The Theft Problem: Difference between revisions

From OLPC
Jump to navigation Jump to search
No edit summary
(remove categories that this page does not provide authoritative information on)
 
(34 intermediate revisions by 18 users not shown)
Line 1: Line 1:
{{Translations}}
There are brief discussions of the theft problem here:
There are brief discussions of the theft problem here:
:[[Case design#The colour of the case]],
:[[Case design#The colour of the case]],
Line 5: Line 6:


How can we make sure that adults do not steal these laptops and start to use them for nefarious purposes?
How can we make sure that adults do not steal these laptops and start to use them for nefarious purposes?

==The Problem==
==The Problem==
There is a serious theft problem that must be addressed if this laptop is to be made available in developed countries and that includes many of the orange countries on the map. As long as the laptop is distributed to children only, there will be no adult market for the laptop. In other words, there will be no motivation for adults to steal these laptops from children for their own use.
There is a serious theft problem that must be addressed if this laptop is to be made available in developed countries and that includes many of the orange countries on the map. As long as the laptop is distributed to children only, there will be no adult market for the laptop. In other words, there will be no motivation for adults to steal these laptops from children for their own use.
Line 17: Line 17:
This is a serious topic which really needs its own page. For now, one should not forget problems caused by portability and market value of the OLPC, making it possible object for kid-to-kid and adult-to-kids thieft. As industry developed multiple anti-thieft protection mechanisms, none should left unconsidered. Simpliest detachable security cable with case-integrated 4-digit code lock would ease thieft problem significantly.
This is a serious topic which really needs its own page. For now, one should not forget problems caused by portability and market value of the OLPC, making it possible object for kid-to-kid and adult-to-kids thieft. As industry developed multiple anti-thieft protection mechanisms, none should left unconsidered. Simpliest detachable security cable with case-integrated 4-digit code lock would ease thieft problem significantly.


== Make them different to public available comercial products==
== Make them different to public available commercial products==


If the olpc laptop has different
If the olpc laptop has different
Line 24: Line 24:
*size of motherboard
*size of motherboard
it can be easily identified as a olpc laptop.
it can be easily identified as a olpc laptop.

Much of that will require engineering effort, reduce the economy of scale, and make laptops less desirable. It's easier to just print "olpc" in great big letters on the back.


== Serial Number ==
== Serial Number ==
Line 32: Line 34:
of stolen laptops. If you boot from this USB stick it should show if
of stolen laptops. If you boot from this USB stick it should show if
the laptop is stolen. (MAC adresses can be changed temporarily by software)
the laptop is stolen. (MAC adresses can be changed temporarily by software)

== Fingerprint Reader to identfy the user (Id theft?) ==

I propose to install a fingerprint reader in the Laptops.

It is important as it avoids the problem of somebody doing somebody´s else homework.
Or posing as a different student.

Besides a stolen laptop will not turn on, if the student doesn´t activate it, by using
own finger. MEXICO, AGS-----[[User:Dagoflores|Dagoflores]] 21:48, 4 April 2007 (EDT)

Can somebody tell me why this approach is not adopted? MEXICO, AGS----- --[[User:Dagoflores|Dagoflores]] 01:02, 23 September 2007 (EDT)

: I can't speak for the OLPC people, but it seems to me there are several flaws in your plan which perhaps you have not considered:
:* The fingerprint reader will not prevent a child from doing another child's homework. It would be easy enough for one child to activate the device and another child to do the work, or for one child to write a document and another child to copy-and-paste it, or one child to tell another what to type in. In fact, the reader will only protect against the case where one student takes another's laptop home with him to do the work, which I think is much less likely than other approaches.
:* The reader will not prevent a student from posing as another. You are probably thinking of the case where a child leaves his laptop unattended in class, but in this case the child will be most likely to also leave it logged in and unlocked, so a fingerprint reader wouldn't help.
:* The reader provides little additional theft protection beyond that already provided for in [[Bitfrost]], where the laptop won't turn on if it doesn't receive a wireless certificate from the school server after a set amount of time.
:* The reader adds additional hardware and software costs to the laptop and requires redesigning the case (which is already highly constrained). It may also require an additional hole in the case, which reduces the laptop's water- and dust-resistance.
:* The reader adds an additional (optical!) point of failure to the laptop. If the reader gets scratched, gummed up, or otherwise breaks, the student will not be able to use their laptop. (And likewise for the student's finger).
:* The reader adds an additional step that the student must perform each time they open their laptop in order to use it.
: In my opinion, while the reader does add a little security, I think the benefits do not outweigh the drawbacks. —[[User:Leejc|Joe]] 13:01, 23 September 2007 (EDT)


