Category Archives: Student Note Topics

First Amendment Note Topic

American Airlines claims it can ban photos of its staff at the airport.  I get that federal law requires passengers to obey staff while on board the plane, but what authority could there be for this on the ground?  Is it contractual?  If so, why is it enforceable?  Does it violate a public policy?

Also, some airports are owned by public bodies.  Is there a heightened First Amendment claim in those spaces?


Posted in Student Note Topics | Leave a comment

Looking for a Good Student Note Topic?

I think this qualifies: FTDI Removes Driver From Windows Update That Bricked Cloned Chips (via Slashdot).

As Ars Technica explains:

Hardware hackers building interactive gadgets based on the Arduino microcontrollers are finding that a recent driver update that Microsoft deployed over Windows Update has bricked some of their hardware, leaving it inaccessible to most software both on Windows and Linux. This came to us via hardware hacking site Hack A Day.

The latest version of FTDI’s driver, released in August, contains some new language in its EULA and a feature that has caught people off-guard: it reprograms counterfeit chips rendering them largely unusable, and its license notes that:

Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT

The license is tucked away inside the driver files; normally nobody would ever see this unless they were explicitly looking for it.

The result of this is that well-meaning hardware developers updated their systems through Windows Update and then found that the serial controllers they used stopped working. Worse, it’s not simply that the drivers refuse to work with the chips; the chips also stopped working with Linux systems. This has happened even to developers who thought that they had bought legitimate FTDI parts.

Nice four-hander here: the rights of the end-user, the rights and duties of the vendor, the rights and liabilities of the legitimate parts maker, and the potential liabilities of Microsoft for serving up the malware-to-counterfeits via Windows Update.

Heck, it could be an article.

Update (10/28/14): Good semi-technical background info on this at Errata Security: The deal with the FTDI driver scandal.

Posted in Law: Internet Law, Student Note Topics, Sufficiently Advanced Technology | Leave a comment

Tip of the Iceberg

The NYT has a great story today, Miss a Payment? Good Luck Moving That Car on sub-prime loans for cars requiring that buyer accept installation of an immobilizer that can be operated by remote control by the lender’s agents. The article concentrates on ways in which these are being abused, e.g. immobilizing cars in traffic, far from home, when payments are not in fact late, and more.

It also hints at a group of legal issues, notably privacy (the GPS technology on which the immobilizer relies makes cars trackable by the monitoring company), and whether state laws on repossession — which require more notice, or more time between a missed payment and authorized action by the lender — should apply to a ‘virtual repossession’ or not. (Attention: Student note topic seekers. Doing this analysis in just one state would be a fine topic, and a social good.)

Then there’s the sociological aspects,

Beyond the ability to disable a vehicle, the devices have tracking capabilities that allow lenders and others to know the movements of borrowers, a major concern for privacy advocates. And the warnings the devices emit — beeps that become more persistent as the due date for the loan payment approaches — are seen by some borrowers as more degrading than helpful.

“No middle-class person would ever be hounded for being a day late,” said Robert Swearingen, a lawyer with Legal Services of Eastern Missouri, in St. Louis. “But for poor people, there is a debt collector right there in the car with them.”

Missing, though, is the first thing that occurred to the cypherpunks when this technology first got mooted over a decade ago: How long until it is hacked? What happens when some bad guy starts war driving with a black box immobilizer causing accidents or other harms? And to what extent will the makers of the immobilizer be liable for those harms? Another good student note, at the very least.

[Note: Edited to add italicized line in second paragraph, which mysteriously got cut out before posting.]

Posted in Cryptography, Law: Privacy, Student Note Topics | Leave a comment