Kill Switches and Remote Control

It used to be that just the entertainment industries wanted to control your computers -- and televisions and iPods and everything else -- to ensure that you didn't violate any copyright rules. But now everyone else wants to get their hooks into your gear.

OnStar will soon include the ability for the police to shut off your engine remotely. Buses are getting the same capability, in case terrorists want to re-enact the movie Speed. The Pentagon wants a kill switch installed on airplanes, and is worried about potential enemies installing kill switches on their own equipment.

Microsoft is doing some of the most creative thinking along these lines, with something it's calling "Digital Manners Policies." According to its patent application, DMP-enabled devices would accept broadcast "orders" limiting their capabilities. Cellphones could be remotely set to vibrate mode in restaurants and concert halls, and be turned off on airplanes and in hospitals. Cameras could be prohibited from taking pictures in locker rooms and museums, and recording equipment could be disabled in theaters. Professors finally could prevent students from texting one another during class.

The possibilities are endless, and very dangerous. Making this work involves building a nearly flawless hierarchical system of authority. That's a difficult security problem even in its simplest form. Distributing that system among a variety of different devices -- computers, phones, PDAs, cameras, recorders -- with different firmware and manufacturers, is even more difficult. Not to mention delegating different levels of authority to various agencies, enterprises, industries and individuals, and then enforcing the necessary safeguards.

Once we go down this path -- giving one device authority over other devices -- the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?

How do we prevent this from being abused? Can a burglar, for example, enforce a "no photography" rule and prevent security cameras from working? Can the police enforce the same rule to avoid another Rodney King incident? Do the police get "superuser" devices that cannot be limited, and do they get "supercontroller" devices that can limit anything? How do we ensure that only they get them, and what do we do when the devices inevitably fall into the wrong hands?

It's comparatively easy to make this work in closed specialized systems -- OnStar, airplane avionics, military hardware -- but much more difficult in open-ended systems. If you think Microsoft's vision could possibly be securely designed, all you have to do is look at the dismal effectiveness of the various copy-protection and digital-rights-management systems we've seen over the years. That's a similar capabilities-enforcement mechanism, albeit simpler than these more general systems.

And that's the key to understanding this system. Don't be fooled by the scare stories of wireless devices on airplanes and in hospitals, or visions of a world where no one is yammering loudly on their cellphones in posh restaurants. This is really about media companies wanting to exert their control further over your electronics. They not only want to prevent you from surreptitiously recording movies and concerts, they want your new television to enforce good "manners" on your computer, and not allow it to record any programs. They want your iPod to politely refuse to copy music to a computer other than your own. They want to enforce their legislated definition of manners: to control what you do and when you do it, and to charge you repeatedly for the privilege whenever possible.

"Digital Manners Policies" is a marketing term. Let's call this what it really is: Selective Device Jamming. It's not polite, it's dangerous. It won't make anyone more secure -- or more polite.

This essay originally appeared in Wired.com.

Posted on July 1, 2008 at 6:48 AM • 65 Comments

Comments

szigiJuly 1, 2008 7:19 AM

Well, I'm off to buy some Chinese made cameras and mp3 players. I'm pretty sure, they won't include this technology (they might include something else, though...)

Clive RobinsonJuly 1, 2008 7:35 AM

Unfortunatly all of these "kill switch" type ideas are based on outdated and a somewhat stupid premise that it is actually to your advantage to insist on such things and thereby have some kind of market or other advantage.

Take explosives for instance, a fairly sensible idea was to put chemical tell-tales in that would act as a manufacture and batch identifier so that it could be traced back through the supply chain.

Three things happened,

1) The theft of explosives went up
2) The manufacture of one of the more powerfull explosives decided not to play apparently as a mater of business policy.
3) People either made their own or used other types of bomb based around explosives that could not be easily traced (black powder etc).

Also verious Governments decided that the exploseves used by their armed forces should not be marked, and of course the stuff started turning up on various black markets...

So the idea was effectivly a failiur adding significant costs to those manufactures who complied.

Basicaly all these "absolute control" ideas either back fire, get misused ruin competative advantage or are circumvented.

A better option is to decide on how you are going to make it to peoples advantage to do what you want, then surprise suprise they tend to go along quite happaly...

GrahameJuly 1, 2008 7:38 AM

Stopping mobile phones in hospitals might be a good idea - but then what would the doctors and consultants do?

+ mobiles are useful on planes - in fact, I suspect they are responsible for the dearth of hijacking recently.

So not only is the execution flawed, the whole concept is flawed - unless the real point is something else, as you say.

