funsec mailing list archives
Re: Wondering
From: "steve pirk [egrep]" <steve () pirk com>
Date: Wed, 21 Oct 2009 20:56:58 -0700
On Wed, Oct 21, 2009 at 17:42, Buhrmaster, Gary <gtb () slac stanford edu>wrote:
...Am trying to figure out the logistics....In addition since when can a civilian company do something without awarant ? ... I believe that the claim of OnStar is that the the owner of the vehicle has to initiate the request to enable the SVS feature (passphrase/code?), and only then will the operator direct Law Enforcement to the vehicle via the GPS location, and only when Law Enforcement has the vehicle on sight will they initiate the disablement. So, OnStar was performing an act on behalf/request of their customer (the owner of the stolen vehicle). Sounds like a basic civil contract to me (although I have never had OnStar, nor read their contracts with their customers). Whether OnStar would disable vehicles on the request of LE without the owner's request, and what authorization they would require, is left as a different exercise.
Sounds like the same thing as a trusted system administrator who might call up the data center where he owns servers etc, and say "our entire cage has been compromised, please cut the data cables leading from the cage. Here is your authorization code." Sounds pretty much like the same thing as the contract between On-Star/vehicle owner. The techs in the data center have instructions on what to do in what event - given the proper authorization. We had this in our second data center back in 1996. A physical cutter in place that would cut the wires. A bit extreme maybe, I did not design it ;-] Even odds that this is part of the boilerplate "must authorize" part of their contract. Think of the liabilities the owner might face if he decides not to allow them to shut the vehicle down in a case like this, and the thief plows into a school yard... I would sign in a heartbeat... --steve -- steve pirk refiamerica.org "father... the sleeper has awakened..." paul atreides - dune kexp.org member august '09
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Wondering chaim . rieger (Oct 21)
- Re: Wondering security curmudgeon (Oct 21)
- Re: Wondering Buhrmaster, Gary (Oct 21)
- Re: Wondering steve pirk [egrep] (Oct 21)
- Re: Wondering Paul Ferguson (Oct 21)
- Re: Wondering Rich Kulawiec (Oct 22)
- OnStar and law enforcement (was: Wondering) Young, Keith (Oct 22)
- Re: Wondering steve pirk [egrep] (Oct 22)
- Re: Wondering Rich Kulawiec (Oct 22)
- Re: Wondering Buhrmaster, Gary (Oct 21)
- Re: Wondering security curmudgeon (Oct 21)