RISKS-LIST: RISKS-FORUM Digest Thursday 12 January 1989 Volume 8 : Issue 6 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computers and Civil Liberties, article by Gary Marx (Ronni Rosenberg) Losing systems (Vince Manis) Our blinders [with respect to RISKS] (Don Alvarez) Totally secure MAIL & infallible aeroplane warning systems (Nigel Roberts) "Disaster Becomes a Matter of Routine" (Steve Philipson) Re: Biased coverage of hacker's convention by CBS (Richard Thomsen) SAFECOMP89 (Udo Voges) Name this book -- for a box of cookies! (Cliff Stoll) ---------------------------------------------------------------------- Date: Thu, 12 Jan 89 13:07:11 EST From: ronni@juicy-juice.lcs.mit.edu (Ronni Rosenberg) Subject: Computers and Civil Liberties, article by Gary Marx "This is the year of spying kits for kids," by Gary Marx In a popular song Paul Simon tells us that `these are the days of miracle and wonder.' Surely this is so for the lucky child faced with a cornucopia of computer and other electronic toys this holiday season. But among the games and educational tools is one category that should give us pause: spy toys. In one catalogue, under the heading `Toys to Grow On,' for $19.95 you can have Super Ears, which `help you detect even the slightest sounds! Slip on the headset and aim the disk; even if your target is far away, you'll hear every rustle, every footstep, every breath, and every word!' Another stethoscope-like device permits you to hear `quiet breathing, through a concrete wall a foot thick' and with `fidelity good enough to record.' And for only a few dollars, stockings can be stuffed with a Dyna-Mike Transmitter; smaller than a quarter, it `will transmit every sound in a room to an FM radio tuned to the proper frequency' up to two miles away. Consider, too, the possibilities of voice-activated miniature tape recorders that can be slipped into a pocket, a drawer or under the bed. In the wonderful world of advertising, eavesdropping is defined as a game and spying on others is portrayed as fun and exciting. Sellers argue that such toys are also educational in introducing children to the mysteries of sound, hearing and electricity, not to mention toe practical skills being developed. In addition to listening to sounds in the woods and to playmates, older brothers and sisters and even mommy and daddy can be secretly spied on. Imagine the fun! Think of the implications for the family power structure. Children are now offered technical means of watching their parents, as well as the reverse. Children's rights take on new meaning. As an added benefit, adults may behave better at home, both because they want to set a good example for curious children and because they fear being turned in by them. And it is fun to spy on people. Such `toys' directly feed childhood fantasies of omnipotence., While not the same as being Superman and able to fly, it is magical to be able to overhear conversations through a wall or from several hundred yards away, or to secretly capture sound and play it back. But it can also be wrong. To encourage children to play at such activities without at the same time instructing them in the immorality of invasive information technology is irresponsible. Defenders of toy guns argue that their products are just make-believe and are harmless because they don't really work. Children can indulge their violent or protective fantasies without doing any immediate harm or confusing their game with reality. But this is not the case with many of the surveillance devices. They are attractive because they really do work. Children are no longer required even to pretend or to fantasize. In becoming accustomed to such toys and the pleasures they bring, the seeds of an amoral and suspicious adulthood are unwittingly being cultivated. There are parallels to computer hackers. How many of the growing number of young computer criminals have simply carried over into their adult life a juvenile game view of computer hacking, in which morality is irrelevant and all that matters is the technical challenge? Will private bugging, wiretapping and video surveillance expand as a generation matures having had these devices as childhood toys? Children are also learning about the world of surveillance from the many child-monitoring devices marketed for parents: transmitters clipped to a child's clothing or put into a shoe that trigger an alarm on a parental monitor if the child strays out of the signal-range area; wide-area room-scanning by remote video; audio devices in children's bedrooms; at-home urine tests for drugs. What must the world look like to the child subjected to these devices and simultaneously also given spy toys to play with. At holiday time in a free-market economy, it is probably subversive or worse to suggest that toys be banned on the basis of the bad moral message that they send, rather than on the basis of the physical damage that they can do. Yet in the long run the latter may even be more costly because it is insidious and its effects subtle and long-lasting. One would hope that parents would favor toys that build trust and cooperation, or that are at least neutral in the moral lessons that they bring, rather than those that encourage spying and