Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
I was dismayed by Ed Nilges' (egnilges@pucc.princeton.edu) article in
RISKS-11.86. Ed discussed a recent CACM article by Karen Frankel, citing
Daniele Bernstein's criticisms of Edsger Dijkstra's proposed reforms for
Computer Science education. Ed's analysis of the situation appears to have
some huge holes in its logic.
Essentially Dijkstra recommends that Computer Science education be based on
formal mathematics and logic rather than early exposure to and experimentation
with computers. Bernstein notes that women tend to prefer experimentation and
teamwork to solitary abstract thought, and accuses Dijkstra of sexism on the
basis that the proposed educational reforms would present a barrier to women in
Computer Science.
Ed concludes "Dijkstra is right and Nye and Bernstein are wrong" because he
believes that the sort of solitary thinking about formal mathematics and logic
encouraged by Dijkstra's reforms will lead to better (less error prone)
software. It has not been sufficiently demonstrated to me that this sort of
thinking leads to better software, but that is not the basis on which I would
like to argue with Ed.
Bernstein's criticism of Dijkstra relates not so much to the practice of
programming and other areas of Computer Science, but rather to the education of
future programmers. Several studies have noted that, from an early age, girls
in Western societies are not encouraged to take up activities which lead to
careers in scientific fields, particularly Mathematics, Computer Science, and
Engineering. Bertstein's criticisms are, I believe, pointing out that the
changes proposed by Dijkstra would be yet another barrier to women wishing to
enter the field of Computer Science. It would be akin to requiring a student
who only knows conversational German to learn something from a German technical
article-- there is a "language" barrier which is very difficult but not
impossible to overcome. However, if I were that student I wouldn't even
bother.
Ed goes on to support his argument with a description of his own experience
teaching C programming to American and Russian emigre students. He notes that,
due to scarce resources, the Russian students are learning in an environment
that is similar to the one that Dijkstra proposes. He states that he finds "NO
sex differences". This may be true, but is the ratio of women to men in his
courses the same as the ratio of women to men in the population (choose your
own demographics) as a whole? If, as I expect, this ratio is much lower than
the ratio for the general population, then it would suggest that the Russian
curriculum is discouraging to women. The Russian women in Ed's classes are
those few women who are able to "hack it" in the rigorously mathematical and
abstract Russian system.
It may well be that more formal training turns some people into better
programmers. It is certainly the case that formal training turns a lot of
people off or presents an impossible obstacle to many groups (not only women).
I believe that many of these people could become excellent programmers, or
professors of Computer Science, or researchers, etc. However, if Dijkstra's
proposals are widely implemented, chances are that none of this latter group
will get the opportunity. This, then, is Bernstein's criticism of Dijkstra's
proposal.
It is unfortunate that Bernstein slings the word "sexist", and that Ed feels
threatened enough to counter with the (now) negatively connotated term
"politically correct" which raises all sorts of spectres of thought police.
All education would benefit from massive dose of new and different thinking, so
as to encourage marginalized groups to participate more fully, rather than a
retreat to older, more formal approaches which would only push groups on the
outside farther out.
Hal Pomeranz pomeranz@dccs.upenn.edu
Excerpts from an article published in the Los Angeles Times May 17, 1991; page E1. Edited and submitted to RISKS Digest by Mark Seecof <marks@latimes.com> of the L.A. Times Publishing Systems Department. [elisions and bracketed comments mine --Mark S.] ``Little Phone Company on a Hacker Attack'' By Susan Christian, Times Staff Writer. [Introductory blather...] [...] in the last seven months [small long-distance company] Thrifty Tel's [security chief] has put seven hackers in jail. And she has made 48 others atone for their sins with hard cash and hardware. The case that [security chief] Bigley calls her biggest coup--involving a 16-year-old Buena Park boy whose alleged theft of computer data cost Thrifty Tel millions of dollars--is pending in Orange County Superior Court. Thrifty Tel has become one of the most agressive hacker fighters in California, according to Jim Smith, president of the California Assn. of Long Distance Telephone Cos. (Caltel). ``[Bigley] is tough,'' he says. ``I would not want to be a hacker on her network.'' So far, the company has collected more than $200,000 in penalties and reimbursements from hackers. ``We do not have a hacking problem any more because we stood up and punched them in the face,'' Bigley proclaims. ``These kids think that what they're doing is no big deal--they're not murdering anyone,'' Bigley says. ``They think we're terrible for calling them on it. Their attitude is extremely arrogant. But these are not just kids having some fun. They are using their intellect to devise ways to steal. And these are not kids who need to steal. They come from white-collar families.'' For Thrifty Tel Inc., the battle of wits started a year ago. [...Thrifty Tel is ten years old, went public in '86, and serves 7,000 customers in SoCal.] [...Last year the hackers discovered them. Hackers use computer programs to try many possible code numbers until they find the ones which unlock the system.] ``The first quarter of 1990 we came in with a half-million-dollar net profit, and everything was going great,'' Bigley says. ``Then the next quarter, all of a sudden we were lopsided. We were getting bigger bills from our carriers than we were billing out to our customers.'' With a little investigation, the company pinpointed the culprits: hackers who were eating up telephone time at as much as ten hours a ``conversation.'' Because hackers exchange information and solve secret codes via long-distance modem connections, circumventing expensive telephone charges has become their mainstay. ``It was so frustrating to sit here and watch these hackers burn through our lines,'' says Bigley, a 33-year-old San Fernando Valley resident. She has been vice-president of operations at Thrifty Tel for four years. ``I had technicians out changing customers' codes that they'd just changed a few weeks before.'' But Bigley is not the sort to throw in the towel. [...She is hard-working and persistent.] First, she devoted a couple of months to educating herself about hacking. She monitored Thrifty Tel's computers for unusual activity--telephone calls coming into the switching facility from non-customers. ``They believe that because they're sitting in a room with a computer they're safe,'' Bigley says. ``The problem is, they're using their telephone; we can watch them in the act. It's a lot easier to catch a hacker than a bank robber.'' Bigley started making a few calls of her own. If the infiltrator seemed major league, like the Buena Park boy, she contacted the Garden Grove Police Department, whose fraud investigators went into homes with search warrants. If the hacker seemed relatively small, however, Bigley took matters into her own hands, telephoned the suspect and presented an ultimatum: Either pay up or face criminal charges. A non-negotiable condition of Bigley's out-of-court settlement provided that the guilty party relinquish his (or, infrequently, her) computer and modem. Thrifty Tel donates the confiscated weapons [computers] to law enforcement agencies. Teen-age hackers tend to be ``very intelligent and somewhat introverted,'' says Garden Grove Police Detective Richard Harrison, a fraud investigator who has arrested many of Thrifty Tel's suspects. Most of the parents he has dealt with were oblivious to their children's secret lives, Harrison says. He suggests that parents educate themselves about their children's computers. ``If a kid is spending a whole bunch of time on his computer and it's hooked up to a modem, he's not just running his software. What is he doing on that computer? Does he really need a modem?'' [ed. note-- this officer may be an expert on fraud but is clearly unqualified to make such sweeping assertions about what (young) people do with computers. Playing rogue can eat up as much time as hacking while the modem remains idle.] Not all hackers are young computer fanatics testing their limits. ``The hacking problem is two-fold,'' says Caltel president Smith, also president of the Sacramento-based long-distance telephone company Execuline. ``First, we have Information Age fraud, which is an outgrowth of the proliferation of computers in households. We have all these kids who want to talk to each other on bulletin boards, and if mom and dad had to pay for all those phone calls, the cost would be prohibitive. Then we have professional fraud--adults as well as kids who attempt to gain access to our codes for the purpose of selling the codes. They have made a big business out of hacking.'' Smith's company has waged a more low-key defens[e] against hackers than Thrifty Tel. ``I wish I had the time to devote to hacker fraud that she [Bigley] has been able to devote,'' he says. Therein lies the reason that many telephone companies decline to file charges against hackers, says Roy Costello, a fraud investigator for GTE. ``Smaller carriers don't have the time to allow their people to do the investigation and then carry it through the court system,'' he says. [... Stuff about the sticktoitiveness of Thrifty Tel's Bigley and how she thinks that hackers are immoral and wants to defeat them.]
I would suggest that equipment of this type would negate some risks, rather than create new ones. Currently if there is an accident sorting out who was at fault (in non no-fault states) winds up being a long involved process which primarily benefits members of the legal community, and costs the taxpayer lots of money in the form increased insurance premiums down the line, and increased taxes to cover court expenses. With a recorder on board that showed one party was clearly speeding, or failed to apply brakes, resolution could be more straight forward. At worst resolution would be no more involved than it is now. I am often intrigued by people apparently worrying about the risk of "getting caught". I would presume that if a driver is not speeding or otherwise inappropriately operating the vehicle, then a recorder could be a benefit in resolving a suit, or more mundanely detecting malfunction before it becomes expensive, or in detecting driving habits that are expensive. At worst it would be a nonentity like the controller that runs the cruise control.
In other words the risk is that the police might be able to actually determine
the cause of an accident based on evidence, rather than on the possibly true
account of the participants based on their possibly correct memory?!?
Perhaps the real risk is that the device might be used to determine where your
car had been, and when. Like, if the police used it to find out if you had
been at a crime scene.
(Perhaps an even greater risk is that of preventing some helpful technology
from coming to the market based on the fear that maybe it will stop someone's
illegal or unethical behavior as well as helping those who have nothing to lose
and something to gain from the new technology. While we should be concerned
over privacy concerns, we should also be concerned about the overall benefit to
society, etc...)
