Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
DIGITAL REVIEW, 18 May 1987, p. 72 [although the page is unnumbered]
... databases inherently carry a high risk of error. Information can
be altered or partially deleted through inadvertent mistakes or deliberate
manipulation. Abstracts of data can be misinterpreted, especially when
taken out of context. Failuer to update a database periodicaly can result
in the dissemination of incorrect information about a company or an
individual. And hardware and software malfunctions can compound all these
problems.
Here are a few examples of the havoc an erroneous computer search can cause:
* A computer analysis of several thousand New York welfare recipients found
that more than 20 percent were working. On the surface, this seemed like a
violation of state law. But a second check disclosed that more than half of
those individuals had been authorized to work while receiving welfare
benefits. Apparently their files had not been updated.
* A Dallas executive traveling on business in New Orleans was stopped by
police for a minor traffic infraction. When the computer wrongly flagged him
as an escaped convict, he was arrested and jailed. It took a week to
correct the error.
* A New York electronics manufacturer, ready to close on a $2 million
contract, was taken aback when the banks refused to give him the needed
loans. It turned out that a financial check had mistakenly shown his
company to be bankrupt.
The article discusses the Supreme Court ruling on Dun & Bradstreet vs.
Greenmoss Builders, in which D&B had falsely reported that GB was broke.
The Supreme Court upheld the Vermont decision against D&B. The article
goes on to consider some other legal issues.
This means that information vendors can no longer use the following
rationales to wriggle out of paying for their errors:
Free speech umbrella. Although data vendors have a First Amendment right
to free speech, they also have an obligation to ensure that the information
they research and disseminate is accurate.
Public interest argument. The courts have long acknowledged that everyone
has a right to comment on matters of public concern. But they also have
noted that information on the private finances of companies and
individuals, unless they seek the limelight, is not of public interest.
"Chilling effect" standard. The need for a free exchange of ideas demands
that we occasionally tolerate the foibles of the press, as long as there
is no malice. The media have argued that to do otherwise would have a
"chilling effect" on reporting. The courts, however, have not extended
this argument to data vendors.
Public domain argument. It is quite well known that government agencies
engage in periodic fishing expeditions, matching data and peeking through
giant data banks to ferret out criminal activity. But private data
vendors don't have the government's license to snoop. In fact, they must
comply with state and federal privacy laws when conducting such searches,
and if they err, they are accountable.
This is from the Design International column of MACHINE DESIGN of 3/26.
An electric chair designed to help prevent car theft has been teamed with an
electronic alarm and tested by a leading Swedish insurance company, Skandia of
Stockholm. Built-in electric cables are activated after the alarm has sounded
four times. The shock transmitted to the person in the driver's seat is about
9kV at an inductive current of 65uA. Although unpleasant, the shock is not
harmful even to people suffering from heart ailments, according to the company.
(Clockwork Orange is alive and well??!!)
Bill Fisher
I've never seen anything like this appear in either Risks or comp.society,
so I'm sending this along to both.
An editorial in The (Portland) Oregonian:
OPENNESS RESISTS CHIPPING
Oregon is inching toward truly interactive local government. The Gresham
City Council has voted to supply its members with computer terminals in
their homes, to enable them to do research in the city's system at any
time.
Providing unpaid elected officials with the tools to do their job better
is easily worth the $6,000 appropriated for this purpose. But in a state
with a strong Open Meetings Law and Open Records Law, does technology now
require an Open Electronic Impulses Law?
The Gresham computer system, like many others, permits users to send
messages to other users. Anyone with a modicum of conspiracy theory can
easily imagine a quorum of the City Council logged on to their computers
together, busily conducting city business beyond the prying eyes of those
without user codes.
Gresham officials realize the risks involved. Even if city residents
cannot gain access to the system, the information in it still belongs to
them. And since a private conference call among a council quorum is
illegal, a computer caucus would equally constitute an access violation.
"What goes in is something we're concerned about, and I will probably
advise them to be conservative," says City Attorney Tom Sponsler. "For
council members to communicate, with a quorum, on how they feel about
policy is not appropriate, and I will so advise them."
Sponsler thinks there is a greater potential for violations of the Open
Records Law than the Open Meetings Law. "Anything of any substance," he
advises, "should not exist only online." Members should also remember, as
Lt. Col. Oliver North could remind them, that anything put into a system
can later be pulled out of the system.
City Manager Wally Douthwaite expects that before the system goes on line,
Gresham will need a written policy on its use. The need for clarification
may not stop there.
"There may be a time when computer use will be so universal that we will
need to take another look at the law," says Oregon Attorney General Dave
Frohnmayer. "The Open Meetings Law was not designed for this technology."
The rules, Frohnmayer and Sponsler agree, should be clear. Providing
information by computer is fine; debating and negotiating electronically
slips into silicon secrecy.
If the legal principle is clear, the technology should be able to follow.
