Subject: RISKS DIGEST 11.46 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 15 April 1991 Volume 11 : Issue 46 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Credit card number theft at major Toronto BBS (SYSOP Vic via Russ Herman) Junk FTP hits internet (Larry Hunter) Status of S. 266 (Bill Murray, W. K. Gorman) Congress and Encryption (Roy M. Silvernail, Bill Murray, Robert I. Eachus) Risks of Silly Legislation (Joseph Pallas) Re: Sense of Congress (Edward N. Kittlitz) ACM/SIGSAC Student Paper Contest in Computer Security (Harold Joseph Highland) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 11, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. FTPs may differ; e.g., UNIX prompts for username and password. If you cannot access "CRVAX.SRI.COM", try Internet address "128.18.10.1". ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri Apr 12 22:18:38 1991 From: rwh@ontmoh.UUCP Subject: Credit card number theft at major Toronto BBS I received the following below when I logged on to ROSE Media BBS, Toronto's (and probably Canada's) largest public access bulletin board system. I'll relay further developments if there's any interest on the part of RISKS. Russ Herman =========================================================================== Date: 04-11-91 (19:40) Number: 48911 of 49624 To: RUSSELL HERMAN Refer#: NONE From: SYSOP Read: NO Subj: Your Mastercard Status: RECEIVER ONLY Conf: MAIN BOARD (0) Read Type: GENERAL Russell, Last night, a Sysop in the Toronto area uploaded a file to us which was a listing of the portion of the Users file that was downloaded from Rose Media during the security breach that occurred on or about February 9th last. This list did contain credit card numbers of 420 Visas, 150 Mastercards and 4 American Express cards. Unfortunately, your card was one of those that got out. The breach was an accident that apparently was caused by failure in one of the third party programs we use to run Rose Media. We sincerely regret that this has happened, and have rearranged our files in such a way, that it will never happen again. There is another message posted to you which will give you more details on how the breach occurred, what we did at that time, what we are doing now and in the future to protect you and Rose Media. We wish to assure you, that in no way are you obligated to pay for any fraudulent charges on your card. Please check you card statements very carefully to make sure that everything is valid. It would also be advisable to call your credit card Company and have them issue you with a new card. We will be supplying a list of all card numbers acquired during the breach to the security divisions of the various card granting Companies affected. The names and numbers of all security officers in these Companies was given to us today in a meeting with the Metropolitan Toronto Police Fraud Squad, who will be actively pursuing the case. Charges will be laid against all those apprehended. Thank you for your patience and understanding in this matter. We have done, and will continue to do everything we can to apprehend and bring to justice all those that have used the information obtained during the breach, no matter how this information was used. If you do find a fraudulent charge, please advise your credit card Company, as well as David Hodgson of the Metropolitan Toronto Police Fraud Squad at 324-6136. If you have any information whatsoever that you think might help to catch and prosecute the offenders, please let us know by a private message to the Sysop. We will be working very closely on this matter with the police. Best regards ...... Vic. ------------------------------ Date: Tue, 9 Apr 91 13:05:31 EDT From: hunter@nlm.nih.gov (Larry Hunter) Subject: Junk FTP hits internet I suppose it was bound to happen. First junk mail, then junk fax, now junk ftp. Someone has apparently been using anonymous ftp to write two files to internet hosts. These files contain advertising for a consumer credit insurance service (which sounds suspect in itself) and offers bounties for putting up advertising fliers and sending in unspecified information about local banks. The only identification offered in the files is a name (P.L. Miller) and a post office box in Auburn, Alabama. The two files were written to our local machine at 2:16 am on April 8, and were called CREDIT_CARD_INDEMNIFICATION and MONEY_FOR_BANKS. Randomly picking a distant internet host, I found two very similar (not identical) files on cs.yale.edu, created at 12:51pm on March 31. Looking around elsewhere, it appears that the files were only writen to hosts that allow the world to create files in the "login" directory for anonymous ftp; there were no files on hosts where there was a writable subdirectory but the top level was write protected, implying that the junk ftp was delivered via some automated process. The risk here is a variation on the "tragedy of commons," i.e. a free resource provides incentive to overuse it, which degrades its value to the community. Being able to upload files anonymously is valuable, but the ability to do so will be curtailed if we are innundated with junk. Unfortunately, there is no way to screen out the junk without also losing the ability to get valuable but unsolicited uploads. Larry Lawrence Hunter, PhD., National Library of Medicine, Bldg. 38A, MS-54 Bethesda. MD 20894 (301) 496-9300 hunter%nlm.nih.gov@nihcu (bitnet/earn) ------------------------------ Date: Sun, 14 Apr 91 14:43 EDT From: WHMurray@DOCKMASTER.NCSC.MIL Subject: Status of S. 266 S. 266 has been referred to the Senate Judiciary Committee chaired by its author, Mr Biden of Maryland, and to the Senate Environment and Public Works Committee. No action has been taken on the bill. No hearings are scheduled. ------------------------------ Date: Mon, 15 Apr 91 10:49:43 EDT From: 34AEJ7D@CMUVM.BITNET Subject: Re: S 266 The potential for abuse here is mind-boggling. The common custom and practice in America has, for 200 years, been that the government has NO automatic right of access to private papers, documents, transmissions, data, etc., sithout clear due process. By creating a clear-text copy of a cryptographic transmission, or the immediate means to do so, this idea would short-circuit that due process into an Orwellian parody of prove-we-should-not-have-your-data. And who is going to pay for the additional archiving that could be required under such legislation? I know of at least one prominent American who has openly expressed a global distrust for the government's attitude toward personal privacy. Further, he has gone to such lengths to preserve his own personal privacy as to encrypt a large portion of his personal correspondence, using a number of different ciphers depending upon the intended recipient. This same gentleman has expressed the opinion that documents entrusted to the mails are not secure and should be encrypted. You know him. His name is Thomas Jefferson. This S 266 business is a very old wolf, dressed up in a few new clothes. The government has been trying to spy on its citizens since it was *created by those citizens.* W. K. Gorman ------------------------------ Date: Sun, 14 Apr 91 02:47:21 CDT From: roy@cybrspc.UUCP (Roy M. Silvernail) Subject: Congress and Encryption (Murray, RISKS-11.43) In V11, Issue 43, Bill Murray passes on an extract from Senate Bill 266: > It is the sense of Congress that providers of electronic communications > services and manufacturers of electronic communications service equipment > shall ensure that communications systems permit the government to obtain > the plain text contents of voice, data, and other communications when > appropriately authorized by law. While Mr. Murray comments on the impact to cryptographic equipment manufacturers, I wonder about the RISKS to common-carriers and, for that matter, entities such as Usenet and local BBS's. A "provider of electronic communications services" such as CompuServe would, under this provision, have to forbid the movement of encrypted text over its facilities. Let's say I choose to encrypt my E-mail before sending it, and further hypothesize that the FBI had some interest in what I say in E-mail. Would CompuServe now be required to monitor my E-mail? Would they forbid the encrypted transmissions, or simply demand the key and program to decrypt them? Considering Usenet is even cloudier. With the distributed nature of the Net, literally thousands of admins would be held responsible for accessing cleartext translations of encrypted transmissions passing through their systems. This places all of us in the ethically untenable (and physically impossible) position of having to monitor all the traffic passing through our systems. What of common carriers under this act? They have been traditionally held not to be accountable for the actions of their users. Will the telephone companies now be forced to monitor all its lines, cutting off the first sign of a scrambled transmission? I see this as another step in the same style of repression that gave us Operation Sun Devil. It's apparant that our leaders fear the Information Age and the power that it places in the hands of the people. Making the ability to privately communicate an exclusive privelege of the ruling class is nothing short of terrifying. Roy M. Silvernail roy%cybrspc@cs.umn.edu cybrspc!roy@cs.umn.edu ------------------------------ Date: Sun, 14 Apr 91 11:45 EDT From: WHMurray@DOCKMASTER.NCSC.MIL Subject: S. 266 >In fact, this claim (re: trap doors) is false. A system with the properties desired was proposed several years ago as a replacement for DES..... Well, I think that is a little strong. I will not be so strong in my characterization of Mr. Leichter's posting. I will only say that: 1) while the mechanism to which Mr. Leichter refers may have the properties which the sponsors of the bill desire, it certainly does not remedy my objections to S. 266, 2) that I take the authors at their word and that word requires a trap door, 3) perhaps Mr. Leichter has a greater trust in authority than I do, and 4) perhaps he missed the point of my objection. First, I am well familiar with the mechanism to which he refers. Rather than refute my claim, he proves it. Unfortunately for me, he chose the one proposal that I am least happy having to discuss in a public forum. Please do not get so bogged down in the elegance of the mechanism that he endorses that you fail to recognize it for what it is. It is a trap door. "In this system, the government supplies the cryptographic "boxes" as sealed units; details of their operation is not made public. Keys are also provided only by the government." That is a TRAP DOOR in any system into which it is incorporated. Even if it is never used or exploited it reduces confidence in the system. Now, make no mistake about it, dear reader; the proposal which Mr. Leichter so well represents did not originate with the U. S. Postal Service or Her Majesty's PTT. It did not originate with those whose job it is to deliver the mail while preserving its confidentiality. It originated with the world's largest intelligence gathering agency, whose name ne'er escapes my lips. It originated with those whose job it is to read other people's mail. Dear reader, this proposal originated with the fox; it did not originate with the farmer and it certainly did not originate with the chickens. The fox is a fox to his toes; he is all fox. He is not sometimes a fox and sometimes a farmer. Those of you who are familiar with the world's largest intelligence gathering agency, whose name ne'er escapes my lips, know that reading other people's mail dominates the essence of the institution. The ability to read other people's mail dominates every thing they do, every decision they make, every proposal they offer. They will read other people's mail, and when they do not, they will still preserve their ability to do so. Who can have confidence in any encryption mechanism that comes from and whose keys are supplied by the world's largest intelligence gathering agency? I quote Courtney (if I could not quote Courtney, I would be more often silent), who said at the time this proposal was first floated, "While I trust the minions of the world's largest intelligence gathering agency, (whose name ne'er escapes my lips) to abstain from treason, I do not trust them to abstain from fraud." The last thing I might expect of them is that they would abstain from reading other people's mail. Indeed, this proposal is a "trap door." It is a hoax. It is precisely the kind of mechanism that I fear in response to the law. It is a mechanism that puts too much power in the hands of the government. I do not have any direct evidence that the proposal to which Mr. Leichter refers and S. 266 have any common origins; no reasonable person would expect that I could have. Nonetheless, I will go to my grave suspicious that they do. Orwell understood that bureaucracy need not have malicious motives in order to be malevolent; it only has to do what bureaucrats do. I respect the fox; I have many friends who are foxes. Nonetheless, I expect them to behave like foxes and I behave accordingly. William Hugh Murray, Executive Consultant, Information System Security 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 203 966 4769 ------------------------------ Date: Mon, 15 Apr 91 19:51:23 EDT From: eachus@d74sun.mitre.org (Robert I. Eachus) Subject: Re: U.S. Senate 266, Section 2201 (cryptographics) (Greene) Gary Greene says: The problem I see in the above is what does the government do when there is grounds for "reasonable" search or seizure. [...] The guarantees in the Bill of Rights never said nor have the courts ever upheald, to my knowledge at least, any assertion that the government had no right of search or seizure, nor have the courts ever upheld that the people as a whole or individualy had a blanket right to communications which the the government could not access during proper and reasonable process. [...] I could not disagree more. The words "`reasonable' search or seizure" should tell you that there are many types of search or seizure which are totally immune to a bench warrent. For example, Constitution is quite explicit in the way it says that communications between TWO individuals cannot be evidence of treason. Also most conspiracy laws require "three or more persons" for their to be a conspiracy. Under many circumstances, a discussion with a lawyer cannot be revealed, even voluntarily, by the lawyer. And finally, the many laws (and the common law provision) that a man cannot be compelled to testify against his wife, and vice versa. (P.S. In what follows, you might want to keep in mind that I am not a lawyer, although there are several in my family. I have spent a lot of time studying constitution law, both as a hobby, and as a part of family history.) Now let's sit down to an actual case: You and I agree on a key, and we send several messages back and forth using, say, DES. A police officer comes into your office with a search warrent allowing him to seize all messages to and from Robert Eachus, and all keys pertaining thereto. Then the fun begins. You don't have a written copy of the key, so it can't be seized, so after heavy badgering, you agree to testify under a grant of immunity. The cops now say, okay what is the key? You say, tough luck Jack! You can force me to testify as to the contents of the messages (providing a basis has been established, etc.) but there is no power in the law to force me to translate the messages for you... Okay, so you want to be that way, do you...and they start setting a basis for asking you about the conversation in which I told you the key... However we agreed to a procedure which established the key from two words, one from each of us. (Assume for the moment we did it "right," and half the seed is worse than useless.) Now, can you be forced to testify about your chosen word? I don't see how. It is either self incrimination, the most serious violation of privacy possible, entrapment, or since YOU have immunity concerning any criminal actions of yours discussed in the encrypted messages, they cannot be shown to involve a crime. (The distinction between messages which describe a crime {useless} and those which are part of a crime is very important.) So I am safe from the thought police unless you are stupid and vice-versa. A similar, but as you realize, different in nature situation, is if I have a warrent which allows me to seize a safe (and its contents) in your house. In theory, the combination is safe from seizure, in practice the police will use brute force to open the safe if you don't provide the combination. In theory, a judge could order you to open the safe. In practice, I don't think any such evidence could be used. (So a safe which destroyed its contents upon "unauthorized" opening could protect you, legally, but I don't think I'd want a bomb around which could accidentally blow my head off. I have thought and thought about a "safe" law allowing some such seizures and, in this country, there is no such thing. The rule is, should be, and has to remain, that unless someone who saw me type that message is willing to testify, IN OPEN COURT, that that is in fact the message I sent, such correspondence is no evidence of anything and should neither be admissable or subject to seizures. Stolen software is another situation, including stolen data... Seizure is possible and theoretically useful , but I would hate to be arguing chain of evidence in front of the Supreme Court to show that: 1) The software was "in the possesion of the defendant." -- Relatively easy, but chain of evidence may be very hard to prove, if procedures are sloppy. 2) The defendant knew he had it, and knowingly received to stolen merchandise. -- If you haven't got the guy who gave it or sold it the defendant to testify, lots of luck. Circumstantial evidence? Boasting to friends? Sold it to others? Aaah. Such things as the defendant putting his name in it, or handwriting on a floppy disk, might do the job. (According to what we just saw, some people are THAT dumb. In my opinion stealing software is always dumb, but there are degrees of dumbness.) I have been thinking about a constitutional amendment to fix forever some of these problems. When I've gotten the wording worked out I'll post it, but basically it tries to establish "beyond the reach of the law" three things: * Personal papers, disks, RAM, etc., which are notes to oneself. The distinction between in your head and on paper is getting less and less clear... * "Private correspondence" whether electronic, on paper, or in person, without the permission of one of the parties to the correspondence. The wording, and the intent could be that telephone conversations, unless encrypted are public, but I am not sure that that is a valid distinction. Certainly, I would like to see lots of evidence that legal wiretaps, entered in evidence, had resulted in convictions. They certainly have resulted in lots of legal mischief. A much better rule here might be that a use of a legal wiretap could not contaminate evidence it led to, but it could only be presented in court as part of a chain of evidence. The idea here is that even if I were to write you a letter explaining, in gory detail, how I dismembered your mother-in-law. There is no legal path to that evidence without your co-operation or mine. (Posting it on a bulletin board, electronic or otherwise, is of course such co-operation, even if unintentional. Again, proper definition of private is the trick. The circumstances under which E-mail must be considered to be private will need to be established by legislation and case law, but certainly the enciphered messages above are beyond search and seizure. Notice that this type legal presumption already exists for some types of communications. * Finally, there is a class of tools and records which should be incapable of seizure even when search is permitted. Can a man get a fair trial if deprived of his hearing aid? If he is only allowed to use it in the courtroom? What use are eyes, if notes useful in my defense are encoded magnetically? Translation: Even if you are allowed to search my "memory aids," to deprive me of their use denies me a fair trial. Period. A court would not dream of making records available to the prosecution which are unavailable to the defense. (Well maybe some judges dream about it, but they know they had better not.) What I want to do here is to say that a paper listing of a database is not the same thing at all, and that part of my entitlement to council could be a net connection (and my personal computer). If the prison doesn't provide an Internet connection, it's bail or walk away free. This may seem extreme, but it is on the verge of becomming a necessity. To deprive a junky of illegal drugs is not considered "cruel and unusual punishment" but to deprive a diabetic of insulin certainly would be. At what point does depriving a net junky of net access fall into the second class? And hadn't we better wait until after the trial to impose such a punishment if legal? Especially since, I can imagine many situations in which relatively access to the net would be the difference between conviction and freedom. Hypothetical example: I was home "alone" when the murder was committed, participating in an electronic meeting. I may have to act quickly to get several people who attended the meeting to keep their session records to show that there was no gap of say twenty minutes in which I could have committed the crime. The jury is going to have to decide if I had a confederate, and whether or not I was posting from home, but with that transcript, preferably more than one copy, I am in much better shape. Just having access to MY records may be all that is needed to allow me to say, oh yeah, I was bowling that night with friends. As interaction times get shorter, and with things like Shadow, and talk, and... we may soon have a major electronic alibi case, other than on televison. ------------------------------ Date: Fri, 12 Apr 91 10:03:40 PDT From: pallas@alydar.eng.sun.com (Joseph Pallas) Subject: Risks of Silly Legislation Without knowing the context, it's difficult to judge just how senseless this "sense" is. The significance of "sense" in this case, I suspect, is to guide the judiciary in decisions about the intent of Congress. The executive has broad power to make binding regulations that can only be voided if they contradict the clear intent of the legislature (or are unconstitutional). Whether there is really any sense here depends on a number of things, including the definition of an "information transfer service." The most widely used electronic information transfer service today is the telephone system. The suggestion that AT&T, for example, might be responsible for ensuring that no unauthorized encrypted messages cross its network is absurd. There is no way that an information transfer service can even tell whether a message is encrypted, not to mention that the Electronic Communications Privacy Act would explicitly disallow observation of message traffic for that purpose (by my reading, I am not a lawyer, this is not legal advice, consult a lawyer blah blah blah). A more basic question that's been raised in the discussion is whether the risk of allowing secure communication outweighs the right to keep secrets. If it does, then we can surely expect as a consequence any number of changes in our lifestyle, most of which will be reminiscent of Orwell's 1984. Secure communications go far beyond electronic information systems, extending to every possible communications medium. If we remain free to speak and publish whatever we will, then secure communication will be possible. Attempts to prohibit it are in conflict with the very foundation of a free society. joe ------------------------------ Date: Fri, 12 Apr 91 09:48:57 EDT From: kittlitz@granite.ma30.bull.com (Edward N. Kittlitz) Subject: Re: Sense of Congress Willis Ware writes about the sense of Congress: "Congress is simply stating its position on the matter, not doing something about it." Isn't it the case that many judicial questions revolve around the "intent" of the legislators? Isn't this a handy way to reduce the language of a law, while expanding its applicability in unpredictable ways? E. N. Kittlitz kittlitz@world.std.com / kittlitz@granite.ma30.bull.com ------------------------------ Date: Fri, 12 Apr 91 13:23 EDT From: "Dr. Harold Joseph Highland, FICS" Subject: Security Contest CALL FOR PAPERS for ACM/SIGSAC Student Paper Contest in Computer Security Dr. Harold Joseph Highland, FICS Distinguished Professor Emeritus of State University of New York Managing Director of Compulit Microcomputer Security Laboratory Editor-in-Chief Emeritus of Computers & Security Telex: +1-650-406-5012 MCI Mail: 406-5012 Voice: +1-516-488-6868 Electronic mail: Highland@dockmaster.ncsc.mil CALL FOR PAPERS Student Paper Competition: Computer Security, Audit and Control Sponsored by ACM/SIGSAC The purpose of this paper competition is to increase the awareness of security, audit, control and ethics as they apply to the computing field. SIGSAC will award $1,000.00 to the student or junior faculty member whose paper is selected by the review committee as the outstanding contribution of the year. The contest is open to all full-time undergraduates, graduate students and junior members of the faculty of a recognized or accredited institution of higher learning. Only those who have not previously had a paper published in a referred journal in which he or she was the lead or sole author will be eligible for the award. Papers must be received by the SIGSAC Competition Committee Chairman on or before October 7, 1991 SIGSAC reserves the right to publish any submitted paper, whether selected for a prize or not, in SIGSAC Security, Audit and Control Review. Author will be notified about acceptance