RISKS-LIST: RISKS-FORUM Digest Monday, 5 October 1987 Volume 5 : Issue 42 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Credit Markets: computer interest is high! (Jerome H. Saltzer) Telephone computers that work (Alan Wexelblat) Computer Services as Property (Isaac K. Rabinovitch, Arthur Axelrod) JOINing on public access data -- and insider trading (Brent Laminack) TV Detectors (Lindsay F. Marshall, Ian G. Batten, David A Honig) Confusing Input Request in Automatic Voting Systems (Eke van Batenburg) Directions and Implications of Advanced Computing -- Call for Papers (Douglas Schuler) Risks of receiving RISKS -- BITNET users BEWARE (jfp) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@SRI.COM, Requests to RISKS-Request@SRI.COM. For Vol i issue j, FTP SRI.COM, CD STRIPE:, GET RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- Date: Fri, 2 Oct 87 09:47:01 EDT To: risks@csl.sri.com Subject: Credit Markets: computer interest is high! From: Jerome H. Saltzer Buried near the bottom of the daily report of Credit Markets on page 29 of the Friday, October 1, Wall Street Journal is the following intriguing paragraph: "The rate on federal funds, or reserves that banks lend each other overnight, averaged 7.6%, down from 8.38%, according to Fulton Prebond (U.S.A.) Inc. At one point Wednesday, the rate was as high as 30% because of a computer problem, the Fed said." That one somehow sounds a little scarier than usual. Does anyone have any facts? Jerry ------------------------------ Date: Fri, 2 Oct 87 09:27:08 CDT From: Buckaroo Banzai To: RISKS@csl.sri.com Subject: Telephone computers that work A short blurb in today's paper reports that the Pac Bell computers logged over 300,000 phone calls in the six minutes after the earthquake. The system appears to have degraded gracefully under the excessive load - the only problems reported were delays in getting a dial tone. Alan Wexelblat UUCP: {harvard, gatech, pyramid, &c.}!sally!im4u!milano!wex [As always, it is nice to see success stories. On the other hand, the call volume that resulted was enormous all day -- and various LA exchanges were down completely for quite some time. By late evening it was still almost impossible to get some calls through to LA. PGN] ------------------------------ From: portal!cup.portal!Isaac_K_Rabinovitch@Sun.COM To: risks@csl.sri.com Subject: Computer Services as Property Date: Sat Oct 3 10:57:35 1987 A recent message in the RISKS Forum raises an issue that I think needs more careful discussion. The opinion expressed was similar to many I've heard in the last few years, in its complaint that people regard the theft and disruption of computer services more tolerantly than theft and vandalism of "other forms of property." I think such opinions are based on the mistaken belief that society and the law regard the property holder's rights as absolute and final. I'm not a lawyer or a serious student of social mores, but it's obvious to me that both law and society recognize that a property holder has an obligation to take reasonable measures to prevent tresspass, vandalism, and theft. Society in general has little sympathy for people who are careless with their property, as many system administrators have sometimes been. An administrator who accidentally publishes all his user passwords (something that I've actually seen happen!) is certainly like a person who absent mindedly leaves his front door unlocked. Providers of computer services are right to be frustrated with the slugish way judges and legislators apply existing moral and legal concepts to the new technology. But they should be aware that existing legal concepts are not entirely on their side. Consider the laws of easment, for example. They should also not pay excessive attention to the arguments of defense attorneys, whose jobs obligate them to take a very narrow view of these problems. None of this excuses the Matt and Ally fans who think that fouling up a Big Corporation's operations is just a fun prank. And it certainly doesn't justify more serious forms of hooliganism and brigandage. But system administrators should not feel that society is giving them a special bum deal. ------------------------------ Date: 5 Oct 87 08:21:16 PDT (Monday) Subject: Computer Services as Property (Re: RISKS-5.41) From: "Arthur_Axelrod.WBST128"@Xerox.COM To: RISKS@csl.sri.com In RISKS DIGEST 5.41, Richard.S.D'Ippolito@sei.cmu.edu writes: " . . . the defense attorney's comments on motives make me wonder when, if ever, the view of computer crimes will merge with society's view of other property crimes: we have laws against breaking and entering... I think we all agree with the fundamental premise, i.e. that information is a form of property and is entitled to the same protection as any other form of property. However, there is a difference between information property and tangible property that complicates the issue and may be responsible for much of the confusion in society's view and the ambiguity in current law. To extend the analogy, in real property ("real" as in "real estate") the law makes a clear distinction between "fully private" property and "places of public accommodation." (I may not have the legal terms right, but you get the idea.) I'm allowed to walk at