Previous IssueIndexNext IssueInfoSubmit ArticleFTPDo not even think about clicking on this button
 

The Risks Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11: Issue 71

Thursday 23 May 1991

Contents

o The RISKS of Posting to the Net
mmm
o If SB266 wants plaintext, give them plaintext...
Peter Wayner
o Voting By Phone
James K. Huggins
o Using commercial databases to augment Government surveillance
Brad Dolan
o UPS & Electronic Signatures
Alex Bangs
o Re: Yet another Push The Button story
Tom Coradeschi
o Re: (Bogus) IBM red switch
John A. Pershing Jr.
o Re: Privacy
Richard Johnson
o Re: The Death of Privacy?
Robert Allen
o Info on RISKS (comp.risks)
---------------------------------------------

The RISKS of Posting to the Net

<mmm@cup.portal.com>
Thu, 23 May 91 11:58:07 PDT 
I just had an interesting visit from the FBI.  It seems that a posting I made
to sci.space several months ago had filtered through channels, caused the FBI
to open (or re-open) a file on me, and an agent wanted to interview me, which I
did voluntarily.

My posting concerned destruct systems for missiles.  I had had a chance to look
at the manual on the destruct system used on the Poseidon and Polaris A3
missiles, and was shocked at the vulnerability of the system which triggers the
system.  In my posting, I commented that the system seemed less secure than
many garage-door openers.  It uses a set of three tones, in which two tones are
presented, then one tone is taken away and the third tone is applied.  The only
classified parts of the system are the frequencies of the second and third
tones.

On the net, I asked whether tone control systems like this are still used for
missile destruct systems.  By e-mail, I received an answer from a person who
was currently designing a destruct system, and he indeed confirmed that not
only are tone-control destruct systems still used, they are a requirement of
some test ranges.  (However, he thought it would be difficult to send a bogus
destruct command because of the need to blot out one of the tones which is
transmitted continuously from ground control; it would be far easier to insert
a bogus flight control command and send the missile toward a city.)

A few months later, I received a message from my sysop asking me to call a
person at Patrick Air Force Base who wanted to get in touch with me.  This guy
was real concerned that I had revealed "sensitive" information.  He said he
kept his copy of my posting in his safe!  I guess he didn't know that it had
already been distributed throughout the industrialized world.  He didn't want
to say anything about the subject over the phone.  He asked whether I would be
willing to be interviewed by an investigator.  I agreed, and he said I would be
contacted within 24 hours by someone locally.  That was the last I heard of
him.  I suppose he talked to someone who knew more about destruct systems, and
was reassured that it isn't possible because it hasn't happened yet.

Two days ago, more than half a year after my original posting, I got a message
that someone from the Palo Alto office of the FBI wanted to talk to me.  I
called him, and we agreed to meet this morning.  He didn't seem too concerned
with the technical aspects of my posting -- I guess he also had his own experts
to consult.  He mostly seemed to be checking me out to see if I was plotting to
blow up a missile.  He was also very interested in how the net works.  I told
him all about the net.  He wanted to know if there was any sort of censorship
or control over what goes on the net, and I explained it was mostly
after-the-fact control, for example if you post a commercial advertisement the
management of your site will get a ton of e-mail asking that your account be
cancelled.

He asked whether someone could post an offer for $10,000 for blueprints of a
missile or something, and I said there isn't any sort of censorship that would
prevent that sort of thing.  But the closest thing to a request for information
on performing a crime that I knew of was a couple years ago when someone asked
in the chemistry newsgroup about methods for electrically igniting a chemical.
I told him about the controversy that caused, though I omitted my role in
answering the original poster's question :-)

I also told him about newsgroups like alt.drugs, rec.pyrotech, etc.  He took
copious notes.  He asked about the equipment needed to access the net.  I told
him about computers and modems and Portal.  I should contact Portal management
to see if I get a bonus if he signs up as a customer :-)

The only surprise came at the end of the interview.  He asked if I had any
questions.  I said I was curious how my posting ended up in his hands.  Before
he could answer, I said I suppose you were contacted by that guy at Patrick Air
Force Base.  This surprised him, and he said he knew of no involvement by
anyone at Patrick Air Force Base.  I asked how he _did_ know about my posting,
and he said he couldn't answer that.  I then went on to tell him about the
controversy over Uunet, and their role in supplying archives of Usenet traffic
on tape to the FBI, and he seemed surprised by that also.

So what's the RISK here?  None to me, because I was a perfectly innocent party.
I suppose some people would be really concerned to learn that their postings to
the net are being monitored for possible illegal activity.  But I would be far
more concerned if they weren't.  The fact that two independent investigations
were started is reassuring to me, because it shows that the government is not
totally brain-dead with regard to possible threats to their big projects.
Certainly if _I_ were FBI director, I would consider Usenet to be a great
resource.  I'd learn all about computer crime, recreational drugs that aren't
illegal yet, low-tech ways of building bombs, how to contact Earth First!,
etc., etc.
---------------------------------------------

If SB266 wants plaintext, give them plaintext...

Peter Wayner <wayner@cs.cornell.edu>
Thu, 23 May 91 16:17:23 -0400 
There has been plenty of discussion about SB266 requiring all communication
equipment to provide the plaintext to the government on demand. Well, I've
decided if they want plaintext, give them plaintext. I've written a program
that will convert any file into strings from a context-free grammar. The bits
are recovered by parsing. To test it's viability, I created two grammars and a
program to do the work.

The first converts any file into the radio commentary of a baseball game
between two teams, The Blogs and the Whappers. Could something as American as
baseball be hiding something?

The second converts a file into something approximating a speech by Neil
Kinnock .  I chose Neil Kinnock because SB266's sponsor, Joe Biden, is fond of
borrowing liberally from Mr. Kinnock's impressive oratory. Unfortunately, the
only really substantive chunks of Mr. Kinnock's speeches I could find were from
a NYT article by Maureen Dowd in 1987 about the striking similarities between
the speeches of Joe Biden and Neil Kinnock. The limited sample leads to a
"broken record" effect. (The libraries in America don't seem to contain
collected speeches by Mr. Kinnock. If anyone has a video tape of his impressive
10 minute commercial of Brahms and anti-Bromides, I'd love to see it.)

I managed to encode information using this text by slightly permuting the word
choices. I've been wondering if Senator Biden wasn't doing the same thing when
he didn't quote verbatim.  Perhaps he was sending messages to someone?

My apologies to Mr. Kinnock for mutilating his careful diction and rhythm.

If anyone in the United States would like to experiment with the programs,
please drop me a line. I'll send you the source code. It is written Think
Pascal 3.0 for the Mac, but it should be a breeze to convert to other Pascal's
or even C. The offer only extends to electronic addresses in the United States
because the Commerace department restricts the distribution of cryptographic
protocols beyond the borders. The security of the system is a bit hard to
assess (breaking it is, in some senses, a PSPACE-complete problem), so I'd
rather abide by an annoying rule than spend time in the can.  If you would
rather receive it by disk, send me one with a properly franked envelope, and
I'll mail it out.

If you want a copy of a Tech Report describing the topic, send me a paper
address and I'll send it out. This document can cross borders.  Thank god for
the first amendment.

Finally, here are two examples of the program at work:

     -------------------------------------------------------------
     Baseball
     -------------------------------------------------------------

It's time for another game between the Whappers and the Blogs in scenic
downtown Blovonia . I've just got to say that the Blog fans have come to
support their team and rant and rave . Let's get going ! Another new inning .
Ain't life great, Ted ? Yup. How about those players . The pitcher spits.
Prince Albert von Carmicheal comes to the plate . He's trying the curveball .
He pops it up to Harrison "Harry" Hanihan . One out against the Whappers. Now,
Parry Posteriority swings the baseball bat to stretch and enters the batter's
box . Here we go . OOOh, that's almost in the dirt . Definitely a ball . The
next pitch is a bouncing knuckleball . Short and away . The umpire calls a ball
. It's a change-up . and it's ... La Bomba ! HomeRun ! Yup, got to love this
stadium. Now, Mark Cloud swings the baseball bat to stretch and enters the
batter's box . Yeah. He's uncorking a toaster . No contact in Mudsville ! It's
a fastball with wings . No wood on that one . He's uncorking what looks like a
spitball . Whooooosh! Strike ! He's out of there . These are the times that
make baseball special . Now, Parry Posteriority swings the baseball bat to
stretch and enters the batter's box . Another fastball . No contact on that one
. A full windup and it's a split-fingered fastball . He pops it up to Orville
Baskethands . Well, that's the end of their chances in this inning, Rich .

     -------------------------------------------------------------
     Neil Kinnock
     -------------------------------------------------------------

Why were the Coal Mines all my ancestors had ? These people who could write
poetry ? My people who could make wonderful things with their hands ? Why
didn't they get the chance ? Were they too weak? The people who would work
underground for 8 hours and come out to play football for the evening ? Do you
think that they didn't get what we had because they didn't have the drive ?
Never . It was because they never had a platform on which to stand . Why am I
the first man in my family to go to University ? Was it because our ancestors
were too thick ? Why were my ancestors shut out of life ? My people who could
dream dreams and recite poetry and dance and make wonderful things with their
hands and dream dreams ? My parents who could make wonderful things with their
hands and sing and write epic poems and make beautiful things and see visions ?
Why didn't they get the chance ? Were they too weak? Those people who worked
underground for 8 hours and come up to play football ? Does anybody really
think that they didn't get what we had because they didn't have the stamina ?
No . There was no platform on which they could stand .

