Subject: RISKS DIGEST 15.21 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 2 November 1993 Volume 15 : Issue 21 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Investment program turns into doomsday machine (Meine van der Meulen) Direct E-Mail: J.S. McBride & Co. (anonymous) "RSI does not exist" (Gavin Matthews) Public relations (Phil Agre) Procrustus (Bob Frankston) Re: Magnetic Fields in Subway Cars (Peter Debenham, Andrew Marchant-Shapiro) Re: Fiber Optic Cable Hazards (Bonnie J Johnson) Re: Breakdown in computerised voter support, Oslo (H?vard Hegna) Re: Ethernet addresses as port ids (Bob Rahe) Virus Security Instituate VSI '94 Announcement (A. Padgett Peterson) ESORICS 94: Call for Papers (Yves Deswarte) The RISKS Forum is a moderated digest discussing risks; comp.risks is its USENET counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to risks@csl.sri.com, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. PLEASE SEND REQUESTS FOR SUBSCRIPTIONS, archive problems, and other information to risks-request@csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS". Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 15, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. There are also alternative repositories, such as bitftp@pucc.Princeton.EDU . If you are interested in receiving RISKS via fax, please send E-mail to risks-fax@vortex.com, phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for information regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; instead, as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Tue, 02 Nov 1993 13:43 +0100 (MET) From: MEULEN@tno.nl Subject: Investment program turns into doomsday machine >From the dutch newspaper "De Volkskrant", 2 November 1993: The investment fund Groeigarant put the "Black Box" out of order. It was designed by Ton Jongbloed, former president of Staal Bankiers, to advise investors. He claimed on long term it would be twice as profitable as investing in public loans. However the expert system EIS (Electronic Investment Sector) proved to be a "doomsday machine". Only by disconnecting it from the mains larger damage could be averted. Roughly, the principle of the program was: buy when prices go down, sell when prices go up. This policy was used for several funds selected by Groeigarant. Several months already, prices on the Amsterdam stock market are going up. Therefore, EIS issued orders to sell only. It sold almost all the stocks Groeigarant had, and would have sold even more. The latter would have led to a very risky situation. Selling stocks not available can lead to severe losses when forced to deliver (and having to buy at even higher prices). Groeigarant says it will base its future investments on fundamental and technical analysis of the stock market. Luckily, the consequences for the fund have been kept to a minimum. Severe losses have been prevented. At the moment the fund mainly possesses money, rather than stocks. Meine van der Meulen, The Netherlands Organization for Applied Scientific Research TNO, Department of Industrial Safety, meulen@tno.nl. ------------------------------ Date: Mon, 1 Nov 93 10:11:21 xST From: [Anonymous] Subject: Direct E-Mail: J.S. McBride & Co. According to the Internet Business Report 1.3 (page 4), J.S. McBride and Company are selling access to a database of Internet addresses, including demographic information. They claim over one million entries. The net address is jim_mcbride@netmail.com, and I am sure they would enjoy hearing from anybody who would like to be removed from the list. [Equifax revisited? PGN] ------------------------------ Date: Tue, 02 Nov 1993 00:44:16 -0700 (PDT) From: Gavin Matthews Subject: "RSI does not exist" The Guardian, 1993-10-29 Friday Keyboard injury does not exists, judge rules. Angella Johnson Thousands of keyboards workers suffering the effects of what they believe to be Repetitive Strain Injury were told by a High Court judge yesterday that the condition did not exist. He suggested that keyboard users forced to give up their jobs because of aching muscles and joint were ``eggshell personalities who needed to get a grip on themselves''. In a test case ruling that has implications for compensation claims by RSI victims, Judge John Prosser, QC, declared in the High Court that RSI was meaningless and has ``no place in the medical books''. He said the condition was more psychosomatic than physical and rejected a claim for damages by journalist Rafiq Mughal against his former employers Reuters news agency. [There's twice as much again and a followup article `Rulings may only delay claims