At 11:16 AM 6/16/03 -0500, Shawn K. Quinn wrote: ...

I personally find the privacy implications of EDRs rather unsettling. This story doesn't change that one bit. However, in this particular case, I don't think what the EDR said really matters. The three paragraphs from the story say a lot about what happened here:

... It seems intuitively like the EDR ought to be about as valuable to the defense as the prosecution, right? E.g., the prosecutor says "this guy was driving 120 miles an hour down the road while being pursued by the police," but the EDR says he'd never topped 70. There are creepy privacy implications in there somewhere, but the basic technology seems no more inherently Orwellian than, say, DNA testing--which seems to be a pretty good way of actually locking up the right guy now and then, rather than someone who looks kind-of like the guy who did it, and was seen in the area by an eyewitness and picked out of a police lineup. ...

Shawn K. Quinn

--John Kelsey, kelsey.j@ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259

On Mon, 16 Jun 2003, Steve Schear wrote:

Seems like a market for "open source" EDRs could be a good one. A user accessible reset button could come in handy.

Could a stun gun help?

On Tue, 17 Jun 2003, Tim May wrote:

Unlikely. Getting juice into the innards of a box in a way so as to overwrite data is not nearly so simply as applying sparky things to the outside of the box. Lots of reasons for this.

The idea wasn't about overwriting the data. The idea was about frying the chip with the data inside (and if all the other chips inside the box become a collateral damage, let's that be so). As long as it is outside the technological abilities of the given adversary to retrieve the data from the fried chip, the objective is reached. The idea also wasn't about the outside of the box, I thought rather disconnecting the power leads and blasting the spark into the power-GND pair, or into the (disconnected, we don't want to kill the entire car electronics) data bus. With a bit of luck, the spark could get through the filters and into the Vcc pins of the chips.

On Wed, 18 Jun 2003, jburnes wrote:

Why go to all that trouble. Just take it out of circuit. Cut the printed circuit board leads and disable it or if its in an inaccessible black box, cut the leads to the box.

Easy enough.

Works very nicely. :) Problem: leaves evidence, and takes time. The main advantage of electric shock is that the fried chip looks for the naked eye exactly the same way as a non-fried chip. The only difference could be found with a scanning electron microscope on the chip itself, which is something nobody is likely to bother with. Especially in harsh environments (cars classify) chips tend to die, so its death could look as natural enough to not be suspicious. If I am wrong, please tell me where and why. :)

Mike Rosing <eresrch@eskimo.com> wrote:

Automotive environments are known to be harsh, so electronics is protected to some extent. The assumption is that spark plug voltages can get into sensors, so most data lines are protected as are the sensor lines. If you try to fry things with double the voltage of a standard spark plug it may not work, if you use 10 times that it will, but the ESD protection will obviously be blown too. That begins to look suspicious (but I doubt anyone could _prove_ you fried it on purpose).

In automotive power systems, the bigger concern is load dump. When there's a step change in alternator load from high to low, the commutating inductances resulting from the field windings of the alternator can't react quickly enough, and you tend to get big spikes on the power lines. Perhaps this could be used to advantage---if you want to convince someone that your electronics blew up on their own, blow up the rectifier at the output of your alternator, too. -- Riad Wahby rsw@jfet.org MIT VI-2 M.Eng

On Mon, Jun 16, 2003 at 05:11:57PM -0400, John Kelsey wrote: ...

It seems intuitively like the EDR ought to be about as valuable to the defense as the prosecution, right? E.g., the prosecutor says "this guy was driving 120 miles an hour down the road while being pursued by the police," but the EDR says he'd never topped 70. There are creepy privacy implications in there somewhere, but the basic technology seems no more inherently Orwellian than, say, DNA testing--which seems to be a pretty good way of actually locking up the right guy now and then, rather than someone who looks kind-of like the guy who did it, and was seen in the area by an eyewitness and picked out of a police lineup.

The types of problems with DNA testing such as state's refusal to allow testing of convicts when it might prove their innocence, and testing lab "errors", would also apply to EDR boxes. I.e. states will contrive to use EDR records only when it proves their case, and data recovered will be subject to "interpretation". You can bet that when EDRs become important as evidence, citizens won't be allowed to posess the means to read their own EDRs let alone write to them. Eric

Just wait 'till they integrate GPS, and GPRS or 802.11.

Transmitter is easy to find. Receiver is easy to jam with a micropower jammer. Sometimes all you need could just be creatively tweaking the ignition and antenna wiring to get "faulty shielding" in the right places; it requires much more experience to make it look "accidental", though.

Much of this can be seem in the OnStar systems, which haven't yet featured in divorce proceedings, afaik.

Matter of time. The next generation of sleuths will be much more tech savvy than the current one.

You can call up and find out where your car is.

...eg, in a nameless radio shadow.

Adam

PS: Bob Blakely once defined privacy as the right to lie and get away with it, which fits into some of what many people mean by privacy.