of his or her paper for publication within 90 days after the announcement of the contest winner. SUGGESTED TOPICS Access/authentication control Administrative policies, standards and procedures Audit concerns for data communications Auditing in computer security Banking industry security Communications security Computer crime Computer law Computer security audit techniques Computer viruses and other threats Contingency planning Crypto systems and encryption Data integrity and security Database security Distributed systems security Dynamic signature verification Education for computer security E-mail systems security Electronic funds transfer Ethics and security Expert systems in security Formal specifications and verification Information system security Key management Local area network security Logging and accountability in security Medical databases and security Microcomputer security Modeling security requirements Multi-level security Network design for security Network security issues Office automation security Open communications and security Operating systems security Operational assurance in security Passwords: management and controls Penetration testing as an audit tool Physical security Privacy and security Protecting programs and data Risk analysis and assessment Risk management Smartcards and security Telephone intrusion threat Tokens as a security tool Trusted systems Use of microcomputers in an audit environment User authentication INSTRUCTIONS TO AUTHORS [1] The manuscript must be typed double-spaced on one side of the page with one-inch top, bottom and side margins. All illustrations must be in camera-ready form. An abstract [maximum of 100 words] should be included on the first page. Style and format of the paper should follow the form used in Communications of the ACM. [2] Manuscript is limited to a maximum of 25 double-spaced typewritten pages. [3] The author's name, address and any references to a university must not appear in the paper. Acknowledgements, if any, must appear on a separate page. [4] Five (5) copies of the paper [quality photocopies will be accepted] should be submitted together with a covering letter and the additional information requested as contained in this announcement. [5] A floppy disk [3 1/2" or 5 1/4" standard or high density format], preferably in DOS ASCII format, should also be included. [6] All copies should be sent prior to October 7, 1991 to: Dr. Harold Joseph Highland, FICS SIGSAC Competition Committee 562 Croydon Road Elmont, NY 11003-2814 USA Telephone: [+1] 516-488-6868 Telex: [+1] 650-406-5012 MCI mail: 406-5012 E-mail: Highland -at dockmaster.ncsc.mil ==== Author Information Entry Form ==== [Please reproduce in typewritten form and submit with paper] Title of paper ..................................................... Author's full name ................................................. Full name of school ................................................ Author's home address .............................................. Author's school address [if applicable] ............................ Telephone number ................................................... E-mail address ..................................................... Name of faculty advisor .......................................... Full address ....................................................... Telephone number ................................................... E-mail address ..................................................... Degrees held or year at college .................................... Previous publications [if any]; list title(s), publication in which article appeared and date ......................................... COMPETITION COMMITTEE * Chairman, Dr. Harold Joseph Highland, FICS, Distinguished Professor Emeritus, State University of New York USA * Ms. Victoria A. Ashby, The MITRE Corporation, McLean, VA USA * Mr. John G. Beatson, Databank Systems Ltd., Wellington, New Zealand * Professor Jack Bologna, Sienna College, Plymouth, MI USA * Professor William J. Caelli, FACS, Information Security Research Center, Queensland University of Technology, Brisbane, Queensland Australia * Dr. John M. Carroll, University of Western Ontario, London, Ontario Canada * Mr. Raymond W. Elliott, Coopers and Lybrand, New York, NY USA * Professor Josep Domingo-Ferrer, Universitat Autonoma de Barcelona, Bellaterra, Catalonia, Spain * Mr. Virgil L. Gibson, Grumman Data Systems, McLean, VA USA * Dr. Daniel Guinier, IREPA Computer Security Department, French National Research Council, Strasbourg, France * Mr. Gerald Isaacson, Information Security Services, Northborough, MA USA * Mr. Stanley A. Kurzban, International Business Machines, Thornwood, NY USA * Dean Dennis Longley, Faculty of Information Technology, Queensland University of Technology, Brisbane, Queensland Australia * Mr. Hanan Rubin, Metropolitan Life Insurance Company, New York, NY USA * Squadron Leader Martin Smith, Royal Air Force, Peterborough, England * Professor Louise Yngstrom, The Royal Institute of Technology, The University of Stockholm, Stockholm Sweden ------------------------------ End of RISKS-FORUM Digest 11.46 ************************