving donkeys and dwarves, but I wasn’t curious enough to get to that part of her “book”. The part I did notice was a blanket knock against my city of birth:
“I drink too much. I do too many drugs. I fuck around. I waste days and time. I spend too much time
at parties. I spend too much time alone. I spend too much money. I talk too much. I smoke too much.
I don’t write. I indulge myself……”
There’s a shorter way of saying all that, I realised:
“I live in Moscow”.
To nobody’s surprise, Deidre Dare eventually got fired from her firm. She’s suing for wrongful dismissal and such, but that’s not the point. The question is should a lawyer who works for a respectable firm be allowed to publish such material? In other words, does it violate some kind of ethical code of conduct?

My personal test to this is fairly rudimentary and perhaps incomplete, but here it is: if it were known to a “reasonable” client what his/her lawyer was in doing in his/her free time, would the client still hire this lawyer? If not, the actions of this lawyer are probably unethical.

As for Deidre Dare? She’s writing a column called “sExpat” for a Moscow-based English language paper, and is considering high-class prostitution in order to increase her cash-flow. I would like to think she’s joking, but you never know.

For the curious, you can find Deidre Dare’s website here (May be NSFW).

First of all, a congratulations is in order to the law classes of 2012: we survived the first two weeks of law school. It wasn’t easy. It involved a boatload of new terminology, a new way of thinking, an immersion into the 17th, 18th, and 19th centuries, a little bit of Latin, and a dose of downright wacky concepts (“qualified pre-possessory interest”, anyone?).

But we survived. And we shall survive again. I just looked at the calendar, and we are 15% of the way through the semester (scary thought, huh?).

P.S. I am still looking for contributors for this blog. Drop me an email if you are interested.

I have heard, seen and read the debate among pundits in regard to healthcare reform south of the border. Cutting through the misinformation, spin, rhetoric and outright bullsh*t, there is a somewhat trivial economic explanation to the differing opinions. As usual, some of the easiest explanations are the ones most often overlooked.

This economic perspective is a result of one of the comments I saw on the WiseLaw Blog which talked about the comments of Glenn Beck (who was ranting about a “lottery” that is the Canadian healthcare system). The comment went as follows:

“…I know nothing of Beck but suspect he promotes the “conservative” point of view, which, briefly stated, is that being rich should MEAN something….”

This is serious food for thought. What exactly does it mean to be rich? In obvious language, it implies an ability to consume luxury goods and services available in the market. Conversely, what does it mean to be the opposite of rich (I don’t want to say “poor” because that has a different definition)? It means a general inability to consume luxury goods due to having to spend the majority of income on necessities.

You can see where this is going with regards to healthcare. Framed like this, the question is trivial: is healthcare a necessity or a luxury? Your initial answer will depend on your political preference, but consider the following premises and let’s see where logic takes us:

• People cannot control when they become ill; and
• Spending on luxury goods and services is first to get cut in an economic downturn due to less money being available and thus a greater proportion of income being spent on “necessities”.

What is the logical conclusion if we assume that healthcare is a luxury? If a “rich” person becomes ill during a recession when there is less money to spend on luxuries, money would not be spent on treatment.

Politics notwithstanding, I hope my readers can see why this conclusion is silly. Treatment for an illness cannot wait for an economic upswing nor should people’s health be affected by where we stand in the business cycle.

I can therefore conclude that healthcare is not a luxury, but a necessity. This also means that the anonymous reader of WiseLaw is only partially correct: for “conservatives” being “rich” should mean something, but any conservative with an understanding of economics will understand that being the opposite of rich should not spell lack access to healthcare.

Cross-posted at LawIsCool.ca