Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Today's New York Times contains a front-page article on an event also widely
reported elsewhere: The use of a computer to "re-construct" one of the Dead Sea
Scrolls.
As readers may recall, the Scrolls were found in a series of caves in the
desert in Israel over forty years ago. Some of the Scrolls contain the
earliest known texts of books of the Bible; at least one is apparently a sixth
book of the Old Testament, which along the way was lost.
Control of the Scrolls was given to a small group of scholars, who've been
slowly - very slowly - publishing them. Their practices have lead to many
protests by other scholars, who have been denied any access to the unpublished
Scrolls - at this point, more than half of them.
While much of the material remains unpublished, the controlling group has
published extensive concordances of most of it. (A concordance lists each
word that occurs in the text, together with an indication of exactly where
it occurs - i.e., it's a cross-reference map.)
A group at Union Hebrew College in Cincinnati realized that a concordance
contains all the information necessary to reconstruct the text. They wrote
a program for a Mac to do just that, and have just published their first
reconstructed version of a previously-unpublished Dead Sea Scroll.
A controversy has, of course, been ignited by this action. The group that
control the Scrolls claim this is plagiarism, for example.
What I find interesting about the whole business is the way it brings to
attention the degree to which the widespread availability of computation make
it very hard to release partial information. Partial information about some
set of data usually implicitly constrains additional information about the
same set of data, information that the releaser may not have intended to make
release. Actually determining the implicitly-specified information may
involve a very large amount of work - but computers make it quite practical.
This issue has, of course, come up before. Much work has been done on the
problem of allowing access to broad statistics from large databases without
allowing information about individual records to be determined. This work is
too technical for most people to integrate.
The Reagan administration tried to create a new class of "unclassified by
sensitive" information, which would be protected in some way because when
pooled it could reveal valuable, perhaps classified, data. The broad mistrust
of administration motives in the national security area, coupled with a lack of
convincing examples, kept this from really entering the national consciousness
either.
The Dead Sea Scrolls case is easy for people to understand - they can clearly
see how the approach works. It will certainly be the example I use in the
future for explaining the difficulty of security problems. How much of an
impact it will have on people's understanding and views, I don't know - I
suspect little. But a few more instances of this use of computers - perhaps
in more threatening circumstances, for example a data-matching program that
led to large numbers of IRS actions against "the common man" - and the impact
could become significant. How people will react when the realization comes
home, and what kind of protections they will want, I have no idea.
— Jerry
We use several small, portable computers to control some mobile communication equipment. These computers are powered by rechargeable batteries. We have had problems charging the batteries of some units, even some brand new ones. We consulted the supplier who told that the battery charging is UNDER SOFTWARE CONTROL, as is the charging indicator LED. So, if you discharge far enough for the processor to stop operating, you can sometimes not charge the batteries! There is some bypass circuitry which allows very slow charging, it takes about 4 days to charge to operating condition. Since the LED is also non-operational, you do not know whether you are charging or not. Erling Kristiansen, ESTEC, Noordwijk, The Netherlands.