avalanche' the same length.] ------------------------------ Date: Mon, 1 Nov 1993 22:10:23 -0800 From: Phil Agre Subject: Public relations A new article by Oscar Gandy sketches the role of computers in the shifting place of public relations in policy formation in the US, together with some instances of PR affecting policies about information technology. His very useful central concept is the "information subsidy". He points out that many organizations, from the press to the Congress, run on vast amounts of information, but their ability to generate their own information is limited by their budgets. PR people and lobbyists, funded by whoever has enough money and a perceived stake in the outcome, fill the vacuum by supplying information that is customized to fill the organization's needs while simultaneously serving the interests of their patrons. The result is a growing commercialization of the public discourse and the political process, a development with worrisome implications for the cause of democracy. The full reference is: Oscar H. Gandy, Jr., Public relations and public policy: The structuration of dominance in the information age, in Elizabeth L. Toth and Robert L. Heath, eds, Rhetorical and Critical Approaches to Public Relations, Hillsdale, NJ: Erlbaum, 1992. Phil Agre, UCSD ------------------------------ Date: Tue, 2 Nov 1993 04:15 -0400 From: Bob_Frankston@frankston.com Subject: Procrustus Two minor incidents this week. Twice I tried to leave my Sky-Gram phone number as a contact number. Once when getting my car serviced and the other at Children's Hospital. In both cases the data entry field knew what a phone number was and didn't like this silly pin and other commentary. Of course, it would allow any extension number. Or international number. The dark side of data validation and unimaginative implementations. My kids have hyphenated names. The hospital's system can't, of course, hack hyphens. Neither can airline reservation systems. Can anyone explain this? It's not as if hyphenated names are new. Do systems in the UK exhibit this kind of silliness? These observations aren't profound. They just point up the many petty bad design decisions these systems are rife with. Of course, my trip to the ER pointed out many other disappointments with the DP departments. Analog X-Rays that I had to carry from the pediatrician's to the hospital. The residents on duty had to ask for the same information that the pediatrician already knew. In fact, since I relieved my wife midway through the process, I didn't know the answers as well. If the details were significant they would have affected the treatment. I won't even complain about the amount of time wasted shuffling around. I'll just chalk this up to the risks of nontechnology. Many readers will, I am sure, applaud the hospital's cautious approach to implementing technology and will point out that I didn't a prescription for a lethal dosage of the wrong medicine. True. But a lack of knowledge can also be dangerous. And wasting time is not a feature. ------------------------------ Date: Tue, 02 Nov 1993 13:36:48 +0000 (GMT) From: PMDebenham@email.meto.govt.uk (Peter Debenham) Subject: Re: Magnetic Fields in Subway Cars Following on from the item in Risks15.20, parts of London's Underground system has (or at least 2 years ago had) the same problem of the electromagnetic fields from the trains wiping data from floppy disks. One or two lines were especially bad where the trains differed from the rolling stock on the other lines. Whether the new rolling stock being introduced has solved the problem or made it worse someone else will have to tell. Awareness of the problem was variable. Peter Debenham, Rm165, APR, Meteorological Office, London Rd., Bracknell, Berks., UK. RG12 2SZ +44 (0)344 856974 pmdebenham@email.meto.govt.uk ------------------------------ Date: 2 Nov 93 08:45:00 EST From: "MARCHANT-SHAPIRO, ANDREW" Subject: Re: Magnetic Fields in Subway Cars (Drzyzgula RISKS-15.20) In RISKS-15.20, Bob Drzyzgula notes his experience with a paperclip while riding on the Washington Metro. While I was in DC last spring, I didn't have much opportunity to move disks around, but I did notice the Metro's emissions. We have a compass in our car (after living in Chicago, navigating in the East requires one!) and I could see it jump all over the place when we were traveling near the Metro; the worst case was when passing OVER the metro tracks. I'm not at all certain how strong a field is required to change data on a floppy disk; but I will try an experiment this spring, just to satisfy myself that it's safe to