back to article Wi-Fi devices set to become object sensors by 2024 under planned 802.11bf standard

In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals. "When 802.11bf will be finalized and introduced as an IEEE standard in September 2024, Wi-Fi will cease to be a communication- …

  1. Chris G

    This sounds like something that may well be abused from the first moment abuse is possible, by all the usual data slurpers, Google, Facebook, governments et al.

    One thing that could help against commercial abuse is if we all had ownership of our data as a constitutional right, so that each time an entity wishes to use it they must gain your express permission to do so.

    1. Wellyboot Silver badge

      Constitutional rights are nice.

      Make ownership of your own data a legal COMMERCIAL ownership and prevent it being signed away in any EULA.

      1. martyn.hare
        Thumb Up

        Don’t give a choice in the matter!

        Just make commercial exploitation of any/all data derived from personal data completely illegal under criminal law. As that includes all protected information about which demographics you belong to, that kills personalised advertising and other very exploitative practices dead. People can still collect your personally identifiable information and use it directly with your consent but they can no longer create derivatives with which to make money

        This doesn’t stop anybody willingly being compensated for directly advertising or endorsing things but it does kill the unwanted business models of Google, Facebook, Microsoft, Twitter. Reddit and many other companies.

    2. Anonymous Coward
      Anonymous Coward

      So, did the NSA pay comcast to deploy wifi routers to all residences?

    3. HereIAmJH

      needs to be off by default

      The user needs to have the ability to turn it off. It needs to be off by default. And there needs to be a visible indicator that it is turned on.

      From the article:

      "Wi-Fi will cease to be a communication-only standard and will legitimately become a full-fledged sensing paradigm,"

      No, Wi-Fi will cease to be a communication standard, and will become a surveillance standard.

      1. Mike 16

        Re: needs to be off by default

        "A visible indicator". This requirement will be followed by the revision: "A truthful visible indicator, where visibility is to be by reference to human vision, not, for example, honeybee vision". Of course, compliance with the new requirement will be self-certified by the vendors and installers.

      2. Anonymous Coward
        Anonymous Coward

        Off by default or Opt-In/Out are all irrelevant

        The issue here is that we are bathed in WiFi signals in pretty much any public or private spaces. This is one of those problems like the ring cameras where as soon as they are installed they start causing problems for other people their owners either intend, or don't care about.

        At lest there isn't an 802.11 track for sensing sin color yet. This isn't technology that should EVER ship as part of a consumer data networking kit. There are additional issues that the fools making this have deliberately avoided thinking about.

        Among those include: No possible method to obtain informed consent to be scanned for all of the people that are going to be scanned. This technology will provoke a reaction with the tinfoil had crowd, and there are already cases of idiots jamming the The 2.4 and 5ghz bands. Do you want to randomly lose WiFi and Bluetooth as you walk about in the world, how about that grouchy neighbor next door? Mind losing home WiFi if they take issue with you installing an access point that is scanning through the walls of your cheap apartment?

        If you are going to do microwave scanning, make it up in the upper Ghz bands so the range and penetration is low, and do it in a way that the signal coding and band are distinctive. Keep it the heck away from all of the communications bands.

      3. Anonymous Coward
        Anonymous Coward

        there needs to be a visible indicator

        And how could you see that indicator if the AP is behind a wall? Perfect tech to spy on neighbors.

    4. fidodogbreath

      If anyone was wondering why Google's mesh WiFi seems like such a good deal, or why Amazon bought Eero, this should clear it up.

    5. Anonymous Coward
      Anonymous Coward

      Does 5G Already Do This ?

      Two years ago at a conference (remember those?) an RF engineer alleged that 5G already has the potential to do this, to send out beacons that act as a radar, and use the received signals to exactly map the surrounding area.

      1. DS999 Silver badge

        Re: Does 5G Already Do This ?

        Only mmWave 5G would be able to do so, and that's only going to be deployed in dense urban areas where there are already plenty of CCTV cameras.

  2. Christoph
    Alert

    Stalker's dream

    As I understand this story, it implies that a stalker who can somehow get access to a victim's Wi-Fi will be able to prove to their victim that they know exactly what they are doing all the time. It's an obvious extension of things they already do such as planting tracking devices on cars. Many victims will be completely non-technical and have no idea how this is happening.

    I don't give a shit what fancy applications can be enabled by this tech - if it enables this it is completely unacceptable.

