Slashdot Mirror
Aussie Speed Cameras in Doubt Because of MD5
An anonymous reader writes "A speeding case has been thrown out in Australia after the Roads and Traffic Authority admitted that it could not prove the integrity of speed-camera photos. 'The case revolved around the integrity of a mathematical MD5 algorithm published on each picture and used as a security measure to prove pictures have not been doctored after they have been taken.'" I wonder if Australian police are as (radar gun) trigger happy as they are in certain parts of the U.S.
I live in South Australia (thats the name of the state, they werent that original when the pohms came here :)
Anyway, we now have speed cameras on traffic light intersections and any random car parked on the side of the road *could* be a speed camera.
In Victoria (where Melbourne is), they are even more tough. As soon as I cross the border to Vic, I don't speed at all.
So the answer is "yes", they are very very trigger happy and in a lot of cases, there was no trigger, just an automated photo.
Can your karma go above being Excellent?
Just to make it clear, this guy didn't prove something was flawed in their system, so much as the courts didn't bother to find an expert witness.
The MD5 of course needs salt, otherwise anyone could self-sign their own stuff.
I live in Victoria, Australia (the state Melbourne is in) -- these refer to cameras in New South Wales (the state Sydney is in). There's been a rather strong backlash against speed cameras here; the margin has been lowered to 3kph. If you do exceed the speed limit by more than 25 kph, you lose your license for a month; more than 35 kph is six months; more than 45 kph is twelve months. The fines are harsh: $131 (Australian) for less than 10kph; $210 for less than 25 kph; $278 for less than 35kph; $377 for less than 45 kph; and $451 for more than 45 kph.
There have been cases of cars being clocked at speeds greater than they are physically capable of doing, and a great brou-ha-ha about how travelling "five kph above the speed limit" doubles your risk of crashing (with some people extrapolating that to an exponential curve). (For the record: the research is five kph above the prevailing speed of the traffic, and it's not exponential.)
If speed camera evidence is deemed untrustworthy, you can see a large chunk of government revenue fly out the window; they'll be onto it as fast as they can get their snouts out of the pork barrel.
http://www.smh.com.au/news/national/motorist-wins
I.e., it wasn't thrown out because MD5 is suspect; it was thrown out because the government couldn't find an expert witness to be cross-examined, for some reason we don't know. In fact, I'd read that statement as meaning that the magistrate wanted to examine the entirety of speed camera security, not just MD5.
That part of the story is just a lawyer's opinion, not a fact. "Successfully", in the context of the previous quote, just means that his argument was unopposed in court.
My understanding is that it is easy to generate multiple messages that have the same MD5 hash, but only if you get to choose both messages. It's still very hard (i.e., an infeasibly large number of CPU cycles for most of us) to generate data that yields the same MD5 hash as some other, arbitrary document.
It all sounds to me more like a case of blinding a magistrate with science, than some kind of victory for common sense. (Well, lawyers are involved, so commonsense isn't relevant, anyway.)
OK, I'm partially responsible for people seeing applied attack against MD5, so I'll comment for a second.
.md5 file as well. (Files on multiple servers are a little different, because you can go elsewhere to see the deviating MD5 hash.)
Basically, in 2004 Xiaoyun Wang released two different files with the same MD5 hash. This has been predicted since around 1996, when Hans Dobbertin showed the hash was broken -- but it took a while for the actual attack to show up.
Alot of people said there were _no_ applied uses. Not true. For instance, the following two pages have the same hash:
Lockheed Martin
Boeing
What's important to realize about the above content is that both web pages are included in both links; the difference between the source files (which MD5 is blind to) is just used to determine which page is displayed. What that means is that, for forensic purposes, it's trivial to rule out the best known attack against MD5 -- just look at the content being hashed.
Thats not to say we should keep using MD5. It's broken, we need to move on. But attempts to claim that MD5 is broken, so we have no idea of any link between hashed content and real material -- that's just ridiculous. We have plenty of idea, especially with human-guided forensic operations.
