Security

Letter: Scare tactics have nothing to do with car repair

1 Comment

Originally posted September 25th in the Boston Herald. This is a letter about right to repair sent to the editor by Paul Roberts, founder, SecuRepairs.org and signed by myself among many others.

To the editor:

Halloween came early to the Bay State this year. For the past two months, the airwaves have been filled with scary-sounding ads pushing tales of hacking, identity theft and cyber stalking. Their target: Question 1, a pro-consumer ballot measure that will give car owners and independent repair shops access to wireless maintenance data needed to service and repair modern vehicles.

Our group, SecuRepairs, represents some of the world’s top information security experts. In our professional opinions, this small expansion to the state’s right to repair law in no way increases the risk of identity theft, cyber stalking or vehicle hacking.

If passed, Question 1 would close a loophole in a Massachusetts law that requires automakers to make diagnostic and repair data accessible to vehicle owners and independent repair shops. That law, which was passed in 2013, failed to explicitly cover repair data that is transmitted wirelessly. Seven years later, many newer vehicles transmit maintenance data this way, using a car’s cellular Internet connection to bypass the repair shop and talk directly to automakers’ “cloud servers.” Question 1, which will appear on the November ballot simply closes that loophole. It requires automakers to make wireless data “needed for purposes of maintenance, diagnostics and repair” — the same data that automakers give to their dealerships — available in a standard format to vehicle owners and independent repair shops.

It goes without saying that competition for vehicle repair and maintenance from independent repair shops keeps the cost of service and repair down. It also makes perfect sense that the same mechanical data shared via a wired connection from a vehicle to a computer in a repair shop should also be accessible wirelessly. That’s why automakers are anxious to change the subject. The “Coalition for Safe and Secure Data,” a group funded by automakers, is blanketing TV and radio with ads warning the public that Question 1 will give rapists and burglars the keys to your car and even your home.

These warnings about cyber security risk related to the mechanical data covered by Question 1 are misleading and with little basis in fact. That data might tell you why the “Check Engine” light is illuminated on your dashboard. It won’t open your garage door or let a cyber stalker follow you around town. In fact, the data covered by Question 1 is identical to the data that automakers have been sharing for years under Massachusetts’ existing right to repair law.

There is one thing the auto industry’s scare-mercials have right: Consumers should be worried about the reams of data that automakers collect from our connected vehicles. Modern Internet connected cars have access to everything from personal contact data shared from a driver’s mobile phone to video feeds from in-car cameras to the vehicle’s GPS data. Privacy and consumer advocates ranging from the ACLU to Consumer Reports warn that this galaxy of in-vehicle sensors pose acute privacy and civil liberties risks.

The ability to repair your own vehicle or to hire an independent repair shop — and access to the data needed to make repairs — are critical to keep automotive service and repair affordable. Affordable repair and servicing allows all of us to extend the useful lives of our cars, saving us thousands of dollars. Rather than trying to frighten consumers, car makers should make owner access to this data easy, while also being transparent about what data they are collecting from smart vehicles and how they use it. Facts and transparency, not fear, are the antidote for the public’s anxiety about data privacy and security.

— Paul Roberts, founder, SecuRepairs.org

Jon Callas, director of technology projects, Electronic Frontier Foundation

Ming Chow, associate professor, Tufts University

Richard Forno, senior lecturer, cybersecurity, University of Maryland, Baltimore County

Dan Geer, chief information security officer, In-Q-Tel

Joe Grand, principal engineer and hardware hacker, Grand Idea Studio, Inc.

Gordon Fyodor Lyon, founder, Nmap Project

Gary McGraw, founder, Berryville Institute of Machine Learning

Davi Ottenheimer, vice president, trust and digital ethics, Inrupt

Nicholas Percoco, founder, THOTCON

Billy Rios, CEO, Whitescope.io

History, Security

Ransomware “Officially” Kills a Person

Leave a comment

There undoubtedly have been deaths in the past caused by computer attacks. I once made a list of physical impact from network and system attacks going back to 1992.

What has just changed is someone is willing to go on the record saying a death happened and was directly related to computer security.

We know, for example, that hospital outages and patient deaths have been in warnings posted to American mainstream news since at least 1983:

Time Magazine in 1983 with stern warning that network attacks on computers will kill someone.

By comparison, the latest news coming from Europe is that a delay in care due to ransomware has caused a particular patient’s death and that it should be treated as negligent homicide.

…ransomware attack crippled a nearby hospital in Düsseldorf, Germany, and forced her to obtain services from a more distant facility…

That’s is less news to me and more a chilling reminder of the talk I gave in 2017 in London about preventing ransomware attacks in healthcare.

Slide from my presentation at MongoDB Europe 2017

As someone who parachuted into the front-lines of solving this burning problem at massive scale (personally leading significant security enhancements for the database company most affected by ransomware attacks — infamously insecure MongoDB) I have many thoughts.

Many, many thoughts.

Suffice it to say here, however, when I was building and running hospital infrastructure in the 1990s my mindset about this risk wasn’t much different than it is today.

If anything, it seems to me we’re seeing healthcare industry becoming more honest with the public about its hidden operational risks.

Reading news that an arsonist burned a hospital down — forcing a fatal diversion of patients — should prompt people to ask if failing to install sprinklers is negligence.

And then people should ask if a hospital construction company was building them with sprinklers that were optional or even non-operational, and whether THAT was negligent.

Those are the deeper questions here.

While there are cases of people driving around in circles intentionally to kill the person they’re supposed to be taking to the hospital (e.g. assassination, even more than negligence), they seem a targeted exception risk rather than the pattern.

It is a hospital’s burden of high availability (let alone a region or network of hospitals like the NHS) to plan for intentional low capacity (and their vendors’ responsibility) that should remain the focus.

Update Sep 28: A reader has emailed me an important reference to the case United States v. Carroll Towing Co., 159 F.2d 169 (2d. Cir. 1947), which formed a test to determine negligence (Burden greater than Loss multiplied by Probability).

It appears from the foregoing review that there is no general rule to determine when the absence of a bargee or other attendant will make the owner of the barge liable for injuries to other vessels if she breaks away from her moorings. However, in any cases where he would be so liable for injuries to others, obviously he must reduce his damages proportionately, if the injury is to his own barge. It becomes apparent why there can be no such general rule, when we consider the grounds for such a liability. Since there are occasions when every vessel will break from her moorings, and since, if she does, she becomes a menace to those about her; the owner’s duty, as in other similar situations, to provide against resulting injuries is a function of three variables: (1) The probability that she will break away; (2) the gravity of the resulting injury, if she does; (3) the burden of adequate precautions. Possibly it serves to bring this notion into relief to state it in algebraic terms: if the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i. e., whether B > PL.

Update November 12, 2020: German police say their exhaustive investigation found no connection between attack on the hospital information systems and human death.

After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victim’s medical diagnosis at the time she was picked up was such that she would have died regardless of which hospital she had been admitted to. “The delay was of no relevance to the final outcome,” Hartmann says. “The medical condition was the sole cause of the death, and this is entirely independent from the cyberattack.” He likens it to hitting a dead body while driving: while you might be breaking the speed limit, you’re not responsible for the death.

Hitting a dead body with a car is not the analogy I was expecting, but I suppose it makes the point.

History, Sailing, Security

Captain Morgan Hated Being Called a Pirate Because He Hated Democracy

Leave a comment

Someone just suggested to me that the Spanish loved pirates while the British hated them.

This isn’t even remotely true and it reminded me how a Spanish city official (Don Juan Pérez de Guzmán, a decorated veteran of wars in Flanders) once called Britain’s Captain Morgan a pirate, using that term to insult him as those aspiring to monarchy hated pirates.

The story then goes Morgan indeed hated the exchange and was so enraged that he planned a devastatingly brutal siege of the Spanish city Guzmán defended, torturing residents and pillaging the area for weeks just to prove he was no pirate.

Here’s how one historian has referred to Morgan’s style of leadership:

Behind him were smoldering ruins, pestilence, poverty, misery and death.

A first-person’s account of Morgan’s battles was written by Alexandre Exquemelin, a doctor serving him, in a book called Buccaneers of America. Exqumelin wrote that Morgan lashed together Spanish nuns and priests to use as human shields while he attacked the Spanish military, and that he regularly imprisoned and raped women.

Painting that Morgan commissioned of himself, documenting his boyish and elitist clean-shaven look, while “under arrest” in London after 1672. Source: National Trust of the United Kingdom
Captain Morgan’s vicious retort to his critics — as in the violent argument he waged upon the Spanish, burning their cities to the ground — was that he was a proud privateer in service of the British monarchy during a war (Governor of Jamaica in 1667 gave Morgan a letter of marque to attack Spanish ships).

Morgan thus ran an autocratic and ruthless mercenary operation on behalf of a Crown authority. He was accused by his own men of “cheating” them of promised wages and benefits as he pillaged cities, a military campaign he wasn’t even authorized to do (again, just to be overly pedantic, his letter of marque was to attack ships only, nothing on land).

The privateer life meant public forms of immoral service to a monarchy of questionable values (ultimately atrocity crime charges against him were dismissed and instead he received a plush reward by appointment to government, which also is where Morgan proudly owned hundreds of slaves that operated Jamaican sugar plantations).

Thus, how dare anyone accuse him of being a liberal pirate or try to imply he was fair to his followers or a representative/elected leader?

He would surely have tortured and killed someone if they did accuse him of being so democratic.

In that sense, pirates seem to have been operating somewhat as entrepreneurs challenging the brutality of unjust political systems of monarchy.

Pirates fought against those who had expressly denied human rights and trafficked in human exploitation. They weren’t going to fight in wars that benefited only a few elites, because Pirates also were known to use a democratic system of leadership based on votes and qualifications (given nobody was born into office or summarily appointed by royalty).

Privateers functioned almost in the exact opposite way to pirates while appearing similar; business operators appointed by authority who served awful political systems to exploit high-risk and unregulated markets. Privateers like Morgan operated as ruthless mercenaries in privileged positions of milking their own corrupt system for large personal gain.

It’s a significant difference between an owner-operator business in highly distributed undefined territory (pirate) versus exploitative vigilantism (privateer).

Confusing? Somehow pirates have become associated with the latter when historically they have operated far more as the former.

The important difference perhaps is best explained in Chapter 8 of “The Invisible Hook: The Hidden Economics of Pirates” by Peter T. Leeson

The Captain Morgan brand of liquor thus has popularized a man who promulgated human trafficking, rape, theft, murder and authoritarianism. Don’t call him a pirate.

It reminds me of Hitler wine.