Food, Security

Cheese Fraud

Leave a comment

An article by the Times Online explains a recent crackdown by authorities on cheese fraud in Italy:

[Luca Zaia, the Agriculture Minister] said there was no health risk, adding “It is not a question of food security so much as of respect for the rules of production”. However he had taken “urgent action” by placing the mozzarella consortium under “special administration” for three months while a committee of police and ministry inspectors investigated.

He said he had acted “because the situation was deteriorating. Over the past two years my zero-tolerance policy has led to the discovery of many causes of food fraud. In November, checks in major supermarkets in Italy found that 25 per cent of the cheese sold as buffalo mozzarella was fake because it contained 30 per cent cow milk.”

Great example of how compliance depends on governance. It is a good thing he has no jurisdiction over the US cheese market or almost the entire mozzarella supply would be abruptly halted. I have tried without much success to find a consistent source buffalo mozzarella in America.

This case is notably different from a security risk that is also mentioned in the article.

Two years ago sales of mozzarella fell after buffalo milk was found to be contaminated with high levels of dioxin from rotting piles of uncollected rubbish in the Naples area. Sixty-six buffalo herds were quarantined and over 100 farmers and dairy producers were investigated for alleged “fraud and food poisoning”. In April last year inspectors found that some buffalo in the Caserta area near Naples had been given somatropine, a human growth hormone, although officials said this did not pose a health risk.

Thus compliance also depends to a large degree on consumer awareness and interests. Governance is meant to be a representation of demand, so risk definition becomes one of the first steps to creating rules for compliance. Risk from dioxins, for example, is much easier to quantify and campaign against than the risk from lack of authenticity. Who is harmed when cheese is fake? Many Americans, in fact, are likely to turn a blind eye to imitation — mozzarella made from cow milk in California or cheddar from cows in Wisconsin. Risks related to the authenticity of cheese may be far less valued than appearance and price — cheap imitations (“generics”) thus build a strong following when no one close to home is hurt by the practice. Only when authenticity issues hurt a domestic source or more immediate health issues appear do calls for governance come forward.

…food for thought the next time you take a bite of mozzarella.

Energy, Security

Show me a Focus on Hybrid-Diesel

Leave a comment

Who can forget when Bill Ford explained during the great restructuring last year that his company had traditionally sold low quality cars to Americans but high quality to Europeans. He said they thought there was no market for quality cars in America until after the crisis they noticed foreign brands outselling theirs.

The European Focus will be their first step to change this, introducing a quality compact car as detailed by Wired in their “Big Bet on Small Cars” article. Naturally, I expect they will not introduce the diesel Focus in America. Why do they bet on small cars instead of efficient cars?

Mercedes has been working on the holy grail of cool engine efficiency technology: aerodynamic diesel-hybrids built out of Advanced High-Strength Steels (AHSS). The new E300 mercedes gets 52mpg (4.5 l/100km). Once again, only available outside America.

There seems to be a leadership gap in the US as conservative market followers dominate the auto industry…so sad that the executive that brought the Prius to America died. He might have been in a position to really speed up innovation and competition. It was a leading design when it was introduced, primarily as it proved there was pent-up market demand, but the Prius is too weak and compact to make sense in the American market of road-trips and hauling cargo.

Ford should take the 500/Taurus and make a high-performance diesel option to compete with the Audi and Mercedes variants. It also should bring the EuroFocus diesel and go hybrid with it by 2012.

Security

BlueTOAD (Bluetooth Travel Time Origin and Destination)

Leave a comment

BlueTooth devices have been proliferating to the point where you can make a safe bet that most vehicles have one. That’s why some clever folks are starting to monitor the highways for bluetooth in project BlueTOAD.

Rather than depend on every car carrying a toll tag in plain view, the sensors along highways can read the unique address of a BlueTooth device and then predict traffic flow times. The collection of BlueTooth information then also can be tapped by law enforcement, or at least requested by a court, to prove movement of the devices. I vaguely remember a divorce case where a husband was proved to be cheating on his wife because of his toll tag movements.

The identity of a BlueTooth device, it’s MAC address, is in no way permanently connected to an individual. This makes BlueTooth potentially less sensitive than license plates and toll tags. Likewise, a bluetooth device could in theory cycle its address or duplicate others to make tracking difficult. There are plenty of lessons from the P2P market in how to keep service alive while modifying the MAC. A big difference from P2P, however, is that the portable BlueTooth device market is highly proprietary and unfriendly to user configuration (ever try to setup a BlueTooth PIN other than 0000?)

I leave all my BlueTooth disabled these days; not because I am very worried about being tracked or even because of eavesdropping, but because battery life is so poor. I find it much less hassle and more efficient to use the cord. The extra security and privacy is a secondary benefit.

Frankly I’m more concerned about the MyLocation project and the privacy settings for APIs to Google maps. In a test to compare with BlueTOAD we’ve been able to use a simple query to the Google map traffic data API to monitor the movement of a person’s phone.

I’m not sure Google meant it to be setup this way; it’s a security flaw from a privacy perspective but then again I know departments of transportation and law enforcement investigators already interested in accessing the data.

Security

Podcast: RSA Conference HT-106

Leave a comment

I am co-presenting session HT-106: “There’s No Patch for Social Engineering” at the RSA Conference this March in San Francisco, based on language pattern analysis of email messages:

Urgent/Confidential–An Appeal for Your Serious and Religious Assistance: The Linguistic Anthropology of ‘African’ Scam Letters

A sneak preview of the session can be heard in a podcast just posted to the conference site.

I also am presenting DAS-108: “Top Ten Breaches”, a session that gives an in-depth look at breach data and investigations to illustrate how best to manage security for current threats.

Hope to see you there.