Subject: RISKS DIGEST 15.46 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 8 February 1994 Volume 15 : Issue 46 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Medical privacy violation (Mich Kabay) Revised Documents on FTP server without version number (David W. Crawford) Campaign Against Clipper (Dave Banisar) Re: Clipper Petition (David Gursky) Don't trust the phone company (Tom Bodine) Modern discussion of computer risks in old book (Lauren Wiener) RISKs of network surveys (Craig DeForest) National Cryptology Museum (Larry Hunter) 10th ACSAC Call for Papers (Vince Reed) The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. CONTRIBUTIONS to risks@csl.sri.com, with appropriate, substantive "Subject:" line; others may be ignored! Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially .UUCP folks. If you cannot read RISKS locally as a newsgroup (e.g., comp.risks), or you need help, send requests to risks-request@csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS". Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousYourName CD RISKS:GET RISKS-i.j" (where i=1 to 15, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is vital. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: 06 Feb 94 21:32:00 EST From: "Mich Kabay / JINBU Corp." <75300.3232@CompuServe.COM> Subject: Medical privacy violation >From the Associated Press newswire via Executive News Service (GO ENS) on CompuServe: Health Care-Privacy, By MARCY GORDON, Associated Press Writer WASHINGTON (AP, 27 Jan 1994) -- In a clear, quiet voice welling with emotion, Rep. Nydia Velazquez told a Senate hearing Thursday how hospital records related to her suicide attempt were leaked to New York newspapers during her election campaign. Velazquez, a New York Democrat, testified before a Senate Judiciary subcommittee hearing on how President Clinton's proposed health plan would protect the privacy of medical records." The author continues with details of the hearing. Key points: o Sen. Patrick Leahy, D-Vt., chair of the subcommittee on technology and the law, warned that the Clinton proposals would result in a nationwide computerized database holding confidential data. o Nan Hunter, deputy general counsel of the Department of Health and Human Services, said, "[T]he administration is committed to privacy as a first principle and the need to protect the confidentiality of these records." o Misuse of medical card numbers would result in criminal and civil penalties. o Velazquez discovered that her medical records had been sent by anonymous fax to several newspapers, resulting in front-page headlines about her attempted suicide. o According to Velazquez, there are no federal regulations controlling the use of medical records that escape from doctors' offices. o Leahy mentioned that Arthur Ashe' medical records also became public. o Janlori Goldman, director of the American Civil Liberties Union's privacy and technology project, warned of the importance of safeguarding "the privacy and security of personal health information." o Carolyn Roberts, chairwoman-elect of the American Hospital Association, commented on the wide disparities in state legislation protecting health information against unauthorized disclosure. She argued for a new federal privacy law to supersede state laws. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: Mon, 07 Feb 1994 16:29:29 -0700 (MST) From: crawford@fido.econlab.arizona.edu (David W. Crawford) Subject: Revised Documents on FTP server without version number >From croberts@crl.com Mon Feb 7 09:47:09 1994 Newsgroups: alt.internet.services Subject: Altered White House documents Date: 5 Feb 1994 09:38:23 -0800 I assume everyone knows about the ftp site whitehouse.gov. I just discovered that the Clinton rebuttal to Elizabeth McCaughey's critique of his health care plan has been altered on whitehouse.gov - with no mention in the current version that it has been changed. According to Associated Press writer Tom Raum, the original White House rebuttal to McCaughey's New Republic magazine article used the word "lie" four times. The copy of the White House rebuttal I just downloaded (Feb 5, morning, pacific time) does not contain the word lie nor does it contain any indication that it is a "revised" version. White House spokesman Dee Dee Myers defended the rebuttal on Thursday although she conceded that "perhaps the language was a little strong." Clinton, asked by reporters earlier this week about calling McCaughey's comments lies, responded, "Well, I hate to use that word, but the New Republic article was way off base and the New Republic didn't make total disclosure about the source of the article." So Clinton admitted to the use of "lie" but it has since been removed from the version available for anonymous ftp at whitehouse.gov. Makes you wonder just how self- serving and accurate the rest of the information there might be... UWSA'ers note: the whitehouse.gov directory /pub/political- science/speeches/perot contains the text of Perot's book "United We Stand," and various Perot speeches. But no, I have not double- checked them for unauthorized "revisions." From: Samer Farha Newsgroups: alt.internet.services writes: In almost every speech (be it a minute or an hour) every member of Congress starts off by saying words to the effect of "I would like to