Michael,
Here's my additional thoughts.

> We are a reputable cryptocurrency project and they are a reputable
cryptocurrency exchanger so unless there is evidence of risk we'll
probably trust one another to make the arrangement work, unless anyone
objects with a better alternative.

I think that their KYC process has to allow for something to handle this. I'm willing to submit my documentation to them (ID, pay stub, etc.) so that they'll at least have full information about one point of contact.

> Do you want me to ask the Defcon organizer if our village is protected
by a insurance policy for any particular thing? Should I make the
question general (stating no particular thing?)

Yes. It's important that we know what exposures and coverage we have. We know that our hardware is at risk and I suppose we could all recover without them, but the BATM is both a prime target for thieves and not our personal property. Let's get as much information on insurance and the theft reporting process as we can.

> Our loan machine is the smallest model, so the idea of putting it in a
hotel room after hours is maybe a good idea.

This is a viable alternative to trusting the conference security. We can decide on this when we get everything in hand.

> Did we decide to only support ATM Monero wallets during our meeting, or
is that just my imagination?

I don't recall that decision, but it's consistent with the village theme. We should ask the ATM operator about this, as I assume they will want to have all coins turned on since that's how they'll make more profit.

> Hands on, there is only so much to demonstrate with a BATM.

To fill in some of the empty time slots on the educational tasks, I've put in a few hours for this demonstration. I'll work on some ideas like this to fill in the time.

> I think the ATMs one floor below (literally underneath our village) are
sometimes manipulated, so this is a valid concern. It would be good if
you and me to both state in email that there is increased risk and we
recommend limiting transactions in time (one per 5 minutes?) or amount
(maximum 50 USD) or both. We can recommend that they keep a maximum
(100-200 XMR?) in the machine's server. We can limit the XMR provider's
(operator or manufacturer) risk as well by turning the machine on only
when a staff person is standing next to it.

Yes, this is smart. We will have to work with the ATM operator to make sure they understand this.


On Mon, Jul 16, 2018 at 1:05 PM, Michael Schloh von Bennewitz <michael@getmonero.org> wrote:
Hello Sean,

On 16.07.2018 at 17:28 Sean Coughlin wrote:
> Thanks for working on this and getting in contact with the manufacturer.
> I think I should be the contact person since I plan to take responsibility
> for setting up and guarding the machine itself.
>
Thanks for the time and attention to be the contact person, I think all
or most of us agree you are the perfect choice.

> My thoughts & concerns are as follows:
>
>    - What level of trust do we have with the ATM operator?
>
The operator is a good customer according to the ATM manufacturer. If
you want, I can ask specific questions like 'how long have they been a
customer?' or 'how many machines do they operate?'

>    - Do they have experience working with 3rd parties who handle the
>    security of the ATM?
>
Once you become involved in the email flow, you can ask them this
question. I don't know the answer, and am waiting for permission to add
you to the thread.

>    - Will the ATM operator allow us to have exclusive control over the ATM
>    and keep the door keys?
>
They have not yet answered my question in which I 'request that we
maintain control over the machine'. It's likely that both parties trust
one another enough to share control. It's possible (likely?) that we
retain full control and they get none.

>       - If so, how do we assure the ATM operator that we won't steal their
>       cash?
>
There is likely a log that they can access to see what cash they deserve
and will simply ask us for it.

We are a reputable cryptocurrency project and they are a reputable
cryptocurrency exchanger so unless there is evidence of risk we'll
probably trust one another to make the arrangement work, unless anyone
objects with a better alternative.

>          - Note that if they don't return to pick up their cash on Sunday
>          then we can send it to their address by certified mail, which
> protects us legally.
>
I guess so. This would need to follow some neglect on their part, and
it's unlikely we forget to tell them of the possibility.

>          - If not, how do we ensure that the ATM operator will return the
>       keys and pick up their cash on Sunday?
>
There is no way to ensure that the operator returns keys or takes their
money. You can probably soon ask them yourself, what method we have to
ensure that they take the money out of our village.

>          - If we can't open the machine then we can't send it on to its
>          next destination and we will be in legal trouble.
>
>          - What do we do if someone steals the BATM during the conference
>    or overnight?
>
The same procedure for all day and overnight theft.

