Subject: RISKS DIGEST 15.44 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Weds 2 February 1994 Volume 15 : Issue 44 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Canada to monitor phone calls, fax, etc.? (Walter C. Daugherity) Risks of cliche collisions on the information superhighway (Phil Agre) Irrational risk research (Phil Agre) Czech computer fraud (Mich Kabay) Clipper Petition (Dave Banisar) "Digital Woes" by Lauren Wiener (Rob Slade) The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. CONTRIBUTIONS to risks@csl.sri.com, with appropriate, substantive "Subject:" line; others may be ignored! Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially .UUCP folks. If you cannot read RISKS locally as a newsgroup (e.g., comp.risks), or you need help, send requests to risks-request@csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS". Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousYourName CD RISKS:GET RISKS-i.j" (where i=1 to 15, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is vital. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Wed, 2 Feb 94 09:04:52 -0600 From: daugher@chisholm.cs.tamu.edu (Walter C. Daugherity) Subject: Canada to monitor phone calls, fax, etc.? >From EDUPAGE: HIGH-TECH SNOOP GADGET. A super-secret branch of the Canadian Security Intelligence Service has awarded three contracts to a Montreal firm to make equipment that can quickly isolate key words and phrases from millions of airborne phone, fax, radio signals and other transmissions. The hardware has the "Orwellian potential to sweep through ... and keep records of all conversations," said one CSIS critic. (CTV National News, 01/31/94 11:00 pm). Walter C. Daugherity, Texas A & M University, College Station, TX 77843-3112 Internet, NeXTmail: daugher@cs.tamu.edu uucp: uunet!cs.tamu.edu!daugher ------------------------------ Date: Tue, 1 Feb 1994 12:06:51 -0800 From: Phil Agre Subject: Risks of cliche collisions on the information superhighway The 1 Feb 1994 Wall Street Journal's front page center column is about the metaphors generated by the phrase "information superhighway", which (all are reported to agree) Al Gore coined by analogy to the US interstate highway system. What the article, like the vast majority of recent articles on the topic, is the whole point of the "highway" metaphor, which is the proposition that long-distance vehicle/information transfer may well be a natural monopoly, thus calling for the creation of some kind of public utility. This is a fairly spectacular example of the organized forgetting that goes on in the "agenda setting" process in US politics (and those, no doubt, of other countries, in their own ways). The risk here is that these semantical magic tricks may in the end deprive the public of the information infrastructure they deserve. Evidence on this count is readily available, it so happens, in the 2/1/94 New York Times (business section, page C6), where we are told that investors are terrified that the Bell Atlantic - TCI merger might actually "lead to a destructively competitive "two-wire world", where phone and cable companies" would construct competing networks. Although the analysts are alarmed, Bell Atlantic has reassured its investors that it will be doing its best to avoid that scenario by focusing first on relatively high-profit (i.e., uncompetitive) markets. Heads up. Phil Agre, UCSD [We are going to see all sorts of metaphors springing up on the InfoSuperhighway, such as speeding (illicit acts), speedtraps (network monitoring to detect misuse), parking lots (traffic congestion), StopAndShop (overload from 300 channels of home shopping), deprogramming services (for the compulsive shopper), and designated drivers (the device drivers you can trust). Maybe even BurmaShave signs scattering doggerel poetry along the way for the oldtimers. PGN] ------------------------------ Date: Tue, 1 Feb 1994 20:09:14 -0800 From: Phil Agre Subject: irrational risk research The 1 Feb 1994 New York Times (science section) includes an article by Daniel Goleman entitled "Hidden rules often distort ideas of risk". It's about a set of social psychological ideas about "perceptions" of risk that become newsworthy about once a year despite never seeming to change. These include the following: * Risks that are imposed loom larger than those that are voluntary. * Risks that seem unfairly shared are also seen as more hazardous. * Risks that people can take steps to control are more acceptable than those they feel are beyond their means to control. * Natural risks are less threatening than man-made ones. * Risks that are associated with catastrophes are especially frightening. * Risks from exotic technologies cause more dread than do those involving familiar ones. The article reports a spectrum of views about the best explanation of these results and the best policies to deal with them. This spectrum might be categorized as follows: Conservative: People are irrational, so forget 'em. Moderate: People are irrational, but we can persuade them. Liberal: People are irrational, but hey, everyone has faults, so let's humor them a little. The common element, of course, is that is a view of ordinary people as irrational because their rankings of the risks from various technologies are considerably different from those of the experts. What somehow never ceases to me is that all three approaches neglect a perfectly obvious explanation, which is that people distrust the institutions that seek to reassure them about unfamiliar technologies, having been repeatedly and egregiously lied to in the past by many of those same institutions (they were feeding plutonium to *whom*?), and they resent living in a world dominated by such institutions, so they refuse to acknowledge the claims of any technological project that has not been organized and evaluated in a democratic way. (The article does remark that people don't trust the numbers, but that's apparently because people irrationally fail to weigh the