John McAfee is no stranger to controversy. From allegations he ran an MPDV lab, had orgies with a gaggle of young girls and even stocked an arsenal of weapons and maintained his own “personal army” few will doubt that he is an eccentric kind of character. Now the media is flush with stories that claim that McAfee is poised to release a device he calls the D-Central which he claims will beat the NSA at their own game.
Looking at what little has been released it seems that this device is nothing more than a wireless router that users will install within their homes. It would function using a mesh topology meaning that as your neighbors install their own boxes the size of your own neighborhood network will grow and route choices will diversify.
So far, so good. Indeed there are already several neighborhoods that have deployed their own metropolitan area networks using consumer grade access points flashed with custom firmware like OpenWRT. Cisco has their own turnkey solution as do other vendors. This technology is neither new nor innovative.
Mesh networks are interesting and allow neighborhoods to take responsibility for their own data, allowing high speed sharing between those on the mesh and cut price Internet access through either a collaborative (those with DSL links act as gateways and volunteer their spare bandwidth) or centralized (the city – or organizing body purchases a pipe using funds either donated by the users or the city’s works program). Mesh networks also have issues with scaling up, but these are surmountable by using traditional techniques like breaking a large mesh into smaller nets and introducing a small number of routers to bridge between the nets. In a typical installation a small town would have a single mesh net with a point to point directional link to the next town’s mesh network in addition to a diverse range of gateways via volunteers in both town making their DSL connections available. Of course, given the lack of IPv4 space available NAT is almost always used on these gateways. IPv6 will fix all of these issues, of course. By using routing technology like OSPF and RIP mesh routers can decide which route would be most suitable and changes in topology quickly propagated making the network effectively self healing.
All of this is great stuff but where do McAfee’s claims of being “NSA proof” come into it? Your guess is as good as mine.
If you used the mesh network to establish an encrypted tunnel to a friend on the same network (i.e. it does not egress the mesh) then it would not pass through an ISP and be vacuumed up by the NSA.
But let’s think about this practically. Even if this connection did traverse the common Internet and be unlucky enough to get intercepted then the NSA would still be unable to decrypt its contents if an appropriate cipher (and a bug free implementation) was used. Yes, the latter is a hell of a precondition but pretend for the sake of this argument that the encryption used was not backdoored or otherwise subverted.
Let us revisit our scenario again and this time let’s say we establish an unencrypted session to our friend via the mesh. Everyone nearby with a network card in monitor mode could see your communication. If you were a high enough value target then no doubt the NSA would be on the ground nearby sniffing the air.
Mesh networks are a great idea, and the concept of collective bargaining with internet providers to get a large pipe at a significant discount would no doubt bring the costs down for all involved. If there was a mesh network that somehow spanned the country then you can be sure that the alphabet soup agencies would setup sniffing stations near the aggregation points (presumably where the mesh traverses a point to point link into another zone). Even if all of the in-country communications were somehow beyond the capabilities of the NSA they would still be collecting data on the egress points.
The latter is something that no small collective of souls can fix. Running independently funded optical fibers across thousands of mile of ocean and ensuring that no interception occurs is an almost impossible prospect (quantum networking may one day solve this but would likely only work short range). The only way you could even hope to guarantee safety of the data in transit is to encrypt it – which brings me back to the point of this article.
Mesh networking will not stop surveillance. Encryption will. But for encryption to be effective it must be implemented properly and unfortunately on today’s hardware there isn’t a single person who can assure me that my PC is safe. If complexity is the enemy of security then the common PC is irretrievably broken.
Properly implemented encryption will save us from the NSA, not some $100 box from John McAfee.
Mike the Crypto Goat 