Subject: RISKS DIGEST 12.04 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 9 July 1991 Volume 12 : Issue 04 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Clip-Art Confusion Causes City Change (Christopher Davis) Hiding a face on television (Tim Smith) A RISKy night in Georgia (Robert E. Van Cleef) Risks of HR 1400 to modem community (Jim Thomas) Dissemination of confidential information (Hugh Cartwright) Review of "TERMINATOR 2: Judgment Day" (R. Mehlman) Re: Computers and Exporting (Vadim Antonov) Re: Formalism vs Experimentation (Vadim Antonov, Daniel Palumbo) Disk based crime plan (Rob Boudrie) Deleting vs. Shredding (Brad Templeton) Re: The Risks of Undelete and the Law (Steven Tepper, William Ricker) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 12, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Tue, 9 Jul 91 18:53:28 -0400 From: ckd@eff.org (Christopher Davis) Subject: Clip-Art Confusion Causes City Change >From the _Boston Herald_, July 2, 1991, from "Paul Sullivan's CELEBRITY" page: "Mayor Dinkins' birthday invites sky-high error" The Big Apple must @i(really) be turning sour because even an invitation to Mayor @b(David Dinkins') upcoming birthday party features the skyline of @i(Boston) instead of the skyline of New York City. [... it's for a July 10th fundraising party (my birthday too!) --ckd] Prominently displayed in the sketch is the famous Citgo sign in Kenmore Square, the old John Hancock Building, the new Hancock Tower and the Prudential Tower. [...mayor's spokeswoman passes buck to organizing committee] A committee spokeswoman blamed it on that old standby, computer error. "When you punch in 'skyline,' that's what came out," she said. [phrasing as original; either she's confused about past & present, or the quote got messed up. No [sic] in original --ckd] >From my reading of that, it appears that there's some sort of "clip art" package involved, probably with titles and/or keywords to select "appropriate" pictures. Is this a case of the RISKS of using a single-keyword search? More the RISKS of blindly accepting the results, in my opinion. If the photo included with the article is of the card (it's not clear whether it is or not), then someone definitely should have looked twice. (The Mets fans should have at least recognized the Citgo sign from the '86 Series, and the Yankees fans don't need to go that far back. The RISKS of not watching enough baseball?) Garbage in, Gospel out, once again. This one's just another old story to RISKS readers... Christopher Davis , System Manager & Postmaster Electronic Frontier Foundation, Cambridge, MA ------------------------------ Date: Tue, 9 Jul 91 00:40:41 PDT From: ts@cup.portal.com Subject: Hiding a face on television Being too lazy to change the channel, I'm being subjected to the pseudonews program _Hardcopy_. As I type this, I'm watching a little boy testify in court about the possible murder of his mother. To protect the child from being recognized, they are doing something to the video of his face so that it consists of several large squares that change as he moves. This seems to be the standard way to hide things on TV now. Is this safe? It seems that there should be enough information here to reconstruct the hidden face (or other body parts -- they seem to be using this process to cover up nudity now too). Tim Smith ------------------------------ Date: Tue, 9 Jul 91 12:32:23 -0700 From: vancleef@nas.nasa.gov (Robert E. Van Cleef) Subject: A RISKy night in Georgia Computer Crime (Information Weekly, July 8, 1991, page 6) A Computer Systems Protection Act went into effect last week in Georgia. The Act provides the same punishment for computer thievery as for other types of theft crimes. The bill calls for prison terms of up to 15 years for "computer-assisted theft, trespass, invasion of privacy, and forgery." Under the Act, stealing someone's computer password in Georgia can get you a $5,000 fine or one year behind bars. ------------------------------ Date: Wed, 03 Jul 91 21:13 CDT From: TK0JUT1@MVS.CSO.NIU.EDU Subject: Risks of HR 1400 to modem community What are the risks of Bush's proposed crime bill?? There is provision in HR 1400, the House version of the "Comprehensive Violent Crime Control Act of 1991" that should be of concern to those concerned with the potential reduction of Constitutional protections of privacy and association. The current version would also revise 18 USC (sect) 2709 which authorizes the FBI "subscriber information and toll billing records information or electronic communication transactional records" from any "wire or electronic communication service provider." The subject of the request need not be the person under investigation, but can be made of anybody who is perceived to possess information relevant to an investigation. The language of existing law is sufficiently vague that it seems to include (or could be interpreted by zealous agents to include) any private documents that one may have on a university mainframe that might contain "transactional information" (a broad term with potential for widest possible definition). This could be construed to mean that if somebody on the internet received private e-mail from the target of an FBI investigation, then the first person could be subject to having a variety of private material turned over to the FBI. Current language in HR 1400 also expands the definition of acts subject to investigation by broadening the scope of counter-intelligence. This is already the current law. The proposed revision adds: "(c) PENALTY FOR DISCLOSURE.-No wire or electronic communication service provider, or officer, employee, or agent thereof, shall disclose to any person that the Federal Bureau of Investigation has sought or obtained access to information under this section. A knowing violation of this section is punishable as a class A misdemeanor." (From HR 1400, Sec. 743. COUNTERINTELLIGENCE ACCESS TO TELEPHONE RECORDS) Not only is this provision a threat, but there is neither a reasonable length of time after which such information may be given, nor is there any exception for disclosing the information to another (the information shall not be disclosed to **ANY PERSON**), including priests or doctors. When rumors of "national security implications" arose in some of the Secret Service raids last year, it takes little imagination to see the "act first apologize later (if ever)" mentality in action, snooping through records and vague "transactional information." The proposed wording constitutes a threat by adding a level of secrecy to investigative power. Jim Thomas ------------------------------ Date: Tue, 9 JUL 91 09:13:52 BST From: HCART@vax.oxford.ac.uk Subject: Dissemination of confidential information Klaus Brunnstein in Risks 12.03 argues quite reasonably for a Code of "Discourse Ethics". and comments on "... the trust which I assume my communication partners follow..." While his proposed Code would meet a real need, I am afraid Klaus's own position is weakened when he writes: > I personally just received Bill Gates memo on Microsoft's > performance and future problems; .... I assume > that Bill Gates will not be glad that I had it. Probably not. > I am highly sure that the > community in which I received this information is trustable, and they and I > will not uncover any details... Except that this "trustable community" is already circulating what they know to be confidential information to Klaus, and, presumably, to others. Doubtless it was inept of Microsoft to allow their e-mail to be intercepted, but if the purpose of those publicising the interception is to expose flaws in the e-mail system, surely the right course is to deal with Microsoft, not to disseminate the information more widely. Those, like Klaus, working in security, have an justifiable interest in security holes uncovered by others. However, circulation of the actual information pulled through these holes in no way helps to seal them. Indeed, it must give rise to serious doubts about the motives of those who retransmit mail to which they have no legitimate access. Hugh Cartwright. Physical Chemistry, Oxford University, UK. ------------------------------ Date: Sun, 7 Jul 91 22:44:23 PDT From: rmehlman@grumpy.span.nasa.gov Subject: Review of "TERMINATOR 2: Judgment Day" The computers have no BUGS. [You were expecting, maybe, realism? PGN] ------------------------------ Date: Sat, 15 Jun 91 17:15:46 +0300 (MSD) From: avg@hq.demos.su (Vadim Antonov) Subject: Re: Computers and Exporting >Take for instance the DES export restriction. Sources for DES have been >posted on Usenet. The source codes and formal descriptions were publically available in USSR long before that posting. I've first seen it being a student and hacking some Unix sources about 1982. Isn't it stupid to continue insisting on export restrictions of the well-known technology? (I remember our military instructors (military education was mandatory in USSR, sigh) talking about tactical characteristics of Soviet aircrafts referring to the American intelligence sources! Surely, these data were "secret" inside USSR! Familiar scenario, isn't it?) Vadim Antonov, DEMOS, Moscow, USSR ------------------------------ Date: Sat, 15 Jun 91 19:34:11 +0300 (MSD) From: avg@hq.demos.su (Vadim Antonov) Subject: Re: Formalism vs Experimentation I tend to agree that formal methods is the useful thing for practical programming; but it's silly to limit CS education by (or to focus it at) formal methods. May be I'm a heretic but there is no such thing as a "programmer". Programming is always a marginal discipline - any real program deals with a) hardware (I'm worrying why programmers are ignorant in hardware design methods; say the modern buzzword "object-oriented" is nothing more than the sixty-years-old method of modular hardware