Subject: RISKS DIGEST 10.22 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Wednesday 22 August 1990 Volume 10 : Issue 22 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Re: NYC Parking Violations Computer ... "Rogue" (Christopher Jewell) Debt collector proposes "total knowlege" credit database (PH) More on Computerized Monitoring of "House Arrest" Detainees (Li Gong) Thailand computer system (Simson L. Garfinkel) A backup that worked (Steve Bellovin) NCSC to be shut down (Dave Curry) How to Lie with Statistics (N H. Cole) Something good about Automatic Bank Tellers (Pete Mellor) 13th National Computer Security Conference, October 1-4, 1990, Washington DC (Jack Holleran) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]GET RISKS-i.j ; j is TWO digits. Vol summaries in risks-i.00 (j=0); "dir risks-*.*" gives directory listing of back issues. ALL CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. ---------------------------------------------------------------------- Date: Wed, 15 Aug 90 16:09:21 PDT From: chrisj@netcom.UUCP (Christopher Jewell) Subject: Re: NYC Parking Violations Computer ... "Rogue" (Davis, RISKS-10.20) 1. I'm glad that the New York Times headline put quotes around `Rogue Computer': it's surely a matter of lousy software design or persistent operational errors, rather than some real-life HAL from the movie _2001_, and the Times seems to know that. (I _hope_ that the readers caught the implication.) 2. The Times quotes PVB spokescritter Stephanie Pinto, as saying that if you divide 42,000 (errors) by 12 million (tickets) you get 0.003, (0.0035 actually) and asking ``Is three-tenths of one percent reckless?''. If my bank posted 3 out of every thousand transactions to the wrong account, I'd certainly take my money elsewhere. You'd better believe that the bank's CEO would transfer the operations VP to the mailroom in short order, too. 3. Stein's rhetoric (``... rogue computer ... terrorizing ...'') is overblown headline-grabbing, but the problem is real, and both bringing in an outside auditor and installing safeguards sound like good, albeit sadly overdue, ideas. American Management Systems of Arlington, VA was hired in 1984 to design the new system. A document written by the bureau's computer managers in 1985 outlined ``critical structural deficiencies'' and warned of ``profound and far-reaching implications.'' 4. The contractor was not competent to do the job. They have delivered trash in return for their $11 million so far. (That is for developing the software *and* running the system for the PVB.) Would a grep of the RISKS archives find other stories about lousy work by American Management Systems? That name rings a bell. [No bell prizes that I could find since Vol 7. PGN] 5. If PVB management permitted the contractor to implement the design after their own computer folks pointed out serious deficiencies, it's hard to avoid a choice between the hypotheses of stupidity and bribery. If, on the other hand, the contractor was required to correct the errors in the design, then the same choice of hypotheses applies to those responsible for monitoring contract compliance. 6. Once the system had been implemented, it is possible that management decided to install the system, not due to either stupidity or corruption, but rather on the basis that 42,000 errors/year is better than 85,000. Note that #6 does not contradict #5: the ``lesser evil'' hypothesis may apply to the decision to install the new piece of @#$%, but it cannot excuse a decision to permit the contractor to implement a known bad design in the first place. 7. Speaking now as a former New Yorker, the PVB has been one of the more obvious centers of corruption in that corrupt city gov't for decades. This is not `whisper behind the hand' stuff: during the Koch administration, a county leader of the Democratic Party committed suicide when his part in PVB corruption came to light in an investigation that was making headlines even without the suicide. If #5 turns out to be a matter of corruption, rather than mere stupidity, few New Yorkers will be surprised. On the other hand, stupidity about computing is *also* a tradition in the NYC gov't: the NYC Human Resources Administration used to pay tens of thousands of employees with a payroll system written in OS/360 Fortran, using type REAL*8 for money, and wonder why the pennies never seemed to balance. :-( (No, they were not smart enough to avoid fractional parts by storing amounts in pennies rather than dollars.) Chris (Christopher T. Jewell) chrisj@netcom.uucp apple!netcom!chrisj ------------------------------ Date: Tue, 21 Aug 90 11:56:59 EST From: ph@wyvern.cs.uow.edu.au (Rev Phil Skinque, DD (Ret.)) Subject: Debt collector proposes "total knowlege" credit database >From the Sydney [Australia] Morning Herald, August 20th, 1990 "Sorry, you can't afford it" CANBERRA: Debt collectors believe that in the not too distant future there will be "total knowledge" about all individuals and envisage the Government allowing financiers to build enormous data banks which would include confidential tax file number information. In fact, they believe banks and other lenders will have so much information that debt collectors will be made redundant. The Orwellian vision is contained in an article "Back to the Future for Commercial Agents", published in the Institute of Mercantile Agents' journal, The Mercantile Agent. Its author, Mr Norman Owens, a former president of the institute and owner of a debt-collecting agency, told the Herald that governments would one day see it as "desirable" to link together and make public all the enormous data bases containing highly sensitive personal information. "Tomorrow's credit grantor will be extending credit in a perfect market with total knowledge of the debtor," Mr Owens asserted. "The credit grantor in the future will have access to all the debtor information. This will be made available through linked data bases in the manner of George Orwell's 1984. " Credit cards will be of the "smart card" variety which will be "genetically engineered implants" that capture all transactions from cradle to grave. (In fact, Westpac [a major Australian bank] is working on a smart card which has a small computer chip that records all transactions and makes credit cards more secure.) Credit files, like those held by the Credit Reference Association, will be linked to the Government's tax file number data base. "Some time in the future," he told the Herald, "mercantile agents won't exist. This is because there would be total knowledge about every individual including assets, income, credit history, and any future liabilities. The debt collector exists to catch those debtors that escape the creditor's receivable system. For most part the holes in that system will disappear in a business society armed with perfect knowledge about all transactions," he said. Mr Owens conceded that this may sound like science fiction, but insisted that it was "science possible". He acknowledged that the community was horrified by such Orwellian plans and said the Government was adamantly opposed to it, but he was confident that one day people and governments would realise that such measures were of benefit to society. [The thing I personally found most frightening about Norman Owens' comments - aside from the total lack of concern about possible risks - was his choice of words. Words like "perfect market", "total knowlege", "genetically engineered implants", and - of course - "benefit to society". I also must add that the basis for his Orwellian vision is the inclusion of tax file number information currently retained by the federal government. Under current laws, this information is confidential, so his proposed scheme would be illegal. -- PH] ------------------------------ Date: Thu, 16 Aug 90 17:22:38 EDT From: li@diomedes.UUCP (Li Gong) Subject: More on Computerized Monitoring of "House Arrest" Detainees Monitoring "house arrest" detainees is equivalent to a common issue in computer security. It is known as user authentication -- determinating that a particular person is at a particular location at a particular time. Reading the research literature on the subject of user authentication shows that the current solutions depend on co-operation of a typical user. For example, he won't reveal passwords to others, and won't comprise physical security in case he uses auxiliary devices such as smart cards or credit cards. And maybe more important, he stands to lose something if someone else can successfully masquerade as him. In the case of detainees, none of these assumptions holds. Plus the easy and wide availability of such devices as master remote control unit, which can learn signals generated by other devices of a similar type, it seems that no cheap (and thus practical) solution is in sight, unless one can assume that no one would attempt to grasp the potential forgery market. Li GONG, Odyssey Research Associates, Inc. ------------------------------ Date: Fri, 17 Aug 90 10:18:23 EDT From: simsong@next.cambridge.ma.us (Simson L. Garfinkel) Subject: Thailand computer system (From July 1990 Privacy Journal, Vol. XVI, No 9, Page 1) TRUE COLORS Thailand -- a constitutional monarchy with a parliament largely dominated by the military -- has taken the Orwellian step that most Western democracies have been afraid to take. The Thai government this month inaugurated a centralized database system to track and to cross-reference vital information on each of its 55 million citizens. The system includes a Population Identification Number (PIN) with a required computer-readable ID card with photo, thumbprint, and imbedded personal data. The system will store date of birth, ancestral history, and family make-up and was designed to track voting patterns, domestic and foreign travel, and social welfare. Eventually 12,000 users, including law enforcement, will have access by network terminals. It is the largest governmental relational database system in the world. In the private sector, only the Church of Jesus Christ of Later-Day Saints, the Mormon Church, has a larger one. "The people feel that the system will protect them," says the director of the Central Population Database Center in Bangkok. *What is more curious than the ambitious system itself is the fact that the federally-sponsored Smithsonian Institute chose -- on behalf of all Americans -- to honor the Thais for their efforts*. The second annual Computerworld Smithsonian Award for innovative information technology in the governmental sector went last month to the Thailand Ministry of Interior for its oppressive system for keeping tabs on its citizens. Something to ponder: Two of the three judges making the award have major computer responsibility in the U.S. government. [The Privacy Journal, an independent monthly on privacy in a computer age, is a wonderful source for this stuff. Individual subscriptions are $35/year; Privacy Journal, P.O. Box 28577, Providence RI, 02908.] ------------------------------ Date: Fri, 17 Aug 90 09:34:50 EDT From: smb@ulysses.att.com Subject: A backup that worked Amidst all our stories of systems that have screwed up, it's worth noting one that did work as planned. The New York Federal Reserve bank's Fedwire EFT system was in the area blacked out by the New York power outage. Its backup diesel generators kept things running for several days. When one showed signs of faltering, they moved operations to a backup site outside of the city. That backup site had been established 3 years ago for exactly such contingencies. --Steve Bellovin ------------------------------ Date: Sun, 19 Aug 90 12:13:42 -0700 From: davy@itstd.sri.com Subject: NCSC to be shut down By John Markoff, New York Times Reprinted in the San Jose Mercury News, 8/19/90 [Starkly excerpted by PGN.] COMPUTER SECURITY CAMPAIGN SHUT DOWN Reagan-era drive targeted espionage President Bush has ordered a quiet dismantling of an agressive effort to restrict sources of computerized information, including data bases, collections of commercial satellite photographs and information compiled by university researchers. [...] Agency being disbanded This month the security agency began disbanding its National Computer Security Center, moving most of its 300 employees into new jobs in the more secret communications security section inside the agency. [...] [Most of the functions of NCSC are intended to remain, however. PGN] ------------------------------ Date: Mon, 20 Aug 90 13:28:24 BST From: "N H. Cole" Subject: How to Lie with Statistics [once again] With regard to the unreliability of statistics, the only solution is to make Darrell Huff`s book "How to lie with statistics" a compulsory text at all schools. It is, I believe, the source of the quote "97.43% of all statistics are made up." Nigel Cole ------------------------------ Date: Tue, 21 Aug 90 11:03:20 PDT From: Pete Mellor Subject: Something good about Automatic Bank Tellers Despite the danger of severe shock to RISKS readers who see this, I thought that someone should give due credit to the designers of a particular ABT which is run by the National Westminster Bank, and an example of which is installed at City University. Last week I drew some money on my way to lunch. As usual, I requested a receipt. When my service card popped out, I put it back in my wallet, but (being a bit more preoccupied than usual) walked away without collecting the money or the receipt. I realised my mistake one minute later when I reached into my pocket to pay for a beer, and sprinted back to the machine, only to find the receipt dangling out of the slot, but no cash. I had no option but to draw some more money and make the best of it. I was puzzled that there had been nobody around at the time who would have been likely to have seen my mistake, and made off with the cash, so I rang the bank. They explained that this type of till, in which the money comes out through rollers, gobbles the money back if it is not pulled out of the rollers within ten seconds. Sure enough, when they 'agreed' the till the next day, they found it in credit by the amount I had forgotten, and a record of a 'customer time-out'. So they promptly credited my account with that amount. Now, *that's* what I call user-friendly! :-) Peter Mellor, Centre for Software Reliability, City University, Northampton Square, London EC1V 0HB ------------------------------ Date: Thu, 16 Aug 90 23:58 EDT From: Jack Holleran Subject: 13th National Computer Security Conference, October 1-4, 1990 [Jack sent me the entire registration packet for the conference on-line. It is much longer than just about any previous RISKS issue, so I have highlighted the program here. This is generally the definitive get-together for security developers and practitioners. For those of you wishing the packet, please send him mail or FTP it from CRVAX.SRI.COM in the usual directory as RISKS-10.NCS90 . Registrations before 1 Sept 90 save $25; otherwise $250. PGN] Omni Shoreham Hotel, 2500 Calvert Street, NW, Washington, DC 20008 (100 yards from Woodley Park Metro Station) SPECIAL EVENTS: October 2, 1990 Opening Plenary Session 0900 Welcoming Remarks Keynote Address, Robert G. Torricelli, U.S. Representative (D - NJ) 1830 Conference Reception Smithsonian American History Museum October 3, 1990 1800 Conference Banquet (Omni Shoreham Regency Ballroom) Speaker: Ms. Michelle K. VanCleave Assistant Director for National Security Affairs Office of Science and Technology Policy Executive Office of the President October 4, 1990 1100 Closing Plenary Session Panel: Towards Harmonized International Security Criteria 1225 Closing Remarks TRACK A - Research & Development MONDAY, OCTOBER 1 1600 Panel: Commercial Development & Evaluation of Trusted Systems: An Open Discussion -- Our Success to Date TUESDAY, OCTOBER 2 Verification 1030 PAPERS Covert Storage Channel Analysis: A Worked Example Verification of the C/30 Microcode Using the State Delta Verification System UNIX System V with B2 Security 1400 PANEL: Access Control: Time for A Retrospective Electronic Authentication & Biometrics 1600 PAPERS Key Management Systems Combining X9.17 and Public Key Techniques Electronic Document Authorization The Place of Biometrics in a User Authentication Taxonomy Non-Forgeable Personal Identification System Using Cryptography and Biometrics WEDNESDAY, OCTOBER 3 Intelligent Tools I: Auditing 0900 PAPERS An Audit Trail Reduction Paradigm Based on Trusted Processes The Computerwatch Data Reduction Tool Analysis of Audit and Protocol Data Using Methods from AI Intelligent Tools II: Intrusion Detection 1100 PAPERS A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks A Neural Network Approach Towards Intrusion Detection PANEL: Data Categorization and Labeling 1600 Panel: R&D Activities THURSDAY, OCTOBER 4 Modeling 0900 PAPERS A Generalized Framework for Access Control: An Informal Description Automated Extensibility in THETA Controlling Security Overrides Lattices, Policies, and Implementations TRACK B - Systems MONDAY, OCTOBER 1 0900 PAPER NIST/NSA Services & Publications 1400 PANEL: Computer Security Standards Embedded Systems 1600 PAPERS The Role of "System Build" in Trusted Embedded Systems Combining Security, Embedded Systems and Ada Puts the Emphasis on the RTE TUESDAY, OCTOBER 2 1030 PANEL: Disclosure Protection of Sensitive Information Network Security I 1400 PAPERS Considerations for VSLAN(TM) Integrators and DAAs Introduction to the Gemini Trusted Network Processor An Overview of the USAFE Guard System Network Security II 1600 PAPERS Mutual Suspicion for Network Security A Security Policy for Trusted Client-Server Distributed Networks Network Security and the Graphical Representation Model WEDNESDAY, OCTOBER 3 System Test & Integration 0900 PAPERS Testing a Secure Operating System An Assertion-Mapping Approach to Software Test Design Security Testing: The Albatross of Secure System Integration? Network Standards 1100 PAPERS Low Cost Outboard Cryptographic Support for SILS and SP4 Layer 2 Security Services for Local Area Networks Operating Systems 1400 PAPERS Trusted MINIX: A Worked Example Security for Real-Time Systems Trusted XENIX(TM) Interpretation: Phase I 1600 PANEL: Vendors' Activities THURSDAY, OCTOBER 4 Viruses 0900 PAPERS PACL's: An Access Control List Approach to Anti-Viral Security Static Analysis Virus Detection Tools for UNIX Systems The Virus Intervention and Control Experiment Classification of Computer Anomalies TRACK C-I - Management & Administration MONDAY, OCTOBER 1 Contingency Planning & Disaster Recovery (Part I) 0900 PAPER Disaster Recovery / Contingency Planning 1100 PANEL: Professional Development Contingency Planning & Disaster Recovery (Part II) 1400 PAPER Disaster Recovery from $138 Million Fire 1600 PANEL: Plans and Assistance TUESDAY, OCTOBER 2 Criteria: National & International 1030 PAPERS Harmonised Criteria for the Security Evaluation of IT Systems and Products The VME High Security Option Rainbows and Arrows: How the Security Criteria Address Computer Misuse Civil and Military Application of Trusted Systems Criteria 1400 PANEL: Implementation of the Computer Security Act of 1987 Approaches to Trust 1600 PAPERS The CSO's Role in Computer Security Implementation and Usage of Mandatory Access Controls in an Operational Environment Building Trust into a Multilevel File System WEDNESDAY, OCTOBER 3 Risk Management 0900 PANEL: Risk Management 1000 PAPERS LAVA/CIS Version 2.0: A Software System for Vulnerability and Risk Assessment WORKFLOW: A Methodology for Performing a Qualitative Risk Assessment Critical Risk Certification Methodology Acquisition 1400 PAPERS Factors Effecting the Availability of Security Measures in Data Processing Components Integrating Computer Security and Software Safety in the Life Cycle of Air Force Systems 1500 PANEL: Acquisition Discussion Integrity 1600 PAPERS Integrity Mechanisms in Database Management Systems A Taxonomy of Integrity Models, Implementations and Mechanisms THURSDAY, OCTOBER 4 0900 PANEL: National Computer Security Policy TRACK C-II - Management & Administration MONDAY, OCTOBER 1 DATABASE MANAGEMENT 0900 TUTORIAL: Database Management Systems and Secure Database Management Systems 1100 PANEL: A Year of Progress in Trusted Database Systems 1400 PANEL: Trusted Database Systems: The Tough Issues 1600 PANEL: Multilevel Object Oriented Database Systems TUESDAY, OCTOBER 2 C2 Microcomputer Security 1030 PAPERS C2 Security and Microcomputers Functional Implementation of C2 by 92 for Microcomputers 1400 PANEL: Electronic Certification: Has Its Time Come? 1600 PANEL: Defense Message System (DMS) Security WEDNESDAY, OCTOBER 3 0900 PANEL: IEEE Computer Society Limited Access to Knowledge and Information 1100 PANEL: Computer Emergency Response Team: Lessons Learned Ethics 1400 PAPERS Discerning an Ethos for the INFOSEC Community: What Ought We Do? VIRUS ETHICS: Concerns and Resonsibilities of Individuals and Institutions Concerning Hackers Who Break into Computer Systems 1600 PANEL: National Institute of Standards and Technology Activities THURSDAY, OCTOBER 4 0900 PANEL: Hackers: "Who are They?" Track D - The Computer Security Tutorial Track MONDAY, October 1 0900 PAPERS Automated Information Security: Overview of the Tutorial Security Overview and Threat Information Security Life Cycle Management Requirements Risk Management TUESDAY, October 2, 1990 1030 PAPERS Data Security Physical, Personnel and Administrative Security Office Automation Security WEDNESDAY, October 3, 1990 0900 PAPERS Telecommunications Security Software Controls Trusted Systems Concepts Trusted Network Concepts THURSDAY, October 4, 1990 0900 Tutorial Panel Also a collection of Educator Sessions: Tuesday, October 2, 1990 1400 Should Computer Security Awareness Replace Training? A Reassessment of Computer Security Training Needs 1600 Components of an Effective Training Program Information Security: The Development of Training Modules Determining Your Training Needs Panel: Lauresa Stillwell, Adele Suchinsky, Corey Schou, Roger Quane Wednesday, October 3, 1990 0900 Training Vehicles: Cost Versus Effectiveness Computer Based Training: The Right Choice? 1100 Training on a Shoe-String Budget Awareness and Training in a World of Reduced Resources ------------------------------ End of RISKS-FORUM Digest 10.22 ************************