[OLPC Security] Grey Markets: differentiation of legitimately purchased laptops

Mike C. Fletcher mcfletch at vrplumber.com
Mon Oct 15 19:26:26 EDT 2007 

C. Scott Ananian wrote:
> On 10/15/07, Ka-Ping Yee <ping at zesty.ca> wrote:
>   
>> On Mon, 15 Oct 2007, C. Scott Ananian wrote:
>>     
>>> I believe the current plan is to only sell G1G1 machines to countries
>>> we are *not* targetting for actual deployment.  If you see an XO in
>>> the USA, you're a friend of the project.  If you see an XO in an
>>> adult's hands in Nigeria, you're a thief.
>>>       
>> But that's not the point.  The concern expressed at the security summit
>> was that someone would steal a shipment of laptops intended for Nigeria
>> in order to resell them at a profit in the United States.  It might
>> even be profitable to buy or barter for laptops that have already been
>> distributed, and ship them to the United States for resale.
>>     
>
> First boot activation prevents this attack.
>   
Certainly not in total.  See other thread today on migratory fraud.  
Consider also village-level corruption where the village (elders, school 
principal) decides that selling the laptops along with their keys is 
sufficiently profitable that they are willing to sell off the laptops 
along with their activation keys and just keep quiet about them 
disappearing.

Faced with, for instance, $100 * 1000 students, many villages might very 
well say "scr*w education" and sell off the units to throw a magnificent 
party, to pay for an important retirement fund for the local war-lord, 
or what have you.  Similarly if armed men are telling you to hand over 
the shipment of laptops and all of the activation keys, and tell you 
they will come back and kill you all if you ever report them stolen, you 
will likely hand over the shipment and keep quiet.  As long as the 
profit motive exists, you will have people try to exploit the resource.

The potential existence of signed images which allow for unlocking any 
laptop (proposed for the country-level repair centres) means that with a 
simple leak of those images, any stolen laptop becomes entirely 
untraceable and thus valuable.  With that leak, a simple insertion of a 
USB key makes any laptop resalable.  Even without those images, the leak 
of a country's signing key would have the same effect.  Organised crime 
could, without much difficulty, acquire country-level keys, if doing so 
would open up millions of dollars in salable goods.

What we are suggesting here is a means to reduce the *motive* to steal 
the laptops.  While first-boot activation erects another hurdle (and we 
want that hurdle), we have potentially millions of dollars available for 
determined thieves.  Having a physical difference in the laptop 
introduces a per-unit cost to grey-marketeers, each laptop now has to be 
physically altered with a reasonable degree of care to avoid being 
easily spotted.

If physical differentiation can be done with minimal impact, I would 
*strongly* suggest that we do so.

Hope that helps,
Mike

-- 
________________________________________________
  Mike C. Fletcher
  Designer, VR Plumber, Coder
  http://www.vrplumber.com
  http://blog.vrplumber.com

More information about the Security mailing list