funsec mailing list archives

Re: Wondering

From: "steve pirk [egrep]" <steve () pirk com>
Date: Wed, 21 Oct 2009 20:56:58 -0700

On Wed, Oct 21, 2009 at 17:42, Buhrmaster, Gary <gtb () slac stanford edu>wrote:

...

Am trying to figure out the logistics.

...

In addition since when can a civilian company do something without a

warant ?
...

I believe that the claim of OnStar is that the the owner
of the vehicle has to initiate the request to enable the
SVS feature (passphrase/code?), and only then will the
operator direct Law Enforcement to the vehicle via the
GPS location, and only when Law Enforcement has the
vehicle on sight will they initiate the disablement.

So, OnStar was performing an act on behalf/request of
their customer (the owner of the stolen vehicle).
Sounds like a basic civil contract to me (although I
have never had OnStar, nor read their contracts with
their customers).

Whether OnStar would disable vehicles on the request
of LE without the owner's request, and what authorization
they would require, is left as a different exercise.

Sounds like the same thing as a trusted system administrator who might call
up the data center where he owns servers etc, and say "our entire cage has
been compromised, please cut the data cables leading from the cage. Here is
your authorization code."

Sounds pretty much like the same thing as the contract between
On-Star/vehicle owner. The techs in the data center have instructions on
what to do in what event - given the proper authorization. We had this in
our second data center back in 1996.
A physical cutter in place that would cut the wires. A bit extreme maybe, I
did not design it ;-]

Even odds that this is part of the boilerplate "must authorize" part of
their contract. Think of the liabilities the owner might face if he decides
not to allow them to shut the vehicle down in a case like this, and the
thief plows into a school yard... I would sign in a heartbeat...

--steve
-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Wondering chaim . rieger (Oct 21)
- Re: Wondering security curmudgeon (Oct 21)
  - Re: Wondering Buhrmaster, Gary (Oct 21)
    - Re: Wondering steve pirk [egrep] (Oct 21)
    - Re: Wondering Paul Ferguson (Oct 21)
    - Re: Wondering Rich Kulawiec (Oct 22)
    - OnStar and law enforcement (was: Wondering) Young, Keith (Oct 22)
    - Re: Wondering steve pirk [egrep] (Oct 22)
    - Re: Wondering Rich Kulawiec (Oct 22)