Subject: RISKS DIGEST 11.74 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Wednesday 29 May 1991 Volume 11 : Issue 74 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Writer steals stories via computer (Rodney Hoffman) Consumer Reports report on Privacy (Robert Grumbine) Re: The RISKS of Posting to the Net and the FBI (Andrew R. D'Uva, Ralph Moonen, Arthur Rubin, William Ricker, Randy Saunders, anonymous) Re: The Death of Privacy? (Michael Rasmussen) Giving Away Privacy (Sanford Sherizen) Smart Highways Need Privacy Tutorial (Warner Losh) Re: Replicated Errors (Neil Rickert) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 11, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Wed, 29 May 1991 13:58:18 PDT From: Rodney Hoffman Subject: Writer steals stories via computer In RISKS-09.75, I summarized a March 1990 `Los Angeles Times' story about a journalist charged with breaking into Fox Television computers. The 29 May 91 `Los Angeles Times' carries the conclusion, a story by John Kendall headlined WRITER GETS PROBATION IN STING AT FOX. Excerpts: "Free-lance writer Stuart Goldman pleaded no contest Tuesday to three felony charges of illegally entering Fox Television's computer system and stealing story ideas planted by Los Angeles police in a sting operation.... [Goldman] was placed on five years' probation and ordered to pay $90,000 in restitution, reduced to $12,000 with Fox's approval. The judge ordered Goldman to serve 120 days in County Jail but stayed the sentence.... "Goldman was arrested ... last year by Secret Service agents and Los Angeles police who confiscated a personal computer, floppy disks, Rolodexes and a loaded .38-caliber handgun. "Prosecutors accused Goldman of using a password apparently gained when the journalist worked briefly for `A Current Affair' to enter the Fox production's computer system. They charged that Goldman stole bogus tips ... and attempted to sell the items to a national tabloid magazine.... "After Tuesday's court session, Goldman vowed to publish his completed book, `Snitch' [about being a gossip-media insider], as soon as possible. "[The judge] ordered authorities to return Goldman's computer. `I'm sure you know now that computers will get you in trouble,' the judge said. `If you don't, I'll see you back in here again.'" ------------------------------ Date: Wed, 29 May 91 16:04 EDT From: Subject: Consumer Reports report on Privacy I've finally read my May issue of Consumer Reports. Of interest to Risks readers is their article `What price privacy?', pp. 356-360. They mostly cover ground familiar to Risks readers: *Databases like the files on people who have ever filed malpractice claims or on-the job injury claims. *The workings of credit bureaus *The error rate in credit bureau file information Of greater news are their suggestions on what should be done. "CU thinks the reforms should go even further. The law should allow information in credit reports to be disclosed only if the consumer authorizes the disclosure. Most people realize that if they apply for a credit card or a mortgage the prospective lender will examine their credit report. What they don't realize is that an application for employment, housing, insurance, even a dating service, may trigger a check. Nor do they realize that their files are routinely prescreened on behalf of direct marketers. Any new law should also allow the credit bureaus a maximum of 30 days to investigate when a consumer asks that something on his or her credit report be checked for accuracy. Bureaus should be required to disclose to comsumers exactly how they go about investigating possible errors reported to them. A handful of other laws are supposed to protect consumers against invasions of privacy, but they're riddled with imprecise language, exceptions, and loopholes. For example, a 1978 law supposedly protects against unreasonable searches of bank accounts by government agencies -- but state and local agencies are exempt, as are the FBI and U.S. attorneys. Ironically, video rental records may enjoy the strongest safeguards against abuse. Because of a 1988 lay commonly known as the Bork bill (after the Supreme Court nominee whose video-rental tastes were made public in newspaper accounts), a list of the videos you have rented can't be obtained without a court order. No such law protects your medical or insurance records (see box on page 357)." They also make some suggestions: [List shortened by RG] "Read the disclosure statements before you sign a credit form. At least you'll know how much privacy you're about to give up. Check your Social Security records periodically to make certain that no one else is using your number. (Call 800-234-5772 to request a form.) Likewise, write to any one of the major credic bureaus to opt out of pre-approved credit-card offerings. [The addresses and phone numbers of the big three are included in the article, as is the suggestion to check your record with them periodically. RG] If a merchant insists on a phone number or address on a credit slip, you can refuse. There is no law that requires this information, and the major credit-card companies actually discourage or even prohibit merchants from asking. In California, Maryland, New York, and Virginia, the practice is illegal." They