[1032] in RISKS Forum
RISKS DIGEST 16.11
daemon@ATHENA.MIT.EDU (RISKS Forum)
Fri Jun 3 20:15:07 1994
From: RISKS Forum <risks@csl.sri.com>
Date: Fri, 3 Jun 94 16:48:43 PDT
Reply-To: risks@csl.sri.com
To: RISKS-LIST:;@csl.sri.com
RISKS-LIST: RISKS-FORUM Digest Friday 3 June 1994 Volume 16 : Issue 11
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for information on RISKS (comp.risks) *****
Contents:
Flaw in Clipper detected (Jim Huggins)
Re: Solo midair collisions (Martyn Thomas)
Donuts with Ears, Part II (Peter Wayner, David Wright)
Ollie North on the high seas...Big toys, big egos, E-trails (David Honig)
Nonexistent Risks (Re: Call Your OPERATER!) (Gregory B. Sorkin)
Risks of faxing (Adam Shostack)
The Ghost in the Modem (Loka Alert 1:6 via Phil Agre)
Zimmermann statement on PGP 2.6 (Philip Zimmermann)
"The Hacker Crackdown" by Bruce Sterling (Rob Slade)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
----------------------------------------------------------------------
Date: Thu, 2 Jun 1994 13:55:23 -0400 (EDT)
From: Jim Huggins <huggins@eecs.umich.edu>
Subject: Flaw in Clipper detected
The following is summarized from an article in the _Detroit_Free_Press_,
2 June 1994, pages A5-6. The article was written by John Markoff of the New
York Times [and appeared on the front page of the Times on that day].
AT&T Bell Labs researcher Matthew Blaze has been quietly circulating a report
among computer researches and federal agencies which demonstrates a flaw in
Clipper. Using Blaze's technique, two parties can use Clipper to have a
conversation which could not be decrypted by government officials using the
proper escrowed keys. The flaw would not permit third parties without the
escrowed keys to decrypt the conversation either; essentially, this technique
would reduce Clipper to the status of other commercially-available
cryptography which is computationally infeasible to break.
Stanford's Martin Hellman, who has reviewed Blaze's work, states "People who
want to work around Clipper will be able to do it." In a written statement,
NSA directory of policy Michael Smith stated that Clipper would still remain
useful: "Anyone interested in circumventing law-enforcement access would most
likely choose simpler alternatives." Smith claims that Blaze's technique
would be too difficult and time-consuming for practical use.
Comments: of course, this will probably re-ignite most of the Clipper
controversy again, since this seems to strike at the heart of NSA's purposes
in creating Clipper (secure cryptography with a mandatory back-door for the
government). I'm more interested in NSA's statement that says in essence that
Clipper can be avoided more simply: perhaps this shows that Clipper won't be
all that useful after all?
Jim Huggins, University of Michigan (huggins@umich.edu)
------------------------------
Date: Wed, 1 Jun 94 11:19:15 +0100
From: Martyn Thomas <mct@praxis.co.uk>
Subject: Re: Solo midair collisions
The account of a collision with a sky-diver reminds me of an incident some
years ago when a commercial jet hit a salmon at altitude, which smashed
through the nose, demolished the co-pilot's rudder pedals and broke his leg,
ending against the rear bulkhead of the cockpit [the salmon, presumably,
not the rudder pedals or the leg].
The accident report assumed an eagle had dropped it.
[The eagle salmoned up all its carriage? PGN]
------------------------------
Date: Thu, 2 Jun 1994 18:17:26 -0400
From: pcw@access.digex.net (Peter Wayner)
Subject: Donuts with Ears, Part II
A spokesman from Dunkin' Donuts tells me that the chain has ordered all DD to
remove their listening equipment. Apparently, the front-page news about their
listening devices finally brought the public sentiment to their attention.
Maybe if they had stronger mikes they would have gotten the message sooner?
------------------------------
Date: Fri, 03 Jun 94 10:15:41 EDT
From: David Wright <wright@hi.com>
Subject: Re: Eavesdropping hits NSA [RISKS 16.10]
[...] The security cameras that are installed in in many stores will remain,
however; the company said they are a proved deterrent to robbery.
-- David Wright, Hitachi Computer Products (America), Inc. Waltham, MA
wright@hi.com
------------------------------
Date: Fri, 03 Jun 1994 11:41:15 -0700
From: David Honig <honig@binky.ICS.UCI.EDU>
Subject: Ollie North on the high seas...Big toys, big egos, electronic trails
In the 3 Jun 1994 Wall Street Journal there is an article about a Whitbread
sailboat race. The story includes a description of how one team is accusing
one of its members of telling another team about the weather, which is
apparently against their rules. The evidence for this is *computer logs of
faxes* sent between the individuals, who are also possibly romanticly linked.
(There may also be financial motives connected with boat sponsorship.)
Anyway, the risk to perpetrators in not covering their electronic trails
(tails?) is present even on a sailboat in the South Pacific.
------------------------------
Date: Tue, 31 May 94 18:13:03 -0500
From: sorkin@watson.ibm.com (Gregory B. Sorkin)
Subject: Nonexistent Risks (Re: Call Your OPERATER!)
There is the RISK of not double-checking dubious information, including
information in the Risks Digest.
I dialed 1-800-OPE-RATO[R] (I didn't dial that last R -- for "redundancy"),
and sure enough, I got a "(pong) AT&T".
Then I dialed 1-800-OPE-RATE[R], and sure enough, I got . . . nothing.
Is there a regional discrepancy, or is the rumor of MCI's devious cunning
just an urban myth?
[I got RINGING with NO ANSWER after 20 rings. Maybe that is
exactly the point? Ultimate denial of service, intended to
make you want to go elsewhere when you think you are getting
AT&T? PGN]
There were also several Risks Digest items about clever color copiers blocking
the reproduction of US and some foreign currencies. This seems almost
impossible algorithmically, and indeed appears to be fictional, based on what
testing one can do legally.
[We have gone around on that one in the past. PGN]
What are the Risks here? Just that people will go about spreading urban
myths, I guess.
Greg Sorkin (sorkin@watson.ibm.com)
------------------------------
Date: Wed, 1 Jun 1994 09:16:16 -0400
From: Adam Shostack <adam@bwh.harvard.edu>
Subject: Risks of faxing
This appeared in rec.humor.funny. I'm submitting it to RISKs because
nothing on the risks of faxing has appeared in a while. The problems are that
there is often little way to ensure your fax is going to the correct place,
and that the faxed paper is out of your control once faxed, and might be
copied, and redistributed with your name & private correspondence.
Public-key encryption programs, such as PGP, would have allowed the
unfortunate applicant to encrypt this (as email). If it was mail, he would
have to type the wrong address twice, once for the mail address, and also for
the encryption recipient. He might have had a chance at getting the job. (Of
course, using the phone would also have avoided the problem, but can be
inconvenient & expensive when colleagues are overseas.)
> You might enjoy this.
> A candidate for the Director of our Research Center faxed a
> colleague to request a letter of recommendation. It was
> accidentally faxed here instead. It read in part:
> "Iowa is too wet and droll. But it's a directorship
> so I should apply..."
> The fax is now part of his permanent application file.
------------------------------
Date: Sun, 29 May 1994 21:01:06 -0700
From: Phil Agre <pagre@weber.ucsd.edu>
Subject: The Ghost in the Modem (Loka Alert 1:6--from the Washington Post)
Date: Sun, 29 May 1994 22:40:43 -0500 (EST)
From: RESCLOVE@amherst.edu
To: loka-l@amherst.edu
Subject: The Ghost in the Modem (Loka Alert 1:6--from the Washington Post)
Loka Alert 1:6 (May 29, 1994)
>From the Sunday _Washington Post_:
IF INFORMATION HIGHWAYS ARE ANYTHING LIKE
INTERSTATE HIGHWAYS--WATCH OUT!
Friends and Colleagues:
This is one in an occasional series of e-mail postings on democratic
politics of science and technology, issued by The Loka Institute. You are
welcome to post it anywhere you feel is appropriate. The following essay,
written by Loka Institute members, is reprinted from the Outlook Section of
_The Washington Post_, Sunday, May 29, 1994.
--Dick Sclove
Executive Director, The Loka Institute, P.O. Box 355,
Amherst, MA 01004-0355, USA
Tel. 413 253-2828; Fax 413 253-4942
E-mail: resclove@amherst.edu
*****************************************************************
THE GHOST IN THE MODEM
For Architects of the Info-Highway, Some Lessons
From the Concrete Interstate
By Richard Sclove and Jeffrey Scheuer
Vice President Gore envisions the information superhighway as the second
coming of the interstate highway system championed by his father, former U.S.
Senator Al Gore, a generation ago. Let us hope that the junior Gore is proven
wrong. Rush-hour traffic jams, gridlock, garish plastic-and-neon strips, high
fatality rates, air pollution, global warming, depletion of world oil
reserves--have we forgotten all of the interstate highway system's most
familiar consequences?
It's not that Gore's analogy is wrong, only that his enthusiasm is
misplaced. Comparing the electronic and asphalt highways is useful--but
mostly as a cautionary tale. Building the new information infrastructure will
not entail the degree of immediate, physical disruption caused by the
interstate highway system. But sweeping geographic relocations, and
accompanying social transformations, seem probable. And the risk of inequity
in contriving and distributing electronic services--or, conversely, imposing
them where they are not wanted--is clear.
