Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
1. I'm glad that the New York Times headline put quotes around `Rogue Computer': it's surely a matter of lousy software design or persistent operational errors, rather than some real-life HAL from the movie _2001_, and the Times seems to know that. (I _hope_ that the readers caught the implication.) 2. The Times quotes PVB spokescritter Stephanie Pinto, as saying that if you divide 42,000 (errors) by 12 million (tickets) you get 0.003, (0.0035 actually) and asking ``Is three-tenths of one percent reckless?''. If my bank posted 3 out of every thousand transactions to the wrong account, I'd certainly take my money elsewhere. You'd better believe that the bank's CEO would transfer the operations VP to the mailroom in short order, too. 3. Stein's rhetoric (``... rogue computer ... terrorizing ...'') is overblown headline-grabbing, but the problem is real, and both bringing in an outside auditor and installing safeguards sound like good, albeit sadly overdue, ideas. American Management Systems of Arlington, VA was hired in 1984 to design the new system. A document written by the bureau's computer managers in 1985 outlined ``critical structural deficiencies'' and warned of ``profound and far-reaching implications.'' 4. The contractor was not competent to do the job. They have delivered trash in return for their $11 million so far. (That is for developing the software *and* running the system for the PVB.) Would a grep of the RISKS archives find other stories about lousy work by American Management Systems? That name rings a bell. [No bell prizes that I could find since Vol 7. PGN] 5. If PVB management permitted the contractor to implement the design after their own computer folks pointed out serious deficiencies, it's hard to avoid a choice between the hypotheses of stupidity and bribery. If, on the other hand, the contractor was required to correct the errors in the design, then the same choice of hypotheses applies to those responsible for monitoring contract compliance. 6. Once the system had been implemented, it is possible that management decided to install the system, not due to either stupidity or corruption, but rather on the basis that 42,000 errors/year is better than 85,000. Note that #6 does not contradict #5: the ``lesser evil'' hypothesis may apply to the decision to install the new piece of @#$%, but it cannot excuse a decision to permit the contractor to implement a known bad design in the first place. 7. Speaking now as a former New Yorker, the PVB has been one of the more obvious centers of corruption in that corrupt city gov't for decades. This is not `whisper behind the hand' stuff: during the Koch administration, a county leader of the Democratic Party committed suicide when his part in PVB corruption came to light in an investigation that was making headlines even without the suicide. If #5 turns out to be a matter of corruption, rather than mere stupidity, few New Yorkers will be surprised. On the other hand, stupidity about computing is *also* a tradition in the NYC gov't: the NYC Human Resources Administration used to pay tens of thousands of employees with a payroll system written in OS/360 Fortran, using type REAL*8 for money, and wonder why the pennies never seemed to balance. :-( (No, they were not smart enough to avoid fractional parts by storing amounts in pennies rather than dollars.) Chris (Christopher T. Jewell) chrisj@netcom.uucp apple!netcom!chrisj
>From the Sydney [Australia] Morning Herald, August 20th, 1990 "Sorry, you can't afford it" CANBERRA: Debt collectors believe that in the not too distant future there will be "total knowledge" about all individuals and envisage the Government allowing financiers to build enormous data banks which would include confidential tax file number information. In fact, they believe banks and other lenders will have so much information that debt collectors will be made redundant. The Orwellian vision is contained in an article "Back to the Future for Commercial Agents", published in the Institute of Mercantile Agents' journal, The Mercantile Agent. Its author, Mr Norman Owens, a former president of the institute and owner of a debt-collecting agency, told the Herald that governments would one day see it as "desirable" to link together and make public all the enormous data bases containing highly sensitive personal information. "Tomorrow's credit grantor will be extending credit in a perfect market with total knowledge of the debtor," Mr Owens asserted. "The credit grantor in the future will have access to all the debtor information. This will be made available through linked data bases in the manner of George Orwell's 1984. " Credit cards will be of the "smart card" variety which will be "genetically engineered implants" that capture all transactions from cradle to grave. (In fact, Westpac [a major Australian bank] is working on a smart card which has a small computer chip that records all transactions and makes credit cards more secure.) Credit files, like those held by the Credit Reference Association, will be linked to the Government's tax file number data base. "Some time in the future," he told the Herald, "mercantile agents won't exist. This is because there would be total knowledge about every individual including assets, income, credit history, and any future liabilities. The debt collector exists to catch those debtors that escape the creditor's receivable system. For most part the holes in that system will disappear in a business society armed with perfect knowledge about all transactions," he said. Mr Owens conceded that this may sound like science fiction, but insisted that it was "science possible". He acknowledged that the community was horrified by such Orwellian plans and said the Government was adamantly opposed to it, but he was confident that one day people and governments would realise that such measures were of benefit to society. [The thing I personally found most frightening about Norman Owens' comments - aside from the total lack of concern about possible risks - was his choice of words. Words like "perfect market", "total knowlege", "genetically engineered implants", and - of course - "benefit to society". I also must add that the basis for his Orwellian vision is the inclusion of tax file number information currently retained by the federal government. Under current laws, this information is confidential, so his proposed scheme would be illegal. — PH]
Monitoring "house arrest" detainees is equivalent to a common issue in computer security. It is known as user authentication — determinating that a particular person is at a particular location at a particular time. Reading the research literature on the subject of user authentication shows that the current solutions depend on co-operation of a typical user. For example, he won't reveal passwords to others, and won't comprise physical security in case he uses auxiliary devices such as smart cards or credit cards. And maybe more important, he stands to lose something if someone else can successfully masquerade as him. In the case of detainees, none of these assumptions holds. Plus the easy and wide availability of such devices as master remote control unit, which can learn signals generated by other devices of a similar type, it seems that no cheap (and thus practical) solution is in sight, unless one can assume that no one would attempt to grasp the potential forgery market. Li GONG, Odyssey Research Associates, Inc.
(From July 1990 Privacy Journal, Vol. XVI, No 9, Page 1)
TRUE COLORS
Thailand — a constitutional monarchy with a parliament largely dominated by
the military — has taken the Orwellian step that most Western democracies have
been afraid to take. The Thai government this month inaugurated a centralized
database system to track and to cross-reference vital information on each of
its 55 million citizens.
The system includes a Population Identification Number (PIN) with a required
computer-readable ID card with photo, thumbprint, and imbedded personal data.
The system will store date of birth, ancestral history, and family make-up and
was designed to track voting patterns, domestic and foreign travel, and social
welfare. Eventually 12,000 users, including law enforcement, will have access
by network terminals. It is the largest governmental relational database
system in the world. In the private sector, only the Church of Jesus Christ of
Later-Day Saints, the Mormon Church, has a larger one. "The people feel that
the system will protect them," says the director of the Central Population
Database Center in Bangkok.
*What is more curious than the ambitious system itself is the fact that the
federally-sponsored Smithsonian Institute chose — on behalf of all Americans
-- to honor the Thais for their efforts*. The second annual Computerworld
Smithsonian Award for innovative information technology in the governmental
sector went last month to the Thailand Ministry of Interior for its oppressive
system for keeping tabs on its citizens. Something to ponder: Two of the three
judges making the award have major computer responsibility in the U.S.
government.
[The Privacy Journal, an independent monthly on privacy in a computer
age, is a wonderful source for this stuff. Individual subscriptions
are $35/year; Privacy Journal, P.O. Box 28577, Providence RI, 02908.]
Amidst all our stories of systems that have screwed up, it's worth noting one
that did work as planned. The New York Federal Reserve bank's Fedwire EFT
system was in the area blacked out by the New York power outage. Its backup
diesel generators kept things running for several days. When one showed signs
of faltering, they moved operations to a backup site outside of the city. That
backup site had been established 3 years ago for exactly such contingencies.
--Steve Bellovin
By John Markoff, New York Times
Reprinted in the San Jose Mercury News, 8/19/90
[Starkly excerpted by PGN.]
COMPUTER SECURITY CAMPAIGN SHUT DOWN
Reagan-era drive targeted espionage
President Bush has ordered a quiet dismantling of an agressive effort to
restrict sources of computerized information, including data bases, collections
of commercial satellite photographs and information compiled by university
researchers. [...]
Agency being disbanded
This month the security agency began disbanding its National Computer
Security Center, moving most of its 300 employees into new jobs in the more
secret communications security section inside the agency. [...]
[Most of the functions of NCSC are intended to remain, however. PGN]
With regard to the unreliability of statistics, the only solution is to make Darrell Huff`s book "How to lie with statistics" a compulsory text at all schools. It is, I believe, the source of the quote "97.43% of all statistics are made up." Nigel Cole
Despite the danger of severe shock to RISKS readers who see this, I thought that someone should give due credit to the designers of a particular ABT which is run by the National Westminster Bank, and an example of which is installed at City University. Last week I drew some money on my way to lunch. As usual, I requested a receipt. When my service card popped out, I put it back in my wallet, but (being a bit more preoccupied than usual) walked away without collecting the money or the receipt. I realised my mistake one minute later when I reached into my pocket to pay for a beer, and sprinted back to the machine, only to find the receipt dangling out of the slot, but no cash. I had no option but to draw some more money and make the best of it. I was puzzled that there had been nobody around at the time who would have been likely to have seen my mistake, and made off with the cash, so I rang the bank. They explained that this type of till, in which the money comes out through rollers, gobbles the money back if it is not pulled out of the rollers within ten seconds. Sure enough, when they 'agreed' the till the next day, they found it in credit by the amount I had forgotten, and a record of a 'customer time-out'. So they promptly credited my account with that amount. Now, *that's* what I call user-friendly! :-) Peter Mellor, Centre for Software Reliability, City University, Northampton Square, London EC1V 0HB
[Jack sent me the entire registration packet for the conference on-line.
