The RISKS Digest
Volume 14 Issue 34

Monday, 22nd February 1993

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

And You thought Your Computer Chat Was Private
Marty Leisner
_Friendly Spies_
Peter Wayner
The "Information America" service
Brian Randell
"Telephone Service Cut Off"
Lin Zucconi
Computer delays response to fatal fire
Lauren Wiener
Tapping the new digital car phone systems
John W. Sinteur
A quick request for opinions
Fred Cohen
London Ambulance Service
Brian Randell
DCCA-4 Call for Papers
Teresa Lunt
Technology and Society, Call for Papers
William J. Kelly
Privacy Digests
PGN
Info on RISKS (comp.risks)

And You thought Your Computer Chat Was Private

Marty Leisner 71348 <leisner@eso.mc.xerox.com>
Sat, 13 Feb 1993 14:06:39 PST
In the February 7, 1993 NY Times (sunday) on page 32 they had an article
(about 10 column inches) detailing privacy issues with email.

They talked about Oliver North's message in 1986 to his aide Ronald Sable:

"Oh Lord, I lost the slip and broke one of the high heels.   Forgive please.
Will return the wig Monday".

The article quotes Paul Saffo (Institute for the Future) talking about "we
have yet to establish the conventions for e-mail).

marty   leisner@eso.mc.xerox.com   leisner.henr801c@xerox.com
Member of the League for Programming Freedom


_Friendly Spies_

Peter Wayner <pcw@access.digex.com>
Mon, 22 Feb 1993 11:12:37 -0500
Fans of encryption and those who merely fan the fires of debate about
encryption's inherent threat/value will want to dig up Peter Schweitzer's new
book _Friendly Spies_ just published by Atlantic Monthly Press. He includes
many different details about covert intelligence operations directed against
US corporations by cold war allies. Time and time again he says, foreign
governments conspire with foreign companies to steal US technology and
economic secrets.

He mentions that France and Germany and many other countries require US
Companies to "register" the encryption key for reasons of national security.
All of the American transmissions are monitored and the data is passed on to
the local competitors.  Companies like  IBM finally began to routinely
transmit false information to their French subsidiary just to thwart the
French Secret Service and by transitive property of economic nationalism,
French computer companies.

The lessons? Key registration in the world hurts American corporations.
Cryptography protects the creators and thwarts those who seek to copy
innovation.

-Peter Wayner


The "Information America" service

<Brian.Randell@newcastle.ac.uk>
Wed, 17 Feb 93 12:18:22 GMT
A colleague has just shown me an article about an online service called
"Information America". The article is (possibly justifiably) alarmist in tone
- and I cannot vouch for its factual accuracy. The article appeared in issue 8
of a (strange, to me at least) magazine called Mondo 2000, published some time
in 1992 - the publisher's address is given as PO Box 1071, Berkeley, CA.

Let me say no more about the article or the magazine, but just provide
soc.roots/ROOTS-L readers some illustrative quotes from it:

"BIG BROTHER ISN'T DEAD, HE'S JUST SUBCONTRACTING

If you have a modem, a home computer and can afford $95 an hour fees you too
can access Information America's online computer database, cross indexing the
Postal Service's National Change of Address file (NCOA), major publisher and
direct marketing companies' client information, birth records, drivers'
license records, phone books, voter registrations, records from up to 49
governmental agencies, and more. Information America boasts up to date
information on over 111 million Americans, 80 million households, and 61
million telephones.

If you are not scared yet you should be. Because complete strangers can
find out where you live, tracing you through extensive relocations even if
they have only a last name, or a state, an old address or telephone number.
....
Not until recently has information like this been commercially available in
a single database, specifically with law enforcement, private
investigators, bounty hunters and lawyers in mind. Information America is
the first accessible service to make use of previously collected data for
the express purpose of providing up-to-date whereabouts and personal
profiles of as many Americans as possible.
....
People finder is made up of four services: SKIP TRACER, TELEPHONE TRACKER,
PERSON LOCATOR and PEOPLE FINDER MULTITRACK
.....
SKIP TRACER traces a person's moves or verifies the current address when
all you have is an old address. You will enter the person's name, street
number, street name, and either the zip code or the city/state. If your
subject is in IA's files a profile will be provided that includes the
address he moved to (or current address), phone number, length of
residence, and more. You may also request a list of ten of the person's
neighbours. A profile on the current resident at your subject's old address
and up to ten neighbours there may also be available.
....
TELEPHONE TRACKER tracks down the owner of a telephone number... If a match
is found, you may look at a profile of that individual/residence and a
listing of up to ten neighbours.
....
PERSON LOCATOR helps you locate a person when specific address information
is not available. Enter the person's name and indicate whether you wish to
conduct a search by city, state(s), zip or nationwide. Person Locator will
compile a list (up to 300 names for nationwide and up to 100 names for
individual state searches) that match the information entered..... When you
find the right name, you may request a profile and neighbour listing for
that individual.
.....
PEOPLE FINDER MULTITRACK helps you find multiple people during one search.
Search results are available the following business day.
....
IA's clients are mostly lawyers and paralegals working at large legal
firms, but the FBI is also a major IA client.
....
IA has existed for at least three and a half years, but has remained
relatively unknown to the public.
....
To market its database services, IA seems to have adopted a grass-roots
kind of approach. IA employs liaison in major metropolitan cities whose job
it is to research and contact prospective clients lawyers, for example. I
am unaware of any advertising in specialist journals.
...."

Discussions of the potential dangers of a service like this would be better
addressed to the splendid Usenet newsgroup comp.risks - to which my colleague
is addressing a separate message about Information America.  However it seems
to me that the service might be of legitimate interest to a number of
soc.roots/ROOTS-L readers (for example, those carrying out aextensive "one-name
studies"), hence my posting this message.   Brian Randell

PS I reiterate - I have no personal knowledge of Information America, and
cannot vouch for the accuracy or fairness of the Mondo 200 article from which
I have quoted.

Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne,
NE1 7RU, UK  Brian.Randell@newcastle.ac.uk   PHONE = +44 91 222 7923


"Telephone Service Cut Off"

"Lin Zucconi" <Lin_Zucconi@lccmail.ocf.llnl.gov>
18 Feb 1993 09:06:10 U
The Valley Times (Feb.18) reported that telephone service was cut off for more
than 4 hours to about 37,000 phone lines in Livermore, CA including "911" and
operator "O" lines. The article said that "the significance (of the
malfunction) was in having three prefixes that can't reach emergency phone
lines.... The phone company [Pacific Bell] was stymied in correcting the
problem because diagnostic tests of the equipment told technicians that there
was no problem....Technicians eventually located the problem in a call
processor computer tape and replaced the malfunctioning tape." Luckily for
those of us that live here, this is a relatively low crime area and no serious
crimes occurred during the outage. Some banks compensated by letting in only a
few customers at a time because they were concerned that their alarm systems
wouldn't be able to call police.


Computer delays response to fatal fire

Lauren Wiener <lauren@reed.edu>
Sat, 20 Feb 93 10:49:25 -0800
>From the Oregonian, Saturday, Feb. 20, 1993, p.B1:

"Computer delays response to fatal Bonny Slope fire", by James Mayer

It takes seven minutes for the alarm to reach Tualatin Valley Fire & Rescue
because of a glitch that sends it to the office that dispatches Portland Fire
Bureau units instead of to the proper agency in Washington County

[BACKGROUND: Multnomah County is the county that contains the City of Portland.
Suburban Washington County adjoins it to the west.  Multnomah County is oddly
shaped, and small slices of it here and there are served by suburban agencies
instead of the corresponding Portland agency.  I live in one of those places,
and when I moved into my present house in 1980 it took the telephone company
two days to find me and sort out who was responsible for hooking up my
telephone service.  Which fortunately was not an emergency.]

A computer error added seven minutes to the time it took firefighters to reach
a 68-year-old woman trapped in her burning Bonny Slope home last week.

Mildred Smith died of smoke inhalation suffered in a pre-dawn Feb. 12 blaze at
her home at 12401 NW Thompson Rd.

A neighbor telephoned 9-1-1 to report the fire at 2:40 AM, but firefighters
from Tualatin Valley Fire & Rescue were not dispatched until 2:47 AM because a
computer error sent the original call to the wrong place.

Eugene Jacobus, Washington County deputy medical examiner, said it would be
hard to determine whether the dispatching delay made a fatal difference.
Firefighters were also delayed by steel-bar security doors when they reached
the remote house north of Cedar Mill, 5 and 1/2 minutes after finally getting
the call for help.

"It's really hard to say, but certainly a delay of that magnitude is going to
make a difference, Jacobus said.  "You can be relatively sure that any delay,
whether two or seven minutes, is going to rob an individual of some ability to
be resuscitated."

By Friday, officials had traced the problem to the computerized telephone
switching system at Portland's 9-1-1 center on Kelly Butte.


Fire and US West Communications officials say a "reloading" of some computer
software by US West inadvertently changed the way the 9-1-1 system routed calls
for a very small number of callers.

"We're still looking to find out how that happened," said Jim Haynes, US West
spokesman.



Tapping the new digital car phone systems

John W. Sinteur <fourcnl!sinteur@relay.nluug.nl>
Mon, 22 Feb 1993 12:14:53 -0800
The following appeared in the Automatiseringsgids in The Netherlands last
week. The Automatiseringsgids is a weekly newpaper-like magazine on
information technology in the Netherlands. My comments are in [... -JS] I
tried to translate literally, any mistakes are mine, but not intented as such.
The author of the article gave me permission to send RISKS a translated
version of his article. ...

I think most comments on what's in the article are already made before, I just
wanted to let you know what's happening over here in Europe...  -John


GSM cannot be tapped.   (Automatiseringsgids, 19 Feb 93)

The Ministry of Justice is negotiating with PTT Telecom to figure out which
way Justice, Police and Security Services can listen in on subscribers of the
new digital car phone system (GSM). The government is now discussing the
option of tapping conversations at the central PTT switchboards. [PTT Telecom
is the sole provider of telecom infrastructure in the Netherlands -JS]

GSM is protected by personal subscriber smart-cards and complex algorithms,
well enough to stop professional eaves-droppers. Security officials fear
that this will be welcomed by criminal organisations, who can communicate
through this system without fear of being tapped.

[The article does not mention exactly which 'algorithms'. Public key
perhaps? If anyone really knows, please tell us -JS]

Since GSM will be used throughout Europe, it is especially useful for
criminals operating internationally.

Secret and Police Services in Europe are trying to convince their Ministries
of Internal Affairs of the need to force GSM providers to adapt their services
to make tapping possible. The German government is talking to two GSM
providers, DBP Telekom and Mannesmann/PacTel, to persuade them to cooperate
and implement a tapping option. British Telecom and Vodafone in Great Britain
are also discussing this problem with the government.  [GSM] providers are
thinking about this problem and are trying to find a solution for all of
Europe.

[end of article]

[  sinteur@fourc.nl  John W. Sinteur, 2:512/48 (fidonet)  ]
[   Snail: Jade str 28, 2332 RT Leiden, The Netherlands   ]


A quick request for opinions

Fred Cohen <fc@turing.duq.edu>
Fri, 12 Feb 93 19:15:43 -0500
I am writing a book about artificial life, and have some examples of programs
that automate distribution of software in LANs, implement distributed
databases, etc.  They are all written in the Unix shell, and involve a few
lines of code that automatically copy the programs between machines to
automate the distribution process.  It has come to my attention that there may
be substantial objection to this idea and I am asking people in this forum for
their opinion.

Each program includes explicit safeties to prevent copying to machines where
operation is not authorized by the root, and they are designed not to spread
outside of particular directories.  The code is very obvious (only a few lines
of shell script after all), and the book includes explicit warnings not to
remove safeties or use on any machine where you don't have permission.

Questions:

1 - why not provide this in the book?
2 - what risks do you see in it?
3 - are you an admin or a user?
4 - do you think there is value in including these examples?
5 - do you think the advantages of examples outweigh any risks?
6 - do you think that the versions that optimize their own behavior by
      `evolving' improved forms should not be included - if not why not?

Please Email me your responses ASAP, as the book goes to press in a few weeks.
Also, if you DO NOT want your comments included in the book (no names will be
used) tell me.  Otherwise, I will feel free to include any comments I find
particularly enlightening.  FC


London Ambulance Service

<Brian.Randell@newcastle.ac.uk>
Fri, 19 Feb 93 12:55:43 GMT
The London Ambulance Service Crisis reported to RISKS earlier has been absent
from the UK press for a while, but now it seems likely to burst forth again.
The attached article is reprinted in its entirety from (UK) Computer Weekly,
18 Feb, 1993.  Cheers.  Brian Randell

Report to confirm (pounds)1m 999 systems blunder   (by David Evans)

LONDON Ambulance Service made a fatal blunder when it bought a (pounds)1m
untested computer system to handle 999 calls, an official inquiry will reveal
next week.  Union leaders have already blamed the system for contributing to
the deaths of at least four patients.

Around 800,000 emergency calls are handled by the capital's ambulance
service each year. But after a spate of incidents, in which calls were lost
and emergency victims suffered long delays before ambulances arrived, the
system was abandoned.

Now an official report into the fiasco, demanded by health secretary
Virginia Bottomley, is expected to be scathing in its criticism.

Since last November an independent panel has been looking at the circumstances
surrounding the purchase of the system, bought when a previous computer-aided
dispatch module crashed.  Yet after just a few months of use the replacement
was similarly suffering from calldata overload.

Questions raised by the report will include why Aldershot-based Systems
Options was chosen as the main soft-ware supplier when it had no previous
experience in providing dispatch systems to the ambulance sector.

Jim Pedroza, Systems Options' founder, has consistently refused to talk to the
press. His networked solution based on Apricot workstations and servers
contrasts markedly with mini-based systems favoured by other emergency
services.

According to sources working close to the inquiry team, one conclusion is
that a replacement computer-aided dispatch system will now take years,
rather than months, to implement. It will also confirm that the Systems
Options solution is wholly unfit for the task.

Said one London ambulance source: "What we're talking about here is an
official stamp of condemnation. Not enough attention was paid to the project,
and the lack of expertise in choosing the system was completely unacceptable."

The outcome of the report has been delayed to allow for the publication
this week of the Tomlinson report on London hospitals.

Since the system was ditched, the service's chief John Wilby has resigned and
control room staff have reverted to manual methods of dispatching crews.

Dept. of Computing Science, University of Newcastle, Newcastle upon Tyne,
NE1 7RU, UK  Brian.Randell@newcastle.ac.uk   PHONE = +44 91 222 7923


DCCA-4 Call for Papers

Teresa Lunt <lunt@csl.sri.com>
Mon, 22 Feb 93 10:07:56 -0800
Below is the Call for Papers for the 4th IFIP Working Conference on Dependable
Computing for Critical Applications.  The conference aims to promote research
that considers different aspects of dependability, including security, safety,
reliability, and availability, in a common framework, with emphasis on high
assurance.

Call for Papers:

4th IFIP Working Conference on Dependable Computing for Critical Applications
January 4-6, 1994, Catamaran Resort Hotel, San Diego, California, USA

Increasingly, individuals and organizations are becoming critically dependent
on sophisticated computing systems. In differing circumstances, this
dependency might for example center on the continuity of service received from
the computing system, the overall performance level achieved, the real-time
response rate provided, the extent to which catastrophic failures are avoided,
or confidentiality violations prevented. The notion of dependability, defined
as the trustworthiness of computer service such that reliance can justifiably
be placed on this service, enables these various concerns to be subsumed
within a single conceptual framework with reliability, availability, safety
and security, for example, being treated as particular attributes of
dependability.

The fourth IFIP Working Conference on Dependable Computing for Critical
Applications aims at bringing together researchers and developers from
academia, industry and government for advancing the state of the art in
dependable computing. Papers are sought in all areas of dependable computing,
including but not limited to models, methods, algorithms, tools and practical
experience with specifying, designing, implementing, assessing, validating,
operating and maintaining dependable computing systems. Of particular, but not
exclusive, interest will be presentations which address combinations of
dependability attributes, e.g. safety and security or fault-tolerance and
safety, through studies of either a theoretical or an applied nature.

Submitting a Paper: Six copies (in English) of original work should be
submitted by 30 June 1993, to the Program co-Chair:

        Dr. Gerard Le Lann
        INRIA - Project REFLECS
        BP 105                          Tel:    +33.1.39635364
        78153 Le Chesnay Cedex          Fax:    +33.1.39635330
        France                          E-mail: Gerard.Le_Lann@inria.fr

Papers should be limited to 6000 words, full page figures being counted as 300
words. Each paper should include a short abstract and a list of keywords
indicating subject classification. Papers will be refereed and the final
choice will be made by the Program Committee. Notification of acceptance will
be sent by September 24 1993, and camera-ready copy will be due on November
12, 1993. A digest of papers will be available at the Conference, and
hardbound proceedings will be published after the Conference as a volume of
the Springer-Verlag series on Dependable Computing and Fault-Tolerant Systems.

Important Dates:
        Submission deadline: June 30, 1993
        Acceptance notification: September 24, 1993
        Camera-ready copy due: November 12, 1993

General Chair
  F. Cristian, Univ. of California, USA

Program Cochairs
  G. Le Lann, INRIA, France
  T. Lunt, SRI International, USA

Local Arrangements/Publicity Chair
  K. Marzullo, Univ. of California, USA

Program Committee
  J. Abraham, U of Texas at Austin, USA
  A. Avizienis, UCLA, USA
  D. Bjoerner, UNUIIST, Macau
  R. Butler, NASA, USA
  A. Costes, LAAS-CNRS, France
  M-C. Gaudel, LRI, France
  V. Gligor, U of Maryland, USA
  L. Gong, SRI International, USA
  H. Ihara, Hitachi, Japan
  J. Jacob, Oxford U, UK
  S. Jajodia, George Mason U, USA
  J. Lala, CS Draper Lab, USA
  C. Landwehr, NRL, USA
  K. Levitt, U of California Davis, USA
  C. Meadows, NRL, USA,
  J. McLean, NRL, USA
  M. Melliar-Smith, UCSB, USA
  J. Meyer, U of Michigan, USA
  J. Millen, MITRE, USA
  D. Parnas, McMaster U, Canada
  B. Randell, U of Newcastle upon Tyne, UK
  G. Rubino, IRISA, France
  R. Schlichting, U of Arizona, USA
  J. Stankovic, U of Massachusetts, USA
  P. Thevenod, LAAS-CNRS, France
  Y. Tohma, Tokyo Inst. of Technology, Japan

Ex-officio
  J-C. Laprie, LAAS-CNRS, France
  IFIP WG 10.4 Chair


Call for papers, Technology and Society

<m16805@mwvm.mitre.ogr>
Tuesday, 16 Feb 1993 20:08:04 EST
                         CALL FOR PAPERS
            TECHNOLOGY: WHOSE COSTS?...WHOSE BENEFITS?

Areas of Concentration:
  Computers and Communications, Health Care, Energy and the Environment

 The International Symposium on Technology and Society 1993 (ISTAS '93)
 The International Symposium that links Technology and Social Effects

                            Sponsors:
The Institute of Electrical and Electronic Engineers Inc. (IEEE)
        Society for the Social Implications of Technology
             The IEEE National Capital Area Council
         The IEEE Technology Policy Conference Committee

               Washington DC  October 22-23, 1993

Technology is constantly changing the our world.  New ways of doing things
bring benefits undreamed-of just a few years ago.  These technologies also
have their price.  The costs can be financial, but also less freedom, more
risks, more stress.  How do we balance benefits and costs?  Do those who enjoy
the benefits bear their fair share of the costs?  How can we determine a fair
share?  If we can, and don't like the results, what do we change?  Is the
Government always the best way to change things?

ISTAS '93 invites significant contributions on these issues from a wide
spectrum of scholarly and concerned individuals. The contributions can be
papers, proposals for a session or panel of invited experts, or proposals for
"poster" or discussion sessions.  Please send a 100 word summary for papers or
a 1000 word proposal for sessions, to the General Chair

Dr. William J. Kelly, Attn. IEEE, MITRE Corporation, m/c Z568, 7525 Colshire
Drive, McLean, VA 22102 E-mail: wjkelly@mitre.org

         Deadline for Submission:       March 12, 1993
         Notification of Acceptance:   April 12, 1993
         Camera Ready Copy:              June 30, 1993

For  information call Jackie Hunter (703)-803-8701


Privacy Digests

Peter G. Neumann <neumann@csl.sri.com>
Mon, 22 Feb 1993 13:13:37 -0800
Periodically I will remind you of TWO useful digests related to privacy,
both of which are siphoning off some of the material that would otherwise
appear in RISKS, but which should be read by those of you vitally interested in
privacy problems.  RISKS will continue to carry higher-level discussions in
which risks to privacy are a concern.

* The PRIVACY Forum Digest (PFD) is run by Lauren Weinstein.  He manages it as
  a rather selectively moderated digest, somewhat akin to RISKS; it spans the
  full range of both technological and non-technological privacy-related issues
  (with an emphasis on the former).  For information regarding the PRIVACY
  Forum, please send the exact line:

information privacy

  as the BODY of a message to "privacy-request@cv.vortex.com"; you will receive
  a response from an automated listserv system.  To submit contributions,
  send to "privacy@cv.vortex.com".

* The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is
  run by Dennis G. Rears.  It is gatewayed to the USENET newsgroup
  comp.society.privacy.  It is a relatively open (i.e., less tightly moderated)
  forum, and was established to provide a forum for discussion on the
  effect of technology on privacy.  All too often technology is way ahead of
  the law and society as it presents us with new devices and applications.
  Technology can enhance and detract from privacy.  Submissions should go to
  comp-privacy@pica.army.mil and administrative requests to
  comp-privacy-request@pica.army.mil.

There is clearly much potential for overlap between the two digests, although
contributions tend not to appear in both places.  If you are very short of time
and can scan only one, you might want to try the former.  If you are interested
in ongoing detailed discussions, try the latter.  Otherwise, it may well be
appropriate for you to read both, depending on the strength of your interests
and time available.
                                                  PGN

Please report problems with the web pages to the maintainer

x
Top