Slashdot Mirror

← Back to Stories (view on slashdot.org)

CC Companies Scotch Mythbusters Show On RFID Security

Posted by kdawson on from the next-comes-guns-and-money dept.

mathfeel passes along a video in which Mythbusters co-host Adam Savage recounts how credit card companies lawyered up to make sure the Discovery channel never, ever airs a segment on the flaws in RFID security. "Texas Instruments comes on [a scheduled conference call] along with chief legal counsel for American Express, Visa, Discover, and everybody else... They [Mythbusters producers] were way, way outgunned and they [lawyers] absolutely made it really clear to Discovery that they were not going to air this episode talking about how hackable this stuff was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it."

17 of 466 comments (clear)

  1. Delaying the inevitable by Brad1138 · · Score: 5, Insightful

    No disrespect to the MythBusters, but if they could figure it out, plenty of others will also.

    --
    If you could reason with religious people, there would be no religious people
    1. Re:Delaying the inevitable by MillionthMonkey · · Score: 5, Insightful

      It's only a matter of time before this gets pulled off Youtube.

    2. Re:Delaying the inevitable by kestasjk · · Score: 5, Insightful

      As I understand it they didn't really find anything out, they were just in the preliminary R&D stages, trying to talk to people in the know.
      It's not like they're covering up something big, they just want to ban talk about it altogether.

      ... Actually that's probably even worse.

      --
      // MD_Update(&m,buf,j);
    3. Re:Delaying the inevitable by OECD · · Score: 5, Insightful

      On what grounds would it be pulled off of YouTube?

      Grounds? Youtube takes down anything whenever *anyone* sends something that vaguely (really) resembles a proper DMCA takedown notice.

      Safe legal ground, but they're starting to piss off a subset of their users who expect the creators of a community to put up a modicum of defense for said community.

      --
      One man's -1 Flamebait is another man's +5 Funny.
    4. Re:Delaying the inevitable by hey! · · Score: 5, Insightful

      Probably have done. Probably were anticipated by the companies to be going to do.

      The thing about credit cards is that they have never been very secure. They just have a business model that can absorb a fairly substantial slice of fraud. True, the companies don't like fraud, and they take steps to reduce it, but they don't spend more than a dollar to save a dollar of fraud.

      Having a fraud tolerant business model is way more important than having a fraud tolerant credit card. The only thing is that credit card marketing is based on getting consumers to rely on their cards, to trust the cards and the company behind them.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    5. Re:Delaying the inevitable by Alsee · · Score: 5, Insightful

      YouTube is required by law to take down content when someone files a DMCA takedown notice

      Incorrect.

      The DMCA says YouTube gets a free pass against any claims of infringement and any lawsuit from the party filing the DMCA notice.

      and put it back up after 14 days if the person who uploaded it files an uncontested counter notice.

      Incorrect.

      The DMCA says YouTube gets a free pass against any claims of harm or wrong doing in taking down the content.

      In practice virtually every company institutes automatic rules of obeying takedown notices and counter notices, no matter how blatantly bogus they may be. If the Olympic Committee, or Scientologists, or Barbra Streisand, or anyone else files DMCA notices demanding the takedown of content which is not in fact infringing, or for any other reason the service provider would not have been guilty under pre-DMCA law for leaving up, then that provider absolutely can choose to safely leave that content up. And equally, if under pre-DMCA law a company would not have been liable for taking certain content down, they can safely ignore a counter notice and can keep content down.

      One could, for example, send in a totally bogus takedown notice against a group organizing an event on a certain date, or against a business engaging in some time-critical dealings, or even against say a politician running for office. Virtually every internet business will follow a strict policy on taking down anything on a DMCA notice, no matter how blatantly bogus it is. The arrangement of law and business interests makes that almost almost impossible to escape. The DMCA makes it trivial to arbitrarily censor almost anything anyone dislikes and to bully people into submission, and to abusively achieve complete victory in any time-sensitive situation. I recall one case where stores were unhappy with their holiday sale prices being posted online. So they filed a totally bogus takedown notice claiming the sale prices as copyright infringement, and had the information taken down. And obviously a counter-notice to have that content restored several days later - after the holiday sale was over - would have been completely pointless. But imagine if one were to take advantage of this DMCA situation for political ends. A situation that is obviously quite date-critical and where counter-noticing a takedown does not solve or even diminish the damage caused by that takedown. One could anonymously send totally bogus takedown notices by e-mail or snail-mail screwing either candidate (even screwing both). Not only could you takedown selected videos from YouTube just before an election, not only can you have various crucial materials taken down from various websites, one could potentially even get a candidate's own website taken down.