RoenigkJuly 1, 2008 7:42 AM

"Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?"

With the experience the U.S. government has in maintaining the no-fly list, they would clearly be in the best position to issue and revoke authorities for consumer devices.

Lewis DonofrioJuly 1, 2008 7:54 AM

I believe this was covered perfectly in /.

http://tinyurl.com/3f4z3n

http://tinyurl.com/43j3v6 = 9.11/Flight 93
"Had the cell phones of the passengers on flight 93 been disabled by this technology, the passengers might not have learned of the hijackers' plans, and the hijackers might have succeeded in reaching their target. (speculated to have been Sears' Tower in Chicago, or possibly the US Capitol)."
__________________________________
Lewis Donofrio Sr. Windows / Unix Systems Administrator 734-355-0592

bzelbobJuly 1, 2008 7:55 AM

"Do the police get "superuser" devices that cannot be limited, and do they get "supercontroller" devices that can limit anything? How do we ensure that only they get them, and what do we do when the devices inevitably fall into the wrong hands?"

'Control' devices like these, given to the cops would already BE in the wrong hands.

Would someone explain why devices like these are even necessary?
To save gas during police chases??

Peter GalbavyJuly 1, 2008 8:11 AM

This is simply a further extension, as Bruce says, of media interests control over the sheeple. There are already laws and processes in place for Megacorp to sue SingleMom for copying music.

Allowing a company to, in effect, write it's own property laws would undermine any independent legal system we have.

AnonymousJuly 1, 2008 8:27 AM

So is Onstar moving toward making a system like theirs mandated by law? If people are worried about theft, one would think lojack would be good enough to recover the vehicle assuming you could convince the police to help you. Being able to stop a car seems more like a feature targeted to government wants rather than consumer wants.
I know I won't be voluntarily paying for Onstar anytime. If they are eventually mandated, I expect mine will break a lot between inspections.

D0RJuly 1, 2008 8:39 AM

> OnStar will soon include the ability for the police to shut off your engine remotely.

I see a large security hole here (not to mention issues concerning intrusion on your private life).
1) Bad guys break into the system.
2) Bad guys broadcast the "stop" signal on all possible frequencies to halt cars equipped with this device.
3) Some cars on motorways get halted in the middle of the fast lane...

derfJuly 1, 2008 8:58 AM

@szigi
Actually, a lot of this tech will probably be developed and perfected in China, where the prying eyes of the evil American user won't be able to complain about it until revision 3 is forced on us.

Carlo GrazianiJuly 1, 2008 9:03 AM

My guess is that version 1.0 of the pervasive, society-wide system based on this tech will be rolled out in China, and incorporated into what appears to be the most successful and scary high-tech surveillance society ever seen (See Naomi Klein's "China's All-Seeing Eye" article in Rolling Stone).

And, as with their existing integrated system of cameras, microphones, phone and internet network monitors and filters, and law-enforcement data-mining clusters, version 1.1 will be a wildly profitable export to the West.

There's rich irony there. While we vapor on about the alleged threats of direct attack from China, we will actually willingly allow them to deliver us into a prison of our own making, and pay them billions for the privilege.

Nick LancasterJuly 1, 2008 9:20 AM

"Speed" is not an appropriate example, as the device required the bus to *keep moving.*

And with an airplane, a kill switch is only useful if you're trying to prevent the plane from taking off. Once it's airborne, and the hijackers are in the cockpit, a kill switch is useless.

TSJuly 1, 2008 9:36 AM

Well, it's about time. I can't wait to start shutting off other people's phones on trains and at restaurants. Man, those people really annoy me.

Can't wait to turn off the engine of the moron driving 55 in the left lane. Hopefully he'll pull over safely, but after I'm past him, he's not my problem.

Once the system is in place in theaters, they'll assume it's foolproof and security will be much more lax, making it easier to record movies with older devices.

The future looks bright to me!

LoanstarJuly 1, 2008 10:10 AM

Kill switches? Lets go for Self Destruct buttons instead. With the voice over count down and all.

Mike CJuly 1, 2008 10:11 AM

An opt-in policy seems to cover almost all of these issues. If a user's device lets them know that another device, say X, is making a functional request of type Y, they can choose to accept the request, permanently block sender X, always allow requests of type Y from sender X, etc etc.

It seems to me the "manners" should be analogous to accepting cookies while web browsing. Some sites you allow, some you deny, but the choice is always yours.

bobJuly 1, 2008 10:31 AM

@D0R: Dont forget the lucrative potential in driving around seeing well-off people in cars or people who have just been to the ATM (ideally both), remotely shutting off their car in a deserted area and then robbing/raping/killing (whichever your specialty is) them.

