SMPD blue

San Mateo cops create wireless web to snare criminals.

A high-speed pursuit along the 101 Peninsula ends in a San Mateo neighborhood where the suspect abandons his car and disappears on foot. A San Mateo police officer responding to the call runs the suspect’s plates and brings up a photograph on his dash-mounted Panasonic  Tough Book.

The California Highway Patrol officer who started the pursuit identifies the suspect from the picture. Then the San Mateo Police Department officer blasts the image to all patrol cars on duty, and the suspect is picked up off the streets 5 minutes later.

Until July, the SMPD’s dash-mounted computers could only download small amounts of text, painfully slowly, over a data radio network. And forget about mug shots, photos from the state Department of Motor Vehicles or other bandwidth-heavy images. For those, officers had to return to the station and download them off wired computers.

“We used to get only get text messages – ‘white male, five-foot-eight, 180 pounds.’ That’s not very helpful,” says Lt. Wayne Hoss, IT director for the SMPD, who received a $450,000 grant that financed the Wi-Fi  hot zone. “Now from our cars, we can put together a photo lineup of potential criminals, show the lineup to victims at the site of the crime, and print it as evidence for later on.”

The officers have a square mile of wireless Web access in and around the municipal and entertainment districts on the El Camino Real. By year-end that range will about double.

When they’re in range of the Wi-Fi hot zone, patrol officers (and soon, foot and bike patrols over PDAs) have wireless  VPN access to the state’s Department of Motor Vehicle databases, arrest records and mug shots, missing children reports, the sex offender registry and emergency dispatchers.

Cell hopping

In the first phase, 17 enhanced 802.11b Wi-Fi access points, being protected from the elements in a cast-aluminum casing, are placed about two blocks apart in a grid pattern and plugged into the photo adapters atop the city’s light posts. In the next phase, the deployment will make use of newer-generation Wi-Fi cells, with a more powerful 1-watt radio unit, so the SMPD will need only 10 boxes to cover three-quarters of a square mile. The Wi-Fi cells are produced by start-up Tropos Networks .

A hot zone is not to be confused with a hot spot, says Sri Srikirishna, founder and CTO of Tropos. A hot spot is a small-area 802.11b wireless network that plugs into fiber, such as those used in cafe’s, airports, hotels, Starbucks and, soon, McDonald’s. A hot zone spreads the coverage by using a more-powerful radio, and then hopping signals from cell to cell until they reach a backhaul into the wire, a process called cell hopping.

Of the SMPD’s 17 Wi-Fi cells, only three connect to the city’s pre-existing network: at the Parks and Recreation Department in the center of town, the fire department on the south and the police station on north.

While not for business campuses, which already have high-bandwidth wire for backhaul points, hot zones are particularly suited to areas where back-haul points are spotty or when the user base is spread out and moving, like at the SMPD, Srikirishna, says. Hot zones also are selling in downtown shopping districts. For example in Half Moon Bay, an ISP has installed the Tropos Wi-Fi cells and established a pay-for-use wireless portal for shoppers and diners.

“Nowadays, the concept is extending to anyplace a business wants to provide access,” he says. “The challenge is that running wired backhaul into each of these cells is prohibitive because you need high-throughput wires – and they’re expensive.”

Tropos’ wireless routing technology sends packets from cell to cell following the most efficient route to the nearest fiber trunk by examining signal characteristics in network paths available.

“Cell hopping is very much conceptually like the Internet,” says Srikirishna, who adds that in the 1970s, the military used this concept to try and create wireless ad hoc networks to connect troops on the battlefield.

Securing the signals

With any wireless installation, securing the laptops, encrypting the data in transit, monitoring and filtering firewalls at the entrance to the fiber network are paramount, says Diana Kelly, wireless security expert and security strategist at Computer Associates .

For security, the SMPD uses a NetMotion VPN for point-to-point, 128-bit encryption. Tropos’ traffic filtering is built into all Wi-Fi cells, which are monitored for performance through Tropos’ SNMP -compliant monitoring and management server called Patrol. In addition, the SMPD put a firewall/intrusion- detection server between the wired network and the Wi-Fi cell gateways.

But during deployment, laptop security got a little overlooked. Aside from two-factor authentication – one for computer access and the second for access to the officer’s Web portal, LawNet – the laptops have no firewalls and can’t be monitored for security policy compliance. But Hoss says he’s talking to security vendor, Symantec , about putting firewalls on the laptops.

“We’re getting on that, especially now that one of our computers has a virus on it and we can’t find which one it is,” Hoss says. “We had a numbering system. But the officers keep moving the computers from car to car because they save stuff locally on their drives, usually an unfinished report, that they want to get back to.”

Zoning out Who: The San Mateo Police Department, San Mateo, Calif. What: Hot-zone wireless network covering one square mile using 17 pole-mounted, enhanced Wi-Fi boxes with only three back-haul points. To come: Phase 2 to cover another three-quarters of a square mile with 10 pole-mounted Wi-Fi boxes, to be completed by year-end. Product: Tropos 5110 1w outdoor Wi-Fi cell:  $3,195. Tropos Control Element Management System:  $295 per license (minimum initial order of 20 licenses for $5,000). Applications: Places where high-bandwidth wiring would be prohibitive, such as downtown areas and malls where a single entity (ISP or Chamber of Commerce) could spread out access and relieve merchants from purchasing and managing their own 802.11b boxes and high-bandwidth fiber connections. Also for municipal mobile applications, emergency services, dispatched city engineers, and other uses in which data is required while moving through their territories.