The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 10 Issue 11

Monday 25 June 1990

Contents

o The Risks of Reading RISKS
Keith Dancey
PGN
o "Artificial Life" out of control
Nathaniel Borenstein
o Update on Alcor/email case
H. K. Henson
o "Unbreakable Math Code Finally Broken"
J. A. Brownlee via jbr
o A (rather old) risk of new technology
Clive Feather
o Risk submitting papers by e-mail!
Jonathan Bowen
o Re: The Hubble Telescope
Tony Ozrelic
o Re: DEC RA90 disk failures: correction/update
David Keppel
o Info on RISKS (comp.risks)

The Risks of Reading RISKS (Re: Travis, RISKS-10.10)

<kgd@informatics.rutherford.ac.uk>
Wed, 20 Jun 90 09:41:07 BST
If RISKS editorial policy is to publish hoaxes, jokes and elaborate fictitious
accounts of non-events, at any time of the year *without* explicit warning,
then its purpose will have been undermined.

The article by Gregory Travis of Indiana "University" about the A320 may have
been jolly good humourous nonsence, but it was presented as a genuine RISK.
There are other news groups and mailing lists for jokes.  RISKS is for RISKS!

Which introduces another abuse of information technology:  when is an
article in RISKS a real RISK?  How many other published articles have
been mere hoaxes?  How are we to know?

I think an explanation is required.

Keith Dancey, Rutherford Appleton Laboratory, Chilton, Didcot, UK


Re: The Risks of Reading RISKS

RISKS Forum <risks@csl.sri.com>
Wed, 20 Jun 1990 7:52:02 PDT
I am very sorry for any confusion.  I inadvertently deleted the line that said
that the message was from rec.humor.  (I'm glad only a few of you took it
seriously, although I am also sorry to besmirch my own efforts to provide
incisive and consistent moderation.)  Too bad that the tale was not
sufficiently outrageous that it could not have been true!

I was editing remotely under tight time pressures.  I also omitted from the
Contents of the issue Steve Bellovin's item on computer security problems in
Malaysia, also attributable to the same editing difficulties.  Editing through
an imperfect terminal emulator can be quite risky.


"Artificial Life" out of control

Nathaniel Borenstein <nsb@thumper.bellcore.com>
Thu, 21 Jun 90 08:34:25 -0400 (EDT)
The latest issue of the Whole Earth Review has an article ("Perpetual
Novelty") about the growing "artificial life" movement, which works to
create computer simulations of artificial beings, with rather
far-fetched and grandiose long-term goals.  I was particularly struck by
the discussion of the idea that some of these people have to release
lots of relatively dumb robots and simply let them evolve.  Talking
about one researcher's goals, the article says:

He wants to flood the world (and beyond) with inexpensive, small,
ubiquitous thinking things.  He's been making robots that weigh less
than 10 pounds.  The six-legged walker weighs only 3.6 pounds.  It's
constructed of model-car parts.  In three years, he'd like to have a 1mm
(pencil tip-size) robot.  He has plans to invade the moon with a fleet
of shoe-box-size robots that can be launched from throw-away rockets.
It's the ant strategy:  send an army of dispensable, limited agents
coordinated on a task, and set them loose.  Some will die, most will
work, something will get done.  In the time it takes to argue about one
big sucker, he can have his invasion built and delivered.  The motto:
"Fast, Cheap, and Out of Control."

I think that about says it all.  The risks should be obvious, at least
to the people who read RISKS.

Nathaniel S. Borenstein, Member of Technical Staff, Bellcore, Morristown, NJ


Update on Alcor/email case (at last)

<hkhenson@cup.portal.com>
Thu, 21-Jun-90 01:40:38 PDT
Update on the progress in the Alcor/email case as of June, 1990
(originally reported in comp.risks)

by H. Keith Henson

A suit under section 2707 of U.S.C. title 18 (the Electronic Communications
Privacy Act) against a number of individuals in the Riverside, California
Coroner's office, the District Attorney's office, and the Riverside police
department was filed Jan. 11, 1990, one day short of the statutory limit.
There were 15 plaintiffs out of roughly 50 people who had email on the Alcor
system.  For those of you who are not familiar with the case, the coroner
removed a number of computers from Alcor in connection with an investigation
into the cryonic suspension of Dora Kent in December of 1987.

The defendants moved in March for a dismissal of the case, arguing that 1) the
warrant for the computer was enough to take any email found within it, and 2)
that even if the defendants had made "technical" errors in confiscating the
email, they should be protected because they acted in "good faith."

Our lawyer opposed the motion, arguing that the warrant originally used was
itself defective, even for taking the computers.  This is something Alcor had
never done, because (I think) people can only object to a warrant after charges
have been filed, and for all the accusations the coroner and DA made in the
press (which included murder, drugs, theft, and building code violations), no
charges have been filed in this case in the last two and a half years.

The federal judge assigned to the case denied the motion after hearing oral
arguments in May.  Based on the comments of the judge from the bench, it seems
that he agrees that the plaintiffs have a case, namely that taking email
requires a warrant for the email, or the persons doing so will face at least
civil liability.

So far the legal bill stands at over $10,000.  Suggestions as to organizations
or individuals who might be interested in helping foot the bills would be
welcome.  (Donations would be returnable if we won the case and the county has
to pay our legal bills as required in section 2707.)

The text of the legal filings (40k, three files) have been posted to CuD.  If
you can't get CuD, they are available by email from hkhenson@cup.portal.com


"Unbreakable Math Code Finally Broken"

<jbr@cblph.att.com>
21 Jun 1990 7:50 EDT
[The following article appeared in the 06/20 Columbus (Ohio) Post Dispatch,
 credited to the Washington Post.]

Two mathematicians, working with hundreds of colleagues, announced yesterday
that they had broken a code viewed by many cryptographers and security experts
as virtually impenetrable.  The feat, in which the mathematicians factored one
of the world's ``most wanted'' numbers, means that many security-minded
organizations will need to change their cryptographic systems to prevent
security breaches.

"In the long run, mathematical breakthroughs like this will make everyone more
cautious about how far one must go to keep a message private," said Arjen
Lenstra of Bellcore, the research arm of the major regional telephone
companies.  Lenstra, with Mark Manasse of Digitial Machine Corp., successfully
factored a 155-digit number, a feat many mathematicians had believed to be
prohibitively difficult.

Cryptographic systems are used to encode messages and data before they are sent
among banks, corporations, governments, the military -- anyone wishing to avoid
having computerized mail perused by outsiders.  The sender encodes messages
using a many-digit number that would be difficult or impossible to factor.
[...]  Only someone who knows the factors of the large number can decode the
message.  Until now, it was thought virtually impossible to factor a number 155
digits long, and many cryptographic systems used numbers that long to encode
their messages.

The work of Lenstra and Manasse, and hundreds of mathematicians who plugged the
Bellcore program into their computers at night to solve additional parts of the
problem, changes the game.  Lenstra now says security-minded users must now
find numbers greater than 200 digits to feel safe.  Lenstra and Manasse,
chewing up the equivalent of 275 years of computer time, found that the
155-digit number could be factored by a 7-digit number, a 49-digit number, and
a 99-digit number.

  [This certainly points up the risks of supercomputers and high-precision
  math, not to mention the risks of the press reporting on computer-related
  topics.      :-) -- jab]

Joe Brownlee, Analysts International Corp. @ AT&T Network Systems
471 E Broad St, Suite 1610, Columbus, Ohio 43215   (614) 860-7461


A (rather old) risk of new technology

Clive Feather <clive@x.co.uk>
Mon, 25 Jun 90 17:12:29 bst
>From the Cambridge Weekly News (a free newspaper) 31 May 1990.

