Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 3: Issue 12
Tuesday, 24 June 1986
Contents
License Plate Risks- Chuck Price
- SDI is for ICBMs, Not Terrorists
- Mark Day
- Still another kind of clock problem
- Rodney Hoffman
- Estimating Unreported Incidents
- Ken Laws
- Estimating Unreported Incidents -- and the risks of using statistics
- PGN
- Re: Privacy legislation (RISKS-3.8) and radio eavesdropping
- Jerry Mungle
Jeff Mogul
Jim Aspnes - Info on RISKS (comp.risks)
License Plate Risks
Chuck Price <price@src.DEC.COM>
Mon, 23 Jun 86 09:56:05 pdt
I heard the following tale on KCBS this morning. [I intersperse a few
details from the SF Chron, 23 Jun 86. PGN]
It seems that this fellow [Robert Barbour] desired personalized license
plates for his car. Since he loved sailing, he applied for ``SAILING'' and
``BOATING'' as his first two choices [seven years ago]. He couldn't think of
a third name of NAUTICAL intent, so he wrote ``NO PLATE'' in as his third
choice.
You guessed it. He got ``NO PLATE''.
A week or so later, he received his first parking ticket in the mail. This
was followed by more and more tickets, from all over the state [2500 in
all!]. It seems that when a police officer writes a parking ticket for a
car with no license plates, he writes ``NO PLATE'' on the ticket.
Our friend took his problem to the DMV, which informed him that he should
change his plates.
The DMV also changed their procedures. They now instruct officers to write
the word ``NONE'' on the unplated parking tickets.
Wonder who's gonna get those tickets now?
-chuck price
[Obviously some poor sap whose license plate says ``NONE''!]
SDI is for ICBMs, Not Terrorists
Mark S. Day <MDAY@XX.LCS.MIT.EDU>
Mon 23 Jun 86 12:04:46-EDT
Bob Estell states that "SDI does not equate to ICBM defense."
This is simply not true. Even in Reagan's first speech about rendering
nuclear weapons "impotent and obsolete" (Mar 23, 1983), he went on to
say that he was
"directing a long-term research and development program to begin to
achieve our ultimate goal of eliminating the threat posed by
STRATEGIC NUCLEAR MISSILES." [Emphasis added]
From its inception, SDI has been intended to defend against and deter a
massive attack by ICBMs. As others have previously pointed out in RISKS,
terrorists don't need to deal with ICBMs and would be foolish to try.
At the Stanford debate on SDI feasibility, Maj. Pete Worden (special asst.
to the Director of SDIO) answered a question about terrorists and smuggling
bombs into the country by saying "We are trying to deter something that
is reasonably military, not a terrorist act."
SDI is intended as a defense against Soviet ICBMs and (on particularly
optimistic days at SDIO) Soviet cruise missiles. It is not intended to
save the United States population from every nuclear threat.
--Mark
Still another kind of clock problem
<Hoffman.es@Xerox.COM>
23 Jun 86 10:00:39 PDT (Monday)
You might be amused by the anomalous dates [in an earlier message from
Rodney to me, not included]. Our power was off all weekend for some work.
When I came in this morning, no computer servers were working yet --
including the time servers. So I set the date and time on my machine
myself, including stuff like "Hours offset from Greenwich Mean Time" and
"First day of Daylight Savings Time"! (Luckily they have proper default
values.) I then interrupted (instead of booted) into another volume.
Because of that, this volume's clock tried unsuccessfully to locate a time
server and, by default, resumed ticking from when I left Friday evening! And
once it begins ticking, it apparently never checks again for a time server.
When I typed in my RISKS contribution and sent it, it had that Friday
timestamp, though it was Monday and I was (correctly) citing a Sunday
news article.
