Aussie Speed Cameras in Doubt Because of MD5

An anonymous reader writes "A speeding case has been thrown out in Australia after the Roads and Traffic Authority admitted that it could not prove the integrity of speed-camera photos. 'The case revolved around the integrity of a mathematical MD5 algorithm published on each picture and used as a security measure to prove pictures have not been doctored after they have been taken.'" I wonder if Australian police are as (radar gun) trigger happy as they are in certain parts of the U.S.

Don't speed

and you don't get caught...

loophole?

[ciscoguy01]

That sounds like a loophole. However I am not in favor of automated law enforcement, I like to face my accuser.

Many of those red light tickets were dismissed in the US for various reasons, some technical, some through loopholes, and some through plain old dishonesty in the ticket system operator. They had lowered the yellow light timing below legal standards to make more money. Outrageous if you ask me.

Law enforcement is supposed to be run by government employees, who have no axe to grind and nothing to gain by dishonesty. I like it like that.

Re:loophole?

[ari_j]

Demand to face your accuser in court. If a police officer takes the stand, tell the judge to strike everything he says as hearsay and repeat your request that you face your accuser. If they do bring the camera in, accuse it of being uncooperative by not answering your questions, and ask the judge to jail it for contempt.

Re:loophole?

[aaronl]

Well, that's likely backlash from having over 50% of your income taken by the government. That's what it adds up to when you total all the taxes, registrations, license fees, regulatory fees, etc. Since that is already unacceptably high, demanding more money is outright ludicrous.

You fix is "make the Federal huge huge huge", when the fix really is "slash the Federal, reduce overall costs", now the States and local government can get more revenue without the Federal taking it all. The Federal screwed up education, proved that social programs don't work (at least not at the Federal level), made the tax situation horrible, and a lot more.

It's very cute that you think it's proper to take money from the military to give it to social services and police. That will not only not work, but they don't have much to do with each other. They're handled on different levels of government, as they should be, and as they are supposed to be according to the Constitution.

Social services *should* be done on a more reasonable level of government, so that you aren't forced, against your will, to pay for them. Like the way it was done *before* FDR, when we weren't running trillions of dollars in Federal debt.

Also, the Federal don't do police. They have agencies of dubious value that are kind of similar to police, but aren't. Police are mostly a local government thing. If the Federal didn't take nearly all the money and then use it to control local government, this wouldn't be a problem. Additionally, police don't like doing speed traps; it sucks as a job. Of course, they don't set the speed limits - the municipality or State does - so they don't get to decide to set reasonable speeds. That fancy assed radar/laser gun isn't on the "desired new toy" list for most of them, either. They often prefer the older one because when your radar detector goes off, *you slow down*.

Education is local government, too. Once the Federal got involved it went to hell. Did you ever notice how the majority of school funding comes straight from local revenue into local government? That's because the Federal doesn't do it.

Emergency services are local/state government, with the exception of Federal agencies like FEMA. Most of the cost is not Federal, however. There is also some at the State level.

Science should properly be done outside the government. However, this is the first thing you mention that might be justifiable as something to be more heavily funded. I would prefer for science to be done in schools, by private individuals, and by private companies, but that just isn't happening anymore.

The lesson is keep your government local. Concentration of power is bad, and history agrees with me (as does the Constitution). Perhaps you noticed that as Federal power increased, personal freedom decreased? Cut most of the Federal and some of the States and you end up with a lot more services, a lot more freedom, and a lot more control over your government. Then you have adequate police and fire protection, well funded schools and libraries, and good condition roads.

People *are* willing to put in to the system. They just aren't willing to put into *your* system, and don't really like having their money confiscated to have things forced down their throats.

Obligatory

[mikeophile]

Heisenberg was driving down the Autobahn whereupon he was pulled over by a policeman. The policeman asked, "Do you know how fast you were going back there?
Heisenberg replied, "No, but I know where I am."

Fun times for all.

I live in Victoria, Australia (the state Melbourne is in) -- these refer to cameras in New South Wales (the state Sydney is in). There's been a rather strong backlash against speed cameras here; the margin has been lowered to 3kph. If you do exceed the speed limit by more than 25 kph, you lose your license for a month; more than 35 kph is six months; more than 45 kph is twelve months. The fines are harsh: $131 (Australian) for less than 10kph; $210 for less than 25 kph; $278 for less than 35kph; $377 for less than 45 kph; and $451 for more than 45 kph.

