Subject: RISKS DIGEST 16.11 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 3 June 1994 Volume 16 : Issue 11 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Flaw in Clipper detected (Jim Huggins) Re: Solo midair collisions (Martyn Thomas) Donuts with Ears, Part II (Peter Wayner, David Wright) Ollie North on the high seas...Big toys, big egos, E-trails (David Honig) Nonexistent Risks (Re: Call Your OPERATER!) (Gregory B. Sorkin) Risks of faxing (Adam Shostack) The Ghost in the Modem (Loka Alert 1:6 via Phil Agre) Zimmermann statement on PGP 2.6 (Philip Zimmermann) "The Hacker Crackdown" by Bruce Sterling (Rob Slade) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Thu, 2 Jun 1994 13:55:23 -0400 (EDT) From: Jim Huggins Subject: Flaw in Clipper detected The following is summarized from an article in the _Detroit_Free_Press_, 2 June 1994, pages A5-6. The article was written by John Markoff of the New York Times [and appeared on the front page of the Times on that day]. AT&T Bell Labs researcher Matthew Blaze has been quietly circulating a report among computer researches and federal agencies which demonstrates a flaw in Clipper. Using Blaze's technique, two parties can use Clipper to have a conversation which could not be decrypted by government officials using the proper escrowed keys. The flaw would not permit third parties without the escrowed keys to decrypt the conversation either; essentially, this technique would reduce Clipper to the status of other commercially-available cryptography which is computationally infeasible to break. Stanford's Martin Hellman, who has reviewed Blaze's work, states "People who want to work around Clipper will be able to do it." In a written statement, NSA directory of policy Michael Smith stated that Clipper would still remain useful: "Anyone interested in circumventing law-enforcement access would most likely choose simpler alternatives." Smith claims that Blaze's technique would be too difficult and time-consuming for practical use. Comments: of course, this will probably re-ignite most of the Clipper controversy again, since this seems to strike at the heart of NSA's purposes in creating Clipper (secure cryptography with a mandatory back-door for the government). I'm more interested in NSA's statement that says in essence that Clipper can be avoided more simply: perhaps this shows that Clipper won't be all that useful after all? Jim Huggins, University of Michigan (huggins@umich.edu) ------------------------------ Date: Wed, 1 Jun 94 11:19:15 +0100 From: Martyn Thomas Subject: Re: Solo midair collisions The account of a collision with a sky-diver reminds me of an incident some years ago when a commercial jet hit a salmon at altitude, which smashed through the nose, demolished the co-pilot's rudder pedals and broke his leg, ending against the rear bulkhead of the cockpit [the salmon, presumably, not the rudder pedals or the leg]. The accident report assumed an eagle had dropped it. [The eagle salmoned up all its carriage? PGN] ------------------------------ Date: Thu, 2 Jun 1994 18:17:26 -0400 From: pcw@access.digex.net (Peter Wayner) Subject: Donuts with Ears, Part II A spokesman from Dunkin' Donuts tells me that the chain has ordered all DD to remove their listening equipment. Apparently, the front-page news about their listening devices finally brought the public sentiment to their attention. Maybe if they had stronger mikes they would have gotten the message sooner? ------------------------------ Date: Fri, 03 Jun 94 10:15:41 EDT From: David Wright Subject: Re: Eavesdropping hits NSA [RISKS 16.10] [...] The security cameras that are installed in in many stores will remain, however; the company said they are a proved deterrent to robbery. -- David Wright, Hitachi Computer Products (America), Inc. Waltham, MA wright@hi.com ------------------------------ Date: Fri, 03 Jun 1994 11:41:15 -0700 From: David Honig Subject: Ollie North on the high seas...Big toys, big egos, electronic trails In the 3 Jun 1994 Wall Street Journal there is an article about a Whitbread sailboat race. The story includes a description of how one team is accusing one of its members of telling another team about the weather, which is apparently against their rules. The evidence for this is *computer logs of faxes* sent between the individuals, who are also possibly romanticly linked. (There may also be financial motives connected with boat sponsorship.) Anyway, the risk to perpetrators in not covering their electronic trails (tails?) is present even on a sailboat in the South Pacific. ------------------------------ Date: Tue, 31 May 94 18:13:03 -0500 From: sorkin@watson.ibm.com (Gregory B. Sorkin) Subject: Nonexistent Risks (Re: Call Your OPERATER!) There is the RISK of not double-checking dubious information, including information in the Risks Digest. I dialed 1-800-OPE-RATO[R] (I