Re: EZ Pass and the fast lane ....
On Sun, Jul 11, 2004 at 10:39:18AM +0200, Amir Herzberg wrote: So I think this observation about EZ Pass is probably true, but for some time ago; with current technology, reading license plates is possible (which, I guess, has some alarming privacy implications...). While Toll Collect (the german system) isn't yet operational, the license plate realtime OCR part is. It does read license plates in realtime via video from overhead bridges, no slowing down necessary. The police is very interested to keep that part of the infrastructure operational, for obvious reasons. Currently, all non-truck license plates are discarded, but it's clear enough theres demand for realtime tracing of select and movement profiles for the masses, for data mining. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgppD15jCtboO.pgp Description: PGP signature
Re: EZ Pass and the fast lane ....
| another purpose -- preserving the privacy of drivers by using more | complicated protocols. However, as the benefit of such systems is to | people who are unlikely to have much voice in the construction of the | system, and who are also unlikely to be willing to pay more money to | gain privacy, I think the implementation of such tags is unlikely. | | I think it would be easier to provide drivers with a simpler method of | turning off their transponder. Recently ordered FasTrak tokens come with a | mylar bag for this purpose, which is too unwieldy. A switch, however, | might be enough. | | This would not prevent an adversary from recording the IDs of cars that | pass through toll gates. It would, however, prevent reading those IDs at | other times. EZpass actually went in the opposite direction. When I got my EZpass a number of years back, they provided such a bag, along with instructions on use. These days, they no longer provide the bag, and indirectly they strongly discourage you from using any such thing: According to the rules, EZpasses must be mounted on your windshield: They provide a variant on Velcro strips, which make the box a pain to remove while driving. (For commercial vehicles, there's an external, permanently-mounted version). People used to just keep the thing loose inside the car and wave it at the sensor, which apparently caused to many misreads, leading to traffic backups. Now, if they catch you doing that, there's a substantial fine. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
| ...unless people are willing to go very hi-tech in their toll evasion | maneuvers, implementing, say, thin see-through LCD screens placed over their | license plates that turn opaque at a push of a button A local TV station here in the NY area did a show about a lower-tech version of the same thing: A plastic cover for the plate that is supposed to cause enough glare in a camera that the plate is unreadable when snapped by the various automated speed traps and red-light-running traps out there. These things are apparently advertised in all the car magazines. According to the TV show, they vary in effectiveness, from quite effective for some kinds of cameras in certain uses to pretty much ineffective. A universal feature of all such devices is that they are illegal. At least around here (and I think in most if not all states), license plates may not be covered *at all*. If any kind of device emerged that was effective at actually making plates unreadable, I can easily see municipalities make using one into a parking violation - a quick source of revenue, at least until most people figured out that it wasn't worth it to buy these things. How long before license plates have transponders built into them? After all, it's long-established law that you can be required to place an identifier on your car when it's on the public roads - why's there a difference between one that responds at optical frequencies and one that responds at a couple of gigahertz? (For that matter, even if you want to stick to optical and you can't get plate reading accurate enough, the technology for reading bar codes from moving vehicles is well-developed - it's been used for years to identify railroad cars, and many gated communities use them to open the gates for cars owned by residents.) -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
Jerrold Leichter wrote: How long before license plates have transponders built into them? After all, it's long-established law that you can be required to place an identifier on your car when it's on the public roads - why's there a difference between one that responds at optical frequencies and one that responds at a couple of gigahertz? (For that matter, even if you want to stick to optical and you can't get plate reading accurate enough, the technology for reading bar codes from moving vehicles is well-developed - it's been used for years to identify railroad cars, and many gated communities use them to open the gates for cars owned by residents.) An infrared-reflective bar code would not be visible to the naked eye. That would probably slip past the proles for a good while before the word got out. And once the infrastructure is in place, it would be hard to dislodge. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFS SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
On Sat, 10 Jul 2004, Perry E. Metzger wrote: another purpose -- preserving the privacy of drivers by using more complicated protocols. However, as the benefit of such systems is to people who are unlikely to have much voice in the construction of the system, and who are also unlikely to be willing to pay more money to gain privacy, I think the implementation of such tags is unlikely. I think it would be easier to provide drivers with a simpler method of turning off their transponder. Recently ordered FasTrak tokens come with a mylar bag for this purpose, which is too unwieldy. A switch, however, might be enough. This would not prevent an adversary from recording the IDs of cars that pass through toll gates. It would, however, prevent reading those IDs at other times. -David - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
If they could read the license plates reliably, then they wouldn't need the EZ Pass at all. They can't. It takes human effort, which is in short supply. The toll road that began operating here in Israel seems able to read your license plate number, without even requiring cars to slow down (and they definitely _don't_ slow down...). So I think this observation about EZ Pass is probably true, but for some time ago; with current technology, reading license plates is possible (which, I guess, has some alarming privacy implications...). Best regards, Amir Herzberg Associate Professor, Computer Science Dept., Bar Ilan University http://amirherzberg.com (information and lectures in cryptography security) begin:vcard fn:Amir Herzberg n:Herzberg;Amir org:Bar Ilan University;Computer Science adr:;;;Ramat Gan ;;52900;Israel email;internet:[EMAIL PROTECTED] title:Associate Professor tel;work:+972-3-531-8863 tel;fax:+972-3-531-8863 x-mozilla-html:FALSE url:http://AmirHerzberg.com version:2.1 end:vcard
Re: EZ Pass and the fast lane ....
