14-May-87 09:03:11-PDT,11755;000000000000 Mail-From: NEUMANN created at 14-May-87 09:01:42 Date: Thu 14 May 87 09:01:42-PDT From: Peter G. (coordinator) Neumann Subject: RISKS DIGEST 4.85 Sender: NEUMANN@CSL.SRI.COM To: risks-list@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest Thursday, 14 May 1987 Volume 4 : Issue 85 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Holiday reading (Jim Horning) Hey, buddy, wanna buy a phone call cheap? (PGN) Re: Information Age Commission (Ted Lee, SEG) Information Age Commission and the number of readers of RISKS (David Sherman) Lockable computers (Pat Hayes) How a Computer Hacker Raided the Customs Service -- Abstrisks (a nit) (Paul F Cudney) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- Date: Wed, 13 May 87 17:38:03 PDT From: horning@src.DEC.COM (Jim Horning) To: RISKS@CSL.SRI.COM Subject: Holiday reading During my recent vacation in Washington, DC, I got a chance to look at a couple of documents that I haven't seen discussed in RISKS: 1) APS PHYSICS AND SOCIETY, vol. 16, no. 2, April 1987, pp. 8-9: "SDI Software: The Telephone Analogy. Part II: The Software Will Not Be Reliable," K. Dahlke, et al. This is a piece co-signed by 16 members of the Bell Labs staff. On December 3, 1985, Sol Buchsbaum, executive vice president of AT&T Bell Laboratories, testified before the Senate Subcommittee on Strategic and Theater Nuclear Forces. In his statement, Dr. Buchsbaum compared the Strategic Defense Initiative (SDI) to the United States telephone network, in order to demonstrate the technical viability of SDI. We feel this comparison is irreparably flawed. ... Many of us design the very telecommunications systems Dr. Buchsbaum references. The same issue reprints Buchsbaum's testimony and has two articles on inexpensive countermeasures to space-based weapons systems. 2) "Report to The American Physical Society of the Study Group on Science and Technology of DIRECTED ENERGY WEAPONS," April 1987, to be published in REVIEWS OF MODERN PHYSICS. 400+ pp. The APS convened this Study Group to evaluate the status of the science and technology of directed energy weapons (DEW). ... This action by the APS was motivated by the divergence of views within the scientific community in the wake of President Reagan's speech on March 23, 1983 in which he called on the U.S. scientific community to develop a system that ``... could intercept and destroy strategic ballistic missiles before they reach our soil...''. The APS charged the Study Group to produce an unclassified report, which would provide the membership of the Society, other scientists and engineers, as well as a wider interested audience, with basic technological information about DEW.* The study group consisted of 17 blue-ribbon physicists chaired by N. Bloembergen of Harvard University. The review committee consisted of G. Pake, M. May, W. K. Panofsky, A. Schawlow, C. Townes, and H. York. Their principal finding is that Although substantial progress has been made in many technologies of DEW over the last two decades, the Study Group finds significant gaps in the scientific and engineering understanding of many issues associated with the development of these technologies. Successful resolution of these issues is critical for the extrapolation to performance levels that would be required in an effective ballistic missile defense system. At present, there is insufficient information to decide whether the required extrapolations can or cannot be achieved. Most crucial elements required for a DEW system need improvements of several orders of magnitude. Because the elements are inter-related, the improvements must be achieved in a mutually consistent manner. We estimate that even in the best of circumstances, a decade or more of intesive research would be required to provide the technical knowledge needed for an informed decision about the potential effectiveness and survivability of directed energy weapon systems. In addition, the important issues of overall system integration and effectiveness depend critically upon infomation, that, to our knowledge, does not yet exist. They go on to say that We estimate that all existing candidates for directed energy weapons require two or more orders of magnitude (powers of 10) improvments in power output and beam quality before they may be seriously considered for application in ballistic missile defense systems. In addition, many supporting technologies such as space power, beam control and delivery, sensing, tracking, and discrimination need similar improvements over current performance levels before DEWs could be considered for use against ballistic missiles. The part most relevant to RISKS is Appendix A: Issues in Systems Integration, which raises issues frequently mentioned on RISKS, e.g. Decentralization may increase the problems of command and control, while more centralized organization may entail increased vulnerability. * A personal footnote: I think that ACM has failed in its obligations to its members and to society by not chartering an analogous study of the computing technology needed for ballistic missile defense. It's very late to start one now, but perhaps this is a case of ``better late than never?'' Jim