Metric won't happen without a really big stick. Fuel pumps would probably change in less than 24 hours if there was a 1% tax on sales measured in gallons.

There appears to be more privacy issues beyond monitoring in the phone. My Smartphone (GT-I9100 v.2.3.4) won't allow access to https://www.google.com./ It also doesn't allow the addition of private certificate authorities or the removal of bad ones. To make matters worse, it won't display the fingerprint of a certificate. So the only option is to accept, on faith, the issuer name displayed. It seems obvious that the handset makers don't care about privacy or potential harm to customers.

How about an app that beeps and turns the display red if encryption, as feeble as it is, gets turned off.

A big improvement would be to require e-commerce servers to protect their private key in a hardware accelerator that won't give up the key. This would protect the certificate if the server is compromised. Someone might be able to use the accelerator, via some type of proxy hack, but the certificate would be safe after a compromised server is reloaded.

Maybe the "scam" factor could be reduced if the certificates were signed by two or more entities in different jurisdctions.

Yes, I'm sure we will never find out if the data was given to various agencies. After carefully opening one, I agree that they are tamper evident. It wouldn't be a big step to have two pins (I2C?) for programming from a simple workstation that also loaded the customer's server. A fuse link or finalize command could prevent future changes. I would hope the programming could be idiot proof but they keep making better idiots.

I have two questions: Did someone required them to keep the initial values and why wasn't the system designed so that the customer was required to initialize the tokens?

The messages need to be digitally signed or we are going to get spam claiming to be from the president. It also needs to be better designed than weather radios. For example, I can turn off thunderstorm watch alerts but not tornado watch alerts. I might understand requiring warnings but not watches. It cries wolf, in the middle of hot muggy nights, so often it gets turned off.

I was thinking about troubles with evacuation from some place like the Florida Keys with a long highway. All lanes are switched to North so it would be difficult to get extra batteries. Even a seasonal thing like lots of people going South for Spring break would cause inventory problems.

It's probably hard to compete with the cost of piping fuel to storage tanks near distribution centers vs. the investment in battery packs.

I sure hope we can get charging stations everywhere. I'm not very hopeful since utilities are slow at upgrading major transmission lines no less what would be needed for fast charging in homes. I think we are on the edge of major problems without EVs. During hot weather I see 105 V and last night I saw 130 V. The regulation won't get better without lots of investment. We probably need rules that require higher power capacity for new construction (fiber too).

Switching batteries will be a big fail the first time there is a large hurricane evacuation.

At a minimum I would request that the box be placed on a separate VLAN that has no other access to the LAN. Internal access should go through the firewall rules like you would for an external server with all the appropriate logs and auditing. I would also transfer ownership by giving them the hardware.

I think real question is why doesn't the customer initialize the token. There are lots of interface options to initialize a small token: I2C, USB, even IR.

People never think they will fall so they do dumb things. Yesterday, a friend told me that one of his workers was caught standing an extension ladder on top of a small SUV to gain a little extra height. A crew painting my house “borrowed” a 14-gauge extension cord without asking. They used it to lower themselves down a 12:12 pitch roof. Idiots! If they had just asked, I would have let them use a 12.5 mm kernmantle rope and harness. They damaged the cord and cut the top shingle.

Mail programs should insist on BCC if there are more than say 8 addresses. I'm tired of getting mail with a TO: list a mile long. One of the people will have an infested computer and everybody will be put on a spam mailing list.

It sounds like this device, along with web TVs, need to be placed on a VLAN so they can be firewalled off from other local LAN resources.

These systems are nothing but trouble if you find yourself on a road without booths and you are in a rental car. You either pay a high daily rate plus usage, to get a car with a transponder, or you really get zapped if they forward a bill a month later