also recommend "Privacy in America" by David F. Linowes, published by the University of Illinois Press and available through Consumer Reports Books as a detailed discussion of privacy issues. I recommend the article to Risks readers (and perhaps the more knowledgeable can make suggestions to CU about policies to pursue). Robert Grumbine ------------------------------ Date: Tue, 28 May 91 22:50:42 EDT From: ard@ctcg.com (Andrew R. D'Uva) Subject: Re: the FBI and computer networks (Agre, RISKS-11.72) DO YOU THINK THAT YOU ARE DOING ANYTHING WRONG? IS THERE ANYTHING WRONG WITH THE NET?! What the FBI files or does not file is the FBI's business. Why should the U.S. Government have less access than a student at an American university (or a foreign one)? What the FBI investigator "thinks" about censorship is really of no concern. Free speech (well.. free political speech) is a protected right, and the FBI is not capable of truly infringing on it. Just think of the outcry on the net if it tried to do so! :) However, the U.S. Government has a legitimate right to prevent illegal activity from taking place, especially when it occurs over taxpayer-funded networks like some portions of the Internet. In this case, waste is added to the illegal act itself. As for the .SU domain, if the boys at the FBI don't know that there are electronic links to machines in the Soviet Union, you can be certain that the fellows up at the NSA do.. and might even be doing something about it. Wouldn't it be pretty foolish of the Government not to. Would you prefer that a US--> {any other country here} link be kept unmonitored and clandestine in the spirit of free speech. At that point, why not let anyone transmit sensitive, perhaps classified, data to another nation? Sounds pretty silly to me. The users of the net have nothing to fear = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = A momentary pause. You could object that my argument stinks.. taken to one conclusion... "Let the police search your home any time.. if you are not breaking the law, you have nothing to worry about" This sort of argument makes sense to me, but I want to point out that you referenced newsgroups in your original message, PUBLIC newsgroups. You could argue that the status of private electronic mail is different, and I might agree with you. As far as transmitting that mail outside the US...well, we would have to argue about that some more. End of pause. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = from FBI scrutiny of the newsgroups. And taxpayers do have a right to know that some of their money is being spent relaying alt.sex.pictures to other sites in the US, and abroad. Chalk that one up to goodwill :) The situation with email is, granted, a different one. The way I read your response is that the Internet would be better off without public scrutiny. Why? ------------------------------ Date: Wed, 29 May 91 09:29 MDT From: rmoonen@hvlpa.att.com Subject: Re: Risks of posting on the NET (jmcleod, RISKS-11.73) ->..., then did he ever stop to THINK that the time spent ->assessing phony "keywords"can prevent the investigation of an actual ->terrorist plan to commit an atrocity? Oh, this really makes me laugh. If and when a friend or relative becomes a victim of a terrorist act, it is solely the terrorists who are responsible. Furthermore, please explain to me how my actions could "prevent the investigation of an actual terrorist plan", no, even "help the terrorists" ? Gee, next time you get a parking ticket, you'd start feeling guilty about the wasted police time/money that could also have been used to track down real criminals. You'd even have helped them and might be an accessory :-O I am talking about machines monitoring phone lines, and certainly it would take any tape of my conversations 5 minutes to end up in the garbage can. If this is what they choose to spend tax-payers money on, then I am free to say *anything* I want on my phone calls. Ralph Moonen, Free citizen of The Netherlands ------------------------------ Date: Wed, 29 May 91 08:11:42 PDT From: a_rubin@dsg4.dse.beckman.com (arthur rubin) Subject: Re: The RISKS of posting to the net (RISKS-11.73) Mark Thorson refers to the FBI making a mistake in the case of Steve Jackson Games. I believe it was actually the Secret Service, although I still don't understand why they thought they would be interested. [Also noted by Bill Ricker.] ------------------------------ Date: Wed, 29 May 91 11:58:19 EDT From: wdr@wang.com (William Ricker) Subject: Re: The RISKS of Posting to the Net It does sounds like the FBI Special Agent that Mark spoke with would have seen the difference between the SJG Cyberpunk game and a criminal communication -- if any such exist under our constitution, which I doubt -- which was not understood by the SS agents hunting for allegedly stolen AT&T documents. Ignorance is definitely a contributor to the abuses; evidentiary seizures of hardware that shut down a legitimate business or FIDO node are not warranted (pun intended) when what is ordered is seizure of evidence stored on disk -- a backup taken by the constables is all that is required, which can be analyzed at their leisure. But typically they wouldn't know (a) how to do a backup, (b) how to analyze it, (c) how to