Jul 12, 2015 11:00 PM PT

Privacy talk at DEF CON canceled under questionable circumstances

Anti-surveillance tool ProxyHam will never see the light of day

Ben Caudill

Earlier this month, several news outlets reported on a powerful tool in the fight between those seeking anonymity online, versus those who push for surveillance and taking it away.

The tool, ProxyHam, is the subject of a recently canceled talk at DEF CON 23 and its creator has been seemingly gagged from speaking about anything related to it. Something's off, as this doesn't seem like a typical cancellation.

[NOTE: Updates to this story are on page two.]

Privacy is important, and if recent events are anything to go by – such as the FBI pushing to limit encryption and force companies to include backdoors into consumer oriented products and services; or the recent Hacking Team incident that exposed the questionable and dangerous world of government surveillance; striking a balance between law enforcement and basic human freedoms is an uphill struggle.

Over the last several years, reports from various watchdog organizations have made it clear that anonymity on the Internet is viewed as a bad thing by some governments, and starting to erode worldwide.

Whistleblowers, journalists, human rights activists, or anyone who wishes to express their opinions against the state are being tracked and targeted by the very governments they're discussing or protesting.

The documents leaked by Edward Snowden prove that privacy is a basic right that's easily dismissed by some governments, and the Hacking Team incident shows there's a booming business market in helping them succeed.

Organizations such as Hacking Team or Gamma International have developed the tools and tactics needed to help oppressive governments, enabling them with the ability to track people no matter their location or how they connected to the Web.

While tools such as Tor or VPNs can help, the problem is that once a person's IP address has been linked to a physical location their anonymity ceases to exist.

Given that governments often control the infrastructure being used, unmasking people in this fashion has only gotten easier over the last decade or so.

While it is true that criminals can be flagged and arrested using pinpointing techniques and lawful interception tools – and that's a good thing – normal citizens expressing their basic human rights are also targeted and arrested (including journalists), which is horrendous.

Not every government is guilty of such acts, but several of them are, and that's why it's important that people be empowered to speak freely and to do so anonymously if there's a need.

Enter ProxyHam, a tool created by Ben Caudill, a researcher for Rhino Security Labs, which can help human rights activists, whistleblowers, journalists, and privacy advocates remain anonymous online.

Designed to augment existing privacy tools, ProxyHam is a Raspberry Pi computer with Wi-Fi enabled. There's three antennas; one is used to connect to a public Wi-Fi network, and the other two are used to transmit Wi-Fi signals over a 900 MHz frequency.

By using a 900 MHz radio, ProxyHam can connect to a Wi-Fi network up to two miles away, and blend-in with traffic on that spectrum. So if the person using it were to be tracked via IP address to a physical location, all anyone would find at that location is the ProxyHam box.

Caudill had planned a talk at DEF CON 23 centered on ProxyHam, which would've included a demonstration and the release of full hardware schematics, as well as source code. While everything needed to develop a device would've been offered, pre-configured units were planned for sale at a cost of $200.

On Friday, the talk was canceled. Caudill was vague in his responses to the public. Based on brief public remarks, it's clear that he cannot speak about the topic or explain further.

In fact, all he can say is that the talk is canceled, the ProxyHam source code and documentation will never be made public, and the ProxyHam units developed for Las Vegas have been destroyed. The banner at the top of the Rhino Security website promoting ProxyHam has gone away too. It's almost as if someone were trying to pretend the tool never existed.

Talks have been canceled at DEF CON before. So in that sense, this talk isn't the first and it won't be the last.

However, given the topic, the nature of the tool, and the current privacy climate – it's a strange coincidence that a tool with such value and usefulness would be promoted and then removed from the public.

I don't believe in coincidences.

Could have Caudill changed his mind? Yes, but that's unlikely, because he was excited to release this tool and share the information with the public and protect those who are most at risk for using their voice.

Therefore, while it is pure speculation on my part since no one can speak on record, it would look as if a higher power – namely the U.S. Government – has put their foot down and killed this talk.

It isn't perfect, but a tool like ProxyHam – when combined with Tor or other VPN services, would be powerful.

Such a combination would make tracking dissidents or whistleblowers (even with custom malware or tools from the likes of Hacking Team) increasingly difficult the more that ProxyHam was developed.