deception. Children's and consumer advocacy groups might add surveillance toys to their opposition to toys of violence. At minimum there should be warning labels on such listening devices indicating that their use in certain ways is illegal. The toys should also come with guidelines for appropriate use and instructional materials to help parents discuss with children the moral issues around surreptitious listening and recording. In his novel `It Can't Happen Here,' Sinclair Lewis warned that if liberty ever were undermined in the United States, it would be from within and would occur gradually, even benignly. He didn't have such toys in mind, but they nicely illustrate his point." [Dr. Marx is on the faculty of MIT's Dept. of Urban Studies and Planning and author of *Undercover: Police Surveillance in America* (University of CA Press, 1988). This op-ed article appeared on Christmas Day in The Los Angeles Times and was reprinted with the author's permission in MIT's Tech Talk on 1/11/89.] ------------------------------ Date: Thu, 12 Jan 89 04:43:19 PST From: manis@grads.cs.ubc.ca (Vince Manis) Subject: Losing systems Organization: UBC Department of Computer Science, Vancouver, B.C., Canada I don't get it. An issue of Risks arrives with not one but two accounts of megabuck systems which essentially go into the trashcan. Yet there are all sorts of things, ranging from better procurement practices through structured systems analysis which are supposed to have made these white elephants a thing of the past. I can think, offhand, of a number of hypotheses to explain the continuing inability to deliver reliable, useful, on-budget software: 1) the technical people are all incompetent (I'm in the process of marking data structures exams at the moment, so maybe I'm giving this one more credence than I should!) 2) management people are all incompetent (perhaps in hiring incompetent technical people, perhaps in interfering with technical aspects of the procurement process) 3) large bureaucratic structures of the sort found in government and industry inherently interfere with the development of usable systems 4) the `structured programming revolution', and structured systems analysis, really don't count for much 5) structured systems analysis is a good idea, but practitioners don't know how to apply it effectively Undoubtedly, the true answer is a mixture of these, along with others that I just can't think of at 4:45 am. The issue is not finding a specific cause (if #3 is to blame, there's not too much we can do about that!); rather, we as professionals should try to identify the factors which bring about system demise, and loudly describe them to all and sundry. It seems clear that all the methodologies in the world won't rescue a system which is designed by an administrator in conjunction with a marketing person from a vendor; nor would one expect anything worthwhile from a system effort in which no user/management input was ever solicited. We have to do more of a job of explaining the limits and the imperatives of the technology to non-technical people than we've been doing so far. [By the way, today's San Francisco Chronicle has an article on the new computer system for the Bay Area Rapid Transit (BART) that is finally being readied for operation, many years late and many millions of dollars over budget. PGN] ------------------------------ Date: Thu, 12 Jan 89 11:59:11 EST From: Don Alvarez Subject: Our blinders [with respect to RISKS] RISKS is a forum dedicated to computer related risks, so it is natural that the articles presented should focus primarily on risks and computers. This reader, however, often feels that the conclusions reached here miss important points because the authors have consciously or unconsciously wrapped themselves in RISKS blinders. Since they arrived this morning, I will use the two articles in RISKS 8.5 as examples: "Digital Photos and the Authenticity of Information" (Dave Robbins) and "Medical software" (Ivars Peterson via Robert Morris). The first article begins with a discussion of computer editing of photographs, and the ease with which such previously incontrovertible evidence can now be forged. The author then goes on to make three main points, which I will restate briefly: 1) Electronically stored records can be altered or forged without leaving any visible traces. 2) Computer technology makes it easier to forge or alter records because more people posses the neccesary skills. 