Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (02/09/84)
HUMAN-NETS Digest Thursday, 9 Feb 1984 Volume 7 : Issue 17
Today's Topics:
Queries - Denying Access to Computers &
The "World" of Computer Science &
The Wolfe Computer Exam,
Response to Query - Silicon Gulch Gazette,
Computers and the Law - Notification of Database Entry (2 msgs),
Computer Security - Access Criteria,
Computers in the Media - Other uses of the name "WORLDNet",
Computers and People - Telecollaborated Simulation
----------------------------------------------------------------------
Date: 30 Jan 1984 0032-EST
From: Greg Skinner <Uc.Gds at MIT-EECS at MIT-MC>
Subject: Denying access to computers
Does a legal precedent exist for denying someone access to a computer?
For example, say a computer facility is in the habit of granting guest
users accounts on their machine on a person-to-person basis, in other
words, they can deny certain persons accounts if they so desire. Is
the facility acting legally? May the person who is being denied the
account sue the facility for a violation of civil rights?
You may respond to me in person or via this newsgroup.
--greg
Gds@XX (ARPA)
{decvax!genrad, ihnp4, eagle!mit-vax}!mit-eddie!gds (UUCP)
------------------------------
Date: 30 Jan 1984 0044-EST
From: Greg Skinner <Uc.Gds at MIT-EECS at MIT-MC>
Subject: the "world" of computer science
I had a discussion with a friend of mine about the world of computer
science. I described it as a "world" in the sense that it has
everything the outside world has (media, politics, religion of a sort,
art, etc.) plus a degree of romanticism, fantasy, etc. I elaborated
on that aspect of computer science by giving examples of the language
of a computer hacker (grokking the monitor, moby code),
descriptiveness (having a magic program that guns people), and its
relationship to other works of sf and fantasy (many computer systems
model themselves after Lord of the Rings, The Hitchhiker's Guide to
the Galaxy, The Wizard of Oz, etc. in their host and/or device
nomenclature).
If you're not sure what I'm getting at, what I'm trying to do is
solicit your opinions on whether or not the world of computer science
is in fact a world within a world, or if it is a fantasy world, or
both, or neither. I'd appreciate serious responses to this (although
humorous ones won't be unwelcome) as I may use your ideas
(anonymously, of course) in my argument.
--greg
Gds@XX (ARPA)
{decvax!genrad, ihnp4, eagle!mit-vax}!mit-eddie!gds (UUCP)
------------------------------
Date: Wed, 1 Feb 84 01:46:12 CST
From: Stan Barber <sob@rice>
Subject: wolfe computer exam
I need to find out about the Wolfe Computer Competency Exam. It is
produeced by the Wolfe Computer Testing Co in New Jersey. If anyone
has heard about it, I would appreciate your comments and help in
locating any research or resources concerning this exam (or similiar).
Thanks
Stan Barber
Department of Psychology
Rice University
Houston TX
sob@rice (arapnet,csnet)
sob.rice@rand-relay (broken arpa mailers)
...!{parsec,lbl-csam}!rice!sob (uucp)
BBS:(713) 660-9252 (Bulletin Board)
------------------------------
Date: 30-Jan-84 10:41 PST
From: Kirk Kelley <KIRK.TYM@OFFICE-2>
Subject: Silicon Gulch Gazette
The name of the advertising newspaper Jim Warren put out for the
original West Coast Computer Faires, and sundry related projects down
in Silicon Valley, was called the Silicon Gultch Gazette. That may be
because it came from his rustic home up in the Santa Cruz mountains.
-- kirk
------------------------------
Date: Wednesday, 1 Feb 1984 13:56-PST
Subject: Re: HUMAN-NETS Digest, various ones
From: willis@Rand-Unix (Willis_Ware)
In HUMNETS (vol. 7 # 12), the following (partial) message appeared
from R. E. Maas.
Date: 14 January 1984 01:15 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: Review-Rise of the Computer State
I propose the following law: Once a year, any maintainer of a
database that contains information on people indexed by social
security number must inform each person so indexed (except those
whose records haven't been modified since the last notification)
of the existance of such records and of the means for examining
them, either directly by sending mail or telephoning them, or
indirectly by passing the list of SSNs to another database
maintainer who promises (by sworn affidavit) to inform the people,
again either directly or indirectly. Most database maintainers
would pool their notifications to reduce overhead, but private
databases which don't want "big brother" to know, just the
individual persons to know, may opt for direct notification, and
of course the place where the buck stops will directly notify on
behalf of the whole consortium that feeds into it.
