The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 1 Issue 40

Friday, 17 Jan 1986


oBig Brother
Jim Ziobro
Keith Lynch
o Multiple redundancy
Henry Spencer
o COMPASS 86: System Integrity: Process Security and Safety
Al Friend

Big Brother (Chaum's articel, CACM vol 28, #10, 1030-1044)

Jim Ziobro <rocksvax! >
Fri, 17 Jan 86 13:39:48 est
I believe the point of Chaum's article was to show how computer technology
might prevent invasions of privacy by unauthorized parties.  He did not give
specific algorithms.  The challenge is now to develop secure algorithms and
to get public acceptance.  All in all I thought it was a very good article.

As PGN points out, a completely secure algorithm is impossible.  But
all we really need do is get one that is better than our current coupon
system.  How secure is our coupon system (Dollars and coins)?  Well at least
one person in Xerox can make money (given the proper paper) that will fool
most of the population.  A friend in printing says that passable money is
quite easy to do but this particular individual had better things to do with
his time.

The privacy of currency is hard to beat.  But already many people prefer
credit cards to the vulnerability of cash.  In that case they trade off
security for allowing nearly anyone at their bank to see where they shop
and how much they spend.  People are also willing to spend the $20/year
for the credentials/security that credit cards offer.

I think public acceptance increases by one everytime someone receives a
false transaction on their credit card or even when their Social Security
check is stolen in the mail.  At that rate Chaum's vision of the future
may be with us before 2000.

James M. Ziobro

Big Brother

"Keith F. Lynch" <KFL@MC.LCS.MIT.EDU>
Mon, 13 Jan 86 21:33:27 EST
To: mcgrath@OZ.AI.MIT.EDU

    Date: Wed 8 Jan 86 19:53:41-PST
    From: Jim McGrath <J.JPM@Epic>

    ... David Chaum ... asserts that it
    would be in the interests of both individuals and organizations to adopt a
    system whereby transactions would be essentially unforgeable and

  I agree that this would be great.  I doubt that it will happen.  The
character of people in government today is very different from 200
years ago.  It is obvious that the signers of the constitution would
have extended their protections of papers and places to computer files
and disks, had they heard of such things.  Confiscation of CBBS
computers is just as wrong as confiscation of printing presses.
'Fairness' rules concerning radio and TV are just as unreasonable as
similar rules concerning newspapers and magazines would be.  The only
reason why the printed media get preferred treatment is that they were
explicitly mentioned in the constitution.  Had radio, TV, electronic
funds transfer systems, and telephones been around in the days of
Jefferson and Washington, I am sure that they would enjoy similar
constitutional protection.
  There are many good reasons why it is in the government's interest
to be able to track each individual's finances, phone usage,
electronic mail usage, etc.  Mainly to fight crime, especially the new
bugaboo of terrorism.  But this same reasoning could have been used by
the writers of the constitution, but it wasn't.  It was believed that
the benefits of having a free society outweighed the problems of some
people abusing these freedoms.  Two hundred years later, comparing our
country with countries that made the opposite decision, I think we did
the right thing.
  I believe that this is probably the greatest risk of computers.
That by phasing out the media that are mentioned in the constitution,
that we are also phasing out the protections long enjoyed by their

Re: Multiple redundancy

Mon, 13 Jan 86 19:49:18 PST
A correction and an addendum to my earlier contribution about multiple

Correction:  It was not the "De Havilland Victor" but the "Handley Page
Victor".  Blush.  That's like calling Boeing "McDonnell Douglas".

Addendum:  The full reference is  Bill Gunston, "Bombers of the West",
Ian Allan, London 1973, page 92.

                Henry Spencer @ U of Toronto Zoology

COMPASS 86 Call for Papers

Al Friend <friend@nrl-csr >
Tue, 14 Jan 86 10:19:26 est
                             COMPUTER ASSURANCE
                System Integrity: Process Security and Safety

                             * CALL FOR PAPERS *

  Important Dates                              Date & Location
  ---------------                              ---------------
  March 31, 1986                               July 7 - 11, 1986
    3 Copies of Abstract Submitted             The George Washington University

  April 30, 1986                               Washington, D.C.
    Authors Notified of Acceptance             Accomodations available in Dorms

  May 30, 1986
    Camera Ready Manuscripts Due

                 Keynote Address by:  David Lorge Parnas

                 Sponsored by:        WASHINGTON SECTION IEEE
                 Conference Name:     COMPASS 86 (COMPuter ASSurance)

Our safety, health and welfare as individuals and as a nation are increasingly
dependent on the correct use of computers.  However it is usual to find major
"bugs" and untrustworthy operation in critical computer controlled systems,
despite advances in software engineering and computer system design.  New
approaches are needed.  The purpose of this conference is to discuss these
needs, and to encourage the presentation of possible new approaches.  Abstracts
presenting innovative new ideas are encouraged, even if the ideas have not been
fully developed.  Our goal is not to sell old ideas but to encourage new ones.
Abstracts of 5 to 10 pages are encouraged.


Subject Areas Include (but are not limited to): X For information contact:    X
----------------------------------------------- X Albert W. Friend, Prog. ChmnX
                                                X COMPASS, P.O. Box 3815      X
* Specifications                                X   Gaithersburg, MD 20878    X
* Processes                                     X    friend@nrl-csr           X
* Assessment and Measurement                    X                             X
* Formal methods and tests                      X   NAME_____________________ X
* Human limitations                             X   Affiliation______________ X
* Implementations                               X   Address__________________ X
* Kernels                                       X   City, State, Zip_________ X
                                                X     _______________________ X
All submissions reviewed by program committee    XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Please report problems with the web pages to the maintainer