Or even just operate a towing business, shut off cars remotely, then happen to drive buy and offer to tow them to the nearest service station for $100. If they pay you, you switch it back on and it just starts when you get there. In todays modern OBDII computer controlled cars even the dealerships are clueless as to what makes them run (or not) so noone will see anything wrong in a car that stops and then just starts working again. Heck, with Microsoft so prevalent, people will expect it.

These lawyer-infested social-control companies have about the same benefit to society as harvest mites ("chiggers"), but arent as cute.

My mom is looking at buying a new car. I told her not to get the Saturn she was interested in because it came with OnStar; which the FBI has used to eavesdrop on people (while that might not be offensive per se, in order to do so they have to shut off the emergency-service capabilities for which the system exists and for which people are paying shitloads of money to have active at all times, in order that they can system "in reverse" for the FBI and THAT I find offensive in the extreme)

The other day I hooked my new HDTV to the second output on my PC video card and set it to Nvidia's "put all video on the HDTV in full screen regardless of how it is on the primary screen" mode (great idea). Then when I tried to show my friends my home movies, the DRM in the TV showed a purple "blank" screen (even though they showed fine on the main PC screen), presumably because I hadn't paid the RIAA any money in order to get permission to play my movies I made myself.

RayJuly 1, 2008 10:33 AM

@Clive

As always, your comments are thought-provoking and rife with spelling errors. Sometimes it is hard to absorb the former due to the latter. Perhaps you could type up your reply in an editor that utilizes a spell-checker and copy/paste the text here?

Seriously, I am just trying to help. Keep up the good work!

Michael AshJuly 1, 2008 10:36 AM

@Nick Lancaster

"Once it's airborne, and the hijackers are in the cockpit, a kill switch is useless."

This is only true if you're interested in saving the airplane. If you're only trying to save people on the ground and don't care about the airplane a kill switch is still useful. Given the events of a few years ago, I think a lot of people are thinking this way now.

OFF userJuly 1, 2008 10:44 AM

"This is really about media companies wanting to exert their control further over your electronics. They not only want to prevent you from surreptitiously recording movies and concerts, they want your new television to enforce good "manners" on your computer, and not allow it to record any programs."

Where there is power, there is resistance, so to speak. Check out OFF.
"OFF, or the Owner-Free Filesystem is a distributed filesystem in which everything is stored in reference to randomized data blocks, as opposed to a 1:1 copy of the original data being inserted. The creators of the Owner-Free Filesystem have coined a new term to define the network: A brightnet." offsystem.sourceforge.net

Networks put users in control of the networks and let the chips fall where they may. Media companies are something like casino companies, in that you need a lot of suckers to make the economic model work!

OFF userJuly 1, 2008 10:56 AM

Here's some math on off.
11230243302314110327…264211 = A
12102741001515622171…134513 = B
47379872610938161983…471179 = C
02810398720484003497…102380 = D
We showed above that (A+B) could represent, “Lawyers, Guns and Money”. Interestingly, at the same time (A+C) could represent, “Oops, I did it again!” Who then owns A, Warren or Brittney? Also (B+D) could represent, “Piano Man”. So who ones B, Warren or Billy? Each of these numbers can represent an infinite number of things simultaneously.
Non-copyrightable Numbers
No one person can lay claim to any particular number because other people can and do have equal claim to the same number. In fact, everyone can lay claim to any number since every number can be used to represent any work.

I guess you could say numbers aren't subject to speculation. Media companies can't outlaw numbers and if the numbers are random, they lose count easily. An OFF OS would mean no more need for corporations to write OS software because the need for control rest with the OS user or in my case the OFF user.

2EasyFuseJuly 1, 2008 10:59 AM

Kill switches are easy, its the control mechanism and security that could be problematic. Remote control, grr, when is the gov/powers going to put kill switches/remote control (drug injection) in our bodies? What about in our sex organs?
Terrorism is nothing compared to the effects of power absolutionism (Nazi style world coming, however more subtle and quiet.)
The book 1984, is a peaceful read compared to today. GRR.
9/11 sure changed a lot of things in bad ways.
Privacy is already gone, but now, absolute control is the last frontier left.
Disturbing.

Steven HooberJuly 1, 2008 11:04 AM

For those talking about airplanes falling out of the sky, and cars coming to a screeching halt in freeways, get real. The OnStar one, for example, has already been discussed in detail and has obvious safety features built-in; as I recall the car slows down, and you cannot make it speed up again. Once stopped, that's pretty much it. It doesn't KILL the vehicle, or blow it up, or shoot everyone in the head and light it on fire. Same would clearly be true for aircraft; it would move to a low-performance mode, or I guess try to auto-land somewhere (which is a bit dicier).