I'd like to offer the following comments. The idea of notifying all
entrants in a database has been around a long time. It was first
talked about during the early 70s in the deliberations of the
Secretary's (HEW) Special Advisory Committee on Automated Personal
Data Systems; this was the group whose report formed the intellectual
foundation for the Federal Privacy Act of 1974. Later the Privacy
Protection Study Commission, chartered by the Privacy Act and working
during 1975-77, also considered it. While the idea is appealing on
the surface, the big problems would be the practical ones, notably the
cost of preparing and mailing the notices plus the difficulty of
making a strong positive cost-benefit argument.
Consider two of the largest databases at the Federal level: the Social
Security Administration and the IRS; both of them are indexed by SSN.
Most entries in each will change each year; SSA will make payments and
receive deductions and the IRS will receive tax returns. The
population of the country is now about 225 million, so there is
probably 125 million or more taxpayers and a correspondingly large
number of individuals who contribute to or receive funds from the SSA.
Even if these two agencies combined their notices, a mailing or any
other process of notification would be a massive undertaking.
Furthermore data processing installations in the government generally
do not enjoy the most recent state-of-art; for the most part they will
not have the level of technical sophistication that most readers of
HUMNETS would automatically expect. Thus, for many Federal databases
(also organized by SSN), the system would not be able to ascertain
which records had been changed during the year. To add another
practical problem -- the address-of-record may very well be different
from one database to the next; the amount of address-change activity
is surprisingly large and in many cases, differing addresses are used
for legitimate but legal purpose. So, combining notification across
agencies would not necessarily work well. And one more difficulty:
identification of individuals is not consistent across databases; this
is one of the better unplanned but effective protections against
computer matching of files. It would also inhibit the combining of
notifications from several sources.
Whatever one thinks about the Postal Service, many mailings of large
size would be a non-trivial additional burden. The only such large
mailing that comes to mind is the annual IRS outpouring of tax forms
to all taxpayers but these are mailed from the many regional
processing centers that IRS has. Nonetheless, the example is the
existance proof that it can be done -- at least once per year by the
USPS.
The private sector pales when such suggestions are made to it. The
position generally is that the cost of such notifications is not
warranted by the threat to people nor the expected benefit to be
received.
It is dreadfully easy in a forum like HUMNETS to assume that the views
of its participants are a proper representation of the views of the
country. No way!! We who read this Digest are a minority group, and
even if one adds all the others who are likely to be well informed and
to have sound opinions on privacy matters, it is still a minority
group and by no means a cross-section of the country. For the most
part, most recipients of such notifications would be disinterested and
could care less about whatever they revealed. It is for reasons such
as this that it is so hard to create an advocacy position for privacy
issues of various kinds.
The basic point is sound though; one does not have a good mechanism
for knowing where records about him exist or what they contain. It's a
hit and miss proposition and even individuals who are well informed
and adroit in tracking down things will occasionally be startled to
uncover a new and unexpected collection of data.
Willis H. Ware
Rand Corporation
------------------------------
Date: Fri 3 Feb 84 10:38:40-PST
From: Richard Treitel <TREITEL@SUMEX-AIM.ARPA>
Subject: Re: HUMAN-NETS Digest V7 #16
To: dehn@MIT-MULTICS.ARPA
In repsonse to Dehn's questions:
How do you feel about the fact that at this very moment my
computer has your name in it, together with several other
facts about you? How am I supposed to go about showing my
legal right to keep it? WHAT ARE YOU GOING TO DO ABOUT IT?
If I can't keep information about other people in my computer,
what can I keep?
That depends on what the other facts about me are! If they include,
for example, my checking account balance, then I am quite annoyed. If
they only include facts which I have made public myself, or which are
an inevitable result of my use of this system, then fine.
I don't think you should have any legal right to keep information
about me other than that which I have chosen to make available. Of
course, I can't do anything about it at the moment; that is what I
would like to see changed.
This may surprise you, but I don't keep files of information about
other people in my computer; I keep programs, output data, drafts of
papers, and so on. However, I've got no objection to your keeping
information about other people, provided they consent to this, or
indeed about me, within certain limits. I'm willing to be reasonable
(??!?) about data which are not too personal.
Information stored in your head does not worry me nearly so much as
information on a machine, because it is not (yet) the case that N
million people can tap into your head and read the data at high speed
-- and you probably can't sort and index it the way a machine could,
mapping from (say) my driver's license number to my mailing address in
a millisecond (unless I was the only person in your database ...).