    "... [in 1927] by the first traffic lights [in Cambridge] at the bottom
    of Castle Hill. These were supposed to replace the policeman usually
    stationed there on point duty but, according to some sources, actually
    meant that two police were needed - one to explain the system to befuddled
    motorists and the other to hold back the crowds of onlookers enchanted by
    the pretty changing lights."

[BTW, that's Cambridge, Cambridgeshire, not Cambridge, Massachusetts]

Clive D.W. Feather, IXI Limited , 72-74 Burleigh St., Cambridge CB1 1OJ  UK


Risk submitting papers by e-mail!

&onathan.Bowen@prg.oxford.ac.uk>
Wed, 20 Jun 90 16:11:28 BST
An electronic mail system should not tamper with the contents of the messages
which it conveys. However, when sending messages via Unix electronic mail, any
line starting with "From" in the body of the message has a ">" prepended to it
to avoid the line being confused with a "From" line in the header which is used
to delimit messages in a mail box file. However, such lines are not that
uncommon in text.  Source text for publication is now more and more routinely
being sent via e-mail, and any changes in the message could easily end up being
printed since it is often assumed that the text has already been proof-read.

As an example of this, see the paper "Some comments on the
assumption-commitment framework for compositional verification of distributed
programs" by Paritosh Pandya, in "Stepwise Refinement of Distributed Systems",
Springer-Verlag, Lecture Notes in Computer Science no 430, pp622-640. On pages
626, 630 and 636 three paragraphs start with a "From" and have an upside-down
"?" just beforehand. (This is what the LaTeX document preparation system
transforms ">" to in the standard font.)    [...]

Jonathan Bowen, Programming Research Group, Oxford Univeristy.


Re: The Hubble Telescope (RISKS-10.10)

Tony Ozrelic <tonyo@sagerat.cna.tek.com>
Tue, 19 Jun 90 15:58:09 PDT
...One problem is that some RAM used by the fine guidance system is being
scrambled when the telescope passes through the South Atlantic Anomaly,
a region representing a "dip" in the Van Allen Belts that has been
known to be hazardous to spacecraft electronics for decades...

This Anomaly wouldn't have to do with the Bermuda Triangle, would it?  :)

tony o.


Re: DEC RA90 disk failures: correction/update

David Keppel <pardo@cs.washington.edu>
21 Jun 90 16:14:23 GMT
Recently I posted an article about a DEC RA90 disk failure that we had
in February, and said that DEC had not notified customers of the
problem.  I have since found out from our lab staff that DEC *did*
notify customers.  It looks like I screwed up, not DEC.

Prior to our failures, and several others that occurred at about
the same time, DEC believed that, of the drives with serial numbers
in the ``possibly affected'' range, either they failed when brand new,
or they were ``safe''.  Ours were among the first ``midlife failures''.
In response, I understand that DEC replaced all RA90s with serial
numbers in the ``possibly affected'' range, even though only 2% of
these drives ever experienced failures.

So DEC 1, me zero.

Also, my original posting had deserved a followup anyway, but doubly so
in this case:  I had included a disclaimer in my original message, but
the RISKS moderator clipped it off when he compiled the digest.  When I
saw that, I considered posting a RISKS article about the risk of losing
disclaimers, but decided against the extra traffic.  Wrong again....

    {rutgers,cornell,ucsd,ubc-cs,tektronix}!uw-beaver!june!pardo

       [PLEASE NOTE THAT THE PAST FEW ISSUES HAVE HAD A GENERIC MASTHEAD
       DISCLAIMER.  I GENERALLY TRIM ALL SORTS OF TRAILING POETRY,
       SCATOLOGY, HUMOROUS DISCLAIMERS, LATITUDE AND LONGITUDE, HOME
       PHONES, etc.  IF YOU HAVE A REALLY IMPORTANT DISCLAIMER THAT
       YOU FEEL SHOULD NOT BE SO DELETED, PLEASE LET ME KNOW.  PGN]

Please report problems with the web pages to the maintainer

Top