[The following article by Dinah Wisenberg Brin appeared in the July/August issue of the Common Cause Magazine, vol.17, no.4, pp.8-9, and is reprinted with permission of Deborah Baldwin, Common Cause, 2030 M St. NW, Washington DC 20036, 202-833-1200. PGN] The U.S. Postal Service — the butt of so many complaints about inefficient service — is on its toes in one way the average mail recipient might not appreciate. The same system that enables the Postal Service to forward your mail to a new address also alerts scads of direct marketers — from the folks at your favorite mail-order company to those pesky tricksters who say they have a special gift waiting if only you'll call - to your new whereabouts. The system seems to work for better and for worse. For better: You get the mail you want and the Postal Service saves time and money by not delivering mail to the wrong address. For worse: Junk mailers you never wanted to hear from discover your new address and waste no time making use of it. Postal officials insist that they share change-of-address information only with those who already have your old address. But thanks to the large-scale selling and renting of customer lists among direct mail marketers, some companies that never knew you existed will have your particulars. The Postal Service forwards about 2.3 billion pieces of mail a year for the 40 million Americans who move annually, at a cost of some $1 billion, says Bob Krause, director of the Postal Service's National Change of Address (NCOA) system. Meanwhile 19 companies, including some of the largest direct-marketing list management firms, pay the Postal Service an annual fee of roughly $48,000 to receive computerized NCOA updates every two weeks. These "licensees" then provide the updated information to their customers, who pay for address changes for consumers already on their mailing lists. The Post Office places great importance on keeping address-correction information secure, Krause says, and the licensees must follow strict guidelines on what they can do with it. They may not use the information to develop mailing lists. But direct marketers who properly obtain the information from the Post Office or its licensees can make it available to others with impunity. Ann Zeller, vice president for information and special projects of the Direct Marketing Association, concedes that firms can buy names from a direct mailer who has a consumer's new address. Evan Hendricks, editor of the Washington-based Privacy Times newsletter, is "very suspicious" of the system. Without realizing it, individuals who complete change-of-address cards are ``permanently giving away their addresses to anyone who asks for them,'' he says, and that should be clearly explained on the card. Of course a change-of-address card is only one of many methods direct mailers have for learning a person's new address. Those who would sell you their wares also mine motor vehicle records, voter rolls, magazine subscription bases, home purchase records and other sources. There is a way out. Individuals who want their names removed from various mailing lists can contact the New York-based Direct Marketing Association, which runs a name and address "suppression" service. But, Krause notes, "If you buy something at your new address from any direct marketer, your name will be on a number of lists within weeks." -- Dinah Wisenberg Brin (a freelance writer now living in Hollidaysburg PA)
A previous post on this topic notes that in the snail-mail world we have one
central Post Office, and they perform services for us such as mail forwarding,
and that many companies do not extend such courtesies with E-mail.
In my view, there is no reason why should we expect private firms to provide us
with a full service E-mail address. It is not their business. It is the
business of the post office to forward the regular mail. If you want an E-mail
service which will be a universal address, from one job to the next, then it is
available on public access bulletin boards (or whatever you call them) such as
the Well in San Francisco, or Portal Communications in the South Bay. Just
have everyone send mail to you at those addresses, and have it forwarded to
your work account automatically.
My point is that free access to the internet is a service we have all come to
expect, even though we don't pay for it (at least not directly). If you really
want the service, all the time, you'll have to pay for it.
— Robert
[Several people noted that NIC.DDN.MIL provides a "whois" service.
It seems appropriate that everyone should register, although its primary
charter in the past has been to include all MILNET folks (and earlier, all
ARPANET folks), and it is not at all clear what would happen if everyone in
internetland were to register. I see that David Parnas is NOT listed, but I
am, for example. If you wish to be added, send mail to NIC@NIC.DDN.MIL and
see what happens. Following is an excerpt from the latest DDN bulletin, put
out by DISA (formerly DCA), which suggests that the transition on 1 Oct 91
is supposed to be almost seamless... PGN]
**********************************************************************
DDN MGT Bulletin 84 DCA DDN Defense Communications System
4 Sept 91 Published by: DDN Network Info Center
(NIC@NIC.DDN.MIL) (800) 235-3155
DEFENSE DATA NETWORK
MANAGEMENT BULLETIN
The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network
Information Center under DCA contract as a means of communicating official
policy, procedures and other information of concern to management personnel at
DDN facilities. Back issues may be read through the TACNEWS server ("@n"
command at the TAC) or may be obtained by FTP (or Kermit) from the NIC.DDN.MIL
host [192.67.67.20] using login="anonymous" and password="guest". The pathname
for bulletins is DDN-NEWS:DDN-MGT-BULLETIN-nn.TXT (where "nn" is the bulletin
number).