configure a system onto which to restore it. (They also may not have a budget code for renting a PC onto which to restore it, or be forbidden to do so by work-rules and waste-guidelines!) And who in the raiders is going to trust the Obviously Guilty Party to do a backup for them? (S)He might try something tricky to destroy evidence, like in those spy movies... /s/ Bill Ricker wdr@wang.wang.com ------------------------------ Date: Tue, 28 May 91 16:55:33 -0700 From: RSAUNDERS@hssi.dnet.hac.com Subject: FBI Inquiries We had a similar inquiry by the FBI a couple of years ago. We were demoing a synthetic TV system using a satellite link between our big computer and the trade show. The demo pictures looked like a very low pass over a nuclear power plant. We had relocated a nearby plant into distant terrain. Some guy say it on his home TV and called the FBI. People should not expect the FBI to be up to speed on everything. They are just investigating things, they never accused us of anything. They asked where the nuclear plant was (they clearly "saw" one on TV that didn't exist). We explained everything, and they asked a few questions about synthetic TV. In general they were using their position in the Government to get us to teach them something they didn't know. I am convinced their only interest was to determine if this was a problem they needed to investigate in detail. I presume their approach with real criminals is different. In the previously discussed case, they got a pretty good explanation of Internet mailing lists without having to do a lot of legwork themselves. As long as they don't pester the same people every time, this seems like a pretty cost effective way to get Government business done. I would prefer it to using lots of my tax money to find out something they could have found out just by asking. I think we need more Government that takes simple, direct approaches like this. Give the FBI a hand for finding an easy solution. Randy Saunders ------------------------------ Date: Wed, 29 May 91 12:05 xxx From: [anonymous] Subject: Re: Risks of RISKS Networking mmm's story about the risks of Risks postings has prompted me to write about my experience concerning the risks of Risks postings. I'm staying anonymous simply because I'd prefer not to have this happen again. Before I start with the story, may I emphasize that this is not happening in U.S.A. About a year ago, I posted a couple of articles to Risks, concerning the crash of an aircraft in Eastern France. About a week later, my apartment was "kindly visited" in my absence. Note the following facts: 1. nothing was taken from the apartment 2. old issues of RISKS, printed on line paper and stacked in a corner had been thoroughly examined. The proof was that my quasi-order had been clearly transformed to a full disorder. 3. all my bank papers (account statements, letters from bank manager etc.) had also been inspected - again my quasi-order was transformed to disorder. I mean that it was in some sort of order, but not mine. 4. my passport was obviously examined, since it was put back in a wrong drawer. The job was very well done. I only noticed that my apartment had been visited because handles on a chest of drawers were sticking up, while I always made sure that they didn't. Since nothing had been stolen, I decided not to inform the police. However, through some extraordinary coincidence, a man was murdered round the corner, a block away, and the police paid a visit to everybody in the neighborhood to investigate. While I had no information about that crime, I decided to inform them about the break-in in my apartment. Their questions were as follows: "- do you keep any confidential information in your apartment, whether defence- related or commercial ? " "- do you work in any governmental institution and have access to classified information ?" "- do you do any scientifical research which could lead to you keeping important information in your apartment ? " "- could any friend, girlfriend, or relative have used a spare set of keys to come into your apartment and look through your papers ? " "- do you deal with drugs ?" (yes, they really asked that !) Since my answer was NO to all above questions, they decided to send the forensic unit the next day. Deductions of the forensic unit were as follows: 1. the intruder came in via the kitchen window (which was closed but didn't have a lock at the time), stepped into the sink, and left one footmark on the kitchen floor, due to the moisture collected by the shoe in the sink. 2. the intruder wore gloves since no fingerprints were found, neither on the window nor on anything else (door handles, printouts, drawers, etc.) The general feeling was that the job had been done by a professional. The forensic unit took a record of the footmark (sneakers) and promised to contact me a few days later. I got a call from the police two days later. All they said was that it was a professional job but they'd soon identify the intruder(s). Someone was trying to find-out about my sources of income, and it was probably related to "the fact that you deal with computers and store this computer information in your apartment". Well, I had figured that out myself, thanks ! They then told me they would keep me informed on the developments