14-May-87 09:03:11-PDT,11755;000000000000

14-May-87 09:03:11-PDT,11755;000000000000
Mail-From: NEUMANN created at 14-May-87 09:01:42
Date: Thu 14 May 87 09:01:42-PDT
From: Peter G. (coordinator) Neumann <[email protected]>
Subject: RISKS DIGEST 4.85
Sender: [email protected]
To: [email protected]

RISKS-LIST: RISKS-FORUM Digest Thursday, 14 May 1987 Volume 4 : Issue 85

FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
Holiday reading (Jim Horning)
Hey, buddy, wanna buy a phone call cheap? (PGN)
Re: Information Age Commission (Ted Lee, SEG)
Information Age Commission and the number of readers of RISKS (David Sherman)
Lockable computers (Pat Hayes)
How a Computer Hacker Raided the Customs Service -- Abstrisks (a nit)
(Paul F Cudney)

The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to [email protected], Requests to [email protected])
(Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j. MAXj:
Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.)

----------------------------------------------------------------------

Date: Wed, 13 May 87 17:38:03 PDT
From: [email protected] (Jim Horning)
To: [email protected]
Subject: Holiday reading

During my recent vacation in Washington, DC, I got a chance to look at
a couple of documents that I haven't seen discussed in RISKS:

1) APS PHYSICS AND SOCIETY, vol. 16, no. 2, April 1987, pp. 8-9:
"SDI Software: The Telephone Analogy. Part II: The Software Will
Not Be Reliable," K. Dahlke, et al.

This is a piece co-signed by 16 members of the Bell Labs staff.

On December 3, 1985, Sol Buchsbaum, executive vice president of
AT&T Bell Laboratories, testified before the Senate Subcommittee on
Strategic and Theater Nuclear Forces. In his statement, Dr. Buchsbaum
compared the Strategic Defense Initiative (SDI) to the United States
telephone network, in order to demonstrate the technical viability of
SDI. We feel this comparison is irreparably flawed. ... Many of us
design the very telecommunications systems Dr. Buchsbaum references.

The same issue reprints Buchsbaum's testimony and has two articles on
inexpensive countermeasures to space-based weapons systems.

2) "Report to The American Physical Society of the Study Group on Science
and Technology of DIRECTED ENERGY WEAPONS," April 1987, to be published
in REVIEWS OF MODERN PHYSICS. 400+ pp.

The APS convened this Study Group to evaluate the status of the science
and technology of directed energy weapons (DEW). ... This action by
the APS was motivated by the divergence of views within the scientific
community in the wake of President Reagan's speech on March 23, 1983
in which he called on the U.S. scientific community to develop a system
that ``... could intercept and destroy strategic ballistic missiles
before they reach our soil...''.

The APS charged the Study Group to produce an unclassified report,
which would provide the membership of the Society, other scientists
and engineers, as well as a wider interested audience, with basic
technological information about DEW.*

The study group consisted of 17 blue-ribbon physicists chaired by
N. Bloembergen of Harvard University. The review committee consisted
of G. Pake, M. May, W. K. Panofsky, A. Schawlow, C. Townes, and H. York.
Their principal finding is that

Although substantial progress has been made in many technologies
of DEW over the last two decades, the Study Group finds significant
gaps in the scientific and engineering understanding of many issues
associated with the development of these technologies. Successful
resolution of these issues is critical for the extrapolation to
performance levels that would be required in an effective ballistic
missile defense system. At present, there is insufficient information
to decide whether the required extrapolations can or cannot be
achieved. Most crucial elements required for a DEW system need
improvements of several orders of magnitude. Because the elements
are inter-related, the improvements must be achieved in a mutually
consistent manner. We estimate that even in the best of circumstances,
a decade or more of intesive research would be required to provide
the technical knowledge needed for an informed decision about the
potential effectiveness and survivability of directed energy weapon
systems. In addition, the important issues of overall system
integration and effectiveness depend critically upon
infomation, that, to our knowledge, does not yet exist.

They go on to say that

We estimate that all existing candidates for directed energy weapons
require two or more orders of magnitude (powers of 10) improvments in
power output and beam quality before they may be seriously considered
for application in ballistic missile defense systems. In addition,
many supporting technologies such as space power, beam control
and delivery, sensing, tracking, and discrimination need similar
improvements over current performance levels before DEWs could be
considered for use against ballistic missiles.

The part most relevant to RISKS is Appendix A: Issues in Systems
Integration, which raises issues frequently mentioned on RISKS, e.g.

Decentralization may increase the problems of command and control,
while more centralized organization may entail increased vulnerability.

* A personal footnote: I think that ACM has failed in its obligations to
its members and to society by not chartering an analogous study of the
computing technology needed for ballistic missile defense. It's very
late to start one now, but perhaps this is a case of ``better late than
never?''
Jim H.