    Not that this will stop it of course - the police forces will insist on being able to do the same thing.

    1. Gotno iShit Wantno iShit

      Re: Stalker's dream

      It's like so many other technologies, keep it in the home and it could be tremendously useful, e.g. automatic light control without needing dedicated sensors in every room.

      As soon as you introduce cloud - FO, FRO then when you finished that FRO some more.

      1. Ordinary Donkey

        Re: Stalker's dream

        You won't be able to keep it in the home. There are more than twice as many identifiable wifi networks in my home office than there are apartments in the building.

    2. AMBxx Silver badge
      Big Brother

      Re: Stalker's dream

      Already easier ways to do this. York City Council are very pleased that their free WiFi network allows them to track everyone using the MAC address of their phones. They talk about it all being cuddly and anonymous but if you start from the same place each day, it's not exactly anonymous.

      Needless to say, they claim the benefits such as tracking traffic.

      I'm sure they're not the only council using such technology.

      I now turn off WiFi when I'm out and about.

      1. Androgynous Cupboard Silver badge

        Re: Stalker's dream

        The recent iOS 14 - by default - now picks a random MAC address every time it connects to a wireless network. I only noticed when I was trying to work out which random stranger was using mine (it was me).

        Settings -> Wi-Fi -> your network, then see if "Private Address" is ticked.

        I'm not sure how many devices have upgraded, or how many have gone to the effort of turning it off. I expect it's "lots" and "few". So MAC tracking is already of limited value for iOS folk, although I'm sure it will be a cold day in hell before google add such a privacy-focused feature for Android.

        1. iron Silver badge

          Re: Stalker's dream

          It would seem that for you hell froze over on 21st August 2017 when Google released Android 8 which included MAC randomisation when probing for new networks. Or perhaps 6th August 2018, the release of Android 9 which uses a random MAC addresses when connecting to any WiFi network.

          1. Androgynous Cupboard Silver badge

            Re: Stalker's dream

            That's a fair cop

          2. Martin an gof Silver badge

            Re: Stalker's dream

            So for my home network which uses MAC addresses as one way to identify "known" devices - i.e. the DHCP will not hand out addresses to all and sundry - how does that work? Is it an either/or setting, or is it possible to tie the device to one single MAC which is always used for a home network, and randomise the MAC for strange ones?

            Here's a creepy tracking "game" - Beat The Street. It's being promoted (for example by Derby City Council) as a fun thing for people - including children - to do to help them exercise. If I read the thing correctly, it is possible to take part as an anonymous member of a team, but to benefit fully from the exercise-tracking and have the possibility to win prizes you have to register, and this ties an individual RFID tag to a specific name, address etc.:

            When you register to take part in Beat the Street, your name, email address, phone number, age group, postcode, gender and information on health and levels of activity will be stored on our servers which are hosted and managed by DCSL Software.

            The game is being aimed particularly at children - schools in the areas receive allocations of RFID fobs which they hand out.

            Not convinced this is a great idea, though they do also say:

            we do not share your personal details with any other company/organisation without your consent, although we may share anonymised statistical information with other organisations to independently evaluate the impact of the game

            Aah yes, erm, email newsletters, delivered by MailChimp. I thought Privacy Shield was no longer sufficient:

            Because Mailchimp certifies to the Privacy Shield framework, they can lawfully receive EU data.

            M.

            1. Androgynous Cupboard Silver badge

              Re: Stalker's dream

              > So for my home network which uses MAC addresses as one way to identify "known" devices - i.e. the DHCP will not hand out addresses to all and sundry - how does that work?

              It's configurable per-network, so you can turn it off easily for your home network.

        2. Anonymous Coward
          Anonymous Coward

          Re: Stalker's dream

          Nice touch, but keep in mind that randomized MAC is per NETWORK not per ACCESS POINT.

          That means that the city wide wifi can still track you if your phone interacts with it, it just will be slightly harder to match that with your traffic on other networks, or identify the original address of device.

          Also keep in mind that it will try the spoofed mac first, but if it can't connect it will try the real mac, and keep using it unless the spoofed address is allowed onto the network. This was to allow access to networks that use MAC based access controls.

      2. iron Silver badge

        Re: Stalker's dream

        Turning off your WiFi is useless, your mobile carrier have been selling your council that data for years. I saw a presentation by Vodafone and TFL at a conference about 10 years ago showing how they track every commuter journey in London every day using cellphone signals. Scary stuff but apparently it helps make sure there is a bus to get you to work or something.

