OnStar will soon include the ability for the police to shut off your engine remotely. Buses are getting the same capability, in case terrorists want to re-enact the movie Speed. The Pentagon wants a kill switch installed on airplanes, and is worried about potential enemies installing kill switches on their own equipment.

Microsoft is doing some of the most creative thinking along these lines, with something it's calling "Digital Manners Policies." According to its patent application, DMP-enabled devices would accept broadcast "orders" limiting capabilities. Cellphones could be remotely set to vibrate mode in restaurants and concert halls, and be turned off on airplanes and in hospitals. Cameras could be prohibited from taking pictures in locker rooms and museums, and recording equipment could be disabled in theaters. Professors finally could prevent students from texting one another during class.

The possibilities are endless, and very dangerous. Making this work involves building a nearly flawless hierarchical system of authority. That's a difficult security problem even in its simplest form. Distributing that system among a variety of different devices -- computers, phones, PDAs, cameras, recorders -- with different firmware and manufacturers, is even more difficult. Not to mention delegating different levels of authority to various agencies, enterprises, industries and individuals, and then enforcing the necessary safeguards.

Once we go down this path -- giving one device authority over other devices -- the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?

How do we prevent this from being abused? Can a burglar, for example, enforce a "no photography" rule and prevent security cameras from working? Can the police enforce the same rule to avoid another Rodney King incident? Do the police get "superuser" devices that cannot be limited, and do they get "supercontroller" devices that can limit anything? How do we ensure that only they get them, and what do we do when the devices inevitably fall into the wrong hands?

It's comparatively easy to make this work in closed specialized systems -- OnStar, airplane avionics, military hardware -- but much more difficult in open-ended systems. If you think Microsoft's vision could possibly be securely designed, all you have to do is look at the dismal effectiveness of the various copy-protection and digital-rights-management systems we've seen over the years. That's a similar capabilities-enforcement mechanism, albeit simpler than these more general systems.

And that's the key to understanding this system. Don't be fooled by the scare stories of wireless devices on airplanes and in hospitals, or visions of a world where no one is yammering loudly on their cellphones in posh restaurants. This is really about media companies wanting to exert their control further over your electronics. They not only want to prevent you from surreptitiously recording movies and concerts, they want your new television to enforce good "manners" on your computer, and not allow it to record any programs. They want your iPod to politely refuse to copy music a computer other than your own. They want to enforce their legislated definition of manners: to control what you do and when you do it, and to charge you repeatedly for the privilege whenever possible.

"Digital Manners Policies" is a marketing term. Let's call this what it really is: Selective Device Jamming. It's not polite, it's dangerous. It won't make anyone more secure -- or more polite.

---

Bruce Schneier is chief security technology officer of BT, and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World.

Had to laugh reading this story about the three men charged with hacking and installing a packet-sniffer at several Dave and Buster restaurants across the US. The scam did result in hundreds of thousands of dollars of fraudulent bank card charges. However, the packet sniffer software was so buggy that when it was first installed at the first Dave and Busters, it did not even work and captured no credit card data.  The next version of the program worked a little better, but it seems the criminals had to continually go back to the restaurants and restart the program when it hung up!

I don't know what is more disgusting.  The lack of quality of the sniffer program or the apparent lack of any security at all by the folks running the restaurants.  In any event I see a bright future for the outsourcing of hacking programs to people who can do a better job than this Apple Dumpling Gang.

The Eye-Fi Explore product relies on Skyhook Wireless's system of analyzing the signal strength of nearby Wi-Fi networks to extrapolate latitude and longitude. Eye-Fi ties that into their system to stamp images with locations. This deal also ties into Wayport's domestic network of 10,000 hotspots, most of which are McDonald's outlets, allowing free uploading via those systems. The purchase price covers one year of hotspot service. You can upgrade an existing Eye-Fi to the new feature for a fee. All three products work with Mac OS X Tiger and Leopard, and Windows XP/Vista.

Because Skyhook needs a live Web connection to look up the Wi-Fi environment, Eye-Fi can store the Wi-Fi snapshot when the picture is taken, and manage inserting the appropriate photo metadata (EXIF format) at upload for Flickr and other services that support geotagging.

Geotagging is a very popular idea, something that I'm quite taken with because it pairs the act of taking a photograph with the location at which the picture is taken, making a digital photograph seem a little less untied to reality. But until now, it's been generally quite involved to match a picture with coordinates. A handful of specialized cameras embed GPS chips, and there's software to facilitate other methods, but the cost and battery drain of GPS chips have apparently so far kept it from being a widely deployed feature, while the wonkiness of alternatives doesn't appeal to mainstream users.

Sony once sold this wacky GPS companion (which I just found out isn't available in either released model) that would track your location over time, and use that information to geotag images via a special software program that let you pair its stream of data with your photographs.

Eye-Fi and Skyhook are doing something almost the same, since the camera isn't capturing the GPS data, and the Eye-Fi isn't applying the information live, much of the time. But it's eminently more usable than the Sony system, because the Eye-Fi handles the assembly seamlessly for you.

Now there's just one thing to worry about. Think about this: McDonald's are everywhere, and nearly all of the U.S. locations have Wi-Fi. The Eye-Fi uploads whenever it can, as long as the camera is turned on. You're geotagging images without any effort. Okay, got it? So...you call in sick to work, and run off to take some photos. Your boss, using RSS to subscribe to your Flickr feed, not only sees your pictures as you wander the town, unknowningly promiscuously uploading them via quick-serve restaurants' networks, but also knows precisely where you are.