**********************************************************************
The transition of the Network Information Center from SRI
International in Menlo Park, CA, to Government Systems Inc. in
Chantilly, VA, is officially scheduled for 1 October 1991. This
includes the transition of services currently offered to DDN and
Internet users by SRI, such as network/user registration, on-line
information services, and Help Desk operations. SRI will continue to
provide all NIC services, to include responding to all user calls and
requests, until 30 September 1991.
DISA and GSI will make every effort to ensure a smooth and timely
transition of NIC services from SRI. Network users should be
minimally impacted. With a few minor exceptions, all on-line services
currently offered by SRI will appear the same to the user when a
connection is established to the new (GSI) NIC host. These exceptions
are due to the change from the TOPS20 operating system to the SunOS
operating system. The new NIC host is a Sun 470 SPARCserver running
SunOS 4.1. All users on the DDN and the Internet should carefully
note the following changes:
Government Systems, Inc., Attn: Network Information Center,
14200 Park Meadow Drive, Suite 200, Chantilly, VA 22021
Help Desk Telephone Numbers [after 1 Oct 1991]:
1-800-365-3642 (1-800-365-DNIC)
1-703-802-4535
Help Desk Hours of Operation: 7:00 am to 7:00 pm Eastern Standard Time
Fax Number: 1-703-802-8376
Network Address: 192.112.36.5 (NIC.DDN.MIL)
Root Domain Server: 192.112.36.4 (NS.NIC.DDN.MIL)
During the period of 26 to 30 September 1991 the ID (WHOIS) database will not
be changed. All registration actions for this five day period will be
suspended. This action is necessary in order to transfer the master database
to GSI. Starting 26 September 1991, all U.S. mail and fax requests should be
addressed to the GSI address and fax number shown above. All electronic mail
requests should continue to be directed to the "HOSTMASTER" and "REGISTRAR"
mailboxes at NIC.DDN.MIL. As appropriate, SRI will redirect electronic mail to
GSI. On 1 October 1991 all registration activities will resume to include the
normal generation of DDN TAC access cards. Currently-valid TAC access cards
will remain valid until the normal expiration date.
IMPORTANT! Hosts not using the domain naming system should edit their host
tables prior to 1 October 1991 to reflect the change in GSI's domain name
DIIS.DDN.MIL (192.112.36.5) to NIC.DDN.MIL and delete the current NIC.DDN.MIL
(192.67.67.20) from their tables. The GSI IP address, 192.112.36.5, will not
change and may be used in lieu of the domain name. GSI will re-generate all
informational and network tables (i.e., host tables) no later than 8 October
1991. All tables will be available using the same access method currently used
to download from the SRI NIC.
We hope that the transition and its accompanying changes will not greatly
inconvenience network users, and we thank you in advance for your patience and
understanding. For general questions regarding the transition, users may call
the new NIC Help Desk after September 1, 1991 at 1-800-365-3642. Questions
regarding NIC operations policy should be referred to Mr. Wil Pitre of
DISA/DODS at (703) 692-2771 (DSN) 222-2771. Questions regarding NIC
contractual matters should be referred to Mr. Tyrone Smallwood of DISA/DISCA.
In Ontario, the "bizarre character" is a small crown. Every non-vanity plate has one, which is used as a separator between the first three-character group and the second. However, the crown _is_ user-selectable in vanity plates, so it is quite possible to have a plate reading "M*A*S*H" (where stars are substituted for the crowns). According to some local discussion, however, they are identical to spaces (but not identical to nothing). Hence "M*A*S*H" == "M A S H" != "MASH". You can guess how much trouble this causes. David J. Fiander, SCO Mail Technology Group, SCO Canada, Inc.