will through a shopping mall, for example, even if I have no intention of buying anything. I can come in out of the rain, use the rest rooms, sit on a bench and warm up, and not be subject to prosecution for breaking and entering. The "resources" that I use, bench space, warm air, rest rooms, etc. are "saleable items" in the sense that the mall owner has to pay for them, and recovers that cost in rent from merchants. On the other hand I can't simply walk into your house at will. Not even if you leave the door wide open. Furthermore, your house doesn't have to have a sign saying "private property" on it. If I did that, I would be subject to charges of trespassing, illegal entry, and burglary, or at least attempted burglary. You wouldn't be required to show that you had taken any special measures of protection, let alone had "perfect security." It is assumed that everyone knows that a house is private property and furthermore it is assumed that everyone is capable of recognizing a house. That's the point. Through long custom and usage, we have all come to be aware of the distinction between private places and places of public accommodation. The key phrase here is "long custom and usage." The problem that we face with computer security is that society has not yet had a chance to form a conceptual model of the distinction of what is or is not a private information resource. The era of the widely accessible computer is hardly ten years old. Education is one part of the process. One of the functions of the security measures that we computer operations people take must be in a sense educational. People who literally don't know any better, because they've never been taught, must be told, in one way or another, "Look here, this is private. Keep out." Schools, government, etc., have a responsibility, too, of course, but ultimately, computer professionals have the greatest stake and must accept the fact that we must take the lead. Some day, the view of computer crimes will indeed merge with society's view of other property crimes, but we better face the fact that it may not be soon. Art Axelrod, Xerox Webster Research Center ------------------------------ From: itm!brent@csl.sri.com (Brent) Subject: JOINing on public access data -- and insider trading (Re: RISKS-5.41) Date: 1 Oct 87 19:53:39 GMT Organization: In Touch Ministries, Atlanta, GA To: The recent talk in this group about cross-correlating public databases for questionable purposes reminds me of the method used to catch insider trading on the NYSE. Above "the floor" is a computer room that constantly monitors the movements of stocks. If a stock moves up or down more that a certain percentage of its selling price in a given day, or if more shares trade hands than normal, an alarm sounds. The analysts then cross-correlate that stock with all available press releases, wire service reports, and stock offerings to try to determine if there is a valid reason for this movement. If no reason can be determined, the incident gets investigated further. The buying and selling stockholders get cross-correlated with the members of the board and all employees of the company in question. They also cross-correlate all known data about the parties in question: club memberships, professional societies, civic organizations, to try to determine if any contact was likely. If these joins come up positive, the case gets investigated by old-fashioned "legwork." The above information was related in an NPR story as the insider trading scandal was breaking a while back. I have long suspected that if "big brother" were to come into being, it wouldn't be created by the government. The government is far to big, slow, and open to public inspection. If "big brother" is to be created, it will probably be done by private enterprise, as above. But it's not just the "big-wigs" of the NYSE. It's you and me being cross-correlated as below: There are companies known as "list brokers." These companies buy and sell names and addresses. Everyone notices that once you get on one "junk mail" list, you soon get mail from a plethora of other organizations. Your name has been brokered. All types of organizations from credit-card companies to non-profit fund raisers buy and sell lists. The price depends on the quality of the name, from a cent or so for inactive names to upwards of a dollar a name for high quality lists. The average is about 10 to 15 cents. How do the most profitable companies make money? By cross-correlating. One of the largest list brokers has taken the census information and run cluster analysis on a wide range of socio-economic scales. The result is a clustering of the nation into 17 groups. These have colorful names like the "pickups and shotguns" cluster, and the "money and brains" cluster. Now suppose a shotgun shell maker wants to drop a direct-mail piece to new prospects. What kind of list should he buy? The list broker pulls up the "pickups and shotguns" profile and determines that a greater than average number of people in that segment also own electric freezers, so they sell the shell maker a list of names of people who returned warranty cards for freezers. Viola! Everyone makes money: the freezer manufacturer who sold the freezers, then sold the names to