This makes me suggest that you might set your Flickr upload preferences to keep images private and your geotagging preferences the same. You can then expose the images you want for public consumption. The Panoptican is...us!

Although several other quick-service restaurants like McDonald's lack any comprehensive Wi-Fi plan--Burger King, Wendy's, and Subway to name three of the largest--Wayport is locked out of working with direct competitors. This opens the potential for another firm to handle a several-thousand-location network. Wayport has worked with both McDonald's corporate-owned stores (about 2/3rds of stores in the U.S.), as well as reaching out to franchisees, who Lowden noted pay a predetermined flat rate for the service via McDonald's. "It's made them incredibly efficient to be able to offer this to their franchisees at one price, instead of variable pricing," he noted. Wayport acts as the layer between various telecom providers, applications and services, and the stores.

Wayport provides several kinds of back-office services, although credit-card processing was the first thing htey rolled out. They've extended to remote video feeds for security, Redbox DVD rental systems that are found in some McDonald's, and kiosks used for job applications. Lowden said Wayport offers things as straightforward but critical as a dial-up fail-safe when a broadband connection drops.

Wayport also manages AT&T's hotspot network, which puts them in the unwiring seat for the 7,000-odd Starbucks stores that will converted from T-Mobile to AT&T service during 2008. Wayport was once the clear leader in the hotspot builder market, with T-Mobile in the second position. Now, Wayport will be operating through a direct contract or management agreement over 18,000 hotspots in the U.S.; T-Mobile will likely be the second biggest with a couple thousand locations (Borders and FedEx/Kinko's tops among them). The No. 3 player is hard to figure. Panera?

I've been predicting for some time that media on the edge--music, videos, movies, and games stored on servers on the local Wi-Fi network--will be the next big development in venue-oriented Wi-Fi, with Starbucks likely far in the lead. Lowden wouldn't comment on any specific plans in the works, of course, but said generally, "Storing and caching all that content on the edge...hasn't been leveraged in the past, but it will be in the future to create a very unique experience." At Barnes & Noble, Wayport caches some multimedia data that's available to customers in the stores.

The advantage for in-store media storage is that you can leverage the speed of the local network, and add additional access points to distribute network load. The choke point is no longer the Internet connection, but local network speed. I expect--though Wayport, AT&T, and Starbucks haven't said it--that Starbucks infrastructure will be all 802.11n for this reason, likely with both 2.4 GHz and 5 GHz support for the best throughput in the higher-frequency band for media transactions. (In fact, I wouldn't be surprised if you could only buy movies via 5 GHz.)

Lowden also noted that the proliferation of mobile devices with Wi-Fi built in have led to them reaching out to venues that wouldn't have made sense for them to work with previously, and for unlikely candidates to reach out to them, too. Wayport is now working with a number of healthcare facilities that, while they have their own network infrastructure, wanted to outsource public access Wi-Fi (whether they choose to charge or underwrite it), and certain applications that they're not as experienced with running themselves.

A little history: In 2001 and again in 2004, the heat seemed to be on the public side of Wi-Fi: lots of money to be made, ostensibly, lots of partnerships and venues to be built, and an overcrowded supply of infrastructure builders. The year before, Wayport looked to be an also-ran in the hotspot provider business.

Despite being one of the earliest firms to put Ethernet and then Wi-Fi into hotels, and build out hotspots in airports; and despite their survival of the first hotspot meltdown in 2001 during the dotcom crash and brief venture capital shortage; and despite their early entrance into allowing wholesale pricing for hotspot aggregators; the firm seemed about to be eclipsed by apparently deep-pocketed Cometa (with AT&T, IBM, and Intel in various capital and support roles), Toshiba's mom-and-pop focused turnkey system, and T-Mobile, which had the Starbucks contract. What a difference a year makes.

Cometa, Toshiba, and Wayport contended for the contract to build out back-office and public-access service at McDonald's in the U.S., and Wayport won. Within a few weeks, Toshiba passed its few hundred locations to Cometa, which shut its doors in May 2004. Wayport, meanwhile, had cooked up a strategy for McDonald's that it announced later that month.

Their approach involved a fixed-rate charged for unlimited access by retail network partners for all the locations in their pool. This meant that partners had a fixed cost, instead of a per-session cost, and Wayport could obtain specific revenue even before usage by a partner ramped up. Wayport hasn't discussed the details of this arrangement in depth since, but has partnered with Sony with its Mylo, Nintendo with its DS game player, and ZipIt with its wireless messaging appliance.

The McDonald's deal also apparently gave Wayport a way to extend its work with SBC-later-AT&T; Wayport had earlier in 2004 became the managed-services contractor for SBC to build out The UPS Store/Mailboxes Etc. nationwide. (UPS dropped AT&T as its partner in mid-2007, although that didn't appear to have anything to do with Wayport's role.)

AT&T through Wayport developed its large resold/managed footprint that incorporated resale of Wayport's McDonald's locations with the UPS Store and a few hundred other managed locations, including a handful of airports. The Cingular acquisition of AT&T Wireless put more airports in SBC's hands, too. (SBC was once the 60 percent majority owner of Cingular; when SBC and BellSouth, the other owner, merged that put the newly rebranded AT&T in charge of Cingular which it relabeled as AT&T. Confusing, huh?)