== RFID Access Wristband ==
== RFID Access Wristband ==
Line 66: Line 89:
*These wristbands could actually be watches, very simple child watches with an integrated RFID chip to authenticate their laptops. While the possibility of losing a watch would be considerably smaller than of losing a wristband, it would also provide the children with the current time. Of course, these watches would have to be very simple, robust and cheap to manufacture, so that they wouldn't add too much to the costs of a laptop. Such a watch would provide the child with a means of securing (authenticating) its laptop and as a nice side effect with the current time. I think in these targeted countries children don't usually own a watch. A watch could be very useful though, for meeting up with other children or with the laptop support center etc. And well... what if that watch actually had two timezones on it, the local timezone... and maybe (if such a program would be implemented), the timezone of a possible donor person... wouldn't that be cool? ;)
*These wristbands could actually be watches, very simple child watches with an integrated RFID chip to authenticate their laptops. While the possibility of losing a watch would be considerably smaller than of losing a wristband, it would also provide the children with the current time. Of course, these watches would have to be very simple, robust and cheap to manufacture, so that they wouldn't add too much to the costs of a laptop. Such a watch would provide the child with a means of securing (authenticating) its laptop and as a nice side effect with the current time. I think in these targeted countries children don't usually own a watch. A watch could be very useful though, for meeting up with other children or with the laptop support center etc. And well... what if that watch actually had two timezones on it, the local timezone... and maybe (if such a program would be implemented), the timezone of a possible donor person... wouldn't that be cool? ;)
--[[User:Xapadoo|Xapadoo]] 18:20, 16 January 2007 (EST)
--[[User:Xapadoo|Xapadoo]] 18:20, 16 January 2007 (EST)

*To manufacture these watches cheaply you could turn to SWATCH or Casio. I'm absolutely sure they'd be highly interested.
--[[User:Xapadoo|Xapadoo]] 09:26, 18 January 2007 (EST)

: I think it's a neat idea, but you disregarding a number of factors. For one thing, you are assuming that thieves won't be able to figure out the wristband/laptop connection. But they will: It does not take a great mind to notice that the laptops and wristbands appeared at the same time, nor does it take great investigative skills to acquire information that will be common knowledge to every child in school. So while RFID chips may limit theft of a laptop separated from a child, they will not limit theft when the two are together—the thief can simply take both the laptop and the wristband from the child. (Your third "pro" point makes it sound like the children and laptops will rarely be together outside of school, but the OLPC project is actually designing the laptops to be taken everywhere—home, outdoors, etc. Otherwise, the children could just use desktops.)

: You may also be assuming that a thief won't want or be able to wear a child's wristband. But they wouldn't have to. They could just open the case and cram in the chip—or even the whole band, if it fits. Then they wouldn't need a separate item to operate the notebook. In fact, the students may do this themselves, if only to avoid having to wear a wristband everywhere.

: Some additional factors missing from your summary:

:* Requires an additional RFID reader inside the laptop, which requires more space, CPU, battery life, and money.
:* Adds a point of failure to the system—now the child has two things they can break or lose to interrupt the educational experience.
:* Adds a significant new factor to the security model. Now the system builders have to consider the potential security and privacy threats posed by both the RFID tag and the reader.
:* Requires additional RFID-writing hardware, supplies, and training at the support sites/schools, which must be secured at least as well as the laptops themselves.
:* Requires all children to go around wearing a wristband that says, "Hey, I have a laptop! Probably in this bag that I'm carrying!"

