Security

This article is more than 1 year old

MAC address privacy inches towards standardisation

IEEE hums along to IETF anti-surveillance tune

Fri 26 Jun 2015 // 01:56 UTC

The Internet Engineering Task Force's (IETF's) decision last year to push back against surveillance is bearing fruit, with the 'net boffins and the IEEE proclaiming successful MAC address privacy tests.

While MAC address randomisation has been a feature of various clients (including Linux, Windows, Apple OSs and Android) for some time, it has yet to be written into standards.

Hence, as part of the anti-surveillance effort it launched in May 2014, the IETF had identified MAC address snooping as a problem for WiFi users.

In November, the IETF ran an experiment to look at whether MAC address randomisation would upset the network – for example, because two clients presented the same MAC address to an access point.

The success of that test had to be confirmed with the IEEE, though, because the latter is the standards body responsible for 802 standards. Those standards are where the handling of the media access control address is specified, so changing the old assumption that the MAC address is written into hardware needs the IEEE's co-operation.

Now, the IETF and IEEE have agreed that the experiment was a success, along with further trials at the IEEE's 802 plenary and a second IETF meeting, both in March.

In their brief announcement, the groups clearly foreshadow revisions to both the 802 standards and relevant IETF documents.

InterDigital principal engineer Juan Carlos Zuniga, who chairs the IEEE 802 Privacy Executive Committee Study Group, said the tests “set the stage for further study and collaboration to ensure the technical community prioritises Internet privacy and security”.

For those whose knowledge below the routing layer is sketchy, the MAC address is what Ethernet uses to send frames to the right machine.

Back in the 1980s when Ethernet was first created, and even in the 1990s when WiFi was born, little thought was given to the risk that the MAC address could put personal privacy at risk.

The blossoming of mobile computing, smartphones, and public WiFi, however, means that fixed, unique identifiers no longer look like such a good idea. ®

Topics

Special Features

Vendor Voice

Resources

Security

MAC address privacy inches towards standardisation

IEEE hums along to IETF anti-surveillance tune

More about

More about

Narrower topics

More about

More about

More about

Narrower topics

TIP US OFF

Other stories you might like

Google will delete data collected from 'private' browsing

In-app browsers are still a privacy, security, and choice problem

US legislators propose American Privacy Rights Act - and it looks quite good

Protecting distributed branch office environments from ransomware

Majority of Americans now use ad blockers

Academics probe Apple's privacy settings and get lost and confused

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

Microsoft squashes SmartScreen security bypass bug exploited in the wild

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

96% of US hospital websites share visitor info with Meta, Google, data brokers

H-1B visa fraud alive and well amid efforts to crack down on abuse

Head of Israeli cyber spy unit exposed ... by his own privacy mistake

About Us

Our Websites

Your Privacy