April 19, 2024

Archives for November 2004

Lycos Attacks Alleged Spammers

Lycos Europe is distributing a screen saver that launches denial of service attacks on the websites of suspected spammers, according to a Craig Morris story at Heise Online. The screen saver sends dummy requests to the servers in order to slow them down. It even displays information to the user about the current attack target.

This is a serious lapse of judgment by Lycos. For one thing, this kind of vigilante attack erodes the line between the good guys and the bad guys. Spammers are bad because they use resources and keep people from getting to the messages they want to read. If you respond by wasting resources and keeping people from getting to the websites they want to read, it’s hard to see what separates you from the spammers.

This kind of attack can be misdirected at innocent parties. The article says that Lycos is attacking sites on the SpamCop blocklist. That doesn’t fill me with confidence – this site has been on the SpamCop blocklist at least once, despite having nothing at all to do with spam. (The cause was an erroneous complaint, coupled with a hair-trigger policy by SpamCop.)

We also know that spammers have a history of trying to frame innocent people as being sources of spam. A basic method for doing this is common enough to have a name: “Joe job”. Attacking the apparent sources of spam just makes such misdirection more effective.

And finally, there’s the question of whether this is legal. The Heise Online article reaches no conclusion about its legality in Germany, and I don’t know enough to say whether it’s legal in the U.S. Lycos argues that it’s not really a denial of service attack because they’re careful not to block access to the sites completely. But they do brag about raising the sites’ costs and degrading the experience of the sites’ users. That’s enough to make it a denial of service attack in my book.

This idea – attacking spammer sites – is one that surfaces occasionally, but usually cooler heads prevail. It’s a real surprise to see a prominent company putting it into action.

[Link via TechDirt. And did I mention that TechDirt is a great source of interesting technology news?]

UPDATE (Dec. 6): Lycos has now withdrawn this program, declaring implausibly that it has succeeded and so is no longer needed.

Radio Passports: Bad Idea

An AP story nicely summarizes the controversy over the U.S. government’s plan to add RFID chips to U.S. passports, starting in 2005.

The chips will allow the passport holder’s name, date of birth, passport issuance information, and photograph to be read by radio. Opponents claim that the information will be readable at distances up to thirty feet (about nine meters). This raises privacy concerns about government monitoring, for example of attendance at political rallies, and about private monitoring, especially overseas.

I would certainly feel less safe in certain places if I knew that anybody there could remotely identify me as a U.S. citizen. I would feel even less safe knowing that anybody could get my name and look me up in a database or Google me.

A U.S. government representative says that there is “little risk” to privacy “since we plan to store only currently collected data with a facial image.” In other words, they’re going to take information currently available only to people to whom I hand my passport, plus some extra information, and make it available to everybody who comes near me. Gee, that makes me feel much better.

There is some discussion of encrypting the information, or requiring the passport holder to enter a PIN number to unlock the information. Either of these is some help, but unless the system is designed very carefully, it could still allow dangerous leakage of information.

What I don’t understand is why passports should ever be readable at a distance. Passports should reveal their information only to people or devices who can make physical contact to the inside of the passport. Certainly that’s enough for the immigration agent at the airport, or for any official who asks to inspect the passport. If the officials are doing their jobs, they’ll want to see the physical passport and hold it in their hands anyway.

Oddly, the government’s response to concerns about remote passport reading is to try to limit when the passport can be read remotely. They propose storing the passport in a conductive plastic bag that blocks radio signals, or building a conductive screen into the passport’s covers so that it can be read remotely only when the passport is opened. Either approach adds unnecessary risk – the passport might be read by somebody else when it’s opened.

The right solution, which opponents should advocate, is to remove radio tags from passports altogether, and replace them with contact-readable electronic information.

Keylogging is Not Wiretapping, Judge Says

A Federal judge in California recently dismissed wiretapping charges against a man who installed a “keylogger” device on the cable between a woman’s keyboard and her computer. I was planning to write a reaction to the decision, but Orin Kerr seems to have nailed it already.

This strikes me as yet another example of a legal analyst (the judge, in this case) focusing on one layer of a system and not seeing the big picture. By fixating on the fact that the interception happened at a place not directly connected to the Internet, the judge lost sight of the fact that many of the keystrokes being intercepted were being transmitted over the Net.

EFF Names Advisory Board

The Electronic Frontier Foundation has named its first advisory board. I’m on it, along with Michael Froomkin, Paul Grewal, Jim Griffin, David Hayes, Mitch Kapor, Mark Lemley, Eben Moglen, Deirdre Mulligan, Michael Page, Michael Traynor, and Jim Tyre.

Identification Codes on Printer Output

A Xerox engineer says that color printers from Xerox and other companies print faint information in the background of printed-out pages, to identify the model and serial number of the printer that printed the pages. According to a story, the information is represented as a set of very small yellow dots. (We already knew that some printers did this. The article tells us more about how it’s done.)

We have a Xerox color printer here (a Phaser 860). We tried printing out a page and looking for the dots, but we couldn’t find them, even with the aid of a magnifying glass and blue LED light. If anybody can find the dots on their output, please let me know.

There are still several unanswered questions about this scheme:

Do they use encryption, and if so, how? Even if we can find the dots and read out the digital bits they represent, we may not be able to tell what information those bits are encoding. They might be putting the model and serial number onto the page in such a way that we can learn to read them. Or perhaps they are encrypting the information so that we can’t read out the identifying information but we can at least recognize whether two pages were printed on the same printer. Or perhaps they encrypt the information so that we can’t tell anything without having some secret key.

If there is a secret key, who knows it? The key might be disclosed to the government so that they can extract the model and serial number from a page at will. (And if the U.S. government has the key, which other governments do?) Or the key might be known only to the printer vendor, so that the government needs the vendor’s help to decode the dots. If they use public-key cryptography, then the decoding key might be known only to the government and not to the printer vendor.

Do they try to track who buys each printer? If they can extract the serial number, they might want to know who has that printer. They could try to track the passage of each individual printer through the supply chain, to get an idea of who might have bought it. They might also build a database of information gleaned through service calls and warranty registrations.

What we know already is enough to make privacy advocates itchy. It’s probably possible to design a system that raises fewer privacy issues, while still allowing certain limited use of printer-specific marks as courtroom evidence. For example, one could build a system so that somebody who has physical possession of a printer, and physical possession of a printed page, and access to a special crypto key, can tell whether or not that page was printed by that printer, but can’t learn anything else.