Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
In the February 7, 1993 NY Times (sunday) on page 32 they had an article (about 10 column inches) detailing privacy issues with email. They talked about Oliver North's message in 1986 to his aide Ronald Sable: "Oh Lord, I lost the slip and broke one of the high heels. Forgive please. Will return the wig Monday". The article quotes Paul Saffo (Institute for the Future) talking about "we have yet to establish the conventions for e-mail). marty leisner@eso.mc.xerox.com leisner.henr801c@xerox.com Member of the League for Programming Freedom
Fans of encryption and those who merely fan the fires of debate about encryption's inherent threat/value will want to dig up Peter Schweitzer's new book _Friendly Spies_ just published by Atlantic Monthly Press. He includes many different details about covert intelligence operations directed against US corporations by cold war allies. Time and time again he says, foreign governments conspire with foreign companies to steal US technology and economic secrets. He mentions that France and Germany and many other countries require US Companies to "register" the encryption key for reasons of national security. All of the American transmissions are monitored and the data is passed on to the local competitors. Companies like IBM finally began to routinely transmit false information to their French subsidiary just to thwart the French Secret Service and by transitive property of economic nationalism, French computer companies. The lessons? Key registration in the world hurts American corporations. Cryptography protects the creators and thwarts those who seek to copy innovation. -Peter Wayner
A colleague has just shown me an article about an online service called "Information America". The article is (possibly justifiably) alarmist in tone - and I cannot vouch for its factual accuracy. The article appeared in issue 8 of a (strange, to me at least) magazine called Mondo 2000, published some time in 1992 - the publisher's address is given as PO Box 1071, Berkeley, CA. Let me say no more about the article or the magazine, but just provide soc.roots/ROOTS-L readers some illustrative quotes from it: "BIG BROTHER ISN'T DEAD, HE'S JUST SUBCONTRACTING If you have a modem, a home computer and can afford $95 an hour fees you too can access Information America's online computer database, cross indexing the Postal Service's National Change of Address file (NCOA), major publisher and direct marketing companies' client information, birth records, drivers' license records, phone books, voter registrations, records from up to 49 governmental agencies, and more. Information America boasts up to date information on over 111 million Americans, 80 million households, and 61 million telephones. If you are not scared yet you should be. Because complete strangers can find out where you live, tracing you through extensive relocations even if they have only a last name, or a state, an old address or telephone number. .... Not until recently has information like this been commercially available in a single database, specifically with law enforcement, private investigators, bounty hunters and lawyers in mind. Information America is the first accessible service to make use of previously collected data for the express purpose of providing up-to-date whereabouts and personal profiles of as many Americans as possible. .... People finder is made up of four services: SKIP TRACER, TELEPHONE TRACKER, PERSON LOCATOR and PEOPLE FINDER MULTITRACK ..... SKIP TRACER traces a person's moves or verifies the current address when all you have is an old address. You will enter the person's name, street number, street name, and either the zip code or the city/state. If your subject is in IA's files a profile will be provided that includes the address he moved to (or current address), phone number, length of residence, and more. You may also request a list of ten of the person's neighbours. A profile on the current resident at your subject's old address and up to ten neighbours there may also be available. .... TELEPHONE TRACKER tracks down the owner of a telephone number... If a match is found, you may look at a profile of that individual/residence and a listing of up to ten neighbours. .... PERSON LOCATOR helps you locate a person when specific address information is not available. Enter the person's name and indicate whether you wish to conduct a search by city, state(s), zip or nationwide. Person Locator will compile a list (up to 300 names for nationwide and up to 100 names for individual state searches) that match the information entered..... When you find the right name, you may request a profile and neighbour listing for that individual. ..... PEOPLE FINDER MULTITRACK helps you find multiple people during one search. Search results are available the following business day. .... IA's clients are mostly lawyers and paralegals working at large legal firms, but the FBI is also a major IA client. .... IA has existed for at least three and a half years, but has remained relatively unknown to the public. .... To market its database services, IA seems to have adopted a grass-roots kind of approach. IA employs liaison in major metropolitan cities whose job it is to research and contact prospective clients lawyers, for example. I am unaware of any advertising in specialist journals. ...." Discussions of the potential dangers of a service like this would be better addressed to the splendid Usenet newsgroup comp.risks - to which my colleague is addressing a separate message about Information America. However it seems to me that the service might be of legitimate interest to a number of soc.roots/ROOTS-L readers (for example, those carrying out aextensive "one-name studies"), hence my posting this message. Brian Randell PS I reiterate - I have no personal knowledge of Information America, and cannot vouch for the accuracy or fairness of the Mondo 200 article from which I have quoted. Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK Brian.Randell@newcastle.ac.uk PHONE = +44 91 222 7923
The Valley Times (Feb.18) reported that telephone service was cut off for more than 4 hours to about 37,000 phone lines in Livermore, CA including "911" and operator "O" lines. The article said that "the significance (of the malfunction) was in having three prefixes that can't reach emergency phone lines.... The phone company [Pacific Bell] was stymied in correcting the problem because diagnostic tests of the equipment told technicians that there was no problem....Technicians eventually located the problem in a call processor computer tape and replaced the malfunctioning tape." Luckily for those of us that live here, this is a relatively low crime area and no serious crimes occurred during the outage. Some banks compensated by letting in only a few customers at a time because they were concerned that their alarm systems wouldn't be able to call police.
>From the Oregonian, Saturday, Feb. 20, 1993, p.B1: "Computer delays response to fatal Bonny Slope fire", by James Mayer It takes seven minutes for the alarm to reach Tualatin Valley Fire & Rescue because of a glitch that sends it to the office that dispatches Portland Fire Bureau units instead of to the proper agency in Washington County [BACKGROUND: Multnomah County is the county that contains the City of Portland. Suburban Washington County adjoins it to the west. Multnomah County is oddly shaped, and small slices of it here and there are served by suburban agencies instead of the corresponding Portland agency. I live in one of those places, and when I moved into my present house in 1980 it took the telephone company two days to find me and sort out who was responsible for hooking up my telephone service. Which fortunately was not an emergency.] A computer error added seven minutes to the time it took firefighters to reach a 68-year-old woman trapped in her burning Bonny Slope home last week. Mildred Smith died of smoke inhalation suffered in a pre-dawn Feb. 12 blaze at her home at 12401 NW Thompson Rd. A neighbor telephoned 9-1-1 to report the fire at 2:40 AM, but firefighters from Tualatin Valley Fire & Rescue were not dispatched until 2:47 AM because a computer error sent the original call to the wrong place. Eugene Jacobus, Washington County deputy medical examiner, said it would be hard to determine whether the dispatching delay made a fatal difference. Firefighters were also delayed by steel-bar security doors when they reached the remote house north of Cedar Mill, 5 and 1/2 minutes after finally getting the call for help. "It's really hard to say, but certainly a delay of that magnitude is going to make a difference, Jacobus said. "You can be relatively sure that any delay, whether two or seven minutes, is going to rob an individual of some ability to be resuscitated." By Friday, officials had traced the problem to the computerized telephone switching system at Portland's 9-1-1 center on Kelly Butte. Fire and US West Communications officials say a "reloading" of some computer software by US West inadvertently changed the way the 9-1-1 system routed calls for a very small number of callers. "We're still looking to find out how that happened," said Jim Haynes, US West spokesman.
Tapping the new digital car phone systems
John W. Sinteur <fourcnl!sinteur@relay.nluug.nl> Mon, 22 Feb 1993 12:14:53 -0800The following appeared in the Automatiseringsgids in The Netherlands last week. The Automatiseringsgids is a weekly newpaper-like magazine on information technology in the Netherlands. My comments are in [... -JS] I tried to translate literally, any mistakes are mine, but not intented as such. The author of the article gave me permission to send RISKS a translated version of his article. ... I think most comments on what's in the article are already made before, I just wanted to let you know what's happening over here in Europe... -John GSM cannot be tapped. (Automatiseringsgids, 19 Feb 93) The Ministry of Justice is negotiating with PTT Telecom to figure out which way Justice, Police and Security Services can listen in on subscribers of the new digital car phone system (GSM). The government is now discussing the option of tapping conversations at the central PTT switchboards. [PTT Telecom is the sole provider of telecom infrastructure in the Netherlands -JS] GSM is protected by personal subscriber smart-cards and complex algorithms, well enough to stop professional eaves-droppers. Security officials fear that this will be welcomed by criminal organisations, who can communicate through this system without fear of being tapped. [The article does not mention exactly which 'algorithms'. Public key perhaps? If anyone really knows, please tell us -JS] Since GSM will be used throughout Europe, it is especially useful for criminals operating internationally. Secret and Police Services in Europe are trying to convince their Ministries of Internal Affairs of the need to force GSM providers to adapt their services to make tapping possible. The German government is talking to two GSM providers, DBP Telekom and Mannesmann/PacTel, to persuade them to cooperate and implement a tapping option. British Telecom and Vodafone in Great Britain are also discussing this problem with the government. [GSM] providers are thinking about this problem and are trying to find a solution for all of Europe. [end of article] [ sinteur@fourc.nl John W. Sinteur, 2:512/48 (fidonet) ] [ Snail: Jade str 28, 2332 RT Leiden, The Netherlands ]
A quick request for opinions
Fred Cohen <fc@turing.duq.edu> Fri, 12 Feb 93 19:15:43 -0500I am writing a book about artificial life, and have some examples of programs that automate distribution of software in LANs, implement distributed databases, etc. They are all written in the Unix shell, and involve a few lines of code that automatically copy the programs between machines to automate the distribution process. It has come to my attention that there may be substantial objection to this idea and I am asking people in this forum for their opinion. Each program includes explicit safeties to prevent copying to machines where operation is not authorized by the root, and they are designed not to spread outside of particular directories. The code is very obvious (only a few lines of shell script after all), and the book includes explicit warnings not to remove safeties or use on any machine where you don't have permission. Questions: 1 - why not provide this in the book? 2 - what risks do you see in it? 3 - are you an admin or a user? 4 - do you think there is value in including these examples? 5 - do you think the advantages of examples outweigh any risks? 6 - do you think that the versions that optimize their own behavior by `evolving' improved forms should not be included - if not why not? Please Email me your responses ASAP, as the book goes to press in a few weeks. Also, if you DO NOT want your comments included in the book (no names will be used) tell me. Otherwise, I will feel free to include any comments I find particularly enlightening. FC
London Ambulance Service
<Brian.Randell@newcastle.ac.uk> Fri, 19 Feb 93 12:55:43 GMTThe London Ambulance Service Crisis reported to RISKS earlier has been absent from the UK press for a while, but now it seems likely to burst forth again. The attached article is reprinted in its entirety from (UK) Computer Weekly, 18 Feb, 1993. Cheers. Brian Randell Report to confirm (pounds)1m 999 systems blunder (by David Evans) LONDON Ambulance Service made a fatal blunder when it bought a (pounds)1m untested computer system to handle 999 calls, an official inquiry will reveal next week. Union leaders have already blamed the system for contributing to the deaths of at least four patients. Around 800,000 emergency calls are handled by the capital's ambulance service each year. But after a spate of incidents, in which calls were lost and emergency victims suffered long delays before ambulances arrived, the system was abandoned. Now an official report into the fiasco, demanded by health secretary Virginia Bottomley, is expected to be scathing in its criticism. Since last November an independent panel has been looking at the circumstances surrounding the purchase of the system, bought when a previous computer-aided dispatch module crashed. Yet after just a few months of use the replacement was similarly suffering from calldata overload. Questions raised by the report will include why Aldershot-based Systems Options was chosen as the main soft-ware supplier when it had no previous experience in providing dispatch systems to the ambulance sector. Jim Pedroza, Systems Options' founder, has consistently refused to talk to the press. His networked solution based on Apricot workstations and servers contrasts markedly with mini-based systems favoured by other emergency services. According to sources working close to the inquiry team, one conclusion is that a replacement computer-aided dispatch system will now take years, rather than months, to implement. It will also confirm that the Systems Options solution is wholly unfit for the task. Said one London ambulance source: "What we're talking about here is an official stamp of condemnation. Not enough attention was paid to the project, and the lack of expertise in choosing the system was completely unacceptable." The outcome of the report has been delayed to allow for the publication this week of the Tomlinson report on London hospitals. Since the system was ditched, the service's chief John Wilby has resigned and control room staff have reverted to manual methods of dispatching crews. Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne, NE1 7RU, UK Brian.Randell@newcastle.ac.uk PHONE = +44 91 222 7923
DCCA-4 Call for Papers
Teresa Lunt <lunt@csl.sri.com> Mon, 22 Feb 93 10:07:56 -0800Below is the Call for Papers for the 4th IFIP Working Conference on Dependable Computing for Critical Applications. The conference aims to promote research that considers different aspects of dependability, including security, safety, reliability, and availability, in a common framework, with emphasis on high assurance. Call for Papers: 4th IFIP Working Conference on Dependable Computing for Critical Applications January 4-6, 1994, Catamaran Resort Hotel, San Diego, California, USA Increasingly, individuals and organizations are becoming critically dependent on sophisticated computing systems. In differing circumstances, this dependency might for example center on the continuity of service received from the computing system, the overall performance level achieved, the real-time response rate provided, the extent to which catastrophic failures are avoided, or confidentiality violations prevented. The notion of dependability, defined as the trustworthiness of computer service such that reliance can justifiably be placed on this service, enables these various concerns to be subsumed within a single conceptual framework with reliability, availability, safety and security, for example, being treated as particular attributes of dependability. The fourth IFIP Working Conference on Dependable Computing for Critical Applications aims at bringing together researchers and developers from academia, industry and government for advancing the state of the art in dependable computing. Papers are sought in all areas of dependable computing, including but not limited to models, methods, algorithms, tools and practical experience with specifying, designing, implementing, assessing, validating, operating and maintaining dependable computing systems. Of particular, but not exclusive, interest will be presentations which address combinations of dependability attributes, e.g. safety and security or fault-tolerance and safety, through studies of either a theoretical or an applied nature. Submitting a Paper: Six copies (in English) of original work should be submitted by 30 June 1993, to the Program co-Chair: Dr. Gerard Le Lann INRIA - Project REFLECS BP 105 Tel: +33.1.39635364 78153 Le Chesnay Cedex Fax: +33.1.39635330 France E-mail: Gerard.Le_Lann@inria.fr Papers should be limited to 6000 words, full page figures being counted as 300 words. Each paper should include a short abstract and a list of keywords indicating subject classification. Papers will be refereed and the final choice will be made by the Program Committee. Notification of acceptance will be sent by September 24 1993, and camera-ready copy will be due on November 12, 1993. A digest of papers will be available at the Conference, and hardbound proceedings will be published after the Conference as a volume of the Springer-Verlag series on Dependable Computing and Fault-Tolerant Systems. Important Dates: Submission deadline: June 30, 1993 Acceptance notification: September 24, 1993 Camera-ready copy due: November 12, 1993 General Chair F. Cristian, Univ. of California, USA Program Cochairs G. Le Lann, INRIA, France T. Lunt, SRI International, USA Local Arrangements/Publicity Chair K. Marzullo, Univ. of California, USA Program Committee J. Abraham, U of Texas at Austin, USA A. Avizienis, UCLA, USA D. Bjoerner, UNUIIST, Macau R. Butler, NASA, USA A. Costes, LAAS-CNRS, France M-C. Gaudel, LRI, France V. Gligor, U of Maryland, USA L. Gong, SRI International, USA H. Ihara, Hitachi, Japan J. Jacob, Oxford U, UK S. Jajodia, George Mason U, USA J. Lala, CS Draper Lab, USA C. Landwehr, NRL, USA K. Levitt, U of California Davis, USA C. Meadows, NRL, USA, J. McLean, NRL, USA M. Melliar-Smith, UCSB, USA J. Meyer, U of Michigan, USA J. Millen, MITRE, USA D. Parnas, McMaster U, Canada B. Randell, U of Newcastle upon Tyne, UK G. Rubino, IRISA, France R. Schlichting, U of Arizona, USA J. Stankovic, U of Massachusetts, USA P. Thevenod, LAAS-CNRS, France Y. Tohma, Tokyo Inst. of Technology, Japan Ex-officio J-C. Laprie, LAAS-CNRS, France IFIP WG 10.4 Chair
Call for papers, Technology and Society
<m16805@mwvm.mitre.ogr> Tuesday, 16 Feb 1993 20:08:04 ESTCALL FOR PAPERS TECHNOLOGY: WHOSE COSTS?...WHOSE BENEFITS? Areas of Concentration: Computers and Communications, Health Care, Energy and the Environment The International Symposium on Technology and Society 1993 (ISTAS '93) The International Symposium that links Technology and Social Effects Sponsors: The Institute of Electrical and Electronic Engineers Inc. (IEEE) Society for the Social Implications of Technology The IEEE National Capital Area Council The IEEE Technology Policy Conference Committee Washington DC October 22-23, 1993 Technology is constantly changing the our world. New ways of doing things bring benefits undreamed-of just a few years ago. These technologies also have their price. The costs can be financial, but also less freedom, more risks, more stress. How do we balance benefits and costs? Do those who enjoy the benefits bear their fair share of the costs? How can we determine a fair share? If we can, and don't like the results, what do we change? Is the Government always the best way to change things? ISTAS '93 invites significant contributions on these issues from a wide spectrum of scholarly and concerned individuals. The contributions can be papers, proposals for a session or panel of invited experts, or proposals for "poster" or discussion sessions. Please send a 100 word summary for papers or a 1000 word proposal for sessions, to the General Chair Dr. William J. Kelly, Attn. IEEE, MITRE Corporation, m/c Z568, 7525 Colshire Drive, McLean, VA 22102 E-mail: wjkelly@mitre.org Deadline for Submission: March 12, 1993 Notification of Acceptance: April 12, 1993 Camera Ready Copy: June 30, 1993 For information call Jackie Hunter (703)-803-8701
Privacy Digests
Peter G. Neumann <neumann@csl.sri.com> Mon, 22 Feb 1993 13:13:37 -0800Periodically I will remind you of TWO useful digests related to privacy, both of which are siphoning off some of the material that would otherwise appear in RISKS, but which should be read by those of you vitally interested in privacy problems. RISKS will continue to carry higher-level discussions in which risks to privacy are a concern. * The PRIVACY Forum Digest (PFD) is run by Lauren Weinstein. He manages it as a rather selectively moderated digest, somewhat akin to RISKS; it spans the full range of both technological and non-technological privacy-related issues (with an emphasis on the former). For information regarding the PRIVACY Forum, please send the exact line: information privacy as the BODY of a message to "privacy-request@cv.vortex.com"; you will receive a response from an automated listserv system. To submit contributions, send to "privacy@cv.vortex.com". * The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Dennis G. Rears. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy. Submissions should go to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. There is clearly much potential for overlap between the two digests, although contributions tend not to appear in both places. If you are very short of time and can scan only one, you might want to try the former. If you are interested in ongoing detailed discussions, try the latter. Otherwise, it may well be appropriate for you to read both, depending on the strength of your interests and time available. PGNPlease report problems with the web pages to the maintainer
xTop