Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 4: Issue 85
Thursday, 14 May 1987
Contents
Holiday reading- Jim Horning
- Hey, buddy, wanna buy a phone call cheap?
- PGN
- Re: Information Age Commission
- Ted Lee
SEG - Information Age Commission and the number of readers of RISKS
- David Sherman
- Lockable computers
- Pat Hayes
- How a Computer Hacker Raided the Customs Service -- Abstrisks (a nit)
- Paul F Cudney
- Info on RISKS (comp.risks)
Holiday reading
Jim Horning <horning@src.DEC.COM>
Wed, 13 May 87 17:38:03 PDT
During my recent vacation in Washington, DC, I got a chance to look at
a couple of documents that I haven't seen discussed in RISKS:
1) APS PHYSICS AND SOCIETY, vol. 16, no. 2, April 1987, pp. 8-9:
"SDI Software: The Telephone Analogy. Part II: The Software Will
Not Be Reliable," K. Dahlke, et al.
This is a piece co-signed by 16 members of the Bell Labs staff.
On December 3, 1985, Sol Buchsbaum, executive vice president of
AT&T Bell Laboratories, testified before the Senate Subcommittee on
Strategic and Theater Nuclear Forces. In his statement, Dr. Buchsbaum
compared the Strategic Defense Initiative (SDI) to the United States
telephone network, in order to demonstrate the technical viability of
SDI. We feel this comparison is irreparably flawed. ... Many of us
design the very telecommunications systems Dr. Buchsbaum references.
The same issue reprints Buchsbaum's testimony and has two articles on
inexpensive countermeasures to space-based weapons systems.
2) "Report to The American Physical Society of the Study Group on Science
and Technology of DIRECTED ENERGY WEAPONS," April 1987, to be published
in REVIEWS OF MODERN PHYSICS. 400+ pp.
The APS convened this Study Group to evaluate the status of the science
and technology of directed energy weapons (DEW). ... This action by
the APS was motivated by the divergence of views within the scientific
community in the wake of President Reagan's speech on March 23, 1983
in which he called on the U.S. scientific community to develop a system
that ``... could intercept and destroy strategic ballistic missiles
before they reach our soil...''.
The APS charged the Study Group to produce an unclassified report,
which would provide the membership of the Society, other scientists
and engineers, as well as a wider interested audience, with basic
technological information about DEW.*
The study group consisted of 17 blue-ribbon physicists chaired by
N. Bloembergen of Harvard University. The review committee consisted
of G. Pake, M. May, W. K. Panofsky, A. Schawlow, C. Townes, and H. York.
Their principal finding is that
Although substantial progress has been made in many technologies
of DEW over the last two decades, the Study Group finds significant
gaps in the scientific and engineering understanding of many issues
associated with the development of these technologies. Successful
resolution of these issues is critical for the extrapolation to
performance levels that would be required in an effective ballistic
missile defense system. At present, there is insufficient information
to decide whether the required extrapolations can or cannot be
achieved. Most crucial elements required for a DEW system need
improvements of several orders of magnitude. Because the elements
are inter-related, the improvements must be achieved in a mutually
consistent manner. We estimate that even in the best of circumstances,
a decade or more of intesive research would be required to provide
the technical knowledge needed for an informed decision about the
potential effectiveness and survivability of directed energy weapon
systems. In addition, the important issues of overall system
integration and effectiveness depend critically upon
infomation, that, to our knowledge, does not yet exist.
They go on to say that
We estimate that all existing candidates for directed energy weapons
require two or more orders of magnitude (powers of 10) improvments in
power output and beam quality before they may be seriously considered
for application in ballistic missile defense systems. In addition,
many supporting technologies such as space power, beam control
and delivery, sensing, tracking, and discrimination need similar
improvements over current performance levels before DEWs could be
considered for use against ballistic missiles.
The part most relevant to RISKS is Appendix A: Issues in Systems
Integration, which raises issues frequently mentioned on RISKS, e.g.
Decentralization may increase the problems of command and control,
while more centralized organization may entail increased vulnerability.
* A personal footnote: I think that ACM has failed in its obligations to
its members and to society by not chartering an analogous study of the
computing technology needed for ballistic missile defense. It's very
late to start one now, but perhaps this is a case of ``better late than
never?''
Jim H.
Hey, buddy, wanna buy a phone call cheap?