        1. Anonymous Coward
          Anonymous Coward

          Re: Stalker's dream

          Wonderful! They can concentrate on doing this but 10 years on there's still not a hope of keeping a socket open for more than a few seconds travelling from Brighton to London.

        2. HereIAmJH

          Re: Stalker's dream

          The data is there, but I doubt that your average city has the competence to handle that volume of data. The cell market is much larger than it was 10 years ago, and growing all the time.

          You need to understand what is being collected: every time your device communicates with a tower there is an entry created in a database. The data was originally collected so that cell carriers could diagnose and tune their networks. It contains data like tower id, handset identifier, signal strength, and antenna sector. Note that it does not contain an actual handset location. But your phone will be talking to more than one tower at a time, if there are more available, so that it can choose the best tower based on strength and available bandwidth.

          For a city to use this data they need location, so they can determine movement. That means matching device records from multiple towers and triangulating every device on every tower within their jurisdiction, while taking into account obstructions and topography. Then they have to overlay that on maps to get useful traffic patterns.

          Imagine you have only a million handsets active in a given area, with each one communicating with towers every few seconds. You need 3 towers to get a good location. Even if you only checked every 10 seconds (which might not be often enough for traffic, depending on speed limits), you have to make 6 million calculations a minute on 18 million datapoints. Just to get the 'raw' location data. Then throw in the need to get the data from ALL carriers in the region so that you have the full picture.

          It's not impossible. And I suppose the Telcos could sell anonymized data that has been pre-processed to determine locations. But its a huge task that would be pretty expensive for local governments on a budget.

          1. doublelayer Silver badge

            Re: Stalker's dream

            "you have to make 6 million calculations a minute on 18 million datapoints. Just to get the 'raw' location data."

            Sorry, but this doesn't sound as difficult as I think you meant it to. My desktop can process millions of operations per second. A server can do it even faster by throwing more cores at the problem, because it's completely parallelizable. The only tricky part is getting the large databases into the processing system, but since they have high-speed connections to send user data, it's not that difficult to do that either. Existing software is available to take that raw location data and display it on a map, and I'm sure there are companies willing to build a system to analyze that kind of raw intelligence.

            1. HereIAmJH

              Re: Stalker's dream

              You either didn't read, or grasp the complexity of the calculations. It's not operations per second. I'm assuming you're talking instructions, or MIPS. Calculating a device location requires multiple data points for single device within a designated timeframe (< sec). Then looking at the signal strength to triangulate. You have to take into account topology and any obstructions that will affect signal strength. Consider this, you have 3 towers surrounding a park. Two have open field between them and the device. Tower 3 has woods. Tower 3 is going to have a weaker signal during the summer and about the same strength once the leaves drop. You also have to take into account hills or buildings. All these factors will affect the accuracy of your location calculation. If your use case is that you want to monitor traffic on a street, your accuracy would need to be within a radius of a hundred meters or so.

              And throwing more cores at it likely won't solve your problem. With today's architectures you're more likely to be I/O bound than CPU bound. While you can determine a location with 1 or 2 towers, accuracy really suffers. 3 towers is really the minimum for it to be reliable, but you could have more in areas where towers are close together. A payload is going to be a minimum 25 characters. So every 10 seconds you're going to need transfer ~75 megabytes of raw data. (25 bytes x 3 towers x 1m devices, fixed width, no delimiters) And a million devices is a pretty small number.

              And sure, that is doable with a dedicated pipe going to servers dedicated to the task. But cost/benefit isn't there. You pay for the data. You pay for the dedicated lines to each telco. Then you pay to process the data to get it into a form that you can overlay on your city map. Or you go out to the location and install a dedicated traffic monitoring device that you can move around town as needed.

              1. doublelayer Silver badge

                Re: Stalker's dream

                I get that the calculations are a lot more than one instruction. Still, it doesn't seem particularly difficult to implement should somebody want it enough. Transferring 75 MB in ten seconds is easy, especially given that most of the towers concerned will have fast cable connections running straight to them. Calculating the location based on that data does require more information, but a few methods can cut down on the effort required. First, some cities or businesses operate connected infrastructure which stays in one place. The server could identify something which, for example, has not moved for a week and treat that as a point of reference for future calculations. If the leaves fall off the trees, then it will have a better connection to tower 3 and the servers can factor that into their calculations. Second, devices can be correlated with one another. If lots of devices go in relatively straight lines, then it's probably a street. The assumptions can be factored in as well. If you're worried about I/O getting the data to the server, the towers themselves can do some of the calculation so the data gets compressed before sending it to the main servers for more extensive calculations.

