[OLPC Security] Some anti-theft questions

[Ivan Krstić]

On Jan 23, 2008, at 8:18 AM, Alexander Todorov wrote:
> Oh, did I? I didn't know that once activated the laptop will try to  
> get
> the new lease from the school server. I was thinking that it will  
> try to
> connect to a central government managed server.

This is indeed correct; in fact, all activated laptops will --  
tentatively as of update.2 -- be connecting to our central theft  
deterrence server (TDS) until governments set up their own TDS  
infrastructure.

However, we will be deploying monitoring to the school servers as  
well, such that information can be provided to governments to the  
effect of "these 56 laptops haven't been seen at their home school in  
the last month, but are active and connecting from other places."

> That may be a problem in some countries. I would prefer a
> monitoring solution and a body (say OLPC foundation) that will *force*
> the local authorities to do their job.

Monitoring, yes. Enforcement -- most certainly not. Once a country  
purchases laptops, a transfer of ownership takes place. Even if we  
wanted to, we couldn't enforce anything at all given that we're not  
dealing with our own property. And we're not in the enforcement  
business anyway.

I will go to great lengths to make sure that our customers have  
understandable, easily-available data about their laptops, and that we  
are on hand to both aid with its interpretation and to talk through  
any possible policy approaches to handling problems. But that's firmly  
where our ability to help stops.

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org