The Future for Smartguns

Smart phones are a way of life, but have you heard about smartguns? Here in the USA a debate is raging about the introduction of this type of technology, while in Germany it has already passed into law. But firstly, what is a smartgun and what type of technology does it involve?

The idea is that only the rightful owner of the weapon can fire it. There are different mechanisms on the market for ensuring this and I would like to introduce a few here.

Trigger Smart is an Irish company. They have a system that uses radio waves. The weapon has a receiver placed in the handle and the owner is given a tiny HF transponder (something similar to the device found in your car keys) that can be worn in a ring or a bracelet. The gun will only fire when the correct ID number is received from the ring or bracelet.

The manufacturers argue that this makes the gun safer, as it cannot be fired by the kids while you are out or by an intruder or attacker that takes the gun off you in a fight. In the event of a shooting the police can also jam the frequencies and make the gun useless. In some cases a chip can even be placed under the owner’s skin.

Way back in 1975 a magnetic version of the same idea was invented, and is generally believed to work very reliably, although it is not widely used. Another system uses biometrics, identifying the owner through their grip and characteristics of their hands, but even the developers argue that the system is only 90% effective.

One problem with biometrics is that the gun needs time to process all of this input, but a US Austrian company called Biomac have a system that uses optical sensors to measure data from below the skin. They hope to design a system that will be accurate and work within half a second of picking up the gun.

Smartguns

Possible smartgun biometrics?

The gun lobby argue however that these security systems make the gun potentially more dangerous as any intruder may be able to block the radio systems, the batteries or other electronic parts may fail, parents who like to shoot with their children would have to buy them a dedicated weapon, and what if the owner is not in the house and another family member needs to defend themselves using the gun?

Even pro gun control groups are not convinced as it might even make gun ownership seem safer, leading to more sales, so it are very difficult to find in the USA.

The extent to which the gun lobby influences politics here is difficult to appreciate from outside the country. There is an attempt at the moment to make it illegal to buy a gun for someone who has been declined permission to own one. At the moment if I buy a beer for someone under 21 or give watered down wine to my son (as we did in Italy) I risk going to prison, but if I buy a gun for my friend who has been declined a license on psychological grounds I do not. There is no guarantee that it will pass though, as any form of gun control is fought tooth and nail and with the advantage of high financial backing.

It is not a completely dark picture though. The state of New Jersey actually passed a law to say that smartgun technology must be fitted to new weapons as soon as it has been developed enough and shown to be reliable. In Germany a law was passed in 2009 that goes even further, in that the technology will have to be fitted to all weapons old and new once it is available and proven. Unfortunately proven etc might take many years.

What none of the above really does is to address one of the biggest problems of gun ownership here in the USA, suicide. There is a massive increase in suicide rates in states where gun ownership is high. Suicide rates using other means remain constant, but a gun is a no return tool. Extremely efficient and easy to manage, success is almost guaranteed, and none of the technology that is currently under development can address this problem.

This Harvard University link explains the relationship, but it is enough to say that suicide rates are double in states where gun ownership is high, although non firearm suicide rates are about the same. To give an idea there were almost 20 000 firearm suicides in 2009 out of 36 000 total deaths, while there were only 11 000 murders.

The debate will rage for many years to come, but what part will smartgun technology play?

Kill the Password

This week I would like to draw readers’ attention to an article that appeared in Wired at the end of last year. Written by Mat Honan and entitled Kill the Password: Why a String of Characters Can’t Protect Us Anymore, it makes for really interesting and alarming reading.

The author starts by explaining that he lost all of his digital life last year as his accounts were hacked, an event that lead him into investigating online security and how it is breached.

What he discovered is not for the faint hearted. The linking together of different accounts using an email as username means that any seriously interested party with a little time on their hands and very little money can relatively easily get into a single account, and from there into the others.

His conclusion is that the culture of using passwords for security is outdated, a thing of the past and that anyone who tells you otherwise is either deluded or trying to convince you of something that is not true.

The worst password choices

Worst passwords of 2012

The availability of information is a problem because of the personal question access to resetting your password. Mother’s maiden name, place born etc. are easy things to find out about anybody through ancestry sites or other documents. Once you have somebody’s email address, you try to reset the password using the personal questions through the provider’s website. The answers might be on Facebook, or on their blog, or maybe intuitive, but they are out there.

Then to the customer services rep that you speak to by phone. They are people and can be misled. The article contains a transcription of a conversation between a hacker and one of these people. As the user needs to be able to reset the password they are offered a series of questions that get easier and easier to guess. Names of best friends is possible using Facebook or other social network publications, but if not try favourite food or others, but the example given is name of one of the files in the account. Try Google, Amazon, Personal, one will be right.

So the problem is that the system needs to be flexible and easy enough to use, so we must be able to easily change our passwords, but this makes security impossible.

How can this problem be addressed? Here the trade off is privacy. If the company knows you, through your search histories, places you have been, where you work and what you like to do they might better be able to tell if the password reset-er is you, but you lose any privacy you think you might have.

Voice recognition can be tricked using recordings, biometrics and fingerprints too. Once a system uses these things that cannot be changed or reset the problem is magnified. If I have a fingerprint lifted from a screen I can use it to get anywhere and new fingers are hard to come by these days, so what do you use next?

The article poses these problems from the point of view of somebody who has been hacked, but the author also looks at who these hackers are and even meets a couple. It is big business in certain circles, particularly in the Russian speaking world where organized crime has a large stake and makes a lot of money through stealing identities and all that follows. In other circles they are just “kids” having some fun wreaking havoc.

There are a few simple strategies outlined in this (not short) article that are worth following but none are foolproof, and that is a lesson we could all learn from. Just a word of warning, it contains some harsh language.

On a lighter note happy new year to everyone, and my mum’s maiden name was Windsor (no relation to either Barbara or Elizabeth).