Category Archives: Security

Security

FBI Tracking Device Removal

Leave a comment

A resident of Santa Clara, California discovered by accident that the FBI planted a tracking device on his car

Afifi said the strange series of events began Sunday, when he took his car in for an oil change to a garage not far from his Santa Clara home. As the car was raised, Afifi said he noticed “a wire hanging out.” Then he noticed “a black, glimmering device.”

Mazher Khan, owner of Ali’s Auto Care, had no idea what it was but he agreed to yank it out. Afifi left with the device and drove home.

On Tuesday, Afifi said he had just gotten home from work when one of his roommates came in and said, “There are two suspicious people standing right by your car in the complex.”

It is a strange story to begin with, but then it gets even more strange when the FBI show up and request that the big black devices of wires-and-magnets be returned to them.

“All right, where’s the device you found under your hood,” the agent said, according to Afifi. “He goes, ‘Yeah, we put it there.’ “

[…]

“I gave it back to them and said, ‘Is this what you needed?’ ” Afifi said. “He goes, ‘Yeah, this is it.’ “

Ali’s Auto Care now can update their ads to include “Tracking Device Removal”, or maybe even offer an Internet coupon. Note that Divorcenet.com suggests GPS tracking devices could be a wider problem than just with law enforcement.

The use of GPS systems is increasingly being used to monitor cheating spouses. The falling price and shrinking size of GPS systems have spouses from all walks of life keeping track of their “better” halves. Spouses can now use a GPS device to follow a vehicle, and presumably the cheater, behind the wheel. The GPS system’s software works seamlessly with online map services such as Google Maps. Thereafter, the suspecting spouse can sit back and wait for that “gotcha” moment.

Spouses are said to legally be entitled to track their “own” vehicles. The question becomes one of ownership, and then privacy.

The legality of secretly planting a GPS system is a very fact-sensitive analysis. Like checking a spouse’s email, the legality of secretly planting a GPS tracker depends on who owns the vehicle. In a purely technical sense, if you own the vehicle or have joint ownership of it, then it is perfectly legal to use a GPS system to monitor it. Spouses can legally access their spouse’s email in scenarios where there is a jointly-owned computer or a computer that is used by the entire family. The key issue in the planting of a GPS system is whether the spouse who was tracked had a reasonable expectation of privacy. The question apparently has yet to be raised in a divorce case in New Jersey. The law is normally five years behind technological developments.

I am not a lawyer but the “reasonable expectation of privacy” test seems a bit weak. The courts have already ruled in the US that there should be no expectation of privacy in your driveway from the government, for example.

Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go. This doesn’t violate your Fourth Amendment rights, because you do not have any reasonable expectation of privacy in your own driveway — and no reasonable expectation that the government isn’t tracking your movements.

Another opportunity for the security market. Someone should start selling Fourth Amendment tents for the  driveway — now even you can set up a reasonable expectation of privacy on your own property.

Security

Our Scale is Wrong

Leave a comment

I walked behind a nurse into the doctor’s office.

“Shoes off please and stand on the scale so I can measure your weight and height” she said in monotone, clearly excited to be taking a reading for the hundredth time that day.

I complied; she read the results to me.

“Are you certain?” I asked “That height measurement seems off by a factor…”

She shrugged and started to turn away “Oh, a lot of people say our scale is wrong.”

When a health care provider has a hard time calibrating height I am tempted to question how they measure dosages and other more important metrics, let alone privacy controls.

Energy, History, Security

How to Make Quality Technology

2 Comments

An excellent lecture with common sense. RSA Animate illustrates why profit is not the best motivator for quality.

First, I disagree with the start of the presentation. The science is not freaky or surprising. People are still as manipulatable and predictable as ever. I explain this in my social engineering presentation where I demonstrate common fraud methods. Profit may be less important than American economists thought, but it reminds me that economists study…profit. Only an economist would say it is “irrational” to play an instrument. Social engineering experts, or even anthropologists and political scientists, are obviously going to be less likely to focus on profit when researching motivational factors. They see people manipulated by things like pride, prejudice and authority and realize that in many cases none of it is profit. With economists it really should be no surprise that profit is not always the prime motivator. This lecture concludes that mastery, purpose and contribution are motivators but there are others as well.

Second, I have to question why economists were ever under this impression (the lecturer says he believed only in profit three years ago). Why did they see profit as the sole and only motivator? I bet a huge clue is right at the start of the lecture when he says “mechanical skill” is very successfully manipulated by profit motive in business. Immediately it comes to mind that Henry Ford, Thomas Edison, and other industrialists were proponents of mechanical skill.