: Which is not to say that RFID tags wouldn't be advantageous in some situations, but their use needs to be carefully considered. —[[User:Leejc|Joe]] 16:22, 28 August 2007 (EDT)

==The EduVision eSlate anti-theft system==
The EduVision organization in Kenya uses small handheld Linux computers for each child, called eSlates, as eBook readers, editors, etc. They have built-in WLAN to link to a base-station at the school.

The eSlate has a built in anti-theft system that the OLPC might use or adapt. It has a lot of aspects, so please follow the link below.

It basically links each eSlate to its normal base-station ID, records that in FLASH within the eSlate, and records a lot of information logs on the base station when each unit connects to it. If a unit has not been in contact with the specific base-station for a time, it is disabled. It is re-enabled when it comes into contact with that base-station again.

The eSlate is useless to a thief, which doesn't stop one being stolen, but hopefully the same thief will not steal another and word will get round that they're not worth stealing or buying.

Only a limited number of teachers are taught how to unlock units. Once again, please read the article. There are more aspects than this summary.

See [http://www.eduvision.or.ke/technology/tech4.html EduVision eSlate]

==The Texas Instruments EZ-Spot Yellow Case and SCHOOL PROPERTY marking==
Texas Instruments has an easy-to-spot 'school-bus yellow' back-cover and slide-case for their graphing calculators. Also, each unit's faceplate says "SCHOOL PROPERTY.", making it less attractive to theives and difficult to sell.

See [http://education.ti.com/educationportal/sites/US/productDetail/us_ez_spot.html TI EZ-Spot]

OLPC could use something similar.

==Steel cable and padlock==
Provide children with a steel cable and padlock to use at home and school. The cable would be threaded through the carrying handle. They may not stop determined thieves with bolt-croppers, but they should deter casual thieves.

Cables shouldn't be too expensive and would be a good investment compared with the theft-rate and loss-value over a number of years. Cables and padlocks designed for PCs are about $20 or less, but cables and padlocks designed for baggage are only $6 or less (in 2007). We could at least give governments and schools the option of buying them. Bulk-buying in millions could get the price down.

This is just one idea that came from just doing a search for 'protect your pc' and 'baggage theft cable padlock' and looking at commercial sites. There are steel cabinets, etc, as well.

==Etched barcode with Serial Number or school name==
A barcode could be laser-etched on the back of the case, the inside of the case and the main circuit-board at the time of manufacturer, containing an individual unit's Serial Number or the school name. This could be a standard 1-D barcode, as used in supermarkets or a 2-D barcode, which can contain 2000+ characters for the full name and address of the school - see [[Barcode_file_transfer]] for pictures. Any attempt to remove the barcode would leave file marks or indentations, indicating it had been stolen. Any internal/external barcodes that the thief hadn't noticed, would allow it to be returned to its owner.

==Microdots containing serial number==
The [http://en.wikipedia.org/wiki/Microdot Wikipedia: Microdot] article says...

''Microdot identification is a process where tiny laser discs etched with the vehicle's VIN number are sprayed onto the car's major mechanical parts and under body areas.'', where VIN is the Vehicle Identification Number.

The OLPC laptops could use the same system to record their Serial Number, school or MAC Address.

== The XServer Anti-Theft Starting Page ==
[[File:XsAntitheftControls.jpg]]

More: [[School Server]]

==See also==
*[[Our_market#What_will_OLPC_do_to_stop_a_grey_market.3F]]
*[[Ask_OLPC_a_Question_about_Social_Issues#Ownership_and_Selling_of_Laptops]]
*[[Grey market]]
*[[Correlating_Bitfrost_and_Threats#.22Antitheft_protection.22]]
*[[Talk:Battery_Charging]]
* Software theft detection
**[[:Category:Security, activation and deployability]]
**[[OLPC_Bitfrost#P_THEFT:_anti-theft_protection]]
**[[Talk:OLPC_Bitfrost]]
**[[Theft deterrence protocol]]


[[Category:Hardware ideas]]
[[Category:Hardware ideas]]

Latest revision as of 00:32, 1 March 2014

  english | 한국어 HowTo [ID# 295403]  +/-  

There are brief discussions of the theft problem here:

Case design#The colour of the case,
Case design#The Theft Problem,
Case design#Blank field for personalizing indented in the case

How can we make sure that adults do not steal these laptops and start to use them for nefarious purposes?

