Many people use mailboxes or mail forwarding services to mask their physical locations. (If you do a whois on this domain for example, you will get the address of domainsbyproxy.com – a company that exists to hide the physical addresses of their clients but still fulfill ICANN requirements by forwarding any non-junk mail to me). I was thinking tonight about how I would go about attacking this system if I really wanted to know someone’s physical address. Eventually I came across a great solution – mail them a GPS tracking device!

The Kindle, like all small expensive objects, will occasionally be stolen. The following story comes from the Amazon forums, and is what one person experienced when their Kindle was stolen.

All was well. Then, through no fault of Amazon’s, my Kindle was stolen. (I had it with me while shopping at a local supermarket, I must have put it on a counter for a few seconds, turned around, and it was gone.) Within 30 minutes, my Blackberry notified me that four new books had been purchased and downloaded to the device.

Assuming some logic to this process, I immediately went online to de-activate my One-Click account. That being done, I called Amazon. That’s where the craziness began. They did immediately credit my account for the four books, but then I was told that whoever was in possession of my Kindle had “de-registered” or removed it from my account (without my consent, using one click from the device itself), and there was “absolutely nothing we can do.” Three phone calls to Amazon later, I was able to learn that Amazon could indeed provide more information, but only to my local police department.

If I lived in a quaint small town, I suppose this would have been a simple issue. But I live in San Francisco. While I have filed a police report with the serial number of my device and proof of ownership, the SFPD informs me that they have a 6-9 month backlog on cases, and that there is “realistically no chance” of recovering my device. Not only that, but it was most likely that I would never hear from the SFPD again about this issue, and that no officer would “ever” have the time to contact Amazon to research the issue.

What could be worse? Well, imagine if you will that the thief tried to register my device for their own use. Guess what? Amazon lets them, and that’s exactly what happened. Someone now has my $400 Kindle, with the entire library of books I paid for, and lifetime wireless access happily served up by Amazon. Amazon’s position is that they are “not a policing agency.”

I keep thinking that stealing a cell phone should be this easy. I could take someone’s phone, contact the carrier, tell them that I’d like to register it in my name, and bingo – it’s mine! What’s more, I would be able to keep the insurance and features assigned to the phone, and use all of the pre-paid minutes. I can just see the former owner complaining to Sprint, and the Sprint agent saying “well, sir, we’re not a policing agency …”

I know that I can’t expect Amazon to give me the information about who is in possession of my property (although they have a full record of this person’s identity). But I don’t think it’s unreasonable to have required SOME kind of authorization before de-registering the device.

I believe that this security gap – the ability of anyone to just grab a Kindle and start using it as their own with the full cooperation of Amazon – should be enough to keep anyone from buying one, especially the newer $490 version which apparently has the same security flaw (at least, Amazon isn’t mentioning any difference in the programming).

For now I’ll just wait – I’ll be patient – sooner or later someone will come out with an e-reader which has the rudimentary security of a cell phone.

I must admit, I’m somewhat surprised. While Amazon is right that they’re not a policing organization, and they don’t want to get involved in disputes over ownership of a kindle (“I paid for it!” “No he didn’t!”), it would seem that making users sign over rights to a kindle through their online account would be a simply way to make theft less profitable and still allow people to sell their old kindles on the secondary market.

I’ve been stalling on kicking off this blog (or re-kicking it off) for a few weeks because I couldn’t decide what topic (and there are several) was the one I wanted to start this blog with. I finally decided that I should start in the same place we all started – as newborn babies.

My wife and I welcomed our first child into the world a few weeks ago. During our hospital stay, we were informed that each baby was equipped with an electronic device which would set off an alarm should the baby be removed from the postpartum floor. If that happened this entire wing of the hospital would be shut down (doors locked, elevators halted), and security would arrive. We were warned about this mostly in the context of a warning not to accidentally wander outside the confines of the postpartum floor, however I wanted to know more. I was informed that they did test the security regularly with drills (imagine that!) and that yes, there was a reason for all this. I of course wanted to test their security myself, but my wife, a woman whose common sense far outstrips my own, prevented me from doing so. (In retrospect, this was probably for the better). I also noted that a small electronic device which looked an awful lot like an RFID device was attached to the baby’s umbilical stump. (Probably smart, because bracelets and ankle bracelets can always be cut or otherwise removed. The umbilical stump cannot be removed without considerably more work).

More research reveals that my experience was not unique, and that the security is not based on fabricated fears. The national center for missing and exploited children reports that there have been 248 infant abductions in the past 25 years, and 121 of them have been from hospitals. While this seems like an extremely low number, (and a surprisingly large number of them are recovered, even before the advent of this technology), I have a feeling that hospitals have found this to be relatively inexpensive given that they probably have most of their infrastructure in place, and the potential loss is incalculable. (Until the lawyers show up that is).

As for the technology, there are evidently two types:

The first is an anti-theft device similar to what clothing stores use. The second, more reliable choice is a radio-frequency transmitter that sends a continuous stream of information to a computer at a nurses station. Once that is removed or cut, an alarm sounds.

(You can bet I like the later system better).

This is apparently also being deployed overseas.