Subject: RISKS DIGEST 11.71 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thursday 23 May 1991 Volume 11 : Issue 71 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: The RISKS of Posting to the Net (mmm) If SB266 wants plaintext, give them plaintext... (Peter Wayner) Voting By Phone (James K. Huggins) Using commercial databases to augment Government surveillance (Brad Dolan) UPS & Electronic Signatures (Alex Bangs) Re: Yet another Push The Button story (Tom Coradeschi) Re: (Bogus) IBM red switch (John A. Pershing Jr.) Re: Privacy (Richard Johnson) Re: The Death of Privacy? (Robert Allen) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 11, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Thu, 23 May 91 11:58:07 PDT From: mmm@cup.portal.com Subject: The RISKS of Posting to the Net I just had an interesting visit from the FBI. It seems that a posting I made to sci.space several months ago had filtered through channels, caused the FBI to open (or re-open) a file on me, and an agent wanted to interview me, which I did voluntarily. My posting concerned destruct systems for missiles. I had had a chance to look at the manual on the destruct system used on the Poseidon and Polaris A3 missiles, and was shocked at the vulnerability of the system which triggers the system. In my posting, I commented that the system seemed less secure than many garage-door openers. It uses a set of three tones, in which two tones are presented, then one tone is taken away and the third tone is applied. The only classified parts of the system are the frequencies of the second and third tones. On the net, I asked whether tone control systems like this are still used for missile destruct systems. By e-mail, I received an answer from a person who was currently designing a destruct system, and he indeed confirmed that not only are tone-control destruct systems still used, they are a requirement of some test ranges. (However, he thought it would be difficult to send a bogus destruct command because of the need to blot out one of the tones which is transmitted continuously from ground control; it would be far easier to insert a bogus flight control command and send the missile toward a city.) A few months later, I received a message from my sysop asking me to call a person at Patrick Air Force Base who wanted to get in touch with me. This guy was real concerned that I had revealed "sensitive" information. He said he kept his copy of my posting in his safe! I guess he didn't know that it had already been distributed throughout the industrialized world. He didn't want to say anything about the subject over the phone. He asked whether I would be willing to be interviewed by an investigator. I agreed, and he said I would be contacted within 24 hours by someone locally. That was the last I heard of him. I suppose he talked to someone who knew more about destruct systems, and was reassured that it isn't possible because it hasn't happened yet. Two days ago, more than half a year after my original posting, I got a message that someone from the Palo Alto office of the FBI wanted to talk to me. I called him, and we agreed to meet this morning. He didn't seem too concerned with the technical aspects of my posting -- I guess he also had his own experts to consult. He mostly seemed to be checking me out to see if I was plotting to blow up a missile. He was also very interested in how the net works. I told him all about the net. He wanted to know if there was any sort of censorship or control over what goes on the net, and I explained it was mostly after-the-fact control, for example if you post a commercial advertisement the management of your site will get a ton of e-mail asking that your account be cancelled. He asked whether someone could post an offer for $10,000 for blueprints of a missile or something, and I said there isn't any sort of censorship that would prevent that sort of thing. But the closest thing to a request for information on performing a crime that I knew of was a couple years ago when someone asked in the chemistry newsgroup about methods for electrically igniting a chemical. I told him about the controversy that caused, though I omitted my role in answering the original poster's question :-) I also told him about newsgroups like alt.drugs, rec.pyrotech, etc. He took copious notes. He asked about the equipment needed to access the net. I told him about computers and modems and Portal. I should contact Portal management to see if I get a bonus if he signs up as a customer :-) The only surprise came at the end of the interview. He asked if I had any questions. I said I was curious how my posting ended up in his hands. Before he could answer, I said I suppose you were contacted by that guy at Patrick Air Force Base. This surprised him, and he said he knew of no involvement by anyone at Patrick Air Force Base. I asked how he _did_ know about my posting, and he said he couldn't answer that. I then went on to tell him about the controversy over Uunet, and their role in supplying archives of Usenet traffic on tape to the FBI, and he seemed surprised by that also. So what's the RISK here? None to me, because I was a perfectly innocent party. I suppose some people would be really concerned to learn that their postings to the net are being monitored for possible illegal activity. But I would be far more concerned if they weren't. The fact that two independent investigations were started is reassuring to me, because it shows that the government is not totally brain-dead with regard to possible threats to their big projects. Certainly if _I_ were FBI director, I would consider Usenet to be a great resource. I'd learn all about computer crime, recreational drugs that aren't illegal yet, low-tech ways of building bombs, how to contact Earth First!, etc., etc. ------------------------------ Date: Thu, 23 May 91 16:17:23 -0400 From: wayner@cs.cornell.edu (Peter Wayner) Subject: If SB266 wants plaintext, give them plaintext... There has been plenty of discussion about SB266 requiring all communication equipment to provide the plaintext to the government on demand. Well, I've decided if they want plaintext, give them plaintext. I've written a program that will convert any file into strings from a context-free grammar. The bits are recovered by parsing. To test it's viability, I created two grammars and a program to do the work. The first converts any file into the radio commentary of a baseball game between two teams, The Blogs and the Whappers. Could something as American as baseball be hiding something? The second converts a file into something approximating a speech by Neil Kinnock . I chose Neil Kinnock because SB266's sponsor, Joe Biden, is fond of borrowing liberally from Mr. Kinnock's impressive oratory. Unfortunately, the only really substantive chunks of Mr. Kinnock's speeches I could find were from a NYT article by Maureen Dowd in 1987 about the striking similarities between the speeches of Joe Biden and Neil Kinnock. The limited sample leads to a "broken record" effect. (The libraries in America don't seem to contain collected speeches by Mr. Kinnock. If anyone has a video tape of his impressive 10 minute commercial of Brahms and anti-Bromides, I'd love to see it.) I managed to encode information using this text by slightly permuting the word choices. I've been wondering if Senator Biden wasn't doing the same thing when he didn't quote verbatim. Perhaps he was sending messages to someone? My apologies to Mr. Kinnock for mutilating his careful diction and rhythm. If anyone in the United States would like to experiment with the programs, please drop me a line. I'll send you the source code. It is written Think Pascal 3.0 for the Mac, but it should be a breeze to convert to other Pascal's or even C. The offer only extends to electronic addresses in the United States because the Commerace department restricts the distribution of cryptographic protocols beyond the borders. The security of the system is a bit hard to assess (breaking it is, in some senses, a PSPACE-complete problem), so I'd rather abide by an annoying rule than spend time in the can. If you would rather receive it by disk, send me one with a properly franked envelope, and I'll mail it out. If you want a copy of a Tech Report describing the topic, send me a paper address and I'll send it out. This document can cross borders. Thank god for the first amendment. Finally, here are two examples of the program at work: ------------------------------------------------------------- Baseball ------------------------------------------------------------- It's time for another game between the Whappers and the Blogs in scenic downtown Blovonia . I've just got to say that the Blog fans have come to support their team and rant and rave . Let's get going ! Another new inning . Ain't life great, Ted ? Yup. How about those players . The pitcher spits. Prince Albert von Carmicheal comes to the plate . He's trying the curveball . He pops it up to Harrison "Harry" Hanihan . One out against the Whappers. Now, Parry Posteriority swings the baseball bat to stretch and enters the batter's box . Here we go . OOOh, that's almost in the dirt . Definitely a ball . The next pitch is a bouncing knuckleball . Short and away . The umpire calls a ball . It's a change-up . and it's ... La Bomba ! HomeRun ! Yup, got to love this stadium. Now, Mark Cloud swings the baseball bat to stretch and enters the batter's box . Yeah. He's uncorking a toaster . No contact in Mudsville ! It's a fastball with wings . No wood on that one . He's uncorking what looks like a spitball . Whooooosh! Strike ! He's out of there . These are the times that make baseball special . Now, Parry Posteriority swings the baseball bat to stretch and enters the batter's box . Another fastball . No contact on that one . A full windup and it's a split-fingered fastball . He pops it up to Orville Baskethands . Well, that's the end of their chances in this inning, Rich . ------------------------------------------------------------- Neil Kinnock ------------------------------------------------------------- Why were the Coal Mines all my ancestors had ? These people who could write poetry ? My people who could make wonderful things with their hands ? Why didn't they get the chance ? Were they too weak? The people who would work underground for 8 hours and come out to play football for the evening ? Do you think that they didn't get what we had because they didn't have the drive ? Never . It was because they never had a platform on which to stand . Why am I the first man in my family to go to University ? Was it because our ancestors were too thick ? Why were my ancestors shut out of life ? My people who could dream dreams and recite poetry and dance and make wonderful things with their hands and dream dreams ? My parents who could make wonderful things with their hands and sing and write epic poems and make beautiful things and see visions ? Why didn't they get the chance ? Were they too weak? Those people who worked underground for 8 hours and come up to play football ? Does anybody really think that they didn't get what we had because they didn't have the stamina ? No . There was no platform on which they could stand . ------------------------------------------------------------- Both of these examples are just small portions of the result of encoding the message: Paul is dead! I am the walrus! Buy something right now. Don't shoplift. Buy! Buy! Here are the plans to the Overthruster, Sergei. Yoyodyne forever. ------------------------------ Date: Thu, 23 May 91 12:25:35 EDT From: James K. Huggins Subject: Voting By Phone This afternoon, during the Senate's debate on the Campaign Finance Reform Act, Senator Robert Dole (R-Kansas) offered an amendment (which was agreed to by the Senate) directing the Federal Election Commission to conduct a study regarding the feasibility of allowing disabled voters to vote by telephone in federal elections. The main motivation behind the amendment was to provide easier ways to vote for disabled Americans who may find it difficult to reach a polling place. The amendment does not require the FEC to immediately implement voting by phone, but only to study it. Previous issues of RISKS have discussed the risks of voting by phone at length, but one risk stands out in this particular case. If the danger of coerced votes in "normal" phone votes is substantial, I believe it is even higher in this situation, where the threat of physical violence against the physically disabled voter would be greater than normal. Jim Huggins, Univ. of Michigan (huggins@zip.eecs.umich.edu) ------------------------------ Date: Thu, 23 May 91 11:25:34 GMT From: pine_ridge%oak.span@Sdsc.Edu Subject: Using commercial databases to augment Government surveillance Buried in an article in the 23-May-91 Wall Street Journal was a reference to an interesting computer-related risk. The article, entitled "Travelers From Abroad Face Summer of Extra-Long Delays at U.S. Airports," reported that incoming travelers may face delays of up to 5 hours in clearing immigration at some airports. Previously, "selective screening" and "citizen bypass" plans have been used by customs and immigration officials to expedite inspections of arriving passengers. The Immigration and Naturalization Service (INS) now is taking the position that all persons entering the U.S. must be checked. After interviewing Michael Cronin, assistant INS commissioner for inspection, the WSJ reported, "He notes that the U.S., unlike many other countries where immigration inspections are looser, doesn't require national identification cards or have a national police force to stop people on the street and enforce immigration laws. Thus, he argues, port of entry must keep tight control." One of these controls is the new Advanced Passenger Information Program. Under this program, airlines transmit data about arriving passengers to the INS before passengers arrive. The government adds this information to its databases and uses these databases to help determine who gets inspected. This program is currently in place for U.S.-Japan flights and will be implemented soon for U.S.-European flights. I am unhappy with the idea of the government augmenting its surveillance of me by tapping commercial databases. What other uses will they make of this information? What's next? Should the government get copies of my phone bills to see if I'm talking to the wrong people? An aside: I find the treatment of foreign travelers by the INS embarrassing when compared to the way I am treated by officials in other countries. The evil hacker-condoning Dutch, for example, seem to process everyone coming in to their country with courtesy, efficiency, and fairness. I've never noticed Dutch police randomly stopping people on the street and examing their identity papers, either. Brad Dolan pine_ridge%oak.span@sds.sdsc.edu B.DOLAN (GEnie) ------------------------------ Date: Thu, 23 May 91 07:59:32 EDT From: abg@mars.EPM.ORNL.GOV (Alex Bangs -- bangsal@ornl.gov) Subject: UPS & Electronic Signatures For those of you who don't sign for UPS packages, UPS is now switching over to an electronic clipboard for their drivers. This device is called the Delivery Information Acquisition Device (DIAD) [_Network World_, May 6, p. 15]. I had my first experience with one the other day when a package was delivered. The most unique part of this device is a pad which is signed by the customer with a stylus and stores the signature electronically. You can see your signature appear on the DIAD's LCD display. I visited UPS R&D about a year ago when they were still testing this device. They explained the logic behind this. Not only does it get rid of paper for signatures, but when the information is downloaded into a mainframe, it can be used by a central customer service organization. When a customer calls in claiming a package was not delivered, they can look it up on the computer and check if it was delivered, and who signed for it (not noting, however, that many people's signatures are unreadable!). So, how many of you like the idea of your signature being stored electronically somewhere in the bowels of someone else's computer? Alex