LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security quotes of the week

[Posted October 17, 2012 by jake]

But at least it's patented by a notorious patent troll, which means that other jackasses who try to implement this stupid idea will find themselves tied up in absurd, wasteful lawsuits. It's mutually assured dipshits.
-- Cory Doctorow on a patent by Intellectual Ventures for 3D printing DRM

Use of the card, accepted by every major Bay Area public transit system, is soaring with 689,000 transactions a day and more than 1 million active Clipper cards. Many cardholders might not realize that data tracking their every move on public transit is stored on computers and available to anyone with a search warrant or subpoena. Personal data can be stored for seven years after a Clipper account is closed, according to the commission's policy. In addition, a new smartphone app, called FareBot, allows anyone to scan a Clipper card and find out where the owner has been.
-- NBC Bay Area notes that San Francisco "Clipper Cards" reveal users' movements to authorities
(Log in to post comments)

Security quotes of the week

Posted Oct 18, 2012 1:48 UTC (Thu) by JoeBuck (subscriber, #2330) [Link]

As the NBC Bay Area story points out, there have been hardly any requests for Clipper card data, because that requires a search warrant or subpeona while the cops can easily get cell phone tracking information without jumping through those hoops (thanks to some very bad court decisions). So if they can track your exact location via your phone, they don't need to care which bus or train you rode on.

So unless you don't have a cell phone, you really have little to worry about from Clipper cards.

Security quotes of the week

Posted Oct 18, 2012 13:39 UTC (Thu) by njwhite (subscriber, #51848) [Link]

Really? That's interesting. In London the Oyster system is very heavily used by police these days (it's a nice "pay double if you don't want to be tracked this way" system,) but I've never seen much about the London police actually using cellphone tracking much. I suspect that's partly convenience; judging from the numbers of Oyster queries they're doing these days it seems like it's very routine, in a way that might be difficult to manage without close(r) cooperation with mobile operators.

Tracking people by things

Posted Oct 18, 2012 18:52 UTC (Thu) by man_ls (subscriber, #15091) [Link]

It is wonderful how both transport cards and mobile phones (which do not assure holder identity by any means) can be used by the police for anything. If I were to commit a murder I would give card and phone to an accomplice and go elsewhere. Another way that organized murder is much more efficient than amateurs, I suppose.

Security quotes of the week

Posted Oct 18, 2012 11:26 UTC (Thu) by freemars (subscriber, #4235) [Link]

If the cards in a "clipper card" like system all have the same value (for example, unlimited rides for a calendar month) you could try to start a culture of random people swapping cards. Two people could trade cards after passing a turnstile or boarding a bus, both having just demonstrated their card is accepted by the system.

It's a Cory Doctorowish plan, however; cool in concept but unlikely to work in a group of real people.

Security quotes of the week

Posted Oct 19, 2012 5:36 UTC (Fri) by dirtyepic (subscriber, #30178) [Link]

Yeah that'd work great when some random person murders someone while in possession of your card.

Security quotes of the week

Posted Oct 19, 2012 5:44 UTC (Fri) by cpeterso (guest, #305) [Link]

The Clipper card is a debit card that is typically tied to a user's credit card.

Regarding card sharing, I read years ago about "some guy on the internet" who freely shared his Safeway Club card number (a grocery store loyalty program) with anyone. People would send him SASE and he would return barcode stickers of his card that people could affix to theirs. He liked the idea that Safeway's customer tracker would see "him" shopping in multiple states within the same day. Safeway said they didn't care (because it was just noise compared to all their data).

Security quotes of the week

Posted Oct 18, 2012 14:19 UTC (Thu) by rriggs (subscriber, #11598) [Link]

Cory might be missing the point. The step right before "Profit!" is getting the laws passed that mandate the use of your newly patented technology -- with help from WIPO.

Security quotes of the week

Posted Oct 22, 2012 0:17 UTC (Mon) by pr1268 (subscriber, #24648) [Link]

The Clipper card controversy is nothing new; didn't Bruce Perens mention several years ago (either here at LWN or some other blog/message board he frequents) about how divorce attorneys in California were/are using toll-tag data to monitor cheating spouses' location? (I'm welcome to clarification and/or correction here.)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds