RISKS-LIST: RISKS-FORUM Digest Wednesday, 21 October 1987 Volume 5 : Issue 46 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Portfolio Insurance and Wall Street's meltdown (Rodney Hoffman) Software firms put on guard by Act (Jonathan Bowen) World Series Phone Snafu (Ted Lee) Re: Civil Disobedience (Jim Jenal) Destruction of confiscated computers (Lindsay F. Marshall) Weather Forecasts (Lindsay F. Marshall) Anonymity and high-tech: indirection (Robert Stanley) Berkeley's computer security (Al Stangenberger, David Redell) Computer Services as Property (Rick Busdiecker) Information as property (Hugh Pritchard) [Some further messages are omitted -- on anonymity, property, and STILL more on UNIX Passwords! Thanks for your submissions. PGN] The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, FTP SRI.COM, CD STRIPE:, GET RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- Date: 21 Oct 87 15:53:15 PDT (Wednesday) Subject: Portfolio Insurance and Wall Street's meltdown To: RISKS@csl.sri.com From: Rodney Hoffman Excerpted from the 'Los Angeles Times', Tuesday, Oct. 20, 1987: PORTFOLIO INSURANCE MAY HAVE WORSENED SELLOFF, TRADERS SAY By Michael A. Hiltzik In December, 1986, New York Stock Exchange Chairman John J. Phelan warned a Washington audience that a new form of computerized stock and futures trading known as portfolio insurance could someday lead to "financial meltdown." The markets laughed him off.... [T]here are strong indications that computerized portfolio insurance programs inspired the snowballing waves of selling during the market's catastrophic collapse. The impact of portfolio insurance programs on the market's epic fall Monday and last week cannot be precisely gauged. But estimates place the amount of assets "protected" by the programs ... at as much as $61 billion. Because of the mechanics of portfolio insurance, a significant portion of that pool of cash was poised before last week to begin marching, all at once, in a single direction: down.... [T]he leading insurance technique involves selling not stocks, but related stock-index futures, and using the porceeds to offset stock losses. As the selling waves hit the futures markets, they drive futures prices down, which in turn drag stock prices down.... Even people who sell portfolio insurance acknowledged that the technique is probably a leading villain of the market collapse -- and what's more, failed to protect clients from the lossses they thought they would avoid. Portfolio insurance firms all use somewhat different computer models to dictate trading for clients; some were apparently more successful than others in protecting clients from losses this week and last week. But all showed they had devastating shortcomings, [Preston W. Estep, head of a leading portfolio insurance firm] said.... [discussion of the past warnings and fears about the growing interrelationship between future and stock markets] Program traders... have often been blamed for exacerbating the sharp stock price moves of the last few years because their computer programs are designed to order the sale or purchase of millions of dollars of stocks in the blink of an eye. Portfolio insurers add another bias to that system: one that encourages sharp downturns. [detailed discussion of one scheme: "dynamic hedging" developed by University of California, Berkeley business professors Hayne Leland and Mark Rubenstein] More important than clients' individual losses, however, is the way portfolio insurance tends to magnify market slumps. Because the clients' concerted selling forces futures prices down, that attracts investors who strive to make money from the difference in price between the futures and their related stocks. In roughly simultaneous transactions, they buy the futures and sell the corresponding stocks. In turn, that forces stock prices further down, which kicks in more insurance-related sales in the futures markets, and so on. ------------------------------ Date: Wed, 21 Oct 87 15:55:02 BST From: bowen%prg.oxford.ac.uk@NSS.Cs.Ucl.AC.UK To: "RISKS FORUM - Peter G. Neumann -- Coordinator" Subject: Software firms put on guard by Act From the Times, London, 20th October 1987: Computer Horizons, Jobscene, by Darrell Ince, Prof of Computer Science, Open University, UK. `The new Consumer Protection Act, which comes into force next year, could provide a number of headaches for British software developers. At the same time, it is also likely to result in an increase in both job opportunities and salaries for one neglected area of software engineering -- quality assurance. Until the new law takes effect anybody who is injured because of an error in a software product has to carry out the difficult process of establishing fault on the part of the company which supplied the product. Once it comes into force all that will be required is to establish a casual link between the injury suffered and a defect in the software product. This puts immense pressure on software companies to make sure that their software is correct. ... [The article goes on to mention the techniques which quality assurance specialists can use including...] one American concept...the Black Team. This is a collection of hackers whose function is to try and make a completed software system crash. [Prof Ince suggests that...] ...the bulk of companies...still take a relatively relaxed view of software quality. The new law will change this, and, if as expected, companies start becoming directly liable for software products, then there should be a massive expansion which, initially, may not be meet be current levels of staffing. ... [The article concludes] ...I think we can all excuse current software quality practitioners their broad grin as they read the newspaper accounts of the problems that British software houses will face over the next three years.' Any comments? [Had any jobscene phone calls lately? PGN] ------------------------------ Date: Mon, 19 Oct 87 02:26 EDT From: TMPLee@DOCKMASTER.ARPA Subject: World Series Phone Snafu [Telephones Whirled Serious in Fall Classic] To: risks@csl.sri.com I don't know how it played in the national media, if at all, but the telephone systems in the five midwestern states surrounding Minneapolis/St. Paul were essentially thrown continuous strikes for three hours yesterday (Saturday) morning. After some minor skirmishes in the lines where the local tickets (i.e., non series ticket holders, non-bigwigs, etc.) for the first two games of the World Series had been sold earlier in the week, the sole ticket franchisee (one of the local major department store chains) decided to make things more pleasant by selling the 10,000 local tickets for games six and seven by taking orders over the phone. The number to call, which was staffed by 35 operators, was announced at 0755AM Saturday on the local television and radio stations, some of which cover a good part of five states (North and South Dakota, Wisconsin, Iowa, and Minnesota.) 200,000 calls an hour were attempted to that number until the last ticket was sold at about 11:00 AM. Most phone exchanges in the area were for all practical purposes shut down by the overload. The news reports weren't very specific about how bad the delays were where, but did mention that the effects were spread over the five-state area. I was unable to get a dial tone during the entire period. 911 service was useless -- the 911 equipment of course was all right -- if one could have gotten a dial tone in any reasonable time. It was reported that one suburb realized the danger quickly and stationed its fire trucks at strategic intersections just in case and police departments broadcast a note requesting people with problems to drive to the nearest precinct rather than try to call. It was very fortunate that apparently there were no emergencies -- the only incident reported was that someone had discovered that a relative had died and tried to call for help on 911; in that case a rapid response would not have mattered. And there was also the poor fellow in Rochester, Mn., (area code 507) who happened to have the same number as the ticket line (area 612) -- and was waiting for calls in response to a newspaper ad to sell some of his belongings before he left for college that afternoon. He was not amused. The ticket people said they'll have to come up with a third game plan next year. (Of course they'll need it!) ------------------------------ Date: Wed, 21 Oct 87 10:00:08 PDT From: To: elroy!ames!sdcsvax!ucbvax!KL.SRI.COM!RISKS Subject: Re: Civil Disobedience (RISKS-5.45) Organization: Mayfield Senior School, Pasadena, CA A computer system being used to flood a BBS with calls is *NOT* civil disobedience - it is an act of terrorism. Civil disobedience is an effort to *increase* dialog - to make people aware of a specific concern. It is typically undertaken at some risk to the participants (either physical, legal or both), as recent events have dramatically demonstrated. It is in the highest traditions of democracy and this nation's history. Flooding a BBS, on the other hand, is an act designed to inhibit dialog. It is meant to intimidate and debilitate other participants in the debate of public policy. Ultimately this is an act of cowardice and not worthy of being justified as "civil disobedience." Jim Jenal (aka ...!scgvaxd!mss!jpj) Mayfield Senior School ( " ...!ihnp4!mss!jpj) ------------------------------ From: "Lindsay F. Marshall" Subject: Destruction of confiscated computers To: risks@csl.sri.com Date: Wed, 21 Oct 87 15:14:20 BST Mike McLaughlin (RISKS 5.45) suggests that destruction of confiscated computers should have a significant deterrent effect and cites poachers in Virginia. He perhaps should look at the history of Moonshining in that area (or in any other area/country that you care to name). The destruction of the "tools of the trade" has NEVER deterred them - moonshiners are famous for coming out of court, straight into the hardware shop and buying the materials for new stills. I dont see why poachers should be any different nor hackers - let's face it probably doesnt cost that much to replace the sort of computers they are using (at least in the US anyway). I accept that SOME people MAY have strong emotional ties to particular pieces of equipment, but its destruction is more likely to make these people think of revenge than anything else. Let's face it Judges aren't famous for their knowledge of human psychology (OK neither are computer scientists....). What was it Reagan said about Social Science degrees and the jurisdiction?? Lindsay ------------------------------ From: "Lindsay F. Marshall" Subject: Weather Forecasts To: risks@csl.sri.com Date: Wed, 21 Oct 87 14:52:22 BST There have been a variety of stories about weather forecasting and the recent bad weather. The gist of these seems to be (sorry about hazy details...) :- 1) The system based on a Cyber (the Met office?) failed to predict the storm. 