of the investigation. I have not heard from them since. ------------------------------ Date: Mon, 27 May 91 16:24:46 GMT From: mikeraz@techbook.com (Michael Rasmussen) Subject: Re: The Death of Privacy? (Robert Allen, RISKS-11.71) A point that has always bothered me about this type of `privacy' argument is that `privacy' as we know it is a very recent phenomena. Before we had a high density, easily mobile population the conditions you describe were part of everyday life in the closely knit small communities. There was not privacy as we know it today. The easy collection of data about a person is applying modern technology to modern population levels to recreate the community knowledge that used to exist. The significant difference is that then **everybody** who wanted to know your business did, now only the authorities collecting the data can know. The real problem as I see it is to get the information back out of the collecting agencies and into the public gossip trough. ------------------------------ Date: Wed, 29 May 91 13:43 GMT From: Sanford Sherizen <0003965782@mcimail.com> Subject: Giving Away Privacy Many of the recent postings about privacy suggest that privacy is being taken by government and businesses in a one-way transaction. While that certainly occurs, the nature of collecting information is more complex than that. Consumers and employees often inform on themselves. Some are forced to reveal private information as a "voluntary" tradeoff for obtaining a job or purchasing insurance. The employers often treat this information as available for distribution or whatever use they consider as appropriate. Many corporations routinely report sensitive information about their employees to insurance and credit organizations, often without letting the employees know that this is their practice. One major hospital's medical records department receives 1500 requests for this type of information each month, to a large part from insurance and third party carriers, which distribute this information to other organizations. Other people give away their privacy for a variety of inducements. Valuable information is given freely by people in exchange for consumer benefits. Credit card account holders or those tracked through electronic scanning of their store purchases may be willing to make this trade in order to receive discounts or notices of advance sales. One survey company sends a letter to potential interviewees that offers $10 plus the following comment. "...(L)egitimate research is an important part of our world and the accuracy of survey research depends heavily on how many of the people selected into the sample actually end up participating! Often survey results are slanted because too many people are hesitant to cooperate." Who could resist that appeal? Privacy invasions in the U.S. have become almost a perfected process. The poor were the test population for information scavengers. The poor were checked for their eligibility for welfare, immigration, jobs, and law abiding-ness. They lived with few privacy rights. The poor tested well and now the technology is being improved to collect information on even more people. Investigating the poor is now the model for intensively examining the lives of the rich and the middle class. These previously protected populations are now checked for their marketability, payment of college loans, correctness of resumes, professional conduct, insurability, and driving records. The list goes on. Truly, you can run but you can't hide. One day soon, we may start our work by electronically connecting ourselves to a computer that has polygraph and urine analysis options. Our productivity, workhabits, error rates, and deviations can be automatically collected. On a "voluntary" basis, of course. One recent study found that some companies wre even attempting to restrict intra-company dating by monitoring employees. Pinhole videocameras hidden in smoke alarms, tv sets, and clocks are being sold to companies to monitor employees and customers. Even the privacy of our refuse has been trashed. Some municipalities require that garbage be put in clear bags so that garbage collectors can inspect residents' trash to ensure that they are recycling correctly. In a strange retribution (justice redux?), businesses have themselves begun to lose some of their own privacy. Industrial espionage is on the increase. Major corporations have formed business intelligence units, many run by ex-intelligence officers. Competitive business intelligence is considered as a corporate necessity today, where anything available about competitors is gathered. Information can be obtained legally through searching government records, speeches by corporate spokespersons, and reviews of want ads seeking specialists (which may indicate new product developments). Other information collection may not be legal. Consumers have also become interested in piercing the often one-way privacy interests of corporations and government. The Freedom of Information Act and the various whistleblower laws that provide cash rewards for those who report illegal activities have begun to make corporate secrets more public. Even the electronic tools that businesses use to collect information have become more readily available to