3) Computer technology makes it possible to store such large amounts of data that we are unable to check the validity of any single record. I certainly agree with Mr. Robbins that there are important issues raised by computer based record keeping, but I don't believe these three are among them. The first and third points are related, so I will discuss them together. While the sheer mass of information makes it more difficult to authenticate records by "conventional" means, these records are not unauditable. This same mass of records enables far more sophisticated consistancy checking than was ever before possible. Welfare fraud is possible in a non-computer based environment, but sorting the ranks of welfare recipients against the owners of 40 foot yachts and mercedes-benz automobiles is not. With regards to the ease of forging provided by computers, I do not agree with mr. Robbins in any way. Yes, there are some individuals who are now able to forge records far more effectively than they ever could in the past, but this is ignoring the tens or even hundreds of thousands of people who could forge records in the past but are unable to now. In high school, I could forge the birthdate on my drivers license with a pencil and a piece of chalk. I'd like to see the typical high school kid do the same level of forgery to a microprocessor controlled smart card. It is true that forgery of photographs is coming into the hands of the common "criminal," but the very ease of forgery will be what is responsible for removing such records from the ranks of acceptible evidence. Video tapes will probably continue to be acceptible until such time as they can be economically altered. In RISKS, we tend to have our blinders on to the dangers alone. There are unquestionably very real risks in our information based society, but if you look at the risks in a vacuum devoid of gains and benefits, you will deprive yourself of enourmous advantages. I may have arguements with the enormous corporations which maintain my credit records, but at the same time I am very thankful to them for providing the service which enables me to walk into any store anywhere in the world and pay for goods in any currency with a small piece of plastic which is linked to my bank account. The second article, on "Medical Software" is an example of a different kind of blinder which we wear. The problem of testing and validating advanced hardware is not in any way unique to computers. Within my lifetime we have had advances across the board which raise these questions. Electric motors have become so powerful, lightweight, and common place that manufacturers of lawn tools have to explicitly state that the lawn mower should not be carried at waist height to trim shrubs. Hair driers and portable radios have become so ubiquitous that manufacturers have to worry about consumers placing them in or near the sink or shower. The only thing which makes the computer industry unique is that it is young enough to have been granted special priviledges to sell incomplete or unfinished products. General Motors issues a recall. Microsoft SELLS you version 4.0. Product liability is extremely important in the computer field, as it is in any other field, but we should not place our selves on so high a pedastle that we can not see the connections between what we are doing and what other fields are doing, because that is precisely what got us into this problem in the first place. ------------------------------ Date: Thu, 12 Jan 89 06:20:36 PST From: roberts%untadh.DEC@decwrl.dec.com (Nigel Roberts) Subject: Totally secure MAIL & infallible aeroplane warning systems Following as it did the intelligent & informed _Guardian_ leader article on the risks on technology (RISKS 8-4), there was an item today's paper, in the COMPUTER GUARDIAN section which makes me really shudder. In an article comparing the changing roles of FAX, telex and electronic mail, Warren Newman writes: "There are disadvantages to FAX and telex. The main one being lack of confidentiality. An electronic mailbox is secure. You have the key in the form of a password and only you can look at the contents. Most fax machines and telex machines are kept in common service areas where a secretary or clerk will collect the message and deliver it" -- from "Fax becomes a favourite", Computer Guardian, Thursday January 12 1989 What nonsense! This sort of thing perpetuates the conspiracy of silence concerning risks of electronic mail systems. Going back to the subject of the 737 crash at East Midlands Airport, I noticed another item of possible interest to RISKS readers in today's paper. "Mr Freddie Yetman, technical secretary of the British Airline Pilots' Association [the pilots's union --NR] said that the investigators 'must have some suspicion of these circuits'. 'It points to a possible spurious warning being given to the flight deck. But how the devil do you get a spurious warning from an infallible system?' " -- from "Suspect jets are grounded", The Guardian, Thursday January 12 1989 Nigel Roberts, Munich, W. Germany ------------------------------ Date: Thu, 12 Jan 89 12:19:17 PST From: Steve Philipson Subject: "Disaster Becomes a Matter of Routine" (M1 Plane Crash, RISKS-8.4) The underlying implication of the excerpted article is that high technology should bring perfect safety. This is not a premise that most of us would consider valid. It is also not necessarily the goal of all high-tech systems. Improved technology is supposed to bring some kind of improvement. It might be improved safety, performace, economy or something else. Our modern airliners have clearly shown themselves to be superior in many ways to our old models. The latest airline technology has not yet had a chance to prove itself in service, but the new features are intended to yield all-around "better" aircraft. Fighter aircraft on the other hand, are not designed to be the safest vehicles we can make, but rather are intended to be able to survive hostile threats while