“WHY DO I HAVE TO TAKE MY HAT OFF?”

“In Massachusetts many banks agreed that their customers must remove their hats and sunglasses once they crossed a bank’s threshold. Of these branches, only 3% were robbed.” – The Economist

Perhaps the bank version of the “please turn off your digital devices” policy on planes is the no hats (or hoodies, or helmets, or sunglasses) policy.

Mr Delancaster-Swinbank-Slack is annoyed that the staff at his local ANZ branch continually ask him to remove his hat when he visits.

The sign at the door clearly indicates the policy, but Mr Delancaster-Swinbank-Slack is 83 and is no “young thug”, so he chooses to ignore it.

He puts ANZ staff into a difficult position because they can’t apply the policy discriminately to just the people they think look a bit dodge.

He notes that staff “usually relented because of his age and non-menacing appearance”. He puts the other staff working in the branch into an even more difficult position. Say someone else comes into the branch. Maybe they look dodgy, maybe they don’t. They’re also wearing a hat.

How do you explain to them that you’d like them to remove their hat when a couple of metres away Anthony is over there rocking his sports hat? Do you choose to ask the person who just walked in, potentially really offending one of your customers with the insinuation that they look suspect? Or do you not ask, knowing that the large majority of bank robbers cover their face/head in some way?

 This post represents my views, not my employer’s.

Shut Up & Sing

Dixie Chicks - Shut Up And Sing

I re-watched this last night. Kind of relevant right now.

This Chicks flick by Barbara Kopple (Academy Award winner for Harlan County, U.S.A.) and Cecilia Peck is powerful testament to the inconvenient truth that free speech can come at a very high cost. The Dixie Chicks, Texas-based and one of country music’s most successful acts, found out just how costly it was in the weeks following a March 10, 2003, concert in London. Indulging in some between-song patter, singer Natalie Maines expressed shame that “the president of the United States is from Texas.”

In politics, as in comedy, timing is everything; and at the time, President George W. Bush’s popularity among the Chicks’ traditional country fans was sky-high, and the invasion of Iraq was imminent. Reaction was fast and furious. Country radio stations boycotted the Dixie Chicks’ music. Conservative talk show hosts lambasted them.

Country superstar Toby Keith got into the act by denigrating Maines in his concerts. People destroyed Dixie Chicks CDs in public protests that echoed the furor sparked by John Lennon’s 1966 “We’re more popular than Jesus now” comment. The trio’s tour had to be scaled back and rerouted to include friendlier climes (Canada). (via)

Microsoft Windows 7/Vista Law Enforcement Guides

Public Intelligence got a hold of some interesting slides that Microsoft seems to present to law enforcement personnel. Microsoft explains the weaknesses in their privacy/security functions and how law enforcement et al. can leverage them best.

Here are some highlights:

InPrivate

 

Microsoft Law Enforcement Cover Your Tracks

A benefit to law enforcement of InPrivate is that website data for sites added to favorites will be left alone if a box remains ticked.

Microsoft Law Enforcement Tor Project

Not surprisingly, The Tor Project comes up in the presentation (because anyone using Tor must be doing something bad!!), associated with the user name ‘bad guy’.

Microsoft Law Enforcement InPrivate

Common uses of the InPrivate mode include checking e-mail on public computers and “shopping for gifts” on family computers.

Microsoft Law Enforcement InPrivate 3

In a plea to not lose their law enforcement buddies because of the inclusion of these inconveniencing features, Microsoft says that they’re not alone including private browsing functionality, ie. they were forced to do this because the competition was doing it (good job Firefox and Chrome).

Microsoft Law Enforcement InPrivate 2

Bitlocker

Microsoft Law Enforcement Bitlocker

Microsoft says that it’s not all bad, BitLocker isn’t available to any commoner, it “has a number of ‘Recovery’ scenarios that we can exploit”, and that users are scared of encryption.

Microsoft Law Enforcement Bitlocker 2

“We are the good guys!” Who are the bad guys then? The people using encryption/BitLocker?

Microsoft Law Enforcement Forensic First Responders

Virtual PC Undo Disks

Microsoft Law Enforcement Virtual PC Undo Disks

Virtual PC Undo Disks are scary for law enforcement.

Full presentations are here.

Where Is The CCTV Footage From The Dotcom Mansion Raid?

CCTV camera

Ars Technica sez:

“Since January, the Dotcom legal team has asked for the footage, but police refused, until finally the agency agreed that an IT expert for DotCom could come and collect a copy of the footage. When the IT expert arrived at the police station, he found the server completely disassembled, and authorities said they could not reassemble it or give him any footage. Now, no one outside the police agency is sure the footage still exists.”

Here’s what the Police said to me on 13 February:

“Police do not have any equipment which may hold this security footage. This equipment is held by the Official Assignee on behalf of the Crown, not Police.”

And here’s what the Insolvency & Trustee Service said on 17 February:

“The Official Assignee has no knowledge of any security camera footage.”

So what exactly does this footage show that the police and friends don’t want getting out?

Image credit: Charbel Akhras

I Know What You Downloaded Last Summer

YouHaveDownloaded.com
I'm a good boy.

YouHaveDownloaded.com

An interesting site popped up near the end of last year called YouHaveDownloaded.com. You might not have visited it, or even heard of it, but if you’ve been using torrents, it might have heard of you.

The site is quite simple, it tracks torrents and the people (IP addresses) downloading them, much like copyright holders do (or hire companies to do for them). They claim to be tracking roughly 4%-6% of all torrent downloads and 20% of torrents from public trackers, like The Pirate Bay.

The difference to the copyright holders is that this site makes the information is collects public. You can see what it thinks the IP address you’re using has been used to torrent, or any other IP address you can think of. It might not be right, or it might be spot on.