Not to say the trend is not bad. But more un-obvious exploits (I like the towing service) will be the issue.

HarryJuly 1, 2008 11:20 AM

A similar discussion was required when digital telephone switches became commercially feasible in the early 1980's. One of the touted benefits was the ability to program in automatic calling priorities in case of emergency. Local first responders if there were a natural disaster, US military if there were a war or first strike. Lots and lots of talk.

AFAIK, only the Soviet Union acutally implemented it. That's not a role model I care to emulate.

OFF userJuly 1, 2008 11:20 AM

Absolute control would mean turning off the Mississippi River. All the controls on the river are now working against the intended purpose. Muskrat holes weakened a Mississippi River levee on Friday, allowing floodwaters to pour into Lincoln County, Missouri. Who would of figured that muskrats could defeat military engineering? Muskrats also benefit from human persecution of some of their predators, so we empowered them to do this. In several Native American creation myths it is the muskrat who dives to the bottom of the primordial sea to bring up the mud from which the earth is created, after other animals had failed in the task. Muskrats now have absolute control and we got a big flood. Love that muddy water.

RoyJuly 1, 2008 11:33 AM

The DRM people like the idea of preventing unauthorized use of their software, 'content', or whatever. Turn on your machine and their software 'calls home' to verify that your machine is currently licensed to run all of their software and 'content' residing on your machine. If they cannot confirm this, then not only will the software not run, they're thinking about disabling your machine.

Now imagine a DOS attack on the license verification network. All DRM-infected machines when they come up will go down and stay down, never to be seen again.

If governments and businesses are capable of learning, then the replacement equipment will be open source and Microsoft and their ilk will go out of business.

OFF userJuly 1, 2008 11:38 AM

Baran, On a Future System Development
"In communications, as in transportation, it is more economical for many users to share a common resource rather than each to build his own system--particularly when supplying intermittent or occasional service. This intermittency of service is highly characteristic of digital communication requirements. Therefore, we would like to consider the interconnection, one day, of many all-digital links to provide a resource optimized for the handling of data for many potential intermittent users--a new common-user system."
In other words it can't be destroyed or monopolized.

"The routing doctrine should find the shortest possible path and avoid self-oscillatory or ring-around-the-rosey" switching." We all don't fall down. We fall OFF.

OFF userJuly 1, 2008 11:56 AM

"If governments and businesses are capable of learning, then the replacement equipment will be open source and Microsoft and their ilk will go out of business."

Proprietary software encourages ring-around-the-rosey switching. The routing that avoids the longest path is the most efficient and thus is the most open system. It's faster, better and cheaper. The result is less energy is wasted because less energy is used to keep the network functional. You don't need to keep stamping out little plastic discs and tons of packaging that also wastes energy. The result is higher performance at lower costs, so it can't be beat. Producing software in physical form all to prevent it from being copied is a dead-ender.

o.s.July 1, 2008 12:16 PM

"Once we go down this path -- giving one device authority over other devices -- the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power?"

Unfortunately the answers to both these questions is no one and absolutely nothing. Lots of people wrongly assume that it's ok to give up all freedoms if you've done nothing wrong but man oh man wrong again.

OFF userJuly 1, 2008 12:17 PM

Baran, Lowest-Cost Path

"We seek to provide the lowest cost path for the data to be transmitted between users. When we consider complex networks, perhaps spanning continents, we encounter the problem of building networks with links of widely different data rates. How can paths be taken to encourage most use of the least expensive links? The fundamentally simple adaptation technique can again be used. Instead of incrementing the handover by a fixed amount, each time a message is relayed, set the increment to correspond to the link-cost/bit of the transmission link. Thus, instead of the "instantaneously shortest non-busy path'" criterion, the path taken will be that offering the cheapest transportation cost from user to user that is available. The technique can be further extended by placing priority and cost bounds in the message block itself, permitting certain users more of the communication resource during periods of heavy network use."

The people running up oil prices should take note of this idea. Performance does not always rise with price. Often it goes down as price continues to rise. The result is higher costs without a rise in value. Food quality suffers and you get a bad tomato.

BillJuly 1, 2008 12:29 PM

Didn't I hear about this super-control system in some movie about an old book?