------------------------------

Date: Wed 13 May 87 19:02:24-PDT
From: Peter Neumann <[email protected]>
Subject: Hey, buddy, wanna buy a phone call cheap?
To: [email protected]

Source: "New Breed of Hustler: Selling Illicit Long-Distance Phone Calls",
by Robert D. McFadden, New York Times, 11 May 87.

A new multimillion-dollar scam is underway in this country. Hustlers
at bus and rail terminals and other convenient places all over the
U.S. are selling unlimited-length long-distance telephone calls at a
discount. The going rate at the New York's Port Authority Bus
Terminal is $2 for calls anywhere in the country, and maybe $4 for
international calls. The entrepeneur places your call with a calling
code from telephone company computers and distributed like drugs
through various networks, human and/or electronic. The ``stealing''
of codes is apparently quite widespread.

There were 190 arrests in New York last year. $500 million is the
current estimate of illegal calls per year. With AT&T, MCI, Sprint,
and others all using just a sequence of digits for identification,
this can be expected to grow. (Perhaps British Telecom's PhoneCard
is the right idea, if it can be made mostly fraud-proof.)

------------------------------

Date: Wed, 13 May 87 03:03 EDT
From: [email protected]
Subject: Re: Information Age Commission
To: [email protected]

In 4.84 Wm Brown III seems to have inferred (and implied) that my
comment about the propriety (or expectations) of sharing RISKS with
Congress said something about my views on the proposed legislation. Not
true: I'm constantly torn between the view that Congress (as well as
the press) knows nothing about any quasi-technical issue and the view
that they are about the only institution we have to save us from
ourselves; in this case I haven't formed an opinion (not that it would
matter much to anyone.)

------------------------------

Date: Wed, 13 May 87 16:29:30 PDT
From: [email protected]
To: [email protected]
Subject: Information Age Commission (RISKS-4.84)

> There are some potentially useful things government *could* do for us, ...
> The only body which can realistically offer protection against such abuses
> is a more powerful government agency, such as Congress.

No chain is stronger than its weakest link. Because far too many senators
and congressmen lead lives that they wish to keep private, such as Gary Hart,
powerful investigative agencies, such as the FBI under J. Edgar Hoover, were
able to control important congressional leaders.
SEG

[This note is marginally relevant. But insofar as the role of
governmental leaders is vital to the proposed Commission, it is included
here. No debate please. Just recognition that we are all human. PGN]

------------------------------

Date: Thu, 14 May 87 08:25:11 EDT
From: [email protected] (David Sherman)
Subject: Information Age Commission and the number of readers of RISKS
To: mnetor!seismo!csl.sri.com!RISKS

>From: Richard A. Cowan <[email protected]> Re: RISKS DIGEST 4.84
>
>Given that the RISKS digest is distributed to hundreds, or even thousands ...

People on the ARPAnet side may not realize how extensive that distribution
is. RISKS is gatewayed to a Usenet newsgroup (formerly mod.risks, now
comp.risks). Brian Reid's monthly newsgroup statistics estimate for
as of April 1987 there were 7,100 people who actually read RISKS on
the Usenet side alone.

As to whether RISKS is a public forum, the same statistics estimate
that 859,000 people have access to Usenet, and 180,000 of those
actually read netnews. You can draw your own conclusions.

David Sherman, The Law Society of Upper Canada, Toronto
{ seismo!mnetor cbosgd!utgpu watmath decvax!utcsri ihnp4!utzoo } !lsuc!dave

------------------------------

Date: Wed 13 May 87 11:04:13-PDT
From: PAT <[email protected]>
Subject: Lockable computers
To: [email protected], [email protected]

Your correspondence about the need for a physical lock on students
motherboards was recirculated on INFO-COBOL, presumably as part of the
uproarous laughter. This is just to say how much I agree that some
such feature is necessary, and to add to your sadness that such
mundane matters as the circumstances of real life are not taken
seriously by designers. Tell them to go look at how televisions are
often modified by visual-aids resource centres in colleges. Pat Hayes

------------------------------

Date: Wed, 13 May 87 01:51 EDT
From: Paul F Cudney <[email protected]>
Subject: How a Computer Hacker Raided the Customs Service -- Abstrisks (a nit)
To: [email protected]
ReSent-To: [email protected]

(Re: Risks 4.83)

I am confused. Why would Customs propose to provide $8M to the Coast
Guard when they had already "donated" their two planes? Somehow the
actions of the Coast Guard would be more believable if Customs had
received the planes.

Is this an abstract risk? Paul

[Relations were bad after the planes were reassigned from Customs to CG.
During a subsequent thaw in the bad relations that ensued, Customs
promised CG $8M to help the CG's airborne drug interdiction program.
DeConcini said don't do it. CG took the money out of Customs' narcotics
traffickers operating account.

Sorry. I should have been more explicitive-deleted. PGN]

------------------------------

End of RISKS-FORUM Digest
************************
-------