     -------------------------------------------------------------

Both of these examples are just small portions of the result of encoding the
message:

  Paul is dead! I am the walrus!
  Buy something right now. Don't shoplift. Buy! Buy!
  Here are the plans to the Overthruster, Sergei.
  Yoyodyne forever.
---------------------------------------------

Voting By Phone

James K. Huggins <huggins@zip.eecs.umich.edu>
Thu, 23 May 91 12:25:35 EDT 
This afternoon, during the Senate's debate on the Campaign Finance Reform Act,
Senator Robert Dole (R-Kansas) offered an amendment (which was agreed to by the
Senate) directing the Federal Election Commission to conduct a study regarding
the feasibility of allowing disabled voters to vote by telephone in federal
elections.  The main motivation behind the amendment was to provide easier ways
to vote for disabled Americans who may find it difficult to reach a polling
place.  The amendment does not require the FEC to immediately implement voting
by phone, but only to study it.

Previous issues of RISKS have discussed the risks of voting by phone at length,
but one risk stands out in this particular case.  If the danger of coerced
votes in "normal" phone votes is substantial, I believe it is even higher in
this situation, where the threat of physical violence against the physically
disabled voter would be greater than normal.

Jim Huggins, Univ. of Michigan (huggins@zip.eecs.umich.edu)
---------------------------------------------

Using commercial databases to augment Government surveillance

<pine_ridge%oak.span@Sdsc.Edu>
Thu, 23 May 91 11:25:34 GMT 
Buried in an article in the 23-May-91 Wall Street Journal was a reference to an
interesting computer-related risk.  The article, entitled "Travelers From
Abroad Face Summer of Extra-Long Delays at U.S. Airports," reported that
incoming travelers may face delays of up to 5 hours in clearing immigration at
some airports.

Previously, "selective screening" and "citizen bypass" plans have been used by
customs and immigration officials to expedite inspections of arriving
passengers.  The Immigration and Naturalization Service (INS) now is taking the
position that all persons entering the U.S. must be checked.  After
interviewing Michael Cronin, assistant INS commissioner for inspection, the WSJ
reported, "He notes that the U.S., unlike many other countries where
immigration inspections are looser, doesn't require national identification
cards or have a national police force to stop people on the street and enforce
immigration laws.  Thus, he argues, port of entry must keep tight control."

One of these controls is the new Advanced Passenger Information Program.  Under
this program, airlines transmit data about arriving passengers to the INS
before passengers arrive.  The government adds this information to its
databases and uses these databases to help determine who gets inspected.  This
program is currently in place for U.S.-Japan flights and will be implemented
soon for U.S.-European flights.

I am unhappy with the idea of the government augmenting its surveillance of me
by tapping commercial databases.  What other uses will they make of this
information?  What's next?  Should the government get copies of my phone bills
to see if I'm talking to the wrong people?

An aside: I find the treatment of foreign travelers by the INS embarrassing
when compared to the way I am treated by officials in other countries.  The
evil hacker-condoning Dutch, for example, seem to process everyone coming in to
their country with courtesy, efficiency, and fairness.  I've never noticed
Dutch police randomly stopping people on the street and examing their identity
papers, either.
                  Brad Dolan  pine_ridge%oak.span@sds.sdsc.edu  B.DOLAN (GEnie)
---------------------------------------------

UPS & Electronic Signatures

Alex Bangs -- bangsal@ornl.gov <abg@mars.EPM.ORNL.GOV>
Thu, 23 May 91 07:59:32 EDT 
For those of you who don't sign for UPS packages, UPS is now switching over to
an electronic clipboard for their drivers. This device is called the Delivery
Information Acquisition Device (DIAD) [_Network World_, May 6, p. 15]. I had my
first experience with one the other day when a package was delivered. The most
unique part of this device is a pad which is signed by the customer with a
stylus and stores the signature electronically. You can see your signature
appear on the DIAD's LCD display.

I visited UPS R&D about a year ago when they were still testing this device.
They explained the logic behind this. Not only does it get rid of paper for
signatures, but when the information is downloaded into a mainframe, it can be
used by a central customer service organization.  When a customer calls in
claiming a package was not delivered, they can look it up on the computer and
check if it was delivered, and who signed for it (not noting, however, that
many people's signatures are unreadable!).

So, how many of you like the idea of your signature being stored electronically
somewhere in the bowels of someone else's computer?

Alex L. Bangs, Oak Ridge National Laboratory/CESAR,
Autonomous Robotic Systems Group    bangsal@ornl.gov
---------------------------------------------

Re: Yet another Push The Button story

Tom Coradeschi <tcora@PICA.ARMY.MIL>
Thu, 23 May 91 12:20:05 EDT 
This thread reminds me of a suggestion a co-worker made for our new laboratory
(Lots of high energy capacitors, switches, etc). We would install a large red
pushbutton, with a lighted label above it reading "Push to Test".  When the
button was pushed, the label would change to "Release to Detonate".

