Canada manages to have a paper-only voting system, and produces all their results within a few hours, and has a lot fewer voting issues. then again, one of the secrets is to vote for only one thing - we don't elect dog-catchers and judges and 10 levels of governemt at the same time...
The simple and obvious vote system would be this: Vote electronically. Whatever, touch screens. When all is settled, print out a final ballot- on a piece of paper, the size of an old computer punch card. It would be printed with both the vote choices (text) and an easily-scanned bar code. For good measure, it would have some form of hash-encrypted key with checksum, machine, serial number, approximate tim,e of voting, etc. You could even print off a matching copy for the voter to take home. (I would also allow the voter to print off "fake" voter receipts, so if they are selling their vote, they could produce whatever receipt for show that they wanted - but not have to actually vote that way. Unless the vote buyer had access to the encoded ballots, he would not be able to tell if the receipt was really for a final vote.)
If you could make that code secure, then maybe add the exact time of voting so individual ballots could be disallowed if the voter were deemed fraudulent; as long as it's not easy to determine who voted how, without a very secret code.
So now, you have a series of bar coded (easily machine-read) paper ballots. The text names also appear, so the voter can verify.
I'm sure in the cases where machine code fudging is suspected, a scanner program could be written to compare text to bar code to ensure no hanky-panky was happening. Also, you could build sorting machines to sort ballots into slots (like the old card sorters) based on a vote value. A quick perusal of any stack ("these should all read 'GWB'...") would show whether any text-to-code mismatch was being performed.
Voters of questionable credentials could still vote,but their ballots would be segregated and serial-numbered (with a hidden code) so that they could be permitted or denied based on challenges - sort of like sealing your vote in an envelope and tossing it in the count when the case is won...
The down side? Every voting place would need a functional laser (3 for good measure) a huge supply of paper and some fancy computers and bar-code readers.
There was a recent local news alert about a gang of thieves making their way across Canada. One of their scams was this:
Canada is very big on ATM debit payments. A gang member stands behind you in the cashier line-up to buy something miniscule, and watches while you pay with debit. Many Point-of-Sale machines have very poor privacy shields. They memorize your PIN number, and watch where you put the debit card afterward.
As you leave the store, another gang member does the classic "bump" pickpocket routine, or does a serious "collision and spill", and steals your card. Done well, you won't realize there's a problem until after the account is cleaned out. Smart would be to leave a hundred bucks or so, so that nothing bounces for a day or two, so you may forget where this happened.
With this new technology, they don't even have to steal your card - just be within a few feet when you pull your card out of the tin-foil. SO much easier!
RFID is meant to allow you to scan a pallet of goods - so should have a range of at least 4 to 6 feet. Anything with more than a 3-inch range sounds frightening. Direct contact would be preferrable - you should specifically have to do something active to allow payment. Anything without a "smart" challenge-response also sounds frightening - as others have mentioned, in that case you might as well post your details on the internet.
The other thing to think about. Cracks to supposedly "secure" systems (WEP? Garage door openers?) seem to rely on analysis of volume of transmissions. SO if a "Smart RFID" card needed to be cracked, perhaps someone could sit next to you on the train. During the ride into the city, his laptop could be running a continuous challenge and analyzing responses to figure out the necessary "key" for all the credit cards within 10 feet. Or, while everyone is standing around waiting for the train, he can do a 15-minute deep scan.
The scary part about "Smart" type cards is that they then make payment automatic (EZ-Pass?). You may not know or approve of every transaction. They had better be damned secure. IIRC, the Euro-cards have metal contacts and still require a physical connection, not a remote read.
I suspect that the reason EZ-pass hasn't been stolen yet is economic; what are you going to do with a fake EZ-Pass, except drive through gates where they're continuously taking pictures of you and your car? The system is not widespread enough to be publicly analyzed - no readers in small stores to be "stolen" and played with, not as easy to tap the computer lines from a reader to the central computer, etc. Compare that with a payment card system that every tiny store would have, and the incentive of easy money by the bucket-load...
My company's "wave and enter" ID cards are actually magnetic, only reach about a foot, and (so I'm told) have the added benefit of setting off some store anti-theft security monitors - as if we needed more hassles.
IIRC from long ago, wasn't the original "Ethernet" a radio-based system? Hence the CDMA, since there was only the one channel/frequency for all transactions. Also, hence the name "ether"net, from the early 20th century fancy that light and wireless travelled through an invisible "ether". Some clever fellow then copied that design for a cable system, giving us the original coax networking.(And without a patent infringement suit!)
After that, what would any research bring to the wireless aspect of the design that isn't under the category of "obvious"? Checksum was a feature of original ethernet. So was collsion detection and retransmission. MAC addressing. The only really original bits I can think of in WiFi is the security - however, not a lot different from HTTPS and already covered by other patents?