I was not aware that NH allows spaces in license plates (when I asked for the plate "DR TOM" I was told I could not have an embedded space, and got the plate "DR-TOM" instead; my NY plate used to be "DR BLINN", which I've embellished with a "::" to match my node/user name and have posted on the wall in my office). [...] On the matter of unusual characters (both on and off license plates): In New Hampshire, "handicapped" plates have a graphic representation of a wheelchair on them — all the ones I've seen have it at the front, with a sequence of letters and digits following. I have no idea how this gets represented on, say, a parking ticket. In Massachusetts, some plates have "EX POW" (stacked "EX" over "POW"), and then a three or four-character plate number. I somehow doubt the standard ticket blanks can readily record this, and I also doubt that the automated systems can easily cope with it — especially outside Massachusetts. And so on.. There's a rumor that John Sununu's personal NH license plate bears the legend "Fly Free or Drive", but I can't confirm that one, either.. Dr. Thomas P. Blinn, Digital Equipment Corporation, Digital Drive — MKO2-2/F10 Merrimack, New Hampshire 03054 ...!decwrl!dr.enet.dec.com!blinn (603) 884-4865
While Mr. O's particular problems may have been exacerbated by the referenced
software that looks at "O" as part of "O'<something>" names, I do find it
surprising that single-letter last names would have not been considered and
programmed for in current versions of software. How many years ago was it that
Malcolm X was a national figure? There have been decades since then! Plenty of
time for the accommodation of such "initial-names" to have percolated
throughout the banking/billing/governmental computer systems, one would
think...
Or is it part of the mentioned ethnocentrism to assume that people with
single-letter names would not wish to participate in the established economic
and social systems? Someone who was angry enough to change their name to "X"
wouldn't want a driver's license, or to borrow money, or to be on any
computerized records or database? Seems a rash assumption...
Will
A similar case (somewhat earlier) of a Minnesota man who wanted to change to
1069; his legal name had to be One Zero Six Nine.
Merlyn LeRoy
There is a proposed character set, Unicode, that is intended to encode all glyphs. That is a bit ambitious since a lobster picture will still present a problem, but does go a long way towards dealing with national alphabet problems. Don't forget that Risks Digest is mired in limited AmericanSCII and thus cannot provide an effective representation for much that we talk about. Of course, we have some workarounds such as saying "Umlaut" (I can't even backspace to use a " as an umlaut as per ASCII conventions!).
David Parnas writes:
What is needed is a personal communication system, one where the individual's
address is independent of his (or her) location on the computer network...
Peter Neumann adds:
But it certainly would be nice...
Gee, fellows, it sounds very much like an Internet Social Security Number, and
we've had endless discussions over the years about the computer-oriented (and
other) risks of having and using universal identifiers!
In the context of "privacy," which also commands attention in this and other
forums (fora?), perhaps one need only keep a list of those folks with home
he/she wishes to maintain communication and send them "change of address"
notices.
_Brint
There is a simpler way to confuse electronic mail. Change your last name. Often happens when people get married. Trivial to overcome the problem, but my impression is that corporate mail managers don't think about these things. A closely related issue is role vs personal addresses. In paper mail systems people will guess at whether mail is addressed to the current "Sales Manager" or the previous one. Email systems can force one to do it "right" by mindlessly forwarding based on the exact address given, but the corresponding social conventions don't exist — people will bind to whichever address works once and irregardless of the official purpose of the given address (I call this the "turn left at the cow" syndrome). The Risk here is that the technology exists for a more elegant solution that the users are ready to understand.
We have a curious mixture of various interpretations of ASCII. ^C , for example is ETX (End of Text) and has evolved into an interrupt key on some systems. But keys on a PC labelled ESC and Break (for example) have a obvious semantic meanings. Since ASCII is utterly meaningless in PC keyboard (VS TTY Keyboard) decoding, it is better design to feed into user's naive intepretations than to try to teach them arcane history. Actually, the battle between ASCII and UI designers has been going on for a long time. Back in the 60's the QED editor on the SDS-940 used mnemonic bindings of control keys (predated Emacs by nearly a decade). Of course, violating ASCII has its costs, the use of ^S/XON and ^Q/XOFF be Emacs is rather unfortunate.
Please report problems with the web pages to the maintainer