Path: sparky!uunet!charon.amdahl.com!pacbell.com!ames!sun-barr!cs.utexas.edu!
zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!ucbvax!CSL.SRI.COM!
risks
From: ri...@CSL.SRI.COM (RISKS Forum)
Newsgroups: comp.risks
Subject: RISKS DIGEST 13.87
Message-ID: <CMM.0.90.1.720156044.risks@chiron.csl.sri.com>
Date: 27 Oct 92 03:20:44 GMT
Sender: dae...@ucbvax.BERKELEY.EDU
Reply-To: ri...@csl.sri.com
Distribution: world
Organization: The Internet
Lines: 571
Approved: ri...@csl.sri.com

RISKS-LIST: RISKS-FORUM Digest  Monday 26 October 1992  Volume 13 : Issue 87

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

  Contents:
US presidential election year politics help cause time zone bugs (Paul Eggert)
Privacy of e-mail (Symantec/Borland suit) (Robert Bowdidge)
New risk reports (Jonathan Bowen)
The DC-10 Case (Robert Dorsett)
Re: Erased Disk used against Brazilian President (Bob Frankston, Robert Slade)
Re: Risks in banking (Steve Lamont)
T*p S*cr*t II and William Safire (Bob Devine)
Conference on Computers, Security and the Law (Kimble)
Re: 15th National Computer Security Conference (A. Padgett Peterson, 
    Peter K. Boucher, Larry Hunter, Pete Kaiser)

 The RISKS Forum is moderated.  Contributions should be relevant, sound, in 
 good taste, objective, coherent, concise, and nonrepetitious.  Diversity is
 welcome.  CONTRIBUTIONS to RI...@CSL.SRI.COM, with relevant, substantive 
 "Subject:" line.  Others may be ignored!  Contributions will not be ACKed.  
 The load is too great.  **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
 especially .UUCP folks.  REQUESTS please to RISKS-Requ...@CSL.SRI.COM.     

 Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
 CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 13, j always TWO digits).  Vol i
 summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
 The COLON in "CD RISKS:" is essential.  "CRVAX.SRI.COM" = "128.18.10.1".
 <CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.

 For information regarding delivery of RISKS by FAX, phone 310-455-9300
 (or send FAX to RISKS at 310-455-2364, or EMail to risks-...@cv.vortex.com).

 ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
 Relevant contributions may appear in the RISKS section of regular issues
 of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date: Mon, 26 Oct 92 14:47:57 PST
From: egg...@twinsun.com (Paul Eggert)
Subject: US presidential election year politics help cause time zone bugs

Several people on the west coast of the US reported that their Unix
systems failed to switch from daylight savings time to standard time
yesterday, 26 October 1992.  The reason?  When they originally
configured their systems, they were asked to choose one of the
following time zone rules:

	US/Alaska	US/Central	US/Hawaii	US/Pacific
	US/Aleutian	US/East-Indiana	US/Michigan	US/Pacific-New
	US/Arizona	US/Eastern	US/Mountain	US/Samoa
	...

Some people chose `US/Pacific-New' instead of `US/Pacific'.
After all, who wants the old version when you can have the new version?

Unfortunately, `US/Pacific-New' stands for ``Pacific Presidential Election
Time'', which was passed by the House in April 1989 but never signed into law.
In presidential election years, this rule would have delayed the PDT-to-PST
switchover until after the election, to lessen the effect of broadcast news
election projections on last-minute west-coast voters.  Thus, US/Pacific-New
and US/Pacific have always been identical -- until yesterday.

This problem comes from combining Arthur David Olson's deservedly popular time
zone software (which you can FTP from elsie.nci.nih.gov in pub/tz92b.tar.Z)
with some overly terse vendor-supplied installation procedures.  No doubt Olson
did not use a more informative name like `US/Pacific-Presidential-Election'
because of the 14-character file name length limit in many Unix file systems.
In view of yesterday's experience, though, it seems unwise to make the
hypothetical choice available under any name, since it gives free rein to
Murphy's Law.