successfully attacking a target. Their hi-tech is primarily directed at military goals. Indeed they do crash, and they are dangerous. It is not higher technology that is the problem though, but rather the nature of fighter aircraft tactics and training. Training in populated areas will involve costs in lives on the ground. That is not an issue of technology but rather one of policy. High technology, including computer technology, is not going to solve all of our problems at once. The author of the article observes this in the last line of the quoted paragraph. On the other hand, high-technology is not necessarily creating worse problems. In this case, new airliners are not necessarily less safe. What we as technologists must do is make the public aware of the limitations of our work, so that backlash against the failures that will occur will not prevent us as a society from making progress, improvements, and bettering the lot of mankind. ------------------------------ Date: Thu, 12 Jan 89 08:38:31 MST From: rgt%beta@LANL.GOV (Richard Thomsen) Subject: Re: Biased coverage of hacker's convention by CBS In the March 1989 issue of ANALOG Science Fiction/Science Fact, there is a quote from George Gerbner as follows: If you can write a nation's stories, you needn't worry about who makes its laws. Today, television tells most of the stories to most of the people most of the time. Welcome to the ranks of those who get bad and biased press [...]. Richard Thomsen ------------------------------ Date: 01/12/89 12:45:13 CET From: ( KFK/KARLSRUHE - VOGES ) Subject: SAFECOMP89 Call for Papers and First Announcement IFAC/IFIP-Workshop "Safety of Control Computer Systems" SAFECOMP'89 December 5-7, 1989, Vienna, Austria SCOPE SAFECOMP'89 will deal with safety related applications of industrial computer systems. Such systems are used in transportation, production industry, power plants, medical and emergency systems. New aspects have to be considered by the extension of electronic data interchange for trade (EDI) and computer integrated manufacturing. The objective is to reduce the potential to injure, kill, lose property or cause hazard to environment. It should be noted that for systems with safety and environmental protection the problems of guarantee and product liability are closely related. TOPICS + Planning, Specification, Design and Architecture of safe computer systems + Verification and Licensing of safety related computer systems + Operation and Maintenance of safety related computer systems + Safety related Documentation and Project Management Techniques + Identification, metrics and recognizing weak signals for improving safety + Applications, case studies and experiences + Data on safety related systems and data collection + Measurement of Quality for safety + Standardisation questions + Aspects concerning human and living environment + Artificial Intelligence for safety related applications + Tools and systems approach for achieving safe computer systems DEADLINES + Four copies of the abstract (in English) should be received not later than 15 january 1989. + Notification of preliminary acceptance: 28 Febr. 1989 + Submission of full paper: 30 June 1989 MAILING ADDRESS Austrian Center for Productivity and Efficiency, OEPWZ, Dkfm. Mag. W. Steiskal, Rockhgasse 6, A-1014 Vienna AUSTRIA Tel.: +43 222 638636 Telex: 115718 oepwz Telefax: +43 222 63863636 This Workshop is the next in series to Safecomp'88 (see RISKS 7.78) Udo Voges, KFK Karlsruhe, IDT766@DKAKFK3.EARN ------------------------------ Date: Tue, 10 Jan 89 02:10:18 PST From: cliff@LBL.Gov (Cliff Stoll) Subject: Name this book -- for a box of cookies! Fellow Riskees: I'm writing a book, and I need a title. It's about computer risks: counter-espionage, networks, computer security, and a hacker/cracker that broke into military computers. It's a true story about how we caught a spy secretly prowling through the Milnet. Although it explains technical stuff, the book is aimed at the lay reader. In addition to describing how this person stole military information, it tells of the challenges of nailing this guy, and gives a slice of life from Berkeley, California. You can read a technical description of this incident in the Communications of the ACM, May, 1988; or Risks Vol 6, Num 68. Better yet, read what my editor calls "A riveting, true-life adventure of electronic espionage" ... available in September from Doubleday, publishers of the finest in computer counter-espionage nonfiction books. So what? Well, I'm stuck on a title. Here's your chance to name a book. Suggest a title (or sub-title). If my editor chooses your title, I'll give you a free copy of the book, credit you in the acknowledgements, and send you a box of homemade chocolate chip cookies. Send your suggestions to CPStoll@lbl.gov or CPStoll@lbl (bitnet) Many thanx! Cliff Stoll [Weihnachts STOLLen (German Christmas cookies) might be appropriate for the cookies. With a different publisher, Cliff could have called the book "Stalking the Wiley Hacker". But since Abner Doubleday is widely credited with having invented baseball, you could call it "Who's on Wurst?". PGN] ------------------------------ End of RISKS-FORUM Digest 8.6 ************************ -------