Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Excerpts from an article in the August 2, 1992 Boston _Globe_: "Judges Not Quick to Punch; Computer KO's Griffin" BADALONA, Spain — Science lied yesterday. Five judges watching American light flyweight Eric Griffin fight Spaniard Rafael Lozano ... said the gold medal favorite had advanced as expected into the quarterfinals. Three said he did it by a wide margin. ... A computer said differently. The computer lied. What the computer insisted ... was that Eric Griffin was a 6-5 loser. And for the moment at least, that decision will stand, regardless of the opinion of the five men who actually watched the fight. ... Actually, after a review of the scorecards, it seemed more like some kind of computer glitch, but the result was the same. Elimination of a fighter. Destruction of a dream. Sorry about that. ... Under the scoring system, at least two judges must hit a button that registers a scoring point within a second after the first judge does. If the do not, the point is not awarded by the main frame computer, even though each point will be recorded individually. The individual judges scored the match 10-9, 26-17, 18-9, 19-10, and 8-5. The article said the system was installed after a Korean fighter won a victory at the 1988 olympics even though general opinion was that he lost the fight. [Later stories indicate the appeal failed. PGN]
[AP excerpts by Joe, from an article by W. Dale Nelson, 30 Jul 1992] Changes in wiretapping laws proposed by the FBI need further work, said Rep. Edward J. Markey, D-Mass, Chairman of the House subcommittee on telecommunications and finance. (In May, the FBI called for legislative changes to enable it to tap into new technologies such as cellular and ISDN.) Markey said a report by GAO "shows that more work needs to be done before the FBI's proposals can be seriously considered by the Congress. ... Before we impose wholesale changes on the communications industry, we must understand the details of what the FBI needs for each technology, and how those needs can be met with minimal costs to consumers and minimal threat to the telephone network." The GAO said it could not answer questions about the impact of the FBI proposals on costs, benefits and alternatives until the FBI had more clearly defined its specific needs. It also said the least intrusive alternatives could not be determined until the telecommunications industry had received and analyzed information on the FBI's needs. It said the correct solutions "will vary with the technology" but its analysis of the technological alternatives had been classified by the FBI and could not be disclosed. The budget submitted to Congress by the FBI in February included $26.6 million to update eavesdropping techniques.
I heard on Radio 4 today that the UK government is considering farming out the Inland Revenue's computer operations to a private company. Currently the IR spend 250M pounds per year on computing and hold some 40M files. 5 possible contractors are being approached, including IBM, DEC and ICL. A union representative gave a long list of reasons why this was a bad idea, starting with confidentiality. He claimed that the IR has a good reputation on this, and worried that a commercial company might not be as honest. The government either was not represented or did not comment. Paul Johnson (paj@gec-mrc.co.uk). | Tel: +44 245 73331 ext 3245
>From "World Press Review" quoting "China Daily", Beijing [!]: The government of Singapore has announced a plan to link all households through grids of fiber-optic cables that will allow high-speed exchanges of text, sound, video and other media. The project called the National Information Infrastructure (NI), will also include a wireless communications network to give mobile-computer users access to information services. The NII is part of Singapore's drive to become a world leader in information and communications technology, which officials see as the backbone of 21st-century economies. Towards this end, all citizens 18 and older have been issued identity cards that allow government ministries and other bodies to cross-index information about them.
To bank to make deposits and withdrawal for lunch money. Chat with neighbour while Sweet Old Thing (i.e., my age) dithers with machine. Murmur from SOT: "Oh, dear. I have to make a deposit." Neighbour points out "deposit" key. More chat with neighbour. Murmur from SOT: "Does the stripe go up?" Neighbour points out picture of card (showing orientation) above slot. More chat with neighbour. Murmur from SOT: "It's still not going it." (ATM has by this time, shut down.) (Still need to deposit and withdraw. Look at lineup for tellers. Recall last time I used "manual" cashier: no lineup at cashier, five people in line for ATM. Thought I was really smart until realized that all five people at ATM have completed transactions before I got my money. Decide to eat at "golden arches".) Go to Skytrain station. Couple (of SOTs) at next ticket machine looking very worried. Take bill from wallet. Accidentally tear bill. Replace bill in wallet, take other. Complete transaction with ticket machine. Couple at next machine: "How do you work this?" Point out large legend at top. A: look at map, check how many zones to cross; B: push button for number of zones (machine displays price); C: put money in (pictures of acceptable coins over coin slot, acceptable bills over bill slot); D: take ticket. Point out large A by map, B by buttons, etc. Couple goes back to worrying in front of next ticket machine. Recall study on data base interface. Experimental systems: two commercial systems, three diverse experimental interfaces, one super-deluxe-easy-to- use-never-meant-to-be-implemented-because-*too*-easy-and-takes-too-much- processing-power-to-run inteface. Super-deluxe is natural language interface. Results show no benefit from any system. Further (frantic) investigation reveals subjects, normal data base users, cannot consistently make query in own native language. Become very depressed. Vancouver Institute for Research into User Security, Vancouver, Canada V7K 2G6 ROBERTS@decus.ca Robert_Slade@sfu.ca rslade@cue.bc.ca p1@CyberStore.ca
> The HRS' balky new $104.2 million computer thinks she is the St.Petersburg > Samantha, eligible for the same benefits and listed with the same Social > Security number, the Pensacola mother said. .. It looks to me like there is another risk here. HRS paid $104.2 million dollars for that system! There is simply no excuse for spending this much money on such a system. This is the risk of letting government agencies buy computer systems... not only do they not work.... they also cost too much!