The Problem

There is a serious theft problem that must be addressed if this laptop is to be made available in developed countries and that includes many of the orange countries on the map. As long as the laptop is distributed to children only, there will be no adult market for the laptop. In other words, there will be no motivation for adults to steal these laptops from children for their own use.

It is good that these laptops look like toys and are available in distinctive bright colors.

I think that the project leaders need to make a statement on adult availability including the "three for one" pledge that was recently published on Slashdot.

If there is to be any distribution to adults, it should be in a different physical form factor from the one distributed to children. For distribution to developers, it could be in a desktop form factor that runs off mains power, i.e. non-folding ugly functional plastic case. If there is to be a model distributed to adults in the target countries then it should be made in a more traditional dull laptop color and it should have a wifi system that works on DIFFERENT frequencies and with some kind of an incompatibility in the protocol. Adults should not be able to eavesdrop on the kids, pretend to be kids, or send kids inappropriate materials.

This is a serious topic which really needs its own page. For now, one should not forget problems caused by portability and market value of the OLPC, making it possible object for kid-to-kid and adult-to-kids thieft. As industry developed multiple anti-thieft protection mechanisms, none should left unconsidered. Simpliest detachable security cable with case-integrated 4-digit code lock would ease thieft problem significantly.

Make them different to public available commercial products

If the olpc laptop has different

  • color
  • shape
  • size of motherboard

it can be easily identified as a olpc laptop.

Much of that will require engineering effort, reduce the economy of scale, and make laptops less desirable. It's easier to just print "olpc" in great big letters on the back.

Serial Number

The MAC Adress can be used as a serial number. If a laptop is stolen this number will be written to a database. There can be a USB Stick with a small linux and all serial numbers of stolen laptops. If you boot from this USB stick it should show if the laptop is stolen. (MAC adresses can be changed temporarily by software)

Fingerprint Reader to identfy the user (Id theft?)

I propose to install a fingerprint reader in the Laptops.

It is important as it avoids the problem of somebody doing somebody´s else homework. Or posing as a different student.

Besides a stolen laptop will not turn on, if the student doesn´t activate it, by using own finger. MEXICO, AGS-----Dagoflores 21:48, 4 April 2007 (EDT)

Can somebody tell me why this approach is not adopted? MEXICO, AGS----- --Dagoflores 01:02, 23 September 2007 (EDT)

I can't speak for the OLPC people, but it seems to me there are several flaws in your plan which perhaps you have not considered:
  • The fingerprint reader will not prevent a child from doing another child's homework. It would be easy enough for one child to activate the device and another child to do the work, or for one child to write a document and another child to copy-and-paste it, or one child to tell another what to type in. In fact, the reader will only protect against the case where one student takes another's laptop home with him to do the work, which I think is much less likely than other approaches.
  • The reader will not prevent a student from posing as another. You are probably thinking of the case where a child leaves his laptop unattended in class, but in this case the child will be most likely to also leave it logged in and unlocked, so a fingerprint reader wouldn't help.
  • The reader provides little additional theft protection beyond that already provided for in Bitfrost, where the laptop won't turn on if it doesn't receive a wireless certificate from the school server after a set amount of time.
  • The reader adds additional hardware and software costs to the laptop and requires redesigning the case (which is already highly constrained). It may also require an additional hole in the case, which reduces the laptop's water- and dust-resistance.
  • The reader adds an additional (optical!) point of failure to the laptop. If the reader gets scratched, gummed up, or otherwise breaks, the student will not be able to use their laptop. (And likewise for the student's finger).
  • The reader adds an additional step that the student must perform each time they open their laptop in order to use it.
In my opinion, while the reader does add a little security, I think the benefits do not outweigh the drawbacks. —Joe 13:01, 23 September 2007 (EDT)

RFID Access Wristband

I would like to propose a different approach than using a different color set for the casing, or using the MAC address. I do agree with the previous posts that the theft problem is a serious burden of this project that must not be underestimated.