>       - Does the hotel have insurance to protect us, and if so do we have
>       to work with hotel security for this?
>
There is no contract between the hotel and the Monero Project. I haven't
heard of any insurance against fire, theft, injury, or worse. It's
possible that all the villages are missing this insurance, or that some
of them have it.

Do you want me to ask the Defcon organizer if our village is protected
by a insurance policy for any particular thing? Should I make the
question general (stating no particular thing?)

>       - Should I move the BATM offsite overnight to prevent this, and
>       should I get security to make sure there's no criminal activity involved?
>
Our loan machine is the smallest model, so the idea of putting it in a
hotel room after hours is maybe a good idea.

The hotel security already has a list of priorities, which we cannot
influence. It's almost certain that avoiding criminal activity is one of
their priorities.

Don't forget that there are only two people with keys to our evening
locked doors (aside from the hotel staff.) That is our floor manager and
the Defcon village contact.

Hotel security guards patrol the village doors and areas after hours,
but I don't think there is a guard stationed at each village. They
circulate to ensure there is no after hours activity.

>       - Can we have a daily/nightly cash out with the ATM operator to
>       reduce this risk?
>
This is a good idea as well, and you should ask them once active on the
email thread.

>       - What do we do if a hardware hacker hijacks the device while at the
>    conference causing some violation?
>
We should probably document the violation in the usual theft reporting
way (look up police recommendations for reporting theft) and inform the
operator and General Bytes. They have had exposure for a long time and
can likely provide a good answer.

>    - Does the ATM operator work allow Monero transactions? If not, what
>    value is this?
>
I've informed them that we will possibly configure the machine to serve
only Monero transactions. There is no default configuration for the
machine, so we must decide on which speech languages to support as well
as cryptocurrencies.

Did we decide to only support ATM Monero wallets during our meeting, or
is that just my imagination?

>    - What types of demonstrations should we give to show off the BATM?
>
One type is to simply open it and tell people to look inside.

Another type is to allow people to guess which operating system is
running and encourage software discussion.

Hands on, there is only so much to demonstrate with a BATM. Probably
once in a while (intermissions between presentations) we announce that a
staff person is going to make a ATM wallet withdrawal.

1) The staff person walks to the ATM
2) The staff person presses the screen twice
3) The staff person inserts bills
4) The staff person withdraws the paper wallet
5) The staff person makes a photo of the screen
6) The staff person scans the paper wallet QR with Monerujo
7) The staff person walks away

IMPORTANT

Regarding demonstrations, the manufacturer has gone a long way to
accommodate us with wallet research, and has retrofitted our loan BATM
with a NFC reader and supporting software to empower our decision for or
against using NFC wallets. Some BATM machines can dispense black plastic
NFC cards.

Everything else relating to NFC transmitted hardware wallets will be
disclosed on site to a very small group, in a demonstration. It is
forbidden to encourage use of village badges for financial applications.

> I might be a bit more worried than I need to be but this is going to be the
> most hostile environment imaginable for a high-tech ATM to run. I think
> that if the manufacturer and the ATM operator understand the 'dangerous'
> situation this is, then we'll be better off.
>
I think the ATMs one floor below (literally underneath our village) are
sometimes manipulated, so this is a valid concern. It would be good if
you and me to both state in email that there is increased risk and we
recommend limiting transactions in time (one per 5 minutes?) or amount
(maximum 50 USD) or both. We can recommend that they keep a maximum
(100-200 XMR?) in the machine's server. We can limit the XMR provider's
(operator or manufacturer) risk as well by turning the machine on only
when a staff person is standing next to it.

Cheers,
Michael

--
Michael Schloh von Bennewitz
Software Development Engineer
Europalab Networks R&D, Munich
Office:  +49(89)44239885 UTC+2
Mobile:  Same as 'Office'
Web:     http://michael.schloh.com/
_______________________________________________
Monero-defcon mailing list -- monero-defcon@lists.getmonero.org
To unsubscribe send an email to monero-defcon-leave@lists.getmonero.org