Subject: RISKS DIGEST 12.09 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thursday 25 July 1991 Volume 12 : Issue 09 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: The limits of simulation (Henry Spencer) RISKS vs. RISKS (Steve Bellovin) Gottschalks rejects check (Todd Heberlein) Proposed law on computer searches (Chris Hibbert) [longish] New Jersey "software engineering" registration legislation (John M. Ritter via Arthur Rubin) [longish] The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 12, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Thu, 25 Jul 91 21:37:48 EDT From: henry@zoo.toronto.edu Subject: The limits of simulation The May 27 Aviation Week, reporting on the April 1 test-stand failure of an upgraded SRB for the Titan 4: Investigators determined that extensive three-dimensional computer simulations of the [motor's] firing dynamics did not reveal subtle factors that they now believe contributed to motor failure. [Program director] Stirling said the full-scale test was essential precisely because computer analyses cannot accurately predict all nuances of solid rocket motor dynamics. "That's why we test", he said. For those who don't follow the space news, a few seconds into the test the motor pressure rose rapidly and exceeded the limits of the casing, the result being a large, spectacular explosion that destroyed the motor and much of the Edwards AFB test stand. Henry Spencer at U of Toronto Zoology utzoo!henry ------------------------------ Date: Thu, 25 Jul 91 13:52:26 EDT From: smb@ulysses.att.com Subject: RISKS vs. RISKS! In the same issue of RISKS-12.08, we have (from PGN) > Dennis Perry, an Oakland truck driver, and his good friend, Yvonne ... and from Mark Seecof: > However, the laws on the books assume the exercise of discretion. The contradiction is, of course, obvious. What isn't clear is what to do about it. Computers are great at making ``objective'' decisions. Civil service rules and government procurement regulations try to mimic this behavior. The goal is not to achieve the best, but to guard against the worst. But even worse can be ``achieved'' when the regulations aren't drafted carefully enough, letting an unscrupulous official finagle through a particular outcome. --Steve Bellovin ------------------------------ Date: Thu, 25 Jul 91 12:05:57 -0700 From: heberlei@iris.eecs.ucdavis.edu (Todd) Subject: Gottschalks rejects check I recently tried to purchase some merchandise at a local Gottschalks with a check. Before accepting my check, the clerk checked Shared Check Authorization Network (SCAN) to see if I have had any returned checks. The clerk then informed me that they could NOT accept my check. Having never bounced a check, and having more than ample money in my checking account, I was very surprised. After calling my credit union and SCAN, I was able to sort out the error. Gottschalks entered the account number on my check BUT NOT the bank number. SCAN apparently does a look up on just account numbers (as well as account and bank numbers), and as it turned out, someone with the same account number at a different bank had bounced checks. SCAN then returned FAIL. The result: I could not use a check because someone else at a different bank bounced a check. If other places only enter account numbers and not bank numbers, I will probably have to get a new account number from my bank. :-( Todd ------------------------------ Date: Thu, 25 Jul 91 14:53:15 PDT From: xanadu!hibbert@uunet.UU.NET Subject: Proposed law on computer searches Don Ingraham was one of the prosecutors who talked at the Conference on Computers Freedom and Privacy in March. At the last session, he said he would write and propose new guidelines for prosecutors to follow that would take into account the concerns that were brought up at the conference. Last month, he gave a talk at the first meeting of the Berkeley SIG on Freedom, Privacy, and Technology (affiliated with BMUG and CPSR-Berkeley). He mentioned at that point that he had a draft, and I later asked him for a copy. When I asked him if I could redistribute it, he not only gave me permission, but encouraged me to do so. If you have suggestions on how to improve the draft, or if you represent a relevant group (CPSR, EFF, ACLU, and ACM come to mind) and would like to offer Don official support, he'd very much like to hear from you. Don isn't electronically connected, so you'll have to send him fax or paper mail, or call him on the phone. If there is interesting discussion here, I'll tell him about it, but I don't promise to show him every word. What follows is first Don Ingraham's summary, then the draft bill, and finally his commentary on what it means, and what he'd like to have happen with it. This is an important proposal, and it looks like quite a good law. Chris hibbert@xanadu.com uunet!xanadu!hibbert = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = PROPOSAL FOR PENAL CODE SECTION 1538.6: ELECTRONICALLY STORED MATERIAL. Revised 11 June 1991 Donald G. Ingraham, Assistant District Attorney, Alameda County, 1225 Fallon Street, Oakland CA 94612 4292 (415) 272-6232 fax 271-5157 The following is a proposal to add to the existing search warrant provisions of the Penal Code some particular restraints on the issuance of warrants which are required by federal law; it would also establish controls on the examination of electronically stored evidence seized in the course of a criminal investigation, and empower the Attorney General to monitor and regulate compliance with this law. There are four main aspects: first, it recognizes the existing restraints of federal law, in particular