[OLPC Security] Grey Markets: differentiation of legitimately purchased laptops
Mike C. Fletcher
mcfletch at vrplumber.com
Mon Oct 15 19:26:26 EDT 2007
C. Scott Ananian wrote:
> On 10/15/07, Ka-Ping Yee <ping at zesty.ca> wrote:
>> On Mon, 15 Oct 2007, C. Scott Ananian wrote:
>>> I believe the current plan is to only sell G1G1 machines to countries
>>> we are *not* targetting for actual deployment. If you see an XO in
>>> the USA, you're a friend of the project. If you see an XO in an
>>> adult's hands in Nigeria, you're a thief.
>> But that's not the point. The concern expressed at the security summit
>> was that someone would steal a shipment of laptops intended for Nigeria
>> in order to resell them at a profit in the United States. It might
>> even be profitable to buy or barter for laptops that have already been
>> distributed, and ship them to the United States for resale.
> First boot activation prevents this attack.
Certainly not in total. See other thread today on migratory fraud.
Consider also village-level corruption where the village (elders, school
principal) decides that selling the laptops along with their keys is
sufficiently profitable that they are willing to sell off the laptops
along with their activation keys and just keep quiet about them
Faced with, for instance, $100 * 1000 students, many villages might very
well say "scr*w education" and sell off the units to throw a magnificent
party, to pay for an important retirement fund for the local war-lord,
or what have you. Similarly if armed men are telling you to hand over
the shipment of laptops and all of the activation keys, and tell you
they will come back and kill you all if you ever report them stolen, you
will likely hand over the shipment and keep quiet. As long as the
profit motive exists, you will have people try to exploit the resource.
The potential existence of signed images which allow for unlocking any
laptop (proposed for the country-level repair centres) means that with a
simple leak of those images, any stolen laptop becomes entirely
untraceable and thus valuable. With that leak, a simple insertion of a
USB key makes any laptop resalable. Even without those images, the leak
of a country's signing key would have the same effect. Organised crime
could, without much difficulty, acquire country-level keys, if doing so
would open up millions of dollars in salable goods.
What we are suggesting here is a means to reduce the *motive* to steal
the laptops. While first-boot activation erects another hurdle (and we
want that hurdle), we have potentially millions of dollars available for
determined thieves. Having a physical difference in the laptop
introduces a per-unit cost to grey-marketeers, each laptop now has to be
physically altered with a reasonable degree of care to avoid being
If physical differentiation can be done with minimal impact, I would
*strongly* suggest that we do so.
Hope that helps,
Mike C. Fletcher
Designer, VR Plumber, Coder
More information about the Security