didn't dial that last R -- for "redundancy"), and sure enough, I got a "(pong) AT&T". Then I dialed 1-800-OPE-RATE[R], and sure enough, I got . . . nothing. Is there a regional discrepancy, or is the rumor of MCI's devious cunning just an urban myth? [I got RINGING with NO ANSWER after 20 rings. Maybe that is exactly the point? Ultimate denial of service, intended to make you want to go elsewhere when you think you are getting AT&T? PGN] There were also several Risks Digest items about clever color copiers blocking the reproduction of US and some foreign currencies. This seems almost impossible algorithmically, and indeed appears to be fictional, based on what testing one can do legally. [We have gone around on that one in the past. PGN] What are the Risks here? Just that people will go about spreading urban myths, I guess. Greg Sorkin (sorkin@watson.ibm.com) ------------------------------ Date: Wed, 1 Jun 1994 09:16:16 -0400 From: Adam Shostack Subject: Risks of faxing This appeared in rec.humor.funny. I'm submitting it to RISKs because nothing on the risks of faxing has appeared in a while. The problems are that there is often little way to ensure your fax is going to the correct place, and that the faxed paper is out of your control once faxed, and might be copied, and redistributed with your name & private correspondence. Public-key encryption programs, such as PGP, would have allowed the unfortunate applicant to encrypt this (as email). If it was mail, he would have to type the wrong address twice, once for the mail address, and also for the encryption recipient. He might have had a chance at getting the job. (Of course, using the phone would also have avoided the problem, but can be inconvenient & expensive when colleagues are overseas.) > You might enjoy this. > A candidate for the Director of our Research Center faxed a > colleague to request a letter of recommendation. It was > accidentally faxed here instead. It read in part: > "Iowa is too wet and droll. But it's a directorship > so I should apply..." > The fax is now part of his permanent application file. ------------------------------ Date: Sun, 29 May 1994 21:01:06 -0700 From: Phil Agre Subject: The Ghost in the Modem (Loka Alert 1:6--from the Washington Post) Date: Sun, 29 May 1994 22:40:43 -0500 (EST) From: RESCLOVE@amherst.edu To: loka-l@amherst.edu Subject: The Ghost in the Modem (Loka Alert 1:6--from the Washington Post) Loka Alert 1:6 (May 29, 1994) >From the Sunday _Washington Post_: IF INFORMATION HIGHWAYS ARE ANYTHING LIKE INTERSTATE HIGHWAYS--WATCH OUT! Friends and Colleagues: This is one in an occasional series of e-mail postings on democratic politics of science and technology, issued by The Loka Institute. You are welcome to post it anywhere you feel is appropriate. The following essay, written by Loka Institute members, is reprinted from the Outlook Section of _The Washington Post_, Sunday, May 29, 1994. --Dick Sclove Executive Director, The Loka Institute, P.O. Box 355, Amherst, MA 01004-0355, USA Tel. 413 253-2828; Fax 413 253-4942 E-mail: resclove@amherst.edu ***************************************************************** THE GHOST IN THE MODEM For Architects of the Info-Highway, Some Lessons From the Concrete Interstate By Richard Sclove and Jeffrey Scheuer Vice President Gore envisions the information superhighway as the second coming of the interstate highway system championed by his father, former U.S. Senator Al Gore, a generation ago. Let us hope that the junior Gore is proven wrong. Rush-hour traffic jams, gridlock, garish plastic-and-neon strips, high fatality rates, air pollution, global warming, depletion of world oil reserves--have we forgotten all of the interstate highway system's most familiar consequences? It's not that Gore's analogy is wrong, only that his enthusiasm is misplaced. Comparing the electronic and asphalt highways is useful--but mostly as a cautionary tale. Building the new information infrastructure will not entail the degree of immediate, physical disruption caused by the interstate highway system. But sweeping geographic relocations, and accompanying social transformations, seem probable. And the risk of inequity in contriving and distributing electronic services--or, conversely, imposing them where they are not wanted--is clear. Indeed, disparities in access to new information systems have already begun to surface. A study released this past week by a group of public interest organizations, including the National Association for the Advancement of Colored People and the Center for Media Education, notes that low-income and minority communities are underrepresented in U.S. telephone company's initial plans for installing advanced communications networks. Unequal access is only the most obvious among many social repercussions that may lie in store for us. The real history