That being said -- if you can doctor a photo, you can doctor a hash. This is one of the things that makes files hosted on a single server w/ MD5 hashes "verifying" them a little silly...if you can alter the file, you can alter the
They:s /index.html
-post on the website the location of all fixed and mobile speed cameras http://www.canberraconnect.act.gov.au/speedcamera
-have big signs saying "RED LIGHT AND SPEED CAMERA AHEAD" for fixed cameras
If you get nabbed with those conditions, you deserve your ticket.
In the UK the deployment of speed cameras is at the discretion of the chief constable (the boss) of the local constabulary (usually with the jurisdiction of the county they are situated in). Interesting one or two counties in the UK don't have speed cameras. Even more interesting is that in the last set of figures, those counties without them actually saw a drop in injuries and fatalities whereas those with saw a rise.
The thing about speed limits and cameras is that they are set an arbitrary value which, on average, appears to suit the road. But it's like seat belts, there are times when wearing one is worse than not wearing one but on average its better to wear one. My particular bug-bear is speeds on motorways. A nice sunny Sunday morning when the road is empty 100mph is not dangerous. 50mph in the fog in rush hour is. Speed cameras don't generally account for that. Speed doesn't kill. Inappropriate speed kills.
There is one section of one motorway in the UK that has it right. A section of the M25 has adjusting speed limits and cameras to suit. I would like to see them on all motorways, moving from 30mph at the lower end to 100mph at the upper end. (Why 100 because that's the top speed of some small cars and having cars with differing speeds is also dangerous).
Exactly. MD5 alone can't prove "integrity" in the context of security or privacy. It's usually used to ensure that information wasn't accidentally changed or corrupted during a communication error. If someone can modify an image, he can easily find the MD5 hash and update it to reflect the new image. If you need to make sure that your data hasn't been intentionally tampered with, you have to encrypt the hash using a digital signature mechanism. Using simple MD5 works to detect when your transmission or storage systems are bad, but that's it.
Everyone is born right-handed; only the greatest overcome it
A constant barrage of government propoganda asserting that speed cameras are perfectly reliable has dulled peoples outrage of the fact that "blackbox" style machines are generating a massive amount of money for state governments.
There has been major incidents where;
1. In victoria many cameras were proven to be faulty, showing trucks, busses and old beat up cars doing absolutely rediculous speeds.
2. Just now 180 speed cameras in Queensland have been withdrawn, because they are faulty.
3. Speed camera operators have been shown regularly ignoring the usage guidelines and parking in spots that will provide improper results, near signs, suburban areas where there a metal garage doors in the line of sight of the radar, on corners, etc.
How many people have lost their licenses because of faulty cameras, or been hit with massive fines? (in NSW it's $1400 for 40km/h over the limit). I mean if you're a young mail (under 30) you wouldn't have a hope in hell of disputing one of these, the judge would laugh you out of the courtroom.
As another poster mentioned many states have these operations outsourced to private companies, private companies with profit as a motive to fine people. I would enjoy hearing the rabid free marketeers argue that that having a private company with little oversite and no accountability to the average person is superior in this case.
Finally for some fun reading, it does read a bit "there out to get us", but the information and statistics seem reasonable. Showing that speed cameras have done very close to nothing in Australia to prevent road deaths.
No, they're not. They're there to raise money. In fact, every supposedly "criminal" activity that is punished by a fine, as opposed to actual jail time, is a crime solely because punishing people for it serves to fill the coffers of the state.
In the case of speed limits, traffic engineers have known for quite a while that the safest speed limit for a given road is the 85-percentile speed - the speed that 85% of the traffic travels on that road. It's not speed that kills, it's speed differential, and having slow drivers on fast roads is just as dangerous, if not more, than having fast drivers on slow roads. Setting speed limits to arbitrarily low values will result in a small percentage of drivers obeying them, and those drivers will present a significant hazard to people traveling at reasonable speeds for that road.
