OLPC Has Kill-Switch Theft Deterrent

Sid writes "Ars Technica reports that the One Laptop Per Child (OLPC) XO has an anti-theft daemon in the OS that can be used to remotely disable machines, much like WGA. The Project added the kill switch at the behest of a few countries concerned about laptop theft. From the report, 'OLPC has responded to such concerns by developing an anti-theft daemon that the project claims cannot be disabled, even by a user with root access. Participating countries can then provide identifying information such as a serial number to a given country's OLPC program oversight entity, which can then disable the devices in certain scenarios.'"

Limited Deterrent

[Nerdfest]

Sadly, I would imagine it will be a very short period of time before the feature is defeated. It's still a deterent I suppose, just not as much of one ...

Potential Abuse Issues

[broller]

The potential for abuse here is pretty high. If the controlling government (Read: whoever controls the Internet connection and licensing servers, so maybe a corporation) wants to keep the people in line, they can just threaten to turn everyone's laptop off. If an invading nation wants an information blackout, shut everyone's laptop out.

Re:what certain scenarios?

[Spad]

In most cases the value to the thief is not in the object itself but in its resale value. If they know that the laptops will be bricked before they can shift them, it might deter some people from swiping them.

It will get cracked very quickly.....

[8127972]

..... Just look at what's happening to the guys who do DRM for the MAFIAA. Face it, ANYTHING can be cracked if you try hard enough.

IMO: Not possible

[Anonymous Coward]

If the user has root access, then it is his box. Any component can be removed, including the dhcpcd client which attempts to enforce this rule.

It is only "possible" if you agree to run their software as installed.

Their reliance on GPL components should make it clear which components need to be replaced to avoid asking permission to continue using the software.

Massive Backend Infrastructure and Processes

[blantonl]

So, does this mean that the OLPC project is going to need a back-end infrastructure to support this Daemon? With the amounts of laptops considered in this project, that means that a pretty large back-end infrastructure is going to be needed to support this process.

In addition, there's going to need to be a tremendous amount of "process defintion" for something of this scale. What constitutes a "stolen" laptop in this case? How is it reported? To Whom? Who is ultimately responsible?

Sounds like a massive undertaking and far from clearly defined, other than a "Daemon is available."

Re:Limited Deterrent

[truthsearch]

Probably like "The Club" for cars. It'll slow someone down and may prevent some casual theft. But if someone really wants it they'll still be able to steal and use it.

Censorship? Extortion?

[Radon360]

Sounds to me like a convenient way to gag someone that a government doesn't want to be heard. "Are they making derrogatory comments about the leadership? Well then, just turn their computer off."

I suppose, it probably will only be a matter of time before some individual will figure out (in their mind) that this is a good way to extort money from someone else. "Send me $nn or I will disable your computer(s)." Then again, if they're using a $100 laptop given to them, what money would there be to extort?

Re:Potential Abuse Issues

[chanrobi]

If the government already controls all the internet this entire "abuse potential" scenario is moot.

If an invading nation wants an information blackout, shut everyone's laptop out.

Yeah since information only flows through laptops... right? How the hell is this modded insightful.

Renting out stuff ...

[Gopal.V]

As an Indian from a relatively unconnected neck of woods, I love the OLPC project and what it might do to the future students of this world - and I've even played around with an OLPC for thirty minutes [flickr.com]. But this particular feature annoys me a bit. I quote from the article.

the system allows countries to optionally establish a "license" period for the laptops, such as 21 days.
When laptops are connected to the Internet, they will synchronize with an NTP server to obtain the correct
time and date, and then obtain a license which must be renewed in the time specified. Laptops which are not
renewed within the timeframe will lock.

As I mentioned before, the whole concept of an unconnected laptop or one with minimal internet access (i.e wireless mesh) goes for a toss with this feature. The worst of the activation features which windows has, negating the real advantage of having a laptop you could take literally anywhere. Locking out someone just because they couldn't hook their PC into the network for twenty days is no way to make OLPC work. The real way to keep them off the black market is to reward those who keep their machines intact - just like the way to get kids to come to school has been a free lunch programme (and I sit in an Indian state with 99% literacy rates).