                Now your main point, that this is inefficient for the goal, I completely agree. Doing this would be ridiculous when we have lots of ways to get traffic information. However, that doesn't make doing it at all impossible. If someone wanted it for their own reasons and chose to sell the data, they could.

    3. H in The Hague

      Re: Stalker's dream

      "... it implies that a stalker who can somehow get access to a victim's Wi-Fi will be able to prove to their victim that they know exactly what they are doing all the time."

      Possibly worse than that. If the wall between you and the neighbours is thinish your Wi-Fi system might be able to sense movement in their house. Esp. if you tinker with your system to boost its output.

      1. stiine Silver badge

        Re: Stalker's dream

        So, this means I can watch my neighbors get it on, albeit in false color images? Oh hell yeah!

        Or does this mean that NSO Group will start selling a police wifi hotspot and acompanying software to allow the police to use their cell phones to scan a house, a la radar?

      2. ThatOne Silver badge

        Re: Stalker's dream

        > If the wall between you and the neighbours is thinish

        Unless you live in an underground bunker, your WiFi spills over to all neighbors: When in an apartment building you can usually see a dozen different WiFi routers.

    4. Anonymous Coward
      Anonymous Coward

      Re: Stalker's dream

      Probably not THAT good a resolution, this isn't ever going to be a Hollywood movie batman scanner. Not on the WiFi bands. But that won't make mixing communications and surveillance tech like this ever be a good idea.

      WiFi scanning and object detection is limited by radio physics, so in the WiFi bands it can identify vaguely human shaped blobs through a wall, but almost no detail, where a high end optical ir camera may be able to get a much clearer picture under ideal conditions. Wifi scanning is also defeated by many common materials and even the most basic tempest shielding, before that meant giving up on your own WiFI and cell useage, but since cell repeaters are cheap now, the paranoid can faraday cage the outside of their living space and still enjoy four bars inside.

      I'm more worried about the expansion of creepy interactive signage and the impossibility of obtaining real consent from people in public spaces.

    5. They call me Mr Nick

      Re: Stalker's dream

      It will make coersive control much easier/more frightening. The whole thing sounds utterly terrifying.

  3. Anonymous Coward
    Anonymous Coward

    Tin foil hats? Pfft. My Faraday cage suit idea looks set to make me a fortune.

    1. Scott Broukell

      @osakajin - But this tech will be in use during the rest of thee week as well, it's not just restricted to Faradays!

      1. Anonymous Coward
        Anonymous Coward

        Are you taking the Michael?

        1. Steve K

          Watt?

          Watt?

    2. Chris G

      @osakajin, since with this tech everybody is effectively a disturbance in the force, your Faraday suit will not hide you. You will still be detectable.

      The idea is not dissimilar to military uses of electronic intelligence (elint) so what is needed is a counter intelligence broadcast to fool or jam the Wi-fi around you.

    3. Ordinary Donkey

      I hate to break the news to you, but clothes made with silver-infused thread to produce a faraday effect are already widely available.

      Underwear too.

    4. martinusher Silver badge

      Your Faraday suit will stand out as a person shaped hole in the R/F noise.

  4. Chris Miller
    Joke

    You're a day early with this April Fool.

    1. Anonymous Coward
      Anonymous Coward

      Seems to be a large well organised jape then, https://www.ieee802.org/11/Reports/tgbf_update.htm

  5. JohnMurray

    The movement it will detect last thing at night, is my hand moving to the "off" switch.

    1. Fred Dibnah
      Paris Hilton

      Your hand moving to what?

      1. Anonymous Coward
        Anonymous Coward

        The power plug! Don't trust the switch!

        1. Anonymous Coward
          Anonymous Coward

          Just give it a good tug.

  6. anonymous boring coward Silver badge

    It's not April 1st until tomorrow!

  7. Neil Barnes Silver badge

    I suppose this was inevitable

    given that people will stick microphones around the house... but what possible reason is there for this technology?

    It's a communications protocol, not a motion detector. If you want one of those I'm pretty sure there are other more mature technologies.