| No mention is made of encryption or challenge response | authentication but I guess that may or may not be part of the design | (one would think it had better be, as picking off the ESN should be duck | soup with suitable gear if not encrypted). | | From a business perspective, it makes no | sense to spend any money on crypto for this | application. If it is free, sure use it, | but if not, then worry about the 0.01% of | users who fiddle the system later on. | | It would be relatively easy to catch someone | doing this - just cross-correlate with other | information (address of home and work) and | then photograph the car at the on-ramp. It would, in principle, be relatively easy to query these boxes yourself, or listen in near a station. You could quickly build up a database of valid ID's, and could then build/sell a clone box, perhaps a tumbler box that would rotate among valid ID's. The actual money involved can be substantial - in the NY area, a cross-Hudson -River commuter spends at least $5/day through EZ-pass, and you can now charge things like parking at airports - $25/day or more. So ... you'd think there would be an active market in rigged EZ-pass boxes by now (as, for example, there has been an active market for counterfeit monthly passes on the commuter rail lines in the New York area.) Curiously, if there is such a thing, it's so far on a low enough scale that the press hasn't picked it up. The basic protection mechanism involved is apparently quite simple: Every time you use EZ-pass, a photo of your license plate, and of the driver, is taken. The photos are kept for quite some time. So cheaters can be tracked. In addition, where there are high-value charges, there is usually a gate. If your EZ-pass is invalid, you're stuck in what is effectively a man-trap, waiting for the cops on duty to check things out. You'd better have a valid EZ-pass to show them. I don't know how much info they can get out of the system, but it could easily tell them if, when they scan your good pass, it shows a different ID from the one registered before. (On the other hand, high-speed readers - where there is no gate - are spreading. Several were recently installed at the Tappan-Zee Bridge, where the toll is $7.) All in all, the system seems to depend on what I've heard described as the bull in the china shop theory of security: You can always buy more china, but the bull is dead meat. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
John Gilmore wrote: [By the way, [EMAIL PROTECTED] is being left out of this conversation, by his own configuration, because his site censors all emails from me. --gnu] Sourceforge was doing that to me today! Well, I am presuming that ... the EZ Pass does have an account number, right? And then, the car does have a licence place? So, just correlate the account numbers with the licence plates as they go through the gates. If they could read the license plates reliably, then they wouldn't need the EZ Pass at all. They can't. It takes human effort, which is in short supply. No, that is to confuse the collecting of tolls with the catching of defrauders. Consider one to be the automatic turnstile and the other to be the ticket inspector. One records the tolls, the other looks for error conditions. The thing about phones is that they have no licence plates and no toll gates. Oh, and no cars. Actually, cellphones DO have other identifying information in them, akin to license plates. And their toll gates are cell sites. Yes, but so ineffective. I can pass through the toll gate - the cell site - and nobody can see where I am. I can make a call, and nobody can read my location without doing complicated tracking stuff with many cells. The day that the cops get their dream of cell phones being able to signal location, that might change, but in the meantime, a cell phone is for most purposes unlocatable. Another factor is that the reward is very different, one can save a lot more on a cellphone than a toll way trip. It's not clear what your remark about phones having no cars has to do with the issue of whether EZ Pass is likely to be widely spoofed. Sorry, yes: if I catch a fraudster with a cell phone, I can haul him down the station and seize his phone. BFD, it was probably stolen anyway. If I catch a EZ Passter I can seize his car. What incentive does a miscreant have to reprogram hundreds or thousands of other cars??? (1) Same one they have for releasing viruses or breaking into thousands of networked systems. Because they can; it's a fun way to learn. Like John Draper calling the adjacent phone booth via operators in seven countries. (2) The miscreant gets a cheap toll along with hundreds of other people who get altered tolls. OK, so run this past me again. I get to send a virus or whatever that causes EZ Pass to go down or mis-bill thousands of their customers, and I also have to drive down the free way and drive through their toll gates, in order to collect my prize of ... a free ride on the toll way? [Cory Doctorow's latest novel (Eastern Standard Tribe, available free online, or in bookstores) hypothesizes MP3-trading networks among moving cars, swapping automatically with whoever they pass near enough for a short range WiFi connection. Sounds plausible to me; there are already MP3 players with built-in short range FM transmitters, so nearby cars can hear your current selection. Extending that to faster WiFi transfers based on listening preferences would just require a simple matter