the Privacy Protection Act (42 USC 2000aa) portion of the Civil Rights Act, and also chapter 212 of the Electronic Communications Privacy Act (18 USC 2700 et seq) dealing with stored electronic communications. The portion of the ECPA which addresses the interception of electronic communications is covered by existing law. second, it establishes the Attorney General of California in a monitoring and regulatory function, not unlike the function now performed in regard to criminal offender record information. In the following text, references to federal law appear in parentheses. third, it establishes criteria for the inventory and analysis of electronically stored evidence, and affords the person from whom it was seized and other interested parties standing and information to present their interests and concerns to the issuing magistrate. fourth, it balances law enforcement's necessary investigative authority with the privacy and personal interests of persons affected by the investigation. This topic is of such significance that it is suggested there be a specific legislative declaration such as this: = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Legislative finding: The legislature finds that investigation and prosecution of crimes in which computers are involved engenders a risk to other rights, including those to conduct a business, to publish, and to conduct private communications. This section clarifies existing requirements of the federal Electronic Communications Privacy Act and the Privacy Protection Act, and also invests the Attorney General with authority to regulate the analysis and examination of electronic media seized under the authority of this chapter. Addition to Chapter 3, Search Warrants, Title XII, Special Proceedings of a Criminal Nature, California Penal Code. Section 1536.5 A search warrant for computer-related material cannot be authorized except in compliance with the following restraints. All electronically stored material seized, under a search warrant or otherwise, shall be retained and analyzed as follows: [a] if the content is reasonably apparently identifiable as intended for publication, a search warrant may be authorized only if the affidavit to that warrant specifically provides probable cause that the material is contraband or the fruits of a crime or things otherwise criminally possessed, or is property designed or intended for use, or which is or has been used as, the means of committing a criminal offense. (This is directly from Title 42 USC 2000aa(7).] [b] if examination of electronically stored communications indicates that any particular file is a communication intended to be private and neither party thereto is named as a subject of the search warrant, and the material has been in such storage for under 180 days, the investigating officer may not continue the analysis nor proceed further without obtaining a search warrant for stored electronic communication, as defined by regulations issued by the Attorney General. (This is adapted from Title 18 USC 2703: the term 'search warrant for stored electronic communication' appears in that Title as a term of art.] [c] within five court days of any seizure of stored electronic material, the investigating officer will file a supplement to the inventory required by section 1537 which will list all electronic material with all available specificity, including but not limited to file names then identified, and indicate what procedures for analysis are being taken. A copy of that and any subsequent inventories will be furnished to the subject of the search warrant. A further supplement will be filed with the issuing magistrate every tenth court day thereafter until all electronic material has been analyzed. A copy of all such inventories will be part of the court record and open to public inspection. [d] Electronic stored media will be analyzed as expeditiously as possible and in the following order: first, material recognizably necessary to the conduct of legitimate business and private communications; second, material recognizably central to the crime under investigation; third, material reasonably suspected of relating to the crime under investigation. The magistrate shall direct the investigating office or prosecutor to return or copy such material to the owner, providing a receipt for the court record. [e] After the filing of the initial inventory, any person who has reason to believe that he or she would be unfairly adversely affected in business or communications by the retention or analysis of the seized electronic material may petition the issuing magistrate for a hearing to demonstrate that the proposed retention and/or analysis would result in significant injury to a legitimate purpose. [This provision expands upon existing Calif PC 1538.5, but is specific to electronic media; there is no known federal counterpart. The provision for return by DA, receipt to Court, regular accounting and standing to others affected is not fantasy: we did as much in our Draper prosecution with mutually beneficial effect.] [f] The Attorney General shall establish regulations for the seizure, examination, and disposition of electronic material obtained in the process of criminal investigations consistent with the intent of this section that intrusion and disruption be as minimal as the requirements of an investigation permit, and in keeping with federal regulation. [This section empowers the Attorney General to keep computer related criminal investigations by our law enforcement agencies consistent with federal law, without the need to go to the legislature to accommodate changes in the