A Q&A exchange between me and Eugene Volokh

[Duncan Frissell]

A Q&A exchange between me and Eugene Volokh:
[Eugene's responses in square brackets.]

The topic was Gilmore v. Ashcroft -- FAA ID Challenge in which John
Gilmore is suing the Feds to be allowed to fly domestically without ID.

So, does John have a chance?

[No.]

So it is your view that the Feds can ban anyone (except those wealthy
enough to rent, buy, or build their own aircraft) from flying, for life,
using secret orders, and without any
access to judicial process.

Seems a bit extreme to me.

Could they do the same thing for riding in a car or walking?

What about boats?

[My view is only that they can insist that people show id.]

So if there is a "Don't Fly" list, you would support people being able to
sue to get off it?

[Of course.]

How can they force you to present something that they can't force you to
have in the first place?

[Same reason as for driver's licenses to drive. If you don't want an
identification, that's fine -- but then you won't be allowed to do
certain things where identification is necessary for security reasons.]

I promised that I wouldn't send him any more mail for at least a week but
now the time is up.

One doesn't need a driver's license to ride in a car. The government is
now claiming that you need ID to ride in a commercial aircraft. Since the
development of passports for international travel at the beginning of the
20th century, passports (or other travel documents) have been necessary
to enter other nations. Commercial carriers began to check them on
boarding not for security reasons but because if passengers were refused
entry at their destination the carrier was responsible for their
maintenance and return.

The problem with such ID requirements is not merely that ID is required.
The problem is that the activity can be barred for reasons other than
lack of ID. You will also be banned for your characteristics. After all,
what's the point of requiring ID to fight terrorism if you can't ban
terrorists from flights. Or people who fit a terrorist profile. Or people
who owe child support (drivers licenses, fishing licenses, and passports
are denied to those owing child support).

An ID requirement, when you combine it with online verification and
authorization, creates a federal license requirement to engage in the
particular activity. In the above case, a federal license to fly on a
commercial aircraft. In other proposals, a federal license to take a job,
open a bank account or rent an apartment.

A federal license that can be denied for any reason since it is issued
via a computer analysis system driven by a secret algorithm.

It's a license because the federal government is required to
affirmatively grant you permission before you can do something.

The right to fly is controlled by the Computer Assisted Passenger Profile
System (CAPPS) -- soon to be replaced by the presumably wider-ranging
CAPPS2. At the heart of CAPPS is a secret algorithm that determines
whether you are or may be a terrorist. You can't know what facts or
behaviors cause CAPPS to ban you from a flight since the algorithm is not
for public consumption.

In fact, since the Feds have not set up an administrative procedure for
you to challenge a denial of flight boarding (or any of the future
activities that will be subject to CAPPS2 and similar systems) only those
with the $25K to 100K needed to bring a federal civil suit will be able
to challenge their denials. The Feds require private businesses that deny
you credit to follow an appeals process but don't impose such a
requirement on themselves in the much more significant denials that
CAPPS2 will make. And even for the rich, these court challenges will be
hard to win since the reasons for the denials will be a state secret.

So those who support such ID requirements and such federal licenses
should be required to answer a basic question -- what activities should
be subject to state and federal permission and which activities should
not?

DCF
--
Posted by Duncan Frissell to The Technoptimist at 7/30/2002 10:40:04 PM

Is Latvia Offshore?

[Duncan Frissell]

So I wonder. Is Latvia Offshore?

I am in receipt of a fun piece of spam:

  Dear Customer,
  Looking for a superior asset protection and tax management
  tool? Concerned about preserving your wealth in the heart of
  Europe without personal identity disclosure? We have a
  superior solution, which is able to meet the most demanding
  asset protection needs of our prospective customers. Please
  take your time to study this incredible and exclusive
  opportunity at www.offshore-cards.com
  --
  Offshore Cirrus ATM card
  Complete anonymity when withdrawing cash
  No ID requirements
  Would cost you just $180
  http://www.offshore-cards.com/anoncir.htm


So I wander over to NSI and discover where "the Heart of Europe" is
(OFFSHORE-CARDS.COM) and discover that it is Latvia.

Now it is certainly possible that heroic Latvians could be offering
fabulous anonymous bank accounts and credit and debit cards but how would
one know this in advance. Then there's the fact that the record was
created in May. A bit young. Give it a while to age.