travel with my notebook! I must confess that I used to have the same sort of question about the Chicago Elevated system, and that I never had data erased while I was using that to commute; In fact, I've never experienced floppy failure at all; but it sounds like the Metro may be using a different technology in its motors than the El, so it bears investigation... Andrew Marchant-Shapiro, Depts of Sociology and Political Science, Union College, Schenectady NY 12308 (518) 388-6225 marchana@gar.union.edu ------------------------------ Date: Tue, 02 Nov 93 09:55:53 EST From: Bonnie J Johnson Subject: Fiber Optic Cable Hazards I read with interest the story about the Telecom Worker who had died from accidentally getting a piece of fiber into his bloodstream. Since I didn't see much activity on this list about it, I sent out messages to a Telecom and Safety list. You see, we pull, rehab and terminate our own fiber here and I certainly want to warn our guys of possible hazards. Some of the feedback I have received so far includes these: "This sounds like a hazard which would be encountered in glassblowing shops. Do you have a chem dept. with a glassblower on staff". "I have been warned that your body does not see glass as a foreign object in the same way that it sees wood for example. So a glass splinter will not itch or irritate, and so it will work into your body. Once there it may meander around and cause fatal problems. I frankly have no idea if this is true, it was a warning given out at a reputable fiber optic termination class. It certainly sounds like a good urban legend material". "In my graduate fiber optics class, we were warned about this when the prof. passed around some fiber. He told us to be careful to not stick our fingers with the glass, because it was small enough to get into the bloodstream and stop your heart. Now whether this is actually true or just a fiber optic myth/ledgend, I'm not sure. However, I do trust that paticular professor quite a bit. I don't think he told us that just to hear himself think.....". Anyone one else get any pertinent personal replies they can pass along? ------------------------------ Date: Tue, 2 Nov 1993 15:15:04 +0100 From: H?vard Hegna Subject: Re: Breakdown in computerised voter support, Oslo Just some comments and clarifications to the message of Reidar Conradi of Nov.1 1993 (RISKS-15.20). Basically the message is correct, but: 1) In Norway voters are automatically "registered" and eligible to vote from the year when they reach 18. They do not have to "pre-register", as is common in the US. The turn-out normally approaches 80 % of the registered voters in the general election. "Electorate management" then is the check at the local polling stations that the voters are in the electorate and that they have not voted before, there or elsewhere. Most polling stations are placed in the local public schools. Oslo is one of 19 constituencies electing several Members of Parliament (MPs). There are 165 MPs in all, Oslo's 360 000 registered voters elect 16 of them. 2) Two computer based electorate systems were used in this election. Both used the schools regular PCs to save costs. The system that failed in Oslo was based on a centralized register, with the PCs acting as terminals. The other system, used in Bergen (the second largest city) was based on local PCs with copies of the full register. This system worked well, but with some unexpected costs. The Norwegian Data Ombudsman insisted that all the PC hard-disks be replaced after the election, so that no copies or shadow disk images of the register could escape. It is basic to Norwegian election laws that no-one shall know who voted. The register itself should, of course, also be under lock and key. 3) The Oslo voters had received a voting card shortly before the election. This contained light-pen readable code that greatly simplified checking, provided the system was running. One could of course vote without the card. Proof of one's identity may have to be presented. 4) The breakdown in the communication from the schools to the central register occurred because of what was variously called "a programming error in the communication equipment", " a configuration error", "a last minute change for reasons of better performance or functionality", and "a missing full-scale test". The communication was based on X.25 and the trouble seems to come from a wrong setting of X.3/X.29 PAD parameter 3, "Selection of data forwarding character". A municipal commission of independent experts now studies the organisation, procedures, user education, and systems of the election from "every angle". It is not yet clear who commissioned the PAD setting, at what time, for what purpose and under which control and testing scheme. 