of the interstate highway system suggests how we can think about and control the vast implications of new technologies and a new national public infrastructure. It is widely assumed that Americans' infatuation with cars led to the construction of America's superhighways. But actually when Congress passed the Interstate Highway Act in 1956, car sales were slack, and there was no popular clamor for building a new road system. At the time only about half of American families owned an automobile; everyone else depended on public transportation. Congress was responding to aggressive lobbying by auto makers and road builders, plus realtors who saw profits in developing suburban subdivisions. The act's key provisions included support for bringing freeways directly into city centers and earmarking gasoline tax revenues for highway construction. As the interstate highways were built, city and suburban development adapted to the quickening proliferation of autos. Soon more Americans found themselves forced to buy a car in order to be able to shop or hold a job. The Highway Trust Fund, by assuring the rapid atrophy of competing public transit systems, bolstered this trend. Thus the asphalt highways--and the society around them--are a reflection of successful lobbying by powerful business interests and external compulsion, not simply the free choices of consumers. There is no guarantee that the process of wiring consumers and employees into the electronic highway system will be different. The effects of the interstate highway system on American communities were profound, especially in the cities. As historian James Flink notes, "Ambitious programs for building urban freeways resulted in the massive destruction of once viable poor and minority neighborhoods." In other cases, new highways encircled poor neighborhoods, physically segregating minorities into marginalized ghettos. Gradually, a black and Hispanic middle-class did emerge. Its members too fled along the interstate to the suburbs, further draining economic and cultural resources from the inner city. This contributed to the emergence of a new social phenomenon: today's desperately deprived, urban underclass. Elsewhere the effects were subtler but still significant. The noise and danger from growing numbers of autos drove children's games out of the street, and neighbors and families off their front porches. Before long, suburbs without sidewalks came to signal an unprecedented paucity of local destinations worth walking to. Suburban housewives found themselves leading increasingly isolated daytime lives at home. Highways made shopping malls possible, enabling franchise and chain store sales to boom. But this sapped downtown centers. For some teenagers and senior citizens, today's anonymous, consumption-mad expanses provide a semblance of community space-- having swallowed up the general store, the soda fountain, the Main Street sidewalk, and the town square. There is ample danger of the new electronic technology extending these losses. Remember too that it is easy to romanticize new technology. The popular arts glorified life on the highway. People read Jack Kerouac's "On the Road," watched "Route 66" on television, and recall the Merry Pranksters' psychedelic bus-capades during the '60s. In fusing alienation and rebellion with youthful exuberance, each of these foreshadows contemporary cyberpunk culture. Yet real-life experience on the interstate is mostly banal and uneventful. McDonald's, Pizza Hut, and Wal-Mart look about the same wherever you exit. There are also political ramifications of a vast new public infrastructure. Interstate highways contributed to national and even international economic integration. But while GNP soared, mom-and-pop production and retailing declined. That meant greater local dependence on national and global market forces and on distant corporate headquarters--powers that communities simply couldn't control. The locus of effective political intervention thus shifted toward more distant power centers. But because those are realms in which everyday citizens cannot be as effectual as in smaller political settings, democracy was impaired. If the growth of the highways is revealing, so too is the opposition to freeway construction that emerged. As citizens became more politically mobilized during the 1960's and early '70s, opposition to relentless highway expansion arose from environmentalists and from local communities, both rich and poor. Transportation engineers reeled at the specter of upright citizens rejecting their good works. Many current telecommunications engineers and true-believing entrepreneurs are no less convinced of the unalloyed beneficence of their art. The importance of the analogy between the information and asphalt highways lies in the political procedures that create them. What if a wider range of