For example, if someone already makes a washer and a dryer, wouldn't making a combined "washer-dryer" be obvious rather than patentable? (If they could make it iron and fold too, THEN I'd consider it a patentable device!) Should be pretty easy to do with a pair of front-loading appliances... I don't see where bring wireless, or limited-range wireless, or power-limited wireless, falls in the category of "innovation".
I think the Judge is right, and a constitutonal challege should be allowed. IANAL (who is?) but take this example: In Canadian tax law, if you are caught cheating on your taxes, the typical penalty is equal to the amount of oustanding taxes. (I.e. if you cheated the government of $5,000 in taxes, you pay that $5K taxes, PLUS a $5K fine.) Most other such damages are similar - 1 or 2 times the actual cost tacked on as a penalty. If you are speeding - a potentially lethal act, far more egregious than copying a song - the fine for the act is $150, say. Some proportion is in order.
So what are the real damages? If we assume there are 50M people in N. America who download songs (1/6th population) and typically they download 50 songs a year (that seems a little high as an average) and the songs in question, subject of the litigation, are about say 10% of the usual downloads since this is a hit-based business - then we come out with the typical song/trader total being 5. This indicates a damage estimate of about 50 songs *.10 * 70 cents = $3.50. But, let's say 90% are leeches - then the damages would be $35. I'm pulling numbers out of my hat, but you see where the argument can go.
It seems to me that public song offering/trading should be something like speeding or not wearing your seatbelt(where required). A simple fine, a quick ticket written once the appropriate proof is presented, and - ta da - you get a ticket for $50. High enough to discourage, low enough that it doesn't break the bank, but high enough to get the message across, low enough to make it not worth fighting unless you really want to make a point - don't download, don't jaywalk, don't litter (All offenses of the about same caliber of "badness").
A standard burden of proof should be set and required. With speed radar practices, it's pretty difficult to fight and win a speeding ticket against radar. (Not impossible, but you better have a good argument...) Very rarely do the police get away any more with the "in my estimation he was doing 70mph in a 60 zone,your honor..." The same should be required for a "downloading" fine. And, if the level of reliability of the evidence begins to slip below "satisfactory", the judges and lawyers can certainly let the RIAA know quickly through a lack of enforcement of the fines.
Slashdot Mirror
Canada manages to have a paper-only voting system, and produces all their results within a few hours, and has a lot fewer voting issues. then again, one of the secrets is to vote for only one thing - we don't elect dog-catchers and judges and 10 levels of governemt at the same time...
The simple and obvious vote system would be this:
Vote electronically. Whatever, touch screens. When all is settled, print out a final ballot- on a piece of paper, the size of an old computer punch card. It would be printed with both the vote choices (text) and an easily-scanned bar code. For good measure, it would have some form of hash-encrypted key with checksum, machine, serial number, approximate tim,e of voting, etc. You could even print off a matching copy for the voter to take home. (I would also allow the voter to print off "fake" voter receipts, so if they are selling their vote, they could produce whatever receipt for show that they wanted - but not have to actually vote that way. Unless the vote buyer had access to the encoded ballots, he would not be able to tell if the receipt was really for a final vote.)
If you could make that code secure, then maybe add the exact time of voting so individual ballots could be disallowed if the voter were deemed fraudulent; as long as it's not easy to determine who voted how, without a very secret code.
So now, you have a series of bar coded (easily machine-read) paper ballots. The text names also appear, so the voter can verify.
I'm sure in the cases where machine code fudging is suspected, a scanner program could be written to compare text to bar code to ensure no hanky-panky was happening. Also, you could build sorting machines to sort ballots into slots (like the old card sorters) based on a vote value. A quick perusal of any stack ("these should all read 'GWB'...") would show whether any text-to-code mismatch was being performed.
Voters of questionable credentials could still vote,but their ballots would be segregated and serial-numbered (with a hidden code) so that they could be permitted or denied based on challenges - sort of like sealing your vote in an envelope and tossing it in the count when the case is won...
The down side? Every voting place would need a functional laser (3 for good measure) a huge supply of paper and some fancy computers and bar-code readers.
There was a recent local news alert about a gang of thieves making their way across Canada. One of their scams was this:
Canada is very big on ATM debit payments. A gang member stands behind you in the cashier line-up to buy something miniscule, and watches while you pay with debit. Many Point-of-Sale machines have very poor privacy shields. They memorize your PIN number, and watch where you put the debit card afterward.
As you leave the store, another gang member does the classic "bump" pickpocket routine, or does a serious "collision and spill", and steals your card. Done well, you won't realize there's a problem until after the account is cleaned out. Smart would be to leave a hundred bucks or so, so that nothing bounces for a day or two, so you may forget where this happened.