--Rodney
Estimating Unreported Incidents
Ken Laws <Laws@SRI-AI.ARPA>
Fri 20 Jun 86 16:21:04-PDT
[In RISKS-3.8, I noted how rarely I get two reports of the same incident, and wondered how many do not get reported at all. PGN] There is actually a statistical technique (based on the Poisson distribution, I'm sure) for estimating the number of unreported items from the frequencies of multiply reported ones. It was developed for estimating true numbers of Malaysian butterfly species from collected ones, and has recently been used to validate a newly discovered Shakespeare poem from the percentages of words that were used 0, 1, ... times in the accepted Shakespearean literature. -- Ken Laws
Estimating Unreported Incidents -- and risks of using statistics
Peter G. Neumann <Neumann@SRI-CSL.ARPA>
Tue 24 Jun 86 01:09:31-PDT
Ah, Ken's message brings us to the risks of computer authentication! The poem in question really did not read like authentic "Shakespeare" to me; it seemed vastly too pedestrian, childish, and uncharacteristically repetitive. But then, don't get us started on who actually wrote the works attributed to William Shakespeare. That might be a little risky for this Forum. (However, for some fascinating background, see Charlton Ogburn's book "The Mysterious William Shakespeare -- the Myth & the Reality", pursuing the case that the man known as "William Shakspere" was functionally illiterate, with almost no documents bearing his signature or handwriting and no known contemporary literary activity, and that he could not possibly have written the works attributed to "Shakespeare".) (By the way, I don't think it was Marlowe, Bacon, or -- as Ogburn contends -- Edward de VereJerry Mungle <JMUNGLE@USC-ISIF.ARPA> 16 Jun 1986 06:09:22 PDT
Re: Michael Wagner's query about privacy of radio telephone... [Here are THREE more messages on this subject. Each adds a little more to what Dan Franklin contributed in RISKS-3.10. This time I did not have the patience to edit each one down to its nub, so please read them accordingly... PGN] For quite a while telephone traffic has been carried by satellite links. It is quite easy to receive such transmissions using nothing more sophisticated than a backyard dish antenna, and the demultiplexing needed to recover a conversation is doable by undergraduate EEs. I believe it is quite illegal to "intercept" phone conversations (or data transmissions via phone lines) in this fashion. However, it is *very* difficult to detect such activities. I do not believe it should be illegal to monitor ANY radio communication, as the airways are public property. But there seems to me to be precedence for laws regulating reception of radio transmissions (beware, I am not a lawyer). The risks to computer systems lies in the ease with which data transmitted over phone lines may be intercepted. This relative ease is offset to some degree by the difficulty of finding the particular phone link one wishes to monitor. But, given a reasonable level of support, it should be possible to eavesdrop on conversations/data transmission which one desires to hear. Sales figures, marketing info, experimental data.... lots of valuable data go unencrypted over the phones every day.
Jeff Mogul <mogul@su-shasta.arpa> 17 Jun 1986 1128-PDT (Tuesday)
In RISKS-3.8, ubc-vision!utcs!wagner@seismo.CSS.GOV (Michael Wagner) asks: Does anyone have any idea how the last part (radio telephones) could be legally supported in view of other legal freedoms? I thought that one was free to listen to any frequency one wished in the US (Canada too). You don't have to trespass to receive radio signals. It's been a decade or so since I was familiar with current US communications law (as a licensed Amateur Radio operator, I had to pass several exams covering this sort of thing), but I recall that although there is no prohibition against receiving radio signals, there is a prohibition against divulging what you receive to any other party. Of course, this doesn't apply to all radio services (it's not against the law to reveal baseball scores you heard on an AM broadcast station) and I doubt it's often enforced. Compare this to what a computer system manager might face when unraveling a mail snafu. I might not be able to avoid seeing the text of an unencrypted message (as I watch packets moving between hosts) but it would certainly be unethical for me to reveal what I saw, or indeed to make any use of it. Ideally, the technology would be such that I could not accidentally see the contents of a message while performing a management function, but in today's world I think the only enforceable prohibition is against divulging or using electronic mail, not against seeing it. (Of course, seeing by means of unauthorized access is also prohibitable.) -Jeff Mogul
Jim Aspnes <asp@ATHENA.MIT.EDU> Mon, 23 Jun 86 11:39:45 EDT
Date: Tue, 17 Jun 1986 00:32 EDT From: LIN@XX.LCS.MIT.EDU To: ubc-vision!utcs!wagner@SEISMO.CSS.GOV (Michael Wagner) Cc: RISKS-LIST:@XX.LCS.MIT.EDU, risks@SRI-CSL.ARPA Subject: Privacy legislation (RISKS-3.6) [On the same topic...] Not true. States routinely ban the use of radar detectors, and that is nothing more than "listening to a frequency." Most states do not actually ban the use of radar detectors, but rather the operation of a motor vehicle containing one; as I understand it, if you want to sit at home and detect your burglar alarm, you are entirely within the law. There is no constitutional or federal restriction on how states can regulate your driving.
Report problems with the web pages to the maintainer