20-May-87 21:00:03-PDT,15251;000000000000

20-May-87 21:00:03-PDT,15251;000000000000
Mail-From: NEUMANN created at 20-May-87 20:59:03
Date: Wed 20 May 87 20:59:03-PDT
From: RISKS FORUM (Peter G. Neumann -- Coordinator) <[email protected]>
Subject: RISKS DIGEST 4.87
Sender: [email protected]
To: [email protected]

RISKS-LIST: RISKS-FORUM Digest Wednesday, 20 May 1987 Volume 4 : Issue 87

FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
Computer Libel: A New Legal Battlefield (PGN from Digital Review)
Electric chair tested by car insurer (Bill Fisher from Machine Design)
Computers and Open Meetings laws (Barbara Zanzig)
Re: Phalanx (Chuck Weinstock)
Choosing a password (Jonathan Bowen)
Re: Passwords, thefts (Michael Wagner)
Nuclear Plant Emergency Plan: In Event of Quake, Smash Toilets
(UPI via Don Hopkins, Michael Grant, and Geoff Goodfellow)

The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to [email protected], Requests to [email protected])
(Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j. MAXj:
Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.)

----------------------------------------------------------------------

Date: Tue 19 May 87 17:32:02-PDT
From: Peter G. Neumann <[email protected]>
Subject: Computer Libel: A New Legal Battlefield
To: [email protected]

DIGITAL REVIEW, 18 May 1987, p. 72 [although the page is unnumbered]

... databases inherently carry a high risk of error. Information can
be altered or partially deleted through inadvertent mistakes or deliberate
manipulation. Abstracts of data can be misinterpreted, especially when
taken out of context. Failuer to update a database periodicaly can result
in the dissemination of incorrect information about a company or an
individual. And hardware and software malfunctions can compound all these
problems.

Here are a few examples of the havoc an erroneous computer search can cause:

* A computer analysis of several thousand New York welfare recipients found
that more than 20 percent were working. On the surface, this seemed like a
violation of state law. But a second check disclosed that more than half of
those individuals had been authorized to work while receiving welfare
benefits. Apparently their files had not been updated.

* A Dallas executive traveling on business in New Orleans was stopped by
police for a minor traffic infraction. When the computer wrongly flagged him
as an escaped convict, he was arrested and jailed. It took a week to
correct the error.

* A New York electronics manufacturer, ready to close on a $2 million
contract, was taken aback when the banks refused to give him the needed
loans. It turned out that a financial check had mistakenly shown his
company to be bankrupt.

The article discusses the Supreme Court ruling on Dun & Bradstreet vs.
Greenmoss Builders, in which D&B had falsely reported that GB was broke.
The Supreme Court upheld the Vermont decision against D&B. The article
goes on to consider some other legal issues.

This means that information vendors can no longer use the following
rationales to wriggle out of paying for their errors:

Free speech umbrella. Although data vendors have a First Amendment right
to free speech, they also have an obligation to ensure that the information
they research and disseminate is accurate.

Public interest argument. The courts have long acknowledged that everyone
has a right to comment on matters of public concern. But they also have
noted that information on the private finances of companies and
individuals, unless they seek the limelight, is not of public interest.

"Chilling effect" standard. The need for a free exchange of ideas demands
that we occasionally tolerate the foibles of the press, as long as there
is no malice. The media have argued that to do otherwise would have a
"chilling effect" on reporting. The courts, however, have not extended
this argument to data vendors.

Public domain argument. It is quite well known that government agencies
engage in periodic fishing expeditions, matching data and peeking through
giant data banks to ferret out criminal activity. But private data
vendors don't have the government's license to snoop. In fact, they must
comply with state and federal privacy laws when conducting such searches,
and if they err, they are accountable.

------------------------------

Date: 20 May 87 15:17:18 PDT (Wednesday)
From: [email protected]
Subject: Electric chair tested by car insurer
To: [email protected]

This is from the Design International column of MACHINE DESIGN of 3/26.

An electric chair designed to help prevent car theft has been teamed with an
electronic alarm and tested by a leading Swedish insurance company, Skandia of
Stockholm. Built-in electric cables are activated after the alarm has sounded
four times. The shock transmitted to the person in the driver's seat is about
9kV at an inductive current of 65uA. Although unpleasant, the shock is not
harmful even to people suffering from heart ailments, according to the company.

(Clockwork Orange is alive and well??!!)
Bill Fisher

------------------------------

From: Barbara Zanzig <barbaraz%[email protected]>
Date: Wed, 20 May 87 11:03:39 PDT
To: [email protected], [email protected]
Subject: Computers and Open Meetings laws

I've never seen anything like this appear in either Risks or comp.society,
so I'm sending this along to both.

An editorial in The (Portland) Oregonian:

OPENNESS RESISTS CHIPPING

Oregon is inching toward truly interactive local government. The Gresham
City Council has voted to supply its members with computer terminals in
their homes, to enable them to do research in the city's system at any
time.

Providing unpaid elected officials with the tools to do their job better
is easily worth the $6,000 appropriated for this purpose. But in a state
with a strong Open Meetings Law and Open Records Law, does technology now
require an Open Electronic Impulses Law?

The Gresham computer system, like many others, permits users to send
messages to other users. Anyone with a modicum of conspiracy theory can
easily imagine a quorum of the City Council logged on to their computers
together, busily conducting city business beyond the prying eyes of those
without user codes.

Gresham officials realize the risks involved. Even if city residents
cannot gain access to the system, the information in it still belongs to
them. And since a private conference call among a council quorum is
illegal, a computer caucus would equally constitute an access violation.

"What goes in is something we're concerned about, and I will probably
advise them to be conservative," says City Attorney Tom Sponsler. "For
council members to communicate, with a quorum, on how they feel about
policy is not appropriate, and I will so advise them."

Sponsler thinks there is a greater potential for violations of the Open
Records Law than the Open Meetings Law. "Anything of any substance," he
advises, "should not exist only online." Members should also remember, as
Lt. Col. Oliver North could remind them, that anything put into a system
can later be pulled out of the system.

City Manager Wally Douthwaite expects that before the system goes on line,
Gresham will need a written policy on its use. The need for clarification
may not stop there.

"There may be a time when computer use will be so universal that we will
need to take another look at the law," says Oregon Attorney General Dave
Frohnmayer. "The Open Meetings Law was not designed for this technology."

The rules, Frohnmayer and Sponsler agree, should be clear. Providing
information by computer is fine; debating and negotiating electronically
slips into silicon secrecy.

If the legal principle is clear, the technology should be able to follow.
All that is needed by Gresham - and the cities that will doubtless follow
its example - is a package of Open Meeting Software.

And people who understand its importance.

***[end of editorial]

I spoke to the reporter who covered the story, and he said it was an
email system, not an interactive conferencing system. He thought they'd
be using a VAX 220 (?), and didn't know which operating system.

Barbara Zanzig
{major backbone sites}!tektronix!tekecs!barbaraz
[email protected]

------------------------------

Date: 19 May 1987 09:18-EDT
From: [email protected]
To: RISKS FORUM (Peter G Neumann -- Coordinator) <[email protected]>
Subject: Re: Phalanx

If the defense weapons were not reliable enough to keep on all of the time,
that should tell us all a lot about the chances for Star Wars to succeed (as
if we didn't know already!)

[There is a serious lesson about perpetual readiness when nothing ever
seems to be happening. Too often there appears to be no urgent need to
worry about some particular event, because it has never happened
before. Someone on board was quoted as saying exactly that -- no one
had ever fired anything directly at them before, and therefore it seemed
quite reasonable to expect that this time was no different. Crying
"wolf" is bad, but not recognizing the wolf (in sheik's clothing?) is
even worse.) Sorry if I repeat myself on this subject, but this is a
really important issue. PGN]

------------------------------

From: bowen%[email protected]
Date: Tue, 19 May 87 11:20:08 BST
To: RISKS <@Cs.Ucl.AC.UK,@sevax.prg.oxford.ac.uk:[email protected]>
Subject: Choosing a password

Following the recent discussion on password (in)security, here is a simple
way of choosing a fairly safe password which I believe is attributable to
Steve Bourne (ex Bell Labs). Find any handy document (there's usually
something near most VDUs) and point your finger randomly at the text. Select
the nearest word (or words if they are short) and substitute one or two of
the letters for some other character. E.g. a `0' for an `o'. This should
reduce the risk of your password being decrypted. You also have the benefit
that you can easily select a new password as often as you like.

Jonathan Bowen, Oxford University Computing Laboratory, England.

[Because this is not a deterministic algorithm, it has some merit.
However, you must remember that passwords are still vulnerable to various
attacks. In some operating systems and in most local networks, it is
easy to capture a password in transit. In that case, it does not much
matter how cute you are in generating passwords. A second point is
that as soon as you let people generate their own passwords, someone
will want a nice simple easily guessable one, ignoring the problem that
his/her operating system does not do a very good job of preventing
someone masquerading as that user from climbing through other people's
files, implanting Trojan horses, deleting files, etc. It is very
antisocial of anyone to have such a weak password, or to rely on
passwords that can be easily captured. Simplistic thinking is the real
source of trouble. Even the policy that everything should be wide
open (no secrets) does not protect you against getting clobbered by
file deletions and Trojan horses.

So, let's avoid fine-tuning essentially weak approaches and remember
the big picture. Then I will stop reiterating... PGN]

------------------------------

Date: Wed, 20 May 87 14:03 CET
To: [email protected]
From: Michael Wagner +49 228 303 245
<WAGNER%[email protected]>
Subject: Re: Passwords, thefts (Andrew Burt) (RISKS DIGEST 4.86)
CC: [email protected]

> Here at DU we have the terminals bolted to ... tables ... .
> Far better, though, is that each unit is engraved and painted
> with large "DU"s on each component in highly visible locations.
> Makes them very hard to fence.

Interesting ... we seem to be concerned with different risks. I always
assumed that terminals were stolen from public terminal areas in
universities by individuals who wanted a home terminal. It never occured to
me that someone would seriously consider 'fencing' such a thing. PCs,
perhaps. I guess the general population might know what to do with such
things. But terminals?

Under my set of assumptions, a large logo would merely enhance the value of
the treasure. In fact, at UofT, we lost a few terminals to start-of-year
initiation rights. One terminal made it's way to another university in the
area as part of a scavenger hunt (I expect they got extra points for distance).

Does anyone have any statistics on where the real risks are here?
Michael

------------------------------

Date: Sat, 16 May 87 18:36:46 EDT
From: Don Hopkins <[email protected]>
To: [email protected], [email protected]
Subject: Nuclear Plant Emergency Plan: In Event of Quake, Smash Toilets
Via: Michael Grant <[email protected]> and [email protected]

Nuclear Plant Emergency Plan: In Event of Quake, Smash Toilets
United Press International

CHATTANOOGA, Tenn., May 14 -- Among the earthquake emergency plans at the
TVA's Sequoyah Nuclear Plant is one to break all the toilets with a
sledgehammer and cover the plumbing holes with duct tape to seal off nuclear
leaks. According to The Chattanooga Times, TVA nuclear engineers decided in
1984 that an earthquake could cause water in toilets to spill or drain out,
destroying the "water seal" in the pipes.

At the Watts Bar Nuclear Plant, being built near Spring City, Tenn.,
plumbing that would not rely on a water seal was installed. But at the
Sequoyah Nuclear Plant, where nuclear reactors were operating at the time,
the hammer-and-duct-tape plan was adopted. Both reactors at Sequoyah have
been shut down for 21 months because of safety and other regulatory
violations at the Soddy-Daisy plant. The hammer and tape are stored in a
locked wooden box outside the Sequoyah control room.

"Personally, I don't think the big hammer is a big issue," Sequoyah shift
engineer Jeffrey Lewis said. "That cabinet has been there for years and we
haven't used an inch of duct tape." Clerk Sue Hartman works near the box
where the hammer is stored. She said the key to the box is "kept under
surveillance at all times." In fact, the key to the key to the cabinet
where the hammer box key is stored is "kept on my body," Hartman said.

------------------------------

End of RISKS-FORUM Digest
************************
-------