    1. find users who cut cat tail

      Re: I suppose this was inevitable

      The reason is always the same: You would install those more mature technologies intentionally and persumably have some control over their use. Whereas with this you will have little choice as WiFi is ubiquitous.

      1. Anonymous Coward
        Anonymous Coward

        Re: I suppose this was inevitable

        I'm getting rid of my Wifi, but I can detect eight of my neighbours wifi in my flat. And if I can detect them, they can detect me. It's like one of those recent horror movies where you have to keep your eyes shut or stay silent.

    2. Roland6 Silver badge

      Re: I suppose this was inevitable

      >It's a communications protocol, not a motion detector.

      yes and no.

      Yes 802.11 is a communications protocol and should remain focused on being a communications protocol. However, radio transmissions do make very good motion detectors - I seem to remember a story about US stealth aircraft being detected by the disturbance they caused to broadcast TV signals. So I'm happy for people to play around with ambient radio such as 802.11 and use it for radar purposes, but I suspect making it better for motion detection will not improve its communications capabilities.

      1. Mike 16

        Broadcast TV?

        So there's an expiration date. At least near me, the coverage radius for TV has been shrinking for years. It's gotten to the point that I suspect the only reason broadcasters broadcast is to get "must carry" status and the resulting payments from Cable providers. Ditto radio "broadcast", and the refusal of mobile phone manufacturers and operators to support broadcast radio for disaster and other emergency use.

      2. Anonymous Coward
        Anonymous Coward

        Re: I suppose this was inevitable

        "I seem to remember a story about US stealth aircraft being detected by the disturbance they caused to broadcast TV signals. "

        IIRC a UK demonstration of the feasibility of developing radar in the 1930s - was done by getting a plane to fly through a broadcast radio transmission path.

    3. Roland6 Silver badge

      Re: I suppose this was inevitable

      >but what possible reason is there for this technology?

      There is a little bit here: https://beyondstandards.ieee.org/ieee-802-11bf-aims-to-enable-a-new-application-of-wlan-technology-wlan-sensing/

      It seems this is really all about exploiting the 60Ghz band (802.11ad/ay) where it may be possible to do stuff that previously could only be done via a camera or other sensor. What is clear, a big part of doing anything other than the basic stuff will be the AI/machine-learning necessary to process the data.

      A practical use of the technology would be for a mobile phone to utilise the on-board WiFi to implement a basic proximity radar - providing a tech version of the white cane. Mind you if the people behind this are as bright as they like to think they are, they should have released a "proof of concept" iOS/Android app that supported social distancing rules.

    4. Anonymous Coward
      Anonymous Coward

      Re: I suppose this was inevitable

      "what possible reason is there for this technology?"

      The reason is always the same: "Because we can! And we don't care about the consequences because this is cool, and will give us a lot of street cred among fellow nerds!"

      1. This post has been deleted by its author

  8. thosrtanner

    I think 'bf' as part of the standard name is remarkably apt really. And sadly, the IEEE website has plenty of information about this idea

    1. Roland6 Silver badge
      Paris Hilton

      I suspect 'bf' will be of little practical use until it gets paired with 'gf' - sadly the IEEE website has zero information about '802.11gf'...

      Paris, because I'm sure she has lots to contribute to 'gf'.

  9. Anonymous Coward
    Anonymous Coward

    what could possibly ever go wrong

    Pulse-Doppler radar is, where the frequency dictated the resolution is, not really possible in a shared RF space.

    2.4GHz has a wavelength of ~ 124mm

    5GHz has a wavelength of ~60mm

    60 GHz has a wavelength of ~ 5mm

    So I'm guessing that 802.11bf would be a Monostatic radar in which the TX bandwidth is the critical factor:

    2.4GHz typically has a bandwidth 20MHz, 40MHz or 80MHz which would correspond to ~15m, 7.5m or 4 meters

    5GHz has a channel bandwidth 20MHz, 40MHz, 80MHz or 160 MHz which would correspond to ~15m, 7.5m, 4m or 2 meters

    60 GHz has a channel bandwidth 2.16 GHz which would correspond to ~140 mm

    And the reason I say Monostatic radar, is that most of the heavy duty math used in demodulation could then be used almost for free with ranging.

    Time to go off an start reading some documents on 802.11bf, now that I've made my guess on how it probably works.

    1. Mast1

      Re: what could possibly ever go wrong

      Look at previous methods of imaging with WiFi, eg this from 2013 :

      http://people.csail.mit.edu/fadel/papers/wivi-paper.pdf

      And that was using 2.4 GHz.

      BTW Why use of public Wi-Fi when mobile small-quantity data contracts are pretty cheap nowadays and the downside of MitM is all too apparent ? Just asking.

    2. Bartholomew

      Re: what could possibly ever go wrong

      Looks like it is a form of Continuous-wave radar and technically would not be a Monostatic (transmitter and receiver at the same place), It would be closer to a Bistatic radar. But since the transmitters and receivers could both be moving in real time would you then call it a pulsed Bidynamic radar!

      It is amazing that the initial building blocks required for WiFi Sensing have been in the standard since 1999 when 802.11a was first released.

      From a technical level it is really cool that you can have a mobile radar system map out remote environments, but from an Orwellian perspective it is freakout city.

      1. martinusher Silver badge

        Re: what could possibly ever go wrong

        If its being negotiated as a proposed standard then its almost certainly been prototyped (and in use) by now.

  10. alain williams Silver badge

    "way to opt-out of SENS-based surveillance"

    That should be the default. It should be opt-in.

    Question: how do you go about getting the agreement of everyone within range ?

    Also: how much more of a drain on the battery will this be ?

    1. Anonymous Coward
      Anonymous Coward

      Re: "way to opt-out of SENS-based surveillance"

      > Also: how much more of a drain on the battery will this be ?

      Since most of the heavy math is being used for demodulation anyhow, almost negligible.

    2. ThatOne Silver badge

      Re: "way to opt-out of SENS-based surveillance"

      > That should be the default. It should be opt-in.

      Come on, it doesn't really matter, because the people wanting to abuse it won't really respect that silly "opt-in/opt-out" kids game, will they.

      The perv neighbor wanting to know what you do in the privacy of your home, the police trying to find something suspect about your preserves cooking (crystal-meth-orange?), any commercial venue wanting to keep tabs on the walking moneybags in the vicinity, and so on. None of these will bother asking you for your kind permission, if only because the whole interest is that you don't know you're been watched!

  11. Doctor Syntax Silver badge

    "preferably before launch"

    Why break the habits of a life time?

    1. Anonymous Coward
      Anonymous Coward

      Must get my eyes tested - read that as "preferably before lunch".

  12. Mike 137 Silver badge

    Security and privacy still left to fix (if ever)

    Convergence is always going to be a problem. It enables cross-contamination, reduces resilience and increases complexity, which in turn reduces security by creating a larger target for attack. Nevertheless it's obviously "the way forward" so it'll go ahead until we have a wonky real world equivalent of the Start Trek tricorder (that could detect and report on anything in the universe and also be re-wired in the field to act as a weapon). Unfortunately life is not quite as portrayed in Star Trek.

    1. Phil O'Sophical Silver badge

      Re: Security and privacy still left to fix (if ever)

      Typical of researchers, they play with the fun bits then dump it over the wall for someone else to do the due diligence for security etc. Commercial interests pick it up & decide that security is too expensive, and privacy gets in their way. Just like the Internet as a whole.

      Perhaps the researchers might like to think about including security & privacy right from the start, sometime?

      1. Roland6 Silver badge

        Re: Security and privacy still left to fix (if ever)

        >Perhaps the researchers might like to think about including security & privacy right from the start, sometime?

        Until it's out there (ie. there is a working implementation) and being played with it is very dificult to determine just what the security and privacy ramifications are and thus what mitigations might be necessary.

        I suggest thinking about security and privacy concerns too early results in a compromised implementation and/or a false sense of security as you think you've thought about all the ways something might be used only to have some teenager drive a coach-and-horses through your security...

        1. Phil O'Sophical Silver badge

          Re: Security and privacy still left to fix (if ever)

          What I meant was that I've seen too many projects where people have prototyped a neat idea, and then someone said "we should add some security", at which point they realise they should have designed it completely differently from the start. By that stage it's often too late, especially for "research" projects which are put forward as a proof-of-concepts, but somehow end up being shipped...

          They may not have all the security & privacy in at the get-go, but they should at least think about what it might mean.

      2. ThatOne Silver badge

        Re: Security and privacy still left to fix (if ever)

        > Perhaps the researchers might like to think about including security & privacy right from the start, sometime?

        The researchers just think about a principle, which has many "uses". You can't change those uses, and no amount of thinking can prevent them.