of software. An iPod built by a non-DRM company might well offer such a firmware option -- at least in countries where networking is not a crime. Much of the music I have is freely tradeable.] All of which is irrelevant. The MP3s you are trading do not generate a transaction request, being fraudulent or otherwise, do not hit a server that has details on who you are, and are probably encrypted so nobody can tell what it is you are doing, thus forcing the cops (IP terrorists being your #3 priority) to pull the car to a halt and search for contraband music. The only questions here are: do the EZ Pass people have your licence plate and your EZ Pass account number? Do they have the budget to employ some students with cameras? Do they have the ability to target people who should be travelling A - D but keep getting billed from B - C? And, do the drivers who decide to defraud the EZ Pass system have the ability to avoid 2 points, being any 2 of A, B, C, D? iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
In message [EMAIL PROTECTED], John Gilmore writes: If they could read the license plates reliably, then they wouldn't need the EZ Pass at all. They can't. It takes human effort, which is in short supply. There are, in fact, toll roads that try to do that; see, for example, http://www.where.ca/toronto/subcategory_guide.cfm?subcategory_id=25category_id=24subtitle_id=142 But it's not foolproof; see http://66.102.7.104/search?q=cache:ELIC5NLh1qQJ:www.canoe.ca/Columnists/blizzard_feb18.html+ottawa+%22licence+plate%22+%22toll+road%22+toronto+problemhl=en (the original seems to have expired, hence the reference to the Google cache). --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
At 21:54 2004-07-09 +0100, Ian Grigg wrote: John Gilmore wrote: It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. Am I missing something? It seems to me that EZ Pass spoofing should become as popular as cellphone cloning, until they change the protocol. You pick up a tracking number by listening to other peoples' transmissions, then impersonate them once so that their account gets charged for your toll (or so that it looks like their car is traveling down a monitored stretch of road). It should be easy to automate picking up dozens or hundreds of tracking numbers while just driving around; and this can foil both track-the-whole-populace surveillance, AND toll collection. Miscreants would appear to be other cars; tracking them would not be feasible. Well, I am presuming that ... the EZ Pass does have an account number, right? And then, the car does have a licence place? So, just correlate the account numbers with the licence plates as they go through the gates. If they could do that reliably, they wouldn't need the toll thingy, nu? I have been told by someone in the photo-enforcement industry that their reliability is only around 75%, and they're very expensive, and ... anyway, not a viable solution to the problem given the current economics. But to a weekly commuter over one of the bridges in New York, for example, it's $1000 per year. What incentive does a miscreant have to reprogram hundreds or thousands of other cars??? Until recently, when viruses and worms started to be used to assist spamming, what incentive did a miscreant have to invade hundreds or thousands of computers? Greg. Greg RoseINTERNET: [EMAIL PROTECTED] Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/ Gladesville NSW 2111/232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
FasTrak is a passive system relative to the transponder -- it uses the transponder ID, a vehicle sensor, and an axle counter to generate toll records. The associated license plate capture-and-decode feature is only invoked if a non-transponder-equipped or invalidated-transponder-equipped vehicle attempts to use a transponder-controlled lane or toll booth. Its primary purpose is to provide sufficient information for a CHP officer to stop the offending vehicle. The original FasTrak design couldn't handle an invalidated transponder: it assumed that all correctly-formatted responses were from valid devices. Most of the automated toll systems were designed in an era of expensive processing and centralized databases: if the toll collection point can generate a formatted record that can be subsequently processed for billing purposes, that was sufficient functionality. Social engineering of automated toll systems may have already arrived: as long as the dollar amounts of the abuse lie within the noise factor of the victim's bill (e.g., a limousine service or a trucking company) the issue of retrofitting encryption to provide 'sufficient protection' will not be raised. Elliott - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
On Sat, Jul 10, 2004 at 10:28:49AM +1000, Greg Rose wrote: If they could do that reliably, they wouldn't need the toll thingy, nu? I have been told by someone in the photo-enforcement industry that their reliability is only around 75%, and they're very expensive, and ... anyway, not a viable solution to the problem given the current economics. But to a weekly commuter over one of the bridges in New York, for example, it's $1000 per year. Just today I read the following remark by Brad Delong on Eric Rescorla's Web site http://tinyurl.com/3aw8a: The IRS's comparative advantage is using random terror to elicit voluntary compliance with the tax code on the part of relatively rich people. Doesn't a similar principle apply here? Let's grant, as you say, that the system is only 75% effective, and perhaps the expense prevents us from deploying it at every lane so that the probability of catching a cheater is, say, only 40%. If we make the fine for cheating $5000 and/or 6 months in jail, then the cheater's expected savings, considering just the fine, is -$1994, assuming a $10 toll. That seems like a pretty good deterrent to me. jcs - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