design. Anyone having experience in digital hardware design have no troubles with parallel programming, etc. Understanding HOW hardware does work is necessary for any good programming.) b) humans (I dunno why, but programmers often tend to design really anti-human user interfaces. Psychology is the thing most programmers needs to be familiar with. I also think the most programmers should at least have some sense of taste. I got tired looking at the ocean of tastelessness of Messy-Dossy bells and whistles. Good English (or anything else :-) is not the last part of good documentation.) c) mathematics (Absolutely necessary in numerous well-investigated fields like numeric computations and syntax analysis AND useful as a mean to improve analytical thinking.) d) poligraphy (Text-processing is the daily routine of most programmers). [Yes, NOT POLYGRAPHY!] e) business and management (Teamwork, planning and market estimations are necessary things to make something successful - who wants to spend his life creating programs nobody wants to pay for? Still, management often is the second profession of ex-programmers.) f) specific knowledges in application's domain. (If you're creating a program for robots controlling machine you need to know some mechanics, aren't you.) *) after all anybody could note a dozen more things useful in programming. As you can see the "ideal" programmer should be really universally educated and the modern education is overly concentrated on formal side of programming. Someone noted the Soviet system of education, well... It's really mathematically-based and produces good puzzle-solvers. The "educational" programming suffers from puzzle nature of problems students are used to solve. Real problems are different. Even systems programmers very seldom needs to invent algorithmic tricks. The best solution is the simpliest one, not the most tricky and "efficient". The formalized CS education we have in Soviet Union yields really awful results - for example the quantity of grads capable to write real programs is about 2-3% after the CS Dept. of Moscow U (not the worst one, be sure) - and those students who CAN program all are self-educated hackers and as a rule they had terrible conflicts with educational authorities. Some of the most talented programmers here are still students in their 30s. Thus the practice is against Dijkstra. Let me state that programming is not the science of coding but the art of finding solutions of non-formalized problems and expressing these solutions in explicit and clear way. [Paragraph on gender-related matters deleted. PGN] Vadim Antonov, DEMOS, Moscow, USSR ------------------------------ Date: 28 Jun 91 13:29:45 From: Daniel Palumbo Subject: Re: Formalism vs. Experimentation Having just concluded an effort to experimentally verify clock synchronization theory, I was drawn to this recent RISKS discussion, However, I found very little substance relating to what I thought was at issue here. Our group at NASA Langley is concerned with validating/verifying digital flight control systems on aircraft. One of our battle cries has been that testing (experimentation) is inadequate to demonstrate that a system is 'bet your life' correct. Formal methods (which in the U.S. means proof of correctness) is championed as an alternative. During the course of my work with clock synchronization theory, I came to believe that experimentation is an absolutely vital part of formal methods. Experimentation can even be considered a formal method if done in a rigorous, scientific method. My more formally oriented co-workers and I have debated this issue with the general consensus (from my perspective) that experimentation is needed any time a design bumps up against the real world. Some have even suggested that experimentation is useful in establishing that a purely logical relationship is not obviously untrue before a proof is attempted. The question which remains is, "What is the best recipe for mixing formal methods and experimentation to yield the most confidence in a design at the lowest cost?" [dlp@air12.larc.nasa.gov] ------------------------------ Date: Fri, 5 Jul 91 14:01:35 EDT From: Rob Boudrie Subject: Disk based crime plan There is another "dark side" to this business of using "disk data" of alleged "crime plans" as evidence against a suspect. Unlike typewriting (traceable to a machine); photocopies (also traceable) and handwriting, the digital nature of computer data lends itself to tampering. There is now a virtually detection proof mechanism whereby an overzealous cop can embellish the evidence if the case is weak but (s)he "knows" that the suspect is guilty and wants to prove it. To those who say "they would never do that", I would point out that two Boston police officers were recently convicted of perjury for fabricating an informant to get a search warrant for drugs. ------------------------------ Date: Wed, 3 Jul 91 15:17:12 