H. ------------------------------ Date: Wed 13 May 87 19:02:24-PDT From: Peter Neumann Subject: Hey, buddy, wanna buy a phone call cheap? To: RISKS@CSL.SRI.COM Source: "New Breed of Hustler: Selling Illicit Long-Distance Phone Calls", by Robert D. McFadden, New York Times, 11 May 87. A new multimillion-dollar scam is underway in this country. Hustlers at bus and rail terminals and other convenient places all over the U.S. are selling unlimited-length long-distance telephone calls at a discount. The going rate at the New York's Port Authority Bus Terminal is $2 for calls anywhere in the country, and maybe $4 for international calls. The entrepeneur places your call with a calling code from telephone company computers and distributed like drugs through various networks, human and/or electronic. The ``stealing'' of codes is apparently quite widespread. There were 190 arrests in New York last year. $500 million is the current estimate of illegal calls per year. With AT&T, MCI, Sprint, and others all using just a sequence of digits for identification, this can be expected to grow. (Perhaps British Telecom's PhoneCard is the right idea, if it can be made mostly fraud-proof.) ------------------------------ Date: Wed, 13 May 87 03:03 EDT From: TMPLee@DOCKMASTER.ARPA Subject: Re: Information Age Commission To: risks@CSL.SRI.COM In 4.84 Wm Brown III seems to have inferred (and implied) that my comment about the propriety (or expectations) of sharing RISKS with Congress said something about my views on the proposed legislation. Not true: I'm constantly torn between the view that Congress (as well as the press) knows nothing about any quasi-technical issue and the view that they are about the only institution we have to save us from ourselves; in this case I haven't formed an opinion (not that it would matter much to anyone.) ------------------------------ Date: Wed, 13 May 87 16:29:30 PDT From: ptsfa!pbhya!seg@Sun.COM To: RISKS@CSL.SRI.COM Subject: Information Age Commission (RISKS-4.84) > There are some potentially useful things government *could* do for us, ... > The only body which can realistically offer protection against such abuses > is a more powerful government agency, such as Congress. No chain is stronger than its weakest link. Because far too many senators and congressmen lead lives that they wish to keep private, such as Gary Hart, powerful investigative agencies, such as the FBI under J. Edgar Hoover, were able to control important congressional leaders. SEG [This note is marginally relevant. But insofar as the role of governmental leaders is vital to the proposed Commission, it is included here. No debate please. Just recognition that we are all human. PGN] ------------------------------ Date: Thu, 14 May 87 08:25:11 EDT From: mnetor!lsuc!dave@seismo.CSS.GOV (David Sherman) Subject: Information Age Commission and the number of readers of RISKS To: mnetor!seismo!csl.sri.com!RISKS >From: Richard A. Cowan Re: RISKS DIGEST 4.84 > >Given that the RISKS digest is distributed to hundreds, or even thousands ... People on the ARPAnet side may not realize how extensive that distribution is. RISKS is gatewayed to a Usenet newsgroup (formerly mod.risks, now comp.risks). Brian Reid's monthly newsgroup statistics estimate for as of April 1987 there were 7,100 people who actually read RISKS on the Usenet side alone. As to whether RISKS is a public forum, the same statistics estimate that 859,000 people have access to Usenet, and 180,000 of those actually read netnews. You can draw your own conclusions. David Sherman, The Law Society of Upper Canada, Toronto { seismo!mnetor cbosgd!utgpu watmath decvax!utcsri ihnp4!utzoo } !lsuc!dave ------------------------------ Date: Wed 13 May 87 11:04:13-PDT From: PAT Subject: Lockable computers To: risks@CSL.SRI.COM, saltzer@ATHENA.MIT.EDU Your correspondence about the need for a physical lock on students motherboards was recirculated on INFO-COBOL, presumably as part of the uproarous laughter. This is just to say how much I agree that some such feature is necessary, and to add to your sadness that such mundane matters as the circumstances of real life are not taken seriously by designers. Tell them to go look at how televisions are often modified by visual-aids resource centres in colleges. Pat Hayes ------------------------------ Date: Wed, 13 May 87 01:51 EDT From: Paul F Cudney Subject: How a Computer Hacker Raided the Customs Service -- Abstrisks (a nit) To: Neumann@CSL.SRI.COM ReSent-To: RISKS@CSL.SRI.COM (Re: Risks 4.83) I am confused. Why would Customs propose to provide $8M to the Coast Guard when they had already "donated" their two planes? Somehow the actions of the Coast Guard would be more believable if Customs had received the planes. Is this an abstract risk? Paul [Relations were bad after the planes were reassigned from Customs to CG. During a subsequent thaw in the bad relations that ensued, Customs promised CG $8M to help the CG's airborne drug interdiction program. DeConcini said don't do it. CG took the money out of Customs' narcotics traffickers operating account. Sorry. I should have been more explicitive-deleted. PGN] ------------------------------ End of RISKS-FORUM Digest ************************ -------