reserve the right to extend and revise my remarks", which is followed by the chair saying that "without objection, it is agreed to.." This little phrase gives any speaker the right to add pages of a speech, when they only have two minutes left in official debate. That way, when someone says, but you got up there and said only one thing, the Congressman can say that is not true: look at the daily record, it has the whole speech. Often, they may say something in a less than articulate way and then revise the way the said it for the record. One time two Senators got into a very heated name calling session, it was reported in the press and seen on C-SPAN, but it was removed from the official record after they both calmed down and "revised" their remarks. People will always change their minds or regret saying something, they often try to tell you that what they meant was not what they said. If they are rich or powerful enough, they will hire press agents to "spin" the story the right way. This changing of printed documents is nothing but an extension of that. The media is there to make sure that big glaring mess ups don't fall through the cracks. David Crawford crawford@Arizona.EDU, U of Arizona ------------------------------ Date: Mon, 7 Feb 1994 22:28:08 EST From: Dave Banisar Subject: Campaign Against Clipper CPSR ANNOUNCES CAMPAIGN TO OPPOSE CLIPPER PROPOSAL Embargoed until 2 pm, Monday, February 7, 1994 contact: rotenberg@washofc.cpsr.org (202 544 9240) Washington, DC -- Following the White House decision on Friday to endorse a secret surveillance standard for the information highway, Computer Professionals for Social Responsibility (CPSR) today announced a national campaign to oppose the government plan. The Clipper proposal, developed in secret by the National Security Agency, is a technical standard that will make it easier for government agents to wiretap the emerging data highway. Industry groups, professional associations and civil liberties organizations have expressed almost unanimous opposition to the plan since it was first proposed in April 1993. According to Marc Rotenberg, CPSR Washington director, the Administration made a major blunder with Clipper. "The public does not like Clipper and will not accept it. This proposal is fatally flawed." CPSR cited several problems with the Clipper plan: o The technical standard is subject to misuse and compromise. It would provide government agents with copies of the keys that protect electronic communications. "It is a nightmare for computer security," said CPSR Policy Analyst Dave Banisar. o The underlying technology was developed in secret by the NSA, an intelligence agency responsible for electronic eavesdropping, not privacy protection. Congressional investigations in the 1970s disclosed widespread NSA abuses, including the illegal interception of millions of cables sent by American citizens. o Computer security experts question the integrity of the technology. Clipper was developed in secret and its specifications are classified. CPSR has sued the government seeking public disclosure of the Clipper scheme. o NSA overstepped its legal authority in developing the standard. A 1987 law explicitly limits the intelligence agency's power to set standards for the nation's communications network. o There is no evidence to support law enforcement's claims that new technologies are hampering criminal investigations. CPSR recently forced the release of FBI documents that show no such problems. o The Administration ignored the overwhelming opposition of the general public. When the Commerce Department solicited public comments on the proposal last fall, hundreds of people opposed the plan while only a few expressed support. CPSR today announced four goals for its campaign to oppose the Clipper initiative: o First, to educate the public about the implications of the Clipper proposal. o Second, to encourage people to express their views on the Clipper proposal, particularly through the computer network. Toward that goal, CPSR has already begun an electronic petition on the Internet computer network urging the President to withdraw the Clipper proposal. In less than one week, the CPSR campaign has drawn thousands of electronic mail messages expressing concern about Clipper. To sign on, email clipper.petition@cpsr.org with the message "I oppose clipper" in the body of the text. o Third, to pursue litigation to force the public disclosure of documents concerning the Clipper proposal and to test the legality of the Department of Commerce's decision to endorse the plan. o Fourth, to examine alternative approaches to Clipper. Mr. Rotenberg said "We want the public to understand the full implications of this plan. Today it is only a few experts and industry groups that understand the proposal. But the consequences of Clipper will touch everyone. It will affect medical payments, cable television service, and everything in between. CPSR is a membership-based public interest organization. For more information about CPSR, send email to cpsr@cpsr.org or call 415 322 3778. For more information about Clipper, check the CPSR Internet library CPSR.ORG. FTP/WAIS/Gopher and listserv access are available. ------------------------------ Date: Fri, 4 Feb 94 18:31 EST From: dgursky@nextsrv1.andi.org (David Gursky) Subject: Re: Clipper Petition > Electronic Petition to Oppose Clipper > Please Distribute Widely >To sign on to the letter, send a message to: > Clipper.petition@cpsr.org >with the message "I oppose Clipper" (no quotes) >You will receive a return message confirming your vote. I apologize for sounding sarcastic or cynical, but I was quite chagrined when I saw this proposal appear in RISKS. Not because I am opposed to what CPSR proposes in the message, but rather: 1 - Because the risks associated with electronic voting have been well discussed in this forum and 2 - Because the Computer Professionals for Social Responsibility, an organization that ought to know better, (certainly with a name like theirs), does not appear to have included any mechanism in their their petition drive to mitigate these risks. Now I'll certainly grant that the CPSR's petition has no rule of law behind it, as would a petition to put a local ordinance on an election ballot, but the irony of CPSR's request is noteworthy. [Given the inherent risks of spoofing E-mail, there is clearly a risk of someone sending a bogus petition signature. In the absence of nontrivial authentication, there is always the option of human verification... PGN] ------------------------------ Date: 8 Feb 1994 13:53:35 GMT From: tbodine@utig.ig.utexas.edu (Tom Bodine) Subject: Don't trust the phone company I am the victim of false accusations. My wife and I were at home some time last week. I was busy cooking dinner. My wife was busy chasing our two year old, when we received a phone call which my wife accepted. The fellow on the other end of the line was extremely irate. His wife has been receiving obscene phone calls for some time now. He had purchased the service provided by the phone company which allows you to call back the last person to dial you. After his wife had discontinued the obscene call she'd just received, he had used this feature to righteously confront her abuser. Instead he had dialed us. This was somewhat perplexing until a few minutes later, my wife's best friend called. Imediately after saying hello, My wife began relating this strange occurence to her friend. Her friend then told my wife that it was her husband who had made this call utilizing this phone service. This has put a heavy strain upon my wife's relationship with her friend, because her friend's husband has assumed that I am the author of these obscene calls. Whereas I barely have time for all the things which fill my life. I have no time or interest in making such calls. It is my belief that my wife had tried to call her best friend during the obscene phone call. This attempt overwrote the perpetrator's number, so that when the call back service was used, our phone rang instead. If there are any knowledgeable netter's out there that could give me any more info, I'd appreciate it. Regards Tom Bodine ------------------------------ Date: Wed, 02 Feb 94 21:47:22 -0800 From: Lauren Wiener Subject: modern discussion of computer risks in old book My uncle was poking around in a used bookstore and found a book entitled "The Naked Computer" (by Jack Rochester & John Gantz, Wm Morrow & Co., NY) which was published in 1983 and intended for a lay audience. It's got some stories I have never heard, such as this one on p. 71: "David Walonick, a computer programmer and consultant in Minneapolis, found that his new IBM personal computer divided 0.1 by 10 and came up with 0.001 instead of 0.01. IBM told him beginning programmers "have problems like that." It wasn't corrected until Walonick told the _New York Times_." There follows a somewhat muddy and unsatisfying explanation of the problem, followed by the insightful comment: "The more serious problem is that most computer users have difficulty discerning when there is an inaccurate sum; computers are generally regarded as correct." The book also includes an interview by Adam Osborne, in which he says the following on the subject of computer risks: "Authors: In your book, _Running Wild_, you say there are places we shouldn't use computers. "Osborne: Yes. In balloting, for instance, I just feel that the slightest chance of fraud isn't worth it. If we are going to spend a little bit more money for counting or if we have to wait longer, fine. We all know that rigging is possible -- it's very easy to do. It's not just the outsiders I'm worried about, it's the people running it. "Electronic funds transfer is the next place where I have a lot of problems because the potential for fraud is so great. I've heard of banks that are doing funds transfer on public-access networks. In 1980 I issued a public challenge to any bank that would guarantee in writing not to prosecute me that I would steal $10 million from them via wire fraud. We weren't actually going to rip off the bank; in fact, we were going to call the bank president and ask him to come and get his money. We'd have a $10 million cashier's check waiting for him. Of course, no bank took me up on the offer. As for the stock exchange, my God! There has never been an opportunity like that. Who is going to count the shares? Who really knows who owes who what? I think it's madness." Wonder what he thinks now? ------------------------------ Date: 3 Feb 94 00:17:07 From: zowie@daedalus.stanford.edu (Craig "Powderkeg" DeForest) Subject: RISKs of network surveys