Another possible definition is the right to tell the truth and get away with it. But both definitions are rather about free speech than about privacy, but then we'd get to a fight over definitions which is in this context better to leave on the shoulders of people making encyclopedias.

On Tue, Jun 17, 2003 at 09:30:35PM -0700, Tim May wrote: | On Tuesday, June 17, 2003, at 03:48 PM, Thomas Shaddack wrote: | > | >>Adam | >> | >>PS: Bob Blakely once defined privacy as the right to lie and get away | >>with it, which fits into some of what many people mean by privacy. | > | >Another possible definition is the right to tell the truth and get away | >with it. | > | >But both definitions are rather about free speech than about privacy, | >but | >then we'd get to a fight over definitions which is in this context | >better | >to leave on the shoulders of people making encyclopedias. | > | | Maybe I have a minor corollary to Somebody's Law: "All debates about | privacy eventually degenerate into foolish and off-target debates about | the meaning of truth." | | It never makes sense to argue about a "right to lie" or a "right to | tell the truth." One man's lie is another man's truth. And even | _asking_ for a true response is usually an overstepping, as it presumes | the asker knows what is true and what is not. Pilate said it all 2000 | years ago. I wasn't arguing, I was quipping. I find the many meanings of the word privacy to be fascinating. So when someone commented that the car's tattle-box is or isn't a privacy invasion, I thought I'd offer up a definition under which it is. Its a definition that lots of people use, as John points out. Perhaps better than 'right' would be 'ability,' 'The ability to lie and get away with it.' Adam -- 'No, honey, I was working late at the office.'

At 08:17 2003-06-18 -0400, Adam Shostack wrote:

| It never makes sense to argue about a "right to lie" or a "right to | tell the truth." One man's lie is another man's truth. And even | _asking_ for a true response is usually an overstepping, as it presumes | the asker knows what is true and what is not. Pilate said it all 2000 | years ago.

I wasn't arguing, I was quipping.

I find the many meanings of the word privacy to be fascinating. So when someone commented that the car's tattle-box is or isn't a privacy invasion, I thought I'd offer up a definition under which it is. Its a definition that lots of people use, as John points out.

Perhaps better than 'right' would be 'ability,' 'The ability to lie and get away with it.'

Indeed 'privacy' and 'secrecy' are often confused and their meanings overlap in many a mind. I think that most, at least in the West, accept that privacy "..is based on rules and trust," for example, records kept on us by our doctors. Because exposure of various aspects of our private lives can do lasting damage, privacy is only effective when controlled by the party seeking it, who may disclose it or not as they see fit and can only be guaranteed when those who would "sell you out" don't possess the possibly damaging information. For that reason among others, I am really only interested in privacy mediated by personal secrecy and technologies I trust and/or control. steve

At 11:45 2003-06-18 -0500, Jamie Lawrence wrote:

Anonymity (strong or not) is vastly important to secrecy.

Medical data is a great example of this. It may be private, for some (weak) values of private, right now. Being John Doe at the doctor's office and paying cash, though, is vastly better in terms of assurance, at least until the doctor's business-cam interfaces with other databases. Too bad that works so poorly with insurance, but then worker insurance in the US is nearly a government program, anyway.

There may be a viable opportunity for an off-shore private medical insurance carrier which does not use your social security number as your identifier to the medical service provider. Due to excessive U.S. fed and state insurance regulations many/most doctors might refuse to accept it (at least initially) it may be necessary for this insurance to operate "off network" so that subscribers would have to pay the care giver and be reimbursed. steve

On Wed, Jun 18, 2003 at 09:11:58AM -0700, Tim May wrote: | On Wednesday, June 18, 2003, at 05:17 AM, Adam Shostack wrote: | > | >I wasn't arguing, I was quipping. | > | >I find the many meanings of the word privacy to be fascinating. So | >when someone commented that the car's tattle-box is or isn't a privacy | >invasion, I thought I'd offer up a definition under which it is. | >Its a definition that lots of people use, as John points out. | > | >Perhaps better than 'right' would be 'ability,' 'The ability to lie | >and get away with it.' | | I wasn't picking on you or your points, that's for sure. In fact, I | barely noticed whose message I was replying to. Gives new meaning to anonymous postings. ;) | My point was a larger one, that nearly all such debates about privacy | eventually come round to issues of "what have you got to hide?" and | issues of truth and lies. | | This is why I like the "Congresss shall make no law" and "shall not be | infringed" absoluteness of the original Constitution. The language does | not natter about "truthful speaking shall not be infringed." | | And this is why more recent legislation allowing government to regulate | "commercial speech" or to decide which speech is true and which is | false (as in advertising claims) is so corrosive to liberty. Indeed. The European data protection laws are fundamentally unamerican. Unfortunately, Congress has made laws, numbering each of us, and then tries to regulate the abuse of that (free, freely usable, legally enforced) numbering scheme. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume