CC Companies Scotch Mythbusters Show On RFID Security

← Back to Stories (view on slashdot.org)

CC Companies Scotch Mythbusters Show On RFID Security

Posted by kdawson on Saturday August 30, 2008 @10:40AM from the next-comes-guns-and-money dept.

mathfeel passes along a video in which Mythbusters co-host Adam Savage recounts how credit card companies lawyered up to make sure the Discovery channel never, ever airs a segment on the flaws in RFID security. "Texas Instruments comes on [a scheduled conference call] along with chief legal counsel for American Express, Visa, Discover, and everybody else... They [Mythbusters producers] were way, way outgunned and they [lawyers] absolutely made it really clear to Discovery that they were not going to air this episode talking about how hackable this stuff was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it."

30 of 466 comments (clear)

Min score:

Reason:

Sort:

Delaying the inevitable by Brad1138 · 2008-08-30 10:40 · Score: 5, Insightful

No disrespect to the MythBusters, but if they could figure it out, plenty of others will also.

--
If you could reason with religious people, there would be no religious people
1. Re:Delaying the inevitable by MillionthMonkey · 2008-08-30 10:43 · Score: 5, Insightful
  
  It's only a matter of time before this gets pulled off Youtube.
2. Re:Delaying the inevitable by kestasjk · 2008-08-30 12:15 · Score: 5, Insightful
  
  As I understand it they didn't really find anything out, they were just in the preliminary R&D stages, trying to talk to people in the know.
  It's not like they're covering up something big, they just want to ban talk about it altogether.
  
  ... Actually that's probably even worse.
  
  --
  // MD_Update(&m,buf,j);
3. Re:Delaying the inevitable by multisync · 2008-08-30 12:52 · Score: 4, Insightful
  
  It's only a matter of time before this gets pulled off Youtube.
  On what grounds would it be pulled off of YouTube? This is the very essence of what YouTube committed to deliver: a medium for user-produced video content. I don't see how Adam Savage could complain - he was speaking to a room full of people, any of whom could have a cel phone, or a video camera, recording him. Same with the venue and event producer - they let him in with a camera. Unless the clip was posted by someone other than the copyright holder, I don't see any way it could be "legitimately" removed.
  As for illegitimate methods, is Visa, or any of the other cc companies, a big enough customer for Google that they would risk the possible backlash and negative publicity to pull it? Besides, it's been seen now by lot's of people. No way to undo that.
  I loved it when the guy in the audience said "you do have about 3000 people in the room are aren't under any such legal arrangements." That's the point, right there.
  Once again, the corporate culture uses lawyers to focus attention on themselves by trying to silence people who simply speak the truth. They make it so easy. It's like catching fish in a barrel.
  
  --
  I don't care why you're posting AC
4. Re:Delaying the inevitable by OECD · 2008-08-30 14:08 · Score: 5, Insightful
  
  On what grounds would it be pulled off of YouTube?
  Grounds? Youtube takes down anything whenever *anyone* sends something that vaguely (really) resembles a proper DMCA takedown notice.
  Safe legal ground, but they're starting to piss off a subset of their users who expect the creators of a community to put up a modicum of defense for said community.
  
  --
  One man's -1 Flamebait is another man's +5 Funny.
5. Re:Delaying the inevitable by hey! · 2008-08-30 14:25 · Score: 5, Insightful
  
  Probably have done. Probably were anticipated by the companies to be going to do.
  The thing about credit cards is that they have never been very secure. They just have a business model that can absorb a fairly substantial slice of fraud. True, the companies don't like fraud, and they take steps to reduce it, but they don't spend more than a dollar to save a dollar of fraud.
  Having a fraud tolerant business model is way more important than having a fraud tolerant credit card. The only thing is that credit card marketing is based on getting consumers to rely on their cards, to trust the cards and the company behind them.
  
  --
  Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
6. Re:Delaying the inevitable by jythie · 2008-08-30 15:12 · Score: 4, Insightful
  
  Visa?
  Mastercard?
  Discover?
  These are companies that you can not avoid, and can not fight. No one who wants to function can boycott them, and without SERIOUS fallout no lawmaker can touch them.
  Not to mention the public is surprsingly accepting of 'it should be illegal to show how bad a product is!'
7. Re:Delaying the inevitable by cjb658 · 2008-08-30 16:24 · Score: 4, Insightful
  
  Yeah, we all know how well censorship works on the internet.
8. Re:Delaying the inevitable by Atario · 2008-08-30 17:42 · Score: 3, Insightful
  
  Youtube takes down anything whenever *anyone* sends something that vaguely (really) resembles a proper DMCA takedown notice.
  
  Hmm, I wonder if YouTube would change their tune if they started receiving DMCA takedown notices on every video ever posted...
  
