[OLPC Security] Grey Markets: differentiation of legitimately purchased laptops

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Mon Oct 15 19:57:13 EDT 2007 

On 16.10.2007 01:06, Mike C. Fletcher wrote:
> as long as there is a market *somewhere* where laptops are being sold, 
> there will be an incentive to divert laptops.  Borders are porous, the 
> laptops are, compared to average wages in many of our target countries, 
> sufficiently expensive to make a month or so of work a reasonable 
> investment if one can sell two or three laptops on the grey market as a 
> result.
>   
I have been saying that over one one year ago but I was not taken
seriously. Back then, I talked about one hour of work to unlock a laptop
to sell it without any activation issues. One hour of work was deemed a
sufficient deterrent to theft. Now you're talking about half a month per
laptop, which is an entirely different timescale. I agree with you that
there is an incentive to divert laptops and the incentive is strong
enough to be considered serious.

The idea of visual differentiation is a nice one because it helps people
to easily identify laptops which should not be in the hands of adults.
Software security mechanisms can't achieve that. However, repainting
laptops is probably not very difficult. Unless I misunderstood you, a
certain color combination would be reserved for "donor" laptops. Would
it be possible to use a color which is either 1) expensive or 2)
fluorescent or 3) otherwise difficult to reproduce and easy to discern?
Another option would be a hologram sticker with the XO logo, a "donor"
sign/symbol and a serial number which can be used to look up the
geographic location of the rightful owner. That way, it is easy for
third parties to check whether the laptop you are holding is supposed to
be in Illinois, USA or in Mato Grosso, Brazil. In case of travelling
donors, the serial number can still be used to verify ownership against
ID documents.

> Also consider cases where a well-meaning friend-of-the-project travels 
> to Africa with their legitimately purchased machine.  With a visibly 
> differentiated machine, no problem, you point out that yours is a 
> "black" or "white" or "gold" (or whatever) laptop, indicating that it's 
> a non-educational machine, and you continue on sans lynching.
>   

Agreed.
> If we can easily curtail grey-market operations, I would strongly 
> suggest that we make the attempt.
>   

Good luck! I hope your attempt is taken more seriously than mine back then.

Regards,
Carl-Daniel

More information about the Security mailing list