nuclear power plants that blow up against all the ones that don't.) Probably that's too simple, but it explains the data much more straightforwardly than the known alternatives. The interesting sociological question is how this feat of conceptual constriction actually *works*. Does this explanation literally never occur to the people who do this research and write these articles? How can that be? Is it a conscious PR thing? That would be disappointing in a way (too straightforward), but it's certainly true enough with numerous other issues. Clearly, as articles on the science pages so often conclude, further research is needed. Phil Agre, UCSD ------------------------------ Date: 30 Jan 94 14:53:20 EST From: "Mich Kabay / JINBU Corp." <75300.3232@CompuServe.COM> Subject: Czech computer fraud (More on RISKS-15.22) >From the Associated Press newswire via Executive News Service (GO ENS) on CompuServe: Czech-Computer Fraud PRAGUE, Czech Republic (AP, 19 Jan 1994) -- A bank employee was sentenced to eight years in prison for stealing nearly $1.2 million in the Czech Republic's first major computer fraud, a newspaper reported Wednesday. Martin Janku, an employee of the Czech Savings Bank in Sokolov, transferred money to his own account in the bank with the help of his own computer program between September 1991 and April 1992, the daily Mlada Fronta Dnes said. The article continues with a few details: o Janku arrested when he tried to withdraw money from a branch where a teller recognized him as a programmer she'd met during training; o sentenced to 8 years in jail; o claims he was testing bank security; o returned about $1 million of money he stole; rest, he says, was stolen from his car. [Moral: never test someone's security systems without written authorization from the right people.] Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: Mon, 31 Jan 1994 15:59:20 EST From: Dave Banisar Subject: Clipper Petition Electronic Petition to Oppose Clipper Please Distribute Widely On January 24, many of the nation's leading experts in cryptography and computer security wrote President Clinton and asked him to withdraw the Clipper proposal. The public response to the letter has been extremely favorable, including coverage in the New York Times and numerous computer and security trade magazines. Many people have expressed interest in adding their names to the letter. In response to these requests, CPSR is organizing an Internet petition drive to oppose the Clipper proposal. We will deliver the signed petition to the White House, complete with the names of all the people who oppose Clipper. To sign on to the letter, send a message to: Clipper.petition@cpsr.org with the message "I oppose Clipper" (no quotes) You will receive a return message confirming your vote. Please distribute this announcement so that others may also express their opposition to the Clipper proposal. CPSR is a membership-based public interest organization. For membership information, please email cpsr@cpsr.org. For more information about Clipper, please consult the CPSR Internet Library - FTP/WAIS/Gopher CPSR.ORG /cpsr/privacy/crypto/clipper ===================================================================== The President The White House Washington, DC 20500 Dear Mr. President: We are writing to you regarding the "Clipper" escrowed encryption proposal now under consideration by the White House. We wish to express our concern about this plan and similar technical standards that may be proposed for the nation's communications infrastructure. The current proposal was developed in secret by federal agencies primarily concerned about electronic surveillance, not privacy protection. Critical aspects of the plan remain classified and thus beyond public review. The private sector and the public have expressed nearly unanimous opposition to Clipper. In the formal request for comments conducted by the Department of Commerce last year, less than a handful of respondents supported the plan. Several hundred opposed it. If the plan goes forward, commercial firms that hope to develop new products will face extensive government obstacles. Cryptographers who wish to develop new privacy enhancing technologies will be discouraged. Citizens who anticipate that the progress of technology will enhance personal privacy will find their expectations unfulfilled. Some have proposed that Clipper be adopted on a voluntary basis and suggest that other technical approaches will remain viable. The government, however, exerts enormous influence in the marketplace, and the likelihood that competing standards would survive is small. Few in the user community believe that the proposal would be truly voluntary. The Clipper proposal should not be adopted. We believe that if this proposal and the associated standards go forward, even on a voluntary basis, privacy protection will be diminished, innovation will be slowed, government accountability will be lessened, and the openness necessary to ensure the successful development of the nation's communications infrastructure will be bthreatened. We respectfully ask the White House to withdraw the Clipper proposal. ------------------------------ Date: Mon, 31 Jan 1994 15:09:40 -0600 (MDT) From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067" Subject: "Digital Woes" by Lauren Wiener Lauren Wiener, "Digital Woes", Addison-Wesley Publishing Co., 1993, 0-201-62609-8, U$22.95/C$29.95 When reviewing books on technical topics, one quickly learns to dread the work of those who do not actually practice in the field. (Yes, we are told that Wiener is a technical writer. They may very well be professionals, but the overwhelming majority are not technical professionals.) With this prejudice firmly in place, it came as a delightful surprise to find that "Digital Woes" is an accurate, well-researched, and thoroughly engaging treatment of the subject of software risks. Chapter one is a list of specific examples of software failures, large and small. The