Perry E. Metzger [EMAIL PROTECTED] writes: John Gilmore [EMAIL PROTECTED] writes: It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. Am I missing something? It seems to me that EZ Pass spoofing should become as popular as cellphone cloning, until they change the protocol. I doubt it. All the toll lanes that accept EZ Pass that I've seen are equipped with cameras. These cameras are used to identify toll evaders already. You point out that doing this would require manual work, but in fact several systems (including the one used for handling traffic fees in central London) have already demonstrated that automated license plate reading systems are feasible. Even without automated plate reading, storing photographs is also now astoundingly cheap given how cheap storage has gotten, so if anyone ever complained about incorrect charges on their bill, finding the plates of the cars that went through during the disputed toll collections would be trivial. Precisely. Moreover, you can presumably use fairly unsophisticated data mining/fraud detection techniques to detect when a unit has been cloned and then go back to the photographs to find and punish the offenders. -Ekr - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
Eric Rescorla [EMAIL PROTECTED] writes: All the toll lanes that accept EZ Pass that I've seen are equipped with cameras. These cameras are used to identify toll evaders already. You point out that doing this would require manual work, but in fact several systems (including the one used for handling traffic fees in central London) have already demonstrated that automated license plate reading systems are feasible. Even without automated plate reading, storing photographs is also now astoundingly cheap given how cheap storage has gotten, so if anyone ever complained about incorrect charges on their bill, finding the plates of the cars that went through during the disputed toll collections would be trivial. Precisely. Moreover, you can presumably use fairly unsophisticated data mining/fraud detection techniques to detect when a unit has been cloned and then go back to the photographs to find and punish the offenders. By the way, this is yet another instance in which it is important to consider threat models and economics when thinking about security systems. The people willing to fake both their license plates and their EZ Pass device are few, so the losses from them will be small. (If you fake your license plates, in many instances you don't even need to fake the EZ Pass device as nothing prevents you from simply driving through.) On the other hand, the cost of a system capable of doing a challenge-response turnaround -- and we're talking both that of building new tags plus the cost of designing and deploying units capable of conducting two full round trip communications with cars going through at 25 miles an hour -- is pretty high. You also will always need the camera systems because you need to catch people simply driving through, and because you will always get toll disputes that need resolution. That means you can't even save the cost of the plate cameras even with a challenge/response system. Economically speaking, then, it doesn't seem like the threat (a small amount of toll evasion by people willing to fake their license plates and to clone EZ Pass equipment) doesn't cost as much as the putative cure, and can't even cure the problem (since fare evaders with fake plates will simply drive through toll lanes without physical barriers, such as all the high speed toll lanes). If I were advising the automated toll system people, I'd say it was not worth it. On the other hand, more complicated tags *might* be worth it for another purpose -- preserving the privacy of drivers by using more complicated protocols. However, as the benefit of such systems is to people who are unlikely to have much voice in the construction of the system, and who are also unlikely to be willing to pay more money to gain privacy, I think the implementation of such tags is unlikely. -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
Date: Fri, 2 Jul 2004 21:34:20 -0400 From: Dave Emery [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: EZ Pass and the fast lane No mention is made of encryption or challenge response authentication but I guess that may or may not be part of the design (one would think it had better be, as picking off the ESN should be duck soup with suitable gear if not encrypted). From a business perspective, it makes no sense to spend any money on crypto for this application. If it is free, sure use it, but if not, then worry about the 0.01% of users who fiddle the system later on. It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. If the end result isn't as shown through other means, then you have the evidence. One high profile court case later, and the chances of anyone copying this to escape a toll fare shrink into the ignorable. iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. Am I missing something? It seems to me that EZ Pass spoofing should