All that is needed by Gresham - and the cities that will doubtless follow
its example - is a package of Open Meeting Software.
And people who understand its importance.
***[end of editorial]
I spoke to the reporter who covered the story, and he said it was an
email system, not an interactive conferencing system. He thought they'd
be using a VAX 220 (?), and didn't know which operating system.
Barbara Zanzig
{major backbone sites}!tektronix!tekecs!barbaraz
barbaraz@tekecs.tek.com
If the defense weapons were not reliable enough to keep on all of the time,
that should tell us all a lot about the chances for Star Wars to succeed (as
if we didn't know already!)
[There is a serious lesson about perpetual readiness when nothing ever
seems to be happening. Too often there appears to be no urgent need to
worry about some particular event, because it has never happened
before. Someone on board was quoted as saying exactly that — no one
had ever fired anything directly at them before, and therefore it seemed
quite reasonable to expect that this time was no different. Crying
"wolf" is bad, but not recognizing the wolf (in sheik's clothing?) is
even worse.) Sorry if I repeat myself on this subject, but this is a
really important issue. PGN]
Following the recent discussion on password (in)security, here is a simple
way of choosing a fairly safe password which I believe is attributable to
Steve Bourne (ex Bell Labs). Find any handy document (there's usually
something near most VDUs) and point your finger randomly at the text. Select
the nearest word (or words if they are short) and substitute one or two of
the letters for some other character. E.g. a `0' for an `o'. This should
reduce the risk of your password being decrypted. You also have the benefit
that you can easily select a new password as often as you like.
Jonathan Bowen, Oxford University Computing Laboratory, England.
[Because this is not a deterministic algorithm, it has some merit.
However, you must remember that passwords are still vulnerable to various
attacks. In some operating systems and in most local networks, it is
easy to capture a password in transit. In that case, it does not much
matter how cute you are in generating passwords. A second point is
that as soon as you let people generate their own passwords, someone
will want a nice simple easily guessable one, ignoring the problem that
his/her operating system does not do a very good job of preventing
someone masquerading as that user from climbing through other people's
files, implanting Trojan horses, deleting files, etc. It is very
antisocial of anyone to have such a weak password, or to rely on
passwords that can be easily captured. Simplistic thinking is the real
source of trouble. Even the policy that everything should be wide
open (no secrets) does not protect you against getting clobbered by
file deletions and Trojan horses.
So, let's avoid fine-tuning essentially weak approaches and remember
the big picture. Then I will stop reiterating... PGN]
<WAGNER%DBNGMD21.BITNET@wiscvm.wisc.edu>
Subject: Re: Passwords, thefts (Andrew Burt) (RISKS DIGEST 4.86)
CC: isis!aburt@seismo.css.gov
> Here at DU we have the terminals bolted to ... tables ... .
> Far better, though, is that each unit is engraved and painted
> with large "DU"s on each component in highly visible locations.
> Makes them very hard to fence.
Interesting ... we seem to be concerned with different risks. I always
assumed that terminals were stolen from public terminal areas in
universities by individuals who wanted a home terminal. It never occured to
me that someone would seriously consider 'fencing' such a thing. PCs,
perhaps. I guess the general population might know what to do with such
things. But terminals?
Under my set of assumptions, a large logo would merely enhance the value of
the treasure. In fact, at UofT, we lost a few terminals to start-of-year
initiation rights. One terminal made it's way to another university in the
area as part of a scavenger hunt (I expect they got extra points for distance).
Does anyone have any statistics on where the real risks are here?
Michael
Nuclear Plant Emergency Plan: In Event of Quake, Smash Toilets United Press International CHATTANOOGA, Tenn., May 14 — Among the earthquake emergency plans at the TVA's Sequoyah Nuclear Plant is one to break all the toilets with a sledgehammer and cover the plumbing holes with duct tape to seal off nuclear leaks. According to The Chattanooga Times, TVA nuclear engineers decided in 1984 that an earthquake could cause water in toilets to spill or drain out, destroying the "water seal" in the pipes. At the Watts Bar Nuclear Plant, being built near Spring City, Tenn., plumbing that would not rely on a water seal was installed. But at the Sequoyah Nuclear Plant, where nuclear reactors were operating at the time, the hammer-and-duct-tape plan was adopted. Both reactors at Sequoyah have been shut down for 21 months because of safety and other regulatory violations at the Soddy-Daisy plant. The hammer and tape are stored in a locked wooden box outside the Sequoyah control room. "Personally, I don't think the big hammer is a big issue," Sequoyah shift engineer Jeffrey Lewis said. "That cabinet has been there for years and we haven't used an inch of duct tape." Clerk Sue Hartman works near the box where the hammer is stored. She said the key to the box is "kept under surveillance at all times." In fact, the key to the key to the cabinet where the hammer box key is stored is "kept on my body," Hartman said.
Please report problems with the web pages to the maintainer