It is much longer than just about any previous RISKS issue, so I
have highlighted the program here. This is generally the definitive
get-together for security developers and practitioners.
For those of you wishing the packet, please send him mail or FTP
it from CRVAX.SRI.COM in the usual directory as RISKS-10.NCS90 .
Registrations before 1 Sept 90 save $25; otherwise $250. PGN]
Omni Shoreham Hotel, 2500 Calvert Street, NW, Washington, DC 20008
(100 yards from Woodley Park Metro Station)
SPECIAL EVENTS:
October 2, 1990
Opening Plenary Session
0900 Welcoming Remarks
Keynote Address, Robert G. Torricelli, U.S. Representative (D - NJ)
1830 Conference Reception
Smithsonian American History Museum
October 3, 1990
1800 Conference Banquet (Omni Shoreham Regency Ballroom)
Speaker: Ms. Michelle K. VanCleave
Assistant Director for National Security Affairs
Office of Science and Technology Policy
Executive Office of the President
October 4, 1990
1100 Closing Plenary Session
Panel: Towards Harmonized International Security Criteria
1225 Closing Remarks
TRACK A - Research & Development
MONDAY, OCTOBER 1
1600 Panel: Commercial Development & Evaluation of Trusted
Systems: An Open Discussion — Our Success to Date
TUESDAY, OCTOBER 2
Verification
1030 PAPERS
Covert Storage Channel Analysis: A Worked Example
Verification of the C/30 Microcode Using the State Delta Verification System
UNIX System V with B2 Security
1400 PANEL: Access Control: Time for A Retrospective
Electronic Authentication & Biometrics
1600 PAPERS
Key Management Systems Combining X9.17 and Public Key Techniques
Electronic Document Authorization
The Place of Biometrics in a User Authentication Taxonomy
Non-Forgeable Personal Identification System Using Cryptography and
Biometrics
WEDNESDAY, OCTOBER 3
Intelligent Tools I: Auditing
0900 PAPERS
An Audit Trail Reduction Paradigm Based on Trusted Processes
The Computerwatch Data Reduction Tool
Analysis of Audit and Protocol Data Using Methods from AI
Intelligent Tools II: Intrusion Detection
1100 PAPERS
A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks
A Neural Network Approach Towards Intrusion Detection
PANEL: Data Categorization and Labeling
1600 Panel: R&D Activities
THURSDAY, OCTOBER 4
Modeling
0900 PAPERS
A Generalized Framework for Access Control: An Informal Description
Automated Extensibility in THETA
Controlling Security Overrides
Lattices, Policies, and Implementations
TRACK B - Systems
MONDAY, OCTOBER 1
0900 PAPER NIST/NSA Services & Publications
1400 PANEL: Computer Security Standards
Embedded Systems
1600 PAPERS
The Role of "System Build" in Trusted Embedded Systems
Combining Security, Embedded Systems and Ada Puts the Emphasis on the RTE
TUESDAY, OCTOBER 2
1030 PANEL: Disclosure Protection of Sensitive Information
Network Security I
1400 PAPERS
Considerations for VSLAN(TM) Integrators and DAAs
Introduction to the Gemini Trusted Network Processor
An Overview of the USAFE Guard System
Network Security II
1600 PAPERS
Mutual Suspicion for Network Security
A Security Policy for Trusted Client-Server Distributed Networks
Network Security and the Graphical Representation Model
WEDNESDAY, OCTOBER 3
System Test & Integration
0900 PAPERS
Testing a Secure Operating System
An Assertion-Mapping Approach to Software Test Design
Security Testing: The Albatross of Secure System Integration?