DCF
--
Posted by Duncan Frissell to The Technoptimist at 7/30/2002 9:52:30 AM

Article on file encryption options

[Matthew X]

http://www.zdnet.com.au/itmanager/technology/story/0,229587,20266902,00.htm
FROM
http://www.zdnet.com.au/
WHERE
A Swiss company named id Quantique is already selling a device that 
performs over fiber networks what it calls quantum key distribution. Eat 
your heart out peter Trei.

Re: How to Defeat DVD Zone Controls

[Mark Renouf]

[EMAIL PROTECTED] wrote:
 > Most players cannot be hacked.  And many hacks do not operate
 > properly.  How about just rent or borrow DVDs, reprocess to remove
 > the region controls and reburn to a DVD-R?  DVD-Rs are only about
 > $1.25 or less each.  Test burn on a DVD-RW to help prevent expensive
 > coasters. See http://mpucoder.dynodns.net/derrow/copy.html

$1.25? When did this happen, last I knew they were $8-10 or $5 in
*LARGE* quantities.

Re: How to Defeat DVD Zone Controls

[Steve Schear]

At 07:44 PM 7/30/2002 -0400, you wrote:
>[EMAIL PROTECTED] wrote:
> > Most players cannot be hacked.  And many hacks do not operate
> > properly.  How about just rent or borrow DVDs, reprocess to remove
> > the region controls and reburn to a DVD-R?  DVD-Rs are only about
> > $1.25 or less each.  Test burn on a DVD-RW to help prevent expensive
> > coasters. See http://mpucoder.dynodns.net/derrow/copy.html
>
>$1.25? When did this happen, last I knew they were $8-10 or $5 in
>*LARGE* quantities.

See http://www.pricewatch.com and http://www.americal.com


steve

RE: today in dc

[Major Variola (ret)]

At 09:49 AM 7/30/02 -0400, Trei, Peter wrote:
>Actually, this clicks neatly onto cp debates over open vs closed
>systems, TCPA, DRM, and 'freedom to hack'.
>
>Most modern cars are substantially computerized. Diagnosing a
>problem usually involves hooking up a PC to a port on the car's
>engine management system, and studying the readouts.
>
>The 'problem' that the congresscritters are trying to 'solve' is
>that some car manufacturers are now closing this interface -
>they are refusing to document the protocols, and/or encrypting
>the data.

Yes, a note about this appeared on this list a few weeks
ago, along with a Blacknet Automotive Division request
for these diag codes.

\begin{ethicsrant}
It is perfectly within the rights of an individual (or corp) to
retain trade secrets.  It is also within the rights of others to
reverse engineer these secrets particularly for interoperability
reasons.  These observations are not only based on
libertarian-ethical principles but US law history.
\end{ethicsrant}

>As a result, the manufacturers are able to restrict who has
>access to this diagnostic data, and are using this power to
>shut out independent repair shops and other competition to
>their own dealerships. The meeting is going to discuss
>whether 'something should be done'. I have no idea what will
>happen, if anything.
>
>So, let's see:
>
>* The manufacturers are using DRM technology, including crypto,
>to restrict access to the data.

That's fine.

>* If you reverse-engineered the system, the DMCA could get
>involved (not sure on this one).

Were that true, that would NOT be fine.  It is not acceptable to
abuse the violence of the state (ie law) in this way --to deny
the ability to reverse engineer.

>* The manufacturers are closing the system to outside inspection,
>and actively working to make it impossible for owners to tinker with
>or modify their own cars.

(As a hacker) Regrettable but fine.  "Potting the fucker in epoxy"
is their right.

>* There is absolutely no benefit to the car's owner - this is simply
>large corporationsfiguring out another way to get more revenue.

So what?  Buy a car from someone else then.  The GNUmobile project?

>This is essentially 'Palladium for cars'.

The carmakers say this is for safety.  Perhaps this is as lame as the
political powergrabs justified fnord in the name of "national security".

Clearly, as engineers, we know that IFF the carmakers
documented what their employees know, then third-parties could
do as good a job.  But there is no obligation to document what you
sell.  Or make it easy for others to fix your stuff ---those stupid
proprietary screws used on some equiptment to keep you out
are not illegal.  But neither is defeating them.  Modulo your
warrantee, which is fair.

Of course, the State might well use the "safety" lever to open
the codes; or it might simply extend a tentacle of fascism
and require it for the nominal benefit of the sheeple.  Consider
if this behavior were applied more generally.

Anyway, PT is right on, this is right up our alley.