In fact, while the first version offered strong support to existing privacy tools, further developments were planned that would've not only improved things, but made them more affordable.

While the chance for abuse is also a valid point to make, and law enforcement certainly would, criminal elements have abused VPN and Tor before, so that's not a strong argument. Honestly, criminals have been twisting legitimate tools and resources for their own gain for quite some time now.

At the same time, that criminals could abuse the tool is the only argument a government needs to make.

When faced with legal threats, most researchers will bend because there's no other option available to them. No one wants to face fines and jail time over code.

Caudill isn't talking, and clearly he can't. Offering his apologies in an email when asked for comment, he responded to questions by repeating what was said on Twitter:

"...ProxyHam development would cease immediately, all existing units and prototypes destroyed, no further information or source code would be made available, and the DEF CON talk on whistleblowers and anonymity would be cancelled..."

Again, ProxyHam was under development for more than a year and Caudill was excited for it to go public. Now that's all gone, and there's nothing to suggest this was his intention.

Rather, given the state of things as they pertain to privacy and legal matters here in the U.S., it appears that his hand was forced – legally – complete with gags and destruction orders.

If a government agency killed this project, then it's a sad day for privacy and security research.

Salted Hash as reached out to DEF CON to see if they can offer any additional details. Updates to this story are on page two.

[Note: The original article is on page one.]


Shortly after this story was posted, readers on Twitter pointed out that there doesn't appear to be an FCC license for Caudill listed. Salted Hash has reached out to confirm the status, because it is possible the FCC intervened on the talk for that reason, or because there were devices for sale. (Thanks: @t0x0pg & @Err0r10 )

Another reader noted that using the devices would violate FCC rules, but there have been other talks where such a conflict potentially exists, and those were not canceled.

Shortly after this update was posted, Caudill responded to questions about the FCC stating that no, licensing had nothing to do with it. The 900MHz licensing was something they were just starting to look at, but the ProxyHam devices were limited to 1Watt as required by the FCC.

"Proxyham devices did not break the FCC standards as the 900MHz antennas were capped at the 1-watt limit," he said.

Update 2:

When asked about patents, and if those held by Ubiquity or Intel are related to the problems he currently faces, Caudill told Salted Hash that IP related matters were not at issue.

"[There's] no IP related issues," he said. The answer was the same when it came to potential issues with the FCC.

The FCC question resurfaced because if encryption were used, it would violate FCC part 97 against amateur radio operators encrypting. There's also the issue of sales, which under FCC part 95 (sub one-watt consumer use device), requires validation – a slow and often expensive process.

Adding context, Michael Harris, Principal Security Analyst and Adjunct Instructor at the University of Missouri, commented via email:

"Many Hams have experimented with IP over ham bands, lower frequencies have throughput issues as one might expect and gear up a the 1.2 Ghz range is still too expensive. The current sweet spot is in the 800 to 900 Mhz range but is saturated by many other services fighting for that space from legacy cell phones to industrial controls doing short haul data to many spread spectrum and frequency hopping commercial radios.

"That general frequency range is a really noisy place to be and a proliferation of ProxyHam devices in that range would cause lots of problems in whatever particular band was selected. There is a huge fight over that frequency range going on already not just here but worldwide."

So if patents were not a problem, and if the FCC wasn't a problem - as confirmed by Caudill himself, why was this tool forced out of the public's reach? We may never know.

There is another possible reason, one that I felt was too extreme when I first pinned this rant: a National Security Letter.

If a NSL was issued, unless Caudill goes the way of Lavabit, he has little recourse and almost no defense against this. There have been cases where a NSLs have been used inappropriately, but it's rare to actually see proof in such cases until long after the fact.

But again, this is pure speculation. The point of the rant was that people need privacy tools, and ProxyHam would have made a great addition to the existing mix, but now we'll never get it.

For the record, I asked Caudill about getting a NSL, Caudill would only answer, "No comment."

Update 3:

There was an AMA on Reddit about ProxyHam earlier this month, for those who don't know. Also, Rob Graham has posted his thoughts about the issue on the Errata Security blog.

Update 4:

On Tuesday, Ars Technica spoke with the EFF about this topic. General Counsel and Deputy Executive Director Kurt Opsahl told them the NSL option was as far fetched as I thought. Given he's a legal expert, I'll trust his word.