Welcome to the MacNN Forums.

marden · Sep 22, 2006, 08:25 PM

Here's My Free Idea To Benefit Humanity: Electronic Leashes For Laptops

Anyone with a laptop balances the freedom of mobility vs the risk that someone will use that freedom to steal the laptop when the owner isn't looking. (The Jihad M.O.)

Compounding this problem which results in millions of dollars in hardware and software losses, not to mention the loss of manpower and information is the risk to national security.

ABC News reports.

Census Bureau Loses Hundreds of Laptops

Hundreds of Laptop Computers Used by Survey Takers Lost or Stolen From Census Bureau

U.S. Commerce Secretary Carlos M. Gutierrez gives an address, Tuesday, Aug. 22, 2006, in Seattle. The Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau, officials said Thursday night. (AP Photo/Elaine Thompson, FILE)

By DOUGLASS K. DANIEL

WASHINGTON Sep 22, 2006 (AP)— The Census Bureau collects the most personal information about Americans, from how much money they earn and where they spend it to how they live and die. It's all confidential as long as no one steals it.

Lost or stolen from the Census Bureau since 2003 are 217 laptop computers, 46 portable data storage devices and 15 handheld devices used by survey takers.

Although the number of people affected isn't known, the Commerce Department reports that passwords, encryptions and other safeguards were in place. Nothing so far indicates a misuse of any information.

"The department takes very seriously these high instances of missing laptops, as well as potential breaches of personal identity data," Commerce Secretary Carlos M. Gutierrez said Thursday in response to an internal review of Commerce Department computers.

"All of the equipment that was lost or stolen contained protections to prevent a breach of personal information," he said in a statement. "The amount of missing computers is high, but fortunately, the vulnerability for data misuse is low."

[...]

Commerce found that since 2001 the department's 15 operating units had lost track of 1,137 laptop computers. Most, 672, belonged to the Census Bureau. Of those, 246 contained personal information.

Thousands of Census field representatives many of them temporary, hourly employees use laptop computers to compile survey data. The department said half of the laptops containing personal information were stolen, often from employees' vehicles, and 113 were not returned.

Stolen laptop with veterans' data recovered

Jun 29, 2006 — By Vicki Allen

WASHINGTON (Reuters) - A stolen laptop computer containing sensitive information on more than 26 million U.S. military veterans has been recovered and a preliminary review indicated no data was taken, the FBI and Veterans Affairs Department said on Thursday.

Both the laptop and the external hard drive which were stolen in early May from the home of a VA employee were recovered, federal authorities said in an announcement along with the Montgomery County, Maryland, Police Department.

"A preliminary review of the equipment by computer forensic teams has determined that the data base remains intact and has not been accessed since it was stolen," the agencies said in a statement. "A thorough forensic examination is under way, and the results will be shared as soon as possible."

Why doesn't someone invent a cheap "electronic leash" of sorts?

It should allow the owner to disable the computer upon command from a central national location.

It should feature a device (with an adjustable sensitivity) which would activate an alarm on the owner's cellphone, watch, PDA or the actual car alarm whenever the laptop moved outside of the owners' proximity.

If the owner set the alarm for personal proximity of 50 feet and the distance between laptop and owner exceeded 50 feet the alarm would go off.

The owner could choose the distance at which the alarm would go off.

The owner could choose whether the alarm would activate when the laptop was too far from a given base (the owner, the cubicle, the office, the desk or the car) or the person.

The owner could choose which alarms would sound (all, car only, PDA/Cell, watch, GPS, a specific alarm device or a combination of any of those mentioned).

There might even be talking alarms or audible alarms such as there exist for cars so that any thief would be spotted in the act and hopefully they would stop the illegal act.

And there could even be a free laptop insurance policy issued with each security leash system which would cover theft but also damage (when the audible alarm went off the thief might just drop or throw the laptop).

This system would save millions of dollars in losses and could possibly make some smart lucky individual or company millions.

I give this idea freely to mankind without expectation of financial compensation (although if some money was steered my way I wouldn't turn it down) but please acknowledge this post if you patent such a system or device.

Anyone have any reason to believe something like this wouldn't be possible, practical or useful?

CharlesS · 08:49 PM

The thing would go off by accident all the time just like a car alarm, and eventually people would be so used to the thing crying wolf that they'd just ignore it whenever they heard it. It would thus become useless.

How could such a device go off by accident? Well, I assume the thing would work via sending radio signals of some sort. The alarm would tell that the other device was too far away when the signal got sufficiently weak - so let's say the battery dies on one end. Alarm goes off! Or say some other gadget ends up interfering with the signal... alarm goes off! It would get annoying pretty quickly.

Now imagine that thing going off in the middle of a meeting. It would be even more annoying than someone's cell phone going off.

marden · Sep 22, 2006, 09:08 PM

Originally Posted by CharlesS

The thing would go off by accident all the time just like a car alarm, and eventually people would be so used to the thing crying wolf that they'd just ignore it whenever they heard it. It would thus become useless.

How could such a device go off by accident? Well, I assume the thing would work via sending radio signals of some sort. The alarm would tell that the other device was too far away when the signal got sufficiently weak - so let's say the battery dies on one end. Alarm goes off! Or say some other gadget ends up interfering with the signal... alarm goes off! It would get annoying pretty quickly.

Now imagine that thing going off in the middle of a meeting. It would be even more annoying than someone's cell phone going off.

Yeah, you're probably right.

Oh well. FWIW.

macintologist · Sep 22, 2006, 09:10 PM

I have a better idea:

milhous · Sep 23, 2006, 01:17 AM

this is defininitely a serious problem, i remember hearing the news a few months back with all the notebooks that ernst & young were losing. scary stuff!

not to plug microsoft, but if a pocket-pc based smartphone is ever lost, it can be be reported back to the user's office where an admin can then transmit a WIPE command to erase everything on the device and disable it. it's effective in this case because the smartphone is essentially always connected via mobile phone service.

i'm not quite sure as to how notebooks are going to evolve, but if they're ever designed to have an "always-on" capability even when the computer's asleep, the same could be applied. it's feasible considering that manufacturers are now starting to integrate 3G cards like EVDO into notebooks.

we've got filevault now and i've read that vista will have something similar called bitlocker.

perhaps it may be best to just just use the laptop as a dumb terminal which keeps the data centrally located on a server. the drawback to this though is that you'd have to be connected to the internet to work with the data. naturally, processes and procedures would have to change in order for this to work.

hmm, another thought is having gps receivers built into all notebooks and use it as a homing beacon. then when it can sense any sort of network connection, the coordinates of the laptop can be transmitted and alert the local authorities. problem though is that there'd have to be a way to turn on the beacon AFTER it's been stolen.

but drive encryption is a start in the right direction. you'll lose the hardware, but the data is what counts.

milhous · Sep 23, 2006, 01:20 AM

or a 3-10 strikes password policy on startup. guess the password wrong 3 times, and it would permanently disable the logic board. doesn't matter if you take out the battery or change hard drives. the logic board would be toast and the drive would be encrypted.

Chuckit · Sep 23, 2006, 01:39 AM

Just having a GPS device in the computer would probably be sufficient. It would also make similar (though not quite the same) functionality possible, too, so you could be alerted if your computer moved too far when it was supposed to stay put.

CharlesS · Sep 23, 2006, 03:25 AM

Originally Posted by milhous

or a 3-10 strikes password policy on startup. guess the password wrong 3 times, and it would permanently disable the logic board. doesn't matter if you take out the battery or change hard drives. the logic board would be toast and the drive would be encrypted.

Boy, now there's a good idea. Someone gets pissed off enough at you, and all they gotta do is type random passwords into your Mac and fry it. Or maybe the keyboard has a malfunction, or maybe you just came home tired and your typing skills are not great. Or maybe a 3-year old kid decides to whack on your keyboard a bit. Yeah, it should totally auto-destruct the machine and completely destroy it in these cases, making sure to hose your HD too so any non-backed up data is lost.

Just brilliant.

marden · Sep 23, 2006, 05:37 AM

Originally Posted by CharlesS

Boy, now there's a good idea. Someone gets pissed off enough at you, and all they gotta do is type random passwords into your Mac and fry it. Or maybe the keyboard has a malfunction, or maybe you just came home tired and your typing skills are not great. Or maybe a 3-year old kid decides to whack on your keyboard a bit. Yeah, it should totally auto-destruct the machine and completely destroy it in these cases, making sure to hose your HD too so any non-backed up data is lost.

Just brilliant.

For everyone who loves all things Steve and Apple, the company's sales would increase like crazy with people having to replace their fried powerbooks. So that would also increase the stock price. It's good for Steve. It's good for APL.

Everybody's happy!

turtle777 · Sep 23, 2006, 09:28 AM

Originally Posted by CharlesS

Just brilliant.

Well, better than a stick in the eye, right ?

-t

mac128k-1984 · Sep 23, 2006, 09:38 AM

One word, well two.

Car alarms. how many people ignore them as they go off. In fact I was running this morning and one was blaring. Nobody offered to call the police or find out what was happening.

People really need to take personal responcibility with laptops. First in a enterprise environment no sensative data should be on the laptop but rather network drives second you need to watch you put the laptop. They have a habit of growing legs and walking away.

I hate to put more work on people who do take care their laptops why not just be careful. That's half the battle.

imitchellg5 · Sep 23, 2006, 10:23 AM

Originally Posted by mac128k-1984

They have a habit of growing legs and walking away.

Just like money

My PowerBook has been stolen before, and after that I decided to require password verification for everything.

milhous · Sep 23, 2006, 09:43 PM

Originally Posted by CharlesS

Boy, now there's a good idea. Someone gets pissed off enough at you, and all they gotta do is type random passwords into your Mac and fry it. Or maybe the keyboard has a malfunction, or maybe you just came home tired and your typing skills are not great. Or maybe a 3-year old kid decides to whack on your keyboard a bit. Yeah, it should totally auto-destruct the machine and completely destroy it in these cases, making sure to hose your HD too so any non-backed up data is lost.

Just brilliant.

it IS brilliant. if you have sensitive information on your computer, it is better to nuke the entire system than to risk having the information harvested from it. the scenarios about tired typing, 3-year old kids, and people pissed at you are irrelevant. if you're working with such important data and those scenarios come into play, than you are simply irresponsible. likewise, it could be said that people who lose their laptops or get them stolen are also irresponsible but i'm not going to go that far. if one believes that the keyboard is at fault, than an external keyboard could be connected to it or simply turned off and sent in for service.

again, if i was working with very sensitive data and could absolutely not afford it getting into other people's hands, then i'd have no reservations in enabling such an option.

MaxPower2k3 · Sep 23, 2006, 09:59 PM

so put all of those very important files in an encrypted disk image. problem solved.

turtle777 · Sep 23, 2006, 11:38 PM

Originally Posted by MaxPower2k3

so put all of those very important files in an encrypted disk image. problem solved.

Too simple, and not dramatic enough.

-t

mitchell_pgh · Sep 24, 2006, 01:02 AM

I think Apple should add a hardware tracking feature to .mac. It could be something that's in the firmware... and can be turned on by the end user. If it's on, regardless of weather the HD is wiped... if the feature is turned on, it will phone home to Apple if there is a new OS installed.

Apple wouldn't be responsible for replacing your hardware, but if they could track down where it was, they would sick the police on them. Perhaps they could also have a remote shut down feature if the end user set it up that way.

It would be hilarious if regardless of how you wiped the HD, it would phone home to Apple and discover that it was stolen... and flash a screen that said "Hardware Failure, Please Return To An Apple Store For Free Maintenance"

mitchell_pgh · Sep 24, 2006, 01:04 AM

P.S. Why not put those important files on a USB thumb drive and put them around your neck.

MaxPower2k3 · Sep 24, 2006, 01:26 AM

If Apple started telling people where their stolen laptops are, it would incite all kinds of vigilante policework. Just imagine if you knew exactly where the person who stole your $2000 computer is. Sure, you could just call the cops. But you know some people will take the opportunity to grab their Louisville Slugger and get their laptop back themselves.

Chuckit · Sep 24, 2006, 01:29 AM

And that would be evolution at work.

mitchell_pgh · Sep 24, 2006, 01:30 AM

There are already services out there that do this. Apple wouldn't be the first to offer such a solution.

What about the auto shut off feature? That would make it a bit easier.

11011001 · Sep 24, 2006, 02:18 AM

An idea for extremely sensitive data (and for when the RIAA kicks down your door) :

A hard drive with a built in self destruction mechanism. For instance, releasing a corrosive chemical to destroy the surface of the platters. Perhaps something like this exists? I've never seen it at the consumer level though.

CharlesS · Sep 24, 2006, 02:42 AM

Originally Posted by milhous

it IS brilliant.

Actually, it's probably the most horrible idea I've heard in years. Which is a rather impressive feat.

if you have sensitive information on your computer, it is better to nuke the entire system than to risk having the information harvested from it.

Why on earth? Nuking the logic board does nothing to keep sensitive information from being taken off your hard drive. It's trivial just to take the HD out of the computer and put it in something else. Sure, the HD can be encrypted, but it can also be just as encrypted without nuking the logic board (whether through a disk image or FileVault or whatever). So self-destructing the logic board does pretty much jack squat except for being dramatic.

the scenarios about tired typing, 3-year old kids, and people pissed at you are irrelevant.

No they're not. A simple mistake destroying an expensive piece of hardware (especially in Apple's case, where it tends to be even more expensive than most) is a bad thing.

if you're working with such important data and those scenarios come into play, than you are simply irresponsible. likewise, it could be said that people who lose their laptops or get them stolen are also irresponsible but i'm not going to go that far.

1. What's irresponsible about wanting to check your e-mail before you go to bed, at the end of a long day in which you are very tired?

2. How is leaving your laptop somewhere where an angry coworker could type a bad password a few times more irresponsible than leaving your laptop somewhere where someone could steal the whole computer?!

if one believes that the keyboard is at fault, than an external keyboard could be connected to it or simply turned off and sent in for service.

Yeah, after the faulty keyboard had already destroyed a $2000+ machine.

milhous · Sep 24, 2006, 01:28 PM

Originally Posted by CharlesS

Actually, it's probably the most horrible idea I've heard in years. Which is a rather impressive feat.

Why on earth? Nuking the logic board does nothing to keep sensitive information from being taken off your hard drive. It's trivial just to take the HD out of the computer and put it in something else. Sure, the HD can be encrypted, but it can also be just as encrypted without nuking the logic board (whether through a disk image or FileVault or whatever). So self-destructing the logic board does pretty much jack squat except for being dramatic.

No they're not. A simple mistake destroying an expensive piece of hardware (especially in Apple's case, where it tends to be even more expensive than most) is a bad thing.

1. What's irresponsible about wanting to check your e-mail before you go to bed, at the end of a long day in which you are very tired?

2. How is leaving your laptop somewhere where an angry coworker could type a bad password a few times more irresponsible than leaving your laptop somewhere where someone could steal the whole computer?!

Yeah, after the faulty keyboard had already destroyed a $2000+ machine.

the point is, if you're an organization that lets its employees work on very sensitive data and requires mobility, then such options should be available if the even the machine is compromised. encryption can always be broken. it is better to have the unit auto-destruct and surge the entire system to make it completey inoperable, hard disk included. a user who has such a system has to be absolutely aware of the importance of remembering, and correctly entering their passwords. someone who works with sensitive data is naturally cognizant of the fact that working with such data bears tremendous personal responsibility.

going back to your hypotheticals, if you are too tired to enter your password correctly to check mail, then you shouldn't check it all, otherwise they must be fully aware of what they're entering. as for the angry co-worker, it's safe to say that if you work in such an environment where such childish behavior is exhibited that it's probably not worth having such measures in place.

of course you're going to have trepidation using such a feature with your personal equipment. but i could see many companies and government organizations that could use this. the last thing we need is more laptops missing that contain some of our most personal information such as our names, social security numbers, insurance records, etc.

as what i've written shows, there can be many options for protecting laptops and their data. it's all a matter of determining how sensitive that information is and what must be done with it in the event that it's compromised.

it is probably safe to say that a software developer probably wouldn't need such features.

MaxPower2k3 · Sep 24, 2006, 01:40 PM

I still don't understand your logic for destroying the whole machine. I mean, even if what you're talking about is necessary for some company, you'd only ever have to destroy the hard drive. It's not like some super-thief is going to get into your ultra-sensitive documents by looking in the GPU.

mitchell_pgh · Sep 24, 2006, 01:49 PM

The REAL problem is they SHOULD NOT have sensitive information on a laptops outside of a secured location.

mitchell_pgh · Sep 24, 2006, 01:52 PM

Originally Posted by MaxPower2k3

I still don't understand your logic for destroying the whole machine. I mean, even if what you're talking about is necessary for some company, you'd only ever have to destroy the hard drive. It's not like some super-thief is going to get into your ultra-sensitive documents by looking in the GPU.

I agree. A self-destructing HD is more than enough for even military use.

Why add expense without any benefit?