20-May-87 21:00:03-PDT,15251;000000000000 Mail-From: NEUMANN created at 20-May-87 20:59:03 Date: Wed 20 May 87 20:59:03-PDT From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 4.87 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest Wednesday, 20 May 1987 Volume 4 : Issue 87 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computer Libel: A New Legal Battlefield (PGN from Digital Review) Electric chair tested by car insurer (Bill Fisher from Machine Design) Computers and Open Meetings laws (Barbara Zanzig) Re: Phalanx (Chuck Weinstock) Choosing a password (Jonathan Bowen) Re: Passwords, thefts (Michael Wagner) Nuclear Plant Emergency Plan: In Event of Quake, Smash Toilets (UPI via Don Hopkins, Michael Grant, and Geoff Goodfellow) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- Date: Tue 19 May 87 17:32:02-PDT From: Peter G. Neumann Subject: Computer Libel: A New Legal Battlefield To: RISKS@CSL.SRI.COM DIGITAL REVIEW, 18 May 1987, p. 72 [although the page is unnumbered] ... databases inherently carry a high risk of error. Information can be altered or partially deleted through inadvertent mistakes or deliberate manipulation. Abstracts of data can be misinterpreted, especially when taken out of context. Failuer to update a database periodicaly can result in the dissemination of incorrect information about a company or an individual. And hardware and software malfunctions can compound all these problems. Here are a few examples of the havoc an erroneous computer search can cause: * A computer analysis of several thousand New York welfare recipients found that more than 20 percent were working. On the surface, this seemed like a violation of state law. But a second check disclosed that more than half of those individuals had been authorized to work while receiving welfare benefits. Apparently their files had not been updated. * A Dallas executive traveling on business in New Orleans was stopped by police for a minor traffic infraction. When the computer wrongly flagged him as an escaped convict, he was arrested and jailed. It took a week to correct the error. * A New York electronics manufacturer, ready to close on a $2 million contract, was taken aback when the banks refused to give him the needed loans. It turned out that a financial check had mistakenly shown his company to be bankrupt. The article discusses the Supreme Court ruling on Dun & Bradstreet vs. Greenmoss Builders, in which D&B had falsely reported that GB was broke. The Supreme Court upheld the Vermont decision against D&B. The article goes on to consider some other legal issues. This means that information vendors can no longer use the following rationales to wriggle out of paying for their errors: Free speech umbrella. Although data vendors have a First Amendment right to free speech, they also have an obligation to ensure that the information they research and disseminate is accurate. Public interest argument. The courts have long acknowledged that everyone has a right to comment on matters of public concern. But they also have noted that information on the private finances of companies and individuals, unless they seek the limelight, is not of public interest. "Chilling effect" standard. The need for a free exchange of ideas demands that we occasionally tolerate the foibles of the press, as long as there is no malice. The media have argued that to do otherwise would have a "chilling effect" on reporting. The courts, however, have not extended this argument to data vendors. Public domain argument. It is quite well known that government agencies engage in periodic fishing expeditions, matching data and peeking through giant data banks to ferret out criminal activity. But private data vendors don't have the government's license to snoop. In fact, they must comply with state and federal privacy laws when conducting such searches, and if they err, they are accountable. ------------------------------ Date: 20 May 87 15:17:18 PDT (Wednesday) From: bfisher.ES@Xerox.COM Subject: Electric chair tested by car insurer To: risks@CSL.SRI.COM This is from the Design International column of MACHINE DESIGN of 3/26. An electric chair designed to help prevent car theft has been teamed with an electronic alarm and tested by a leading Swedish insurance company, Skandia of Stockholm. Built-in electric cables are activated after the alarm has sounded four times. The shock transmitted to the person in the driver's seat is about 9kV at an inductive current of 65uA. Although unpleasant, the shock is not harmful even to