Unintended Emissions (2019)
Wireless (802.11) Citizen Surveillance Investigation
Inserted into urban environs, Unintended Emissions captures, dissects, maps and projects radio emissions invisibly shared by our portable wireless devices.
Employing two arrays of directional Yagi antennae the project attempts to determine positions of Wi-Fi devices in the vicinity.
Along with the X,Y coordinates, Unintended Emissions reveals meta-data such as make of device, networks the device previously connected to and Internet connection requests transmitted by the device out into the air.
Similar to surveillance and tracking systems such as StingRay, Unintended Emissions places mobile Wi-Fi users on a 2D map indicating the kind of device user has, time of appearance, user’s network activity and other user-specific meta data. This information can be further analyzed to determine the user’s identity and movements within a locality and the Internet.
Using methods and technologies known to be deployed by federal, surveillance initiatives, the intervention seeks to engender a "healthy paranoia" in the interests of an increased techno-political subjectivity.
Two antennae rigs positioned outside or inside a gallery space, register the presence of Wi-Fi enabled devices within the premises of the area. In most cases those Wi-Fi devices are mobile phones that people carry in their pockets.
By measuring the time difference of signals (Time-Of-Flight) received from those devices across all 8 antennae, 2D spacial positions of seen devices and, consequently positions of their users are publically projected on a large screen.
Using public Wigle.net database (see below), the information unintentionally emitted by the devices is used for dertermining a wider geography of users' movements which are rendered onto a city map. Places such as public cafés, train stations, friend's houses as well as persons' own private homes are pointed out on a map supplimented with the names of Wi-Fi networks present at those places, publicly revealing private information collected from the air.
Screen capture from NYC show / Glassroom 2016 (early version without city mapping)
Visitors can observe themselves and others move around on the projected map of the area, all the while not having given any explicit consent nor having interacted with the installation - much like the systems of digital and radio surveillance employed globally.
Whenever you have connected to a Wi-Fi network your device will remember that network. In the quest for helping you get a better connection, and to be able to seamlessly hop or roam between networks, your device will continuously, at an interval, as long as Wi-Fi is enabled, and independent of whether you are connected to a network or not, send out what is called Probe Requests.
These are small messages broadcast to everyone within distance to receive them, asking whether a network is available by its name, and if that network is, the device can then consider connecting to it. When you see a Wi-Fi network in the list of networks on your device this is normally the consequence of all the networks sending out beacons continuously telling every device within range that they exist, as well as what their name and properties are, so that a device can then establish a connection.
It is not mandatory for a network to broadcast beacons with a name, it could just sit there and only reveal itself by name when someone actively asks for its name specifically and because of this design decision the devices needs a way to ask for the presence of networks that it would like to connect to.
The consequence of this mechanism of sending Probe Requests asking for networks that your device knows, is that your device continuously sends out a list of names of networks you have previously connected to, typically names of networks you normally connect to, the names of networks at cafés you frequent, your home network, your workplace, restaurants you go to, bars you go to, libraries, stores and so on, producing an undoubtedly unique network preference (or a fingerprint) of a device you use.
It is very unlikely that anyone else's device would be broadcasting the names of the same networks as yours does. Also this reveals not only where you often go but also a trace of where you have been. For instance, there are documented cases from the war in Syria where people have been executed by Daesh/IS because of their devices revealing that they have been visiting spaces belonging to opposition and connected to networks that then have been broadcasted thus revealing them.1. On most devices the user can manually choose to "forget" the networks device was connected to.
What is broadcast in a Probe Request is only the name of a network (SSID) and not its unique BSSID. Many networks can have the same name however some names are unique but how would we even know?
GPS and systems alike, generally don't work indoors since satellites signals can not be heard there. Instead positioning in mobile phones and tablets is typically implemented by looking at what Wi-Fi networks are within range and uploading that information to a service that maps it to a guessed location. There are several such services and they are typically comprised of the data received from the devices with known GPS position and/or by war-driving.
Most such services are proprietary and closed and you don't have access to their data so easily but Wigle.net is a service rather for mapping Wi-Fi network and other radio infrastructure together - currently (march 2019) they have recorded 528 million Wi-Fi networks and 11 million cell towers - and providing a mapping function and API for accessing that data to search for networks with specific properties.
Now remember those Probe Requests that ask for networks by name? If we ask Wigle.net for those networks we get all the positions in the world where networks by that name has been seen. If the name is unique we only get one position - and that position is then with very high confidence a location where the device in question, and most likely it's owner, has visited at some point in time.3. BSSID is a combination of OUI (unique identifier of the manufacturer) and unique MAC addres of the wireless network device.