Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Courtesy of Associated Press via CompuServe's Executive News Service: AP US & World 12 Jun 1996 FBI Files By PETE YOST Associated Press Writer <> WASHINGTON (AP) — Whitewater prosecutors have questioned <>before a grand jury the Army employee who led the White House <>collection of FBI background files on a number of prominent <>Republicans. [...] <> FBI officials investigating how the White House obtained the <>files have tentatively concluded that FBI procedures were not <>adequate to prevent the improper disclosure of personnel <>reports, The New York Times reported in today's editions, <>quoting unnamed government officials. [...] <> In addition, the newspaper quoted a senior career government <>employee as saying the computer program the Secret Service used <>in 1993 to track access to the White House was flawed, <>producing an outdated list. [...] <> "What is remarkable is that in this case an outdated list <>was being used so unnecessary files were retrieved," said White <>House spokesman Mark Fabiani. [DMK: The computer did it! It's not my fault! (sigh)] Dave Kennedy [CISSP] Information Security Analyst, National Computer Security Assoc. [Lengthy articles in the *NY Times* and the *Washington Post* over the weekend noted the distinction between the "A" and "I" tags for active and inactive names on the list. A Secret Service spokesman was quoted as saying that it was impossible for the I list to appear without the tags, although a query that did not request that field would omit them because it was indicated that both lists were in the same (relational?) database. As usual in such cases, the "blame" may be distributed much more widely than folks like to admit, or alternatively may be attributed to a lack of understanding of the technology. Stay tuned. PGN]
On 10th June, the UK government announced a document which describes a key-escrow system. The document is available at: http://www.coi.gov.uk/coi/depts/GTI/coi9303b.ok I'm not going to get into the usual arguments. I will quote the following, however: "2. The policy, which has been decided upon after detailed discussion between Government Departments, involves the licensing and regulation of Trusted Third Parties (hereafter called TTPs) which will provide a range of information security services to their clients, whether they are corporate users or individual citizens. The provision of such information security services will be welcomed by IT users" Not by this one, they won't.
Courtesy of Associated Press via CompuServe's Executive News Service: AP US & World 14 Jun 1996 Korea's Internet War By SANG-HUN CHOE, Associated Press Writer <> SEOUL, South Korea (AP) — For a Canadian university student, <>creating an Internet site on North Korea was simply opening a <>small library on the reclusive nation. For South Korean <>authorities, it was threat to national security. <> Last week, South Korea declared David Burgess' World Wide Web <>site subversive and ordered 14 local computer networks with <>Internet links to block public access to it. o Government plans to punish those accessing PRNK web sites. o About 0.5M South Koreans are plugged in. <> "South Korea has hypocritically committed the same actions <>it criticizes North Korea for — non-promotion of democratic <>values and open choices," Burgess said in an electronic mail <>message to The Associated Press. o Burgess visited PRNK and picked up some pamphlets, which he's now posted to his web server. <> North Korean pamphlets found on Burgess's home page are <>sprinkled with references to the "Greatest Genius Mankind Has <>Ever Known, Comrade Kim Jong Il," "U.S. imperialist warmaniacs" <>and "South Korean puppet reactionaries." <> They might be laughed off as Cold War classics, but under <>South Korea's strict national security law, it is a serious <>crime to "manufacture, import, copy, possess or distribute data <>that can benefit, eulogize or encourage the enemy." o ROK jams the PRNK's HF radio stations. o A ROK official admitted their regulations are not very effective and that, "(w)e need a new approach." <> The government has its own web sites promoting its policies <>and chronicling the doings of President Kim Young-sam. But it <>maintains a sweeping ban on communist propaganda. <> About 340 people are in prison for breaking the law, <>according to human rights groups. None were arrested in <>connection with Burgess's home page. <> EDITOR'S NOTE — Burgess's North Korean Home Page address <>is: <a href="http://duke.usask.ca/(tilde">http://duke.usask.ca/(tilde</a>)burgess/DPRK.html
>From the electronic edition of the Swedish newspaper, Svenska Dagbladet (14 Jun 1996) http://www.svd.se/svd/ettan/X0002_Damm_och_dator.html (My rough translation and summary). Workers using video display terminals in dusty and poorly cleaned offices had increased risk for skin damage, as shown by a study by the Norwegian "national work environment institute" (statens arbetsmilj=F6institut). The study showed how dust particles in combination with static electricity caused skin irritation in people working with computer displays. ... By wiping the screens with a special ionic solution and, at the same time, grounding the hard disk, the static electricity was led away from the apparatus. The result was a noticeable lessening of skin irritation. "There were on average 20% fewer skin problems when the static electricity field disappeared," said Dr. Knut Skulberg who, together with Dr. Knut Skyberg was responsible for the project. In the control group where the ground lead was not used, there was no noticable change. A careful analysis of the indoor environment in the offices showed how a number of additional factors were affected by static electricity. — If there is a lot of dust, skin problems worsened. Less dust meant less skin reaction. The researchers also discovered that few displays had strong static electricity fields directly in front of the screen. Instead, they measured the greatest values along the side and above the displays. Norwegian studies show that 16% of people who work frequently with computer displays have had some form of skin irritation, primarily redness, itching, and dry skin. Martin Minow. firstname.lastname@example.org
An article in the 12 June Wall Street Journal describes a major goof by Warner Bros. in their new movie "Eraser." In the movie, "Cyrex Corp." is the major villain, which tries to kill the character played by Arnold Schwarzenegger. Unfortunately, the real-life "Cyrix Corp." was not amused, and threatened to sue. Warner Bros. is now busy deleting or changing all mentions of "Cyrex" in the film. How did this happen? From the article: So how could a major Hollywood studio make such an oversight? "It wasn't an oversight," insisted a Warner Bros. spokesman. "The names are spelled differently, and when we did a legal search it didn't show up. Sounding the same is a coincidence, that's all." Even a rudimentary spell checker should detect that "Cyrex" and "Cyrix" are close enough to take a second look. Anyone want to bet that the "legal search" was nothing more than a 'grep Cyrex'? George C. Kaplan email@example.com 1-510-643-5651
Great World Internet Services has announced (in an off-topic posting to a newsgroup I read, incidentally) that it is keeping an on-line database of known child molesters at http://www.greatworld.com/public/--presumably for someone's information. Apart from the fact that the alleged molesters are organized by name and not by location, there is a rather alarming touch. The site invites people to add their own molesters. What a wonderful way of anonymously slandering someone. Great World's disclaimer states that "The responsibility for accuracy relies entirely with the persons posting the information." In other words, they come right out and say that their information cannot be trusted. They also maintain a list of "crooked cops"--presumably also for someone's information. Given their information-gathering methods, however, both the list of crooked cops and child molesters are highly suspect, to say nothing of being serious privacy concerns. --Dave
I bought a Magellan 3000 GPS receiver at the weekend in London, after reading up the doc I got from the Web, and some of the reasons I bought it were because it's "rugged, durable and waterproof" and that it's housing is a "waterproof construction". Well, after it got dunked in a fountain for about 20 seconds it was no longer "waterproof", but very wet. I suspect there's a problem with the seal around the "scratchproof" LCD display cover. Several days later, it still hasn't dried out and the construction prevents me from opening it (as does the warranty). Risks: As my mate Shand <firstname.lastname@example.org> commented: it was better that I'd found out sooner than later and that at least I was in Trafalgar Square and I knew where I was. Admittedly, relying on one navigation instrument is fraught with peril, but something "designed specifically for boating" is going to get wet sooner or later. Magellan have my fax (sent yesterday), but have so far not replied. I shall be interested in their response. [the quoted text comes from the User Guide and the box it comes in] Boyd Roberts email@example.com
I was reminded of the article on rounding errors on the electricity bill in RISKS-18.17 when I used the grammar checker built into by MS Word, which produces statistics like average number of words per sentence after checking the text. I was surprised to see that my document had an average of 0 sentences per paragraph. On closer inspection, I noticed that the program counted 12 sentences and 17 paragraphs (do not ask me how), and must have rounded 12/17 down to 0. This just goes to show that it is dangerous to put too much faith in anything produced by a grammar checker. My favourite is the suggestion that one should use "eye's" or "eyes'" in the sentence "The smoke makes my eyes water." The bigger risk is that someone may decide that such a grammar checker is the standard of correct English which all documents produced by the company must pass.
Jason Eisner suggests that digital cameras (at least those used for police or journalism work) be equipped with a "tamper-proof" digital signature. There may be merit to this idea in the former case, but the concept of digital signatures in video, if applied too broadly, could have serious privacy implications, leading to concerns over making important video available for fear of retribution or similar negative consequences. Nor is it clear how much assurance could be placed in the integrity of the video itself after editing and other processing even if the original source material were "securely" tagged. This is an area that would have to be approached very carefully and definitely not in an ad hoc manner. --Lauren-- Moderator, PRIVACY Forum http://www.vortex.com
An article (AP newswire) on promotional product placement in the movies relates a story about the movie _Demolition Man_ where in the North American version of the movie, Sandra Bullock's character tells Sylvester Stallone's character that only the Taco Bell franchise survived into the 2xth century. But in versions of the movie released overseas, the franchise is changed to Pizza Hut (while both chains owned by the same parent, there are 4600 Taco Bell franchises in North America v.s. a few overseas; there are 3300 Pizza Hut franchises overseas). "For the movie's international release, special effects experts digitally removed the Taco Bell logo from the film added a new restaurant and re-recorded Bullock's dialog. Now, when the movie is shown overseas, Taco Bell has failed... there's only Pizza Hut."
David Wadsworth comments on the French commentary lagging behind events at the Ariane-5 failure. It may be remembered that exactly the same sort of lag occurred at the Challenger explosion. In both cases, the cause is probably similar. The person providing that running data commentary is typically watching a telemetry readout, not looking out a window! That displayed telemetry tends to lag events by a significant amount, accounting for the perceived effect. It is extremely unlikely that David's assumption that the "commentator" was "reading from a script" is the correct analysis in this case. --Lauren--
David Damerell <firstname.lastname@example.org> posted to RISKS: <> The last low-tech solution to the prevention of triggering the missile <> was almost comical. I would encourage RISKS readers to check out the writings of Donald A. Norman. Particularly relevant to this is the chapter "Coffee Cups in the Cockpit" from _Turn Signals Are the Facial Expressions of Automobiles_. Norman lists the most common and effective cognitive aids in the cockpit. Under "crew-provided devices" he lists "written notes, coffee cups, and tape". He specifically mentions placing an empty coffee cup over a lever as a reminder. I believe something similar can also be seen in the film _Apollo 13_ with a hard-written "Don't Touch" note placed over a switch. -karl. email@example.com
Paris, 14 June 1996--As I have so far seen no reports in the obvious Usenet newsgroups of the recent police raids on leading French Internet service-providers, and I can no longer post contributions to them myself, I send you the following English translations from the French newspaper "Liberation", which may inspire you to report them there. Note that Mr. Francois Fillon have propose one Conseil Superieur de la Telematique depending of the Bourges' CSA (Conseil Superieur de l' Audiovisuel) that will rapidly act like a high telematics authority like the new French Internet Society (ISOC). ------------ >From the "Cahier Multimedia" of "Liberation", 3 May 1996 "Netiquette according to Mr Fillon" (La Netiquette de Fillon) Lacking the power to police the Internet, France will invite its G7 partners (at Lyons in June) to consider the co-ordinated introduction of a "code of good conduct". A sort of "modus vivendi" which, as Francois Fillon explained to his colleagues at their recent meeting in Bologna, would guarantee a minimum degree of protection to network users. For, as the French Telecoms Minister pointed out, "if the Internet constitutes an extraordinary valuable collective resource (...), nevertheless it conceals as many risks for its users." To attempt to keep it locked up on the basis of national regulations alone would be pointless with such an inherently transnational network. Hence, according to Mr Fillon, the need to establish coordination at a European (OECD) level, with the aim of drafting an agreement [une convention]. Its signatories would establish the principles for legal collaboration, and a certain number of rules on ethics and on the legal responsibility common to on-line publishers and ISPs. And, in the event of a breach, the Minister also proposes to establish, once and for all,that "by default, the principle that the rules of the originating country, so far as the signatories are concerned, and [those] of the receiving country are applicable. " ------------ But in "Liberation" of 8 May 1996: "Police raid on the Internet" (Descente des gendarmes sur l'Internet) Two Information Service Providers (ISPs) arrested for distributing pornographic pictures of children, by Franck Johannes The police are very proud of themselves, and say prudently that "as far as they are aware" this is a world premiere: the first time that the police have intervened in the Internet. Without perhaps realising what a storm they have produced, if not in legal circles then on the Network. The chief executives of two ISPs have been detained for questioning on allegations that they have been distributing pornographic pictures of children. "We keep hearing that there is a legal vacuum", explained Lieutenant-Colonel Gerard Browne. "But that's not in fact the case; distributing such pictures is prohibited by Art. 227-23 of the Penal Code, that's all". The gendarmes, who are apparently unwilling to provide background details, were tipped-off at the end of January 1996. It seems that a regular Net-user came across the pictures in question via FranceNet and World-Net, both of which claim to be the leading providers of access to the Internet. (...) The Parisian research service immediately began exploring the services with the support of the informatics branch of the criminal research institute of the national gendarmerie (IRCGN). They took copies of the various newsgroups, in other words the thousands of messages giving information on all sorts of themes, from fly-fishing to vegetable gardening, ultimately arriving at that with the children. This could scarcely be by accident; it is necessary to look, for example, in a list which has the advantage of being clear, for "alt.binary.pictures.erotic.pedophilia", to find a prohibited picture. According to the police, some 5 to 10% of the contents of the thousands of newsgroups accessible in this way every day are illegal. The dossier was transferred to the Parisian prosecuting authorities, which in March opened an investigation entrusted to Christine Berkani, the principal investigating magistrate in cases involving minors. On Monday [6 May] the police seized piles of floppy disks in the offices of the two ISPs, and then the manager of WorldNet, Sebastian Sochard, and his counterpart from FranceNet, Raffi Haladjian, were arrested and held in custody on charges of "having distributed, fixed, recorded or transmitted a pornographic picture of a minor", contrary to the provisions of Art. 227-23 of the Penal Code. They risk being sentenced to up to three years in prison and fined up to half a million francs, because children under 15 years old are involved. At WorldNet, this came as "a bolt from the blue" and his colleagues were astonished that Sebastian Socchard, 27, had been detained in custody on Monday. Last year, the young man had set up the SCT Sarl company (for Security, Concept and Technology) before becoming active as an ISP at his clients' request. Today, WorldNet has some 30 employees and claims 9000 clients, each of whom pay FF 99.00 monthly for access to the Internet. "This affair merely illustrates the legal vacuum", protested Isabelle Perichon of WorldNet. "We don't produce any pictures, we just store them. Every day, we receive between 50,000 and 100,000 news-messages from the University at Jussieu: Jussieu sends them to France Telecom, which forwards them to us automatically." Jussieu was slightly upset by this. "France-Telecom doesn't normally get its data from us", explained an engineer from the University. "We get our news from the United States, they must be doing the same. In any case, there has never been anything like that on our server. A lot of people are anxious to prevent the network from degenerating, and if any of them found it they would let us know within a couple of hours." The Gendarmes have plenty to keep them busy; the investigators now have to identify the source of the pictures, which "come from just about everywhere", sighed Lieutenant-Colonel Browne. ------------ Liberation, 9 Mai 1996: "Net: si on avait su, on aurait filtre" ("If we had known, we would have filtered the Internet") - the director of WorldNet [Mr. Sebastien Socchard, an old student of the well knowned EPITA computer school in paris] under investigation, denies all responsibility (report by Laurent Mauriac) In their desire to comply with French law, the ISPs are cutting off their noses in order to spite their faces. In reaction to the arrest of the managers of WorldNet and FranceNet "for simply doing their