Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
>From the New Scientist 28 March 1992 - a follow up to "Patriot missiles misled by `accidental' decoys" (RISKS-13.19). The Pentagon is accusing one of its scientific critics of publishing secret data on the Patriot missile. The scientist, Ted Postol of MIT, says that all his information came from published sources and his own calculations. The row began after Postol published a 50-page article on the Patriot's performance in the Gulf War in the journal "International Security". The article presents evidence that the Patriot missed most, and perhaps all, the Iraqi warheads it was fired at. (New Scientist 15 Feb 1992) Postol has worked for the US Navy and consulted nuclear weapon laboratories in the past. He has a security clearance that allows him access to classified information. But he says he purposely stayed away form all classified briefings on the Patriot so that he could make his conclusions public. On 13 March, Postol was visited by an investigator from the Defense Investigative Service. The DIS officer wanted Postol to attend a classified meeting to discuss where he had obtained the information for his article. Postol refused, saying that if he did, he would really learn secret information about the Patriot, which would prevent him from talking about it. The investigator then informed Postol that he would have to stop discussing the article in public anyway, because the US Army had decided that it contained secret data. If Postol refused, he would be in violation of his secrecy agreement with the government and could lose his security clearance. Postol says he found his order incredible, and asked to have it in writing. More than a week later, on 19 March, he was told that a letter was waiting for him at the Mitre Corporation, a nearby military contractor. In a Kafkaesque twist. the letter itself was classified, so Postol is refusing to read it. Last week, the Pentagon disclosed that the Raytheon Corporation, which manufacturers the Patriot, had started the entire affair. Raytheon executives had sent a copy of Postol's article to the Army. suggesting that it might contain secret information. Pete Williams, the Pentagon spokesman, tried to play down the affair last week. He told reporters that the DIS was carrying out a routine investigation and "no final determination has been made" on whether Postol's article contained secrets. A Congressional committee has taken up Postol's cause, and is investigating whether the Pentagon is abusing its classification system to silence a critic. [I feel that Postol must have a point, given the rather backdoor methods being used to stop him blowing the whistle any more.] Lord John - the programming peer
The following appeared in my mailbox. (Don't know the name of the person who originally sent it; I was at the end of a moderate-sized forwarding chain.) On Peter Ross's ABC-TV arts show on Sunday Afternoon, the avant garde composer John Cage was featured performing his 4'33". It consists of the performer(s), armed with a stopwatch, sitting silently on stage for four minutes 33 seconds, with the music consisting of whatever noises come from the audience or outside the auditorium. The TV performance went well, but the ABC was caught out by technology - a fail-safe device turns off studio transmission if there's more than 90 seconds of silence, and puts up a test pattern. It went into operation three times during the performance. Mark Bartelt, Canadian Institute for Theoretical Astrophysics 416/978-5619
Just read in a direct-mail promotional piece for Microsoft Windows 3.1:
You may be wondering _how_ Windows version 3.1 reduces application
errors and system crashes. One of the most powerful additions to
Windows 3.1 is "parameter validation." Parameter validation means
that when information is passed from an application to the Windows
operating system, Windows checks the information to make sure it is valid.
"Focus on Windows," page 8.
Chap Flack chap@art-sy.detroit.mi.us
D E F E N S E I N F O R M A T I O N S Y S T E M S A G E N C Y
Dept: DNSO/DISM
Tel No: 703 285 5459 (DSN) 356
In RISKS-13.31, Sanford Sherizen wrote:
<> I have had two separate reports from people working for U.S. Government
agencies that the Department of Justice has advised them that trapping
of keystrokes is a violation of the Electronic Communications Privacy
Act and similar privacy-related legislation. Those who mentioned it to
me seemed to imply that the keystrokes being discussed were related to
access control/audit measures rather than worker monitoring technology.
Unfortunately, correct. The situation is roughly analogous to having
to post signs saying that there are TV cameras monitoring your condo.
<> Can anyone clarify and/or verify this information? I would be
interested in finding out if this interpretation only applies to
the Federal Government or to private sector organizations as well?
I don't know about the Electronic Communications Privacy Act, but
National Telecommunications and Information Systems Security Directive
(NTISSD) NO. 600, "Communications Security (COMSEC) Monitoring," 10 Apr 90
(FOUO), makes it a requirement that users of Government telecommunications
systems be notified in advance that their use of these systems constitutes
consent to monitoring for COMSEC purposes. (No, I don't have a copy.)
