The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 87

Monday 26 October 1992

Contents

o US presidential election year politics help cause time zone bugs
Paul Eggert
o Privacy of e-mail (Symantec/Borland suit)
Robert Bowdidge
o New risk reports
Jonathan Bowen
o The DC-10 Case
Robert Dorsett
o Re: Erased Disk used against Brazilian President
Bob Frankston
Robert Slade
o Re: Risks in banking
Steve Lamont
o T*p S*cr*t II and William Safire
Bob Devine
o Conference on Computers, Security and the Law
Kimble
o Re: 15th National Computer Security Conference
A. Padgett Peterson
Peter K. Boucher
Larry Hunter
Pete Kaiser
o Info on RISKS (comp.risks)

US presidential election year politics help cause time zone bugs

Paul Eggert <eggert@twinsun.com>
Mon, 26 Oct 92 14:47:57 PST
Several people on the west coast of the US reported that their Unix
systems failed to switch from daylight savings time to standard time
yesterday, 25 October 1992.  The reason?  When they originally
configured their systems, they were asked to choose one of the
following time zone rules:

    US/Alaska   US/Central  US/Hawaii   US/Pacific
    US/Aleutian US/East-Indiana US/Michigan US/Pacific-New
    US/Arizona  US/Eastern  US/Mountain US/Samoa
    ...

Some people chose `US/Pacific-New' instead of `US/Pacific'.
After all, who wants the old version when you can have the new version?

Unfortunately, `US/Pacific-New' stands for ``Pacific Presidential Election
Time'', which was passed by the House in April 1989 but never signed into law.
In presidential election years, this rule would have delayed the PDT-to-PST
switchover until after the election, to lessen the effect of broadcast news
election projections on last-minute west-coast voters.  Thus, US/Pacific-New
and US/Pacific have always been identical -- until yesterday.

This problem comes from combining Arthur David Olson's deservedly popular time
zone software (which you can FTP from elsie.nci.nih.gov in pub/tz92b.tar.Z)
with some overly terse vendor-supplied installation procedures.  No doubt Olson
did not use a more informative name like `US/Pacific-Presidential-Election'
because of the 14-character file name length limit in many Unix file systems.
In view of yesterday's experience, though, it seems unwise to make the
hypothetical choice available under any name, since it gives free rein to
Murphy's Law.


Privacy of e-mail (Symantec/Borland suit)

Robert Bowdidge <bowdidge@cs.UCSD.EDU>
Tue, 6 Oct 92 12:54:30 -0700
In the Los Angeles Times business section on Monday, 5 October 1992, there was
an article describing some of the difficulties of Symantec, a publisher of
software for the Macintosh and IBM-PC markets.  One of the more interesting
situations for the company was a criminal complaint and civil suit filed by
Borland International charging a former Borland vice president with passing
trade secrets.

>From the article:
   (Eugene) Wang, disappointed after a management reshuffle two months earlier,
resigned from Borland earlier the same day [that Symantec announced he had been
hired as a vice president].  Acting on a tip, Borland officials searched
records of electronic mail that Wang had sent via MCI Mail.  They found ten
messages he had sent to Eubanks and others that allegedly contained proprietary
information on Borland's product plans.
   Normally, that might lead to a civil suit.  Such actions have become
relatively common in an industry where the expertise of a few people is often a
company's key asset.
   But Borland took matters a step further, filing a criminal complaint with
the Scotts Valley Police Department in addition to a civil suit.  Police said
they found the information in the messages sufficient grounds to seek a search
warrant [for Symantec's offices and Wang's home.]...
   Legal experts who aren't involved in the case don't know what to make of it.
``At first blush, it seems like they (Borland) must have had some pretty good
evidence,'' said Kaufman of [Brobeck, Phleger, and Harrison, a San Francisco
law firm].  ``But it's bizarre -- Wang, a premier computer scientist, doesn't
know that when you use MCI mail, it's recorded?  It's a very strange set of
facts.
                        [Yet another reason to encrypt my mail...
                        Robert Bowdidge     bowdidge@cs.ucsd.edu]


New risk reports

<Jonathan.Bowen@prg.ox.ac.uk>
Mon, 26 Oct 92 14:46:11 GMT
There is an article on risk in today's (Monday, 26 October 1992) UK
Independent newspaper (p14) which RISKS readers may find interesting
entitled "The chances of being run over by a bus" by Tom Wilkie. It
advertises two reports which sound as if they are worth looking at:

"The Tolerability of Risk from Nuclear Power Stations", HMSO,
PO Box 276, London SW8 5DT, UK. (12 pounds sterling.)