        Take nuclear fission/fusion for instance: How can you make sure nobody builds a bomb? Well, the thousands of bombs out there say you simply can't. You can only hope all the people who have them are "good guys", and won't use them on you (they have to use them on somebody after all...).

        The only way to prevent abuse is to not create this cheap & convenient spy gadget. Let the military build and use them as they see fit, I personally don't have much use for a device telling me what my neighbors are doing, and I sure hope neither do my neighbors.

  13. Bartholomew

    The police

    https://www.youtube.com/watch?v=_wsMEj2ZfW8

    You got to love the lyrics.

  14. muddysteve

    The progress of technology.

    your scientists were so preoccupied with whether or not they could that they didn't stop to think if they should.

    Dr Ian Malcolm - Jurassic Park 1993

  15. mark l 2 Silver badge

    Who is actually asking for this to be bolted onto WI-FI? Using radio waves to provide motion detection has been around since the 1940s and i have found no need to install a RADAR in my house so far, so why do i need my Wi-Fi network to be doing it?

    1. Bartholomew

      The only useful area of application that I can think of are indoors and underground, but only when neither GPS, nor 5G are possible for Location Awareness. With this technology there is the possibility of locating people and objects deep underground where traditional real time asset tracking systems do not work.

      I do hope that this is only deployed where it is actually needed.

      1. stiine Silver badge

        Need by whom? 5-eyes? China? Personally, I want this for my nefarious use.

      2. ThatOne Silver badge

        > I do hope that this is only deployed where it is actually needed.

        You don't really believe this, do you... It will be deployed where it is profitable and where people need to keep tabs on other people. You can always hope you won't be part of those "other people", but statistically chances are you will: From pervs to authoritarian regimes to burglars wanting to work in peace, there is a long list of people waiting eagerly for this.

    2. Julz

      Speakers could use the information about the shape of the room and contents, even where the meat bags are, to modify their behaviour for better quality sound.

  16. Pascal Monett Silver badge

    "there's not much precedent for seeking permission in the technology industry"

    Well it is high time to set a precedent then.

    1. Mike 137 Silver badge

      Re: "there's not much precedent for seeking permission in the technology industry"

      Very true Pascal - it is about time. Unfortunately there can't be a precedent until it's happened twice. The first time it happens it has no precedent. The second time it happens the precedent is the first time. So we may have to wait for two rounds of common sense (I'm not holding my breath).

    2. Anonymous Coward
      Anonymous Coward

      Re: "there's not much precedent for seeking permission in the technology industry"

      When my rainbow pony comes back from the hairdresser.

  17. Mark Zero

    It's already commecialised!

    I'm sure that my mesh network doesn't provide the same level of detail as envisioned by the author of this article but the concept of wifi as a motion sensor is available as a paid subscription ($2.99 /month) on the Linksys VELOPS mesh network. I have deployed the VELOPS mesh network in my house and it's fantanstic for seamless, fast excellent coverage of 2.4/5Ghz wifi, I have no want or need for remote monitoring of my house, besides our two cavoodles would present many false readings!

  18. Charlie van Becelaere

    As noted in many other comments

    There really is no opt out when our neighbours "opt in" will cover our homes / offices / spaces as well.

    bf indeed.

  19. Horst U Rodeinon

    Dear IEEE,

    I say FOAD to 802.11bf

  20. Gene Cash Silver badge

    Old quote

    This is 100% "your scientists were so preoccupied with whether or not they could, they didn’t stop to think if they should."

  21. terrythetech
    Big Brother

    Tin foil hat?

    Sod that, time to stick my router in a biscuit tin (grounded) and dig out the cat6 stuff I used to use. Oh bugger, I can be seen by my neighbours wifi.

  22. Anonymous Coward
    Anonymous Coward

    There are aspects to this sort intrusion not mentioned here.......

    1. 801.11bf allegedly identifies motion in the vicinity of an access point.

    2A. .....BUT....the object doing the moving is anonymous IF IT HAS NO WiFi CLIENT signed on.....

    2B. .....OR....the object doing the moving is anonymous IF IT IS CARRYING A BURNER

    So......either turn off the device when you want to be anonymous.....or carry a burner if you want to make the snoops work for their data! So....business as usual!!!!

    What am I missing?

    1. DevOpsTimothyC

      Re: There are aspects to this sort intrusion not mentioned here.......