I'm not a lawyer (my parents are married), but I've been given to
understand that "Government telecommunications systems" means ANY computer
or network whether OWNED or merely FUNDED by the Government. (Can you
say "nearly every system in the U.S."? I knew you could!) If you have
any question as to the applicability to your own situation, I suggest
you hire a member of the Legal Guild who can spell "telecommunications".
F.Y.I., DISA (via DDN Security Bulletin 9123)* strongly "recommended"
that all DDN hosts insert one or the other of the following in their
"WELCOME" messages, either:
"GOVERNMENT TELECOMMUNICATIONS SYSTEMS AND AUTOMATED INFORMATION
SYSTEMS ARE SUBJECT TO A PERIODIC SECURITY TESTING AND MONITORING TO
ENSURE PROPER COMMUNICATIONS SECURITY (COMSEC) PROCEDURES ARE BEING
OBSERVED. USE OF THESE SYSTEMS CONSTITUTES CONSENT TO SECURITY
TESTING AND COMSEC MONITORING."
— or, for those sites with limited bandwidth, --
"USE CONSTITUTES CONSENT TO SECURITY TESTING AND MONITORING."
It's my understanding that the wording of these "un-WELCOME" messages
was worked out with no little blood on the rug.
<> If my information is correct, this may mean that important information
security efforts could be considered as illegal activities.
Very true. For example, an "alleged penetrator" (prosecuting attorneys
prefer to avoid the H(acker) word as "too warm and fuzzy") was monitored
while committing (what I'd consider to be) electronic breaking and entry.
He got off because he hadn't been warned that he was being monitored.
(This may be hearsay, but it is NOT apocryphal; I know some of the parties
involved and have suppressed the names to protect those found Not Guilty.)
<> The crunch between old laws and new technology grows daily.
This is news? (Rhetorical question)
Tom Zmudzinski,
Non-Specializing Specialist in AIS Security
for the Defense Information Systems Agency
* DDN Security Bulletin 9123, 5 November 1991, may be obtained via FTP
(or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and
password="guest". The bulletin pathname is SCC:DDN-SECURITY-9123.
Lance Hoffman's posting on Friday mentioned the New York Times Op-Ed dialogue between FBI Director William Sessions and Janlori Goldman, director of the ACLU Privacy and Technology Project. Kurt Sauer posted Director Session's article; at the risk of preaching to the choir, herewith is Ms. Goldman's reply. Keeping an Ear on Crime: Why Cater To Luddites? By Janlori Goldman The Federal Bureau of Investigation says advances in the telecommunications industry are likely to make it difficult to use its old-fashioned wiretapping techniques to listen in on telephone conversations. The F.B.I.'s solution, in legislation the Justice Department is asking Congress to pass, is to force the telecommunications and computer industries to redesign their modernized systems to accommodate the bureau's needs. Unfairly, the F.B.I. wants consumers to pay for it through rate increases and higher equipment costs. The telecommunications and computer industries both oppose a bill that would mandate such sweeping regulations. The proposal makes the bureau look like Luddites, the 19th century English weavers who smashed new machines that they claimed put them out of work. Instead of keeping up with new developments, the F.B.I. wants to freeze progress. It is wrongheaded and dangerous to require the industry to put surveillance first by slowing innovation and retarding efficiency. How can the F.B.I. justify this policy at home while the White House is wringing its hands over U.S. competitiveness in the international market? The F.B.I. fears that new digital technology will make it difficult, even impossible, to listen in on conversations by using traditional wiretapping equipment. The new technology converts voices and data into electronic blips and reconverts the blips into voices and data near the receiving end on high-speed fiberoptic lines. The bureau overstates its concern. The telecommunications industry says it is not aware of a single instance in which the F.B.I. has been unable to tap a line because of the widespread new technology. Even the Director, William S. Sessions, admitted in a Congressional hearing last week that no warrant has been issued that could not be executed. At issue is the F.B.I.'s ability to wiretap in the future. But the answer is not a legislative fix that freezes technology. The F.B.I. is not only asking the industry to dumb down existing software, it wants to prohibit it from developing new technologies that might interfere with the Government's ability to intercept various oral and electronic communications. The proposed restrictions not only cover phone companies but also on-line computer services (such as as Prodigy and Compuserve), electronic mail systems and bulletin boards, and switchboards. The F.B.I. says its proposal only seeks to preserve its legal authority to wiretap. Actually, it wants to expand the power of the Federal Communications Commission, which regulates the telecommunications industry, to make the F.B.I.'s needs a priority in designing new technologies. In its legislation, the Government threatens to impose a $10,000-a-day fine on companies that develop technologies that exceed the F.B.I.'s technical competence. The F.B.I. has it backward. If the Government wants to engage in surveillance, it must bear the burden of keeping pace with new developments. Last year, Congress appropriated $80 million for a five-year F.B.I. research effort focused on telecommunications advances. There is a serious risk that rollbacks in advances may make telecommunications networks more vulnerable to unauthorized intrusion. One of the industry's main goals is to design secure systems that thwart illegal interception of electronic funds transfers, proprietary information and other sensitive data. The F.B.I. is not the only agency trying to block progress. The National Security Agency has tried to put a cap on the private development of technology in encryption, the electronic encoding of data to guard against unauthorized use. As the private sector develops more effective encryption codes to protect information in its data bases, the N.S.A. worries that it may have trouble breaking such codes in its intelligence gathering overseas. The agency is denying export licenses for certain encryption codes, thus inhibiting the private sector's development and use of the technology. Congress should defeat the proposal. Otherwise, we may be prohibited from erecting sturdy buildings if the thick walls prevent an F.B.I. agent from eavesdropping on a conversation through a cup pressed to a wall.