There have been cases of cars being clocked at speeds greater than they are physically capable of doing, and a great brou-ha-ha about how travelling "five kph above the speed limit" doubles your risk of crashing (with some people extrapolating that to an exponential curve). (For the record: the research is five kph above the prevailing speed of the traffic, and it's not exponential.)

If speed camera evidence is deemed untrustworthy, you can see a large chunk of government revenue fly out the window; they'll be onto it as fast as they can get their snouts out of the pork barrel.

Slightly Off Topic Speeding Ticket Joke

Slightly off topic, but one of my favorite jokes...
So there was this guy driving through town one day, he was going about 100 in a 35, he crosses over a bridge and not too far past the end of it he sees the familiar blinking lights behind him and pulls over. The police officer comes up to the window and asks him where he's trying to get in such a hurry, and the guy says he's late for work.
The cop says "what job do you have that you have to get to so urgently?" and the guy says "I'm a Rectum Stretcher"
The cop looks a little funny at the guy and says "A Rectum Stretcher? What does a a Rectum Stretcher do?"
The guy says "well, first you start with a finger or two, work you way up to a fist, and keep going until it's six feet wide"
The cop looks absolutely amazed and says "Well, what do you do with a six foot asshole?" and the man replies
"You give him a radar gun and stick him at the end of a bridge".

As usual...

[TheOriginalRevdoc]

...the facts are less interesting than the headline.

http://www.smh.com.au/news/national/motorist-wins- case-after-maths-whizzes-break-speed-camera-code/2 005/08/10/1123353388395.html

A Sydney magistrate, Laurence Lawson, threw out the case because the Roads and Traffic Authority failed to find an expert to testify that its speed camera images were secure.

I.e., it wasn't thrown out because MD5 is suspect; it was thrown out because the government couldn't find an expert witness to be cross-examined, for some reason we don't know. In fact, I'd read that statement as meaning that the magistrate wanted to examine the entirety of speed camera security, not just MD5.

The motorist's defence lawyer, Denis Mirabilis, argued successfully that an algorithm known as MD5, which is used to store the time, date, place, numberplate and speed of cars caught on camera, was a discredited piece of technology.

That part of the story is just a lawyer's opinion, not a fact. "Successfully", in the context of the previous quote, just means that his argument was unopposed in court.

My understanding is that it is easy to generate multiple messages that have the same MD5 hash, but only if you get to choose both messages. It's still very hard (i.e., an infeasibly large number of CPU cycles for most of us) to generate data that yields the same MD5 hash as some other, arbitrary document.

It all sounds to me more like a case of blinding a magistrate with science, than some kind of victory for common sense. (Well, lawyers are involved, so commonsense isn't relevant, anyway.)

Details

[Effugas]

OK, I'm partially responsible for people seeing applied attack against MD5, so I'll comment for a second.

Basically, in 2004 Xiaoyun Wang released two different files with the same MD5 hash. This has been predicted since around 1996, when Hans Dobbertin showed the hash was broken -- but it took a while for the actual attack to show up.

Alot of people said there were _no_ applied uses. Not true. For instance, the following two pages have the same hash:

Lockheed Martin
Boeing

What's important to realize about the above content is that both web pages are included in both links; the difference between the source files (which MD5 is blind to) is just used to determine which page is displayed. What that means is that, for forensic purposes, it's trivial to rule out the best known attack against MD5 -- just look at the content being hashed.

Thats not to say we should keep using MD5. It's broken, we need to move on. But attempts to claim that MD5 is broken, so we have no idea of any link between hashed content and real material -- that's just ridiculous. We have plenty of idea, especially with human-guided forensic operations.

That being said -- if you can doctor a photo, you can doctor a hash. This is one of the things that makes files hosted on a single server w/ MD5 hashes "verifying" them a little silly...if you can alter the file, you can alter the .md5 file as well. (Files on multiple servers are a little different, because you can go elsewhere to see the deviating MD5 hash.)

Good riddance

[bananahammock]

Speed cameras in Perth (West Coast for the punters) are a real bitch. I hear these contraptions pay for themselves within a week of indiscriminately snapping drivers going just 4-5km/h over the speed limit. That probably sounds reasonable in built up areas where you the speed limit is 40km/h (during school hours), but on the open road where 110km/h is legal, you're better off flicking on the cruise control to avoid the boys in blue. Pre-cameras, the cops used to book you for in excess of 9km/h in the country - at least then there was some logical wiggle room, not to mention it wasn't some impersonal surprise money earner turning up in your mail one day.

The extraordinary thing is that around the burbs, often I have to put my foot on the brake going down small hills just to ensure I don't edge over the limit. Perhaps sales of brake pads and cruise control equipment have increased substantially since the introduction of these fuckers. Both my parents have received speeding fines in the last few years, having gone for over forty years with a clean record.

As an aside, a few years back, one chap was flashed by the camera as he drove by and promptly responded by swerving into the offending machine, taking it out all together. Unfortunately, these cameras have a bunch of wire connected to a nearby van, which stores all the data. The cops simply lifted the last photo taken and arrested the guy. Though a tad rash in his response, I still consider him a legend.

Re:Good luck...

[tbigby]

Until he/she has a tyre blowout, or comes across an unexpected pothole in the road, or has to swerve to avoid a rabbit running across the road... at which point that extra 30mph or 50kmph could make a huge difference to the ensuing damage to the person and other people, not to mention their car. Those are things that can happen to anyone, no matter how good a driver they are.

Re:Correction...

[NormalVisual]

Bingo - it annoys the hell out of me that a Pakistani friend of mine was shot at on the highway shortly after 9/11, with bullets passing within inches of his 4-year old daughter and causing a fair bit of damage to his car, but the Orange County Sheriff's Office (FL) could not/would not bring the assailant to justice even though my friend was able to provide them with a plate number and they were able to determine that the vehicle was registered to a local business, and wasn't stolen. They sure can write up those speeding tickets for people going safely with the flow of traffic though, and the sheriff just got a budget increase so he could hire more officers, which brings his total to $153 million for a county of barely a million people. If I still lived in Orange County, I certainly wouldn't feel like I got $150 worth of police protection per year, especially when they can't seem to get attempted murderers off the street after being handed all the information they need.

It probably wouldn't bother me so much if they would take those officers running speed traps and put them someplace genuinely useful, like busy intersections where people die all the time because asshats are always running the stop lights.

Re:Good luck...

[Firethorn]

Yes, but on a four lane highway, where the most severe turn is about 30 degrees per mile, which is the 'unsafe speed'?

55(1980's speedlimit)
65(1990's)
75(current)

The road has been all of the above. Is 85 even that much of a stretch for a stable, well maintained car with good tires?

I've driven a number of vehicles, and there are a number that I wouldn't drive past 55-65 in on any road. It could be an immaculate runway and I wouldn't go that fast. On the other hand, I've driven a few sports-cars, and they feel more in control even going 30mph faster than the delivery truck.

Re:Good luck...

[swillden]

Yes, but on a four lane highway, where the most severe turn is about 30 degrees per mile, which is the 'unsafe speed'?

The answer is: any speed other than the one all the other vehicles are moving at.

Numerous studies have shown that the most important factor in reducing the total number of accidents on highways is to get all of the vehicles moving at about the same speed. Driving the speed limit when everyone else is going 10 over is dangerous. Driving 10mph faster than everyone else is dangerous.

Higher absolute speed increases the severity of injuries in case of an accident, different roadways also impose a natural maximum (though the US Interstates were mostly designed for 80mph traffic, since the speed limit was 70mph when they were constructed), and weather conditions can change things dramatically, but the most important consideration in minimizing accidents is getting all of the cars moving at close to the same speed.

If you're the granny with cars whizzing by to the left and right, you're a hazard, even if you're going the speed limit. If you're the punk passing everyone and weaving through traffic, you're a hazard, even if your car is perfectly capable of handling the speed on that road. In both cases, it doesn't even matter how good of a driver you may or may not be... if your actions may surprise another driver, then you'll eventually cause an accident.