federal law.] = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Comment, primarily intended for prosecutors, but open to all This is the draft of a bill on search warrants for electronically stored material, which will probably be introduced next session: I need to line up AG and other support for it to fly. To put the idea in context, please be aware that Penal Code 1538.5 covers review of searches and is the basis of our traverse motions. It seemed the logical place to put this, rather than in our Computer Crime section-502- or under privacy. The idea is to get a legislative purpose statement, and then flag areas of concern and potential federal liability: (a) flags the First Amendment Privacy Protection Act, 42 USC 2000aa, which addresses : ... any work product materials possessed by a person reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication, in or affecting interstate or foreign commerce.." which I try to boil down by the phrase "intended for publication", adding a prefatory qualification, that it be "reasonably apparently identifiable" as such. The federal act makes no such allowance, although I cannot imagine a court imposing it: as it now reads it is rather like forbidding us to open any cabinet that may contain more than one paper clip, at our peril. (b) does the same flagging as to Chapter 212, Electronic Communications Privacy Act, 18 USC 2700 et seq, again clarifying that it does not apply if one of the parties is already named in the warrant. This would assume that the possibility of electronically stored communications was anticipated by the warrant, which should always be the case. The legislative history is barren on this, but what standing would an intruder have to object? (c) through (e) create something new, not in the federal law. This basically is a response to the main complaint about the usual investigation, which is that the gear and files disappear into the maw of the eagle, and are seldom if ever heard from again. Having someone say "we're working on it" every other month is not what I think James Madison had in mind. I think that such limbo should not be imposed, assuming that it ever is, and the best way to keep that from happening would be to require a regular accounting and progress report. This would not only be reasonable, but it would also accomplish two other boons: it would give us a need to keep our investigation going instead of watching our resources get reassigned, and it should forestall more draconian controls if this perception gets any more widespread. We did exactly this when we prosecuted John "Captain Crunch" Draper, and it worked well. I wouldn't try to process evidence any other way. (f) would empower our Attorney General to establish regulations for the search of electronically stored material much as the AG now sets the policies on confidentiality and privacy of Criminal Offender Record Information/"rap sheets". Going by administrative regulation rather than by way of additional legislation guarantees that we will not stray from federal rules, which should keep civil rights prosecutions of prosecutors per 42 USC 1983 at a minimum. What is needed to bring this about? The basic hope is to have it debugged and ready to submit by October: ready to submit means, among other things, that we have some organized support from concerned citizens. The immediate hope is that both law enforcement and civil libertarians will see the wisdom of structuring what is now not as structured and be willing to support it. The idea is to keep it clean and simple; if glitches later develop, we could amend it again, but the essential aspect at this point is to get legislative recognition of the fact that search warrants for electronic material are already different from search warrants for other things. If we do that, and can get the Attorney General to agree, it should fly. My fondest hope is that come October I could represent to the appropriate legislator that the AG, the CDAA, the ACLU, the CPSR, and the academic and business communities thought this a heck of an idea, and in their view essential. In summary, and in particular regard to the concerns of prosecutors like me, this proposal would avoid the need to develop an electronic privacy measure in California by adopting the federal law, and giving the Attorney General the responsibility to keep up with its amendments through the California Code of Regulations. Two other states, Utah and Florida, have crafted their own versions of the federal Electronic Communications Privacy Act; that independent course risks inconsistencies and uncertainties as the judicial process construes the ECPA. The enactment of this proposal would avoid that, while at the same time providing all available guidelines to law enforcement and to citizens concerned with the freedom to use computer technology and with electronic privacy, who are, after all, a significant portion of the People in whose behalf we prosecutors are privileged to appear. ------------------------------ Date: Wed, 24 Jul 91 09:27:28 PDT From: a_rubin@dsg4.dse.beckman.com Subject: New Jersey "software engineering" registration legislation (J.M.Ritter) [Following are large excerpts from articles posted by jmr@motown.allied.com (John M. Ritter) on comp.