John Gilmore wrote:
[By the way, [EMAIL PROTECTED] is being left out of this conversation,
by his own configuration, because his site censors all emails from me. --gnu]
Sourceforge was doing that to me today!
Well, I am presuming that ... the EZ Pass does have an account
number, right? And then, the car does have a licence place? So,
just correlate the account numbers with the licence plates as they
go through the gates.
If they could read the license plates reliably, then they wouldn't
need the EZ Pass at all. They can't. It takes human effort, which is
in short supply.
No, that is to confuse the collecting of tolls
with the catching of defrauders. Consider one
to be the automatic turnstile and the other to
be the ticket inspector. One records the tolls,
the other looks for error conditions.
The thing about phones is that they have no licence plates and no
toll gates. Oh, and no cars.
Actually, cellphones DO have other identifying information in them,
akin to license plates. And their "toll gates" are cell sites.
Yes, but so ineffective. I can pass "through" the
toll gate - the cell site - and nobody can see
where I am. I can make a call, and nobody can read
my location without doing complicated tracking stuff
with many cells. The day that the cops get their
dream of cell phones being able to signal location,
that might change, but in the meantime, a cell phone
is for most purposes unlocatable.
Another factor is that the reward is very different,
one can save a lot more on a cellphone than a toll
way trip.
It's not clear what your remark about phones having no cars has to do
with the issue of whether EZ Pass is likely to be widely spoofed.
Sorry, yes: if I catch a fraudster with a cell
phone, I can haul him down the station and seize
his phone. BFD, it was probably stolen anyway.
If I catch a EZ Passter I can seize his car.
What incentive does a miscreant have to reprogram hundreds or
thousands of other cars???
(1) Same one they have for releasing viruses or breaking into
thousands of networked systems. Because they can; it's a fun way to
learn. Like John Draper calling the adjacent phone booth via
operators in seven countries. (2) The miscreant gets a cheap toll
along with hundreds of other people who get altered tolls.
OK, so run this past me again. I get to send a
virus or whatever that causes EZ Pass to go down
or mis-bill thousands of their customers, and I
also have to drive down the free way and drive
through their toll gates, in order to collect my
prize of ... a free ride on the toll way?
[Cory Doctorow's latest novel (Eastern Standard Tribe, available free
online, or in bookstores) hypothesizes MP3-trading networks among
moving cars, swapping automatically with whoever they pass near enough
for a short range WiFi connection. Sounds plausible to me; there are
already MP3 players with built-in short range FM transmitters, so
nearby cars can hear your current selection. Extending that to faster
WiFi transfers based on listening preferences would just require "a
simple matter of software". An iPod built by a non-DRM company might
well offer such a firmware option -- at least in countries where
networking is not a crime. Much of the music I have is freely
tradeable.]
All of which is irrelevant. The MP3s you are trading
do not generate a transaction request, being fraudulent
or otherwise, do not hit a server that has details on
who you are, and are probably encrypted so nobody can
tell what it is you are doing, thus forcing the cops
(IP terrorists being your #3 priority) to pull the car
to a halt and search for contraband music.
The only questions here are: do the EZ Pass people have
your licence plate and your EZ Pass account number? Do
they have the budget to employ some students with cameras?
Do they have the ability to target people who should be
travelling A -> D but keep getting billed from B -> C?
And, do the drivers who decide to defraud the EZ Pass
system have the ability to avoid 2 points, being any 2
of A, B, C, D?
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