RE: today in dc

[Albion Zeglin]

There are consumer protection laws that may be used to open this up.
Manufacturers are required to provide for repair parts for a minimum 
amount of time.  Being able to take your car to an independent repair
services has in the past been defined as an owner's right.

Data pertaining to the specific car will probablly be required to be
available.   Data only used to build aggregate fleet data might still
be protected.  

Being able to modify the parameters might impair the manufacturers "Fleet"
air quality/fuel efficiency averages, without a exeption which may be
part of the final law.
 
An owner could of course replace the entire control system with a retrofit.

This practice of encryption might also be to protect the market for 
computerized tools sold to repair shops.  At $5000 apiece per car make per
repair shop that's a lot of money.

If safety is really the issue then tamper evident seals on the systems
might be able to absolve the manufacturers, unless the ability to hack
the systems is considered an "Attractive Nusiance".  Consumer Protection
laws are pretty harsh in the country, remember computers don't usually kill
people when they fail,  cars certainly can.

And all this is just the complexity that I can think of.  Imagine a team
of lobbyists and their presenations.

Albion.


Quoting "Major Variola (ret)" <[EMAIL PROTECTED]>:

> At 09:49 AM 7/30/02 -0400, Trei, Peter wrote:
> >Actually, this clicks neatly onto cp debates over open vs closed
> >systems, TCPA, DRM, and 'freedom to hack'.
> >
> >Most modern cars are substantially computerized. Diagnosing a
> >problem usually involves hooking up a PC to a port on the car's
> >engine management system, and studying the readouts.
> >
> >The 'problem' that the congresscritters are trying to 'solve' is
> >that some car manufacturers are now closing this interface -
> >they are refusing to document the protocols, and/or encrypting
> >the data.
> 
> Yes, a note about this appeared on this list a few weeks
> ago, along with a Blacknet Automotive Division request
> for these diag codes.
> 
> \begin{ethicsrant}
> It is perfectly within the rights of an individual (or corp) to
> retain trade secrets.  It is also within the rights of others to
> reverse engineer these secrets particularly for interoperability
> reasons.  These observations are not only based on
> libertarian-ethical principles but US law history.
> \end{ethicsrant}
> 
> >As a result, the manufacturers are able to restrict who has
> >access to this diagnostic data, and are using this power to
> >shut out independent repair shops and other competition to
> >their own dealerships. The meeting is going to discuss
> >whether 'something should be done'. I have no idea what will
> >happen, if anything.
> >
> >So, let's see:
> >
> >* The manufacturers are using DRM technology, including crypto,
> >to restrict access to the data.
> 
> That's fine.
> 
> >* If you reverse-engineered the system, the DMCA could get
> >involved (not sure on this one).
> 
> Were that true, that would NOT be fine.  It is not acceptable to
> abuse the violence of the state (ie law) in this way --to deny
> the ability to reverse engineer.
> 
> >* The manufacturers are closing the system to outside inspection,
> >and actively working to make it impossible for owners to tinker with
> >or modify their own cars.
> 
> (As a hacker) Regrettable but fine.  "Potting the fucker in epoxy"
> is their right.
> 
> >* There is absolutely no benefit to the car's owner - this is simply
> >large corporationsfiguring out another way to get more revenue.
> 
> So what?  Buy a car from someone else then.  The GNUmobile project?
> 
> >This is essentially 'Palladium for cars'.
> 
> The carmakers say this is for safety.  Perhaps this is as lame as the
> political powergrabs justified fnord in the name of "national security".
> 
> Clearly, as engineers, we know that IFF the carmakers
> documented what their employees know, then third-parties could
> do as good a job.  But there is no obligation to document what you
> sell.  Or make it easy for others to fix your stuff ---those stupid
> proprietary screws used on some equiptment to keep you out
> are not illegal.  But neither is defeating them.  Modulo your
> warrantee, which is fair.
> 
> Of course, the State might well use the "safety" lever to open
> the codes; or it might simply extend a tentacle of fascism
> and require it for the nominal benefit of the sheeple.  Consider
> if this behavior were applied more generally.
> 
> Anyway, PT is right on, this is right up our alley.

Choate's Freedom to Dissociate

[Major Variola (ret)]

At 07:59 PM 7/29/02 -0500, Jim Choate wrote:
>On Mon, 29 Jul 2002, Eric Murray wrote:
>>  Your ISP may be blocking mail from Ssz to you.
>
>Sue their ass your right to free association is being violated!