".. one ring to rule them all, one ring to bind them... "

I Hate RIAA/MPAAJuly 1, 2008 12:53 PM

@bob

"Then when I tried to show my friends my home movies, the DRM in the TV showed a purple "blank" screen (even though they showed fine on the main PC screen), presumably because I hadn't paid the RIAA any money in order to get permission to play my movies I made myself."

Here's a legal theory for you. According to the DMCA, you as the copyright holder can use any technological means, no matter how obvious, easily-defeatable, bone-headed, etc. to protect your rights. You did. You encoded your video in whatever format you used. nVidia is guilty of circumventing the technology you used to protect your right to view your own video.

OFF userJuly 1, 2008 1:52 PM

Why is it taking so long to find the source of those bad tomatoes?

"The raw spinach came in bags that some patients still had in the refrigerator, bearing UPC codes that led investigators to a supplier and eventually to the exact field that had been contaminated by wild boars."

"The technology exists today that would allow for much better traceback of commodities like tomatoes, but it won't be used until the industry is required to by the government," says consumer advocate DeWaal. AP

We're busy tracking downloads while our food goes to hell.

Nick LancasterJuly 1, 2008 2:22 PM

@Michael Ash:

"This is only true if you're interested in saving the airplane. If you're only trying to save people on the ground and don't care about the airplane a kill switch is still useful. Given the events of a few years ago, I think a lot of people are thinking this way now."

I'm talking about its effectiveness in stopping a hijacking. I repeat, a kill switch is of no use once the plane is airborne. Causing a plane to drop out of the sky at some random point via kill switch isn't exactly 'saving people on the ground.'

Tossing in the 'post-9/11 mindset' nonsense doesn't validate the argument. It's time we stopped treating 9/11 as the moment the scales dropped from our eyes and we woke to a new understanding of security.

Go back to Bruce's basic questions - what is the measure trying to prevent, how well does it do its job, what consequences does it impose, and, given the above, is it worth the cost?

AndrewJuly 1, 2008 2:40 PM

"Smart guns" are a recipe for disaster. Current plans are for guns that can only be fired by an authorized user, perhaps one wearing a ring. The failure modes here are grisly. "What do I do if I'm fighting for my life when my gun crashes?"

I completely agree that the police are the "wrong" hands for many of these overrides. Documentation and verification are imperative. I want override devices which themselves create multiple types of hard audit trails, at.a bare minimum.

Public incident tracking too. No "national security exceptions" which are not reviewed by a court. Unlimited manufacturer liability for direct and indirect damages too.

If you think of Taser as an override for the human nervous system, why does every other piece of consumer technology need to be pre-fitted with a "stun" setting?

Jeroen NijhofJuly 1, 2008 2:49 PM

In comment on a previous blog entry someone got it right about the buses, I think: it's the bus company getting the DHS to pay for the anti-theft device.

Those buses don't necessarily have keys and locks like normal passenger cars, too much hassle with drivers changing etc. A few years ago there was an article in Dutch newspapers about a ~10 year old boy who repeatedly went joy-riding with buses: he knew where the door opener button was hidden...

PhillipJuly 1, 2008 3:06 PM

Imagine terrorists getting their hands on a device that forces phones into "sleep" mode. Walk into an airport with a non-armed person who carries a device to put all cell phones in to "sleep" mode and move in with your massve armed army. You've now cut off 90% of the communication within that airport, congratulations. Start Seizing....

PhillipJuly 1, 2008 3:11 PM

"The patent also notes that a digital manners policy could also be used in museums or locker rooms as a means of preventing photography, and could even potentially function as an additional layer of wireless security by preventing unapproved devices from even detecting the existence of a wireless network. "

That is SOOO much BULL. That "technology" exists today -- it's called turn off SID broadcasting on your Access Point. Yes, those who have cards in a sniffing mode can still see traffic on your network. In order for Microsoft's idea to work EVERY manufacturer of wireless network devices and/or every maker of a network operating system would have to buy in. Don't count on the Linux Kernel to support such an idea and count on someone patching it out if it does. Really, who is this going to prevent from discovering your wireless network? Sure, maybe someone with an iPhone, how about someone with a laptop with *NIX on it?

Davi OttenheimerJuly 1, 2008 4:20 PM

Control freaks gone wild.

I can just imagine the fun and games trying to keep things safe when there are cheap and pervasive kill switches littering our lives.