      Maybe in the described political campaign situation a company might override the strict corporate rule to comply with all DMCA notices, however that is a total crap-shoot and the law makes it against the company's interest to do so. Legally, the corporate interest is to just obey the bogus notice.

      If all you are doing is uploading copyright material that doesn't belong to you, there's not much YouTube can do to defend you.

      If you are uploading legitimate material and someone is sending junk DMCA notices, YouTube could ignore the junk notices, could defend you, but legally it is powerfully against their interests to do so. Legally, it would be stupid for them to do so.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  2. This isn't about the hackers... by hpa · · Score: 5, Insightful

    This isn't at all about the hackers ... this is about making the general public aware just how bad this is.

  3. Pass the buck by magus_melchior · · Score: 5, Insightful

    So, rather than face lawsuits over contractual obligations to build and maintain a secure system (hah), they litigate the party who exposes them for attempting fraud.

    Should it be surprising that in a culture that prizes profits and pride over progress, that litigation threats are used to squelch otherwise good feedback and information?

    --
    "We are Microsoft. You shall be assimilated. Competition is futile."
  4. I smell a Streisand Effect coming... by Stanislav_J · · Score: 5, Insightful

    Of course, now that the story is propagating all over the Net, pretty soon everyone will know about the alleged security flaws (if not the details), and the CC companies and their legal eagles will look quite villainous. When will they ever learn?

    --
    "Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
  5. They busted yet another myth..... by Anonymous Coward · · Score: 5, Insightful

    freedom of speech.

  6. Re:Yeah, well... by MBCook · · Score: 5, Insightful

    Because PBS isn't advertiser funded, it gets its support from private individuals and (to a rather minor extent) the government. While corporations can (and do) donate, it isn't their lifeblood.

    I agree with you though. I've seen that episode and it's a fantastic rebuke of the credit card industry.

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
  7. Re:Yeah, well... by cortesoft · · Score: 5, Insightful

    I think you have just shown a perfect example of why we need television that isn't funded by advertisers. PBS can air the show because they aren't driven by profit and aren't beholden to those corporations (although even that is starting to change with corporate sponsorship of PBS). While you can argue that public television is beholden to the government, at least it is beholden to a (slightly) different power.

  8. Not only that but by beakerMeep · · Score: 5, Insightful

    I truly see Frontline as one of the last and only truly investigative journalism programs on TV. It's the only show where I have found myself thinking "wow what they are reporting is interesting but it raises question A" and then as if by magic, the show continues: "we decided to further investigate and here's what we found about question A and this lead us to questions B, C and D"

    --
    meep
  9. Re:Sometimes it neccesary by RelaxedTension · · Score: 5, Insightful

    "...and I have decided to keep those revelations to myself so that it is not exploited by every script kiddie and wannabe hackers to try."

    And you are the only person that will figure that method out, I guess. Hopefully, you are the smartest person alive, and the problem so difficult no one else can possibly figure it out too, and abuse it.

    The way we move forward as a race is that we share information, both about what works and helps, and more importantly about what doesn't work or causes harm. If the people affected the most by the flaw that has been discovered do nothing about it, then disclosure is the way. That way everyone else is informed and warned, as they should be.

  10. Re:Ignore Them by Anon+E.+Muss · · Score: 5, Insightful

    ... there is no law to prevent Discovery from airing facts ...

    There is also no law that requires the credit card companies to spend their advertising dollars on the Discovery Channel, or any other media outlet owned by the same company. That's what this is all about.

    --
    The key sequence to access my Slashdot bookmark in Firefox is Alt-B-S. I don't believe this is a coincidence.
  11. Re:Upcoming Mythbusters Special! by azakem · · Score: 5, Insightful

    Also, lawyers are the reason we no longer have habeas corpus, so the show should be filmed in Guantanamo Bay, Cuba.

    Lawyers are also the only reason you ever had habeas corpus in the first place, and the only chance you have of ever getting it back.

    Lawyers are like nuclear tech, they can be used for good or evil.

  12. Want to really get em? by Rod+Beauvex · · Score: 5, Insightful

    Make a note of this on their Wikipedia entry.