the broker, the broker who re-sold the names at a mark-up (the value added being the cross- correlation he ran) and the shell maker who stands to sell more shells than to an unqualified list. Add another wrinkle: the intelligent set-top cable converter. This is an individually addressed converter used for "pay per view" cable. You see a good movie will be on HBO tonight. You call your cable company. They turn on HBO for you house tonight so you can see RAMBO or whatever. Thus they collect information on you as to who wants to see what movie. Another new feature is the "people-meter." At 8:07 p.m. tonight, the central cable computer sends out a "poll" message. The set-top captures what channel it's currently tuned to and over the next 24 hours, all the little set-tops report back to the home office. This can go into the database as well. It's only a matter of time until this information is merged with the list-brokers profile. Now we have a complete demographic profile of your household: Area of town, cost of house, number of incomes, favorite TV shows, most recent major purchases, etc., etc. I claim if "big brother" is to be, it will come from the private sector for marketing reasons, motivated by profit. There is legislation in the works to prevent the cable companies from selling information. But will the set-tops encrypt the data they send? If not, a simple passive tap could generate reams of data. The potential for invasion of privacy is large here, simply because of the scale of the mailing list and cable systems. Also by the nature of the beast, the correlations are done on a huge scale, hence only approximate in many cases, so the potential for mismatches is large. Brent Laminack ------------------------------ From: "Lindsay F. Marshall" To: risks@csl.sri.com Date: Thu, 1 Oct 87 16:39:55 BST Subject: TV Detectors Detecting a TV inside a house is easy, and is a process that has been refined over the years to cope with such things as multiple occupancy and high-rise flats etc. I have also heard of people being sent letters about TV licences when they had no TV, but I don't think they were any more threatening than your average government letter. I would doubt very much that the search for licence evasion is as simplistic as has been suggested - the impression I get is that the letters sent by mistake tend to be caused by people with no TV moving into a new house where the previous occupant did have one. I would suspect that the address is a more important part of the check than the occupant, rather like some credit validation schemes, where information concerning previous occupants can blight you for up to 6 years - I got caught by this recently, and to add insult to injury, the information was not even correct! The previous occupant had been summonsed AFTER he had vacated out house, but for some reason was still listed as being at our address...however the companies involved sorted this out very fast and very politely. Lindsay ------------------------------ To: risks@csl.sri.com Subject: TV Detectors Organisation: University of Birmingham Computer Science Department Date: Thu, 01 Oct 87 12:16:56 BST From: "Ian G. Batten" My parents (who do not have a TV) get a letter every year stating that they do not hold a license and then giving a list of reasons as to why this may be so (just bought the TV, forgotten it expired, etc). Nowhere on this note does it suggest the possibility that they don't have a TV! This letter can only be being generated by cross-matching some "list of everyone" with a "TV license-holders list", as they have had the house from new in 1961 and have never had a TV in that time. [I can't remember when radio licenses were subsumed into TV licenses and waived for the non-TV 1% of the population; I'm too young :-)] ian ------------------------------ To: RISKS <@ICS.UCI.EDU:RISKS@csl.sri.COM> Subject: detecting TV's Date: Thu, 01 Oct 87 15:50:22 -0700 From: David A Honig I don't know how easy it is to detect TV's from a distance (though I suspect anything using heterodyning is detectable from the emissions from the IF oscillator), but I recall a story about detecting satellite-TV thieves: The satellite TV company drove down a street with a RF signal analyzer and detected the emissions from rooftop dishes. Each house with a dish tuned to the (im)proper frequencies was sent a harsh letter describing the (fairly accurate, in this case) evidence against them. Apparently this was effective (partially it was a publicity-motivated crackdown, the satellite company wanting to show that they could catch "signal-stealers"). ------------------------------ Date: Mon, 5 Oct 87 16:11 N From: Subject: Confusing Input Request in Automatic Voting Systems To: NEUMANN@csl.sri.com Last election in 1986 several cities in Holland used voting machines in order to keep a count of the votes for the candidates of the various parties. It appeared that several voters were confused by the lay-out of the buttons and inadvertently choose the wrong candidate by pushing the button at the wrong side of the candidate's name. This was discovered in the little village of Katwijk because suddenly a conspicuous great amount of people voted for a very left-wing party (whereas in other years the vast majority