Network Standards
1100 PAPERS
Low Cost Outboard Cryptographic Support for SILS and SP4
Layer 2 Security Services for Local Area Networks
Operating Systems
1400 PAPERS
Trusted MINIX: A Worked Example
Security for Real-Time Systems
Trusted XENIX(TM) Interpretation: Phase I
1600 PANEL: Vendors' Activities
THURSDAY, OCTOBER 4
Viruses
0900 PAPERS
PACL's: An Access Control List Approach to Anti-Viral Security
Static Analysis Virus Detection Tools for UNIX Systems
The Virus Intervention and Control Experiment
Classification of Computer Anomalies
TRACK C-I - Management & Administration
MONDAY, OCTOBER 1
Contingency Planning & Disaster Recovery (Part I)
0900 PAPER
Disaster Recovery / Contingency Planning
1100 PANEL: Professional Development
Contingency Planning & Disaster Recovery (Part II)
1400 PAPER
Disaster Recovery from $138 Million Fire
1600 PANEL: Plans and Assistance
TUESDAY, OCTOBER 2
Criteria: National & International
1030 PAPERS
Harmonised Criteria for the Security Evaluation of IT Systems and Products
The VME High Security Option
Rainbows and Arrows: How the Security Criteria Address Computer Misuse
Civil and Military Application of Trusted Systems Criteria
1400 PANEL: Implementation of the Computer Security Act of 1987
Approaches to Trust
1600 PAPERS
The CSO's Role in Computer Security
Implementation and Usage of Mandatory Access Controls in an Operational
Environment
Building Trust into a Multilevel File System
WEDNESDAY, OCTOBER 3
Risk Management
0900 PANEL: Risk Management
1000 PAPERS
LAVA/CIS Version 2.0: A Software System for Vulnerability and Risk
Assessment
WORKFLOW: A Methodology for Performing a Qualitative Risk Assessment
Critical Risk Certification Methodology
Acquisition
1400 PAPERS
Factors Effecting the Availability of Security Measures in Data Processing
Components
Integrating Computer Security and Software Safety in the Life Cycle of Air
Force Systems
1500 PANEL: Acquisition Discussion
Integrity
1600 PAPERS
Integrity Mechanisms in Database Management Systems
A Taxonomy of Integrity Models, Implementations and Mechanisms
THURSDAY, OCTOBER 4
0900 PANEL: National Computer Security Policy
TRACK C-II - Management & Administration
MONDAY, OCTOBER 1
DATABASE MANAGEMENT
0900 TUTORIAL: Database Management Systems and Secure Database Management
Systems
1100 PANEL: A Year of Progress in Trusted Database Systems
1400 PANEL: Trusted Database Systems: The Tough Issues
1600 PANEL: Multilevel Object Oriented Database Systems
TUESDAY, OCTOBER 2
C2 Microcomputer Security
1030 PAPERS
C2 Security and Microcomputers
Functional Implementation of C2 by 92 for Microcomputers
1400 PANEL: Electronic Certification: Has Its Time Come?
1600 PANEL: Defense Message System (DMS) Security
WEDNESDAY, OCTOBER 3
0900 PANEL: IEEE Computer Society
Limited Access to Knowledge and Information
1100 PANEL: Computer Emergency Response Team: Lessons Learned
Ethics
1400 PAPERS
Discerning an Ethos for the INFOSEC Community: What Ought We Do?
VIRUS ETHICS: Concerns and Resonsibilities of Individuals and Institutions
Concerning Hackers Who Break into Computer Systems
1600 PANEL: National Institute of Standards and Technology Activities
THURSDAY, OCTOBER 4
0900 PANEL: Hackers: "Who are They?"
Track D - The Computer Security Tutorial Track
MONDAY, October 1
0900 PAPERS
Automated Information Security: Overview of the Tutorial
Security Overview and Threat
Information Security
Life Cycle Management Requirements
Risk Management
TUESDAY, October 2, 1990
1030 PAPERS
Data Security
Physical, Personnel and Administrative Security
Office Automation Security
WEDNESDAY, October 3, 1990
0900 PAPERS
Telecommunications Security
Software Controls
Trusted Systems Concepts
Trusted Network Concepts
THURSDAY, October 4, 1990
0900 Tutorial Panel
Also a collection of Educator Sessions:
Tuesday, October 2, 1990
1400 Should Computer Security Awareness Replace Training?
A Reassessment of Computer Security Training Needs
1600 Components of an Effective Training Program
Information Security: The Development of Training Modules
Determining Your Training Needs
Panel: Lauresa Stillwell, Adele Suchinsky, Corey Schou, Roger Quane
Wednesday, October 3, 1990
0900 Training Vehicles: Cost Versus Effectiveness
Computer Based Training: The Right Choice?
1100 Training on a Shoe-String Budget
Awareness and Training in a World of Reduced Resources
Please report problems with the web pages to the maintainer