{os.msdos,sys.ibm.pc,unix}.programmer. ] New Jersey, that state which has lately proved to be ``the toughest in the nation'' by trampling on its residents is once again attempting to reach all new lows. Now, what has this got to do with programming...? A bill has passed in the assembly that would require the licensing of computer programmers -- to protect the public interest, of course. Lord knows the number of times I've been accosted in pizza parlors, late at night, by renegade bands of unlicensed programmers. Well, now we'll be able to control these low-lifes. If you think I'm kidding, read on. What follows is Assembly Bill A-4414, which has already passed the assembly. AT&T has estimated that it would need to license over 5,000 people in New Jersey alone, and there is nothing in the bill that differentiates home from business use. So watch out: besides being arrested for legally buying a gun 20 years ago, you could also be arrested for modifying a DOS batch file! New Jersey and you. Perfect together? John M. Ritter, Allied-Signal, Inc., Corporate Tax Department jmr@motown.Allied.COM {att,bellcore,clyde,princeton,rutgers}!motown!jmr = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = ASSEMBLY, No. 4414 STATE OF NEW JERSEY INTRODUCED JANUARY 24, 1991 by Assemblywoman KALIK, Assemblymen CASEY, Spadoro and Mazur AN ACT providing for the licensure of software 1[engineers] _________1, amending P.L.1971, c.60, P.L.1974, c.46 and P.L.1978, c.73, and supplementing Title 45 of the Revised Statues. BE IT ENACTED by the Senate and General Assembly of the State of New Jersey: 1. (New section) This act shall be known and may be cited as the ``Software 1[Engineers'] __________1 Licensing Act.'' 2. (New section) The Legislature finds and declares that the public interest requires the regulation of the practice of software 1[engineering] _______ ___1 and the establishment of clear licensure standards for software 1[engineers] _________1, and that the welfare of the citizens of this State will be protected by identifying to the public those individuals who are qualified and legally authorized to practice software 1[engineering] _________1. 3. (New section) As used in this act: ``Board'' means the State Board of Software 1[Engineers] _________1 esta- blished pursuant to section 4 of this act. ``Licensed software 1[engineer] ________1'' means any person who practices software 1[engineering] _________1 and who represents himself to the pub- lic by title or by description of services under any title incorporating such terms as ``software engineer,'' 1``________ ________,''1 ``chartered engineer,'' or ``CEng'' or any similar title or description of services, who is duly licensed pursuant to this act. ``Software 1[engineering] _________1'' means the process of creating software systems and applies to techniques that reduce software cost and complexity while increasing reliability and modifiability, which includes, but is not limited to, the elements of requirements 1[engineering] _______ ___1, design specification, implementation testing and validation, opera- tion and maintenance and software management. 4. (New section) There is created within the Division of Consumer Affairs in the Department of Law and Public Safety the State Board of Software 1[Engineers] _________1. The board shall consist of nine members who are residents of the State who shall be appointed by the Governor. Six members shall be licensed software 1[engineers] _________1 who have been actively ____________________________ EXPLANATION--Matter enclosed in bold-faced brackets [thus] in the above bill is not enacted and is intended to be omitted in the law. Matter underlined ____ is new matter. Matter enclosed in superscript numerals has been adopted as follows: 1 Assembly ACP committee amendments adopted June 13, 1991. 2 Assembly floor amendments adopted June 24, 1991. engaged in software 1[engineering] _________1 for at least five years immediately preceding their appointment, except that the members initially appointed shall be licensed pursuant to this act within 18 months of appointment. Of the remaining members, two shall be public members, and one shall be a member of the executive branch, all of whom shall be appointed pursuant to section 2 of P.L.1971, c.60 (C.45:1-2.2). 5. (New section) Each member of the board, except the members first appointed, shall serve for a term of five years and shall hold office until the appointment and qualification of his successor. The initial appointment to the board shall be: two members for terms of two years, two members for terms of three years, two members for terms of four years, and three members for terms of five years. Vacancies shall be filled for the unexpired term only. No member may be appointed for more than two consecu- tive terms. 6. (New section) Members of the board shall be compensated and reimbursed for expenses and provided with office and meeting facilities pursuant to sec- tion 2 of P.L.1977, c.285 (C.45:1-2.5). 7. (New section) The board shall annually elect from among its members a chair, vice-chair and a secretary. The board shall meet twice per year and may hold additional meetings as necessary to discharge its duties. 