Every telephone switch I have ever encountered had the capability of monitoring
individual conversations, even when those conversations are multiplexed
together with other connections in the switch. While my experience is not as
wide as others in the telephone field, it would seem to me that such a
monitoring capability is an essential switch design element for diagnostic
purposes, if nothing else.
Thus I do not believe that the FBI has any need for this law; they need only
take their court order to the telephone company and they will be provided with
the tap they have been authorized.
No, it seems to me that the ONLY purpose the FBI has in proposing such a law
would be so that it can make telephone taps WITHOUT the cooperation of the
telephone company. Presumably, the only reason for not wanting the cooperation
of the telephone company is that the FBI in such cases might well not have the
cooperation of the court either - in other words, what they are asking for is
the ability to make warrantless taps.
End-to-end encryption, of course, would NOT fit this model. Nor would it be
prevented by this law, since encryptors can be fitted to any phone without the
cooperation of the phone company.
- Brian
[Forwarded to RISKS by Lance J. Hoffman <hoffman@seas.gwu.edu>
The Washington Post
March 26, 1992
Back to Smoke Signals?
The Justice Department spent years in court breaking up the nation's
telecommunications monopoly in order to foster competition and technological
advances. Now the same department has gone to Congress asking that improvements
in telecommunications technology be halted, and in some cases even reversed, in
the name of law enforcement. The problems facing the FBI are real, but the
proposed solution is extreme and unacceptable on a number of grounds.
Wiretaps are an important tool in fighting crime, especially the kind of
large-scale, complicated crime — such as drug conspiracies, terrorism and
racketeering — that is the responsibility of the FBI. When they are installed
pursuant to court order, taps are perfectly legal and usually most productive.
But advances in phone technology have been so rapid that the government can't
keep up. Agents can no longer just put a tap on phone company equipment a few
blocks from the target and expect to monitor calls. Communications occur now
through regular and cellular phones via satellite and microwave, on fax
machines and computers. Information is transmitted in the form of computer
digits and pulses of light through strands of glass, and none of this is easily
intercepted or understood.
The Justice Department wants to deal with these complications by forbidding
them. The department's proposal is to require the Federal Communications
Commission to establish such standards for the industry "as may be necessary to
maintain the ability of the government to lawfully intercept communications."
Any technology now in use would have to be modified within 180 days, with the
costs passed on to the rate payers. Any new technology must meet the
suitable-for- wiretap standard, and violators could be punished by fines of $
10,000 a day. As a final insult, commission proceedings concerning these
regulations could be ordered closed by the attorney general.
The civil liberties problems here are obvious, for the purposeful designing
of telecommunications systems that can be intercepted will certainly lead to
invasions of privacy by all sorts of individuals and organizations operating
without court authorization. Further, it is an assault on progress, on
scientific endeavor and on the competitive position of American industry. It's
comparable to requiring Detroit to produce only automobiles that can be
overtaken by faster police cars. And it smacks of repressive government.
The proposal has been drafted as an amendment rather than a separate bill,
and there is some concern that it will be slipped into a bill that has already
passed one house and be sent quietly to conference. That would be
unconscionable. We believe, as the industry suggests, that the kind of informal
cooperation between law enforcement agencies and telecommunications companies
that has always characterized efforts in the past, is preferable to this
stifling legislation. But certainly no proposal should be considered by
Congress without open and extensive hearings and considerable debate.