With this new technology, they don't even have to steal your card - just be within a few feet when you pull your card out of the tin-foil. SO much easier!
RFID is meant to allow you to scan a pallet of goods - so should have a range of at least 4 to 6 feet. Anything with more than a 3-inch range sounds frightening. Direct contact would be preferrable - you should specifically have to do something active to allow payment. Anything without a "smart" challenge-response also sounds frightening - as others have mentioned, in that case you might as well post your details on the internet.
The other thing to think about. Cracks to supposedly "secure" systems (WEP? Garage door openers?) seem to rely on analysis of volume of transmissions. SO if a "Smart RFID" card needed to be cracked, perhaps someone could sit next to you on the train. During the ride into the city, his laptop could be running a continuous challenge and analyzing responses to figure out the necessary "key" for all the credit cards within 10 feet. Or, while everyone is standing around waiting for the train, he can do a 15-minute deep scan.
The scary part about "Smart" type cards is that they then make payment automatic (EZ-Pass?). You may not know or approve of every transaction. They had better be damned secure. IIRC, the Euro-cards have metal contacts and still require a physical connection, not a remote read.
I suspect that the reason EZ-pass hasn't been stolen yet is economic; what are you going to do with a fake EZ-Pass, except drive through gates where they're continuously taking pictures of you and your car? The system is not widespread enough to be publicly analyzed - no readers in small stores to be "stolen" and played with, not as easy to tap the computer lines from a reader to the central computer, etc. Compare that with a payment card system that every tiny store would have, and the incentive of easy money by the bucket-load...
My company's "wave and enter" ID cards are actually magnetic, only reach about a foot, and (so I'm told) have the added benefit of setting off some store anti-theft security monitors - as if we needed more hassles.
IIRC from long ago, wasn't the original "Ethernet" a radio-based system? Hence the CDMA, since there was only the one channel/frequency for all transactions. Also, hence the name "ether"net, from the early 20th century fancy that light and wireless travelled through an invisible "ether". Some clever fellow then copied that design for a cable system, giving us the original coax networking.(And without a patent infringement suit!)
After that, what would any research bring to the wireless aspect of the design that isn't under the category of "obvious"? Checksum was a feature of original ethernet. So was collsion detection and retransmission. MAC addressing. The only really original bits I can think of in WiFi is the security - however, not a lot different from HTTPS and already covered by other patents?
For example, if someone already makes a washer and a dryer, wouldn't making a combined "washer-dryer" be obvious rather than patentable? (If they could make it iron and fold too, THEN I'd consider it a patentable device!) Should be pretty easy to do with a pair of front-loading appliances... I don't see where bring wireless, or limited-range wireless, or power-limited wireless, falls in the category of "innovation".
I think the Judge is right, and a constitutonal challege should be allowed. IANAL (who is?) but take this example: In Canadian tax law, if you are caught cheating on your taxes, the typical penalty is equal to the amount of oustanding taxes. (I.e. if you cheated the government of $5,000 in taxes, you pay that $5K taxes, PLUS a $5K fine.) Most other such damages are similar - 1 or 2 times the actual cost tacked on as a penalty. If you are speeding - a potentially lethal act, far more egregious than copying a song - the fine for the act is $150, say. Some proportion is in order.
.10 * 70 cents = $3.50. But, let's say 90% are leeches - then the damages would be $35. I'm pulling numbers out of my hat, but you see where the argument can go.
So what are the real damages? If we assume there are 50M people in N. America who download songs (1/6th population) and typically they download 50 songs a year (that seems a little high as an average) and the songs in question, subject of the litigation, are about say 10% of the usual downloads since this is a hit-based business - then we come out with the typical song/trader total being 5. This indicates a damage estimate of about 50 songs *
It seems to me that public song offering/trading should be something like speeding or not wearing your seatbelt(where required). A simple fine, a quick ticket written once the appropriate proof is presented, and - ta da - you get a ticket for $50. High enough to discourage, low enough that it doesn't break the bank, but high enough to get the message across, low enough to make it not worth fighting unless you really want to make a point - don't download, don't jaywalk, don't litter (All offenses of the about same caliber of "badness").
A standard burden of proof should be set and required. With speed radar practices, it's pretty difficult to fight and win a speeding ticket against radar. (Not impossible, but you better have a good argument...) Very rarely do the police get away any more with the "in my estimation he was doing 70mph in a 60 zone,your honor..." The same should be required for a "downloading" fine. And, if the level of reliability of the evidence begins to slip below "satisfactory", the judges and lawyers can certainly let the RIAA know quickly through a lack of enforcement of the fines.