In RISKS-13.68, <SATRE@cisco.nosc.mil> implies that the "risk of tying up 911 with a non-life threatening call" is much more serious than the jailing of a woman who called 911 to complain about a loud street party. Alas, in many big cities, if you want a police officer to appear at the scene, you MUST dial 911. Let's take New York City as an example -- Here's what happens if I call 911 about an incident: the 911 operator types in the address where I am reporting an emergency, then types in my description of the problem. The report is then sent onward ( as a computer message) to the dispatcher for the police precinct in question. The report appears on the dispatcher's screen, who finds an available police car and reads the report over the radio to the police officers who will handle the "job". If any person in this chain of events screws up — if the police officer never shows up, if the dispatcher never calls a police car, etc., the responsible party can usually be determined by following the computer audit trail. The computer system also tracks the status of the report and I've often heard dispatchers radioing police officers asking them about the status of "jobs" that were resolved hours ago but were not cleared in the computer. When there are too many reports that have not had officers sent to them, the dispatcher announces an "alert" in the precinct and the officers race to finish up their current "jobs" and get to the new ones. The result is that there is a fair amount of machinery keeping track of a call to the police. But if I call my local precinct directly with a non-life threatening situation, a bedraggled desk officer will answer the phone, take my complaint, and then, if he or she feels like it, call 911 in order to get a car dispatched. If the desk officer doesn't feel like sending a car right away, they might type the complaint into the dispatch system as a "past complaint" job, and someone MAY get around to acting upon it much later that evening. Worst of all, the desk officer has the option of simply ignoring my complaint, and there is no mechanism (apart from me calling back again when I see no one has acted upon my call) to detect that he has done so. I've found that if I want the police to respond to nuisances like car alarms or street disputes, I have to call 911. The computer-human interface that is at the core of so many emergency dispatch systems has other quirks, too. In New York City, one sad side-effect of the "alert" mechanism described above is that the dispatcher will start assigning multiple jobs to the same patrol car in order to convince the computer that the precinct is no longer in "alert" status. Never mind that officers in the same car cannot be in two places at once, or that they might be diverted before they can handle the second "job" — it keeps the computer happy. Ed Ravin, Prodigy Services Company, 445 Hamilton Avenue, White Plains, NY 10601 elr@trintex.UUCP philabs!trintex!elr +1-914-993-4737
RGB Technology/703-556-0667 <SATRE@cisco.nosc.mil> (...) asks about the "much more serious risk of tying up 911 with a non-life threatening call." This points out another risk: that of using systems in ways not originally intended. 9-1-1 service was originally for emergencies only (or so I believe). But it turns out that the *only* way to have a police car dispatched in Pittsburgh is to call 911. Calling the neighborhood police station (5 blocks away!) doesn't work---they direct you to call 911. I suppose there's also a risk here that a distributed system (local police stations) has been replaced by one with a single point of failure. I also wonder whether if I called the local station about an imminent threat whether they'd respond, or just say "call 911." Derek_Beatty@cs.cmu.edu (No NeXTmail! MIME Ok.) PhD student 412 268-7898 Computer Science, Carnegie Mellon Univ., 5000 Forbes Ave, Pgh PA 15213 USA
DLSF Systems Inc. will be presenting a Software Hazard Analysis Course which will include practical insight, procedures and guidelines, 24-26 August 1992, in Ottawa, Ontario. For further information, please contact DLSF Systems Inc., Susan Fraser, (613) 592-8188 (voice), (613) 592-2167 (FAX). Must register by 14 August.
CPSR Recommends NREN Privacy Principles (24 Jul 1992) WASHINGTON, DC — Computer Professionals for Social Responsibility (CPSR), a national public interest organization, has recommended privacy guidelines for the nation's computer network. At a hearing this week before the National Commission on Library and Information Science, CPSR recommended a privacy policy for the National Research and Education Network or "NREN." Marc Rotenberg, Washington Director of CPSR, said "We hope this proposal will get the ball rolling. The failure to develop a good policy for the computer network could be very costly in the long term." The National Commission is currently reviewing comments for a report to the Office of Science and Technology Policy on the future of the NREN. Mr. Rotenberg said there are several reasons that the Commission should address the privacy issue. "First, the move toward commercialization of the network is certain to exacerbate privacy concerns. Second, current law does not do a very good job of protecting computer messages. Third, technology won't solve all the problems." The CPSR principles are (1) protect confidentiality, (2) identify privacy implications in new services, (3) limit collection of personal data, (4) restrict transfer of personal information,(5) do not charge for routine privacy protection, (6) incorporate technical safeguards, (7) develop appropriate security policies, and (8) create an enforcement mechanism. Professor David Flaherty, an expert in telecommunications privacy law, said "The CPSR principles fit squarely in the middle of similar efforts in other countries to promote network services. This looks like a good approach." Evan Hendricks, the chair of the United States Privacy Council and editor of Privacy Times, said that the United States is "behind the curve" on privacy and needs to catch up with other countries who are already developing privacy guidelines. "The Europeans are racing forward, and we've been left with dust on our face." The CPSR privacy guidelines are similar to a set of principles developed almost 20 years ago called The Code of Fair Information practices. The Code was developed by a government task force that included policy makers, privacy experts, and computer scientists. The Code later became the basis of the United States Privacy Act. Dr. Ronni Rosenberg, who has studied the role of computer scientists in public policy, said that "Computer professionals have an important role to play in privacy policy. The CPSR privacy guidelines are another example of how scientists can contribute to public policy." CPSR is a membership organization of 2500 professionals in the technology field. For more information about the Privacy Policies and how to join CPSR, contact CPSR, P.O. Box 717, Palo Alto CA 94302. 415/322-3778 (tel) and 415/322-3798 (fax). Email at cpsr@csli.stanford.edu.
Please report problems with the web pages to the maintainer