Indeed, disparities in access to new information systems have already
begun to surface. A study released this past week by a group of public
interest organizations, including the National Association for the Advancement
of Colored People and the Center for Media Education, notes that low-income
and minority communities are underrepresented in U.S. telephone company's
initial plans for installing advanced communications networks.
Unequal access is only the most obvious among many social repercussions
that may lie in store for us. The real history of the interstate highway
system suggests how we can think about and control the vast implications of
new technologies and a new national public infrastructure.
It is widely assumed that Americans' infatuation with cars led to the
construction of America's superhighways. But actually when Congress passed
the Interstate Highway Act in 1956, car sales were slack, and there was no
popular clamor for building a new road system. At the time only about half of
American families owned an automobile; everyone else depended on public
transportation. Congress was responding to aggressive lobbying by auto makers
and road builders, plus realtors who saw profits in developing suburban
subdivisions.
The act's key provisions included support for bringing freeways directly
into city centers and earmarking gasoline tax revenues for highway
construction. As the interstate highways were built, city and suburban
development adapted to the quickening proliferation of autos. Soon more
Americans found themselves forced to buy a car in order to be able to shop or
hold a job. The Highway Trust Fund, by assuring the rapid atrophy of
competing public transit systems, bolstered this trend.
Thus the asphalt highways--and the society around them--are a reflection
of successful lobbying by powerful business interests and external compulsion,
not simply the free choices of consumers. There is no guarantee that the
process of wiring consumers and employees into the electronic highway system
will be different.
The effects of the interstate highway system on American communities were
profound, especially in the cities. As historian James Flink notes,
"Ambitious programs for building urban freeways resulted in the massive
destruction of once viable poor and minority neighborhoods." In other cases,
new highways encircled poor neighborhoods, physically segregating minorities
into marginalized ghettos.
Gradually, a black and Hispanic middle-class did emerge. Its members too
fled along the interstate to the suburbs, further draining economic and
cultural resources from the inner city. This contributed to the emergence of
a new social phenomenon: today's desperately deprived, urban underclass.
Elsewhere the effects were subtler but still significant. The noise and
danger from growing numbers of autos drove children's games out of the street,
and neighbors and families off their front porches. Before long, suburbs
without sidewalks came to signal an unprecedented paucity of local
destinations worth walking to. Suburban housewives found themselves leading
increasingly isolated daytime lives at home.
Highways made shopping malls possible, enabling franchise and chain store
sales to boom. But this sapped downtown centers.
For some teenagers and senior citizens, today's anonymous, consumption-mad
expanses provide a semblance of community space-- having swallowed up the
general store, the soda fountain, the Main Street sidewalk, and the town
square. There is ample danger of the new electronic technology extending
these losses.
Remember too that it is easy to romanticize new technology. The popular
arts glorified life on the highway. People read Jack Kerouac's "On the Road,"
watched "Route 66" on television, and recall the Merry Pranksters' psychedelic
bus-capades during the '60s. In fusing alienation and rebellion with youthful
exuberance, each of these foreshadows contemporary cyberpunk culture. Yet
real-life experience on the interstate is mostly banal and uneventful.
McDonald's, Pizza Hut, and Wal-Mart look about the same wherever you exit.
There are also political ramifications of a vast new public
infrastructure. Interstate highways contributed to national and even
international economic integration. But while GNP soared, mom-and-pop
production and retailing declined. That meant greater local dependence on
national and global market forces and on distant corporate
headquarters--powers that communities simply couldn't control. The locus of
effective political intervention thus shifted toward more distant power
centers. But because those are realms in which everyday citizens cannot be as
effectual as in smaller political settings, democracy was impaired.
If the growth of the highways is revealing, so too is the opposition to
freeway construction that emerged. As citizens became more politically
mobilized during the 1960's and early '70s, opposition to relentless highway
expansion arose from environmentalists and from local communities, both rich
and poor.
Transportation engineers reeled at the specter of upright citizens rejecting
their good works. Many current telecommunications engineers and
true-believing entrepreneurs are no less convinced of the unalloyed
beneficence of their art.
The importance of the analogy between the information and asphalt
highways lies in the political procedures that create them. What if a wider
range of people, including non-car owners, had been involved in transportation
planning all along? Considering the alternatives envisioned by critics such
as Lewis Mumford, it seems likely we would have a smaller and different road
system today. As in Europe and Japan, there probably would have been greater
investment in public transit. Modern America might exhibit less sprawl, less
dependence on foreign oil, and more cohesive urban neighborhoods.
Three lessons for the construction of the information superhighway
suggest themselves:
o _No Innovation Without Evaluation_: To help reduce adverse social
impact, the federal government should mandate evaluated social trials of
alternative electronic services. Analogous to environm