------------------------------

Date: Tue, 6 Oct 92 12:54:30 -0700
From: bowdi...@cs.UCSD.EDU (Robert Bowdidge)
Subject: Privacy of e-mail (Symantec/Borland suit)

In the Los Angeles Times business section on Monday, 5 October 1992, there was
an article describing some of the difficulties of Symantec, a publisher of
software for the Macintosh and IBM-PC markets.  One of the more interesting
situations for the company was a criminal complaint and civil suit filed by
Borland International charging a former Borland vice president with passing
trade secrets.

>From the article:
   (Eugene) Wang, disappointed after a management reshuffle two months earlier,
resigned from Borland earlier the same day [that Symantec announced he had been
hired as a vice president].  Acting on a tip, Borland officials searched
records of electronic mail that Wang had sent via MCI Mail.  They found ten
messages he had sent to Eubanks and others that allegedly contained proprietary
information on Borland's product plans.
   Normally, that might lead to a civil suit.  Such actions have become
relatively common in an industry where the expertise of a few people is often a
company's key asset.
   But Borland took matters a step further, filing a criminal complaint with
the Scotts Valley Police Department in addition to a civil suit.  Police said
they found the information in the messages sufficient grounds to seek a search
warrant [for Symantec's offices and Wang's home.]...
   Legal experts who aren't involved in the case don't know what to make of it.
``At first blush, it seems like they (Borland) must have had some pretty good
evidence,'' said Kaufman of [Brobeck, Phleger, and Harrison, a San Francisco
law firm].  ``But it's bizarre -- Wang, a premier computer scientist, doesn't
know that when you use MCI mail, it's recorded?  It's a very strange set of
facts.
                        [Yet another reason to encrypt my mail...  
                        Robert Bowdidge     bowdi...@cs.ucsd.edu]

------------------------------

Date: Mon, 26 Oct 92 14:46:11 GMT
From: Jonathan.Bo...@prg.ox.ac.uk
Subject: New risk reports

There is an article on risk in today's (Monday, 26 October 1992) UK
Independent newspaper (p14) which RISKS readers may find interesting
entitled "The chances of being run over by a bus" by Tom Wilkie. It
advertises two reports which sound as if they are worth looking at:

"The Tolerability of Risk from Nuclear Power Stations", HMSO,
PO Box 276, London SW8 5DT, UK. (12 pounds sterling.)

"Risk: Analysis, Perception and Management", The Royal Society,
6 Carlton House Terrace, London SW1Y 5AG, UK. (15.50 pounds sterling.)

The latter values "a statistical life" at 2-3 millions pounds sterling
(c $4 million) in that this is the sort of amount of money that should
be spent on saving one life. However the article states that John
MacGregor, the Secretary of State for Transport, for his department
values a life at only around 500,000 pounds sterling.

Jonathan Bowen, Oxford University

(Of course, the value of a human life in the UK has been devalued by about 10%
recently. :-)

------------------------------

Date: Fri, 9 Oct 92 01:17:11 CDT
From: r...@cactus.org (Robert Dorsett)
Subject: The DC-10 Case  [also in sci.aeronautics,rec.travel.air]

Ran across this.  It looks like a nice little anthology, covering many aspects
of the DC-10.  Probably worth it for the NTSB reports alone ($20 each from
NTIS).  I haven't read the more "thematic" articles, though, and no endorsement
is meant or implied.  Robert Dorsett ...cs.utexas.edu!cactus.org!rdd

Title: The DC-10 Case
Subtitle: A study in applied ethics, technology, and society.
Editors: John H. Fielder and Douglas Birsch
Publisher: State University of New York Press
Date: 1992
Pages: 346
ISBN: 0-7914-1087-0 (hardcover) 
      0-7914-1088-9 (paper)
Illustrated.