I do think that the color set of the casing should not be changed, even if these machines were to be distributed to first world countries (Which isn't planned yet, I know). In my view, a prime appeal of these machines are actually the bright and colorful casings they have. Striping them of these shells would transform them in some way to a "usual gadget" which it shouldn't be. These machines don't deserve to be "usual", they deserve better. I think these colors are actually cool.

Let me now move on to the theft problem. I would propose, that every child who gets such a notebook, would also be given a wristband. This wristband should be equally colorful as the laptop, so that the child could better find it, should it be lost. The wristband, which could be made of nylon should include an RFID chip. When the laptop is started it should first scan for a specific RFID signal. If it is detected, then the laptop should start as normal. If not, then the laptop should be automatically shut down, thus making it worthless for anyone who isn't allowed to use it, like thieves or their customers. The "Wristband-Login" should be well secured, so that it would even with first world technologies and knowledge be difficult to crack it. Over time, thieves would eventually come to the conclusion, that it doesn't make sense to steal these machines from schools, or from whereever the children store them. The "Wristband-Login" would also prevent people from using the machine without the childs permission, thus protecting its privacy, and ultimately the privacy of its contacts in the email or instant messenger program. So, what happens if the child would lose the wristband you might ask? Well, I strongly assume that in every region, where these laptops are to be delivered, there would be some sort of a central support station, to where these kids could go, if ever there was a problem with the machine. These central support stations should also have replacement wristbands on stock and a "Wristband RFID writer", so that they could recreate the wristband for the child. Mind you, these RFID connections should also be encrypted, so that the children can't be tracked.

To sum up, the RFID Wristband would have following advantages and disadvantages:

  • + The laptop can only be started with the specifically for this machine made RFID wristband in close distance, thus making it worthless for thieves, their customers or any person who wants to access the data on the child's notebook.
  • + RFID Wristbands are cheap to make and easy to replace.
  • + Large numbers of notebooks could be stored at school without fearing that they were stolen, because twenty laptops would require the wristbands of twenty children which are almost impossible to get.
  • + There is no need for a login password, which means that you won't encounter the problems connected to them as well.
  • - RFID wristbands could be tracked, if they are not encrypted.
  • - If there wasn't a central support station, it would be hard to get a wristband replacement, should it be lost.

All in all I think the advantages are considerably greater than the disadvantages. It would also greatly increase the privacy of the child and the people in its contact lists.

Best Regards

C.Beeli

Addendum to my previous post:

  • These wristbands could actually be watches, very simple child watches with an integrated RFID chip to authenticate their laptops. While the possibility of losing a watch would be considerably smaller than of losing a wristband, it would also provide the children with the current time. Of course, these watches would have to be very simple, robust and cheap to manufacture, so that they wouldn't add too much to the costs of a laptop. Such a watch would provide the child with a means of securing (authenticating) its laptop and as a nice side effect with the current time. I think in these targeted countries children don't usually own a watch. A watch could be very useful though, for meeting up with other children or with the laptop support center etc. And well... what if that watch actually had two timezones on it, the local timezone... and maybe (if such a program would be implemented), the timezone of a possible donor person... wouldn't that be cool? ;)

--Xapadoo 18:20, 16 January 2007 (EST)

  • To manufacture these watches cheaply you could turn to SWATCH or Casio. I'm absolutely sure they'd be highly interested.