-michael j zehr
It's been a while since I've read car magazines, but, in the late 70's to early
80's GM started putting engine control computers in some of the more expensive
cars. These were to aid in diagnosis. If certain engine parameters were
exceded then the computer would remember them and then could dump them out to
the mechanic when poked the right direction. I do remember that over rev,
temp, and oil pressure were mentioned as being monitored. It would allow a
mechanic to say "Well, this really wasn't meant to spin all the way to 8000
rpm..."
bruce
John Moore writes, regarding a Ford Motor Co. "customer flight recorder..."
that is installed in a car when a customer has an intermittent problem (and
which) mechanics can later read and attempt to diagnose the problem. He
asserts a "risk" in that data so recorded might be used in legal activities
following an accident while such a device is in use.
On the other hand, one might ask "risk to whom?" The principal risks in the
use of such a device seems to be to the careless driver and to negligent auto
manufacturers. Flight data recorders on aircraft seem to be a risky only to
the extent to which they fail to provide sufficient information on the cause
and responsibility for a crash.
Do we really want to hide behind arguments about "risk" in an effort to avoid
responsibility for our actions? One of the great (potential) contributions of
computers is their ability to provide information which can improve the safety
of our transportation systems. (Yes, I'm aware of the risks of doing this
improperly, carelessly, etc.) The risk in John Moore's world seems to be NOT
to collect the "flight" data.
-Brint
The use of "active badges" at Xerox EuroPARC was the subject of a one-page article in the 16 May "Economist." The article discussed the basic technology, and also discussed the risks of "as long as users actually wear their bleepers, the system records where each person has been during the day, for how many minutes, and with whom. Soon, it will be able to record telephone conversations and identify types of meeting, too ... this will be an 'aide memoire,' but it will also be a way in which managers can keep tabs on their employees."
The article has prompted me to report an interesting risk of using active badges. The main concern here when the system was installed was that the system would assist a thief in identifying empty offices for nefarious purposes. We now have evidence of such a use, albeit for a very minor theft of intellectual property. I was somewhat surprised the other week to walk past a printer in the Laboratory and see it printing out a draft copy of a book on which I am working. I hadn't printed it. A quick check by our systems manager determined that it had been printed by one of the students in the Department. A further check determined that the student had used the active badge system to verify that I was not in the vicinity when he printed the draft. Unfortunately for him, the print queue jammed for six hours and the job was released at precisely the wrong moment... The moral seems to be that the risk of systems revealing locations (automatic vehicle identification for road tolls, on-line credit card processing, active badge systems and so on) is not that they allow other people to know where you are (after all, anyone could hire a private detective to tell them that), but that they tell people where you are not. - Peter Robinson.
The proposal for Caller ID in California (probably the PUC gave the minimal conditions they would accept) was to have free per-call blocking, no per-line blocking, with no mention of ovverides, except: a blocked call would still be recognized by Call Trace or Call Return. I don't know the current status of the proposal.
I see that the telco's are fighting to prohibit normal users from specifying
per-line blocking of Caller-ID. Is anyone selling phones that will
automatically prepend the call-block code (*67 or whatever) whenever you dial,
effectively circumventing the lame telco restriction? You can already program
it into your speed-dials buffers, but this would allow you to forget about it
when you dial normally.
Andrew Tannenbaum Interactive Cambridge, MA +1 617 661 7474
This is quoted from Action Line, a write-in column of the San Jose Mercury
News. The paper was dated 8-Jun-1991.
"Q: The other day, I was visited by a representative of Heritage Cable, stating
he was here to investigate the purchase of an illegal de-scrambler that he said
I bought in 1987. He also stated that he had every right to inspect the line
that went into our household. I felt outraged to be woken up — I work nights
-- for such a rediculous and demeaning experience. I've had cable at this
address since 1986. Does the Heritage Cable representative have the right to
inspect inside our house?
"A: They do, says Mark Solins, Heritage's director of field service. Solin
says the cable company receives lists from the Federal Bureau of Investigation
every so often with names of people who bought de-scramblers for the purpose of
obtaining a cable station without paying the cable company for the right to the
air waves. The FBI doesn't monitor all de-scrambler sales, but does get
involved if it learns of illegal activity. Solins says the contract you signed
when you signed up for cable allows a company rep the right to inspect the
cable service and line. Solins says your name popped up on a recent list the
FBI sent to Heritage. Solins says no illegal de-scrambler was found in your
home. Evidently, someone who used to live in the rear of your property ordered
the de-scrambler, under your name and address and used it to pick up cable
waves without subscribing to the service."
Ed Greenberg, P. O. Box 28618, San Jose, CA 95159 Work: +1 408 764 5305
[Also contibuted by Mark Thorson, who prefaced the item with this:
"Although not directly related to computer RISKS, it's easy to see how
electronic means for detecting illegal cable hookups could be adapted to
exploit this mechanism for running roughshod over individual privacy.
Mark Thorson (a.k.a. mmm@cup.portal.com)." Mark also added EMPHASIS to
the line beginning "SOLINS SAYS THE CONTRACT YOU SIGNED ..." PGN]
Please report problems with the web pages to the maintainer