RISKS-LIST: RISKS-FORUM Digest Thursday 29 September 1988 Volume 7 : Issue 59 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Arthur Miller, Assault on Privacy: Computers, Data Banks and Dossiers (Barry C. Nelson) EPROM is not necessarily programmed for life (Mike Linnig) The Wobbly Goblin (a.k.a. Stealth fighter) (Alan Kaminsky) Re: Stanford Collider Shut Down (Matthew P Wiener) Re: Is Uncle Sam selling your name to mailing lists? (Greg Pflaum via Mark Brader) CPSR 1988 Annual Meeting (Gary Chapman) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Wed, 28 Sep 88 11:03:40 EDT From: "Barry C. Nelson" Subject: Arthur Miller, Assault on Privacy: Computers, Data Banks and Dossiers The American Society for Industrial Security is holding its annual seminar and exhibition in Boston at the moment. There were nearly 3000 registered attendees, not including over 350 companies with product or service exhibits. The luncheon speech on 27 Sept was by Arthur Miller, Professor of Law at Harvard University, renowned author on court procedures and legal expert appearing on TV programs such as "Good Morning America." He is author of "The Assault on Privacy: Computers, Data Banks and Dossiers" which is considered "must" reading on the issue. Let me pass on a few of his remarks which were addressed to the thousands of security professionals from all over the country. It was shrill, but compelling. (Consider that MOST of the listeners know nothing about computers.) Barry C. Nelson +++++++++++++++ The following is provided without permission and may be available on tape from National Audio-Visual Transcripts, Ltd. +++++++++++ "... I warn you, I'm a card-carrying privacy nut. ... You can't get very far in this world without your dossier being there first. Flight Reservation systems decide whether or not you exist. If your information isn't in their database, then you simply don't get to go anywhere ... What people have been reduced to are mere 3-D representations of their own data. The Avis WIZARD decides if you get to drive a car. Your head won't touch the pillow of a Sheraton unless their computer says it's okay. ... This information forms a permanent "dossier". It's THEIR information now. They know your name, address, telephone number, credit card numbers, who ELSE is driving the car "for insurance", ... your driver's license number. In the state of Massachusetts, this is the same number as that used for Social Security, unless you object to such use. In THAT case, you are ASSIGNED a number and you reside forever more on the list of "weird people who don't give out their Social Security Number in Massachusetts." ... YOU can't get a copy of these records. There is no law which forces private agencies to tell YOU what they know in most cases. ... Data is a lot like humans. It is born. Matures. Gets married to other data, divorced. Gets old. One thing that it doesn't do is die. It has to be killed. ... At the same time, data is dehumanizing. Take the case of a person, flesh and blood, who wants to go to law school. A six-page form is filled out and gets "processed" by the computer along with transcripts and LSAT scores. ... Eventually an "index number" is spit out. This number is then put on the Great Chart on the Wall with a lot of others. This person, whose only crime in life was wanting to go to law school, has been reduced to a DOT on the wall awaiting evaluation. ... What should we be doing about all of this? Adjusting the regulations a little. ... Only the information which is necessary for the job at hand should be collected. People should have access to the data which you have about them. There should be a process for them to challenge any inaccuracies. There should be more control on the eventual uses of data which was supplied for some business at hand, but has been sent elsewhere "upon request" Old data should be killed when its useful life is served. Data must be protected from those who would abuse it. ..." ------------------------------ Date: Wed, 28 Sep 88 09:23:18 CDT From: linnig@skvax1.csc.ti.com Subject: EPROM is not necessarily programmed for life > I can't answer the question, but note that, for software operating in > the occasionally high-radiation environment of space, "being in ROM" > doesn't mean "can't be overwritten." Unless things have changed in the past few years... UV erasable EPROM's only stay programmed for a few years (~7). These chips bury a charge inside of an insulating layer. UV exposure causes the charge to be erased, so does the passage of time. I wonder how many computerized boxes out there are carry their programs in EPROM? Sounds like a ticking time bomb to me. Mike Linnig, Texas Instruments ------------------------------ Date: Wed, 28 Sep 88 07:20:32 EDT From: ark%hoder@CS.RIT.EDU Subject: The Wobbly Goblin (a.k.a. Stealth fighter) "How Wobbly the Goblin" (Time magazine, October 3, 1988, p. 29) "The U.S. Air Force is so secretive about its radar-invisible Stealth fighter that it refused to acknowledge the plane existed even when one crashed in California two years ago. Yet when a covey of U.S.A.F. pilots converged