Well, I liked it...                   tom coradeschi
---------------------------------------------

Re: (Bogus) IBM red switch

"John A. Pershing Jr." <pershng@watson.ibm.com>
Tue, 21 May 91 10:59:56 EDT 
Note that the 1403 printer itself also had a "STOP" button on its control
panel (I don't remember if it was red, or some other color).  Amazingly
enough, if the printer went into the "high speed paper slew" mode due to
an -- er, -- unfortunate choice of carriage control character, the
printer's "STOP" button would have NO EFFECT WHATSOEVER!  (I discovered
this when the printer was loaded with continuous-form payroll checks!)

Unfortunately, the function of the "STOP" button was to tell the printer
to stop accepting commands from the channel *after* the completion of the
current command (e.g., "skip to channel 5").  Sigh...

(There *was* a second button on the panel labelled "Carriage Stop", or
something like that, which *would* stop the fountain of paper.  Not
immediately obvious to a panicked junior programmer...)

      John Pershing,       IBM Research, Yorktown Heights
---------------------------------------------

Re: Privacy

Richard Johnson <richard@oresoft.com>
Mon, 20 May 91 8:14:46 PDT 
Mary Culnan ("Of Two Minds About Privacy" RISKS 11.69) and Jerry
Leichter ("The Death of Privacy?" RISKS 11.69) detail some of the
problems associated with automated systems that detail specific
information about our personal and financial lives.  To summarize:

1) Undesired access to data
2) Undesired manipulation of data
3) Undesired offerings of data (Mary)     and
4) Undesired large-scale changes of public opinion (Jerry)

   {nota bene: That is my reading - you might have meant something
    else.  Also, by "undesired" I mean "undesired by the subject"
    (me, specifically).}

It seems this is just the tip of the iceberg, though.  Recently released
footage from the Persian Gulf conflict show a sophisticated airborne
battle-management system capable of spotting movement, location, and
identification of literally everything within several hundred miles.

Several states are experimenting with bar codes for vehicle location, speed
detection, and identification.  While officially not for criminal investigation
purposes, I doubt most anyone would object to a search of the records to locate
the perpetrator of say, a felony hit-and-run.

Birth, death, marriage, licenses, education, service, and major property
occasions are all publicly recorded, and often _required_.

Our employers often know where to find us, even when we are not at work.  Our
neighbors often know the roads we use to drive to work.  Our grocers often know
the days we get paid, and the times we like to shop.

The problem is not just technology.  The problem is how much an individual is
willing to waive control of information about her (him) self.  If we don't
actively guard our privacy, we shall surely fall prey to those who would profit
from that information -- perhaps at our expense.

Richard Johnson
---------------------------------------------

Re: The Death of Privacy?

Email Mujahideen <Robert.Allen@eng.sun.com>
Mon, 20 May 91 09:22:59 PDT 
To my mind there is a more serious problem responsible for our loss of privacy
(not to mention other rights).  It's the attitudes towards convenience.

Every time you use one of the Electronic Fund Transfer (EFT) devices at a
Lucky's store, gas station, etc., you are giving up significant portions of
your privacy.  By buying gas this way someone can closely figure your driving
habits: did you go somewhere this weekend?  Where did you go (where did you use
EFT to buy gas?)?  What kind of mileage did you get?  Is it possible you took a
side trip where you used gas, but didn't buy any until later?  What kind of
food do you buy (I'm not sure if this is tracked)?  How much do you normally
spend on food, versus getting cash back?  Why do you get so much cash back from
a grocery store instead of a bank (trying to hide something?)?

We are well on our way to a cashless society.  I predict that it will
eventually be illegal to own cash.  Certainly whenever a drug dealer is busted
today, you hear all about the (gasp!) several thousand dollars in cash found.
Heck, *I* know people who keep that much at home, and they are definately not
drug dealers.

Once we become cashless, operating on "credits", the only people with any true
freedom will be the hackers who are able to crack the systems and pilfer.
You-all and I will be at the mercy of both the hackers, and the gov't.  By that
time it will be impossible to break the sequence, since literally EVERY
purchase you make, from birth-control, to books, to how much you give to your
church, will be tracked, and you will be at the mercy of any future laws
passed, such as, say, anti-birth control, anti-gun, anti-drug,
anti-"pornography", etc.  It's already happening today, and it will only get
worse.

---------------------------------------------

Previous IssueIndexNext IssueInfoSubmit ArticleFTPDo not even think about clicking on this button
 

Report problems with the web pages to the maintainer