11-Dec-86 21:20:25-PST,12617;000000000001 Mail-From: NEUMANN created at 11-Dec-86 21:19:07 Date: Thu 11 Dec 86 21:19:07-PST From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 4.27 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest, Thursday, 11 December 1986 Volume 4 : Issue 27 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computerised Discrimination (Brian Randell) Belgian Paper transcends computer breakdown (Martin Minow) Re: Plug-compatible modules (Keith F. Lynch) Re: Criminal Encryption (Keith F. Lynch, Ira D. Baxter, Dave Platt) Re: More on skyscraper control (Brint Cooper) The Second Labor of Hercules (Dave Benson) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- From: Brian Randell Date: Thu, 11 Dec 86 17:45:10 gmt To: RISKS@csl.sri.com Subject: Computerised Discrimination Perhaps the most worrying feature of the situation described in the following extracts from an article in the Guardian, dated 8 Dec. 1986, is that the computer "was only following orders"! Claims of Prejudice Against Women and Blacks MEDICAL SCHOOLS TO FACE DISCRIMINATION ENQUIRY By Andrew Veitch Medical Correspondent Leading medical schools face an investigation into allegations that they are discriminating against women and black students. This follows the discovery by two consultants that their own school, St. George's in south London, has been using a computer selection programme which deliberately down grades applicants if they are female and non-white. It is thought that hundreds of well-qualified students may have been turned away on those grounds. The hospital's ruling academic board has scrapped the programme and is likely to launch an internal inquiry when it meets tonight. Details of alleged discrimination at St. George's and nine other London schools were sent last week to the Council for Racial Equality, the Equal Opportunities Board, and the Inner London Education Authority. "The matter is viewed very seriously," said the CRE's legal director, Mr. John Whitmore. "The commission will be considering the St. George's case on Wednesday and the position of other medical colleges in January." An EOC spokesman said there could be a case to answer. Under the Sex Discrimination Act, it is unlawful for a school to discriminate against a woman in the terms on which it offers to admit her, or by refusing or deliberately omitting to accept her application for admission. The chairman of Ilea's higher education committee, Mr. Neil Fletcher, considered the allegations at the weekend. Ilea has warned schools that it will withhold grants if they do not comply with its non-discrimination policy. The St. George's claim is particularly worrying because the school has a better record on discrimination than most other colleges. The computer selection programme was designed to mimic the decisions of the school's panel which screened applicants to see who merited an interview. It matched the panel's results so closely that the panel was scrapped and for several years all St. george's applicants have been screened by computer... Brian Randell - Computing Laboratory, University of Newcastle upon Tyne UUCP : !ukc!cheviot!brian JANET : brian@uk.ac.newcastle.cheviot ------------------------------ Date: 11-Dec-1986 0844 From: minow%bolt.DEC@decwrl.DEC.COM To: risks@csl.sri.com Subject: Belgian Paper transcends computer breakdown This appeared on a local [computer-transmitted] newspaper on Thus 11 Dec 1986, as a note from Peter Van Avermaet. Today [Wednesday], the Belgian newspaper "De Morgen" has appeared as a hand-written newspaper. Yesterday morning [Tuesday], the type-setting computer broke down. After several hours, it became clear that it would not be available in time for today's edition. But "De Morgen" ["The Morning"] apparently survives anything - it went bankrupt some weeks ago. Today's edition has been hand-written, and printed using the "normal" printing process. Some topics: graphology, plans to use more computers in the Ministry of Finance, for the computation of the taxes we should pay. Martin [Goeden "Morgen"! P.] ------------------------------ Date: Wed, 10 Dec 86 23:54:57 EST From: "Keith F. Lynch" Subject: Re: Plug-compatible modules To: Risks@CSL.SRI.COM Many terminals keyboards have plugs which are the same as modular telephone connectors. I have seen one with a prominent warning that plugging it into a telephone outlet will destroy the keyboard and damage the phone line. ...Keith ------------------------------ Date: Wed, 10 Dec 86 23:52:53 EST From: "Keith F. Lynch" Subject: Re: Criminal Encryption To: baxter@ICSD.UCI.EDU, Risks@CSL.SRI.COM I can't see criminal encryption as much of a problem. All REAL crimes involve a victim, who is willing to testify. Perhaps large scale use of encryption will result in government abandoning its wasteful and pointless attempt to prosecute victimless crimes. ...Keith ------------------------------ From: baxter@ICSD.UCI.EDU [Ira D. Baxter, a.k.a. N.F.N. Baxter] To: "Keith F. Lynch" , Risks@csl.sri.com Subject: Re: Criminal Encryption Date: Thu, 11 Dec 86 09:46:23 -0800 Some crimes involve victims that aren't willing to testify. Blackmail is the classic example; an encrypted blackmail database ensures the victim that his blackmail payments aren't wasted, and ensure the criminal that the incriminating evidence is not easily found (using a needle-in-a-haystack approach). Dope pushers selling drugs to dope users appears to be a victimless crime also... after all, both parties are (presumably) satisfied with the results of individual transactions. The problem is the