5) The Oslo municipal election board did not in fact unanimously recommend a re-election. Based in particular on the fact that 700 votes cast at one of the polling stations, had disappeared, they unanimously voted against sanctioning the result. This left the decision on the question of re-election, to the Parliament. The 700 votes were not lost as a direct result of the computer failure, but probably disappeared in the general confusion after the polling station closed and the counting started. 6) All in all, the election was basically under control. Although the municipal administration was clearly too optimistic with respect to the blessings of computer technology, there were enough communication and computer logs, manual backup routines, paper ballots, and envelopes around, to check whether the final results where within generally acceptable error bounds. Except for the one large loss of votes mentioned above, the errors were small and of the size also expected in a manually run election, according to the administration. They did not add up to an amount that would influence the selection among the candidates. 7) The Government proposed last year that a wholly computerized voting system, with Direct Recording Equipment and no paper ballots, could be tested in the 1993 general Election. This was rejected by the Parliament, partly as a consequence of pressure from computer specialists, pointing to the US experience, as reported in RISKS and elsewhere (thank you, all of you). The 1993 experience has done a lot to confirm that rejection. 8) An account of the expectations of the project leader for the Oslo election, can be found in the "New Scientist" of Sept.11, 1993. One of the high-lights is the following quote: "An election with only electronic voting can be much more secure and correct than a paper-based one. But we feel the (Parliamentary) commitee did not have the necessary knowledge to trust such an advance in the use of technology." 9) A personal note: I consider the Oslo election a success, in the sense that it demonstrates wonderfully the necessity of a system of control routines _outside of_ the computer voting equipment. In particular that some form of manually controllable paper ballots be available. A ballot that the voter can read before it is placed in the urn, and that the counting personnel can count manually as a precaution, or if necessary due to a close race, or an equipment failure, or public scepticism. All other forms of control have to be based on computer trust, and on total trust of the computer specialists involved. As some-one wrote in an Oslo newspaper (Arbeiderbladet, Sept. 28), after the Parliament decided against a re-election: "Casting one's vote is as close to a sacred act as one can get in a modern democratic secular society. The high-priests of modern technology should be kept at arms length from the more sensitive parts of that act." Havard Hegna, Norwegian Computing Center, Oslo, NORWAY Havard.Hegna@nr.no (A semi-governmental non-profit computer science research institute) ------------------------------ Date: Tue, 2 Nov 1993 07:55:08 EST From: bob@hobbes.dtcc.edu (Bob Rahe) Subject: Re: Ethernet addresses as port ids (Peterson, RISKS-15.20) In RISKS-15.20 padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) writes: |>While Mr. Rahe is correct as far as a PING is concerned, the actual packets |>*must* contain the actual hardware address of the sender in order for |>the host/server to respond. The fact that the real address may be buried |>a bit in the packet does not mean that it is not there. Well, no, not true. The actual REAL ethernet address of the sender is lost, from the receiver's point of view, once the packet passes through a router (as another poster mentioned in the same digest). The address that IS passed along inside the packet is the next layer up - the IP address. That address is TOTALLY software driven and thus useless for identifying a port in your scheme. This discussion sort of assumes TCP/IP over ethernet. As was mentioned, DEC does some things differently and I'm sure there are other schemes, but the ethernet address isn't there past a router. (And lots of systems can change their ethernet address anyway). I'd suggest Comer's book on TCP/IP for a good discussion of the basics of ethernet and TCP/IP nets. ------------------------------ Date: Tue, 26 Oct 93 10:19:59 -0400 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Virus