Archive for September 26th, 2008

[CSG Fall 2008] Evolution of ID Cards, Physical Access Control & Two-Factor Auth Deployments

Published September 26, 2008 Uncategorized Leave a Comment
Tags: ,

Paul Hill – MIT

At one school a student was duplicating cards including mag stripes, which allowed purchasing. Under state laws that was considered a credit card breach, so had to notify effected parties.

Other issues that have arisen: Vendors accepting cards – point of sales terminals display remaining balance on cards, showing to clerk, the purchaser, and all the other people in line.

At one school a student project revealed security flaws in the transit pass card system while the school was working with the transit system to use campus ID cards as transit passes – the transit system then declined to continue working with the school.

Bill, from Georgetown – at Georgetown security controls and access systems are now under control of IT department, consolidated from multiple departments around campus.

From survey – everyone is centralizing card systems. Some have multiple places issuing cards, e.g. the library.

At MIT they’re loading all the pictures from ID Cards into the data warehouse, but there are lots of rules around who can access them. At UCSD all faculty can have access to (all) student pictures, and get them on class lists. Most places allow faculty access to photos of students in their classes. At Princeton students provide their own photo, and they can opt-out of publishing the photo. At Stanford there’s almost no opt-out. Klara notes that at Duke as they make the pictures more available they’re starting to see more requests for vanity photos.

[CSG Fall 2008] Evolution of ID Cards, Physical Access Control & Two-Factor Auth Deployments

Published September 26, 2008 Uncategorized Leave a Comment
Tags: ,

Paul Hill – MIT

At one school a student was duplicating cards including mag stripes, which allowed purchasing. Under state laws that was considered a credit card breach, so had to notify effected parties.

Other issues that have arisen: Vendors accepting cards – point of sales terminals display remaining balance on cards, showing to clerk, the purchaser, and all the other people in line.

At one school a student project revealed security flaws in the transit pass card system while the school was working with the transit system to use campus ID cards as transit passes – the transit system then declined to continue working with the school.

Bill, from Georgetown – at Georgetown security controls and access systems are now under control of IT department, consolidated from multiple departments around campus.

From survey – everyone is centralizing card systems. Some have multiple places issuing cards, e.g. the library.

At MIT they’re loading all the pictures from ID Cards into the data warehouse, but there are lots of rules around who can access them. At UCSD all faculty can have access to (all) student pictures, and get them on class lists. Most places allow faculty access to photos of students in their classes. At Princeton students provide their own photo, and they can opt-out of publishing the photo. At Stanford there’s almost no opt-out. Klara notes that at Duke as they make the pictures more available they’re starting to see more requests for vanity photos.

[CSG Fall 2008] Copyright Compliance at all levels

Published September 26, 2008 Uncategorized Leave a Comment
Tags: ,

Greg – Audible Magic at Chicago (Greg Jackson) – In February put it in front of one of the dorms. Would it behave itself on the network? Did it look like it was detecting things it should and not detect things it shouldn’t? Looked benign on network (they didn’t turn on the TCP reject spoofing feature). Has a way of deducing kind of traffic from source/destination matching as well, which turned out to work remarkably well, even for encrypted p2p streams. Taught them that there is a hugely problematic issue with p2p, which isn’t copyright infringement but pornography.

Worked well enough that they bought two Audible Magic boxes and put them on their commodity pipes. Running them in passive mode and observing. Haven’t yet decided what to do – won’t block traffic, but might do a BAYU type thing.

Tracy – take note of Grooveshark, which may or may not be legal.

Mark Luker – Proposed Experiment/Pilot in “Voluntary Blanket Licensing” for online access to music.

Warner Music Group approached AAU – looking for universities that would be interested in pilot project. Already talked with Colorado (contacted University communications group).

Goal – lets students access and use music any way they want to – get it any way you can. Use on any hardware. Generate fair returns to content owners. Avoid DMCA notices, lawsuits, etc.

How? Students access and use music any way they want. Institutions make a reasonable effort to estimate the number of downloads per song. Might monitor traffic through a cache, statistical sampling ok, determined by the campus, experimentation encouraged. Institutions collect/fund/amass a pot of money (e.g. per student per month), as determined by the campus, all students or none. A non-profit organization distributes the money proportioately to content owners – all major labels and an indie association are members, covers all rights holders for the music, “prices” TBD.

Content owners refrain from all DMCA notices and lawsuits. Not really licensing, but a “covenant not to sue”.

Possible complication – simplest if accepted by all HE and ISPs. If not must avoid massive leakage from those that are covered to others that are not.

Tracy wonders about whether this model will lead to ever-growing fees in the future as it provides competition to the existing legal services.

Steve Worona is proposing that CSG write one or more position papers on some topics of interest in the copyright front.

subscribe

xml

Pages

Latest tweets

interesting links

What I’m listening to

 

September 2008
M T W T F S S
« Aug   Oct »
1234567
891011121314
15161718192021
22232425262728
2930  
Follow

Get every new post delivered to your Inbox.