people suffering from heart ailments, according to the company. (Clockwork Orange is alive and well??!!) Bill Fisher ------------------------------ From: Barbara Zanzig Date: Wed, 20 May 87 11:03:39 PDT To: RISKS@CSL.SRI.COM, comp-soc@hplabs.hp.com Subject: Computers and Open Meetings laws I've never seen anything like this appear in either Risks or comp.society, so I'm sending this along to both. An editorial in The (Portland) Oregonian: OPENNESS RESISTS CHIPPING Oregon is inching toward truly interactive local government. The Gresham City Council has voted to supply its members with computer terminals in their homes, to enable them to do research in the city's system at any time. Providing unpaid elected officials with the tools to do their job better is easily worth the $6,000 appropriated for this purpose. But in a state with a strong Open Meetings Law and Open Records Law, does technology now require an Open Electronic Impulses Law? The Gresham computer system, like many others, permits users to send messages to other users. Anyone with a modicum of conspiracy theory can easily imagine a quorum of the City Council logged on to their computers together, busily conducting city business beyond the prying eyes of those without user codes. Gresham officials realize the risks involved. Even if city residents cannot gain access to the system, the information in it still belongs to them. And since a private conference call among a council quorum is illegal, a computer caucus would equally constitute an access violation. "What goes in is something we're concerned about, and I will probably advise them to be conservative," says City Attorney Tom Sponsler. "For council members to communicate, with a quorum, on how they feel about policy is not appropriate, and I will so advise them." Sponsler thinks there is a greater potential for violations of the Open Records Law than the Open Meetings Law. "Anything of any substance," he advises, "should not exist only online." Members should also remember, as Lt. Col. Oliver North could remind them, that anything put into a system can later be pulled out of the system. City Manager Wally Douthwaite expects that before the system goes on line, Gresham will need a written policy on its use. The need for clarification may not stop there. "There may be a time when computer use will be so universal that we will need to take another look at the law," says Oregon Attorney General Dave Frohnmayer. "The Open Meetings Law was not designed for this technology." The rules, Frohnmayer and Sponsler agree, should be clear. Providing information by computer is fine; debating and negotiating electronically slips into silicon secrecy. If the legal principle is clear, the technology should be able to follow. All that is needed by Gresham - and the cities that will doubtless follow its example - is a package of Open Meeting Software. And people who understand its importance. ***[end of editorial] I spoke to the reporter who covered the story, and he said it was an email system, not an interactive conferencing system. He thought they'd be using a VAX 220 (?), and didn't know which operating system. Barbara Zanzig {major backbone sites}!tektronix!tekecs!barbaraz barbaraz@tekecs.tek.com ------------------------------ Date: 19 May 1987 09:18-EDT From: Chuck.Weinstock@sei.cmu.edu To: RISKS FORUM (Peter G Neumann -- Coordinator) Subject: Re: Phalanx If the defense weapons were not reliable enough to keep on all of the time, that should tell us all a lot about the chances for Star Wars to succeed (as if we didn't know already!) [There is a serious lesson about perpetual readiness when nothing ever seems to be happening. Too often there appears to be no urgent need to worry about some particular event, because it has never happened before. Someone on board was quoted as saying exactly that -- no one had ever fired anything directly at them before, and therefore it seemed quite reasonable to expect that this time was no different. Crying "wolf" is bad, but not recognizing the wolf (in sheik's clothing?) is even worse.) Sorry if I repeat myself on this subject, but this is a really important issue. PGN] ------------------------------ From: bowen%sevax.prg.oxford.ac.uk@Cs.Ucl.AC.UK Date: Tue, 19 May 87 11:20:08 BST To: RISKS <@Cs.Ucl.AC.UK,@sevax.prg.oxford.ac.uk:RISKS@csl.sri.com> Subject: Choosing a password Following the recent discussion on password (in)security, here is a simple way of choosing a fairly safe password which I believe is attributable to Steve Bourne (ex Bell Labs). Find any handy document (there's usually something near most VDUs) and point your finger randomly at the text. Select the nearest word (or words if they are short) and substitute one or two of the letters for some other character. E.g. a `0' for an `o'. This should reduce the risk of your password being decrypted. You also have the benefit that you can easily select a new password as often as you like. Jonathan Bowen, Oxford University Computing Laboratory, England. [Because this is not a deterministic algorithm, it has some merit. However, you must remember that passwords are still vulnerable to various attacks. In some operating systems and in most local networks, it is easy to capture a password in transit. In that case, it does not much matter how cute you are in generating passwords. A second point is that as soon as you let people generate their own passwords, someone will want a nice simple easily guessable one, ignoring the problem that his/her operating system does not do a very good job of preventing someone masquerading as that user from climbing through other people's files, implanting Trojan horses, deleting files, etc. It is very antisocial of anyone to have such a weak password, or to rely on passwords that can be easily captured. Simplistic thinking is the real source of trouble. Even the policy that everything should be wide open (no secrets) does not protect you against getting clobbered by file deletions and Trojan horses. So, let's avoid fine-tuning essentially weak approaches and remember the big picture. Then I will stop reiterating... PGN] ------------------------------ Date: Wed, 20 May 87 14:03 CET To: RISKS@CSL.SRI.COM From: Michael Wagner +49 228 303 245 Subject: Re: Passwords, thefts (Andrew Burt) (RISKS DIGEST 4.86) CC: isis!aburt@seismo.css.gov > Here at DU we have the terminals bolted to ... tables ... . > Far better, though, is that each unit is engraved and painted > with large "DU"s on each component in highly visible locations. > Makes them very hard to fence. Interesting ... we seem to be concerned with different risks. I always assumed that terminals were stolen from public terminal areas in universities by individuals who wanted a home terminal. It never occured to me that someone would seriously consider 'fencing' such a thing. PCs, perhaps. I guess the general population might know what to do with such things. But terminals? Under my set of assumptions, a large logo would merely enhance the value of the treasure. In fact, at UofT, we lost a few terminals to start-of-year initiation rights. One terminal made it's way to another university in the area as part of a scavenger hunt (I expect they got extra points for distance). Does anyone have any statistics on where the real risks are here? Michael ------------------------------ Date: Sat, 16 May 87 18:36:46 EDT From: Don Hopkins To: elbows@oberon.lcs.mit.edu, tanstaafl@ucbarpa.berkeley.edu Subject: Nuclear Plant Emergency Plan: In Event of Quake, Smash Toilets Via: Michael Grant and geoff@csl.sri.com Nuclear Plant Emergency Plan: In Event of Quake, Smash Toilets United Press International CHATTANOOGA, Tenn., May 14 -- Among the earthquake emergency plans at the TVA's Sequoyah Nuclear Plant is one to break all the toilets with a sledgehammer and cover the plumbing holes with duct tape to seal off nuclear leaks. According to The Chattanooga Times, TVA nuclear engineers decided in 1984 that an earthquake could cause water in toilets to spill or drain out, destroying the "water seal" in the pipes. At the Watts Bar Nuclear Plant, being built near Spring City, Tenn., plumbing that would not rely on a water seal was installed. But at the Sequoyah Nuclear Plant, where nuclear reactors were operating at the time, the hammer-and-duct-tape plan was adopted. Both reactors at Sequoyah have been shut down for 21 months because of safety and other regulatory violations at the Soddy-Daisy plant. The hammer and tape are stored in a locked wooden box outside the Sequoyah control room. "Personally, I don't think the big hammer is a big issue," Sequoyah shift engineer Jeffrey Lewis said. "That cabinet has been there for years and we haven't used an inch of duct tape." Clerk Sue Hartman works near the box where the hammer is stored. She said the key to the box is "kept under surveillance at all times." In fact, the key to the key to the cabinet where the hammer box key is stored is "kept on my body," Hartman said. ------------------------------ End of RISKS-FORUM Digest ************************ -------