  --
  "A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
9. Re:Delaying the inevitable by Alsee · 2008-08-30 21:32 · Score: 5, Insightful
  
  YouTube is required by law to take down content when someone files a DMCA takedown notice
  Incorrect.
  The DMCA says YouTube gets a free pass against any claims of infringement and any lawsuit from the party filing the DMCA notice.
  and put it back up after 14 days if the person who uploaded it files an uncontested counter notice.
  Incorrect.
  The DMCA says YouTube gets a free pass against any claims of harm or wrong doing in taking down the content.
  In practice virtually every company institutes automatic rules of obeying takedown notices and counter notices, no matter how blatantly bogus they may be. If the Olympic Committee, or Scientologists, or Barbra Streisand, or anyone else files DMCA notices demanding the takedown of content which is not in fact infringing, or for any other reason the service provider would not have been guilty under pre-DMCA law for leaving up, then that provider absolutely can choose to safely leave that content up. And equally, if under pre-DMCA law a company would not have been liable for taking certain content down, they can safely ignore a counter notice and can keep content down.
  One could, for example, send in a totally bogus takedown notice against a group organizing an event on a certain date, or against a business engaging in some time-critical dealings, or even against say a politician running for office. Virtually every internet business will follow a strict policy on taking down anything on a DMCA notice, no matter how blatantly bogus it is. The arrangement of law and business interests makes that almost almost impossible to escape. The DMCA makes it trivial to arbitrarily censor almost anything anyone dislikes and to bully people into submission, and to abusively achieve complete victory in any time-sensitive situation. I recall one case where stores were unhappy with their holiday sale prices being posted online. So they filed a totally bogus takedown notice claiming the sale prices as copyright infringement, and had the information taken down. And obviously a counter-notice to have that content restored several days later - after the holiday sale was over - would have been completely pointless. But imagine if one were to take advantage of this DMCA situation for political ends. A situation that is obviously quite date-critical and where counter-noticing a takedown does not solve or even diminish the damage caused by that takedown. One could anonymously send totally bogus takedown notices by e-mail or snail-mail screwing either candidate (even screwing both). Not only could you takedown selected videos from YouTube just before an election, not only can you have various crucial materials taken down from various websites, one could potentially even get a candidate's own website taken down.
  Maybe in the described political campaign situation a company might override the strict corporate rule to comply with all DMCA notices, however that is a total crap-shoot and the law makes it against the company's interest to do so. Legally, the corporate interest is to just obey the bogus notice.
  If all you are doing is uploading copyright material that doesn't belong to you, there's not much YouTube can do to defend you.
  If you are uploading legitimate material and someone is sending junk DMCA notices, YouTube could ignore the junk notices, could defend you, but legally it is powerfully against their interests to do so. Legally, it would be stupid for them to do so.
  -
  
  --
  - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
10. Re:Delaying the inevitable by WK2 · 2008-08-30 22:44 · Score: 4, Insightful
  
  You just pointed out one of the serious flaws with the DMCA, that any company, or any person, can file a barrage of illegitimate takedown notices with little or no consequence. Which still does not represent a flaw with Google, but rather with with the law.
  
  --
  Write your own Choose Your Own Adventure. http://www.freegameengines.org/gamebook-engine/
This isn't about the hackers... by hpa · 2008-08-30 10:46 · Score: 5, Insightful

This isn't at all about the hackers ... this is about making the general public aware just how bad this is.
1. Re:This isn't about the hackers... by TubeSteak · 2008-08-30 11:32 · Score: 4, Insightful
  
  This isn't at all about the hackers ... this is about making the general public aware just how bad this is.
  But as the reasoning goes...
  If the general public isn't aware of the problem...
  It isn't a problem.
  
  --
  [Fuck Beta]
  o0t!
You have alot of faith in judges. by FatSean · 2008-08-30 10:49 · Score: 3, Insightful

I don't. They tend to be old, out of touch with modern technology. I think enough BS by CC lawyers would confound them and justice would not be served.
But I'm told I'm a cynic :)

--
Blar.
Pass the buck by magus_melchior · 2008-08-30 10:49 · Score: 5, Insightful

So, rather than face lawsuits over contractual obligations to build and maintain a secure system (hah), they litigate the party who exposes them for attempting fraud.
Should it be surprising that in a culture that prizes profits and pride over progress, that litigation threats are used to squelch otherwise good feedback and information?

--
"We are Microsoft. You shall be assimilated. Competition is futile."
I smell a Streisand Effect coming... by Stanislav_J · 2008-08-30 10:50 · Score: 5, Insightful

Of course, now that the story is propagating all over the Net, pretty soon everyone will know about the alleged security flaws (if not the details), and the CC companies and their legal eagles will look quite villainous. When will they ever learn?

--
"Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
They busted yet another myth..... by Anonymous Coward · 2008-08-30 10:50 · Score: 5, Insightful

freedom of speech.
Re:Yeah, well... by MBCook · 2008-08-30 10:59 · Score: 5, Insightful

Because PBS isn't advertiser funded, it gets its support from private individuals and (to a rather minor extent) the government. While corporations can (and do) donate, it isn't their lifeblood.
I agree with you though. I've seen that episode and it's a fantastic rebuke of the credit card industry.

