Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 15: Issue 46
Tuesday 8 February 1994
Contents
Medical privacy violation- Mich Kabay
- Revised Documents on FTP server without version number
- David W. Crawford
- Campaign Against Clipper
- Dave Banisar
- Re: Clipper Petition
- David Gursky
- Don't trust the phone company
- Tom Bodine
- Modern discussion of computer risks in old book
- Lauren Wiener
- RISKs of network surveys
- Craig DeForest
- National Cryptology Museum
- Larry Hunter
- 10th ACSAC Call for Papers
- Vince Reed
- Info on RISKS (comp.risks)
Medical privacy violation
"Mich Kabay / JINBU Corp." <75300.3232@CompuServe.COM>
06 Feb 94 21:32:00 EST
>From the Associated Press newswire via Executive News Service (GO ENS) on
CompuServe:
Health Care-Privacy, By MARCY GORDON, Associated Press Writer
WASHINGTON (AP, 27 Jan 1994) -- In a clear, quiet voice welling with
emotion, Rep. Nydia Velazquez told a Senate hearing Thursday how hospital
records related to her suicide attempt were leaked to New York newspapers
during her election campaign. Velazquez, a New York Democrat, testified
before a Senate Judiciary subcommittee hearing on how President Clinton's
proposed health plan would protect the privacy of medical records."
The author continues with details of the hearing. Key points:
o Sen. Patrick Leahy, D-Vt., chair of the subcommittee on technology
and the law, warned that the Clinton proposals would result in a
nationwide computerized database holding confidential data.
o Nan Hunter, deputy general counsel of the Department of Health and
Human Services, said, "[T]he administration is committed
to privacy as a first principle and the need to protect the
confidentiality of these records."
o Misuse of medical card numbers would result in criminal and civil
penalties.
o Velazquez discovered that her medical records had been sent by
anonymous fax to several newspapers, resulting in front-page headlines
about her attempted suicide.
o According to Velazquez, there are no federal regulations controlling
the use of medical records that escape from doctors' offices.
o Leahy mentioned that Arthur Ashe' medical records also became public.
o Janlori Goldman, director of the American Civil Liberties Union's
privacy and technology project, warned of the importance of
safeguarding "the privacy and security of personal health information."
o Carolyn Roberts, chairwoman-elect of the American Hospital
Association, commented on the wide disparities in state legislation
protecting health information against unauthorized disclosure. She
argued for a new federal privacy law to supersede state laws.
Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn
Revised Documents on FTP server without version number
David W. Crawford <crawford@fido.econlab.arizona.edu>
Mon, 07 Feb 1994 16:29:29 -0700 (MST)
>From croberts@crl.com Mon Feb 7 09:47:09 1994 Newsgroups: alt.internet.services Subject: Altered White House documents Date: 5 Feb 1994 09:38:23 -0800 I assume everyone knows about the ftp site whitehouse.gov. I just discovered that the Clinton rebuttal to Elizabeth McCaughey's critique of his health care plan has been altered on whitehouse.gov - with no mention in the current version that it has been changed. According to Associated Press writer Tom Raum, the original White House rebuttal to McCaughey's New Republic magazine article used the word "lie" four times. The copy of the White House rebuttal I just downloaded (Feb 5, morning, pacific time) does not contain the word lie nor does it contain any indication that it is a "revised" version. White House spokesman Dee Dee Myers defended the rebuttal on Thursday although she conceded that "perhaps the language was a little strong." Clinton, asked by reporters earlier this week about calling McCaughey's comments lies, responded, "Well, I hate to use that word, but the New Republic article was way off base and the New Republic didn't make total disclosure about the source of the article." So Clinton admitted to the use of "lie" but it has since been removed from the version available for anonymous ftp at whitehouse.gov. Makes you wonder just how self- serving and accurate the rest of the information there might be... UWSA'ers note: the whitehouse.gov directory /pub/political- science/speeches/perot contains the text of Perot's book "United We Stand," and various Perot speeches. But no, I have not double- checked them for unauthorized "revisions." From: Samer Farha <Samer@clark.net> Newsgroups: alt.internet.services writes: In almost every speech (be it a minute or an hour) every member of Congress starts off by saying words to the effect of "I would like to reserve the right to extend and revise my remarks", which is followed by the chair saying that "without objection, it is agreed to.." This little phrase gives any speaker the right to add pages of a speech, when they only have two minutes left in official debate. That way, when someone says, but you got up there and said only one thing, the Congressman can say that is not true: look at the daily record, it has the whole speech. Often, they may say something in a less than articulate way and then revise the way the said it for the record. One time two Senators got into a very heated name calling session, it was reported in the press and seen on C-SPAN, but it was removed from the official record after they both calmed down and "revised" their remarks. People will always change their minds or regret saying something, they often try to tell you that what they meant was not what they said. If they are rich or powerful enough, they will hire press agents to "spin" the story the right way. This changing of printed documents is nothing but an extension of that. The media is there to make sure that big glaring mess ups don't fall through the cracks. David Crawford crawford@Arizona.EDU, U of Arizona
Campaign Against Clipper
Dave Banisar <banisar@washofc.cpsr.org>
Mon, 7 Feb 1994 22:28:08 EST
CPSR ANNOUNCES CAMPAIGN TO OPPOSE CLIPPER PROPOSAL Embargoed until 2 pm, Monday, February 7, 1994 contact: rotenberg@washofc.cpsr.org (202 544 9240) Washington, DC -- Following the White House decision on Friday to endorse a secret surveillance standard for the information highway, Computer Professionals for Social Responsibility (CPSR) today announced a national campaign to oppose the government plan. The Clipper proposal, developed in secret by the National Security Agency, is a technical standard that will make it easier for government agents to wiretap the emerging data highway. Industry groups, professional associations and civil liberties organizations have expressed almost unanimous opposition to the plan since it was first proposed in April 1993. According to Marc Rotenberg, CPSR Washington director, the Administration made a major blunder with Clipper. "The public does not like Clipper and will not accept it. This proposal is fatally flawed." CPSR cited several problems with the Clipper plan: o The technical standard is subject to misuse and compromise. It would provide government agents with copies of the keys that protect electronic communications. "It is a nightmare for computer security," said CPSR Policy Analyst Dave Banisar. o The underlying technology was developed in secret by the NSA, an intelligence agency responsible for electronic eavesdropping, not privacy protection. Congressional investigations in the 1970s disclosed widespread NSA abuses, including the illegal interception of millions of cables sent by American citizens. o Computer security experts question the integrity of the technology. Clipper was developed in secret and its specifications are classified. CPSR has sued the government seeking public disclosure of the Clipper scheme. o NSA overstepped its legal authority in developing the standard. A 1987 law explicitly limits the intelligence agency's power to set standards for the nation's communications network. o There is no evidence to support law enforcement's claims that new technologies are hampering criminal investigations. CPSR recently forced the release of FBI documents that show no such problems. o The Administration ignored the overwhelming opposition of the general public. When the Commerce Department solicited public comments on the proposal last fall, hundreds of people opposed the plan while only a few expressed support. CPSR today announced four goals for its campaign to oppose the Clipper initiative: o First, to educate the public about the implications of the Clipper proposal. o Second, to encourage people to express their views on the Clipper proposal, particularly through the computer network. Toward that goal, CPSR has already begun an electronic petition on the Internet computer network urging the President to withdraw the Clipper proposal. In less than one week, the CPSR campaign has drawn thousands of electronic mail messages expressing concern about Clipper. To sign on, email clipper.petition@cpsr.org with the message "I oppose clipper" in the body of the text. o Third, to pursue litigation to force the public disclosure of documents concerning the Clipper proposal and to test the legality of the Department of Commerce's decision to endorse the plan. o Fourth, to examine alternative approaches to Clipper. Mr. Rotenberg said "We want the public to understand the full implications of this plan. Today it is only a few experts and industry groups that understand the proposal. But the consequences of Clipper will touch everyone. It will affect medical payments, cable television service, and everything in between. CPSR is a membership-based public interest organization. For more information about CPSR, send email to cpsr@cpsr.org or call 415 322 3778. For more information about Clipper, check the CPSR Internet library CPSR.ORG. FTP/WAIS/Gopher and listserv access are available.
Re: Clipper Petition
David Gursky <dgursky@nextsrv1.andi.org>
Fri, 4 Feb 94 18:31 EST
> Electronic Petition to Oppose Clipper
> Please Distribute Widely
<Text of petition solicitation removed to save bandwidth>
>To sign on to the letter, send a message to:
> Clipper.petition@cpsr.org
>with the message "I oppose Clipper" (no quotes)
>You will receive a return message confirming your vote.
I apologize for sounding sarcastic or cynical, but I was quite chagrined
when I saw this proposal appear in RISKS. Not because I am opposed to what
CPSR proposes in the message, but rather:
1 - Because the risks associated with electronic voting have been well
discussed in this forum and
2 - Because the Computer Professionals for Social Responsibility, an
organization that ought to know better, (certainly with a name like
theirs), does not appear to have included any mechanism in their
their petition drive to mitigate these risks.
Now I'll certainly grant that the CPSR's petition has no rule of law behind
it, as would a petition to put a local ordinance on an election ballot, but
the irony of CPSR's request is noteworthy.
[Given the inherent risks of spoofing E-mail, there is clearly a risk
of someone sending a bogus petition signature. In the absence of
nontrivial authentication, there is always the option of human
verification... PGN]
Don't trust the phone company
Tom Bodine <tbodine@utig.ig.utexas.edu>
8 Feb 1994 13:53:35 GMT
I am the victim of false accusations.
My wife and I were at home some time last week. I was busy cooking dinner. My
wife was busy chasing our two year old, when we received a phone call which my
wife accepted. The fellow on the other end of the line was extremely irate.
His wife has been receiving obscene phone calls for some time now. He had
purchased the service provided by the phone company which allows you to call
back the last person to dial you. After his wife had discontinued the obscene
call she'd just received, he had used this feature to righteously confront her
abuser. Instead he had dialed us.
This was somewhat perplexing until a few minutes later, my wife's best
friend called. Imediately after saying hello, My wife began relating
this strange occurence to her friend. Her friend then told my wife
that it was her husband who had made this call utilizing this phone
service.
This has put a heavy strain upon my wife's relationship with her
friend, because her friend's husband has assumed that I am the author
of these obscene calls. Whereas I barely have time for all the things
which fill my life. I have no time or interest in making such calls.
It is my belief that my wife had tried to call her best friend during the
obscene phone call. This attempt overwrote the perpetrator's number, so that
when the call back service was used, our phone rang instead.
If there are any knowledgeable netter's out there that could give me any more
info, I'd appreciate it.
Regards Tom Bodine
modern discussion of computer risks in old book
Lauren Wiener <lauren@reed.edu>
Wed, 02 Feb 94 21:47:22 -0800
My uncle was poking around in a used bookstore and found a book entitled "The Naked Computer" (by Jack Rochester & John Gantz, Wm Morrow & Co., NY) which was published in 1983 and intended for a lay audience. It's got some stories I have never heard, such as this one on p. 71: "David Walonick, a computer programmer and consultant in Minneapolis, found that his new IBM personal computer divided 0.1 by 10 and came up with 0.001 instead of 0.01. IBM told him beginning programmers "have problems like that." It wasn't corrected until Walonick told the _New York Times_." There follows a somewhat muddy and unsatisfying explanation of the problem, followed by the insightful comment: "The more serious problem is that most computer users have difficulty discerning when there is an inaccurate sum; computers are generally regarded as correct." The book also includes an interview by Adam Osborne, in which he says the following on the subject of computer risks: "Authors: In your book, _Running Wild_, you say there are places we shouldn't use computers. "Osborne: Yes. In balloting, for instance, I just feel that the slightest chance of fraud isn't worth it. If we are going to spend a little bit more money for counting or if we have to wait longer, fine. We all know that rigging is possible -- it's very easy to do. It's not just the outsiders I'm worried about, it's the people running it. "Electronic funds transfer is the next place where I have a lot of problems because the potential for fraud is so great. I've heard of banks that are doing funds transfer on public-access networks. In 1980 I issued a public challenge to any bank that would guarantee in writing not to prosecute me that I would steal $10 million from them via wire fraud. We weren't actually going to rip off the bank; in fact, we were going to call the bank president and ask him to come and get his money. We'd have a $10 million cashier's check waiting for him. Of course, no bank took me up on the offer. As for the stock exchange, my God! There has never been an opportunity like that. Who is going to count the shares? Who really knows who owes who what? I think it's madness." Wonder what he thinks now?
RISKs of network surveys
Craig "Powderkeg" DeForest <zowie@daedalus.stanford.edu>
3 Feb 94 00:17:07
I subscribe to the Presidential-speech service from CLINTON.ai.mit.edu. I've been getting electronic copies of all Clinton's speeches since before his election (when I also got Bush's speeches). A couple of days ago, I got a letter from "M.I.T. Pollster's Assistant", asking me to fill out a survey about my usage of the service. I, of course, complied. There was some confusion about one of the questions -- I gave the server an invalid answer, and it wrote me back asking me for a correction to that particular question only. I sent back the form -- but apparently the server misunderstood, because I got back *another* polite auto-letter telling me I'd filed an incomplete survey, and would I please fill out the remaining seven questions? Confused, I decided to make a wash of the whole thing. I have done nothing for one week. I just received a letter from the server, asking me to finish filling out my survey! Not surprising, except that the 40-odd line message was preceded by 250 lines of "Apparently-To: <hapless-fool@some.other.machine>". Apparently, all of us hapless fools are in the same boat, but now ALL OF THEM know that I am one of "those" undesirable sorts of people who start filling out surveys and then don't finish them. In fact, I (and they) can surmise that everyone on the list receives the clinton service. In a matter of seconds, I had several of their true names via finger -- as, I imagine, they did mine. Mild annoyance -- here, privacy is more a matter of courtesy than necessity -- but it's easy to imagine a situation that called for more anonymity (say a sexual preferences survey). To sum up: (A) public mail-servers have to be not only clever and polite, but also extremely robust; and (B) it's very easy to compromise list privacy by mistake. Fortunately, I'm in good company. Two lines below me is BIFF@MIT.EDU, another truant survey-taker! K00L, EH?!!1!
National Cryptology Museum
Larry Hunter <hunter@work.nlm.nih.gov>
Thu, 3 Feb 94 14:08:06 -0500
Following up on Jeremy Epstein's note in RISKS 15.41, I went to visit the National Cryptology Museum, and can recommend it. It's open 9am-3pm weekdays and by appointment. It's basically one large room, with several interesting displays; my favorite was 7 volumes from the NSA rare book collection, including the oldest published work on cryptology, Johannes Trithemius' "Polygraphiae," first published in 1517. They also had a Pace-10 analog computer, and IBM Harvest and a Cray XMP-24 on display. There were nice historical displays on Yarley & the Black Chamber, US Civil War crypto and a US Revolutionary War era crypto device (the M-94) that may have been designed by Thomas Jefferson. The largest display was dedicated to Enigma and the device for cracking it, Bombe. There is a working Enigma that visitors can use! There are a few displays that are more current: pictures of the NSA buildings and director and a description of NSA's Special Processing Lab (SPL) which does special purpose chip fabrication. There was the expected KGB stuff, and a quote from George Washington about the importance of "keeping the whole matter secret." The curator, Jack Ingrams, was friendly and eager to answer (some) questions. He said that since the Washington Post article, traffic had been about 25-30 people a day, and that they will be on TV this week, which he expects to further increase the number of visitors. He was curious about the RISKS posting and internet, so if anybody who sees this talks to him while visiting, mention the net. He also said that they will be opening the unclassified portion of their crypto library to scholars sometime in the summer. The handout on the museum also says that the FOIA reading room shares space with the library. Obligatory RISK-y note: Ingrams mentioned that the museum opened to NSA personnel in October, and to the general public around Christmas time. A quick glance through the guest sign-in book shows that the fourth visitor to the museum, on October 29, was one Duane Whitlock, who listed his employer as C&P Telephone, our local baby bell. hmmm.
10th ACSAC Call for Papers
<vreed@smiley.mitre.org>
Tue, 8 Feb 1994 08:56:30 -0600
CALL FOR PAPERS AND PARTICIPATION
Tenth Annual Computer Security
Applications Conference
December 5-9, 1994
Orlando, Florida
With the advent of the Information Age, information systems are
routinely processing private, proprietary, sensitive, classified, and critical
information. Computers have created a universal addiction to information in
the military, government, and private sectors. The result is a proliferation
of computers, computer networks, databases, and applications empowered to make
decisions ranging from the mundane to life threatening or life preserving.
Some of the computer security challenges that the community is faced
with include the following:
* Develop methodologies and tools for designing systems capable of
protecting the sensitivity and integrity of information, and
assuring that expected services are available when needed.
* Design safety-critical systems such that their software and hardware
are not hazardous.
* Develop methodologies and tools capable of assuring that computer
systems accorded trust are worthy of that trust.
* Build systems of systems out of components that have been deemed
trustworthy.
* Build applications on evaluated trusted systems without compromising
the inherent trust.
* Include computer security in enterprise modeling and reengineering.
* Extend computer security technologies to specifically address the
needs of the civil and private sectors.
* Develop international standards for computer security technology.
This conference will attempt to address these challenges. It will
explore a broad range of technology applications with security and safety
concerns. Technical papers, panels, vendor presentations, and tutorials that
address the application of computer security and safety technologies in the
civil, defense, and commercial environments are solicited. Selected papers
will be those that present examples of in-place or attempted solutions to
these problems in real applications; lessons learned; and original research,
analyses, and approaches for defining the computer security issues and
problems. Of particular interest are papers that present descriptions of
secure systems in use or under development, general strategy, methodologies
for analyzing the scope and nature of integrated computer security issues, and
potential solutions. Papers written by students will be judged for a Best
Student Paper Award. A prize of $500, plus expenses to attend the conference,
will be awarded for the selected best student paper (contact the Student Paper
Award Chairperson for details, but submit your paper to the Technical Program
Chairperson).
Panels of interest include those that present alternative/
controversial viewpoints or those that encourage lively discussion of relevant
issues. Panels that are simply a collection of unrefereed papers will not be
selected.
Vendor presentations of interest should emphasize innovative product
implementations, especially implementations involving the integration of
multiple products. Vendor presentations that simply describe product features
will not be selected.
INSTRUCTIONS TO AUTHORS
Send five copies of your paper or panel proposal to Dr. Gary Smith,
Technical Program Chair, at the address given below. Since we provide blind
refereeing, we ask that you put names and affiliations of authors on a
separate cover page only. Substantially identical papers that have been
previously published or are under consideration for publication elsewhere
should not be submitted. Panel proposals should be a minimum of one page that
describes the panel theme and appropriateness of the panel for this
conference, as well as identifies panel participants and their respective
viewpoints. For panel/forum preparation instructions, please contact Jody
Heaney at (703) 883-5837 or via e-mail at heaney@smiley.mitre.org. Send five
copies of your vendor presentation proposal to Steve Rome at the address given
below. Vendor presentation proposals should include an abstract and outline
that describe the product and example applications. Send one copy of your
tutorial proposal to Daniel Faigin at the address given below. It should
consist of one- to two-paragraph abstract of the tutorial, an initial outline
of the material to be presented, and an indication of the desired tutorial
length (full day or half day). Electronic submission of tutorial proposals is
preferred.
Completed papers as well as proposals for panels, vendor presentations, and
tutorials must be received by May 31, 1994. Authors will be required to
certify prior to June 30, 1994, that all necessary clearances for public
release have been obtained; that the author or qualified representative will
be represented at the conference to deliver the paper, and that the paper has
not been accepted elsewhere. Authors will be notified of acceptance by August
5, 1994. Camera-ready copies are due not later than September 26, 1994.
Material should be sent to:
Dr. Gary Smith Daniel Faigin
Technical Program Chair Tutorial Program Chair
ARCA Systems, Inc. The Aerospace Corporation
8229 Boone Blvd., Suite 610 P.O. Box 92957, MS M1/055
Vienna, VA 22182 Los Angeles, CA 90009-2957
(703) 734-5611 (310) 336-8228
smith@arca.va.com faigin@aero.org
Steve Rome Ravi Sandhu
Vendor Track Chair Student Paper Award
CISS, Code TGD George Mason University
5113 Leesburg Pike, Suite 400 ISSE Department
Falls Church, VA 22041 Fairfax, VA 22030-4444
(703) 756-7926 (703) 993-1659
romes@cc.ims.disa.mil sandhu@gmuvax2.gmu.edu
Areas of Interest Include
Computer Security Tools
Software Safety Analysis and Design
Trusted System Architectures and Technology
Encryption Applications (e.g., Digital Signature)
Application of Formal Assurance Methods
Risk/Hazard Assessments
Security Policy and Management Issues
Security in Enterprise Modeling or Reengineering
Trusted DBMSs, Operating Systems, and Networks
Open Systems and Composted Systems
Electronic Document Interchange
Certification, Evaluation, and Accreditation
Additional Information
For more information or to receive future mailings, please contact
the following at:
Ann Marmor-Squires Vince Reed
Conference Chair Publicity Cochair
TRW Systems Division The MITRE Corporation
1 Federal Systems Park Drive 1500 Perimeter Pkwy., Suite 310
Fairfax, VA 22033 Huntsville, AL 35806
(703) 803-5503 (205) 830-2606
marmor@charm.isi.edu vreed@mitre.org
Report problems with the web pages to the maintainer