>... When I read between the lines, it >sounds as if Mr. Sessions doesn't want us to use data security which employs >end-to-end encryption; perhaps other RISKS-DIGEST readers will draw different >conclusions. I agree with your conclusions. What I want to know, is wire-tapping really the best way of catching criminals? Sounds like this fellow is belly-aching because his comfy method of listening to other peoples private lives may be in jeopardy! Just wait till the FBI demands that all encryption keys and routines be registered with the FBI for 'security' reasons! Heather M Hinton (mail: heather @ hub.toronto.edu) Dept of Electrical Engineering, 10 King's College Road, University of Toronto
Are computers part of the problem or ... ?
DIRECTIONS AND IMPLICATIONS OF ADVANCED COMPUTING
DIAC-92 Symposium Berkeley, California U.S.A
Sponsored by Computer Professionals for Social Responsibility
May 2 - 3, 1992 8:30 AM - 5:30 PM
The DIAC Symposia are biannual explorations of the social implications
of computing. In previous symposia such topics as virtual reality, high
tech weaponry, computers and education, affectionate technology,
computing and the disabled, and many others have been highlighted. Our
fourth DIAC Symposium, DIAC-92, offers insights on computer networks,
computers in the workplace, national R&D priorities and many other
topics.
DIAC-92 will be an invigorating experience for anyone
with an interest in computers and society.
May 2, 1992
Morris E. Cox Auditorium
100 Genetics and Plant Biology Building (NW Corner of Campus)
University of California at Berkeley
8:30 - 9:00 Registration and Continental Breakfast
9:00 - 9:15 Welcome to DIAC-92, Doug Schuler, DIAC-92 Chair
9:15 - 10:15 Opening Address
Building Communities with Online Tools
- John Coate, Director of Interactive Services, 101 OnLIne
When people log into online communication systems, they use new tools to engage
in an ancient activity - talking to each other. Systems become a kind of
virtual village. At the personal level they help people find their kindred
spirits. At the social level, they serve as an important conduit of
information, and become an essential element in a democratic society.
John was known as a Community Builder at the WELL (Whole Earth 'Lectronic Link)
where he worked tirelessly to build the WELL into a place with clearly
recognizable social cohesion.
10:15 - 10:45 Break
10:45 - 11:15 Presentation
Computer Networks in the Workplace: Factors Affecting the Use of
Electronic Communications
- Linda Parry and Robert Wharton, University of Minnesota
11:15 - 11:45 Presentation
Computer Workstations: The Occupational Hazard of the 21st Century
- Hal Sackman, California State University at Los Angeles
11:45 - 12:15 Presentation
MUDDING: Social Phenomena in Text-Based Virtual Realities
- Pavel Curtis, Xerox PARC
12:15 - 1:30 Lunch in Berkeley
1:30 - 2:00 Presentation
Community Memory: a Case Study in Community Communication
- Carl Farrington and Evelyn Pine, Community Memory
2:00 - 3:15 Panel Discussion
Funding Computer Science R&D
What is the current state of computer science funding in the U.S.? What policy
issues relate to funding? Should there be a civilian DARPA? How does funding
policy affect the universities? industry? Organized by Barbara Simons, IBM
Almaden Research Center. Moderated by Mike Ubell, Digital Equipment
Corporation.
Panelists include
Mike Harrison, Computer Science Division, U.C. Berkeley
Gary Chapman, 21st Century Project Director, CPSR, Cambridge Office
Joel Yudken, Project on Regional and Industrial Economics, Rutgers University
3:15 - 3:45 Break
3:45 - 5:00 Panel Discussion
Virtual Society and Virtual Community
This panel looks at the phenomenon of virtual sociality. What are the
implications for society at large, and for network and interactive
system design in general? Moderated by Michael Travers, MIT Media Lab.
Panelists include:
Pavel Curtis, Xerox PARC
Allucquere Rosanne Stone, University of California at San Diego
5:00 - 5:15 Closing Remarks, Eric Roberts, CPSR President
May 3, 1992 Tolman Hall and Genetics and Plant Biology Building (NW
Corner of Campus) University of California at Berkeley
8:30 - 9:00 Registration and Continental Breakfast
Workshops in Tolman Hall
The second day will consist of a wide variety of interactive workshops.
Many of the workshops will be working sessions.