2) A system based on a Cray DID predict the storm. 3) Le Monde carried a correct forecast on WEDNESDAY! 4) The bad predictions have been attributed to a lack of upper air measurements, satellite data not being particularly useful in this case. 5) Old Moore's Almanac said that there would be storms in October. 6) It's God's revenge on the Thatcherite Yuppies........ Lindsay ------------------------------ From: Robert Stanley Subject: Anonymity and high-tech: indirection (Re: RISKS DIGEST 5.43) Date: 19 Oct 87 17:25:53 GMT Organization: Cognos Inc., Ottawa, Canada In risks 5.43 Nic McPhee introduced anonymity as the best protection: >From: mcphee@ratliff.cs.utexas.edu (Nic McPhee) > One of the greatest guarantees of privacy is anonymity. This hits right to the heart of the matter, and the question remains one of how to preserve anonymity in an age of increasingly sophisticated, tireless, and undistractable records searchers. The common property of all answers to this question is that it requires effort: anonymity is no longer available by default, but that does not mean that it is unavailable. There are three strong (high probability of success) approaches to achieving electronic anonymity: 1. Thoroughly understand the legal position and fight for your rights; 2. Use cut-offs that break the search chain; and, 3. Generate the crowd in which to hide. This forum has discussed legality quite extensively. There are plenty of mechanisms available for finding out and getting changed or deleted information that is held on file about you. You can also do a lot to ensure that there are as few direct pointers (common ID's like social security number) as possible. The drawback of this approach is that it attracts the attention of the beureaucracy, which may lead to more trouble than the protection is worth, and further lays you open to trojan horse attacks by people who obtain access (legal or otherwise) to government files which contain information on you. However, as an example, I was once extremely paranoid about having my private life analysed when automated mailing lists started to appear. I therefore kept a precise record of EVERY occasion when I released certain information in writing (I always refused to give details over the phone) and carefully inserted one variant as a key in each case. If a particular variant started appearing from another source it was 100% certain that the information had been propagated, and I would go directly (and angrily) back to the original recipient of the information and demand an explanation. This achieved the desired effect until proliferation led to corruption, and the trace keys became hard to devise with sufficient robustness to guarantee their survival across compressed address lines and so on. Of course, I may have become an entrant on a blacklist of some kind, but I don't think THEY were sufficiently organized. What I did find was that a letter to the wife of the president at home (amazing how easy that sort of info was to discover :-) ) with copies to the president plus the relevant department at work guaranteed attention. Firm contention that one understood how computer systems work, and discussion of operator liability usually resulted in speedy remedial action. But this takes hard work. At the other end of the scale, simple cut-offs to break chains work wonders. There is very definitely no direct link between roberts@cognos.uucp and, for instance, the residential address of Robert Stanley, private citizen. All my junk mail, including credit cards, subscriptions, and so on, goes via an address of convenience. (by the way, should you crack Cognos' personnel database, you will find a correspondence rather than a residential address, but a telephone number for a telephone that does ring at my home). A PO box is the simplest, and Canada Post at least limits the connection between a PO Box and an actual person to a single local post office ledger entry. The only positive link they require is a telephone number, which could be at work. Next best is to use a service agency, and you'd be surprised at how cheap and convenient they can be. In fact, your worst danger is from your real friends, who may have your personal information thoughtfully recorded among their own records. Most of us don't tend to keep these encrypted. Yes, the memory telephone is a lethal instrument, as is the last number redial facility. Finally, it is possible to create your own haystack, by making the information explosion work to your advantage. Get on every kind of list you can, at every opportunity. When faced with too much information, particularly contradictory information, systems and people alike usually decide to ignore the case in favour of an easier one. You can just see the evidence for the prosecution against a TV license non-payer including letters of application for game-show appearance, when in fact you are one of the 1% TV non-owners! Innocent until proven guilty does still apply. Robert Stanley, Cognos Incorporated, P.O. Box 