L. Bangs, Oak Ridge National Laboratory/CESAR, Autonomous Robotic Systems Group bangsal@ornl.gov ------------------------------ Date: Thu, 23 May 91 12:20:05 EDT From: Tom Coradeschi Subject: Re: Yet another Push The Button story This thread reminds me of a suggestion a co-worker made for our new laboratory (Lots of high energy capacitors, switches, etc). We would install a large red pushbutton, with a lighted label above it reading "Push to Test". When the button was pushed, the label would change to "Release to Detonate". Well, I liked it... tom coradeschi ------------------------------ Date: Tue, 21 May 91 10:59:56 EDT From: "John A. Pershing Jr." Subject: Re: (Bogus) IBM red switch Note that the 1403 printer itself also had a "STOP" button on its control panel (I don't remember if it was red, or some other color). Amazingly enough, if the printer went into the "high speed paper slew" mode due to an -- er, -- unfortunate choice of carriage control character, the printer's "STOP" button would have NO EFFECT WHATSOEVER! (I discovered this when the printer was loaded with continuous-form payroll checks!) Unfortunately, the function of the "STOP" button was to tell the printer to stop accepting commands from the channel *after* the completion of the current command (e.g., "skip to channel 5"). Sigh... (There *was* a second button on the panel labelled "Carriage Stop", or something like that, which *would* stop the fountain of paper. Not immediately obvious to a panicked junior programmer...) John Pershing, IBM Research, Yorktown Heights ------------------------------ Date: Mon, 20 May 91 8:14:46 PDT From: richard@oresoft.com (Richard Johnson) Subject: Re: Privacy Mary Culnan ("Of Two Minds About Privacy" RISKS 11.69) and Jerry Leichter ("The Death of Privacy?" RISKS 11.69) detail some of the problems associated with automated systems that detail specific information about our personal and financial lives. To summarize: 1) Undesired access to data 2) Undesired manipulation of data 3) Undesired offerings of data (Mary) and 4) Undesired large-scale changes of public opinion (Jerry) {nota bene: That is my reading - you might have meant something else. Also, by "undesired" I mean "undesired by the subject" (me, specifically).} It seems this is just the tip of the iceberg, though. Recently released footage from the Persian Gulf conflict show a sophisticated airborne battle-management system capable of spotting movement, location, and identification of literally everything within several hundred miles. Several states are experimenting with bar codes for vehicle location, speed detection, and identification. While officially not for criminal investigation purposes, I doubt most anyone would object to a search of the records to locate the perpetrator of say, a felony hit-and-run. Birth, death, marriage, licenses, education, service, and major property occasions are all publicly recorded, and often _required_. Our employers often know where to find us, even when we are not at work. Our neighbors often know the roads we use to drive to work. Our grocers often know the days we get paid, and the times we like to shop. The problem is not just technology. The problem is how much an individual is willing to waive control of information about her (him) self. If we don't actively guard our privacy, we shall surely fall prey to those who would profit from that information -- perhaps at our expense. Richard Johnson ------------------------------ Date: Mon, 20 May 91 09:22:59 PDT From: Robert.Allen@eng.sun.com (Email Mujahideen) Subject: Re: The Death of Privacy? To my mind there is a more serious problem responsible for our loss of privacy (not to mention other rights). It's the attitudes towards convenience. Every time you use one of the Electronic Fund Transfer (EFT) devices at a Lucky's store, gas station, etc., you are giving up significant portions of your privacy. By buying gas this way someone can closely figure your driving habits: did you go somewhere this weekend? Where did you go (where did you use EFT to buy gas?)? What kind of mileage did you get? Is it possible you took a side trip where you used gas, but didn't buy any until later? What kind of food do you buy (I'm not sure if this is tracked)? How much do you normally spend on food, versus getting cash back? Why do you get so much cash back from a grocery store instead of a bank (trying to hide something?)? We are well on our way to a cashless society. I predict that it will eventually be illegal to own cash. Certainly whenever a drug dealer is busted today, you hear all about the (gasp!) several thousand dollars in cash found. Heck, *I* know people who keep that much at home, and they are definately not drug dealers. Once we become cashless, operating on "credits", the only people with any true freedom will be the hackers who are able to crack the systems and pilfer. You-all and I will be at the mercy of both the hackers, and the gov't. By that time it will be impossible to break the sequence, since literally EVERY purchase you make, from birth-control, to books, to how much you give to your church, will be tracked, and you will be at the mercy of any future laws passed, such as, say, anti-birth control, anti-gun, anti-drug, anti-"pornography", etc. It's already happening today, and it will only get worse. ------------------------------ End of RISKS-FORUM Digest 11.71 ************************