I subscribe to the Presidential-speech service from CLINTON.ai.mit.edu. I've been getting electronic copies of all Clinton's speeches since before his election (when I also got Bush's speeches). A couple of days ago, I got a letter from "M.I.T. Pollster's Assistant", asking me to fill out a survey about my usage of the service. I, of course, complied. There was some confusion about one of the questions -- I gave the server an invalid answer, and it wrote me back asking me for a correction to that particular question only. I sent back the form -- but apparently the server misunderstood, because I got back *another* polite auto-letter telling me I'd filed an incomplete survey, and would I please fill out the remaining seven questions? Confused, I decided to make a wash of the whole thing. I have done nothing for one week. I just received a letter from the server, asking me to finish filling out my survey! Not surprising, except that the 40-odd line message was preceded by 250 lines of "Apparently-To: ". Apparently, all of us hapless fools are in the same boat, but now ALL OF THEM know that I am one of "those" undesirable sorts of people who start filling out surveys and then don't finish them. In fact, I (and they) can surmise that everyone on the list receives the clinton service. In a matter of seconds, I had several of their true names via finger -- as, I imagine, they did mine. Mild annoyance -- here, privacy is more a matter of courtesy than necessity -- but it's easy to imagine a situation that called for more anonymity (say a sexual preferences survey). To sum up: (A) public mail-servers have to be not only clever and polite, but also extremely robust; and (B) it's very easy to compromise list privacy by mistake. Fortunately, I'm in good company. Two lines below me is BIFF@MIT.EDU, another truant survey-taker! K00L, EH?!!1! ------------------------------ Date: Thu, 3 Feb 94 14:08:06 -0500 From: hunter@work.nlm.nih.gov (Larry Hunter) Subject: National Cryptology Museum Following up on Jeremy Epstein's note in RISKS 15.41, I went to visit the National Cryptology Museum, and can recommend it. It's open 9am-3pm weekdays and by appointment. It's basically one large room, with several interesting displays; my favorite was 7 volumes from the NSA rare book collection, including the oldest published work on cryptology, Johannes Trithemius' "Polygraphiae," first published in 1517. They also had a Pace-10 analog computer, and IBM Harvest and a Cray XMP-24 on display. There were nice historical displays on Yarley & the Black Chamber, US Civil War crypto and a US Revolutionary War era crypto device (the M-94) that may have been designed by Thomas Jefferson. The largest display was dedicated to Enigma and the device for cracking it, Bombe. There is a working Enigma that visitors can use! There are a few displays that are more current: pictures of the NSA buildings and director and a description of NSA's Special Processing Lab (SPL) which does special purpose chip fabrication. There was the expected KGB stuff, and a quote from George Washington about the importance of "keeping the whole matter secret." The curator, Jack Ingrams, was friendly and eager to answer (some) questions. He said that since the Washington Post article, traffic had been about 25-30 people a day, and that they will be on TV this week, which he expects to further increase the number of visitors. He was curious about the RISKS posting and internet, so if anybody who sees this talks to him while visiting, mention the net. He also said that they will be opening the unclassified portion of their crypto library to scholars sometime in the summer. The handout on the museum also says that the FOIA reading room shares space with the library. Obligatory RISK-y note: Ingrams mentioned that the museum opened to NSA personnel in October, and to the general public around Christmas time. A quick glance through the guest sign-in book shows that the fourth visitor to the museum, on October 29, was one Duane Whitlock, who listed his employer as C&P Telephone, our local baby bell. hmmm. ------------------------------ Date: Tue, 8 Feb 1994 08:56:30 -0600 From: vreed@smiley.mitre.org Subject: 10th ACSAC Call for Papers CALL FOR PAPERS AND PARTICIPATION Tenth Annual Computer Security Applications Conference December 5-9, 1994 Orlando, Florida With the advent of the Information Age, information systems are routinely processing private, proprietary, sensitive, classified, and critical information. Computers have created a universal addiction to information in the military, government, and private sectors. The result is a proliferation of computers, computer networks, databases, and applications empowered to make decisions ranging from the mundane to life threatening or life preserving. Some of the computer security challenges that the community is faced with include the following: * Develop methodologies and tools for designing systems capable of protecting the sensitivity and integrity of information, and assuring that expected services are available when needed. * Design safety-critical systems such that their software and hardware are not hazardous. * Develop methodologies and tools capable of assuring that computer systems accorded trust are worthy of that trust. * Build systems of systems out of components