Peter Neumann <Neumann@CSL.SRI.COM>
Wed 13 May 87 19:02:24-PDT
Source: "New Breed of Hustler: Selling Illicit Long-Distance Phone Calls", by Robert D. McFadden, New York Times, 11 May 87. A new multimillion-dollar scam is underway in this country. Hustlers at bus and rail terminals and other convenient places all over the U.S. are selling unlimited-length long-distance telephone calls at a discount. The going rate at the New York's Port Authority Bus Terminal is $2 for calls anywhere in the country, and maybe $4 for international calls. The entrepeneur places your call with a calling code from telephone company computers and distributed like drugs through various networks, human and/or electronic. The ``stealing'' of codes is apparently quite widespread. There were 190 arrests in New York last year. $500 million is the current estimate of illegal calls per year. With AT&T, MCI, Sprint, and others all using just a sequence of digits for identification, this can be expected to grow. (Perhaps British Telecom's PhoneCard is the right idea, if it can be made mostly fraud-proof.)
Re: Information Age Commission
<TMPLee@DOCKMASTER.ARPA>
Wed, 13 May 87 03:03 EDT
In 4.84 Wm Brown III seems to have inferred (and implied) that my comment about the propriety (or expectations) of sharing RISKS with Congress said something about my views on the proposed legislation. Not true: I'm constantly torn between the view that Congress (as well as the press) knows nothing about any quasi-technical issue and the view that they are about the only institution we have to save us from ourselves; in this case I haven't formed an opinion (not that it would matter much to anyone.)
Information Age Commission (RISKS-4.84)
<ptsfa!pbhya!seg@Sun.COM>
Wed, 13 May 87 16:29:30 PDT
> There are some potentially useful things government *could* do for us, ...
> The only body which can realistically offer protection against such abuses
> is a more powerful government agency, such as Congress.
No chain is stronger than its weakest link. Because far too many senators
and congressmen lead lives that they wish to keep private, such as Gary Hart,
powerful investigative agencies, such as the FBI under J. Edgar Hoover, were
able to control important congressional leaders.
SEG
[This note is marginally relevant. But insofar as the role of
governmental leaders is vital to the proposed Commission, it is included
here. No debate please. Just recognition that we are all human. PGN]
Information Age Commission and the number of readers of RISKS
David Sherman <mnetor!lsuc!dave@seismo.CSS.GOV>
Thu, 14 May 87 08:25:11 EDT
>From: Richard A. Cowan <COWAN@XX.LCS.MIT.EDU> Re: RISKS DIGEST 4.84 > >Given that the RISKS digest is distributed to hundreds, or even thousands ... People on the ARPAnet side may not realize how extensive that distribution is. RISKS is gatewayed to a Usenet newsgroup (formerly mod.risks, now comp.risks). Brian Reid's monthly newsgroup statistics estimate for as of April 1987 there were 7,100 people who actually read RISKS on the Usenet side alone. As to whether RISKS is a public forum, the same statistics estimate that 859,000 people have access to Usenet, and 180,000 of those actually read netnews. You can draw your own conclusions. David Sherman, The Law Society of Upper Canada, Toronto { seismo!mnetor cbosgd!utgpu watmath decvax!utcsri ihnp4!utzoo } !lsuc!dave
Lockable computers
PAT <HAYES@SPAR-20.ARPA>
Wed 13 May 87 11:04:13-PDT
Your correspondence about the need for a physical lock on students motherboards was recirculated on INFO-COBOL, presumably as part of the uproarous laughter. This is just to say how much I agree that some such feature is necessary, and to add to your sadness that such mundane matters as the circumstances of real life are not taken seriously by designers. Tell them to go look at how televisions are often modified by visual-aids resource centres in colleges. Pat Hayes
How a Computer Hacker Raided the Customs Service -- Abstrisks (a nit)
<Paul F Cudney <Cudney@DOCKMASTER.ARPA<>
Wed, 13 May 87 01:51 EDT
(Re: Risks 4.83) I am confused. Why would Customs propose to provide $8M to the Coast Guard when they had already "donated" their two planes? Somehow the actions of the Coast Guard would be more believable if Customs had received the planes. Is this an abstract risk? Paul [Relations were bad after the planes were reassigned from Customs to CG. During a subsequent thaw in the bad relations that ensued, Customs promised CG $8M to help the CG's airborne drug interdiction program. DeConcini said don't do it. CG took the money out of Customs' narcotics traffickers operating account. Sorry. I should have been more explicitive-deleted. PGN]
Report problems with the web pages to the maintainer