votes for the very right-wing "Gereformeerde Partij"). Eke van Batenburg, Instituut v.Theoretische Biologie, Groenhovenstraat 5 2321BT Leiden (tel.071-132298) Holland [They could tell left from right among the parties, but not among the buttons. PGN] ------------------------------ Date: Fri, 2 Oct 87 14:49:20 pdt From: Douglas Schuler Subject: DIAC-88 CALL for PAPERS Call for Papers DIRECTIONS AND IMPLICATIONS OF ADVANCED COMPUTING DIAC-88 St. Paul, Minnesota August 21, 1988 The adoption of current computing technology, and of technologies that seem likely to emerge in the near future, will have a significant impact on the military, on financial affairs, on privacy and civil liberty, on the medical and educational professions, and on commerce and business. The aim of the symposium is to consider these influences in a social, economic, and political context as well as a technical one. The directions and implications of current computing technology, including artificial intelligence and other areas, make attempts to separate science and policy unrealistic. We therefore solicit papers that directly address the wide range of ethical and moral questions that lie at the intersection of science and policy. Within this broad context, we request papers that address the following suggested topics. The scope of the topics includes, but is not limited to, the sub-topics listed. RESEARCH DIRECTIONS DEFENSE APPLICATIONS Ethical Issues in Computing Research AI and the Conduct of War Sources and Effects of Research Funding Limits to the Automation of War Responsible Software Development Automated Defense Systems COMPUTING IN A DEMOCRATIC SOCIETY COMPUTERS IN THE PUBLIC INTEREST Community Access Computing for the Handicapped Computerized Voting Resource Modeling Civil Liberties Arbitration and Conflict Resolution Risks of the New Technology Software and the Professions Computing and the Future of Work Software Safety Submissions will be read by members of the program committee, with the assistance of outside referees. The program committee includes Steve Berlin (MIT), Jonathan Jacky (U. WA), Richard Ladner (U. WA), Bev Littlewood (City U., London) Nancy Leveson (UCI), Peter Neumann (SRI), Luca Simoncini (U.Reggio Calabria, Italy), Lucy Suchman (Xerox PARC), Terry Winograd (Stanford), and Elaine Weyuker (NYU). Complete papers, not exceeding 6000 words, should include an abstract, and a heading indicating to which topic it relates. Reports on in-progress or suggested directions for future work will be given equal consideration with completed work. Submissions will be judged on clarity, insight, significance, and originality. Papers (4 copies) are due by April 1, 1988. Notices of acceptance or rejection will be mailed by June 1, 1988. Camera ready copy is due by July 1, 1988. Send papers to Professor Nancy Leveson, ICS Department, University of California, Irvine, Irvine, CA 92717. Proceedings will be distributed at the symposium, and will be available during the 1988 AAAI conference. The DIAC-87 proceedings are being published by Ablex. Publishing the DIAC-88 proceedings is planned. The program committee will select a set of submitted papers to be considered for publication in the Communications of the ACM. For further information contact Nancy Leveson (714-856-5517) or Doug Schuler (206-865-3226). Sponsored by Computer Professionals for Social Responsibility, P.O. Box 717, Palo Alto, CA 94301. ------------------------------ Date: 30 September 87 20:45 EDT From: JFPJ%CORNELLA.BITNET@WISCVM.WISC.EDU Subject: Risks of receiving RISKS -- BITNET users BEWARE [ANOTHER REMINDER] To: RISKS@SRI.COM [For those of you on BITNET, you should be aware of the instructions for the automatic self-maintaining mailing list indirection (which apparently is going to change in the near future). PLEASE DO NOT send any mail to the designated RISKS address except the properly formatted SUBSCRIBE and UNSUBSCRIBE messages. All other messages get rebroadcast to the BITNET RISKS community, and then I get complaints... Instructions upon request, if you have lost them. BUT, I am suddenly getting notices from LISTSERV that I (not YOU?) can add YOU using ADD (not SUBSCRIBE?)... Grumble... Update on the new forwarding when available. PGN] It seems that computers indeed aren't flawless - especially as regards automated redistribution of the RISKS Digest on BitNet. For several weeks (ever since I subscribed, in fact) I have been getting various messages, none of which has to do with RISKS (mostly subscription requests &c). Wondering if something was amiss, I sent a message to the address used for BITNET subscription. Much to my surprise, when I logged in several days later, I found 12 messages waiting for me. They were typically from people experiencing the same difficulties, but two held the key to the problem. It seems that the address for BITNET subscription/distibution has a very limited intellect. If it receives mail of the proper for (ADD ... or DELETE ...), it is processed. Any other mail is assumed to be a RISKS issue, and is distributed to the subscribers. Needless to say, my query was treated as a RISKS Issue, and was subsequently distributed. -jfp ------------------------------ End of RISKS-FORUM Digest ************************