in Washington last week for an Air Force Association symposium, shop talk indicated that the Stealth has a nickname. Pilots who fly the plane out of the Tonopah, Nev., Air Force base find it so tricky they call it the "Wobbly Goblin." Onboard computers are supposed to control the Stealth's performance, even at the highest speeds, but experts say the plane sometimes "gets away" from the pilot, who then has to take over manually--and earn his wings all over again." Does anyone know any details? Alan Kaminsky, School of Computer Science, P.O. Box 9887, Rochester, NY 14623 Rochester Institute of Technology 716-475-5255 ------------------------------ Date: Sat, 24 Sep 88 23:57:36 pdt From: weemba@garnet.Berkeley.EDU (Matthew P Wiener) Subject: Re: Stanford Collider Shut Down >Stanford University's $115 million linear collider has been shut down >after several months' efforts failed to get it running properly. Is this *permanent*? I read only a month ago in SCIENCE (or NATURE?) that they were still expecting to get results next year. SLAC itself is not in trouble so much as the redesign for making it a Z factory. Of course, there could be repercussions. >Although there seems to be nothing basically wrong with the system, it >is "simply so complicated that, despite the best efforts of more than >100 people, they have not been able to keep all its complex parts >working together long enough to get results." Also, because they were in a hurry to beat CERN with the first Z factory, they used the cheapest parts they could find. They are paying for this now. One good consequence is that SLAC has proven that the basic design for using linacs to mass produce Zs is sound. Nothing like it had been tried before. I vaguely recall reading somewhere that inspired by SLAC's "success", in West Germany there are plans to build a similar linac-based Z factory. > Since spring they have >"fought a succession of glitches and breakdowns in the machine's myriad >magnets, computer controls, and focusing devices." The outside weather did not help either. ucbvax!garnet!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720 ------------------------------ Date: Thu, 22 Sep 88 10:37:55 EDT From: Mark Brader Subject: Re: Is Uncle Sam selling your name to mailing lists? Path: sq!geac!yunexus!utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.[] cis.ohio-state.edu!mailrus!ames!necntc!dandelion!ulowell!interlan!pflaum From: pflaum@interlan.UUCP (Greg Pflaum) Newsgroups: misc.consumers Date: 19 Sep 88 23:05:24 GMT Organization: MICOM-Interlan, Boxborough, MA (1-800-LAN-TALK) In article <2123@edsews.EDS.COM> peter@edsews.EDS.COM (Peter Zadrozny) writes: >For the last two weeks I've been swamped with pre-approved >credit cards and loans, at least three offers every day from >different banks. The strange part is the they are all addressed >to my legal name which is only known by Uncle Sam and his red tape >offices. Is anyone of them selling names and addresses >to mailing lists houses??? What's going on, are they going >to pay the public debt this way? It is possible that, at some point in the distribution, someone illegally obtained a tape of names, addresses and other information from some government database. I've seen a similar situation when I was in school at the University of Massachusetts. I received a mailing from a life insurance company which was addressed to "The parents of Greg Pflaum". Because UMass did not have my parents' address, I often got mail from the school with that address. Checking around, I found that those friends who also received UMass's "To the parents of" mail had also received the insurance solicitation. I didn't check with any parents, but clearly at least some group of parents also got it. At the office that produces the university magazine (Contact) that is sent to all parents I learned that mailing labels were ordered from a central office which did the database selection and printing. That was as far as I got. They said the school did not sell mailing lists, and refused to believe there was any connection between the insurance mailing and the UMass database. "Maybe someone went through the phone book," they suggested. Sheesh. A student who did programming for the school suggested the most likely answer: a programmer or operator made a few bucks on the side. Greg ------------------------------ Date: Sat, 24 Sep 88 14:07:06 PDT From: chapman@csli.Stanford.EDU (Gary Chapman) Subject: CPSR 1988 Annual Meeting Computer Professionals for Social Responsibility Annual Meeting November 19 and 20 at Stanford University A collection of nationally known authors, scientists, and innovators in the computer science field will address the issues of computers and their impact on the arms race, the workplace, education, and society at the l988 Annual Meeting of Computer Professionals for Social Responsibility (CPSR), to be held November 19 and 20, l988, in Cubberley Auditorium at Stanford University. Two sessions that already are generating a great deal of interest will draw together experts from a wide variety of fields to comment on developments in technology