[OLPC Security] Grey Markets: differentiation of legitimately purchased laptops
c-d.hailfinger.devel.2006 at gmx.net
Mon Oct 15 20:12:51 EDT 2007
[side note: I did not receive the messages from C. Scott Ananian or
Ka-Ping Yee via the list. Any change someone can bounce them to the list?
Mike: Your Reply-To header may have had undesired effects on some of the
people replying to you.]
On 16.10.2007 01:26, Mike C. Fletcher wrote:
> C. Scott Ananian wrote:
>> On 10/15/07, Ka-Ping Yee <ping at zesty.ca> wrote:
>>> On Mon, 15 Oct 2007, C. Scott Ananian wrote:
>>>> I believe the current plan is to only sell G1G1 machines to countries
>>>> we are *not* targetting for actual deployment. If you see an XO in
>>>> the USA, you're a friend of the project. If you see an XO in an
>>>> adult's hands in Nigeria, you're a thief.
>>> But that's not the point. The concern expressed at the security summit
>>> was that someone would steal a shipment of laptops intended for Nigeria
>>> in order to resell them at a profit in the United States. It might
>>> even be profitable to buy or barter for laptops that have already been
>>> distributed, and ship them to the United States for resale.
>> First boot activation prevents this attack.
> Certainly not in total. See other thread today on migratory fraud.
> Consider also village-level corruption where the village (elders, school
> principal) decides that selling the laptops along with their keys is
> sufficiently profitable that they are willing to sell off the laptops
> along with their activation keys and just keep quiet about them
Besides that, if someone is willing to invest about one hour of work,
first boot activation probably can be circumvented.
> Faced with, for instance, $100 * 1000 students, many villages might very
> well say "scr*w education" and sell off the units to throw a magnificent
> party, to pay for an important retirement fund for the local war-lord,
> or what have you. Similarly if armed men are telling you to hand over
> the shipment of laptops and all of the activation keys, and tell you
> they will come back and kill you all if you ever report them stolen, you
> will likely hand over the shipment and keep quiet. As long as the
> profit motive exists, you will have people try to exploit the resource.
> The potential existence of signed images which allow for unlocking any
> laptop (proposed for the country-level repair centres) means that with a
> simple leak of those images, any stolen laptop becomes entirely
> untraceable and thus valuable. With that leak, a simple insertion of a
> USB key makes any laptop resalable. Even without those images, the leak
> of a country's signing key would have the same effect. Organised crime
> could, without much difficulty, acquire country-level keys, if doing so
> would open up millions of dollars in salable goods.
Back in fall 2006, someone (Ivan?) said this will not happen.
I do agree with you, however.
> What we are suggesting here is a means to reduce the *motive* to steal
> the laptops. While first-boot activation erects another hurdle (and we
> want that hurdle), we have potentially millions of dollars available for
> determined thieves. Having a physical difference in the laptop
> introduces a per-unit cost to grey-marketeers, each laptop now has to be
> physically altered with a reasonable degree of care to avoid being
> easily spotted.
> If physical differentiation can be done with minimal impact, I would
> *strongly* suggest that we do so.
I looked at pricing for reasonably large hologram stickers with unique
serial numbers and they are in the cent range, so I don't see big
problems putting them on donor laptops.
More information about the Security