Brian Randell's posts to early volumes of RISKS about the St. George's medical school scandal are quite pertinent here. They are well worth re-reading in their entirety from the RISKS archives (RISKS-4.27 and 6.34). I give only the highlights here: "Leading medical schools face an investigation into allegations that they are discriminating against women and black students. This follows the discovery by two consultants that their own school, St. George's in south London, has been using a computer selection programme which deliberately down grades applicants if they are female and non-white... "The St. George's claim is particularly worrying because the school has a better record on discrimination than most other colleges. The computer selection programme was designed to mimic the decisions of the school's panel which screened applicants to see who merited an interview. It matched the panel's results so closely that the panel was scrapped and for several years all St. george's applicants have been screened by computer... "St George's was caught, officials admit, only because the attitudes of its selectors in years gone by were enshrined in a computer program: that program deliberately downgraded non-Caucasians and women... "Being non-Caucasian, and or a women, resulted in a lower grade on the interview scale: simply having a non-European name could take 15 points off an applicant's score. Sex had less effect: on average, being female took no more than three points off the score. That was enough, the Commission found in its investigation, to deprive 60 candidates a year of the interviews for which they should have qualified... "In fact, since the program mimicked the previous human assessors, it is probable that discrimination occurred before the program was introduced, the report says... "In November 1986, Dr Collier discovered, by accident, that the program was weighted. He wrote to the dean. Dr West asked Mr Evans to run a few cases through the program. When he saw the effect, he immediately stopped its use." Jim H.
[MODERATOR'S NOTE: I have omitted several of the flames that attacked Winn for the perceived high hype of his press-conference note in RISKS-16.42. I ran his message because I know enough about the underlying technology to have some significant hope that the system will do something useful. But excessive hype always tends to be offputting. PGN] We understand a handful of RISKS readers wanted to know the sources of some fascinating data we recently published in a Press Conference announcement. Here goes. The 85-97% figure came from Jim Settle, former Head of the Computer Crime Squad, FBI. These are the figures he cited on "Under Scrutiny," an FX channel (Fox network) TV show where he appeared with Robert Steele of Open Source Solutions and Chris Goggans, 'national resource hacker.' One government study he mentioned cites the higher figure of 97% of all computer intrusions go undetected. Settle also said that the experience of the FBI Computer Crime Squad is in excess of 85% computer intrusions go undetected. The million plus computer breakins figure came from USA Research as reported by Information Week. The industrial espionage figure is from Parvus and Assoc. - an international Private Investigation company who specialize in high tech commercial espionage - and ASIS, American Society for Industrial Security representing the findings of a study into this area: (The figures are for 1985 through 1991.) * Foreign sponsored information theft is up 400% * US sponsored industrial espionage is up 260% According to the Washington Post, as of April 1993, the industrial espionage case load of the FBI was up a whopping 500%! The billions of dollars that espionage costs the US econotechnical infrastructure is well documented in Schwartau's book, "Information Warfare: Chaos on the Electronic Superhighway," available anywhere. Take a read. We hope this settles any misunderstandings on the part of RISKS readers. Kevin Sorensen, Secure Computing, Inc. Winn Schwartau, Interpact, Inc. P00506@Psilink.Com [Winn's message actually said "Information Warefare", which is sort of a nice pun, but he meant to write "Information Warfare". PGN]
I noticed RISKS-16.42 contained the announcement for Internet security, and thus wish to append my own such annoucement. Not to upstage such a fine organization but such solutions to internet security already exist, have been announced, are shipping, and will be discussed in full at the Federal Smartcard Users Group at The Smartcard Forum. The "Present" of Internet is Secure! The Role of SmartCARDS in the Era of Network Security And NII A Shrink-Wrapped Solution Strategy Ray Hanner, V-ONE Corporation, Rockville Md Also Presenting Platform Issues of Smartcard Implementation Institutional Solution Strategy Avi Zahavi, ATT Smart Card Division, Highland Park, NJ On Sept. 27-28, Tyson Ritz Carlton Hotel, 1700 Tysons Blvd., Mclean, Virginia 703-506-4300 Voice 301-881-2297 Fax 301-881-5377 firstname.lastname@example.org
>... according to professor Garrido, the manipulation was done at the >electorate registry level. 