that could affect the general population. The first, Privacy, Computers, and the Law, deals with the FBI's plans to upgrade its already massive criminal justice database so that it can better identify individuals. The current system now contains over l9 million records and is accessed up to half a million times per day. Would an improved version threaten the privacy and liberties of citizens? Discussing the issues from a variety of perspectives will be: William A. Bayse, FBI assistant director for technical services; Congressman Don Edwards (D-San Jose), chairman of the House Subcommittee on Civil and Constitutional Rights; Jerry Berman, chief legislative counsel of the American Civil Liberties Union and director of the ACLU Privacy and Technology Project; and Peter Neumann, SRI International and CPSR/Palo Alto. The second panel will debate the impact of the personal computer of the future as presented in Apple Computer's video story, "Knowledge Navigator." The speculative Knowledge Navigator is a flat, notebook-sized computer that can speak with the user, explore databases on its own, do simulations, and display a picturephone and graphics, all by voice command. Addressing the social assumptions and implications of this possible technology will be: Larry Tesler, vice president of Advanced Technology, Apple Computer; Esther Dyson, editor and publisher of Release 1.0 newsletter; Fernando Flores, chairman of Action Technologies and co-author of Understanding Computers and Cognition; Peter Lyman, director of educational computing, University of Southern California; Theodore Roszak, professor of sociology, California State University at Hayward and author of The Cult of Information. Speaking on the topic Technical Challenges in Arms Control in the Next 15 Years is Sidney Drell. Dr. Drell serves as co-director of the Stanford Center for International Security and Arms Control and deputy director of the Stanford Linear Accelerator Center. He also is past president of the American Physical Society and author of Facing the Threat of Nuclear Weapons. Technology, Work, and Authority in the Information Age: The Role of the Computer Professional will address the opportunities and problems of computers in the workplace. By the end of the century, approximately two-thirds of all workers will use a computer terminal . Will that computer enhance their skills or assist management in controlling workers? Speaker Robert Howard, author of the book Brave New Workplace and senior editor of Technology Review will focus on what role computer designers can do to create socially responsible products. Women learn how to use computers differently than men, says speaker Deborah Brecher, founder and executive director of the Women's Computer Literacy Program in San Francisco. Women and Computers: Does Gender Matter? will cover what programmers, educators and employers need to know about computer learning and the sexes. Computer pioneer Jim Warren will deliver the keynote speech at CPSR's Annual Banquet to be held at Ming's Villa in Palo Alto. Mr. Warren founded The Intelligent Machines Journal which .later became InfoWorld. He also started the West Coast Computer Faire, the pre-eminent show for personal computer users and hobbyists, was the founding director of the first personal computer software magazine, Dr. Dobb's Journal of Computer Calisthenics and Orthodontia. He later served as the original host of the PBS series, "Computer Chronicles," and was awarded the first Sybex Computer Pioneer Award which recognizes innovators in the microcomputer field. In the academic arena, Mr. Warren has taught computer science at San Francisco State, San Jose State and Stanford University. Mr. Warren's speech, Computers, Information, and Politics, will focus on how citizens can gain access to computerized information on individuals, corporations, and the government, and how they can use that information to bring about effective political action, locally or globally. During the banquet, the CPSR Board of Directors will present the Norbert Wiener Award for Professional and Social Responsibility to Joseph Weizenbaum, professor of computer science (emeritus) at the Massachusetts Institute of Technology. Sessions on Sunday, November 20, will be devoted to the organization and future direction of the association. Speakers include: Terry Winograd, associate professor of computer science at Stanford University and co-author of Understanding Computers and Cognition,; grassroots organizer and trainer John Spearman, senior contract administrator for The Doctor's Council in New York City; Steve Zilles, chairman of the board of directors, CPSR; and Gary Chapman, executive director of CPSR and co-editor of Computers in Battle. Registration fees for the meeting are as follows: $10/members; $20/nonmembers before November 9; $20/members, $30/nonmembers after November 9. The banquet is $30/members, $35/nonmembers. Reservations are on a first-come, first-served basis. Please call (415) 322-3778 for registration material. ------------------------------ End of RISKS-FORUM Digest 7.59 ************************