Or if you're really interested in reducing the utility of the machines, send an access code to the school master every month - for the laptops to get on the internet. You need to go pick up the coupon to get back on the internet and just kick the ones which are reported missing in audits - rather than go in for an active licensing scheme as mentioned in the document.

But in general, technical solutions for social (as well as economic) problems hardly work out, by themselves.

This won't be used for theft prevention,

[rben]

It will be used to shut off the machines of disadents. Governments don't seem to care that much about machines being stolen, but they do care about giving power to political opponents. If I buy a machine, I should have complete control of it. No one should be able to remotely turn off the machine without my explicit authorization. I can't think of any way to make a feature like this safe from abuse.

OLPC becoming Big Brother?

[PetiePooo]

I have to say, I don't like the decidedly big-brother tilt the OLPC project has been taking lately. With all the news [slashdot.org] that has come out lately on OLPC, the whole "users will be able to read/understand/modify its source code" stance seems to have gone away.

If I can read and compile the O/S, who's to say I can't just remove the kill daemon from my build and then install it? In order to be robust, they'll have to lock down the installed software and make it impossible for the user to change. No community development; no share-and-share-alike; no software libre, counter to the whole "open source" philosophy they tout as the project's base.

This isn't a hacker's dream toy; its a business proposition to sell expensive supporting infrastructure and services along with a loss-leading locked-down client device disguised as charity in the name of educating the poor.

Re:Potential Abuse Issues

[BecomingLumberg]

Plus, I hope the invading nation uses a laptop somewhat more powerful than the OLPC.

Re:So a hacker could disable OLPCs?

[cduffy]

The command has to be RSA-signed, and the OLPC project folks aren't giving out the private key used to provide the signature.

So no, we aren't going to see forged kill requests.

Re:OLPC becoming Big Brother?

[ChrisUK]

> If I can read and compile the O/S, who's to say I can't just remove the kill daemon from my build and then install it?

Nothing at all. The article is misleading -- if you want to remove the anti-theft daemon you can, by clicking a button to request a developer key that gives you full access to the machine and its BIOS. Then you can run whatever you like.

If your machine has been reported stolen, though, the developer key won't be issued. So, it's a sensible tradeoff between restricting people from experimenting on their machine (which they should be able to) and stopping laptop theft from being such a worry.

The more complicated this thing gets ...

[DirkK]

... the more likely it gets to fail.

Re:OLPC becoming Big Brother?

[sumdumass]

Not really, This is at the request of the people who will be buying it and distributing it to the people. It won't even be enabled if your one of the people who buy it outright or live in a country without te requirment.

And I personaly don't see anything wrong for someone who is buying the device to expect it to be used in a certain way when it is given to the intended recipients. If someone doesn't agree, buy it yourself without the restrictions. It is that simple. And the choice is there.

Slave to the mothership

[Animats]

What"s with this "slave the user's machine to the mothership" mentality? "The system allows countries to optionally establish a "license" period for the laptops, such as 21 days. Laptops which are not renewed within the timeframe will lock." Get too far from the local wireless node and your machine dies? And they want to deploy this in third world countries?

That makes life easier for terrorists. The Taliban, which is coming back in Afghanistan, is going to exploit this. Destroy the local school (standard Taliban operating procedure) and its wireless node, and all the kids' computers die. Today at least the parents and kids can hide some books. With OLPC, it's easier for Islamic fundamentalists to destroy knowledge.

better than having your kid get robbed

[Anonymous Coward]

I'm frankly quite amazed that there doesn't seem to be a single comment acknowledging that this is in fact a very important, even essential, feature.

Those laptops are meant for people who could otherwise never possibly afford to buy a computer. This means that they have a very high value in those places, often places where there is a high crime rate and a tendency toward extreme violence even for simple thefts.

I would not want my kid to walk home from school carrying something that might be worth several months salary (and everybody knowing about it). The only way to protect the children from getting robbed and possibly killed for their laptops is for those laptops to have zero resell value for thieves.