7-8 mill. voters from districts that were known >to have a clear majority in opposition to the ruling PRI party, were removed >from the electorate. ... This technique is known as "shaving" the voter's list. It is one of many techniques allegedly used by the ruling party to rig the elections. How many voters were shaved is anybody's guess. Estimates have ranged from 2-4% to 25%. On the eight million figure, the minister of the interior declared: Luckily they [the PRD] came up with a ridiculous large figure for shaved voters. This places their claims in the realm of the absurd. It should be said that the minister of the Interior, which is in charge of the election procedure, is a noted academic known for his political independence and does not belong to the ruling party. >I have seen reports of complaints on the Mexican election in various media, >but very little mention of this accusation. Has it been reported elsewhere? The Wall Street Journal and/or the Washington Post explained several known schemes for rigging the election, including shaving, the "taco" (a roll or premarked electoral ballots inserted by a voter), and the "carousel" (voters go around and around voting time and time again). >Does it have any substance? The eight million figure certainly not. Were there some shaved voters? Yes. How many? According to audits commissioned by the government and performed by independent national and internacional firms, about 2-4% of the voters had taken the steps to register but did not appear in the lists. It is _not_ known how many of those are due to administrative errors (such as entering and incorrect address and having the voter appear in an incorrect voting station) and how many are intentional. >Does anybody know what kind of computerized system was used in Mexico this >time, before, during and after the election? There are no systems used during the election. All the voting is a manual process done in see-through ballot boxes (to avoid pre-stuffing them with votes). After the election, a series of Tandem systems were used. The government has refused to make details specific, according to "security considerations". From declarations by election officials, it seems that the central system is connected to computers in each state and that elections results were transferred electronically, and later verified manually. Alex Lopez-Ortiz, Computer Science Dept, University of Waterloo, Waterloo, Ontario Canada http://daisy.uwaterloo.ca/~alopez-o/home.html
My note about uninterruptable power supplies in RISKS-16.41 brought quite a bit of interesting correspondence. Most of it asserted (with no more evidence than I presented in my own note) that phrases like "uninterruptable power systems" come from sales and marketing people. This might be, but it doesn't explain why technical people go along with them. They must accept that it's reasonable to call something "uninterruptable" if it prevents one particular failure mode, regardless of any others. This would be like calling a child's toy "unbreakable" if it cannot be broken by being chewed on, even though it shatters into long, sharp needles when used to pry something open. The point is not to discredit electrical engineering, which brings many benefits to society, but simply to encourage broader systems thinking and more rigorous truth in labeling. The same thing goes for "inherently safe nuclear reactors". I'm sure that such reactors can pass coolant-loss tests, but that's only one of the many dangers from nuclear power. This probably isn't the place to argue the merits of nuclear power in general, but I do think that the analogy between these two cases of misleading terminology is strong. In each case, absolute statements are made based on the defeat of single failure modes that can be represented within a narrowly technical definition of the system's operation. Phil Agre, UCSD
My least favourite tendentious phrase is "incredible accident" for the low probability incidents in the analysis of system hazards. I first met it in the nuclear industry, but it's more widespread than that. Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: email@example.com Fax: +44-225-465205
I am doing some research on Safety issues concerned with Screen Savers. Do you know of any incidents that have been caused by Screen Savers masking out critical information on a screen or on the reactivation of a screen saver causing inadvertent actions in an application? Richard Baker, Modicon, Inc., North Andover, MA 508-975-9789
> ... Substantial institutions have arisen for >harassing journalists whose articles diverge from the political views of those >who care to fund them. ... Anyone with even a passing acquaintance with universities realizes that this already happens internally at universities. Even at the Graduate School of Business at Stanford, there is a problem with at least the perception of a "party line" over which it is not safe to step (regularly bemoaned in the school newspaper, in case anyone cares to check). At the most, video of university lecture just enlarges the group that decides, through whatever mechanism, what is the "party line". It's not clear that one group's decision is any better than another's. In fact I have serious doubts about two parts of Agre's scenario: 1) That many lectures will in fact be found interesting (or lucrative) enough to bother broadcasting, outside of technical subjects like EE, which are not subject to these kinds of controversy. Face it, a heck of a lot of stuff that goes on at a university is just plain boring to the vast majority of folks. 2) In the event that any "radical" is caught in such a thing as the above, s/he is more likely to be delighted by the attention. Supposing the professor has tenure (and few professors stick out their necks before achieving this status) s/he is is perfectly safe from retribution, and is more likely to leverage their new-found notoriety, a la Rush Limbaugh. Imagine, everyone tuning into your lecture every week to hear your latest pronouncements. It's every professor's dream. A new media star is born, the University makes a bundle selling off the lecture broadcasts to HBO, and everyone goes home happy. RNA
Peter Denning suggested that we could test away the uncertainty with neural networks, however, doing a complete test is infeasible for all but the simplest systems, and not doing a complete test leaves the possibility that an unlikely (i.e., low enough probability that it was not worth testing) chain of events will cause catastrophic results. Recent research has shown that even the best tested systems fail under the combination of only two unlikely events a lot of the time. In a random world, this is perhaps good enough, but in a world with malicious attackers, testing neural networks will simply not do.
