11-Dec-86 21:20:25-PST,12617;000000000001
Mail-From: NEUMANN created at 11-Dec-86 21:19:07
Date: Thu 11 Dec 86 21:19:07-PST
From: RISKS FORUM (Peter G. Neumann -- Coordinator) <
[email protected]>
Subject: RISKS DIGEST 4.27
Sender:
[email protected]
To:
[email protected]
RISKS-LIST: RISKS-FORUM Digest, Thursday, 11 December 1986 Volume 4 : Issue 27
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Computerised Discrimination (Brian Randell)
Belgian Paper transcends computer breakdown (Martin Minow)
Re: Plug-compatible modules (Keith F. Lynch)
Re: Criminal Encryption (Keith F. Lynch, Ira D. Baxter, Dave Platt)
Re: More on skyscraper control (Brint Cooper)
The Second Labor of Hercules (Dave Benson)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to
[email protected], Requests to
[email protected])
(Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j. MAXj:
Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.)
----------------------------------------------------------------------
From: Brian Randell <brian%
[email protected]>
Date: Thu, 11 Dec 86 17:45:10 gmt
To:
[email protected]
Subject: Computerised Discrimination
Perhaps the most worrying feature of the situation described in the
following extracts from an article in the Guardian, dated 8 Dec. 1986, is
that the computer "was only following orders"!
Claims of Prejudice Against Women and Blacks
MEDICAL SCHOOLS TO FACE DISCRIMINATION ENQUIRY
By Andrew Veitch
Medical Correspondent
Leading medical schools face an investigation into allegations that they are
discriminating against women and black students.
This follows the discovery by two consultants that their own school, St.
George's in south London, has been using a computer selection programme which
deliberately down grades applicants if they are female and non-white.
It is thought that hundreds of well-qualified students may have been turned
away on those grounds. The hospital's ruling academic board has scrapped the
programme and is likely to launch an internal inquiry when it meets tonight.
Details of alleged discrimination at St. George's and nine other London
schools were sent last week to the Council for Racial Equality, the Equal
Opportunities Board, and the Inner London Education Authority.
"The matter is viewed very seriously," said the CRE's legal director,
Mr. John Whitmore. "The commission will be considering the St. George's
case on Wednesday and the position of other medical colleges in January."
An EOC spokesman said there could be a case to answer. Under the Sex
Discrimination Act, it is unlawful for a school to discriminate against a
woman in the terms on which it offers to admit her, or by refusing or
deliberately omitting to accept her application for admission.
The chairman of Ilea's higher education committee, Mr. Neil Fletcher,
considered the allegations at the weekend. Ilea has warned schools that it
will withhold grants if they do not comply with its non-discrimination
policy.
The St. George's claim is particularly worrying because the school has a
better record on discrimination than most other colleges.
The computer selection programme was designed to mimic the decisions of
the school's panel which screened applicants to see who merited an interview.
It matched the panel's results so closely that the panel was scrapped and
for several years all St. george's applicants have been screened by computer...
Brian Randell - Computing Laboratory, University of Newcastle upon Tyne
UUCP : <UK>!ukc!cheviot!brian
JANET :
[email protected]
------------------------------
Date: 11-Dec-1986 0844
From: minow%
[email protected]
To:
[email protected]
Subject: Belgian Paper transcends computer breakdown
This appeared on a local [computer-transmitted] newspaper on Thus 11 Dec
1986, as a note from Peter Van Avermaet.
Today [Wednesday], the Belgian newspaper "De Morgen" has appeared
as a hand-written newspaper.
Yesterday morning [Tuesday], the type-setting computer broke down.
After several hours, it became clear that it would not be available
in time for today's edition. But "De Morgen" ["The Morning"] apparently
survives anything - it went bankrupt some weeks ago. Today's edition has
been hand-written, and printed using the "normal" printing process.
Some topics:
graphology,
plans to use more computers in the Ministry of Finance,
for the computation of the taxes we should pay.
Martin
[Goeden "Morgen"! P.]
------------------------------
Date: Wed, 10 Dec 86 23:54:57 EST
From: "Keith F. Lynch" <KFL%
[email protected]>
Subject: Re: Plug-compatible modules
To:
[email protected]
Many terminals keyboards have plugs which are the same as modular telephone
connectors. I have seen one with a prominent warning that plugging it into
a telephone outlet will destroy the keyboard and damage the phone line.
...Keith
------------------------------
Date: Wed, 10 Dec 86 23:52:53 EST
From: "Keith F. Lynch" <KFL%
[email protected]>
Subject: Re: Criminal Encryption
To:
[email protected],
[email protected]
I can't see criminal encryption as much of a problem. All REAL
crimes involve a victim, who is willing to testify. Perhaps large
scale use of encryption will result in government abandoning its
wasteful and pointless attempt to prosecute victimless crimes.
...Keith
------------------------------
From:
[email protected] [Ira D. Baxter, a.k.a. N.F.N. Baxter]
To: "Keith F. Lynch" <KFL%
[email protected]>,
[email protected]
Subject: Re: Criminal Encryption
Date: Thu, 11 Dec 86 09:46:23 -0800
Some crimes involve victims that aren't willing to testify. Blackmail is
the classic example; an encrypted blackmail database ensures the victim that
his blackmail payments aren't wasted, and ensure the criminal that the
incriminating evidence is not easily found (using a needle-in-a-haystack
approach).