9707, 3755 Riverside Drive, Ottawa, Ontario CANADA K1G 3Z4 Phone: (613) 738-1440 uucp: decvax!utzoo!dciem!nrcaer!cognos!roberts ------------------------------ Date: Tue, 20 Oct 87 09:01:05 PDT From: forags@violet.Berkeley.EDU To: risks@kl.sri.com Subject: Berkeley's computer security When Berkeley's computer center was occupied in the early 1970's, the only thing which saved us from major damage was ignorance. Damage (which was not severe as I recall) was concentrated on tape drives and other things with moving parts. One of the operators told me that if he had been sympathetic to the demonstrators, he would have directed them to the innocuous box which held the CDC 6400's mainframe. Al Stangenberger, Forestry, U.C. Berkeley ------------------------------ Date: Tue, 20 Oct 87 11:57:03 PDT From: redell@src.dec.com (David Redell) To: RISKS@csl.sri.com Subject: Berkeley's computer security A little more history of machine room physical security at Berkeley, as raised by Dorsey (RISKS-5.44) and Chapman (RISKS-5.45): "I don't know if that's a reaction to [the sit-in that] Scott mentioned, or not" At the time of the anti-war sit-ins, the computer center machine room was in the basement of the old math building, and had no physical security to speak of. Users would submit jobs by walking into the machine room and placing their card decks on a counter that was about six feet from the twin CDC 6400 mainframes. When the demonstrators tried to get in, physical security consisted of a burly operator trying to hold the door closed! Independent of any actual damage done during the demonstrations (very slight, as I recall), the computer center management virtually freaked out about their vulnerability. The machine room in the new math building was already more secure -- for example, card decks were submitted in a separate room and handed via a small pass-through into the machine room -- but they looked very hard for other risks. One wall of the new room had large observation windows of thick reinforced glass; they decided even that was too risky, so the hallway outside the windows was closed to the public. Access by computer center staff became much more controlled, and machine room tours were curtailed. Of course, by the time these and other measures were in place, the demonstrations were pretty much a thing of the past, but it's an interesting example of how a tough security policy often results from an earlier flimsy one plus a bit of scary experience. Dave Redell ------------------------------ Date: 20 Oct 1987 08:10-EDT From: Rick.Busdiecker@H.GP.CS.CMU.EDU To: Doug Landauer Cc: RISKS FORUM Subject: Computer Services as Property Date: Tue, 6 Oct 87 13:07:18 PDT From: landauer@Sun.COM (Doug Landauer) What *I* think many of us agree on (except R.M.Stallman, of course) is that information is a form of property and is entitled to *some* protection. I think that this is a somewhat inaccurate characterization for a couple of reasons. Firstly, RMS appears to be quite concerned that the informational property rights of others are not violated, although it could certainly be argued that hir motives are of the CYA variety. Secondly, e goes to great lengths to explicitly spell out the protection of GNU project software. If e didn't feel a need for any protection, the software could simply be placed in the public domain. Rick ------------------------------ Date: Tue, 20 Oct 87 16:28 EDT From: (Hugh Pritchard -- CUA Systems Programming) Subject: Information as property To: RISKS@SRI.COM > From: landauer@Sun.COM (Doug Landauer) > > From: "Arthur_Axelrod.WBST128"@Xerox.COM > > I think we all agree with the fundamental premise, i.e. that information > > is a form of property... > Absolutely *NOT*!!! I know of no one who thinks (e.g.) that their > house, their car, their wallet and their Unix files (or their IBM-PC > software) are entitled to *the same* protection. Information purveyors do. > The significant difference between information and "real" property is > that if you steal real property, your victim is denied access to that > property; whereas if you "steal" information, your victim still has hir > copy of it, and may not even notice the "theft". Information certainly does have value. And that value is altered when the information is spread around, whether the originator retains a copy or not. Ask any spy. And what makes 'sharing' information more defensible than stealing it? Want to share your lover/spouse with me? BTW, I think the legal term 'real property' refers specifically to land and improvements thereto, like houses. All other forms of property are personal property. > What our linguistic, ethical and legal systems have not yet come to > cope with is just what sort of protection information is entitled to, > and what sort is feasible. How long have copyright, trademark, and patent laws been in existance? I'm not claiming that these laws remain the most appropriate means of redress, but only that the concept of protecting information and other 'copyable' property is hardly new. Hugh Pritchard, Systems Programming, The Catholic University of America, Computer Center, Washington, DC 20064 USA, (202) 635-5373 Disclaimer: My views aren't necessarily those of the Pope. ------------------------------ End of RISKS-FORUM Digest ************************