become as popular as cellphone cloning, until they change the protocol. You pick up a tracking number by listening to other peoples' transmissions, then impersonate them once so that their account gets charged for your toll (or so that it looks like their car is traveling down a monitored stretch of road). It should be easy to automate picking up dozens or hundreds of tracking numbers while just driving around; and this can foil both track-the-whole-populace surveillance, AND toll collection. Miscreants would appear to be other cars; tracking them would not be feasible. The rewriteable parts of the chip (for recording the entry gate to charge variable tolls) would also allow one miscreant to reprogram the transponders on hundreds or thousands of cars, mischarging them when they exit. Of course, the miscreant's misprogrammed transponder would just look like one of the innocents who got munged. [I believe, by the way, that the EZ Pass system works just like many other chip-sized RFID systems. It seems like a good student project to build some totally reprogrammable RFID chips that will respond to a ping with any info statically or dynamically programmed into them by the owner. That would allow these hypotheses to be experimentally tested.] John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
John Gilmore wrote: It would be relatively easy to catch someone doing this - just cross-correlate with other information (address of home and work) and then photograph the car at the on-ramp. Am I missing something? It seems to me that EZ Pass spoofing should become as popular as cellphone cloning, until they change the protocol. You pick up a tracking number by listening to other peoples' transmissions, then impersonate them once so that their account gets charged for your toll (or so that it looks like their car is traveling down a monitored stretch of road). It should be easy to automate picking up dozens or hundreds of tracking numbers while just driving around; and this can foil both track-the-whole-populace surveillance, AND toll collection. Miscreants would appear to be other cars; tracking them would not be feasible. Well, I am presuming that ... the EZ Pass does have an account number, right? And then, the car does have a licence place? So, just correlate the account numbers with the licence plates as they go through the gates. The thing about phones is that they have no licence plates and no toll gates. Oh, and no cars. The rewriteable parts of the chip (for recording the entry gate to charge variable tolls) would also allow one miscreant to reprogram the transponders on hundreds or thousands of cars, mischarging them when they exit. Of course, the miscreant's misprogrammed transponder would just look like one of the innocents who got munged. What incentive does a miscreant have to reprogram hundreds or thousands of other cars??? [I believe, by the way, that the EZ Pass system works just like many other chip-sized RFID systems. It seems like a good student project to build some totally reprogrammable RFID chips that will respond to a ping with any info statically or dynamically programmed into them by the owner. That would allow these hypotheses to be experimentally tested.] Phones are great for spoofing because the value can be high. And, the risk of being physically apprehended is low. Cars and toll ways are a different matter. iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EZ Pass and the fast lane ....
[By the way, [EMAIL PROTECTED] is being left out of this conversation, by his own configuration, because his site censors all emails from me. --gnu] Well, I am presuming that ... the EZ Pass does have an account number, right? And then, the car does have a licence place? So, just correlate the account numbers with the licence plates as they go through the gates. If they could read the license plates reliably, then they wouldn't need the EZ Pass at all. They can't. It takes human effort, which is in short supply. The thing about phones is that they have no licence plates and no toll gates. Oh, and no cars. Actually, cellphones DO have other identifying information in them, akin to license plates. And their toll gates are cell sites. It's not clear what your remark about phones having no cars has to do with the issue of whether EZ Pass is likely to be widely spoofed. What incentive does a miscreant have to reprogram hundreds or thousands of other cars??? (1) Same one they have for releasing viruses or breaking into thousands of networked systems. Because they can; it's a fun way to learn. Like John Draper calling the adjacent phone booth via operators in seven countries. (2) The miscreant gets a cheap toll along with hundreds of other people who get altered tolls. [Cory Doctorow's latest novel (Eastern Standard Tribe, available free online, or in bookstores) hypothesizes MP3-trading networks among moving cars, swapping automatically with whoever they pass near enough for a short range WiFi connection. Sounds plausible to me; there are already MP3 players with built-in short range FM transmitters, so nearby cars can hear your current selection. Extending that to faster WiFi transfers based on listening preferences would just require a simple matter of software. An iPod built by a non-DRM company might well offer such a firmware option -- at least in countries where networking is not a crime. Much of the music I have is freely tradeable.] John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]