Dope pushers selling drugs to dope users appears to be a victimless crime
also... after all, both parties are (presumably) satisfied with the results
of individual transactions. The problem is the activities on the part of
both parties to make the transactions possible (theft for the user, bribery
and coercion for the pusher) have victims. Law enforcement is always
interested in the transactions between pushers (at least) because it usually
leads to other agents of victim-ful crime. Thus the interest in data about
transactions. Requirements for a secure business relationship between
dealers would lead to more attempts to store transaction data securely.
------------------------------
Date: Thu, 11 Dec 86 12:08:34 PST
From:
[email protected] (Dave Platt)
To:
[email protected]
Subject: Re: Criminal encryption
Although I'm not a lawyer, I do have an opinion about the question asked
recently to the effect of "Could an alleged criminal be compelled to reveal
the encryption key for a database containing records related to an alleged
criminal enterprise?". My opinion, for what it's worth, is that the courts
would probably not uphold any such compulsion, and would likely throw out
any evidence obtained by use of a coerced or compelled revelation of an
encryption key.
Jerry Leichter suggests (based on a conversation with a lawyer friend) that
this situation is analogous to a journalist being compelled to reveal
his/her sources. I believe that this analogy is suspect... a journalist is
(generally) _not_ under criminal indictment, is _not_ being asked to provide
evidence that would incriminate him/herself, and thus the Fifth Amendment
does not apply at all. The Fifth Amendment states only that a person cannot
be compelled to incriminate him/herself; it says nothing about compulsion to
incriminate another person. "Contempt of court" rulings are sometimes used
to [attempt to] compel a person to provide testimony or evidence that can
incriminate _someone_else_, but they aren't (and can't be) used to coerce a
person to provide evidence or testimony that might result in that person's
conviction on criminal charges. "Shield laws" are a different matter
entirely... they provide journalists with a limited ability to refuse to
turn over material in their possession that might possibly reveal the
identities of their "sources".
If the prosecution in a particular case chooses to grant legal immunity to a
suspect, then the person no longer has the ability to refuse to testify (or
provide evidence) concerning matters covered by the immunity, because s/he
can no longer "incriminate" him/herself regarding those matters.
Prosecutors sometimes grant immunity to a hostile witness (typically a
"minor player" in a larger case), so that they can use the threat of
"contempt of court" rulings to compel the witness to testify against his/her
associates.
Jerry Leichter asks, "Can an arrested man be compelled to reveal where
[a locked safe-deposit] box is?". I believe that the answer is "No."
The police and prosecution can attempt to locate it themselves; they
can obtain a search warrant that will permit them to open and examine
the box (or force it open without the key, for that matter); and they
can use any evidence found by use of a legal search warrant in court.
By analogy, I believe that in the case involving an encrypted database full
of [allegedly] incriminating evidence, the following situation would
probably develop: the police and prosecutor could seize the database using
a valid search warrant. The same search warrant would permit them to
attempt to decrypt the data by brute-force or intelligent-search methods.
They could not coerce any of the defendants to reveal the encryption key
unless they were first willing to grant legal immunity to that person
(either via a voluntary agreement, or via an involuntary grant followed by a
contempt-of-court coercion).
------------------------------
Date: Thu, 11 Dec 86 15:01:20 EST
From: Brint Cooper <
[email protected]>
To:
[email protected]
Subject: Re: More on skyscraper control
..(a discussion about the skyscraper in Boston which would "twist in the
wind" and drop pieces of its glass face to the ground)
> The solution was to install in the upper floor a large weight controlled by
> computer. When the computer detects the building being twisted, it counters
> the torque by moving this weight.
But if the wind is related to a storm which causes a wide-area power outage,
perhaps the computer won't be available when it is needed most?
Uninterruptible power and backup power are still rather expensive and, I
believe, not widely used.
Brint
[It is used where needed -- and can be quite cost-effective, given
the alternatives. Hospitals, some banks, and various other
applications have realized how important continuous power is.
The Network Information Center (SRI-NIC) keeps running despite
local power blips that down the rest of SRI's systems! PGN]
------------------------------
Date: Sun, 7 Dec 86 18:43:37 pst
From: Dave Benson <benson%
[email protected]>
To: risks%
[email protected]
Subject: The Second Labor of Hercules
Free copies of the report
David B. Benson, "The Second Labor of Hercules: An essay on software
engineering and the Strategic Defense Initiative -- Preliminary Draft",
CS-86-148
are available from the Technical Reports Secretary, Computer Science
Department, Washington State University, Pullman WA 99164-1210, by written
request, while the supply lasts.
The essay was finished in May, 1986, and has been only slightly dated by
events. I intend to begin revising this essay upon the turn of the new year,
and would appreciate criticisms from all who would care to send such to me.
Thank you in advance for your cooperation.
------------------------------
End of RISKS-FORUM Digest
************************
-------