job", the four members of the French Association of Internet Professionals (AFPI) - Calvacom, FranceNet, Imaginet and Internet-way - have announced that they have cut off their subscribers' access to *all* Usenet newsgroups. "That is the only way to apply the law", according to the director of Imaginet, Patrick Robin, who claims it would be impossible to monitor everything that is routed via his hard disks. Most ISPs carry more than 120 thousand messages every day, and any of them potentially contain pictures among which a few might be prohibited by French law. No doubt fewer than 5% of them, according to AFPI; the whole problem is that of identifying this 5% within the great flow of continually-renewed data. That is why Patrick Robin is calling for the creation of a committee "similar to the Press's Committee for the protection of youth" and having the resources it would need to be able to inspect newsgroups regularly. The AFPI is also calling for the status of ISPs to be defined clearly: as carriers, not distributors. Making the same distinction, World-Net's director, Sebastian Socchard, commented as follows on his dealings with the law-enforcement authorities: You could have filtered out the "outlawed" newsgroups - why didn't you do so? [SS]: We could have removed certain newsgroups, but we didn't know which ones, or how to filter their contents. If we had know that that kind of thing was present, we would have acted. Weren't you responsible for the distribution of the contents of everything stored on your servers? [SS]: No, and I'm not happy with the expression "stored"; it doesn't correspond to the situation. Our equipment merely passes on pictures, it doesn't really store them. They do indeed transit via our hard disks, but that is merely part of our job of carrying them, a means to enable the users to access them more quickly. We would be equally responsible if our users obtained the pictures directly from other servers on the Web (whereas the contents of newsgroups are stored temporarily on every ISP's server, Web pages are generally stored only on one server, and accessed directly from it when required by a user). I am not legally responsible for publishing the contents of our server. All the same, don't you have a duty to keep an eye on the data that can be accessed through your servers? Is WorldNet responsible for everything that can be found on the Internet? [SS]: There are 6300 newsgroups, and it would take about an hour to inspect the contents of one of them. So to check all of them in 24 hours you would need 270 people. And if we had to do that for the newsgroups, why not do it for the Web and e-mail too? What do you think the solution is? [SS]: I fully agree that whatever is forbidden in France ought to be filtered out, things like racism and child-pornography, for example. But it's not an easy thing to do. If one newsgroup is excluded, it can change its name or put its contents into another one. We want the government to define precisely what must be censored, as has been done for the Minitel and audiovisual services. A lot of legal experts are saying that there is no legal vacuum; all that's needed is to apply the existing law...? [SS]: They are assuming that the Internet is no different from other transmission systems. In that case, we are a carrier like the rest of them, and we should be treated as such. Do you think that you are the victim of injustice? [SS]: If we are deemed to be responsible, then so should France Telecom or Transpac [its specialised network-operating subsidiary]. The pictures are carried through France Telecom's lines, and it is Transpac that supplies them to us automatically from its server. As the head of the Gendarmerie admitted: by attacking the two main French ISPs, they hope that the other 98 will also stop whatever they are doing wrong. What happened when you were taken in for investigation? [SS]: The gendarmes arrived without warning. They were well-behaved; they knew that we weren't gangsters. They said that they were simply carrying out routine procedures. It was obvious that they knew nothing about the Internet. I didn't see any experts. I suspect that the Gendarmerie wanted a high-profile operation to catch the media's attention, possibly to launch the debate. They could easily have sent us registered letters, but in that case nobody would have heard about it. Even if all this is out of all proportion for five miserable pictures, as operators we are quite happy that the debate has now begun. Jean-bernard Condat, Senior Consultant, Smart Card Business Unit, Informix, La Grande Arche, 92044 La Defense Cedex, France +331 46963770 firstname.lastname@example.org
Please report problems with the web pages to the maintainer