those who wish to gather sensitive corporate information, such as corporate contributions to PAC's and stock holdings in South Africa, to cite readily available databases. Recent information on the East German secret police (Stasi) indicates that they had an estimated 85,000 full time agents and 500,000 part time informants in a population of 17 million citizens. In the U.S., we collect confidential information differently. We don't just gather information on dissidents. In the American way, we believe in equal opportunity collection of information. Our diseases, disorders, deviations, and other details are growing into a national Information Age dossier. Certainly there are many differences between the East German Communist government and the U.S. government. What is important to recognize, however, is that there are also some startling similarities. We have become a nation of informers and informants. Americans live surrounded by technological vacuum cleaners that such up information. Big Brother has turned out to be the Big Browser. Sanford Sherizen, Data Security Systems, Inc., 5 Keane Terrace Natick, MA 01760 USA, MCI MAIL: SSHERIZEN (396-5782), PHONE: (508) 655-9888 ------------------------------ Date: Mon, 27 May 91 14:29:39 MDT From: imp@Solbourne.COM (Warner Losh) Subject: Smart Highways Need Privacy Tutorial cdp!mrotenberg@labrea.Stanford.EDU writes: : It's worth finding out whether the Senate committee has considered the privacy : implications of gathering this data on drivers and whether there are any : proposals to restrict the secondary use of the information. Likely buyers? : Marketing firms and insurance companies. Thieves? It seems to me if I were able to tap into this system and find out that Fred Smith's car was in grid lock and so was his wife's, then I'd stand a better chance of robbing their house than I would if I was just staking it out. After all, I'd have a nice warning system if I could get periodic updates (or just program my home computer to "beep" me whenever they got withing 3 miles or something like that). Keep in mind that the proposed system doesn't use encryption at all.... (And even if it did, there would be a back door in it, right? After all, isn't that what SB618 (nee SB266) is all about) Take a look at the book "Mindkiller" by Spider Robinson for an example of a thief that uses the central monitoring computer to rip off people that aren't home. I wonder if such systems would be mandatory or optional. If they were mandatory, does that mean that I have to pay for LA's terrible traffic problems even though I live in Colorado and face little or no traffic on my way to work? That doesn't sound fair to me. Warner ------------------------------ Date: Wed, 29 May 91 11:25:50 -0500 From: Neil Rickert Subject: Re: Replicated Errors (McClenon, RISKS-11.73) >I respectfully submit that Neil Rickert is completely and very seriously wrong >as to whether sendmail is primarily responsible for the replicated error >messages... On May 24 I observed a period of perhaps 30 minutes in which it was impossible to make an SMTP connection to THINK.COM. This is presumably because it was being besieged with replies to the (apparently forged) sendsys news control message, which asked all news sites to automatically reply to COMPASS.COM (which is gatewayed through THINK.COM). Approx one year ago a message arrived at our site with a `Return-Receipt-To:' header. It was part of the distribution of a large mailing list, perhaps `unix-wizards-digest', although my memory is uncertain on which list. It took more that 24 hours before an SMTP connection could be made to deliver the return receipt, apparently because the receiving host was saturated with replies. In neither of these cases was there a "replicated error". Indeed, there was no "error" at all. I repeat my earlier assertion. The "replicated error" discussion is a bogey man, which has little to do with the problem. The problem was caused by sending into a large mailing list a message which would generate automatic replies. The fact that those automatic replies were error messages is largely incidental. The behavior of sendmail perhaps multiplied the severity of the problem by a factor of three, compared with messages generated only at final destinations. But just generating messages at final destinations can already cause a severe problem. Clearly the responsibility must be on the distribution system (mailing list software for example) to minimize the likelihood that distributed messages will generate large numbers of automatic replies. I should note that the original incident was made particularly obvious by the fact that the automatic responses happened to go through an address which was gatewayed by the same host as the mailing list management software. It is likely that many such incidents (particularly with Return-Receipt-To:) have occurred in the past, but since the return address bypassed the list distributor, the problem was only noticed at the site to which the automatic responses were addressed, and they probably decided they had no choice but to live with it. Neil W. Rickert, Computer Science Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940 ------------------------------ End of RISKS-FORUM Digest 11.74 ************************