people, including non-car owners, had been involved in transportation planning all along? Considering the alternatives envisioned by critics such as Lewis Mumford, it seems likely we would have a smaller and different road system today. As in Europe and Japan, there probably would have been greater investment in public transit. Modern America might exhibit less sprawl, less dependence on foreign oil, and more cohesive urban neighborhoods. Three lessons for the construction of the information superhighway suggest themselves: o _No Innovation Without Evaluation_: To help reduce adverse social impact, the federal government should mandate evaluated social trials of alternative electronic services. Analogous to environmental impact statements, these trials should precede full-scale deployment of any major components of new information infrastructures. o _No Innovation Without Regulation_: We should conserve cultural space for face-to-face social engagement, traditional forms of community life, off-screen leisure activities and time spent in nature. How about a modest tax on electronic home shopping and consumer services, rebating the revenue to support compensatory, local community-building initiatives? o _No Innovation Without Participation_: A number of European nations are out-competing America in including lay people in technology decision-making. For instance, the Danish government appoints panels of everyday citizens to cross-examine a range of experts, deliberate among themselves and then publish their own social assessments of technological alternatives. Sweden, Norway and Germany have pioneered processes for involving workers directly in designing new production systems. The coming revolution in information systems is going to change life for everyone--including the multitude who, by circumstance or choice, never use computers. It is imperative to develop mechanisms for involving all segments of our society in designing, evaluating and governing these new systems. Data highway enthusiasts may see such measures as wasteful obstructions of market forces. But what entrepreneurs call red tape is really democracy in action. __________________ Richard Sclove is executive director of the Loka Institute in Amherst, Mass., a public interest research organization concerned with science, technology and democracy. He also directs the Public Interest Technology Policy Project at the Institute for Policy Studies. Jeffrey Scheuer, a New York writer, is a fellow of the Loka Institute. ***************************************************************** [If you would like more info regarding the Loka Institute, please send an e-mail message to that effect to: resclove@amherst.edu ; however, the staff warns that they may be slow in responding, due to travels. PGN] ------------------------------ Date: Fri, 3 Jun 1994 01:39:59 -0600 (MDT) From: Philip Zimmermann Subject: Zimmermann statement on PGP 2.6 -----BEGIN PGP SIGNED MESSAGE----- From: Philip Zimmermann, author of PGP To: People interested in PGP Date: 28 May 94 On 24 May 1994, the Massachusetts Institute of Technology released PGP (Pretty Good Privacy) version 2.6. PGP is a software package that encrypts electronic mail, using public key cryptography. Over the past three years, PGP has become the worldwide de facto standard for email encryption. PGP 2.6 is being published under the terms of the RSAREF license from RSA Data Security, Inc (RSADSI). This is a significant milestone in PGP's legal development. Export of this software from the US or Canada may be restricted by the US Government. PGP version 2.6 is being released through a posting on a controlled FTP site maintained by MIT. This site has restrictions and limitations which have been used on other FTP sites to comply with export control requirements with respect to other encryption software such as Kerberos and software from RSA Data Security, Inc. These special mechanisms are intended to preclude export of cryptographic software from the US. The MIT FTP site that carries PGP is net-dist.mit.edu, in the pub/PGP directory. This new freeware version of PGP is for noncommercial use. For commercial use, you may get ViaCrypt PGP, available on a variety of platforms. ViaCrypt may be contacted at 602-944-0773, or via email at viacrypt@acm.org. PGP 2.6 is as strong as earlier versions. It contains no back doors. It can read messages, signatures, and keys from PGP versions 2.5, 2.4, 2.3a, and 2.3. Beginning in September, a built-in software timer will trigger PGP 2.6 to begin producing messages, signatures, and keys that cannot be read by earlier versions of PGP. It will still retain its ability to read things from earlier versions after that date, so that users who upgrade to 2.6 will not be inconvenienced, particularly if everyone else upgrades by that time. The reason for the change in format is to