CONTENTS:

    Preface
    Introduction
    Ethical Analysis of Case Studies/John H. Fielder
    
    HISTORY AND EARLY WARNINGS
    
    1.  Regulatory and Institutional Framework
    
    2.  High Risks, Sinking Fortunes/John Newhouse
    
    3.  Floors, Doors, Latches and Locks/John Fielder
    
    4.  The 1970 Ground Testing Incident/Paul Eddy, Elaine Potter, 
        Bruce Page
    
    5.  National Transportation Safety Board Report on the Windsor 
        Incident
    
    6.  The Applegate Memorandum/Paul Eddy, Elaine Potter, Bruce Page
    
    7.  Fat, Dumb and Happy: The Failure of the FAA/Paul Eddy, Elaine 
        Potter, Bruce Page
    
    8.  Compliance with Service Bulletin SB 52-37
    
    9.  Conclusions of the US Senate Oversight Hearings and Investigation
        of the DC-10 Aircraft
        
    THE 1974 PARIS CRASH
    
    10.  French Government Report on the 1974 Paris Crash
    
    11.  Engineers Who Kill: Professional Ethics and the Paramountcy of 
         Public Safety/Kenneth Kipnis
        
    12.  Whistleblowing, Ethical Obligation, and the DC-10/Douglas Birsch
    
    13.  What is Hamlet to McDonnell Douglas or McDonnell Douglas to Hamlet?: 
         DC-10/Peter French
    
    Commentary/Homer Stewell
    
    14.  Statement of John C. Brizendine, President, Douglas Aircraft Company,
         McDonnell Douglas Corporation
        
    THE 1979 CHICAGO CRASH
    
    15.  National Transportation Safety Board Report on the 1979 Chicago Crash
    
    16.  The DC-10: A Special Report/McDonnell Douglas
    
    17.  Two Models of Professional Responsibility/Martin Curd and Larry May
    
    THE 1989 SIOUX CITY CRASH
    
    18.  National Transportation Safety Board Report on the 1989 Sioux City 
         Crash
    
    19.  The 1989 Sioux City Crash/John Fielder
    
    20.  Statement of Ralph Nader
    
    21.  Aviation Safety: Management Improvement Needed in FAA's Airworthiness
         Directive Program
        
    22.  The FAA, the Carriers, and Safety/Charles Perrow
    
    23.  International Airline Passengers Association Critique of the DC-10
    
    24.  Moral Responsibility for Engineers/Kenneth D. Alpern
    
    Commentary/Andrew Oldenquist
    
    Commentary/Samuel C. Florman
    
    Select Bibliography
    
    IEEE Code of Ethics
    
    Index
 
Back Cover:

"Designed as a textbook for courses in ethics, this book provides the material
needed to understand the accidents in which more than 700 people were killed--
accidents that many believe were the result of unethical actions and inactions
by individuals, organizations, and government agencies.  An introduction to
ethical analysis and discussions of the ethical responsibilities involved are
also provided.  The case study offers material for a sustained inquiry into
every level of ethical responsibility reflecting the rich complexity of actual
events.

"_The DC-10 Case_ presents these issues through a collection of original and 
published articles, excerpts from official accident reports, congressional 
hearings, and other writings on the DC-10.  The authors allow the readers to 
examine the ethical issues of airline safety as they actually occur, taking 
account of the circumstances in which they arise.

"John H. Fielder is is Professor and Douglas Birsch is Assistant Professor of
Philosophy at Villanova University."

------------------------------

Date: Sun 25 Oct 1992 01:57 -0400
From: Bob_Franks...@frankston.com
Subject: Re: Erased Disk used against Brazilian President

Of course, as RISKS readers know, getting rid of information is very difficult.
On the PC erase only erases the name of a file not the contents.  With proper
backup, as Oliver North discovered, it is very hard to remove all copies of
data.  There are also other caches such as email pools where one might be able
to retrieve recent data.

There is a more general issue of living in a society with a very good memory.
It is one thing to knowingly do something illegal and leaving a trail.  A more
subtle danger is a changing society that might look back at an innocuous act
and ex post facto, decide it was reprehensible.