"Risk: Analysis, Perception and Management", The Royal Society,
6 Carlton House Terrace, London SW1Y 5AG, UK. (15.50 pounds sterling.)

The latter values "a statistical life" at 2-3 millions pounds sterling
(c $4 million) in that this is the sort of amount of money that should
be spent on saving one life. However the article states that John
MacGregor, the Secretary of State for Transport, for his department
values a life at only around 500,000 pounds sterling.

Jonathan Bowen, Oxford University

(Of course, the value of a human life in the UK has been devalued by about 10%
recently. :-)


The DC-10 Case [also in sci.aeronautics,rec.travel.air]

Robert Dorsett <rdd@cactus.org>
Fri, 9 Oct 92 01:17:11 CDT
Ran across this.  It looks like a nice little anthology, covering many aspects
of the DC-10.  Probably worth it for the NTSB reports alone ($20 each from
NTIS).  I haven't read the more "thematic" articles, though, and no endorsement
is meant or implied.  Robert Dorsett ...cs.utexas.edu!cactus.org!rdd

Title: The DC-10 Case
Subtitle: A study in applied ethics, technology, and society.
Editors: John H. Fielder and Douglas Birsch
Publisher: State University of New York Press
Date: 1992
Pages: 346
ISBN: 0-7914-1087-0 (hardcover)
      0-7914-1088-9 (paper)
Illustrated.

CONTENTS:

    Preface
    Introduction
    Ethical Analysis of Case Studies/John H. Fielder

    HISTORY AND EARLY WARNINGS

    1.  Regulatory and Institutional Framework

    2.  High Risks, Sinking Fortunes/John Newhouse

    3.  Floors, Doors, Latches and Locks/John Fielder

    4.  The 1970 Ground Testing Incident/Paul Eddy, Elaine Potter,
        Bruce Page

    5.  National Transportation Safety Board Report on the Windsor
        Incident

    6.  The Applegate Memorandum/Paul Eddy, Elaine Potter, Bruce Page

    7.  Fat, Dumb and Happy: The Failure of the FAA/Paul Eddy, Elaine
        Potter, Bruce Page

    8.  Compliance with Service Bulletin SB 52-37

    9.  Conclusions of the US Senate Oversight Hearings and Investigation
        of the DC-10 Aircraft

    THE 1974 PARIS CRASH

    10.  French Government Report on the 1974 Paris Crash

    11.  Engineers Who Kill: Professional Ethics and the Paramountcy of
         Public Safety/Kenneth Kipnis

    12.  Whistleblowing, Ethical Obligation, and the DC-10/Douglas Birsch

    13.  What is Hamlet to McDonnell Douglas or McDonnell Douglas to Hamlet?:
         DC-10/Peter French

    Commentary/Homer Stewell

    14.  Statement of John C. Brizendine, President, Douglas Aircraft Company,
         McDonnell Douglas Corporation

    THE 1979 CHICAGO CRASH

    15.  National Transportation Safety Board Report on the 1979 Chicago Crash

    16.  The DC-10: A Special Report/McDonnell Douglas

    17.  Two Models of Professional Responsibility/Martin Curd and Larry May

    THE 1989 SIOUX CITY CRASH

    18.  National Transportation Safety Board Report on the 1989 Sioux City
         Crash

    19.  The 1989 Sioux City Crash/John Fielder

    20.  Statement of Ralph Nader

    21.  Aviation Safety: Management Improvement Needed in FAA's Airworthiness
         Directive Program

    22.  The FAA, the Carriers, and Safety/Charles Perrow

    23.  International Airline Passengers Association Critique of the DC-10

    24.  Moral Responsibility for Engineers/Kenneth D. Alpern

    Commentary/Andrew Oldenquist

    Commentary/Samuel C. Florman

    Select Bibliography

    IEEE Code of Ethics

    Index

Back Cover:

"Designed as a textbook for courses in ethics, this book provides the material
needed to understand the accidents in which more than 700 people were killed--
accidents that many believe were the result of unethical actions and inactions
by individuals, organizations, and government agencies.  An introduction to
ethical analysis and discussions of the ethical responsibilities involved are
also provided.  The case study offers material for a sustained inquiry into
every level of ethical responsibility reflecting the rich complexity of actual
events.

"_The DC-10 Case_ presents these issues through a collection of original and
published articles, excerpts from official accident reports, congressional
hearings, and other writings on the DC-10.  The authors allow the readers to
examine the ethical issues of airline safety as they actually occur, taking
account of the circumstances in which they arise.

"John H. Fielder is is Professor and Douglas Birsch is Assistant Professor of
Philosophy at Villanova University."


Re: Erased Disk used against Brazilian President

<Bob_Frankston@frankston.com>
Sun 25 Oct 1992 01:57 -0400
Of course, as RISKS readers know, getting rid of information is very difficult.
On the PC erase only erases the name of a file not the contents.  With proper
backup, as Oliver North discovered, it is very hard to remove all copies of
data.  There are also other caches such as email pools where one might be able
to retrieve recent data.

There is a more general issue of living in a society with a very good memory.
It is one thing to knowingly do something illegal and leaving a trail.  A more
subtle danger is a changing society that might look back at an innocuous act
and ex post facto, decide it was reprehensible.


Re: Brazilian Presidential Erased Disks (RISKS-13.86)

Robert Slade <rslade@sfu.ca>
Mon, 26 Oct 1992 20:05:30 GMT
The software used here is probably very simple.  When a computer file is
"erased", actually only the directory entry is changed, and the sectors used
are marked as again being available for use.  The file can easily be
"undeleted": numerous utilities exist for this purpose, including (I am
assuming, from the original posting, that the computer in question uses MS-DOS)
one that is part of the MS-DOS 5 system.  In fact, such utilities need not be
used: if no changes have been made on the disk, the FAT can be changed manually
with a sector editing program.

If the file cannot be "undeleted" in this manner, part of the file may still
exist on the disk, and can be read with a sector editor or viewer.  (I recently
checked a diskette with the CHKDSK utility, and found portions of files that
had been deleted three or four years ago.  This particular disk has been in
daily use with three or four large files being written to it each day.)

The fact that files are not actually "destroyed" has come as a shock to a
number of people.  I seem to recall that this fact had some significance to
Ollie North.  Also, Prodigy scared the pants off some people by creating a
large "swap" file area on disk without "clearing" it first.  Portions of
deleted files were, of course, found within it, leading to (somewhat
unjustified) charges that Prodigy was somehow violating system security.

The fact that erased files may still physically exist is one that some
antiviral programs try to address.  When an infected file cannot be
"disinfected", some antivirals will delete the existing file ... and then
overwrite the area previously occupied with standard characters.  There are
utility programs which will do this with files you wish to keep secret: some
make five or more passes with different characters each time.

Vancouver Institute for Research into User Security, Canada V7K 2G6
ROBERTS@decus.ca rslade@cue.bc.ca  p1@CyberStore.ca 604-526-3676

   [Also noted by ray@philmtl.philips.ca (Ray Dunn).  PGN]


Re: Risks in banking

Steve Lamont <spl@golgi.ucsd.edu>
Sun, 25 Oct 92 15:45:40 -0800
For what its worth and just as a matter of record, I am the original author of
the item "Risks in Banking, Translation, etc.," which appeared in RISKS-13.86.
It was a submission to a recent issue of Gene Spafford's Yucks Digest mailing
list.

Steve Lamont, SciViGuy -- (619) 534-7968 -- spl@szechuan.ucsd.edu
UCSD Microscopy and Imaging Resource/UCSD Med School/La Jolla, CA 92093-0608

   [Also noted by Paul M. Wexelblat <wex@bigmax.ulowell.edu>.  Actually the
   ORIGINAL AUTHOR was someone unidentified on the CACM staff.  Steve was the
   original contributor, to YUCKS.  PGN]


T*p S*cr*t II and William Safire

<devine@postgres.berkeley.edu>
Mon, 26 Oct 92 17:53:53 -0800
Berry Kercheval write:
>In my initial briefings for these clearances it was emphasized that classified
>information must be strictly controlled, and in fact we were given specific
>procedures for what to do if we found unattended classified documents lying
>around.

Political columnist William Safire told the story that he would get his
personal documents past government security officers by putting a printed
heading on each document.  The heading came from a very high security level
document that he once saw as part of reporting.  All went fine for a long time
because he could take his "protected" document that contained his notes into
meetings.  Unfortunately, one day a security person confiscated the document
because he wasn't supposed to have such a highly secret codeword on it!

This is analogous to protective coloration in nature...
                                                            Bob Devine


Conference on Computers, Security and the Law

<kimble@minster.york.ac.uk>
Thu, 22 Oct 92 15:43:51
COMPUTERS SECURITY AND THE LAW,
A CONFERENCE TO BE HELD AT THE UNIVERSITY OF YORK
31 March - 01 April 1993

The conference will be run by the Department of Computer Science at the
University of York in association with the Licensing Executives Society and the
Society of Computers and the Law.

The aim of the conference is to highlight some of the important legal issues
that surround the use, and abuse, of computer technology in a way that should
be accessible to the non-specialist, such as lawyers or computer scientists.

The target audience for the conference are senior managers and others in both
public and private sector organisations who wish to improve their knowledge
about the legal aspects of buying, using or creating computer related products
and services. The conference will be of interest to the police, the civil
service, banks, insurance and building societies.

The programme will take place over two consecutive days.  The first day will
deal with the legal aspects of intellectual property rights, copyright and
contract law as it relates to computer products and services. The second day
will deal with the topics of computer crime and its prevention, security, data
protection and privacy.

The conference dinner will be held at the end of the first day with a keynote
speaker who will provide the link between the themes. Delegates will be able to
register for either of the two days separately if they wish.

Proceedings of the conference will be published and available to participant
after the conference.

FEES: Fees will range from #275 for the full conference to #165 for one day.
Discounts are available for early booking.

Provisional Programme

Day One:
10.30 - 11.15     Overview of law relating to intellectual property rights
11.15 - 12.00     Copyright law
12.00 - 12.45     (Questions & Answers)
14.00 - 14.45     Computer contracts. (Software)
14.45 - 15.30     Computer contracts. (Hardware)
16.00 - 16.45     (Questions & Answers)
19.00 - 22.00     Conference Dinner and keynote speaker at
                  St William's College in York
Day Two:
10.00 - 10.45     Computer Crime
10.45 - 11.30     Damage to programs or data
11.30 - 12.15     (Questions and Answers)
13.30 - 14.15     Hacking
14.15 - 15.00     Data Protection Act, Security & Privacy
15.30 - 16.15     (Questions and Answers)

THE UNIVERSITY OF YORK is situated in Heslington, two miles away from the
centre of York. The campus has been described as one of the finest examples of
twentieth century English romantic landscape architecture. Its main feature is
a large man-made lake supporting a wide variety of wild fowl.

The Department of Computer Science has an international reputation for being at
the leading edge of developments in the fields of Software Engineering, Safety
Critical Systems, Human Computer Interaction and New Computer Architectures It
has recently expanded both its teaching and research to include the many
faceted and dynamic field of the application of Information Technology to
Business Management and maintains many contacts in both industry and government
agencies.

LICENSING EXECUTIVES SOCIETY
The Society is committed to providing education and information to present and
future users of licensing, and gladly supports the University of York in this
conference, which will answer an ever increasing demand in the business and
licensing communities for up-to-date information on this important subject.

SOCIETY OF COMPUTERS AND THE LAW
The Society was founded in 1973 as a forum to promote the effective and
profitable use of computer technology for lawyers.  The Society informs and
promotes interest both in the development of information technology for the
practice and teaching of law, as well as in the law relating to computers - not
only for Society members but also for members of the public at large.

FURTHER DETAILS FROM: Conference Organiser: Francoise Vassie,
Centre for Continuing Education, King's Manor, York, YO1 2EP, The University
of York Tel 0904 433900    Fax 0904 433906, E-Mail KIMBLE@UK.AC.YORK.MINSTER


15th National Computer Security Conference (Denning, RISKS-13.86)

A. Padgett Peterson <padgett@tccslr.dnet.mmc.com>
Sat, 24 Oct 92 17:25:53 -0400
>From: denning@cs.cosc.georgetown.edu (Dorothy Denning)

... >5. Listen in and decrypt the communications.

With all due respect to Mrs. Denning, I suspect that item number five would not
be "Listen in and decrypt the communications" but rather "Listen in and
discover that a secondary encryption was also used".

Anyone intelligent enough to realize that a process for disclosure existed
would be intelligent enough to use the approved scheme to mask the real
encryption, or even just to use a different key from the "approved" one if they
really had something to hide.

The only advantage to the suggested scheme would be to the "bad guys" since
steps 1-5 would have to be processed before the deception would be discovered -
or is there a suggestion that "someone" should randomly test messages to see if
the approved key is sufficient to decrypt ?

Point is, the technology exists to encrypt transmissions, even if it is as
simple as the DE knowing that when I say "stop" I really mean "go". Legislating
breakability has about as much chance as commanding the sun to rise in the
East: it will appear to be effective only until it is tested.
                                              Padgett


Re: (Denning, RISKS-13.86)

"Peter K. Boucher" <boucher@csl.sri.com>
Mon, 26 Oct 92 10:52:02 -0800
Dorothy Denning writes:

> I believe this risk
[abuse of encryption keys registered with a government agency]
> can be reduced to about zero.  For example, using a
> public-key system, your key could be encrypted under the public key belonging
> to, say, the Justice Dept.  The encrypted key would be given to and held by an
> independent agency.  But, the key could be decrypted only by Justice.  Thus, if
> someone gains access to a key held by the key agency, they wouldn't be able to
> decrypt it.

1) Can you trust the criminals to provide the keys to their data and to use
   those keys (and no others) when transmitting incriminating data?  If not,
   what's the point?

2) If you send mangled random data (garbage), can you be prosecuted for not
   giving the Gov't the proper keys?  Will they believe your assertion that
   your transmission was truly meaningless?

3) What exactly are the anticipated benefits of registering keys with a federal
   agency, and, given your answers to the above, how do they justify the cost
   and inconvenience of creating such a system?

Peter K. Boucher, Computer Science Lab, SRI International #EL-237
Menlo Park, CA 94025 boucher@csl.sri.com (415) 859-3927


(Re: Denning, RISKS-13.86)

Larry Hunter <hunter@nlm.nih.gov>
Mon, 26 Oct 92 12:38:23 -0500
In Risks 13.86, Dorothy Denning claims that it is easy to set up a government
depository into which all decryption keys for all encrypted messages send over
public networks which would be safe from non-court ordered government
interception.  I must disagree.  Her plan is (quoting):

     [U]sing a public-key system, your key could be encrypted under the public
     key belonging to, say, the Justice Dept.  The encrypted key would be given
     to and held by an independent agency.  But, the key could be decrypted
     only by Justice.  Thus, if somone gains access to a key held by the key
     agency, they wouldn't be able to decrypt it.

     To use a key, law enforcers would have to go through these steps:

     1.  Get a court order. ...

However, if the _Justice Department_ gains access to a key held by the agency
(or the agency's whole database), they would indeed be able to decrypt traffic.
For Dr. Denning's scheme to work, I have to trust the "independent" agency not
to collude with the Justice Department.  I certainly would not trust any
executive branch agency not to cooperate with another executive branch agency.
It is also extremely unlikely a "key agency" would be formed outside of the
Executive.  The only precedent I can think of is the Federal Reserve system,
and even its independence in circumstances of significant interest to the
executive (e.g. interest rates around election time) is suspect.

In my personal opinion, Dr.  Denning's proposal does not adequately address the
issues raised by socio-political context of her weak encryption scheme.
Without extremely stiff penalties and personal liability for illegal decryption
in addition to a technical system that identified decrypting parties, it is
hard to imagine how any system could require key registration and still offer
some protection against nonwarrant government surveillance.  The political
difficulty of passing legislation that involves the potential for such
penalties to be applied to law enforcement officers suggests to me that all
"weak" schemes are unlikely to offer such protection.


The "independent agency" to hold cryptokeys

European Technology & Architecture <kaiser@heron.enet.dec.com>
Sun, 25 Oct 92 22:54:19 -0800
Dorothy Denning writes:

    The encrypted key would be given to and held by an independent agency.

But there is in fact no such agency in the federal government, which means
that all such discussion is empty theorizing.  Judging the events of the
last several decades make me pessimistic that we could ever have one (again?).

___Pete        kaiser@heron.enet.dec.com     +33 92.95.62.97

Please report problems with the web pages to the maintainer

Top