Security Instituate VSI '94 Announcement CONFERENCE ANNOUNCEMENT VSI '94 Philadelphia, Pennsylvania - USA March 29-30, 1994 Presented by the Virus Security Institute "A Different Kind of Information Security Conference" VSI '94 -- two intense days of interactive collaboration focused on the development of a working information security model appropriate to both the management and technical challenges of the mid-90s. Security is not a book of rules; it is an organic and dynamic process. This principle will be expanded through an agressive combination of speakers, scenarios and solutions. VSI '94 is not a hit-or-miss conference. The program is carefully structured to provide not only state-of-the-art information but practical techniques that "push the envelope". DAY ONE: In the morning, industry experts will present a limited number of papers dealing with state-of-the-art considerations divided into three areas: scientific, technical, and managerial. This will provide a primer for what is to follow. In the afternoon, participants will restructure a traditional organization to reflect the information security needs of the mid-90s. The Management Track will address requirements for executives, financial and legal considerations, operating parameters, policies and procedures, re-engineering, communications requirements and a five-year plan. The Technical Track will explore tools and techniques currently available, define requirements and techniques to preserve vital information that may come under attack from any quarter, automation of support functions, necessary networking and risk assessment. Industry experts in each field will be present to make suggestions and offer examples. The afternoon will be divided into segments for each of the tracks with a focus provided for each. If the participants fail to reach a concensus within the segment's alotted time, the legacy baseline will be used on the next day. Further planning is encouraged in the bar and at the reception. DAY TWO: Each of the elements of the restructured model will be examined and challenged, both by speakers and participants. Management will be given legal, financial, and stockholder concerns to address. Technical will defend against attack scenarios ranging from viruses to terrorists to incendiary cows & leaking tunnels. PLENARY: A recap of the proceedings analyzing strengths and weaknesses of the model as developed, challenged, and improved. PAPERS: We solicit papers/speakers focusing on the subjects of fiendish attacks, brilliant solutions, organizational indifference, and prognostication. The focus will be on salvation from the Networks (both interpretations apply). SITE: The entire conference floor of the Philadelphia Airport Hilton has been reserved for VSI '94. Rooms for Birds-of-a-Feather meetings may be reserved in advance, subject to availability. Facilities will be available for larger, lengthy formal meetings on Monday, March 28. The hotel is designed to facilitate "H" (hall) track sessions. Room Rates: $72/night, single or double. Contact the Hilton (302)792-2700 The Hilton provides a complimentary continental breakfast to all hotel guests. TRAVEL: Philadelphia International Airport (transportation from airport provided by the Hilton) is served by most major airlines. Drive time from either Washington, DC or New York is approximately 2 hours. AMTRAK serves Philadelphia's 30th Street Station (local train available every half hour to airport for Hilton pickup). Discounted airfares are available from Sand Lake Travel (800)535-1116 / (407)352-2808 / FAX (407)352-2908 AMENITIES & AMUSEMENTS: Philadelphia is rich in attractions, from the Liberty Bell to the Franklin Institute to the Art Museum to the bustling 9th Street Market. Excellent shopping in both Philadelphia and tax-free Delaware. Nearby is the famous Brandywine Valley, home of Winterthur, Longwood Gardens and Andrew Wyeth. A full activities packet will be available to all registrants. INFORMATION: For more information, E-Mail or Fax: EMAIL: VSI94_info@dockmaster.ncsc.mil (case sensitive) FAX: (302)764-6186 (include E-Mail address, please) Honorary/Convening Chairman - Dr. Harold Joseph Highland, FICS Conference Chair: Pamela Kane Program Chair: Padgett Peterson PSKane@dockmaster.ncsc.mil Padgett@tccslr.dnet.mmc.com Founding Members and Directors of the Virus Security Insitute Vesselin Bontchev Dr. Klaus Brunnstein Dr. William Caelli Jon David Christoph Fischer Ross Greenberg Dr. Harold Joseph Highland, FICS Pamela Kane A. Padgett Peterson, P.E. Yisrael Radai Fridrik Skulason Dr. Alan Solomon ------------------------------ Date: Tue, 2 Nov 1993 11:25:07 +0100 From: deswarte@laas.fr (Yves Deswarte) Subject: ESORICS 94: Call for Papers ::::: Yves Deswarte - LAAS-CNRS & INRIA - 31077 Toulouse (France) ::::: :::: E-mail:deswarte@laas.fr - Tel:+33/61336288 - Fax:+33/61336411 :::: European Symposium on Research in Computer Security Brighton, United Kingdom, November 7th-9th, 1994 ESORICS-94 (European Symposium on Research in Computer Security) is organised by The IMA in cooperation with AFCET (creator), BCS Security Special Interest Group, and CERT-ONERA. AIM AND TOPICS: The aim of this symposium is to further the progress of research in computer security by bringing together researchers in this area, by promoting the exchange of ideas with system developers and by encouraging links with researchers in areas related to computer security, information theory and artificial intelligence. Papers are solicited in the following areas: - Theoretical Foundations of Security- security models and specifications, contribution of formal logic and information theory, formal development techniques - Secure Computer Systems- operating system security, network security, security management, virus and worms, contribution of artificial intelligence, contribution of new architectures and new technologies - Security in Data and Knowledge Bases- - Security in other Applications- transaction systems, process control, real time, distributed applications - Cryptography Applications- authentication, key management, signature - Security Verification and Evaluation- formal methods, measure and evaluation of risks, measure and evaluation of security, criteria, protocol verification - Software Development Environments for Security- - Operation of Secure Systems- management, intrusion detection - Security versus other requirements Security and costs, performances, dependability, safety, reliability,... All application fields are welcome (medical, industrial, financial, copyright,...) as long as the proposals remain in the scope of research in computer security. This list is not exhaustive. Research papers, position papers and panel proposals will be welcomed. SUBMISSIONS: Six copies of papers or panel proposals should be submitted to the program chair by March 25th, 1994 at the following address: Gerard Eizenberg CERT-ONERA ESORICS 94 2, avenue E. Belin B.P. 4025 31055 Toulouse Cedex France The texts must be submitted in English. Papers should be limited to 6000 words, full page figures being counted as 300 words. Each paper must include a short abstract and a list of keywords indicating subject classification. Notification of acceptance will be sent by June 24th, 1994, and camera-ready copies will be due on September 1st, 1994. Panel proposals should include title, proposed chair, tentative panelists, a 2 or 3 paragraphs description of the subject, format of the presentation, and rationale for the panel. For further information and/or copy of the advance program when available, send E-mail to Dieter Gollmann at the next address: dieter@dcs.rhbnc.ac.uk or write to: Pamela Irving Conference Officer The Institute of Mathematics and Its Applications 16 Nelson Steet Southend-on-Sea ESSEX SS1 1EF United Kingdom IMPORTANT DATES: Submission deadline: March 25th, 1994 Acceptance notification: June 24th, 1994 Camera-ready copy due: September 1st, 1994 GENERAL CHAIR: Roger Needham (University of Cambridge, United Kingdom) PROGRAM COMMITTEE CHAIR: Gerard Eizenberg (CERT-ONERA, France) VICE-CHAIR: Elisa Bertino (Universita di Milano, Italy) Bruno d'Ausbourg (CERT-ONERA, France) Thomas Beth (Universitaet Karlsruhe, Germany) Joachim Biskup (Universitaet Hildesheim, Germany) Peter Bottomley (DRA, United Kingdom) Yves Deswarte (LAAS-CNRS & INRIA, France) Klaus Dittrich (Universitaet Zuerich, Switzerland) Simon Foley (University College, Ireland) Dieter Gollmann (University of London, United Kingdom) Franz-Peter Heider (GEI, Germany) Jeremy Jacob (University of York, United Kingdom) Sushil Jajodia (George Mason University, USA) Helmut Kurth (IABG, Germany) Teresa Lunt (SRI, USA) Giancarlo Martella (Universita di Milano, Italy) Catherine Meadows (NRL, USA) Jonathan Millen (MITRE, USA) Emilio Montolivo (Fondazione Ugo Bordoni, Italy) Roger Needham (University of Cambridge, United Kingdom) Andreas Pfitzmann (Technische Universitaet Dresden, Germany) Jean-Jacques Quisquater (UCL, Belgium) Einar Snekkenes (NDRE, Norway) ORGANISING COMMITTEE Dieter Gollmann (University of London, United Kingdom) Pamela Irving (IMA, United Kingdom) ------------------------------ End of RISKS-FORUM Digest 15.21 ************************