      3. Sue all your neighbours for invading your privacy. I'm sure a good lawyer could make something of it.

      In the UK you might be able to press charges under stalker laws, "‘a pattern of unwanted, fixated and obsessive behaviour which is intrusive. It can include harassment that amounts to stalking or stalking that causes fear of violence or serious alarm or distress in the victim’."

      Ref https://www.cps.gov.uk/legal-guidance/stalking-protection-orders

      If my neighbour was tracking my movements around my house I would consider that unwanted obsessive behaviour that is intrusive and causing distress. If they purchased equipment with that capability that I would consider it intent.

      1. Anonymous Coward
        Anonymous Coward

        Re: There are aspects to this sort intrusion not mentioned here.......

        "If my neighbour was tracking my movements around my house [...]"

        IIRC the 2003 Sexual Offences Act defines the offence of voyeurism as observing someone in a structure - who is unaware they are being observed**. I suspect that the legal scope of "observed" could be taken as not limited to the visible light portion of the spectrum.

        **there was some surprise that the definition does not prohibit deliberately peering through a crack in a fence to watch someone sunbathing in their private garden.

      2. Twanky

        Re: There are aspects to this sort intrusion not mentioned here.......

        I'm sure a good lawyer could...

        A what?

      3. ThatOne Silver badge

        Re: There are aspects to this sort intrusion not mentioned here.......

        > Sue all your neighbours for invading your privacy.

        Won't work, you'd need to prove beyond reasonable doubt that the offenders did indeed spy on you.

        Yes, it's that pesky hippy "innocent until proven guilty" nonsense which doesn't allow you to punish willy-nilly anyone you think might have wronged you...

  23. jason_derp

    Obligatory movie quote

    "Like a submarine, Mr. Wayne."

  24. yorksranter

    How about "no"?

  25. djnapkin

    Hmmm, let me check the date on my calendar. Oh, 1st April, well look at that.

  26. Anonymous Coward
    Pint

    Hehe

    Well done El Reg, almost fooled me.

  27. AndyFl

    Authors of paper don't understand GDPR.

    In the referenced paper the authors recommend that users are provided a mechanism to opt-out of the data collection. The whole point of the GDPR is that consent has to be willingly given without cohesion before data collection - in other words all systems have to be opt-In with the default that data is not retained.

    The protocols in IEEE 802.11bf are being developed on the basis to maximise data collection without any mechanism relating to signalling the prior consent of the data subject being intrinsic to them. This will give problems in the future when it is eventually rolled out.

    In the US personal data appears to be the property of the person collecting it not the data subject which is the opposite of the European approach. I'm aware of recent legislation in some US states which is starting to move the default towards opt-in but there is no fundamental right not to have your data collected.

  28. Bitsminer Silver badge

    Scope creep

    The 802.11xxxx standards were about radio communications in a smallish area.

    Doing motion detection and whatnot is basically demonstrating that these people are bored and want to explore something new, and preferably at public expense. And, nevermind the expense, onwards with the show!

    A rule of thumb in system engineering is: scope creep is about 1% a month. So, begin with 802.11g in 2003, subtract 2021, carry the one, subtract from zero, get.....204% change in requirements specifications in the last 17 years!

    It figures.

  29. This post has been deleted by its author

  30. nagyeger
    Thumb Down

    date wrong?

    Someone from El Reg please tell me the article date is wrong....

  31. xyz Silver badge

    So....

    If I buy a big dildo and stick it on an old record turntable and leave that spinning near my router, someone should get the message?

  32. Anonymous Coward
    Anonymous Coward

    Why oh why ...

    Why does every " new technology" has to have tracking, ads and all maner of undesirables built-in, like the new specification they were making for the continuation of the SMS. It was ad slingers focused, not even a little bit of concern of what the user may need or want. I can see the potential with this too. Maybe i need to return to nature to have a little peace of mind.

    1. ThatOne Silver badge

      Re: Why oh why ...

      > Why does every " new technology" has to have tracking, ads and all maner of undesirables built-in

      Because we're entering the age of "monetization". It will probably take a century or two (and better times) before some crazy idealist declares that people have a right to privacy, and their lives don't belong to the highest bidder. And probably another century before most countries have finally accepted the idea (and the loss of profit).

  33. Jake Maverick

    otherwise known as recording people 24/7 in full 3d holoporn....reason not so many talking about is that a lot of them are locked up in mental institutions for explaining this simple 'science' to people.....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like