The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 4 Issue 85

Thursday, 14 May 1987


o Holiday reading
Jim Horning
o Hey, buddy, wanna buy a phone call cheap?
o Re: Information Age Commission
Ted Lee
o Information Age Commission and the number of readers of RISKS
David Sherman
o Lockable computers
Pat Hayes
o How a Computer Hacker Raided the Customs Service — Abstrisks (a nit)
Paul F Cudney
o Info on RISKS (comp.risks)

Holiday reading

Jim Horning <horning@src.DEC.COM>
Wed, 13 May 87 17:38:03 PDT
During my recent vacation in Washington, DC, I got a chance to look at
a couple of documents that I haven't seen discussed in RISKS:

  1) APS PHYSICS AND SOCIETY, vol. 16, no. 2, April 1987, pp. 8-9:
  "SDI Software: The Telephone Analogy. Part II: The Software Will
  Not Be Reliable," K. Dahlke, et al.

  This is a piece co-signed by 16 members of the Bell Labs staff.

    On December 3, 1985, Sol Buchsbaum, executive vice president of
    AT&T Bell Laboratories, testified before the Senate Subcommittee on
    Strategic and Theater Nuclear Forces. In his statement, Dr. Buchsbaum
    compared the Strategic Defense Initiative (SDI) to the United States
    telephone network, in order to demonstrate the technical viability of
    SDI. We feel this comparison is irreparably flawed. ... Many of us
    design the very telecommunications systems Dr. Buchsbaum references.

  The same issue reprints Buchsbaum's testimony and has two articles on
  inexpensive countermeasures to space-based weapons systems.

  2) "Report to The American Physical Society of the Study Group on Science
  and Technology of DIRECTED ENERGY WEAPONS," April 1987, to be published

   The APS convened this Study Group to evaluate the status of the science
   and technology of directed energy weapons (DEW). ... This action by
   the APS was motivated by the divergence of views within the scientific
   community in the wake of President Reagan's speech on March 23, 1983
   in which he called on the U.S. scientific community to develop a system
   that ``... could intercept and destroy strategic ballistic missiles
   before they reach our soil...''.

   The APS charged the Study Group to produce an unclassified report,
   which would provide the membership of the Society, other scientists
   and engineers, as well as a wider interested audience, with basic
   technological information about DEW.*

  The study group consisted of 17 blue-ribbon physicists chaired by
  N. Bloembergen of Harvard University. The review committee consisted
  of G. Pake, M. May, W. K. Panofsky, A. Schawlow, C. Townes, and H. York.
  Their principal finding is that

    Although substantial progress has been made in many technologies
    of DEW over the last two decades, the Study Group finds significant
    gaps in the scientific and engineering understanding of many issues
    associated with the development of these technologies. Successful
    resolution of these issues is critical for the extrapolation to
    performance levels that would be required in an effective ballistic
    missile defense system. At present, there is insufficient information
    to decide whether the required extrapolations can or cannot be
    achieved. Most crucial elements required for a DEW system need
    improvements of several orders of magnitude. Because the elements
    are inter-related, the improvements must be achieved in a mutually
    consistent manner. We estimate that even in the best of circumstances,
    a decade or more of intesive research would be required to provide
    the technical knowledge needed for an informed decision about the
    potential effectiveness and survivability of directed energy weapon
    systems. In addition, the important issues of overall system
    integration and effectiveness depend critically upon
    infomation, that, to our knowledge, does not yet exist.

  They go on to say that

    We estimate that all existing candidates for directed energy weapons
    require two or more orders of magnitude (powers of 10) improvments in
    power output and beam quality before they may be seriously considered
    for application in ballistic missile defense systems. In addition,
    many supporting technologies such as space power, beam control
    and delivery, sensing, tracking, and discrimination need similar
    improvements over current performance levels before DEWs could be
    considered for use against ballistic missiles.

  The part most relevant to RISKS is Appendix A: Issues in Systems
  Integration, which raises issues frequently mentioned on RISKS, e.g.

    Decentralization may increase the problems of command and control,
    while more centralized organization may entail increased vulnerability.

* A personal footnote: I think that ACM has failed in its obligations to
its members and to society by not chartering an analogous study of the
computing technology needed for ballistic missile defense. It's very
late to start one now, but perhaps this is a case of ``better late than
                                 Jim H.

Hey, buddy, wanna buy a phone call cheap?