Um, right after we finish sueing other folks for not letting us
put our bumper stickers on their cars (1st amend and all that..)

Re: Pizza with a credit card

[cubic-dog]

On Mon, 29 Jul 2002, Duncan Frissell wrote:

> Buying Trouble
> 
> In which the Village Voice discusses the use of commercial databases 
> including supermarket discount cards in hunting terrorists.
> 
> One useful piece of advice:
> 
> Don't but pizza with a credit card:
> SNIP
> 
> Course all those terrorists buying their pizzas with cash get away clean.


I've wondered for years how much longer this
will be allowed. Cash is still viable. Not
as viable as it was 10, or even 5 years ago.
I am still able to travel with only cash, buy
a pizza with only cash, or other food, still
buy groceries without having to produce mein
ausweiss (why I stopped shopping at CostCo
years back). But it is all getting stickier.

RE: today in dc

[Trei, Peter]

> Declan McCullagh[SMTP:[EMAIL PROTECTED]] wrote:
> 
> no, not a joke. yes, this is clearly an important thing for our 
> congresscritters to be doing.
> 
> SENATE COMMERCE, SCIENCE AND TRANSPORTATION COMMITTEE
> Consumer Protection
> Consumer Affairs, Foreign Commerce, and Tourism Subcommittee hearing
> on improvement in consumer choice with regard to automobile repair
> shops.
[...]

Actually, this clicks neatly onto cp debates over open vs closed
systems, TCPA, DRM, and 'freedom to hack'.

Most modern cars are substantially computerized. Diagnosing a
problem usually involves hooking up a PC to a port on the car's
engine management system, and studying the readouts.

The 'problem' that the congresscritters are trying to 'solve' is
that some car manufacturers are now closing this interface -
they are refusing to document the protocols, and/or encrypting
the data.

As a result, the manufacturers are able to restrict who has
access to this diagnostic data, and are using this power to
shut out independent repair shops and other competition to
their own dealerships. The meeting is going to discuss 
whether 'something should be done'. I have no idea what will
happen, if anything.

So, let's see:

* The manufacturers are using DRM technology, including crypto,
to restrict access to the data.
* If you reverse-engineered the system, the DMCA could get
involved (not sure on this one).
* The manufacturers are closing the system to outside inspection,
and actively working to make it impossible for owners to tinker with 
or modify their own cars. 
* There is absolutely no benefit to the car's owner - this is simply
large corporationsfiguring out another way to get more revenue.

This is essentially 'Palladium for cars'.

Peter Trei

today in dc

[Declan McCullagh]

no, not a joke. yes, this is clearly an important thing for our 
congresscritters to be doing.


SENATE COMMERCE, SCIENCE AND TRANSPORTATION COMMITTEE
Consumer Protection
Consumer Affairs, Foreign Commerce, and Tourism Subcommittee hearing
on improvement in consumer choice with regard to automobile repair
shops.
Witnesses: Sen. Paul Wellstone, D-Minn.; Bill Haas, vice
 president, Technical Division, Education and
 Training, Automotive Service Assn., Bedford,
 TX; John Cabamiss, Jr., director, Environment
 and Energy, Assn. of International Auto Manufacturers,
 Arlington, VA; Dale Feste, Dale Feste Automotive,
 Hopkins, MN; Josephine Cooper, president,
 Alliance of Automotive Manufacturers; John
 Nielson, director, Automotive Services and
 Repair Network, AAA; John Vallely, president,
 McLean Marathon Service, Elgin, IL
Location: 253 Russell Senate Office Building. 2:30 p.m.
Contact: 202-224-5115 http://commerce.senate.gov
**REVISED**

Pizza with a credit card

[Duncan Frissell]

Buying Trouble

In which the Village Voice discusses the use of commercial databases 
including supermarket discount cards in hunting terrorists.

One useful piece of advice:

Don't but pizza with a credit card:
Oddly enough, "one of the factors was if you were a person who frequently 
ordered pizza and paid with a credit card," Ponemon says, describing the 
buying habits of a nation of college students. "Sometimes data leads to an 
empirical inference when you add it to other variables. Whether this one is 
relevant or completely spurious remains to be seen, but those kinds of 
weird things happen with data."

Course all those terrorists buying their pizzas with cash get away clean.

DCF

Posted by Duncan Frissell to The 
Technoptimist at 7/29/2002 10:19:30 AM