I doubt I'm the only person to point this out, but Charles Reichley's proposal does not deal with the problem you posed. If the acknowledgement is sent to both the old and new addresses, and if a bogus Change of Address form had been previously sent to the local Post Office, then the acknowledgement sent to the old address is forwarded to the imposter. - Dan Fass [Also noted in one form or another by Barry Jaspan <firstname.lastname@example.org>, Ping Huang <pshuang@MIT.EDU>, who notes that Fidelity Investments notifies both OLD and NEW addresses, and suggests phone verification as well (although call forwarding can also be spoofed), Jim Hiller <JHILLER@lancer.afit.af.mil>, who adds "As with any trusted distribution system, I submit that, once the reference monitor (the PO in this case) is hosed, it's all over." I am probably overly permissive in letting the following bunch through, because the topic is marginal to begin with, but I am feeling tolerant today. STOP NOW if you have already had enough. PGN]
[Regarding sending notification to OLD and NEW addresses:] But this won't solve the problem unless the one sent to the old address says "DO NOT FORWARD" -- and even then the post office will probably simply return it to sender regardless of whether the change-of-address form was legit or not. - Andrew [Yes, human fallibility is also a problem. Evidently, my postperson does not read English very well, but has less trouble with numbers. I get some mail for several other blocks in my area for houses with the same street number, and they get mine. PGN]
I'm not sure how safe it is to assume that an acknowledgement mailed to the old address will be forwarded; I for one am seriously considering *not* notifying the Post Office the next time I move, since filling out one of their change-of-address forms automatically gets you lots of new junk mail. (Evidently the U.S. Postal Service refuses not to sell the recently-moved address lists, as they're a money-maker and the USPS is chronically strapped for cash.) [...] Steve Summit email@example.com
Assume for privacy sake one will want to move _without_ leaving a forwarding address, and notify all that one does business with about the new address. In that case the practice to send the acknowledgement to the old address will backfire. And of course, try to tell that to the companies you do business with, when their computers are programmed that way. Forwarding by US Mail does create serious privacy issues. I hear that the Post Office stopped/will stop giving the new address to anyone. That's good. But the PO will give your address to anyone who sends you a letter after one year but before the record expires; the letter is sent back to sender with a big yellow sticker with your new address on it... Jan Mandel, Center for Computational Math, University of Colorado at Denver firstname.lastname@example.org
Six months or so ago, my father went to the post office to put a temporary hold on his mail because he was going on vacation, and the clerk he spoke to said something to the effect of, "Now, when you say on this form that you want your mail to start being delivered on date <x>, you really mean that you want it to start being forwarded to your new address, right?" Puzzled, my father responded, "What new address?" The clerk responded, "The address you sent us on your change-of-address card." My father hadn't sent in a change-of-address card. Subsequent investigation (and a number of interviews with the postmaster at that post office) revealed that someone had sent a fraudulent change-of-address card in my parents' name to the post office, forwarding their mail to a non-existent address in California. The card was sent from another state. it seems unlikely that whoever sent it will ever be caught. Fortunately, the deception was detected before they started forwarding the mail, because of the coincidence of the timing of my father's visit to the post office. If he hadn't gone in to put a hold on his mail, the post office would have happily started forwarding it with no questions asked. Obviously, the problem here is that there was no authentication whatsoever of the change of address. Admittedly, the post office does send a change-of-address kit to anyone who files a card, but if the card asks for the forwarding to begin immediately, it will start happening quite a while before the kit arrives. And the kit will be forwarded to the new address, which doesn't do much good if it's a fake! Even something simple like delivering a confirmation card to any address that requests a change of address, and requiring that it be filled out and returned before processing the change, would be a huge improvement over the current system. Who knows why the post office doesn't do this. Jonathan Kamens | OpenVision Technologies, Inc. | email@example.com
The California Legislature recently passed a bill forbidding prison inmates from changing their names without the permission of the prison warden. It seems that a "resident" of Pelican Bay state pen, reputedly the state's toughest prison, changed his name to that of the ex-husband of a woman who had accused him of molesting her daughter. The fellow succeeding in changing this woman's postal address to his prison address so he could read all her mail, and I believe he even obtained her credit record! This went on despite her complaints until the San Francisco Chronicle ran a full page article detailing this fellow's activities. Apparently the prison had tried to punish him further, but they could not stop him from sending mail. Now mail from California prisons is stamped with the name of the prison so that the recipient can get a clue to be suspicious. Mike Crawford firstname.lastname@example.org
Depending on such a feature can be a RISK, since Canada Post treats such a service as an additional-cost item. It is purchased ahead of time, and for a certain period of service. If the addressee is not aware that a change of address notification will be mailed to the old address, they may not bother purchasing the service. Of course, during a recent move, the "guy in charge of putting the stickers on the P.O. boxes didn't trust his stand-in, so he didn't leave instructions to do it" -- and we had no mail forwarded for 10 days. An additional RISK? Beware of internal processes that extract an address and *use* it two months later! A recent, automatic credit-card replacement didn't get to us because (1) it depended on an address taken from the database 2 weeks before we moved, but not used until 6 weeks *after* we moved, and (2) for security, it was sent via a courier -- who does not have access to the mail-forward info, even if you *have* purchased the service. Chris Smith <email@example.com>
[...] By sending the confirmation to the *old* address, it warns the person who owns the stock that their address is being changed, *in the event the change is fraudulent*. If that confirmation is sent with a signature required and a do not forward order on it, it provides excellent protection to the original owner that the change of address is not fraudulent. Realize that for most stock, ownership includes certain benefits including right to vote at the stockholders meeting, and something important to a lot of people, dividend checks. Because of laws on the right of stockholders to submit candidates for the board of directors, just about anyone, and certainly anyone who owns even one share of stock in the company, has the right to obtain a list of every stockholder in the company including their name and address (in order to solicit them to support a new board of directors and to solicit them for proxies for their vote). This was common practice for doing a hostile or friendly takeover before Michael Milken got the idea of selling bonds and buying a company instead of simply getting the owners of a company to fire the board of directors via proxy fights. Now imagine what happens if someone decides to get the list of stockholders and sends in fake change of address requests during the week just before the dividend checks are issued, for the top five largest individual stockholders. If the acknowledgement of change of address is sent to the new address, the stockholder would never know that someone had changed their address. Who pays for it if someone then forges the signature of the recipients and cashes thousands or tens of thousands of dollars in dividend checks?
Douglas Adams, author of Hitch-Hiker's Guide to the Galaxy, created a computer game called Bureaucracy, the aim of which was to get a company to acknowledge a change of address card. (They insisted you inform them of changes of address on an official form, which they were happy to send to the old address.) At one stage you had to get a green form in order to get a red form, but in order to get a red form you needed a yellow form. guess why you needed a green form in the first place? Anyway, the game is good, in an infuriating way. Michael Jampel <firstname.lastname@example.org>
"Managing the Privacy Revolution" Oct. 4-5, 1994 Features Top Privacy Experts in Landmark Washington Conference Fifty leading privacy experts from the administration, federal and state government, the business community, public interest and advocacy groups, corporate legal representatives, telecommunications, the academic and policy community, national industry associations, the media, and survey research will participate in "Managing the Privacy Revolution," the first annual business/privacy conference sponsored by Privacy & American Business, October 4-5, 1994 at Loews L'Enfant Plaza Hotel, Washington, D.C. (Program, speakers, and P&AB information attached) The conference will also offer the first look at a new P&AB/Louis Harris survey on the Consumer, Interactive Services, and Privacy. Geared to assist those who handle personal information about consumers, clients and employees, the conference is expected to attract those who manage information privacy issues and policy in consumer credit, telecommunications, banking credit cards, employment, life/health/ property insurance, health care, telemessaging, direct marketing and medical records. The conference will lay out the sweeping political, legal, and technological changes affecting the way every U.S. business will handle personal customer and employee information in the future and will provide a forum for addressing the changes. The $595 registration fee for the two day conference includes all sessions, private time with speakers, interaction with fellow conferees, cocktail party and buffet reception, two banquet luncheons, two continental breakfasts, three refreshment breaks. Also a Washington Legislative Briefing Book, a Handbook of Company Privacy Codes, a specially prepared 35-page book of Highlights from 1994 Louis Harris Privacy Surveys and a six-month trial subscription to Privacy & American Business (or a six month renewal of an existing subscription). Special rates for nonprofit organizations, multiple registrations, and a $100 Early Bird registration discount are available. For further conference information, call P&AB, 201-996-1154 or fax 201-996-1883.
Please report problems with the web pages to the maintainer