------------------------------

Date: Mon, 26 Oct 1992 20:05:30 GMT
From: rsl...@sfu.ca (Robert Slade)
Subject: Re: Brazilian Presidential Erased Disks (RISKS-13.86)

The software used here is probably very simple.  When a computer file is
"erased", actually only the directory entry is changed, and the sectors used
are marked as again being available for use.  The file can easily be
"undeleted": numerous utilities exist for this purpose, including (I am
assuming, from the original posting, that the computer in question uses MS-DOS)
one that is part of the MS-DOS 5 system.  In fact, such utilities need not be
used: if no changes have been made on the disk, the FAT can be changed manually
with a sector editing program.

If the file cannot be "undeleted" in this manner, part of the file may still
exist on the disk, and can be read with a sector editor or viewer.  (I recently
checked a diskette with the CHKDSK utility, and found portions of files that
had been deleted three or four years ago.  This particular disk has been in
daily use with three or four large files being written to it each day.)

The fact that files are not actually "destroyed" has come as a shock to a
number of people.  I seem to recall that this fact had some significance to
Ollie North.  Also, Prodigy scared the pants off some people by creating a
large "swap" file area on disk without "clearing" it first.  Portions of
deleted files were, of course, found within it, leading to (somewhat
unjustified) charges that Prodigy was somehow violating system security.

The fact that erased files may still physically exist is one that some
antiviral programs try to address.  When an infected file cannot be
"disinfected", some antivirals will delete the existing file ... and then
overwrite the area previously occupied with standard characters.  There are
utility programs which will do this with files you wish to keep secret: some
make five or more passes with different characters each time.

Vancouver Institute for Research into User Security, Canada V7K 2G6
ROBE...@decus.ca rsl...@cue.bc.ca  p...@CyberStore.ca 604-526-3676

   [Also noted by r...@philmtl.philips.ca (Ray Dunn).  PGN]

------------------------------

Date: Sun, 25 Oct 92 15:45:40 -0800
From: s...@golgi.ucsd.edu (Steve Lamont)
Subject: Re: Risks in banking

For what its worth and just as a matter of record, I am the original author of
the item "Risks in Banking, Translation, etc.," which appeared in RISKS-13.86.
It was a submission to a recent issue of Gene Spafford's Yucks Digest mailing
list.

Steve Lamont, SciViGuy -- (619) 534-7968 -- s...@szechuan.ucsd.edu
UCSD Microscopy and Imaging Resource/UCSD Med School/La Jolla, CA 92093-0608

   [Also noted by Paul M. Wexelblat <w...@bigmax.ulowell.edu>.  Actually the 
   ORIGINAL AUTHOR was someone unidentified on the CACM staff.  Steve was the
   original contributor, to YUCKS.  PGN]

------------------------------

Date: Mon, 26 Oct 92 17:53:53 -0800
From: <dev...@postgres.berkeley.edu>
Subject: T*p S*cr*t II and William Safire

Berry Kercheval write:
>In my initial briefings for these clearances it was emphasized that classified
>information must be strictly controlled, and in fact we were given specific
>procedures for what to do if we found unattended classified documents lying
>around.

Political columnist William Safire told the story that he would get his
personal documents past government security officers by putting a printed
heading on each document.  The heading came from a very high security level
document that he once saw as part of reporting.  All went fine for a long time
because he could take his "protected" document that contained his notes into
meetings.  Unfortunately, one day a security person confiscated the document
because he wasn't supposed to have such a highly secret codeword on it!

This is analogous to protective coloration in nature...
                                                            Bob Devine

------------------------------

Date: Thu, 22 Oct 92 15:43:51
From: kim...@minster.york.ac.uk
Subject: Conference on Computers, Security and the Law

COMPUTERS SECURITY AND THE LAW, 
A CONFERENCE TO BE HELD AT THE UNIVERSITY OF YORK
31 March - 01 April 1993

The conference will be run by the Department of Computer Science at the
University of York in association with the Licensing Executives Society and the
Society of Computers and the Law.

