his is a story about the way two seemingly innocuous features of computer technology have combined to violate a lot of people's privacy. And it's a story of how a cable modem provider nearly made a huge mistake, but ultimately decided to do the right thing.
A little more than a year ago, I got a MediaOne cable modem for my apartment in Cambridge. At the time, MediaOne asked me what I wanted for an e-mail address. For the past 16 years I've used the name ''simsong,'' so the folks at MediaOne assigned me the mailbox ''simsong@ne.
mediaone.net.''
MediaOne also wanted a ''hostname,'' or the name that would be used to identify my home computer on the Internet. I didn't know what name I should use, so the person from MediaOne suggested that I use the name ''simsong.ne
.mediaone.net.''
And that's what I did.
The second technological feature in this story is called ARP, the Internet's Address Resolution Protocol. When one computer on a local area network tries to send a message to another, it uses ARP to find that computer's address. Unlike other Internet protocols, ARP messages are broadcast to everyone on your local net. In fact, there is a popular Unix program called ''arpwatch'' that watches the network for ARPs and sends an e-mail message whenever it sees a new computer. The e-mail message includes the person's hostname, IP address, the precise time that the ARP was seen, and the manufacturer of the person's Ethernet card.
A few weeks ago I started running the arpwatch program on my computer that is connected to the MediaOne cable modem. I was amazed by what I found: Within the course of 10 minutes, I had hostnames of more than 300 different computers on my neighborhood cable segment. Many of the hostnames were recognizable individuals - they were a first name and a last name, or they were a last name and a first initial. I even recognized a friend of mine who is a prominent science writer. (He uses a Fast Etherlink XL card in a Gateway 2000, in case you are interested.)
I left arpwatch running, and over the next week I collected 400 more ARPs. What was particularly interesting about this second batch is that I could coordinate the time that I saw the hostname with the time the person turned on his computer. With a little bit of programming, I could have modified arpwatch to watch all of the hosts on the network and let me know when they were turned off. This would let me know, with a high degree of probability, when a person had left his home for the day and gone to work.
ARPs were pretty innocuous in the university environment in which the Internet protocols were first developed, but this information could easily be abused in an urban setting. I could use this information to target houses for burglary - just watch for a house whose cable modem has gone dead for five days, which probably means the family is on vacation. Or I could call the person up on the phone and do a pretty good job impersonating a MediaOne technician. ''Hello, Mr. Smith. I see you are using an Etherlink XL card in a Gateway 2000. We are running a special deal, in conjunction with Gateway, for people who pay by credit card. Would you like to enroll?''
I took my list of 735 MediaOne hostnames, IP addresses, and Ethernet cards and sent it to Rick Jenkinson, a spokesman at MediaOne. I also sent a handful of e-mail messages directly to people on the list, asking how they felt about the fact that this information was so easily available. Finally, I asked a bunch of people from the Massachusetts Institute of Technology for their opinions.
Most of the technologists seemed to accept this lack-of-privacy as an inherent result of the underlying technology. Other people had similar reactions: They knew nothing was private on cable modems - some said I was foolish to have thought otherwise.
But at least one person I contacted sent a complaint to MediaOne about my contacting him, and included a copy of my e-mail message. Eight days later, I received a message from Jenkinson, my MediaOne contact, saying the company ''will be contacting you in regards to sending unsolicited e-mail as it relates to your customer service agreement with us.''
I took Jenkinson's message as a veiled threat to stop my newsgathering activities - that is, to stop contacting other customers - or risk having my cable modem service disconnected.
I hope Jenkinson's e-mail message sets off alarm bells inside the heads of Massachusetts state regulators. If MediaOne wants to be the sole cable into our homes, offering television, Internet, and telephone, it can't make implied threats to people who are engaged in activities it doesn't like. Regulators certainly wouldn't tolerate Bell Atlantic sending its Annoyance Call Bureau after community activists, even if the activists were calling up every person in the phone book trying to raise money for their cause. MediaOne needs to realize the responsibility implicit in being a provider of two-way communications.
Fortunately, I never heard back from MediaOne's complaint department. Instead, I got an e-mail message on Monday from Rob Stoddard, MediaOne's vice president of corporate communications. ''MediaOne has changed its policy and will no longer be assigning host names based on a customer's e-mail address,'' he wrote to me. Furthermore, he said, any current customers can contact MediaOne to have their host names changed.
Meanwhile, the cable modem industry is working on a new standard, called DOCSIS 1.1, that should eliminate the ARP privacy problem altogether. The new cable modems screen out ARP messages that are destined for other subscribers, which makes it a lot harder to covertly monitor everyone in your network neighborhood. According to Stoddard, MediaOne will start deploying these new modems sometime in the coming year.
Technology writer Simson L. Garfinkel can be reached at plugged-in@simson.net.
Dow:
