RISKS-LIST: RISKS-FORUM Digest Friday 1 July 1988 Volume 7 : Issue 14 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: The Eyes Have It (unique driver's license numbers) (Woody) New UK Virus (Will Martin) Australia Card - more details (Chris Maltby) Re: The Challenger and visionary software architects (Jerry Hollombe) Academic Assignment of Viruses (John Gregor) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. For Vol i issue j / ftp kl.sri.com / get stripe:risks-i.j ... . Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Fri, 1 Jul 88 13:50 EDT From: (Woody) Subject: The Eyes Have It From _The_Star_Ledger_, Thursday, June 30, 1988 page 35, a New Jersey paper published in Newark. THE EYES HAVE IT MV acts to 'separate' drivers with the same name, birth date At least 14,000 New Jersey motorists share the same names, birth dates, and eye colors, the Division of Motor Vehicles has discovered in its efforts to straighten out its licensing records. The DMV will be sending out letters to the motorists next week asking them once again to reveal their true eye color. The agency was forced to delete the information from its computer system and use a substitute code number in order to avoid issuing the same drivers's license number ot different mororists, DMV Director Glenn Paulsen said yesterday. When issuing driver's licenses, the DMV computer system assigns a number consisting of a letter followed by 14 digits. The letter and first nine digits represent the driver's name, the next four digits reflect the month and year of birth and the final digits is a code representing eye color. In 14,000 cases, the DMV discovered, different motorists shared the same names, birth dates, and eye colors and had to be issued special driver's license numbers that substituted the number 7, 8, or 9 for the digits used to represent eye color. "This effectively altered the driver license number to overcome any possible duplication with an already existing number," Paulsen said. "However, it also eliminated the individual's true eye color from the record." Paulsen said the system has been reprogrammed so that driver's license numbers can be altered to avoid duplication, but still retain information regarding eye color. In addition, the DMV plans to change the format of its driver's license documents later this year to include the eye color information on the face of the license. The numbers 7, 8, or 9 will still be used on licenses in place of the eye color code numbers in cases of potential duplication, but the eye color information will remain on file in the DMV's records, under the new system. The eye color code numbers are 1 for black, 2 for brown, 3 for grey, 4 for blue, 5 for hazel, and 6 for green. [In light of all of the stories we have had in the past involving name confusion and overzealous computer matching, this one is an attempt to do things a little more sanely -- at least to recognize the problem. But it does not seem likely that, with 14,000 data collisions, the codes 7, 8, and 9 are adequate to disambiguate on into the future, especially if new collisions arise. How about using "9" as an escape for "other" and then tack on a unique disambiguator including color. What about albinos? People with non-matching eyes? glass-eyes? tinted contacts? Lots of risks in computer matching here... PGN] ------------------------------ Date: Fri, 1 Jul 88 10:36:42 CDT From: Will Martin -- AMXAL-RI Subject: New UK Virus The following is a complete item from the FEDERAL BYTES column (p. 42) of the June 27, 1988, issue of Federal Computer Week, which just arrived in today's mail (July 1): Oh, No - Not Maggy! Sources of reasonable reliability within the British Ministry of Defense (MoD) report that a computer virus has broken out. It seems that MoD uses a number of Macs, largely for graphics but some of them for word processing. Whenever anyone writes "Margaret Thatcher" or "prime minister", the screen [image] vanishes, along with whatever was on it. In the place of the missing document appears a picture of Maggy, with a Union Jack behind her. MoD, say our sources, has not found a cure. ------------------------------ Date: 16 Jun 88 20:02:07 +1000 (Thu) From: munnari!softway.oz.au!chris@uunet.UU.NET (Chris Maltby) Subject: Australia Card - more details Organization: Softway Pty Ltd, Sydney, Australia The Australia Card was not planned to be anything in particular. The design was still in the tendering stage when the whole project was canned due to a legislative technicality. Strictly speaking, the government was given a mandate by means of a dissolution and new election of both the Senate and the House of Reps which is possible only when the Senate is viewed to be obstructing legislation. The obstructed legislation was the Australia Card bill. For those unclear about the Australian Parliamentary system, the government is formed by the party which controls the House of Reps. The Senate has been/is and is likely to remain without any absolute majorities. When the new parliament was convened, a joint sitting of both houses was held to pass the bill, and it may even have been gazetted into real law, when it was discovered by a clever person that a regulation bill was required to activate the Card. The Senate indicated it wouldn't be passed so rather than face another election (and a certain loss) the Australia Card was dumped. It's ready to go, just waiting... Suggestions or requirements for the card itself were: A digitised image of the person possibly on the card itself or accessible to the counter operator when the card was scanned. A digitised signature (or thumbprint) and a digitising pad which could validate the user on presentation. The card was supposed to be made from secure materials and with secure printing etc etc. No-one had really resolved how forgery was to be prevented. An accomplice behind the registration desk would have laid the whole system open. How many forged cards would you like sir... Now we are to have an "upgraded tax-file-number" (unspecified) if the Government can get it through the Senate. Of course, the next election will be in early 1990 so they'll have to hurry... Meanwhile, the tax commissioner and the courts have started to interpret tax law much more strictly, and cuts in the rates have probably done as much as the card would to prevent avoidance. Social Security fraud seems to have retreated as an issue; it's the cutbacks to it which are capturing the public mind. Chris Maltby - Softway Pty Ltd (chris@softway.oz) PHONE: +61-2-698-2322 UUCP: uunet!softway.oz!chris FAX: +61-2-699-9174 INTERNET: chris@softway.oz.au ------------------------------ Date: 13 Jun 88 21:13:42 GMT From: hollombe@ttidca.TTI.COM (The Polymath) Subject: Re: The Challenger and visionary software architects (RISKS-7.7) }Date: Thu, 09 Jun 88 16:16:29 PDT }From: Eugene Miya }Subject: Re: The Challenger and visionary software architects } }>From: stork@humu.nosc.mil (Kent Stork) }>The May issue of Defense Science validates something that many computer }>scientists have probably suspected: ultimately, the failure of the Challenger }>and the death of the astronauts was due to a control loop software design }>oversight - just another bug. } }The closest comment to "control loop software design" is: } "It was not the leak that killed the astronauts. It was the } attempt to correct the sidethrust, which sent the Challenger } into violent oscillations. This smacks of semantic quibbling. Had there been no leak there would have been no need to correct for it. In any case, the boost phase of the shuttle's flight is extremely critical with respect to forces on the assembled shuttle, tank and boosters. The shuttle's control surfaces are put through a very precise series of moves at this time to minimize stress all around. Any drastic deviation from expected conditions would be bound to have severe consequences. } "If the Challenger had been permited to go off course, } without attempting the major correction, the side booster would } not have broken out, the booster would have burnt out with the } Challenger still intact, and the crew could have ejected, off } course but alive." [spelling corrected] Not true. There were no facilities for crew ejection on board the Challenger. (A more feasible scenario would have been an attempt to fly the Shuttle to a landing after the boost phase had burned out). If the off-course shuttle had headed for a populated area the Range Safety Officer would have been in the unenviable position of having to destroy it _and its crew_ anyway. Fortunately for his peace of mind, he only had to destroy the boosters. There are many RISKS associated with flying the Shuttle. While much effort is devoted to minimizing them, some of them simply have to be lived with. The Polymath (aka: Jerry Hollombe, hollombe@TTI.COM) Citicorp(+)TTI, 3100 Ocean Park Blvd. (213) 452-9191, x2483 Santa Monica, CA 90405 {csun|philabs|psivax|trwrb}!ttidca!hollombe ------------------------------ Date: 13 Jun 88 21:09:43 GMT From: unido!ecrcvax!johng@uunet.UU.NET (John Gregor) Subject: Academic Assignment of Viruses (RISKS-7.4) Organization: ECRC, Munich 81, West Germany -> Date: Sun, 5 Jun 88 10:25 EDT -> From: WHMurray@DOCKMASTER.ARPA -> Subject: Academic Assignment of Viruses -> A society that depends upon any mechanism for its own proper -> functioning, cannot tolerate, much less encourage, any tampering with -> the intended operation of that mechanism. Do you really believe that? Are you saying that any possible activity that could cause a deviation from the status quo is a danger and should be 'discouraged' (a euphamism for destroyed)? Unless you claim that the system is perfect (completely without flaw), how can you claim that an attempt to make change cannot be tolerated. Even if you feel perfection has been reached, who appointed you to be the conscience for the rest of the race? There no difference between your statement and worst actions attributed to "The Red Menace," in that they destroy the individual to maintain the purity of the state. Such closed mindedness never leads to an orderly society. It leads to the mindless destruction of all (both valid and fringe) criticism and methods of checks and balances. It leads to an ever tightening spiral of repressions that is only broken by revolution and chaos (not something I consider beneficial). Your statement is the antithesis of the ideals of personal liberty and social change that this (I'm a temporarily relocated US citizen, so I mean the US) country is founded upon. -> Therefore, one is tempted to rise up in indignation at the idea of a -> qualified academic assigning a virus to his students. It's one thing to assign a project that specifically violates US or State laws. It is quite another to use an exercise to demonstrate the fallacies of system security, system design flaws, and the ingenuity and persistence of the dedicated. The assumed goal of the exercise was to give the students an insight into the problems of system security and design. A lesson they will take with them into industry to integrate into the next generation of computing systems. Then you and those like you will be praising the same people for their ability to seal up the leaks that plagued today's systems. -> The next thing you know, they will be assigning plagiarism. How about -> the forgery of academic credentials? Perhaps we should offer a course -> in how to falsify research results. Or, perhaps, on how to trash -> another's experiments, notes or reports. This is in no way implied by the original project. It is only an emotional appeal to create some sort of "mob-scene" reaction. It is in bad style. The sad part is that mob psycology works (mobs aren't very bright). This means that some external entity must apply force to the majority to protect the rights of the stampeding minority. From your posting and your ARPA location, I assume you are a part of some such entity. Unfortunately, the types that wind up ensuring the rights of the minority are also the most likely to mindlessly follow the state dogma and use their ability to use force to destroy the balances they were there to protect. It's a positive feedback situation. It's an auto-immune reation gone crazy. It's fatal. It's the biggest RISK of all. -> Perhaps it is a sign of immaturity that we are unable to recognize the -> moral equivalency. I will leave open the question of whether the -> immaturity is in the technology, the society, or academia. I sugest it is in those who fear any and all challenges to their dogma and supersticion. Especially those who fear ideas and use force to destroy them. Actually, I guess I'm no better. The basic philosophy your posting supports and what history has shown to be the results of that philosophy are the only cause I can imagine risking my life to help destroy. Our only difference is that I am able to live my life knowing that there are those who don't believe as I. While many of them won't rest until all of the heretics, perverts, and risks to their social order have been neutralized. Yes, this is a war. It's not one I would have. It's one that is caused by those who feel they MUST destroy all dissent and won't let the rest alone. I only hope I and the ones I love never have to fight. -> I thought that we put this issue to bed several years ago when we -> stopped assigning the breaking of security. It seems that we did not. It's still common practice to stress test a system (computer, program, physics theory, etc.) by trying to break it. It's the only way to be sure. Why should a political theory or social order be sacrosanct? If you fail to test, unless you are perfect, the system will fail in a way that could have prevented if only the attitude of the powers-that-be didn't equate questioning as heresy. Our shuttle is a good example of where that attitude goes. -> For an academic to be unable to recognize that assignments, and the -> recognition that goes with their successful completion, encourages the -> behavior assigned, demonstrates a lack of understanding of the activity -> in which he is engaged. If he understands it, and still makes such an -> assignment, he demonstrates a lack of understanding of where his real -> interest rests. -> Such irresponsible behavior may account, in part, for the anti-academic -> bias in our society and for the manifest distrust of the scientific -> establishment. I believe that your perceptions of an anti-academic bias and distrust of academia stem from that fact that they can't be controlled. They can come up with facts independently from your personal belief system. Your views are no better than the worst of the Soviet and Nazi system, where only state-backed results were released and non-conforming results were destroyed and the people involved "reeducated." Academia should have to bow to your (or anyone's) fears, superstitions, or idea of what the answers should be. Reality is not going to change, no matter how much you or anyone (creationists, flat earthers, etc) want. -> It is of little wonder that the citizens of Cambridge, Massachusetts -> are reluctant to trust the likes of these with genetic engineering. An analogous project might be to create viruses and other biological agents that target "flaws" in the human system. I don't think you need to worry about the universities. The US military is quite advanced in this madness. The difference between the two projects is that 1. The computers are the property of the university and theirs to do with as they wish. Humans aren't. 2. An electrically and logically separate computer environment is easier to create/maintain and guarantees isolation. Biological systems aren't so simple or as easy to play with. 3. The worst case scenario for the computer project is: Brand X computers fall over until booted from a clean tape and some data is lost. For a biological scenario: Extinction of the human species or of all life on Earth. So why does the DoD continue Biowarfare? Or is is it ok because it's done by the state? If I ever try to get a security clearance and this doesn't come back to me, I'll be disappointed. ------------------------------ End of RISKS-FORUM Digest 7.14 ************************