Don't Get Burned Twice

As Randy Abrams in his blog piece Don't Get Burned Twice points out, "The current fires in Southern California are causing misery to hundreds of thousands of people ... As is the case with all disasters there are good people rallying to help and bad people trying to exploit the situation for profit. It may be a good time to remind people about some best practices to make sure that the money you earmark for helping people goes to helping people."

He offers some sage advice about how to avoid getting scammed, "First of all, do not respond to email messages soliciting donations, even from legitimate charities. These messages often are not sent by the charity itself. If you get an email from The American Red Cross and you wish to donate to this respected organization, do not use any information in the email as it may have been sent by a scammer that will redirect you to their fake Red Cross web site. Instead, look up the phone number for the Red Cross, or open your browser yourself and type in http://american.redcross.org." He then goes on to say that if the American Red Cross is not your favorite charity, "A site that can assist you with determining the legitimacy and effectiveness of a charity is http://www.charitynavigator.org/." And above all, "do not give cash to people claiming to represent charities. At LAX or other public places a person may approach you claiming to be collecting for victims of this or other disasters. They may even have impressive documents that are easily printed on a home PC. Some of these people are undoubtedly legitimate, but unless you are a psychic you probably won’t know. Take the information about the charity they represent and look it up before you part with your money."

As he says, "A few simple precautions will help prevent you and the victims you seek to help from being victimized."

And congratulations to Randy and his fellow employees at ESET LLC for volunteering their time and money to assist victims.

The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group.

--Chip Neville

PS. Fellow Julie Group blogger Karoli has a dead-on post, Attention Mainstream Media: Quit Comparing SoCa Fires to Katrina! at odd time signatures.

Should OnStar Shut Your Car Down?

There has been quite a commotion over at Slashdot about General Motors' plan to "install OnStar systems on almost 1.7 million 2009-model cars." It seems our friends at GM plan to incorporate a "feature" which will allow "law enforcement (or anyone who cracks the system) to remotely shut down vehicles." And Lauren Weinstein writes, "Ready to turn over the keys of your vehicle to the cops, or that clever hacker in the next lane? How about that creepy guy following you on a lonely country road?"

These are good points. But so is the point made by the Cal Highway Patrol Deputy Commissioner, Joe Farrow, that about 15 percent of the pursuits are at speeds of 90 miles per hour and greater, and that, "There are some high-speed chases that we have out here that we'd like to bring to a halt." You don't have to be a rocket scientist to figure out that this stuff is dangerous, and as the AP story where Farrow is quoted points out, 404 people were killed in the US last year in high speed police pursuits.

Clearly, there is a balancing act here. We, the public, need to balance the number of injuries and deaths to be prevented by installing OnStar against the certainty that those nasty folks at evil.wicked.hackers.org will try, and for a time succeed, in hacking the OnStar system.

One way to do this balancing would be to demand public hearings in states like California on this issue. And the computer security community needs to be prepared to provide timely and accurate input. Perhaps we should ask the people over at The Shmoo Group, the people who gave us AirSnort and exposed just how vulnerable the WEP encryption scheme is, to try to hack into OnStar just to find out how easy or hard it is to do.

We need some data here folks! This is too important an issue to leave to GM (or slashdot). And GM, if legitimate security researchers need your exalted permission to hack OnStar, you need to be prepared to give it.

The opinions expressed in this post are those of the author and should not be interpreted as an official position of The Julie Group.

--Chip Neville

A Welcome Court Decision

Arstechnica today reports that an Ohio judge understands the issues involved with child pornography laws, teens, and computing. In an entry called Judge bars Ohio's attempt to keep "harmful" Internet content away from minors by Nate Anderson, he reports,

The state of Ohio this week found itself on the losing end of a judicial decision that struck down a state law banning all Internet transmission of content that is "harmful to minors" if the sender should know that someone on the receiving end is a minor.
Federal judge Walter Rice issued a permanent injunction against the law after pointing out the many ways that it could restrict legitimate speech between adults. The Supreme Court has already found that Internet users have reason to believe that there are minors present in every chat room, for instance; under the Ohio law, anything deemed obscene for minors that was uttered in a chat room could therefore possibly lead to prosecution.

The law was first passed in 2002 and immediately challenged by Media Coalition, a group of booksellers, newspapers, and providers of sexual health information. The judge soon granted a preliminary injunction, and the state amended the law in order to avoid several of the original problems. Despite the changes, Judge Rice still found the bill too broad when applied to the Internet, where it can be difficult or impossible to know the ages of every person that one interacts with.

Media Coalition's executive director, David Horowitz, praised the decision. "While we should have adequate legal safeguards to shield children from objectionable content," he said, "those safeguards cannot unreasonably interfere with the rights of adults to have access to materials that are legal for them."

Today, legislators, judges, and informed citizens must insist an end to witch-hunt prosecutions of citizens, in many cases minors, for possession of material that they may encounter due to legitimate online activity.

Consenting adults enjoy broad cultural interests that will occasionally intersect the lives of others. The underlying personalization automata of the internet is indifferent to social norms. Perfectly innocent people's computers are daily assaulted by malware, viruses, and ingenious scripts that can control and contrive artificial and unwelcome content on anyone's computer. If that content comes to the attention of the authorities, the unfortunate party can find themselves accused of crimes they did not commit.

Knowing what we know about artificial intelligences influencing personal computers, we need more judges insisting on free speech who can couple that conviction with an intolerance for nuisance prosecutions based on synthetic digital realities.

- krasicki