activities on the part of both parties to make the transactions possible (theft for the user, bribery and coercion for the pusher) have victims. Law enforcement is always interested in the transactions between pushers (at least) because it usually leads to other agents of victim-ful crime. Thus the interest in data about transactions. Requirements for a secure business relationship between dealers would lead to more attempts to store transaction data securely. ------------------------------ Date: Thu, 11 Dec 86 12:08:34 PST From: dplatt@teknowledge-vaxc.ARPA (Dave Platt) To: risks@sri-csl.ARPA Subject: Re: Criminal encryption Although I'm not a lawyer, I do have an opinion about the question asked recently to the effect of "Could an alleged criminal be compelled to reveal the encryption key for a database containing records related to an alleged criminal enterprise?". My opinion, for what it's worth, is that the courts would probably not uphold any such compulsion, and would likely throw out any evidence obtained by use of a coerced or compelled revelation of an encryption key. Jerry Leichter suggests (based on a conversation with a lawyer friend) that this situation is analogous to a journalist being compelled to reveal his/her sources. I believe that this analogy is suspect... a journalist is (generally) _not_ under criminal indictment, is _not_ being asked to provide evidence that would incriminate him/herself, and thus the Fifth Amendment does not apply at all. The Fifth Amendment states only that a person cannot be compelled to incriminate him/herself; it says nothing about compulsion to incriminate another person. "Contempt of court" rulings are sometimes used to [attempt to] compel a person to provide testimony or evidence that can incriminate _someone_else_, but they aren't (and can't be) used to coerce a person to provide evidence or testimony that might result in that person's conviction on criminal charges. "Shield laws" are a different matter entirely... they provide journalists with a limited ability to refuse to turn over material in their possession that might possibly reveal the identities of their "sources". If the prosecution in a particular case chooses to grant legal immunity to a suspect, then the person no longer has the ability to refuse to testify (or provide evidence) concerning matters covered by the immunity, because s/he can no longer "incriminate" him/herself regarding those matters. Prosecutors sometimes grant immunity to a hostile witness (typically a "minor player" in a larger case), so that they can use the threat of "contempt of court" rulings to compel the witness to testify against his/her associates. Jerry Leichter asks, "Can an arrested man be compelled to reveal where [a locked safe-deposit] box is?". I believe that the answer is "No." The police and prosecution can attempt to locate it themselves; they can obtain a search warrant that will permit them to open and examine the box (or force it open without the key, for that matter); and they can use any evidence found by use of a legal search warrant in court. By analogy, I believe that in the case involving an encrypted database full of [allegedly] incriminating evidence, the following situation would probably develop: the police and prosecutor could seize the database using a valid search warrant. The same search warrant would permit them to attempt to decrypt the data by brute-force or intelligent-search methods. They could not coerce any of the defendants to reveal the encryption key unless they were first willing to grant legal immunity to that person (either via a voluntary agreement, or via an involuntary grant followed by a contempt-of-court coercion). ------------------------------ Date: Thu, 11 Dec 86 15:01:20 EST From: Brint Cooper To: RISKS@csl.sri.com Subject: Re: More on skyscraper control ...(a discussion about the skyscraper in Boston which would "twist in the wind" and drop pieces of its glass face to the ground) > The solution was to install in the upper floor a large weight controlled by > computer. When the computer detects the building being twisted, it counters > the torque by moving this weight. But if the wind is related to a storm which causes a wide-area power outage, perhaps the computer won't be available when it is needed most? Uninterruptible power and backup power are still rather expensive and, I believe, not widely used. Brint [It is used where needed -- and can be quite cost-effective, given the alternatives. Hospitals, some banks, and various other applications have realized how important continuous power is. The Network Information Center (SRI-NIC) keeps running despite local power blips that down the rest of SRI's systems! PGN] ------------------------------ Date: Sun, 7 Dec 86 18:43:37 pst From: Dave Benson To: risks%csl.sri.com@RELAY.CS.NET Subject: The Second Labor of Hercules Free copies of the report David B. Benson, "The Second Labor of Hercules: An essay on software engineering and the Strategic Defense Initiative -- Preliminary Draft", CS-86-148 are available from the Technical Reports Secretary, Computer Science Department, Washington State University, Pullman WA 99164-1210, by written request, while the supply lasts. The essay was finished in May, 1986, and has been only slightly dated by events. I intend to begin revising this essay upon the turn of the new year, and would appreciate criticisms from all who would care to send such to me. Thank you in advance for your cooperation. ------------------------------ End of RISKS-FORUM Digest ************************ -------