The fact is that raising or lowering speed limits has very little to do with how fast traffic moves. Here, look:
The time to worry about traffic safety is when you're designing and building the road, not when you feel like monkeying around with speed limits. If you see a speed limit set lower than the 85% percentile speed, it's set that way so that the state can make money, not to make anyone safer.
The reason that manual transmission vehicles get better fuel economy than automatics is largely because people are better at this than mechanisms. (It's also because autos are heavier and the transmission mechanism syphons more power away than in a manual.) No, it is exactly the other way around: A car with a "real" automatic transmission (the ones with a torque converter instead of a clutch) is less efficient because it is heavier (about 50 kg) and because the torque converter acutally has significant slipping (~1-3%) since torque is transferred by a liquid medium (unless the vehicle also has a torque converter clutch). A car with an automated manual transmission (that is, a normal manual transmission in which a computer takes over the clutch and shifting) is as efficient as one where a human does the shifting.
I have a friend that has gotten out of each of his tickets from cameras. When he shows up to court - as his right - he asks to face his accuser. The court is unable to do this - so case is dismissed. He is a former member of law enforcement and knew the loop hole...and subsequently abused it. I do not know if he is still doing this, but I do remember him doing this many times over...I think more just to prove a point to the courts, and to be an ass
Just taking it one beer at a time...
It's an invasion of my privacy.
You sir, are a crack head. Your licence plate is publicly visible. The entire point of licence plates is to be publicly visible to everyone to uniquely identify your car. Your licence plate isn't private.
There are a lot of things wrong with traffic cameras, but privacy isn't one of them.
Web Design Tips
It is all a matter of focus. Part of my drivers education happened on a frozen lake where I learned how to handle spins and four wheel drifts at up to 80 m/h (129 km/h). Also, when you are doing 120+ and a rabbit jumps in front of you, you do not swerve unless you want to meet your maker. You have to think ahead about what you will do when the unexpected happens at speeds over 100m/h (160 km/h) because when it happens, you don't have time to think. I attribute this mental preparation to having surviving a rear wheel blowout on a ZX-11 Ninja while traveling faster than 150 m/h in rural New Mexico. Same goes for the time I was running 130 or so, in rural Montana, when a coyote jumped in front of me. That cost me a new bumper and the coyote his life. Every time I decide to "fly low", I put everything out of my mind except for the road and what my vehicle is telling me. I very carefully check my vehicle before heading out. I won't go to speed unless my field of view is greater than 3 miles (5 km) because it takes a long time to slow down when you are going fast. Needless to say, if I come across other traffic, I slow down. Having said this, I don't recommend it. Why? Because most people aren't going to keep that tight a focus on the road. Nor are they used to listening and feeling, much less having a clue about the feedback their vehicle is giving them.
You should take a look at something called the Broken Windows Theory. Enforcing penalties for 'small' crimes such as speeding, vandalism and thing like jaywalking can dramatically affect the incidence of larger crimes such as murder. I don't care how good a driver you think you are - I don't trust your judgement as to how fast you can safely drive. http://www.umsl.edu/~nestor/Broken%20Windows.htm
It's funny how the pro-welfare Democrats can balance the budget, but the anti-(personal) welfare Republicans can't.
The people in office right now are Republicans in name only. Don't let their idiocy confuse you.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Washington DC has one of the highest murder rates in the US. It also is quite high for robbery, larceny, and auto theft. Public transit is terrible there, and road/traffic planning is equally bad. DC is a place that I would go to only if I had to.
It also doesn't lack homelessness or drug abuse. Those are just better hidden by forcing those people elsewhere, out of travelled areas, or by arresting them and putting them in jail.
I don't believe you in the slightest about Congressmen sending their children to public schools. I would be surprised if any of them attend anything but private school or home tutoring.
The Federal is responsible for the most expensive social programs in the world, which are also among the least effective.
I really do hope that you are being tongue-in-cheek with your post. It looks like you are, but I'm not sure of it.