grant RSADSI's request to MIT to encourage all users to stop using older versions. ViaCrypt's new products will support the new formats used by PGP 2.6. Details of the compatibility issues and their reasons are outlined in the PGP User's Guide, included in the release package. See also the official statements released by MIT for further details. Version 2.6 also has some bug fixes and improvements of the version 2.5 released by MIT on 9 May 1994. Both the 2.5 and 2.6 versions were produced in a joint project between myself and MIT. Both versions were released by MIT after extensive review by MIT's administration and their legal counsel. I am told by MIT that MIT's legal counsel believes that both versions 2.5 and 2.6 do not infringe the RSA patents in any way, and they both comply with the terms of the RSAREF licenses that each were released under. But regardless of the noninfringing nature of version 2.5, I urge all PGP users in the US to upgrade to version 2.6, to help move toward eradication of earlier, pre-RSAREF versions of PGP. This will improve the overall political and legal landscape surrounding PGP. MIT will publish details on the simple format change so that earlier European versions of PGP may be independently upgraded by the Europeans. This note does not attempt to answer all the questions you may have about the implications of this new release of PGP. For further details, see the information released by MIT, or see the PGP User's Guide in the new release package. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLegMXmV5hLjHqWbdAQE0NAQAiTafSwM8eNfYYvkslNR6bun/GIelvziA M/9h5fn3zUQt2Bc6rkuz1TBlnMZUoduufinI9eSr+cdXbfhxNIQmRArhw3EJd1f+ siZaPmTR3YXvUwuXMcruMbUvEYpSBmtBVrxTzxNSIwx3/hJJB2z9sT1/B+UZdFwi EZX1O/mpiZw= =ULD1 -----END PGP SIGNATURE----- ------------------------------ Date: Wed, 01 Jun 1994 12:50:45 -0600 (MDT) From: "Rob Slade, Ed. DECrypt & ComNet, VARUG rep, 604-984-4067" Subject: "The Hacker Crackdown" by Bruce Sterling BKHKRCRK.RVW 940314 Bantam Books 1540 Broadway New York, NY 10036 "The Hacker Crackdown", Sterling, 1992, 0-553-56370-X, U$5.99/C$7.50 It is important to keep in mind that the crackdown of the title refers to a specific incident: the series of raids in 1990 by various United States law enforcement agencies which tend to be collectively, if incorrectly, subsumed under the code name, "Operation Sundevil". The book brings together a number of the stories surrounding this event, as well as giving some background, particularly in regard to AT&T and the US Secret Service. There are, however, significant gaps which prevent it from being an overall analysis of either the cracker/phone phreak culture or the data security/law enforcement community. As an overview of the 1990 raids, the book is entertaining, often informative, and generally well written. Digressions often provide very interesting background, although at times they consume entire chapters without much bearing on the central issues. Those who were around for the electronic discussions of the 1990 raids will possibly be glad of the collection of all the stories into one place. (Those who have dealt with the crackers, phone phreaks and wannabes will readily recognize some of the descriptions, as well as the repeated emphasis on braggadocio as a primary character trait.) Although Sterling is aware of the debate over the term "hacker"; indeed, he worries over contributing to the degradation of the term; he does not distinguish between the various communities of electronic outlaws. In fact, he states, at one point, that all are the same. Similarly, his contacts with law enforcement and data security people are limited. For these reasons, the book is not useful as a general introduction to the field. The writing is highly opinionated. The US-centric view of technology borders on jingoism. In general, neither law enforcement nor the cracking communities are seen with any favour. Although we can sympathize with Sterling's motivation in wanting to bring to light the injustice done to his friend, the extreme sarcasm which cloaks most of the first half of the book makes it difficult to understand what point he is trying to make. For those involved in data security, a very entertaining read. For newcomers, please take it with a very large grain of salt. copyright Robert M. Slade, 1994 BKHKRCRK.RVW 940314 Vancouver Institute for Research into User Security Canada V7K 2G6 ROBERTS@decus.ca Robert_Slade@sfu.ca rslade@cue.bc.ca p1@CyberStore.ca ------------------------------ Date: 31 May 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: Issue j of volume 16 is in that directory: "get risks-16.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. See risks-15.75 for WAIS info. To search back issues with WAIS, use risks-digest.src. With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.11 ************************