This site just highlights what is going on all the time. Torrenting is a very public activity unless you’re making an effort to protect your privacy (like using a proxy or VPN from a reputable provider). Privacy is not the default on the interwebs.

IP addresses are more like PO Boxes than physical addresses — most people have dynamic IP addresses that regularly change, and add in the fact that some people have insecure Wi-Fi, the results on the site aren’t that accurate.

The site brings up an interesting statistic, especially if it’s true: “About 10% of all online shoppers, in the US, are torrent users as well.” In the future will advertisers link an IPs torrenting history to an advertising profile. Is this already happening?

The removal form

The site provides a form that supposedly enables people to request removal from the site. Don’t use it.

Previously it asked people to sign in using their Facebook accounts, and the CAPTCHA to get to the non-Facebook removal form didn’t work (ie. they wanted to link your data with a real name, cue warning bells). Now it seems like Facebook has revoked their access to use Facebook logins (they say Facebook logins are “Temporarily disabled due problems with Facebook”), so it brings up the removal form, which asks for a name and an email address.

I’m not saying this is what the people behind the site are doing, but this would be all the information they would need, in addition to the information they have on torrents associated with your IP address, to send an extortionate email your way. Or sell your data (probably not to copyright holders, because they hire people to do this for them already).

Here’s what their removal terms are (and yeah, the rest of the site is worded like this too):

Removal Terms
The Details: By submitting a request to have your download activity removed from our database, you are acknowledging that the activity was, in fact, carried out by yourself. This means that you are only submitting a request to have the details of your own personal activity deleted. Any unrecognized activity, such as files you did not download or do not remember downloading, are not — I repeat, are not to be included in your removal request. Why is this imperative? Well, we actually don’t have to explain ourselves…sorry.

The important part is that you understand these terms and conditions before hitting that beautiful button that will erase your criminal back ground, at least for now. Wait, you did remember to read these terms before making the decision to submit a removal request, right? Of course you did, everyone reads the fine print.

Other Important Things to Consider: We make no guarantees that your information will not appear on any other databases. We may have erased your bad behavior but, keep in mind that your data on this site is aggregated public domain. So, if by chance, another sadistic group of people decides to open a similar web site, we have no control over what they do with your information. Furthermore, if you continue to involve yourself in activity like this, your future download history will, without a doubt, appear in our database again and we may not be as nice about it next time.

If any part of these terms is still unclear, please visit your local elementary school and ask to repeat grades 3 through 5.”

Giving the people or company behind the site any more information about yourself is not a good idea, even if they claim that the site is a joke and you shouldn’t take it seriously.

And anyway, if your IP address is listed on the site, it must be because of the person that used it previously. Right?

The only redeeming feature of the site? You can look up the content companies that take people to court for illegal file sharing.

How To Counterfeit Money

PhotoShop banknote block

Not with Photoshop (and apparently Paint Shop Pro), or your printer, anyway.

The counterfeit deterrence system

If you try to open an image of specific currencies (and I assume at a specific resolution or higher) in Photoshop, you’ll receive the same error message as above. It’s interesting to note that New Zealand’s money isn’t blocked from being opened. Probably because we’re too busy trying to stop our passports from being counterfeited.

You can test it out using images from Banknotes.com. This one and this one throw up the error for me.

Here is Adobe’s information page on their ‘Counterfeit deterrence system’. What Photoshop is looking for is apparently a Digimarc digital watermark, different from the EURion constellation printers, or at least colour photocopiers look out for.

How to get around it

So what if your counterfeiting plans were going well so far, and now you’re at a standstill because of Adobe? You can use Gimp. It opens banknotes without trouble. So do old versions of Photoshop. And Microsoft Paint.

Why did Adobe think it was a good idea to add this? Counterfeiters will already know that they can use an older version of Photoshop, or use other software to get around this additional ‘feature’ and will be doing that.

All Adobe is doing is pissing off people who are trying to use Photoshop for a legitimate reason.

The Rules For Use website the dialog box directs users to even lists situations where you can reproduce banknotes legally (e.g. at a certain size), but Photoshop blocks opening banknotes full stop.

Why is it included?

Adobe will have had to spend time and money on including this system, with no returns in the form of additional sales. I assume they were pressured to include it, or even paid to include it by the Central Bank Counterfeit Deterrence Group.

Perhaps more concerning is that Adobe apparently has no idea what they have actually included in their software on behalf of the CBCDG:

“The inner workings of the counterfeit deterrence system are so secret that not even Adobe is privy to them. The Central Bank Counterfeit Deterrence Group provides the software as a black box without revealing its precise inner workings, Connor said.”

Secrecy

If you’ve bought Photoshop, were you aware of this system at the time of sale? You bought the software to open and edit images, but there are limitations you wouldn’t have been told about.

Here’s the two places where this system is talked about on Adobe’s website. A forum post and the information post linked to above.Adobe search CDS

Where’s the information page linked to from on Adobe’s website? My guess is not very many places, because they should have come up in the search too.

Printers are in on this too

I tried to print United States banknotes from Banknotes.com too. And the job failed. Here’s a New Zealand banknote that printed (and scanned) fine, with one of the United States notes below, which stopped printing halfway through.

Printing money

Here’s the error message in the print dialog.

Banknote print error reading pixels

Error 9707 seems to be specific to the counterfeit deterrence system, but is only described as “reading pixels failed”.

So I guess every time I print something, either the printer or the driver is all: “IS THIS LOOK LIKE MONEY?! NOPE, SEEMS TO BE A GIRAFFE.”

 

What I wonder is what other, potentially less visible and transparent “features” are being included in systems because of pressure or money?

I don’t want manufacturers including these non-features in their products for me and I don’t want my technology making decisions for me.