Perhaps it is from this era that a perception of a beautiful assembly-line with profit as motive became some kind of ideal. An American could create massive wealth as owner of a highly mechanized system of production. Inventor of the car was not Ford, Inventor of the light bulb was not Edison. I have seen scant evidence they believed in incentives for innovation, just output that allowed high margins. The Ford company showed this in spades over the past ten years when they pumped out SUVs for profit at a time when they could have innovated in hybrid cars with a purpose. That decision almost killed them, even though they had a few good years before the crash.

Ford and Edison, who actually were good friends, believed growth through profit incentives was the ideal path for everyone else because they saw it as their own path of success. Those who could produce more product, garner more profit, wrote the story of motivation. Ford not only did not innovate but he struggled with the basic concept of changing paint colors in cars to let consumers innovate and differentiate from each other. Edison meanwhile never actually invented anything (am I getting too excited here?) — he actually setup a warehouse full of mostly immigrants, poorly paid, who were hired to invent for him and then put his name on whatever they came up with. The inferior lightbulb he produced (inefficient use of energy and short life) was highly successful because it was produced faster than anything else and more consistently. His profit motive led to more profit than his competition, which enabled him to win in a race for profitability and NOT good product. Easy to see how mechanical skills were the focus of the empire he built. Americans came to believe in him as an inventor because he had great marketing and cash in the bank.

Regardless of whether you buy into my hypothesis (rant?) about Ford and Edison it stands to reason that other incentives, such as purpose, existed all along; they have been just poorly represented as goals against those who were profit driven and used their profit to market a particular vision of success. Nonetheless the mechanical skill view had many more years of success examples before losing much of its appeal. It carried the country all the way through the difficult 1940s. The Sherman tank, for example, was not superior or innovative but it was produced at a much faster pace than the enemy’s. A German Tiger tank would often face three or more Sherman (there were roughly 50 times as many Shermans on the ground to fight the Tigers). The Americans knew, in other words, that they were at high risk when put head-to-head against a tank better-suited for its purpose (longer range with better armor). However the US did not choose to improve quality, despite risk, when they found mechanical skill and assembly-lines (produced faster than anything else and more consistently) also achieved results.

Return for a moment to the question of why economists are surprised. The 1950s saw the vision of profit as motive begin to unravel in America as disillusionment was expressed by the likes of Kerouac; he said why work so hard in highly mechanical tasks if profit (margin and/or quantity) may never come but also was never truly fulfilling. This divergence from profit as a prime motive really came undone by the late 1960s during economically innovative years of “goodwill” and “free” stores that “recycled” without profit. This seems like yet another example of why economists have no reason to be surprised, but I’ll leave that thread for another day because it also touches on interesting points about compliance and regulation.

Back to the lecture it says the economists noticed their new test actually works outside the US. They position this as proof that purpose as motive is not an anomaly. I say this actually proves that the US is the anomaly. It works elsewhere because it should not have been a surprise in America; a period of rapid and dynamic mechanical skill growth with money as a motivator in the US does not mean the other motives never existed or would not come back. The industrial revolution through fabrication and mechanization generated a fascination so intense it even bled into sports — baseball, football and basketball — that are highly mechanical in nature and reward. Compare their program, run, stop, review, repeat and incentive system to a game of soccer.

With all that being said it also is notable that innovation in America has typically come from those not working with profit as their prime motivator. Post-it notes are a fun example. The proof is right under our noses. Those who say Apple is highly innovative have to prove it to me; as a life-long Apple consumer I don’t buy it. Show me an iPhone and I will give you a list of all the ideas it incorporates from others. All the way back to the first mouse debate it was clear to me that Jobs and Woz are the best at refining others’ ideas, not creating new ones. This is not to say they are driven only by profit, but it sure fits their motivation profile a lot better than Einstein’s.

If you still don’t believe me. I will go into much more depth on this when I present on the “Top Ten Breaches” next Wednesday at the RSA Conference in London. How does this fit security, you might ask?

The best defense prepares for attacks other than the ones motivated by profit alone — the most dangerous attacker may not be profit motivated at all. Likewise, the best defense is developed through incentives other than profit. As the lecturer points out, bugs will be fixed for free and much sooner if you can accept and promote motivations outside of profit. It is through these two views of security management that we really are looking at ways to find quality. I hope to see you there.