Chris ThomasJuly 1, 2008 5:36 PM

Here's how I see it.... The policies and the laws are what they are; we have no ability to alter/change these things in any ways. Laws are advantageous in some aspects, as without the revenue generated by people actually paying for the software would ultimately culminate with no one making money whatsoever... However, even if what you are doing is against the law, you should still have the privilege to be able to do it (break the law) and then you could face the consequences. A world in which everyone denies those privileges to protect each other defeats the whole purpose free-enterprise. Such faults in program code allow for others to advance security further, and new systems are developed. Why should we be prohibited from doing such things by actually taking away our privileges of doing them? To protect us? Do you think the Wright brothers had product development liability insurance??? These prohibitons to inhibit our possibility of breaking laws do nothing but curtail our basic liberties and smother our creativity.

StriderAJuly 1, 2008 8:09 PM

I personally think this might be a good idea IF it can be turned off. I'm all for my cell going to vibrate when I go watch a movie, or turning off in a hospital. However, I would want a switch to give me the option to be 'polite' or not. If someone tried to hijack a hospital, I would definitely want to be able to turn on my phone (ie: turn on broadcast) and call the police.

DevinJuly 1, 2008 9:50 PM

You know what would be awesome though?

Digital Manners Reminding.

It's like Microsoft's plan, but opt-in. I set in my phone's options that it should allow itself to be set to vibrate, but not allow itself to be turned off. Then I can't forget to silence it in a movie. Or if I need to (I visit a hospital a lot, say) I could let it be turned off. Hell, if they were smart about it, they could just set the phone up with a mode where it stays on, but doesn't transmit anything for any reason, just waits until it doesn't receive a no-transmit signal anymore, then turns on again.

SparkyJuly 2, 2008 1:23 AM

Aside from such systems being cracked or abused by authorized users, the system is fundamentally flawed because any attempt to control a device that is physically in the hands of an attacker will fail, no matter how many millions they spend on trying.

I can understand why an electronic locking system on guns could be desirable. I've heard that something like 1/3 of the police officers killed in action are shot with their own or partners gun.

But when you do a quick FMEA (Failure Mode and Effects Analysis, used in mechanical engineering), you quickly see what's wrong with it.

There are 2 basic failure modes: the gun won't fire when an authorized user tells it to (I.E., jammed if it's using an RF system), or it will fire without authorization (locking mechanism modified or removed, or token is copied).

The thing is, any remotely competent freshman electronics student will be able to remove or disable the locking system. It could be as simple as cutting the antenna, changing the receivers resonance frequency, or removing or replacing it completely.

Movie plot threat (location: somewhere in the US):
Remotely activated locking mechanisms are now mandatory on all guns.
5 armed men, with modified guns that have a little switch to override the locking mechanism rob a large bank, the switches initially set to "normal".
An heavily armed SWAT team moves in, and after some shots being fired, sends signal to lock the robbers guns. The robbers guns cease fire. SWAT team thinks the cat's in the bag, and moves in to put on the handcuffs. At that moment, the robbers switch their guns to "override", and turns on their hacked or stolen transmitter to disable the SWAT teams guns, instantly disarming the team completely. End result: entire SWAT team is killed, robbers get away with the loot.

Jude UmehJuly 2, 2008 9:52 AM

Great article Bruce.
The complexities and implications of this one, as noted in the other comments, would make even media DRM issues look like a walk in the park. I posted a similar take on the British Computer Society's DRM blog at: http://www.bcs.org/server.php?...
It would be interesting to get your comment on it too.
Jude

anonymousJuly 2, 2008 9:55 AM

Sparky

(1) Every legislative proposal for "smart guns" (or whatever they're called) exempts the police.

(2) If you're not familiar with Radley Balko's work, the SWAT team would not be at the bank confronting heavily armed criminals. They'd be busting in some suspected pot-smoker's door at 2:00 AM, since there is less risk to themselves that way.

http://www.theagitator.com/category/...

http://www.cato.org/pub_display.php?pub_id=6476

http://www.cato.org/pubs/wtpapers/...

2realFuseJuly 2, 2008 10:48 AM

Implementing a kill switch is easy with recent/new cars. Pull the right fuse, car still runs but VERY weak! There you go. Not advised to play with your cars electronics, but all that is needed is just a control mechanism, the leads just goto a solenoid and hook up into a fuse. GRR. Sucks.
Side affect of coming total control is a full on race to ownership/lockin of anything of value. Disturbing times sure are coming.

Dick C. FlatlineJuly 2, 2008 11:32 AM

1. Create a new technology that gives you a new level of control over other people.
2. Be too rock-dumb to realize (or too much of a dead-eyed whore to care) that every 15 year old on the planet will be able to use it to create utter havoc.
3. Give it a cutesy-pootsy name so the drones will salivate for it.
4. Bank your millions/billions and consign your children to a living hell.

Pray that the Planetkiller is coming soon!

ScarybugJuly 2, 2008 1:55 PM

A "license revocation attack" was a tactic used by a hacker in the excellent (and free online) Vernor Vinge novel "Rainbows End" This worked similarly, all of a sudden everyone's devices/vehicles/robots stopped working, causing havok. The problem was that the devices contained no "user serviceable parts".

We need open-source hardware. Hopefully cheap manufacturing of electronics will allow everyone to have a circuit printer in their homes some day.

KanlyJuly 2, 2008 6:09 PM

It's pretty bad. In Sydney for World Youth Day (a week-long Catholic event costing the NSW taxpayer $120M) Parliament has passed legislation banning anything "causing annoyance" to Catholics, including T-shirts or protests by abuse victims of the church. There's a lot of people upset at what the government has done, and I'm betting there will be some civil disobedience. The Chaser guys have asked people to record abuses on their mobile phone cameras.

Imagine if we had Microsoft's "Digital Manners Policy" built into the devices. The NSW Government could just turn everything off.

http://www.smh.com.au/news/national/...
http://www.smh.com.au/news/opinion/...

John CampbellJuly 2, 2008 7:41 PM

Well... I can see this being included in medical equipment, like pacemakers.

Since higher DOA rates cut medical costs for various insurors, I am certain they would approve of such a feature.

mooJuly 2, 2008 9:11 PM

The "license revocation attack" is a pretty old idea (discussed ad nauseum with respect to Windows XP and Vista activations schemes, for example).

But it reminds me of the "jamming" activities in Cory Doctorow's novel, "Little Brother". (Available for free from his site: http://craphound.com/littlebrother/download/ )

I read it recently and found it very entertaining. I think it demonstrates pretty well, what happens when you let governments or other large institutions collect power and authority to themselves, and don't question or challenge them when they start to abuse it. I hope this generation of teenage Americans is paying attention, because the U.S. is already a country I wouldn't want to risk travelling through, and seems to be well on its way to being a true police state.

TheDoctorJuly 3, 2008 3:26 AM

Scarybug allready cited Vernor Vinge.
Another story from him "A Deepness in the Sky" where "Ubiquitous law enforcement" is introduced.
Everything is wired and if law enforcement decides so even the teddy bears from your kids try to stop you...

offJuly 3, 2008 9:23 AM

Your deal gets killed and then what...Unable to strike a deal on its own, Microsoft Corp. reportedly is hoping to snap up Yahoo's online search operations with the help of News Corp. and Time Warner Inc. ...

"Beginning in 1996, corporations began gobbling up every newspaper, billboard, radio and TV station in the United States. Ironically, since then, readership and ratings have plummeted, resulting in entertainment executives and editors programming even more sensationalist and desperate content. Lazlow discusses how parody of the media in video games, on TV, and online can often garner a larger audience reaction than the media establishment itself. He will describe why the mainstream media invents crises, and the reaction by the media and Hollywood establishment to the growing popularity of interactive worlds where players are celebrities rather than smug starlets tittering for TMZ. How can you hack the media?" Last Hope scheduled talks. Grand Theft Lazlow

I guess the goal is to make Yahoo as dull as it can be. The first round of consolidation was about centralizing media power, now it's about beating Google which is hard to do. All Google needs to do to win is add more features and let users generate content. You can't beat the users. If you try you lose the users. If Google runs on more devices, the users will determine how they are used and Google will facilitate that use by being responsive rather than controlling. If Google becomes controlling, users will look for options where they have more control so it makes sense that Google lets users follow their own paths of least resistance. Remote control is user control. There's no need for kill switches. Give the user all the control and the network expands based on what users need. The Microsoft strategy is to tell users what they need and tell them why. The average user wants it cheap and plentiful and Google delivers this. Microsoft is expensive and exclusive, thus the network is all about centralized control and not user control. They want Yahoo for the users they can't get based on their idea of innovation.

AndyJuly 3, 2008 12:16 PM

A number of years ago, my young teenaged niece suggested a kill switch for airliners. If a sufficiently large fraction of the passengers pressed a button at their seat, control of the aircraft would be taken from the cockpit and given to a remote controller.

I still think that this could be a valid mechanism, but it prevents a form of attack that's just not going to be used again.

Mr ReidJuly 3, 2008 12:31 PM

The comparison between Digital Manners Policies and Anti-Social Behaviour Orders is creepy. If there's a better way to destroy the internet and a bunch of freedom, I can't think of it off the top of my head.

Hooty-hootJuly 3, 2008 12:35 PM

Food for though:

Some schools were trying to ban cell phones or apply devices to block their reception/broadcast from school buildings...until Columbine. The use of cell phones in an emergency can overwhelm 911 operators, but it can also offer tactical advice and information to law enforcement. Our schools now have a policy that as long as they don't see/hear the phone, it's ok. Don't ask, don't ring...if you will.

Banning, turning off, blocking...it has some real negatives.

Clive RobinsonJuly 3, 2008 2:42 PM

Just a thought about MS's patent,

If you thought it likley that the U.S. Gov where going to pass legislation on such technology making it a legal requirment, what would be the return on investment on having a patent that covered the essential requirments?

It is estimated that the US spend on semiconductors for consumer electronics is 63.4 Billion USD.

What would you give to have 1% of that market for nothing more than a patent?

It could be the best investment MS have ever made...

ParatrooperJJJuly 3, 2008 2:50 PM

Cellphones in hospitals? How do you think doctors communicate with each other??? Cellphones!!!

SumDumGuyJuly 3, 2008 3:32 PM

@bob
Chances are the reason you did not get a picture was that the settings for the 'overlay' were not set correctly. It is a common problem with video cards that have two outputs.

The way HDCP works is that the device (in this case your video card) refuses to transmit the 'protected' content to the television unless the HDCP handshake is happy. But the TV itself will display any video sent to it, HDCP-encrypted or in the clear. In other words, the tv does not discriminate whether the video signal is encrypted or not, it will display it either way.

MikeJuly 4, 2008 6:59 PM

first posted at blagnet.net:

This promises yet another wasteful hackers-vs-would-be-controllers battle which will always be won by the hackers.

Phase one: Cut the wires or traces to the kill device, or fry it with a high-frequency discharge. This will be made illegal, and interlocks will be introduced such that such a simple attack is well nigh impossible.

Phase two: “Mod chip” type addons which integrate themselves lamprey-like onto the system and subvert it become available from black fabs in China and elsewhere. These will be made illegal, and distributors of the devices will face prison and fines.

Phase three: Reverse engineering and firmware cracking into the killswitch devices will enable installation of null, bypass, dummy or other code to defeat its function. Extra functions may even be found able to run in the processor/memory space thus liberated. These will be made illegal, and the government will mandate manufacturers to take more stringent security measures in hardware and software design. Hackers release first working Ubuntu distribution for Big-Brother-in-your-Car platforms.

Phase four: Chip-etching and electron microscope attacks against “secure” hardware enable discovery of design flaws, manufacturer backdoors, debug interfaces and other points of weakness. Exploitation devices and code take advantage of these, and are made illegal.

Phase five: As the hardware technology becomes tougher to crack and exploit, other avenues will be employed. In the connected future it will be an easy (though non-trivial) matter to play man-in-the-middle on a vehicle-wide killswitch network by sending periodic challenge/response authentication datagrams via p2p networks to black service providers who deliver a simulation of the supposedly cryptographically-secure “keep running unless these messages quit coming” deadman switch mechanism, either for profit, hobby or underground reputation cred motivations.

For info on how this last phase is currently playing out in the world of digital satellite television, google “gbox”, “newcamd” or “newcs”.

LottJuly 11, 2008 1:37 AM

I would really like to see someone do a denial of service attack to a fleet of buses equipped with that slow down and don't restart device.
Image all buses in a major city like New York all stop at the same time wherever they are; what a major traffic collaps.
Maybe they would wake up then and realize that these prevention mechanisms are extremely vulnerable against denial of service attacks.

SusanJuly 16, 2008 5:11 PM

Some people believe that customizing content to device capabilities is a benign service ripe with commercial applications. They forget security and privacy implications, for example what a device description repository enables. The W3C Working Draft for DISelect appears unfinished (last updated 2006). Their technical architecture group (TAG) published "On Linking Alternative Representations To Enable Discovery And Publishing" which is some theory on catering content to device capabilities. My suggestion at the time was to add RAM to cell phones (who'd a thunk it). I would rather be left alone, thank you.

SusanJuly 17, 2008 6:43 PM

Woops, my mistake, sorry for the extra post. DISelect has a call for implementations from mid-2007.

MichaelcApril 15, 2009 8:54 AM

It will be trivially easy to overcome these measures by the people that want to. Antennas are easy to disconnect or block, and radio jammers are already available, so the only people that will be victimized by this new level of control will be the general public, not the determined lawbreakers.

In the same way that the TSA does very little to discourage actual terrorists, but is brilliant at making us feel we live in a police state, these new measures will be yet another way to train the public to submit to authority.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..