EDT From: brad@looking.on.ca (Brad Templeton) Subject: Deleting vs. Shredding Is there an expectation of privacy with a shredded document? After all, it seems to me that a tool to scan in and paste together slices from a single slice shredder (as opposed to the multi-slice ones that just leave little bits of chaff) would not be hard to create. I fully expect that the intelligence types have already built them, although it is unlikely that they would be released to the public. I wonder how the courts would react to evidence that was a re-combined shredded document? ------------------------------ Date: Wed, 3 Jul 91 12:59:46 PDT From: greep@speech.sri.com (Steven Tepper) Subject: Re: The Risks of Undelete and the Law (RISKS-12.02) When I worked for the government (a number of years ago) I was told that to dispose of a magnetic tape containing classified information you either had to write over the tape twenty times or burn it. -greep ------------------------------ Date: Mon, 8 Jul 91 19:51:43 EDT From: wdr@wang.com (William Ricker) Subject: Re: The Risks of Undelete and the Law In comp.risks Ron Dippold writes: [...] >The court soundly, and IMO correctly, rejected this claim, analogizing the >retrieval of the deleted file data (by an FBI agent who was a computer expert) >to deciphering a coded message in a diary, after the diary was obtained under >a valid subpoena. Since you say "IMO" [In My Opinion] not "IMHO" [~ Humble ~], do you mean to imply you are an attorney specializing in Constitutional Appellate matters, or a professor of same? Do you say "correctly" because A* there was sufficient other evidence to convict, and thus he shouldn't be let free on a technicality? B* the police had specifically listed the computer on the search warrant, and thus the "expectation of privacy" has been breached legally under warrant after due process consideration of probably cause in the warrant hearing. C* the new supreme court would gladly shed some light into the penumbra of the 9th amendment and the right to privacy, anywhere "stare decisis"*1* doesn't apply as well as some where it does, and thus this probably won't be overturned on appeal? [*1* "let the decision (precedent) stand"] D* the _Katz_ "expectation of privacy" should be based on what a technically competent expert witness would expect, not what a common user would expect? This particular case does sound, IMHO, as if "harmless error" could be the finding on the privacy issue, for the first and second reasons (A&B). The allusion to locked/encrypted diaries seized under warrant as precedent makes me suspect B. I would be disheartened if however the finding were that the technical accuracy of the user's expectations were actually material to their coverage by _Katz_. Spurious claims to privacy (e.g. the very recent case of a paper bag of drugs in the car, 89-1690, California v. Acevedo, where accused granted permission to search the care, but claimed no permission to open the bag was implied and that warrantless search of the bag was a violation of 4th) are to be rejected, IMHO. However, again IMHO, where even guilty parties really did believe they had privacy, such as the instant Pennsylvania felony kidnap & murder case and Poindexter and North deleting their incriminating ContraGate PROFS messages only to have the IBM mainframe backup tapes read by the House/Senate committees, the 4th/9th penumbra should grant them *criminal* evidentiary protection commensurate to their expected privacy. The Senate of course has the right to read government property, and civil/commercial litigation has much looser rules of evidence, where I would expect backups & restorals to be admissible. (The ContraGate tapes may have been subpoenaed specifically, in which case the Diary Under Warrant might apply, and void the expectation; I would have to read (a) the diary precedent and (b) the subpoena to have any confidence in an opinion.) I wonder if the appellant convict briefed any surveys on how many users read their manuals or know about UNDELETE utilities? I wish the convict could appeal this one to the old Warren court; I'd like to know whether Douglas would have found this within his Penumbra, as I think he might have (depending on the facts). The Rehnquist court probably won't even look at it, unless as a vehicle to chip away at the penumbra -- which would be patently abusive, since it can be easily disposed of as a harmless error, since the physical evidence was enough to convict, so original poster tells us. [Caveat: I'm not an attorney, let alone one specializing in constitutional issues. Hence IM*H*O above. But I did take two classes on it in college and have tried to keep up on recent opinions since; opinions.supreme-court from UUNET helps there greatly, especially the *.S syllabus files.] /s/ Bill Ricker wdr@wang.wang.com ------------------------------ End of RISKS-FORUM Digest 12.04 ************************