--
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Re:Yeah, well... by cortesoft · 2008-08-30 10:59 · Score: 5, Insightful

I think you have just shown a perfect example of why we need television that isn't funded by advertisers. PBS can air the show because they aren't driven by profit and aren't beholden to those corporations (although even that is starting to change with corporate sponsorship of PBS). While you can argue that public television is beholden to the government, at least it is beholden to a (slightly) different power.
Re:I can just see the courtroom in 2010 by mrmeval · 2008-08-30 11:08 · Score: 4, Insightful

Judges are lawyers and that is forced by law. You can't be one without being a lawyer.

--
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Not only that but by beakerMeep · 2008-08-30 11:10 · Score: 5, Insightful

I truly see Frontline as one of the last and only truly investigative journalism programs on TV. It's the only show where I have found myself thinking "wow what they are reporting is interesting but it raises question A" and then as if by magic, the show continues: "we decided to further investigate and here's what we found about question A and this lead us to questions B, C and D"

--
meep
If ever there was a time... by hyades1 · 2008-08-30 11:12 · Score: 4, Insightful

...for Slashdot to hammer the crap out of some corporate bullies, it sounds like this might be it. Could someone appropriately knowledgeable perhaps post a detailed account of how incredibly hackable RFID security is? A couple of URL's leading to websites with all the red meat would also be appropriate. PGP proves that once the genii is out of the bottle, it can't be put back in all that easily.
Frankly, I'm sick and tired of all these corporate assholes and their attitude. You can bet your bottom dollar that they'll keep the current, flawed system as-is, and simply out-last any hacking victim who dares to challenge them in court. The best solution is to make sure everybody with even a grade school education and a card reader can screw them at will. Maybe then, they'll do something about fixing the problem.

--
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Re:Sometimes it neccesary by RelaxedTension · 2008-08-30 11:19 · Score: 5, Insightful

"...and I have decided to keep those revelations to myself so that it is not exploited by every script kiddie and wannabe hackers to try."

And you are the only person that will figure that method out, I guess. Hopefully, you are the smartest person alive, and the problem so difficult no one else can possibly figure it out too, and abuse it.

The way we move forward as a race is that we share information, both about what works and helps, and more importantly about what doesn't work or causes harm. If the people affected the most by the flaw that has been discovered do nothing about it, then disclosure is the way. That way everyone else is informed and warned, as they should be.
Re:Ignore Them by Anon+E.+Muss · 2008-08-30 11:27 · Score: 5, Insightful

... there is no law to prevent Discovery from airing facts ...
There is also no law that requires the credit card companies to spend their advertising dollars on the Discovery Channel, or any other media outlet owned by the same company. That's what this is all about.

--
The key sequence to access my Slashdot bookmark in Firefox is Alt-B-S. I don't believe this is a coincidence.
Re:Upcoming Mythbusters Special! by azakem · 2008-08-30 11:30 · Score: 5, Insightful

Also, lawyers are the reason we no longer have habeas corpus, so the show should be filmed in Guantanamo Bay, Cuba.
Lawyers are also the only reason you ever had habeas corpus in the first place, and the only chance you have of ever getting it back.
Lawyers are like nuclear tech, they can be used for good or evil.
Want to really get em? by Rod+Beauvex · 2008-08-30 11:32 · Score: 5, Insightful

Make a note of this on their Wikipedia entry.
Re:Ignore Them by azakem · 2008-08-30 11:37 · Score: 3, Insightful

Except where National Security(TM) is concerned, there is no valid argument in law to prevent Discovery/Mythbusters from airing facts about the lack of security surrounding RFID, and Discovery/Mythbusters are under no contractual obligation to keep such facts secret.
Schwab
There is more at work here than the law. The implicit (explicit?) threat is that if Discovery airs this show, the CC companies will cease advertising on the Discovery network.
Re:Yeah, well... by Blue+Stone · 2008-08-30 12:01 · Score: 4, Insightful

That's why you get programmes like Top Gear from the BBC. No commercial channel would dare upset the card manufacturers like it does.

--
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
Re:I can just see the courtroom in 2010 by rm999 · 2008-08-30 12:02 · Score: 3, Insightful

How do you know the credit card companies aren't trying to fix the issue? And why not also blame the Discovery Channel, who didn't even try to put up a defense?
I think this comes down to "we advertise on your network and don't want you making us look bad" instead of "we are trying to keep this flaw a secret, even though it is already common knowledge."
http://www.rfid-cusp.org/blog/blog-23-10-2006.html
Re:Upcoming Mythbusters Special! by Antique+Geekmeister · 2008-08-30 13:28 · Score: 4, Insightful

It's not been lost? Tell it to those in Guantanamo Bay, or those held without legal consul, notification to their families, or admissions of their presence in this and similar facilities. Since their names are secret, and even admitting that you know the names can get you thrown in jail as a security risk, that's about as serious a violation of habeas corpus as you can commit. It's also a major violation of the Geneva Convention.
So the principal is, in fact, in danger.