--Xapadoo 09:26, 18 January 2007 (EST)

I think it's a neat idea, but you disregarding a number of factors. For one thing, you are assuming that thieves won't be able to figure out the wristband/laptop connection. But they will: It does not take a great mind to notice that the laptops and wristbands appeared at the same time, nor does it take great investigative skills to acquire information that will be common knowledge to every child in school. So while RFID chips may limit theft of a laptop separated from a child, they will not limit theft when the two are together—the thief can simply take both the laptop and the wristband from the child. (Your third "pro" point makes it sound like the children and laptops will rarely be together outside of school, but the OLPC project is actually designing the laptops to be taken everywhere—home, outdoors, etc. Otherwise, the children could just use desktops.)
You may also be assuming that a thief won't want or be able to wear a child's wristband. But they wouldn't have to. They could just open the case and cram in the chip—or even the whole band, if it fits. Then they wouldn't need a separate item to operate the notebook. In fact, the students may do this themselves, if only to avoid having to wear a wristband everywhere.
Some additional factors missing from your summary:
  • Requires an additional RFID reader inside the laptop, which requires more space, CPU, battery life, and money.
  • Adds a point of failure to the system—now the child has two things they can break or lose to interrupt the educational experience.
  • Adds a significant new factor to the security model. Now the system builders have to consider the potential security and privacy threats posed by both the RFID tag and the reader.
  • Requires additional RFID-writing hardware, supplies, and training at the support sites/schools, which must be secured at least as well as the laptops themselves.
  • Requires all children to go around wearing a wristband that says, "Hey, I have a laptop! Probably in this bag that I'm carrying!"
Which is not to say that RFID tags wouldn't be advantageous in some situations, but their use needs to be carefully considered. —Joe 16:22, 28 August 2007 (EDT)

The EduVision eSlate anti-theft system

The EduVision organization in Kenya uses small handheld Linux computers for each child, called eSlates, as eBook readers, editors, etc. They have built-in WLAN to link to a base-station at the school.

The eSlate has a built in anti-theft system that the OLPC might use or adapt. It has a lot of aspects, so please follow the link below.

It basically links each eSlate to its normal base-station ID, records that in FLASH within the eSlate, and records a lot of information logs on the base station when each unit connects to it. If a unit has not been in contact with the specific base-station for a time, it is disabled. It is re-enabled when it comes into contact with that base-station again.

The eSlate is useless to a thief, which doesn't stop one being stolen, but hopefully the same thief will not steal another and word will get round that they're not worth stealing or buying.

Only a limited number of teachers are taught how to unlock units. Once again, please read the article. There are more aspects than this summary.

See EduVision eSlate

The Texas Instruments EZ-Spot Yellow Case and SCHOOL PROPERTY marking

Texas Instruments has an easy-to-spot 'school-bus yellow' back-cover and slide-case for their graphing calculators. Also, each unit's faceplate says "SCHOOL PROPERTY.", making it less attractive to theives and difficult to sell.

See TI EZ-Spot

OLPC could use something similar.

Steel cable and padlock

Provide children with a steel cable and padlock to use at home and school. The cable would be threaded through the carrying handle. They may not stop determined thieves with bolt-croppers, but they should deter casual thieves.

Cables shouldn't be too expensive and would be a good investment compared with the theft-rate and loss-value over a number of years. Cables and padlocks designed for PCs are about $20 or less, but cables and padlocks designed for baggage are only $6 or less (in 2007). We could at least give governments and schools the option of buying them. Bulk-buying in millions could get the price down.

This is just one idea that came from just doing a search for 'protect your pc' and 'baggage theft cable padlock' and looking at commercial sites. There are steel cabinets, etc, as well.

Etched barcode with Serial Number or school name

A barcode could be laser-etched on the back of the case, the inside of the case and the main circuit-board at the time of manufacturer, containing an individual unit's Serial Number or the school name. This could be a standard 1-D barcode, as used in supermarkets or a 2-D barcode, which can contain 2000+ characters for the full name and address of the school - see Barcode_file_transfer for pictures. Any attempt to remove the barcode would leave file marks or indentations, indicating it had been stolen. Any internal/external barcodes that the thief hadn't noticed, would allow it to be returned to its owner.

Microdots containing serial number

The Wikipedia: Microdot article says...

Microdot identification is a process where tiny laser discs etched with the vehicle's VIN number are sprayed onto the car's major mechanical parts and under body areas., where VIN is the Vehicle Identification Number.

The OLPC laptops could use the same system to record their Serial Number, school or MAC Address.

The XServer Anti-Theft Starting Page

XsAntitheftControls.jpg

More: School Server

See also