stories are thoroughly documented and well told. The choice of examples is careful, and useful as well, covering a variety of problems. One could, of course, add to the list. In the virus field programs are extremely limited in function and rarely exceed 3000 bytes in length, yet almost every viral strain shows some programming pathology; most of the damage seems to be done by mistake. The user interfaces of antivirals are subject to hot debate, perhaps more importantly than in other systems because of the risks involved in misunderstanding. In regard to decision support, I recall the assumption, on the part of Excel, that everyone wants to use linear forecasting. Everyone involved in technical fields will be able to add other specific examples. For those uninvolved, Wiener's work is quite sufficient and convincing. Chapter two is an explanation of why software contains bugs, and why software errors are so deadly. Techies will feel somewhat uncomfortable with the lack of jargon, but persevere. Initially, I thought she had missed the point of the difference between analogue and digital systems--until I realized I was in the middle of a complete and clear explanation that never had to use the word "analog". (Technopeasants will, of course, appreciate the lack of jargon. Rest assured that the same ease of reading and clarity of language holds throughout the book.) Chapter three examines the various means used to try to ensure the reliability of software--usually with a depressing lack of success. As with all who have worked in the field, I can relate to the comments regarding the difficulty of testing. At one point I uncovered a bug in the third minor variant of the fourth major release of the fifth generation of a communications program. Apparently I was the first person on staff who had ever wanted to keep a running log between sessions--and the functions I used combined to completely lock up the computer. Most RISKS-FORUM readers will by now be nodding and muttering, "So what else is new". However, Wiener here proves herself capable of some valuable and original contributions beyond the pronouncements of those working in the field. Noting that she is familiar with programmers who have never, in twenty years of work, had their code incorporated into a delivered product, she raises the issue of what this type of work environment does to the psyche of the worker. My grandfather carved the wooden decorations in our church, and, fifty years after his death, I can still point that out. However, in a career of analysis, training and support, I can point to little beyond an amount of Internet bandwidth consumed. (Many would say "wasted".) To the ephemeral nature of the craft, though, one must add the legacy of constant failure. Martin Seligman's "Learned Helplessness" points out the danger quite clearly. A similar thought was voiced some years ago over the impact on developing youth of the then new video games, and the fact that you could advance through levels but never, ultimately, win. These children are grown now. You may know them as "Generation X". Chapter four deals with means to prevent failure. Actually most of the material discusses recovery--assuming that the system will eventually fail, how to ensure that the failure causes the least damage. Chapter five is entitled "Big Plans" and looks at various proposed new technologies and the risks inherent in them. In this discussion Wiener warns against those who are overly thrilled with the promises of the new technology. I agree, but I would caution that public debate is also dominated by those strident with fear. The arguments of both sides tend to entrench to defeat the opposition, while the public, itself, sits bemused in the middle without knowing whom to believe. It is a major strength of Wiener's work that the field is explored thoroughly and in an unbiased manner. Many books which try to present an objective view of a controversial problem tend to trail off into meaningless weasel-words, but the final chapter here concerns "The Wise Use of Smart Stuff." Wiener lists a good set of criteria to use in evaluating a proposed system. The one item I would recommend be toned down is the axiom that personal care be excluded. I keep an old Berke Breathed "Bloom County" cartoon in my office wherein Opus, the Penguin, berates a computer for depriving him of his humanity until the bemused machine attempts to confirm that Opus is human. The perceived coldness of our institutions is often illusory. I once worked in a geriatric hospital and thought it a shame that our culture did not keep aging parents at home. Until, that is, I lived in a culture that did, and found that the "technology" of our hospitals provided more human contact to the old folks than did the "organic" home care. I also note that the belittled ELIZA is the only program to have passed the Turing test so far. A limited, unexpected, and hilarious pass, perhaps, but a pass nonetheless. I note, as I am reviewing this book, a press release by a headhunting agency that half of all executives are computer illiterate. The survey method is extremely suspect, and I assume these figures are so kind as to be ridiculous. I would heartily recommend this work to technical and non-technical workers alike. Particularly, though, I recommend it to those executives who are the ones to make the ultimate decisions on major projects. Please re-read it after the next vendor demo you attend. copyright Robert M. Slade, 1993 BKDGTLWO.RVW 931223 Postscriptum - my wife agrees with Peter Denning that I tend to editorialize in my reviews. This is likely true. "Digital Woes", however, deals with a topic which has prompted many editorials--and deals with it well. Permission granted to distribute with unedited copies of the Digest ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 DECUS Symposium '94, Vancouver, BC, Mar 1-3, 1994, contact: rulag@decus.ca ------------------------------ End of RISKS-FORUM Digest 15.44 ************************