8. (New section) The board shall: a. Review the qualifications of applicants for licensure; b. Insure the proper conduct and standards for examinations; c. Issue and renew licenses to software 1[engineers] _________1 pur- suant to this act; d. Refuse to admit to examination, refuse to issue, or suspend, revoke or fail to renew the license of a software 1[engineer] ________1 pursuant to the provisions of P.L.1978, c.73 (C.45:1-14 et seq.); e. Maintain a record of every software 1[engineer] ________1 licensed in the State, their places of business, places of residence and the date and number of their license; f. Establish fees pursuant to P.L.1974, c.46 (C.45:1-3.1 et seq.); g. Adopt and promulgate rules and regulations pursuant to the ``Admin- istrative Procedure Act,'' P.L.1968, c.410 (C.52:14B-1 et seq.) necessary to effectuate the purposes of this act. 9. (New section) No person shall practice, or present himself as able to practice, software 1[engineering] _________1 unless he possesses a valid license as a software 1[engineer] ________1 in accordance with the provi- sion of this act. 10. (New section) The provisions of this act shall not be construed to prevent the following provided that no word, letter, abbreviation, insignia, sign, card or device is used to convey the impression that the person rendering the service is a licensed software 1[engineer] ________1: a. Any person licensed to practice in this State under any other law from engaging in the practice for which he is licensed; b. Any person employed as a software 1[engineer] ________1 by the federal government, if the person provides software 1[engineering] _________1 services solely under the direction or control of his federal employer; or c. Any person pursuing a course of study leading to a degree or certi- ficate in software 1[engineering] _________1 at an accredited or approved educational program if the person is designated by a title which clearly indicates status as a student or trainee. 11. (New section) To be eligible for a licensure as a software 1[engineer] ________1, an applicant shall submit to the board satisfactory evidence that he has: a. 2(1)2 Graduated from a program in software 1[engineering] _________1 which has been approved for the education and training of software 1[engineers] _________1 by an accrediting agency recognized by the Council on Post-Secondary Accreditation and the United States Department of Education; or (2) Work experience in a current or previous position of employment utilizing the theory and procedures of software designing for a suf- ficient period of time as determined by the board; and b. Successfully completed a written examination administered by the board pursuant to section 14 of this act to determine his competence to practice software 1[engineering] _________1. 12. (New section) An applicant for licensure who is a graduate of a foreign school of software 1[engineering] _________1 shall furnish evidence satis- factory to the board that he has: a. Completed a course of study in software 1[engineering] _________1 which is substantially equivalent to that provided in an accredited program described in subsection a. of section 11 of this act; and b. Successfully completed a written examination administered by the board pursuant to section 14 of this act. 13. (New section) A fee shall accompany each application for licensure. Licenses shall expire biennially on January 31 and may be renewed upon submission of a renewal application provided by the board and a payment of a fee. If the renewal fee is not paid by that date, the license shall automatically expire, but may be renewed within two years of its expira- tion date upon payment to the board of a sum determined by it for each year or part thereof during which the license was expired and an addi- tional restoration fee. If a license has not been renewed within two years of expiration, the license shall only be renewed by complying with the provisions of section 16 of this act or successfully completing the exami- nation administered pursuant to section 14 of this act. 14. (New section) The written examination required in section 11, 12, or 13 of this act shall test the applicant's knowledge of software 1[engineering] _________1 theory and procedures and any other subjects the board may deem useful to test the applicant's fitness to practice software 1[engineering] _________1. Examinations shall be held within the State at least once every six months at a time and place to be determined by the board. The board shall give adequate written notice of the examination to applicants for licensure and examination. If an applicant fails the examination twice, the applicant may take a third examination not less than one year nor more than three years from the date of the applicant's initial examination. Additional examinations shall be in accordance with standards set by the board. 15. (New section) The board shall issue a license to each applicant for licen- sure as a software 1[engineer] ________1 who qualifies pursuant to the provisions of this act and any rules and regulations promulgated by the board. 16. (New section) Upon payment to the board of a fee and the submission of a written application on forms provided by it, the board shall issue without examination a license to a software 1[engineer] ________1 who holds a valid license issued by another state or possession of the United States or the District of Columbia which has standards for licensure substan- tially equivalent to those of this State. 17. (New section) Upon payment to the board of a fee and the submission of a written application on forms provided by it, the board shall issue a temporary license to a person who has applied for licensure pursuant to this act who, in the judgment of the board, is eligible for examination. A temporary license shall be available to an applicant upon initial applica- tion for examination. A person holding a temporary license may practice software 1[engineering] designing only under the direct supervision of a licensed software 1[engineer] ________1. A temporary license shall expire automatically upon failure of the licensure examination but may be renewed for an additional six-month period, until the date of the next examination at which time it shall automatically expire and be surrendered to the board. ------------------------------ End of RISKS-FORUM Digest 12.09 ************************