that have been deemed trustworthy. * Build applications on evaluated trusted systems without compromising the inherent trust. * Include computer security in enterprise modeling and reengineering. * Extend computer security technologies to specifically address the needs of the civil and private sectors. * Develop international standards for computer security technology. This conference will attempt to address these challenges. It will explore a broad range of technology applications with security and safety concerns. Technical papers, panels, vendor presentations, and tutorials that address the application of computer security and safety technologies in the civil, defense, and commercial environments are solicited. Selected papers will be those that present examples of in-place or attempted solutions to these problems in real applications; lessons learned; and original research, analyses, and approaches for defining the computer security issues and problems. Of particular interest are papers that present descriptions of secure systems in use or under development, general strategy, methodologies for analyzing the scope and nature of integrated computer security issues, and potential solutions. Papers written by students will be judged for a Best Student Paper Award. A prize of $500, plus expenses to attend the conference, will be awarded for the selected best student paper (contact the Student Paper Award Chairperson for details, but submit your paper to the Technical Program Chairperson). Panels of interest include those that present alternative/ controversial viewpoints or those that encourage lively discussion of relevant issues. Panels that are simply a collection of unrefereed papers will not be selected. Vendor presentations of interest should emphasize innovative product implementations, especially implementations involving the integration of multiple products. Vendor presentations that simply describe product features will not be selected. INSTRUCTIONS TO AUTHORS Send five copies of your paper or panel proposal to Dr. Gary Smith, Technical Program Chair, at the address given below. Since we provide blind refereeing, we ask that you put names and affiliations of authors on a separate cover page only. Substantially identical papers that have been previously published or are under consideration for publication elsewhere should not be submitted. Panel proposals should be a minimum of one page that describes the panel theme and appropriateness of the panel for this conference, as well as identifies panel participants and their respective viewpoints. For panel/forum preparation instructions, please contact Jody Heaney at (703) 883-5837 or via e-mail at heaney@smiley.mitre.org. Send five copies of your vendor presentation proposal to Steve Rome at the address given below. Vendor presentation proposals should include an abstract and outline that describe the product and example applications. Send one copy of your tutorial proposal to Daniel Faigin at the address given below. It should consist of one- to two-paragraph abstract of the tutorial, an initial outline of the material to be presented, and an indication of the desired tutorial length (full day or half day). Electronic submission of tutorial proposals is preferred. Completed papers as well as proposals for panels, vendor presentations, and tutorials must be received by May 31, 1994. Authors will be required to certify prior to June 30, 1994, that all necessary clearances for public release have been obtained; that the author or qualified representative will be represented at the conference to deliver the paper, and that the paper has not been accepted elsewhere. Authors will be notified of acceptance by August 5, 1994. Camera-ready copies are due not later than September 26, 1994. Material should be sent to: Dr. Gary Smith Daniel Faigin Technical Program Chair Tutorial Program Chair ARCA Systems, Inc. The Aerospace Corporation 8229 Boone Blvd., Suite 610 P.O. Box 92957, MS M1/055 Vienna, VA 22182 Los Angeles, CA 90009-2957 (703) 734-5611 (310) 336-8228 smith@arca.va.com faigin@aero.org Steve Rome Ravi Sandhu Vendor Track Chair Student Paper Award CISS, Code TGD George Mason University 5113 Leesburg Pike, Suite 400 ISSE Department Falls Church, VA 22041 Fairfax, VA 22030-4444 (703) 756-7926 (703) 993-1659 romes@cc.ims.disa.mil sandhu@gmuvax2.gmu.edu Areas of Interest Include Computer Security Tools Software Safety Analysis and Design Trusted System Architectures and Technology Encryption Applications (e.g., Digital Signature) Application of Formal Assurance Methods Risk/Hazard Assessments Security Policy and Management Issues Security in Enterprise Modeling or Reengineering Trusted DBMSs, Operating Systems, and Networks Open Systems and Composted Systems Electronic Document Interchange Certification, Evaluation, and Accreditation Additional Information For more information or to receive future mailings, please contact the following at: Ann Marmor-Squires Vince Reed Conference Chair Publicity Cochair TRW Systems Division The MITRE Corporation 1 Federal Systems Park Drive 1500 Perimeter Pkwy., Suite 310 Fairfax, VA 22033 Huntsville, AL 35806 (703) 803-5503 (205) 830-2606 marmor@charm.isi.edu vreed@mitre.org ------------------------------ End of RISKS-FORUM Digest 15.46 ************************