The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 15 Issue 46

Tuesday 8 February 1994


o Medical privacy violation
Mich Kabay
o Revised Documents on FTP server without version number
David W. Crawford
o Campaign Against Clipper
Dave Banisar
o Re: Clipper Petition
David Gursky
o Don't trust the phone company
Tom Bodine
o Modern discussion of computer risks in old book
Lauren Wiener
o RISKs of network surveys
Craig DeForest
o National Cryptology Museum
Larry Hunter
o 10th ACSAC Call for Papers
Vince Reed
o Info on RISKS (comp.risks)

Medical privacy violation

"Mich Kabay / JINBU Corp." <75300.3232@CompuServe.COM>
06 Feb 94 21:32:00 EST
>From the Associated Press newswire via Executive News Service (GO ENS) on

Health Care-Privacy, By MARCY GORDON, Associated Press Writer
   WASHINGTON (AP, 27 Jan 1994) — In a clear, quiet voice welling with
emotion, Rep. Nydia Velazquez told a Senate hearing Thursday how hospital
records related to her suicide attempt were leaked to New York newspapers
during her election campaign.  Velazquez, a New York Democrat, testified
before a Senate Judiciary subcommittee hearing on how President Clinton's
proposed health plan would protect the privacy of medical records."

The author continues with details of the hearing.  Key points:

o    Sen. Patrick Leahy, D-Vt., chair of the subcommittee on technology
     and the law, warned that the Clinton proposals would result in a
     nationwide computerized database holding confidential data.

o    Nan Hunter, deputy general counsel of the Department of Health and
     Human Services, said, "[T]he administration is committed
     to privacy as a first principle and the need to protect the
     confidentiality of these records."

o    Misuse of medical card numbers would result in criminal and civil

o    Velazquez discovered that her medical records had been sent by
     anonymous fax to several newspapers, resulting in front-page headlines
     about her attempted suicide.

o    According to Velazquez, there are no federal regulations controlling
     the use of medical records that escape from doctors' offices.

o    Leahy mentioned that Arthur Ashe' medical records also became public.

o    Janlori Goldman, director of the American Civil Liberties Union's
     privacy and technology project, warned of the importance of
     safeguarding "the privacy and security of personal health information."

o    Carolyn Roberts, chairwoman-elect of the American Hospital
     Association, commented on the wide disparities in state legislation
     protecting health information against unauthorized disclosure.  She
     argued for a new federal privacy law to supersede state laws.

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn

Revised Documents on FTP server without version number

David W. Crawford <>
Mon, 07 Feb 1994 16:29:29 -0700 (MST)
>From Mon Feb  7 09:47:09 1994
Subject: Altered White House documents
Date: 5 Feb 1994 09:38:23 -0800

I assume everyone knows about the ftp site I just discovered
that the Clinton rebuttal to Elizabeth McCaughey's critique of his health care
plan has been altered on - with no mention in the current
version that it has been changed.

According to Associated Press writer Tom Raum, the original White House
rebuttal to McCaughey's New Republic magazine article used the word "lie" four
times. The copy of the White House rebuttal I just downloaded (Feb 5, morning,
pacific time) does not contain the word lie nor does it contain any indication
that it is a "revised" version.

White House spokesman Dee Dee Myers defended the rebuttal on Thursday although
she conceded that "perhaps the language was a little strong." Clinton, asked
by reporters earlier this week about calling McCaughey's comments lies,
responded, "Well, I hate to use that word, but the New Republic article was
way off base and the New Republic didn't make total disclosure about the
source of the article." So Clinton admitted to the use of "lie" but it has
since been removed from the version available for anonymous ftp at Makes you wonder just how self- serving and accurate the rest
of the information there might be...

UWSA'ers note: the directory /pub/political-
science/speeches/perot contains the text of Perot's book "United We Stand,"
and various Perot speeches. But no, I have not double- checked them for
unauthorized "revisions."

From: Samer Farha <>

In almost every speech (be it a minute or an hour) every member of Congress
starts off by saying words to the effect of "I would like to reserve the right
to extend and revise my remarks", which is followed by the chair saying that
"without objection, it is agreed to.."

This little phrase gives any speaker the right to add pages of a speech, when
they only have two minutes left in official debate.  That way, when someone
says, but you got up there and said only one thing, the Congressman can say
that is not true: look at the daily record, it has the whole speech.  Often,
they may say something in a less than articulate way and then revise the way
the said it for the record.

One time two Senators got into a very heated name calling session, it was
reported in the press and seen on C-SPAN, but it was removed from the official
record after they both calmed down and "revised" their remarks.

People will always change their minds or regret saying something, they often
try to tell you that what they meant was not what they said.  If they are rich
or powerful enough, they will hire press agents to "spin" the story the right
way.  This changing of printed documents is nothing but an extension of that.
The media is there to make sure that big glaring mess ups don't fall through
the cracks.

David Crawford  crawford@Arizona.EDU, U of Arizona

Campaign Against Clipper

Dave Banisar <>
Mon, 7 Feb 1994 22:28:08 EST

Embargoed until 2 pm, Monday, February 7, 1994

contact:  (202 544 9240)

Washington, DC — Following the White House decision on Friday to endorse a
secret surveillance standard for the information highway, Computer
Professionals for Social Responsibility (CPSR) today announced a national
campaign to oppose the government plan.

The Clipper proposal, developed in secret by the National Security Agency, is
a technical standard that will make it easier for government agents to wiretap
the emerging data highway.

Industry groups, professional associations and civil liberties organizations
have expressed almost unanimous opposition to the plan since it was first
proposed in April 1993.

According to Marc Rotenberg, CPSR Washington director, the Administration made
a major blunder with Clipper.  "The public does not like Clipper and will not
accept it. This proposal is fatally flawed."

CPSR cited several problems with the Clipper plan:

o The technical standard is subject to misuse and compromise. It would provide
government agents with copies of the keys that protect electronic
communications.  "It is a nightmare for computer security," said CPSR Policy
Analyst Dave Banisar.

o The underlying technology was developed in secret by the NSA, an
intelligence agency responsible for electronic eavesdropping, not privacy
protection. Congressional investigations in the 1970s disclosed widespread NSA
abuses, including the illegal interception of millions of cables sent by
American citizens.

o Computer security experts question the integrity of the technology.  Clipper
was developed in secret and its specifications are classified.  CPSR has sued
the government seeking public disclosure of the Clipper scheme.

o NSA overstepped its legal authority in developing the standard.  A 1987 law
explicitly limits the intelligence agency's power to set standards for the
nation's communications network.

o There is no evidence to support law enforcement's claims that new
technologies are hampering criminal investigations. CPSR recently forced the
release of FBI documents that show no such problems.

o The Administration ignored the overwhelming opposition of the general
public. When the Commerce Department solicited public comments on the proposal
last fall, hundreds of people opposed the plan while only a few expressed

CPSR today announced four goals for its campaign to oppose the Clipper

o First, to educate the public about the implications of the Clipper proposal.

o Second, to encourage people to express their views on the Clipper proposal,
particularly through the computer network.

Toward that goal, CPSR has already begun an electronic petition on the
Internet computer network urging the President to withdraw the Clipper
proposal. In less than one week, the CPSR campaign has drawn thousands of
electronic mail messages expressing concern about Clipper. To sign on, email with the message "I oppose clipper" in the body of
the text.

o Third, to pursue litigation to force the public disclosure of documents
concerning the Clipper proposal and to test the legality of the Department of
Commerce's decision to endorse the plan.

o Fourth, to examine alternative approaches to Clipper.

Mr. Rotenberg said "We want the public to understand the full implications of
this plan.  Today it is only a few experts and industry groups that understand
the proposal.  But the consequences of Clipper will touch everyone.  It will
affect medical payments, cable television service, and everything in between.

CPSR is a membership-based public interest organization.  For more information
about CPSR, send email to or call 415 322 3778.  For more
information about Clipper, check the CPSR Internet library CPSR.ORG.
FTP/WAIS/Gopher and listserv access are available.

Re: Clipper Petition

David Gursky <>
Fri, 4 Feb 94 18:31 EST
>                Electronic Petition to Oppose Clipper
>                      Please Distribute Widely

<Text of petition solicitation removed to save bandwidth>

>To sign on to the letter, send a message to:


>with the message "I oppose Clipper" (no quotes)

>You will receive a return message confirming your vote.

I apologize for sounding sarcastic or cynical, but I was quite chagrined
when I saw this proposal appear in RISKS.  Not because I am opposed to what
CPSR proposes in the message, but rather:

  1 - Because the risks associated with electronic voting have been well
      discussed in this forum and

  2 - Because the Computer Professionals for Social Responsibility, an
      organization that ought to know better, (certainly with a name like
      theirs), does not appear to have included any mechanism in their
      their petition drive to mitigate these risks.

Now I'll certainly grant that the CPSR's petition has no rule of law behind
it, as would a petition to put a local ordinance on an election ballot, but
the irony of CPSR's request is noteworthy.

  [Given the inherent risks of spoofing E-mail, there is clearly a risk
  of someone sending a bogus petition signature.  In the absence of
  nontrivial authentication, there is always the option of human
  verification...  PGN]

Don't trust the phone company

Tom Bodine <>
8 Feb 1994 13:53:35 GMT
I am the victim of false accusations.

My wife and I were at home some time last week. I was busy cooking dinner.  My
wife was busy chasing our two year old, when we received a phone call which my
wife accepted.  The fellow on the other end of the line was extremely irate.
His wife has been receiving obscene phone calls for some time now.  He had
purchased the service provided by the phone company which allows you to call
back the last person to dial you.  After his wife had discontinued the obscene
call she'd just received, he had used this feature to righteously confront her
abuser.  Instead he had dialed us.

 This was somewhat perplexing until a few minutes later, my wife's best
 friend called. Imediately after saying hello, My wife began relating
 this strange occurence to her friend. Her friend then told my wife
 that it was her husband who had made this call utilizing this phone

This has put a heavy strain upon my wife's relationship with her
friend, because her friend's husband has assumed that I am the author
of these obscene calls. Whereas I barely have time for all the things
which fill my life. I have no time or interest in making such calls.

It is my belief that my wife had tried to call her best friend during the
obscene phone call. This attempt overwrote the perpetrator's number, so that
when the call back service was used, our phone rang instead.

If there are any knowledgeable netter's out there that could give me any more
info, I'd appreciate it.

            Regards Tom Bodine

modern discussion of computer risks in old book

Lauren Wiener <>
Wed, 02 Feb 94 21:47:22 -0800
My uncle was poking around in a used bookstore and found a book entitled "The
Naked Computer" (by Jack Rochester & John Gantz, Wm Morrow & Co., NY) which was
published in 1983 and intended for a lay audience.  It's got some stories
I have never heard, such as this one on p. 71:

"David Walonick, a computer programmer and consultant in Minneapolis, found
that his new IBM personal computer divided 0.1 by 10 and came up with 0.001
instead of 0.01.  IBM told him beginning programmers "have problems like
that."  It wasn't corrected until Walonick told the _New York Times_."

There follows a somewhat muddy and unsatisfying explanation of the problem,
followed by the insightful comment:

"The more serious problem is that most computer users have difficulty
discerning when there is an inaccurate sum; computers are generally regarded
as correct."

The book also includes an interview by Adam Osborne, in which he says the
following on the subject of computer risks:

"Authors:  In your book, _Running Wild_, you say there are places we shouldn't
use computers.

"Osborne:  Yes.  In balloting, for instance, I just feel that the slightest
chance of fraud isn't worth it.  If we are going to spend a little bit more
money for counting or if we have to wait longer, fine.  We all know that
rigging is possible — it's very easy to do.  It's not just the outsiders I'm
worried about, it's the people running it.

"Electronic funds transfer is the next place where I have a lot of problems
because the potential for fraud is so great.  I've heard of banks that are
doing funds transfer on public-access networks.  In 1980 I issued a public
challenge to any bank that would guarantee in writing not to prosecute me that
I would steal $10 million from them via wire fraud.  We weren't actually going
to rip off the bank; in fact, we were going to call the bank president and ask
him to come and get his money.  We'd have a $10 million cashier's check
waiting for him.  Of course, no bank took me up on the offer.

As for the stock exchange, my God!  There has never been an opportunity like
that.  Who is going to count the shares?  Who really knows who owes who what?
I think it's madness."

Wonder what he thinks now?

RISKs of network surveys

Craig "Powderkeg" DeForest <>
3 Feb 94 00:17:07
I subscribe to the Presidential-speech service from  I've
been getting electronic copies of all Clinton's speeches since before his
election (when I also got Bush's speeches).

A couple of days ago, I got a letter from "M.I.T. Pollster's Assistant",
asking me to fill out a survey about my usage of the service.  I, of course,

There was some confusion about one of the questions — I gave the server an
invalid answer, and it wrote me back asking me for a correction to that
particular question only.

I sent back the form — but apparently the server misunderstood, because I got
back *another* polite auto-letter telling me I'd filed an incomplete survey,
and would I please fill out the remaining seven questions?

Confused, I decided to make a wash of the whole thing.  I have done nothing
for one week.

I just received a letter from the server, asking me to finish filling out my
survey!  Not surprising, except that the 40-odd line message was preceded by
250 lines of "Apparently-To: <hapless-fool@some.other.machine>".  Apparently,
all of us hapless fools are in the same boat, but now ALL OF THEM know that I
am one of "those" undesirable sorts of people who start filling out surveys
and then don't finish them.  In fact, I (and they) can surmise that everyone
on the list receives the clinton service. In a matter of seconds, I had
several of their true names via finger — as, I imagine, they did mine.  Mild
annoyance — here, privacy is more a matter of courtesy than necessity — but
it's easy to imagine a situation that called for more anonymity (say a sexual
preferences survey).

To sum up: (A) public mail-servers have to be not only clever and polite, but
also extremely robust; and (B) it's very easy to compromise list privacy by

Fortunately, I'm in good company.  Two lines below me is BIFF@MIT.EDU,
another truant survey-taker!  K00L, EH?!!1!

National Cryptology Museum

Larry Hunter <>
Thu, 3 Feb 94 14:08:06 -0500
Following up on Jeremy Epstein's note in RISKS 15.41, I went to visit the
National Cryptology Museum, and can recommend it.  It's open 9am-3pm weekdays
and by appointment.  It's basically one large room, with several interesting
displays; my favorite was 7 volumes from the NSA rare book collection,
including the oldest published work on cryptology, Johannes Trithemius'
"Polygraphiae," first published in 1517.  They also had a Pace-10 analog
computer, and IBM Harvest and a Cray XMP-24 on display.  There were nice
historical displays on Yarley & the Black Chamber, US Civil War crypto and a
US Revolutionary War era crypto device (the M-94) that may have been designed
by Thomas Jefferson.  The largest display was dedicated to Enigma and the
device for cracking it, Bombe.  There is a working Enigma that visitors can
use!  There are a few displays that are more current: pictures of the NSA
buildings and director and a description of NSA's Special Processing Lab (SPL)
which does special purpose chip fabrication.  There was the expected KGB
stuff, and a quote from George Washington about the importance of "keeping the
whole matter secret."

The curator, Jack Ingrams, was friendly and eager to answer (some) questions.
He said that since the Washington Post article, traffic had been about 25-30
people a day, and that they will be on TV this week, which he expects to
further increase the number of visitors.  He was curious about the RISKS
posting and internet, so if anybody who sees this talks to him while visiting,
mention the net.  He also said that they will be opening the unclassified
portion of their crypto library to scholars sometime in the summer.  The
handout on the museum also says that the FOIA reading room shares space with
the library.

Obligatory RISK-y note: Ingrams mentioned that the museum opened to NSA
personnel in October, and to the general public around Christmas time.  A
quick glance through the guest sign-in book shows that the fourth visitor to
the museum, on October 29, was one Duane Whitlock, who listed his employer as
C&P Telephone, our local baby bell.  hmmm.

10th ACSAC Call for Papers

Tue, 8 Feb 1994 08:56:30 -0600
                      Tenth Annual Computer Security
                         Applications Conference
                           December 5-9, 1994
                            Orlando, Florida

        With the advent of the Information Age, information systems are
routinely processing private, proprietary, sensitive, classified, and critical
information.  Computers have created a universal addiction to information in
the military, government, and private sectors.  The result is a proliferation
of computers, computer networks, databases, and applications empowered to make
decisions ranging from the mundane to life threatening or life preserving.

        Some of the computer security challenges that the community is faced
with include the following:

        *  Develop methodologies and tools for designing systems capable of

           protecting the sensitivity and integrity of information, and
           assuring that expected services are available when needed.

        *  Design safety-critical systems such that their software and hardware
           are not hazardous.

        *  Develop methodologies and tools capable of assuring that computer
           systems accorded trust are worthy of that trust.

        *  Build systems of systems out of components that have been deemed

        *  Build applications on evaluated trusted systems without compromising
           the inherent trust.

        *  Include computer security in enterprise modeling and reengineering.

        *  Extend computer security technologies to specifically address the
           needs of the civil and private sectors.

        *  Develop international standards for computer security technology.

        This conference will attempt to address these challenges.  It will
explore a broad range of technology applications with security and safety
concerns.  Technical papers, panels, vendor presentations, and tutorials that
address the application of computer security and safety technologies in the
civil, defense, and commercial environments are solicited.  Selected papers
will be those that present examples of in-place or attempted solutions to
these problems in real applications; lessons learned; and original research,
analyses, and approaches for defining the computer security issues and
problems.  Of particular interest are papers that present descriptions of
secure systems in use or under development, general strategy, methodologies
for analyzing the scope and nature of integrated computer security issues, and
potential solutions.  Papers written by students will be judged for a Best
Student Paper Award.  A prize of $500, plus expenses to attend the conference,
will be awarded for the selected best student paper (contact the Student Paper
Award Chairperson for details, but submit your paper to the Technical Program

        Panels of interest include those that present alternative/
controversial viewpoints or those that encourage lively discussion of relevant
issues. Panels that are simply a collection of unrefereed papers will not be

        Vendor presentations of interest should emphasize innovative product
implementations, especially implementations involving the integration of
multiple products.  Vendor presentations that simply describe product features
will not be selected.


        Send five copies of your paper or panel proposal to Dr. Gary Smith,
Technical Program Chair, at the address given below. Since we provide blind
refereeing, we ask that you put names and affiliations of authors on a
separate cover page only.  Substantially identical papers that have been
previously published or are under consideration for publication elsewhere
should not be submitted.  Panel proposals should be a minimum of one page that
describes the panel theme and appropriateness of the panel for this
conference, as well as identifies panel participants and their respective
viewpoints.  For panel/forum preparation instructions, please contact Jody
Heaney at (703) 883-5837 or via e-mail at  Send five
copies of your vendor presentation proposal to Steve Rome at the address given
below.  Vendor presentation proposals should include an abstract and outline
that describe the product and example applications.  Send one copy of your
tutorial proposal to Daniel Faigin at the address given below.  It should
consist of one- to two-paragraph abstract of the tutorial, an initial outline
of the material to be presented, and an indication of the desired tutorial
length (full day or half day).  Electronic submission of tutorial proposals is

Completed papers as well as proposals for panels, vendor presentations, and
tutorials must be received by May 31, 1994.  Authors will be required to
certify prior to June 30, 1994, that all necessary clearances for public
release have been obtained; that the author or qualified representative will
be represented at the conference to deliver the paper, and that the paper has
not been accepted elsewhere.  Authors will be notified of acceptance by August
5, 1994.  Camera-ready copies are due not later than September 26, 1994.
Material should be sent to:

        Dr. Gary Smith                          Daniel Faigin
        Technical Program Chair                 Tutorial Program Chair
        ARCA Systems, Inc.                      The Aerospace Corporation
        8229 Boone Blvd., Suite 610             P.O. Box 92957, MS M1/055
        Vienna, VA 22182                        Los Angeles, CA 90009-2957
        (703) 734-5611                          (310) 336-8228             

        Steve Rome                              Ravi Sandhu
        Vendor Track Chair                      Student Paper Award
        CISS, Code TGD                          George Mason University
        5113 Leesburg Pike, Suite 400           ISSE Department
        Falls Church, VA 22041                  Fairfax, VA 22030-4444
        (703) 756-7926                          (703) 993-1659         

Areas of Interest Include

Computer Security Tools
Software Safety Analysis and Design
Trusted System Architectures and Technology
Encryption Applications (e.g., Digital Signature)
Application of Formal Assurance Methods
Risk/Hazard Assessments
Security Policy and Management Issues
Security in Enterprise Modeling or Reengineering
Trusted DBMSs, Operating Systems, and Networks
Open Systems and Composted Systems
Electronic Document Interchange
Certification, Evaluation, and Accreditation

Additional Information

        For more information or to receive future mailings, please contact
the following at:

        Ann Marmor-Squires                      Vince Reed
        Conference Chair                        Publicity Cochair
        TRW Systems Division                    The MITRE Corporation
        1 Federal Systems Park Drive            1500 Perimeter Pkwy., Suite 310
        Fairfax, VA 22033                       Huntsville, AL 35806
        (703) 803-5503                          (205) 830-2606          

Please report problems with the web pages to the maintainer