The aim of the conference is to highlight some of the important legal issues
that surround the use, and abuse, of computer technology in a way that should
be accessible to the non-specialist, such as lawyers or computer scientists.

The target audience for the conference are senior managers and others in both
public and private sector organisations who wish to improve their knowledge
about the legal aspects of buying, using or creating computer related products
and services. The conference will be of interest to the police, the civil
service, banks, insurance and building societies.

The programme will take place over two consecutive days.  The first day will
deal with the legal aspects of intellectual property rights, copyright and
contract law as it relates to computer products and services. The second day
will deal with the topics of computer crime and its prevention, security, data
protection and privacy.

The conference dinner will be held at the end of the first day with a keynote
speaker who will provide the link between the themes. Delegates will be able to
register for either of the two days separately if they wish.

Proceedings of the conference will be published and available to participant
after the conference.

FEES: Fees will range from #275 for the full conference to #165 for one day.
Discounts are available for early booking.

Provisional Programme

Day One:
10.30 - 11.15     Overview of law relating to intellectual property rights 
11.15 - 12.00     Copyright law 
12.00 - 12.45     (Questions & Answers)
14.00 - 14.45     Computer contracts. (Software) 
14.45 - 15.30     Computer contracts. (Hardware) 
16.00 - 16.45     (Questions & Answers)
19.00 - 22.00     Conference Dinner and keynote speaker at 
                  St William's College in York
Day Two:
10.00 - 10.45     Computer Crime 
10.45 - 11.30     Damage to programs or data
11.30 - 12.15     (Questions and Answers)
13.30 - 14.15     Hacking
14.15 - 15.00     Data Protection Act, Security & Privacy 
15.30 - 16.15     (Questions and Answers)

THE UNIVERSITY OF YORK is situated in Heslington, two miles away from the
centre of York. The campus has been described as one of the finest examples of
twentieth century English romantic landscape architecture. Its main feature is
a large man-made lake supporting a wide variety of wild fowl.

The Department of Computer Science has an international reputation for being at
the leading edge of developments in the fields of Software Engineering, Safety
Critical Systems, Human Computer Interaction and New Computer Architectures It
has recently expanded both its teaching and research to include the many
faceted and dynamic field of the application of Information Technology to
Business Management and maintains many contacts in both industry and government
agencies.

LICENSING EXECUTIVES SOCIETY
The Society is committed to providing education and information to present and
future users of licensing, and gladly supports the University of York in this
conference, which will answer an ever increasing demand in the business and
licensing communities for up-to-date information on this important subject.

SOCIETY OF COMPUTERS AND THE LAW
The Society was founded in 1973 as a forum to promote the effective and
profitable use of computer technology for lawyers.  The Society informs and
promotes interest both in the development of information technology for the
practice and teaching of law, as well as in the law relating to computers - not
only for Society members but also for members of the public at large.

FURTHER DETAILS FROM: Conference Organiser: Francoise Vassie, 
Centre for Continuing Education, King's Manor, York, YO1 2EP, The University 
of York Tel 0904 433900    Fax 0904 433906, E-Mail KIM...@UK.AC.YORK.MINSTER

------------------------------

Date: Sat, 24 Oct 92 17:25:53 -0400
From: padg...@tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: 15th National Computer Security Conference (Denning, RISKS-13.86)

>From: denn...@cs.cosc.georgetown.edu (Dorothy Denning)

... >5. Listen in and decrypt the communications.

With all due respect to Mrs. Denning, I suspect that item number five would not
be "Listen in and decrypt the communications" but rather "Listen in and
discover that a secondary encryption was also used".

Anyone intelligent enough to realize that a process for disclosure existed
would be intelligent enough to use the approved scheme to mask the real
encryption, or even just to use a different key from the "approved" one if they
really had something to hide.

The only advantage to the suggested scheme would be to the "bad guys" since
steps 1-5 would have to be processed before the deception would be discovered -
or is there a suggestion that "someone" should randomly test messages to see if
the approved key is sufficient to decrypt ?