- Richard
------------------------------
Date: Wednesday, 1 Feb 1984 13:56-PST
Subject: Re: HUMAN-NETS Digest, various ones
From: willis@Rand-Unix (Willis_Ware)
Two people have commented in recent issues of HUMNETS [e.g., v 7 #9]
that suspending a login attempt after several failed tries can
seriously intrude on the capability of a system by denying access to
legitimate users. These observations were made in response to my
testimony before Congress on October 14 [published in HUMNETS some
issues ago]. The point is well taken, but clarification is in order
as to what I really said.
First of all I did not propose that this approach be universally
applied, nor did I take a position with regard to its effectiveness or
desireability. My testimony is quite explicit that I was only
describing one installation that has used such a scheme; it was an
illustration (for Congress) of what can be done. Moreoever, one must
understand that the Los Alamos National Laboratory undoubtedly did a
careful examination of its circumstances, including the perceived
threat from penetrators and the risk of service denial and the
inconvenience to users, before implementing it. For one organization
in one set of circumstances guarding against one perception of threat,
it was judged an appropriate approach. For other organizations in
different circumtances, it might well not be. Especially it might not
be appropriate for facilities that primarily support dial-in users.
This discussion prompts me to stress a point that I don't recall
appearing in HUMNETS. The HUMNETS discussions have focussed on small
parts of the problem whereas the security protection issue is one of
many dimensions. No security safeguard is a panacea nor is any one
absolute. For every installation, its managers must decide what
threat exists and what part (or all) of it is serious enough to
warrant safeguards. Then they must decide on an economic/technical
basis what array of safeguards -- technical (hardware, software),
managerial, administrative, procedural.... -- provide the desired
protection at an affordable or acceptable cost, and what policies are
essential to enforce them. In the end, the choice of security
safeguards is basically an engineering-economic analysis at the system
level.
The point is not new; it is often called risk analysis or risk
management. It partially explains the quite different views held by
managers within government and those in the private sector; the
perception of the threat and its details are quite different in the
two places. At the Federal level, a series of documents called
Federal Information Processing Standards provide guidance and insight
to government agencies faced with the issue of implementing safeguards
in computer systems. In the private sector, a variety of specialized
consultants and companies have materialized to assist with the matter.
Willis H. Ware
Rand Corporation
------------------------------
Date: 3 Feb 84 16:17:43 EST
From: Dave <Steiner@RUTGERS.ARPA>
Subject: Other uses of the name "WORLDNet"
Seems that someone has used the term WORLDNet in another manner
before we could get a world-wide computer network up of the same
name. Oh, well....
n100 2027 02 Feb 84
AM-NEWSSUMMARY
c.1984 N.Y. Times News Service
The New York Times news summary for Friday, Feb. 3, 1984:
WASHINGTON - A advanced USIA news service was announced by the
Reagan administration. The USIA said it planned to use communications
satellites to enable reporters around the world to question officials
in Washington or wherever they might be. The system, to be called
Worldnet, would provide three hours a day of two-way television news
conferences.
nyt-02-02-84 2314est
------------------------------
Date: 30-Jan-84 22:08 PST
From: Kirk Kelley <KIRK.TYM@OFFICE-2>
Subject: telecollaborated simulation
This refers to the model of&for a world-wide telecollaborated
simulation in HN #14. The equation directly measuring the existance
of the project was represented for one time unit in the simulation as:
change_messages = student_changes + modeler_changes.
Assuming
student_changes = students * changes_per_student
modeler_changes = modelers * changes_per_modeler
an important focus becomes how people become students, then become
modelers, and finally cease to participate. It is unclear exactly
what will be the most important factors, but a few of the most obvious
can be identifed.
students = lasttime's students + new_students - lost_students.
new_students = lasttime's non_players * new_interest.
lost_students = lasttime's students * (graduation_rate +
disinterest_rate + disable_rate).
modelers = lasttime's modelers + graduates - lost_modelers.
lost_modelers = lasttime's modelers * (disinterest_rate +
disable_rate).
disable_rate = human_death_rate + discommunication_rate.
The human death rate could be modeled initially by integrating one
of the existing world models. These telecollaborated simulation
equations could be placed into the service-capital sector of such a
model.
Thus the human death rate would affect this project's simulation of
its own life time. Is it possible for this project, in turn, to also
significantly affect the human death rate? What if it encouraged the
design and implementation of systems that teach skills for living well
while focusing research on global survival issues?
-- kirk
------------------------------
End of HUMAN-NETS Digest
************************