9:00 - 10:40 Parallel Workshops I
Toward a Truly Global Network
- Larry Press, California State University, Dominguez Hills
Integration of an Ethics MetaFramework into the New CS Curriculum
- Dianne Martin, George Washington University
A Computer & Information Technologies Platform
- The Peace and Justice Working Group, CPSR/Berkeley
Hacking in the 90's: Toward a Hacker's League
- Steve Sawyer, CJS Systems
- Lee Felsenstein, Golemics, Incorporated, Berkeley CA
10:40 - 11:00 Break
11:00 - 12:40 Parallel Workshops II
Designing Computer Systems for Human (and Humane) Use
- Batya Friedman, Colby College
Examining Different Approaches to Community Access to Telecommunications
Systems
- Evelyn Pine
Third World Computing: Appropriate Technology for the Developed World?
- Philip Machanick, University of the Witwatersrand, South Africa
Can We Talk? Engineers, Machinists, and the Barriers to a Skill-Based
Approach to Production
- Sarah Kuhn, University of Massachusetts --Lowell
12:40 - 1:40 Lunch in Berkeley
1:40 - 3:20 Parallel Workshops III
Defining the Community Computing Movement: Some projects in and around
Boston
- Peter Miller, Somerville Community Computing Center
Future Directions in Developing Social Virtual Realities
- Pavel Curtis, Xerox PARC
Work Power, and Computers
- Viborg Andersen, University of California at Irvine
Designing Local Civic Networks: Principles and Policies
- Richard Civille, CPSR, Washington Office
3:20 - 3:40 Break
3:40 - 5:00 Plenary Panel Discussion
Work in the Computer Industry
--- This panel discussion is free to the public. --
Morris E. Cox Auditorium 100 Genetics and Plant Biology Building (NW
Corner of UCB Campus)
Is work in the computer industry different from work in other
industries? What is the nature of the work we do? In what ways is our
situation similar to other workers in relation to job security, layoffs,
and unions? Moderated by Denise Caruso, editor of Digital Media.
Panelists include
Dennis Hayes, writer and author of "Behind the Silicon Curtain"
John Markoff, New York Times (tentative)
5:00 - 5:15 Closing remarks, Coralee Whitcomb, CPSR Board
There will also be demonstrations of a variety of community networking and
MUDDING systems during the symposium.
Sponsored by Computer Professionals for Social Responsibility
P.O. Box 717
Palo Alto, CA 94301
DIAC-92 is co-sponsored by the American Association for Artificial
Intelligence, the IEEE Society for Social Implications of Technology,
and the Boston Computer Society Social Impact Group, in cooperation with
ACM SIGCHI and ACM SIGCAS. DIAC-92 is partially supported by the
National Science Foundation under Grant No. DIR-9112572, Ethics and
Values Studies Office.
CPSR is a non-profit, national organization of computer professionals
concerned about the social implications of computing technologies in the
modern world. Since its founding in 1983, CPSR has achieved a strong
international reputation. CPSR has over 2500 members nationwide with
chapters in over 20 cities.
If you need additional information please contact Doug Schuler,
206-865-3832 (work) or 206-632-1659 (home), or Internet
dschuler@cs.washington.edu.
- = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
--- DIAC-92 Registration ---
Registration includes proceedings, continental breakfasts, and refreshments
during breaks. Proceedings and are also available by mail.
Send completed form with check or money order to:
DIAC-92 Registration
P.O. Box 2648
Sausalito, CA, 94966
USA
Name _______________________________________________________________
Address: ____________________________________________________________
City: ____________________ State: _______ Zip: _____________________
Electronic mail: ____________________________________________________
Symposium registration:
CPSR Member (or AAAI, BCS, IEEE SSIT, ACM SIGCAS, ACM SIGCHI) $40 __
Non-member $50 __
Student $25 __
Proceedings Only $20 __
Proceedings Only (foreign) $25 __
New CPSR Membership (includes DIAC-92 Registration) $80 __
One day registration:
CPSR Member (or AAAI, BCS, IEEE SSIT, ACM SIGCAS, ACM SIGCHI) $25 __
Non-member $30 __
Student $15 __
Additional Donation $ _______
Total enclosed $ _______
- = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
There are TWO buildings called Genetics and Plant Biology at UCB. We
are using the smaller, southern one of the two. There are UC parking
lots near the NW side of the campus for $3.00 a day. Parking meters use
quarters ($.25).
Please report problems with the web pages to the maintainer