Point is, the technology exists to encrypt transmissions, even if it is as
simple as the DE knowing that when I say "stop" I really mean "go". Legislating
breakability has about as much chance as commanding the sun to rise in the
East: it will appear to be effective only until it is tested.
                    						  Padgett

------------------------------

Date: Mon, 26 Oct 92 10:52:02 -0800
From: "Peter K. Boucher" <bouc...@csl.sri.com>
Subject: Re: (Denning, RISKS-13.86)

Dorothy Denning writes:

> I believe this risk
[abuse of encryption keys registered with a government agency]
> can be reduced to about zero.  For example, using a
> public-key system, your key could be encrypted under the public key belonging
> to, say, the Justice Dept.  The encrypted key would be given to and held by an
> independent agency.  But, the key could be decrypted only by Justice.  Thus, if
> someone gains access to a key held by the key agency, they wouldn't be able to
> decrypt it.

1) Can you trust the criminals to provide the keys to their data and to use
   those keys (and no others) when transmitting incriminating data?  If not,
   what's the point?

2) If you send mangled random data (garbage), can you be prosecuted for not
   giving the Gov't the proper keys?  Will they believe your assertion that
   your transmission was truly meaningless?

3) What exactly are the anticipated benefits of registering keys with a federal
   agency, and, given your answers to the above, how do they justify the cost
   and inconvenience of creating such a system?

Peter K. Boucher, Computer Science Lab, SRI International #EL-237 
Menlo Park, CA 94025 bouc...@csl.sri.com (415) 859-3927

------------------------------

Date: Mon, 26 Oct 92 12:38:23 -0500
From: hun...@nlm.nih.gov (Larry Hunter)
Subject: (Re: Denning, RISKS-13.86)

In Risks 13.86, Dorothy Denning claims that it is easy to set up a government
depository into which all decryption keys for all encrypted messages send over
public networks which would be safe from non-court ordered government
interception.  I must disagree.  Her plan is (quoting):

     [U]sing a public-key system, your key could be encrypted under the public
     key belonging to, say, the Justice Dept.  The encrypted key would be given
     to and held by an independent agency.  But, the key could be decrypted
     only by Justice.  Thus, if somone gains access to a key held by the key
     agency, they wouldn't be able to decrypt it.

     To use a key, law enforcers would have to go through these steps:

     1.  Get a court order. ...

However, if the _Justice Department_ gains access to a key held by the agency
(or the agency's whole database), they would indeed be able to decrypt traffic.
For Dr. Denning's scheme to work, I have to trust the "independent" agency not
to collude with the Justice Department.  I certainly would not trust any
executive branch agency not to cooperate with another executive branch agency.
It is also extremely unlikely a "key agency" would be formed outside of the
Executive.  The only precedent I can think of is the Federal Reserve system,
and even its independence in circumstances of significant interest to the
executive (e.g. interest rates around election time) is suspect.

In my personal opinion, Dr.  Denning's proposal does not adequately address the
issues raised by socio-political context of her weak encryption scheme.
Without extremely stiff penalties and personal liability for illegal decryption
in addition to a technical system that identified decrypting parties, it is
hard to imagine how any system could require key registration and still offer
some protection against nonwarrant government surveillance.  The political
difficulty of passing legislation that involves the potential for such
penalties to be applied to law enforcement officers suggests to me that all
"weak" schemes are unlikely to offer such protection.

------------------------------

Date: Sun, 25 Oct 92 22:54:19 -0800
From: kai...@heron.enet.dec.com (European Technology & Architecture)
Subject: The "independent agency" to hold cryptokeys

Dorothy Denning writes:

	The encrypted key would be given to and held by an independent agency.

But there is in fact no such agency in the federal government, which means
that all such discussion is empty theorizing.  Judging the events of the
last several decades make me pessimistic that we could ever have one (again?).

___Pete        kai...@heron.enet.dec.com     +33 92.95.62.97

------------------------------

End of RISKS-FORUM Digest 13.87
************************