Peter Neumann <Neumann@CSL.SRI.COM>
Wed 13 May 87 19:02:24-PDT
Source: "New Breed of Hustler: Selling Illicit Long-Distance Phone Calls",
by Robert D. McFadden, New York Times, 11 May 87.

A new multimillion-dollar scam is underway in this country.  Hustlers
at bus and rail terminals and other convenient places all over the
U.S. are selling unlimited-length long-distance telephone calls at a
discount.  The going rate at the New York's Port Authority Bus
Terminal is $2 for calls anywhere in the country, and maybe $4 for
international calls.  The entrepeneur places your call with a calling
code from telephone company computers and distributed like drugs
through various networks, human and/or electronic.  The ``stealing''
of codes is apparently quite widespread.

There were 190 arrests in New York last year.  $500 million is the
current estimate of illegal calls per year.  With AT&T, MCI, Sprint,
and others all using just a sequence of digits for identification,
this can be expected to grow.  (Perhaps British Telecom's PhoneCard
is the right idea, if it can be made mostly fraud-proof.)

Re: Information Age Commission

Wed, 13 May 87 03:03 EDT
In 4.84 Wm Brown III seems to have inferred (and implied) that my
comment about the propriety (or expectations) of sharing RISKS with
Congress said something about my views on the proposed legislation.  Not
true:  I'm constantly torn between the view that Congress (as well as
the press) knows nothing about any quasi-technical issue and the view
that they are about the only institution we have to save us from
ourselves; in this case I haven't formed an opinion (not that it would
matter much to anyone.)

Information Age Commission (RISKS-4.84)

Wed, 13 May 87 16:29:30 PDT
  > There are some potentially useful things government *could* do for us, ...
  > The only body which can realistically offer protection against such abuses 
  > is a more powerful government agency, such as Congress.

No chain is stronger than its weakest link.  Because far too many senators
and congressmen lead lives that they wish to keep private, such as Gary Hart, 
powerful investigative agencies, such as the FBI under J. Edgar Hoover, were 
able to control important congressional leaders.

   [This note is marginally relevant.  But insofar as the role of
   governmental leaders is vital to the proposed Commission, it is included 
   here.  No debate please.  Just recognition that we are all human.  PGN]

Information Age Commission and the number of readers of RISKS

David Sherman <mnetor!lsuc!dave@seismo.CSS.GOV>
Thu, 14 May 87 08:25:11 EDT
>From: Richard A. Cowan <COWAN@XX.LCS.MIT.EDU>  Re: RISKS DIGEST 4.84
>Given that the RISKS digest is distributed to hundreds, or even thousands ...

People on the ARPAnet side may not realize how extensive that distribution
is. RISKS is gatewayed to a Usenet newsgroup (formerly mod.risks, now
comp.risks). Brian Reid's monthly newsgroup statistics estimate for
as of April 1987 there were 7,100 people who actually read RISKS on
the Usenet side alone.

As to whether RISKS is a public forum, the same statistics estimate
that 859,000 people have access to Usenet, and 180,000 of those
actually read netnews.  You can draw your own conclusions.

David Sherman, The Law Society of Upper Canada, Toronto
{ seismo!mnetor  cbosgd!utgpu  watmath  decvax!utcsri  ihnp4!utzoo } !lsuc!dave

Lockable computers

Wed 13 May 87 11:04:13-PDT
Your correspondence about the need for a physical lock on students
motherboards was recirculated on INFO-COBOL, presumably as part of the
uproarous laughter.  This is just to say how much I agree that some
such feature is necessary, and to add to your sadness that such
mundane matters as the circumstances of real life are not taken
seriously by designers.  Tell them to go look at how televisions are
often modified by visual-aids resource centres in colleges.  Pat Hayes

How a Computer Hacker Raided the Customs Service — Abstrisks (a nit)

<Paul F Cudney <Cudney@DOCKMASTER.ARPA<>
Wed, 13 May 87 01:51 EDT
(Re: Risks 4.83)

I am confused.  Why would Customs propose to provide $8M to the Coast
Guard when they had already "donated" their two planes?  Somehow the
actions of the Coast Guard would be more believable if Customs had
received the planes.

Is this an abstract risk?    Paul

   [Relations were bad after the planes were reassigned from Customs to CG.
   During a subsequent thaw in the bad relations that ensued, Customs 
   promised CG $8M to help the CG's airborne drug interdiction program.
   DeConcini said don't do it.  CG took the money out of Customs' narcotics
   traffickers operating account.  

   Sorry.  I should have been more explicitive-deleted.  PGN]

Please report problems with the web pages to the maintainer