Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (01/06/84)
HUMAN-NETS Digest Friday, 6 Jan 1984 Volume 7 : Issue 4
Today's Topics:
Administrivia - House testimony on MIT-MC,
Responce to Query - Networks, Networks Everywhere,
Computers and the Law - Ma Bell and Privacy,
Computer Security - Voice Recognition Passwording (3 msgs),
Input Devices - Keypads and Dvorak Keyboards (3 msgs),
Computer Networks - Usenet
----------------------------------------------------------------------
Date: 5 January 1984 02:03 EST
From: Christopher C. Stacy <CSTACY @ MIT-MC>
Subject: House testimony
The Willis Ware (on Information Systems, Security and Privacy) and the
Geoff Goodfellow (on Telecommunications Security and Privacy)
Congressional Subcommittee testimony transcriptions are also available
on MIT-MC in the file COMMON;HOUSE WARE and COMMON;HOUSE GEOFF,
respectively.
------------------------------
Date: Thu, 5 Jan 84 16:11:36 pst
From: dual!fair@Berkeley
Subject: Two more comments on the DEC E-net
--- BEGIN FORWARDED MESSAGE
>From ucbvax!decwrl!rhea!lipman Thu Jan 5 12:33:42 1984
Date: Thursday, 5 Jan 1984 09:48:41-PST
Subject: Re: HUMAN-NETS Digest V7 #1
To: ucbvax!ucbarpa:fair
Erik,
That was a very useful note and I enjoyed reading it. I can give you
a little more detail on the DEC-Enet.
The DEC-Enet provides services via DECNET to a number of different
operating systems on 3 different machine architectures. The DECSYSTEM
10's and 20's run TOPS-10 and TOPS-20 (nee TENEX). The PDP-11's run
RSX, RSTS, and RT. And of course the VAXes run VMS. Though there are
(a growing number of) VAXes within DEC running UNIX, they do not
support DECNET and are not actually on the DEC-Enet.
All of the above systems provide MAIL service. I am unsure about the
DECNET capabilities of the TOPS-10 operating system, so the rest of
this discussion does not apply to it. All the remaining systems
provide remote terminal (TELNET) and file transfer (FTP) support.
Some number of these systems provide a new "on line DEC Phone Book"
service which looks very promising indeed.
The VAX VMS operating system provides a significant set of additional
capabilities that only operate between VMS systems. There is a PHONE
program that provides the ability to call a user at another site and
hold a conversation. I believe it can handle "conference calls" as
well. A bulletin board like service is available called NOTES. And
there is a very general capability to execute a program at the remote
site and send results back.
Peter
>From ucbvax!decwrl!rhea!lipman Thu Jan 5 12:33:57 1984
From: ucbvax!decwrl!rhea!lipman
Date: Thursday, 5 Jan 1984 09:49:21-PST
Subject: Re: HUMAN-NETS Digest V7 #1
To: ucbvax!ucbarpa:fair
By the way, decwrl has a relatively new CSNET connection and in the
not too distant future we should be providing a direct gateway to the
ARPA and CSNET communities without first using uucp to get to Stanford
or Berkeley.
As I understand it, we are waiting for some software being developed
at Purdue (and possibly Rice?) to allow 4.2 BSD UNIX to send mail
using SMTP on top of TCP/IP out CSNET.
Peter
------------------------------
Date: 5 January 1984 15:03 est
From: TMPLee.DODCSC at MIT-MULTICS
Subject: SocSecNumbers, Ma Bell, and Privacy
For what it's worth to anyone: I had just finished reading Willis'
testimony to Congress when I went to return a used telephone to one of
the AT&T "Phone Centers" today (so I can buy my own and don't have to
rent it.) I had to fill out a monstrous long form, part of which
(yes!) asked for my social security number. I vaguely remember that
that is if not illegal, certainly not recommended practice. I asked
what it was for, and the clerk replied, to guarantee it gets credited
to the right account. (Isn't the phone number -- including area code
-- good enough?) And when I objected, she, (working for AT&T) said I
should call Northwestern Bell (the operating company for our area) --
it appears that Northwestern Bell uses the SSN as the way of tallying
the leasing and long distance charges it handles for AT&T; if not, I
can't think of any reason I would have been answered that way. Funny
thing, though, is that I'm sure I have NEVER told NW Bell my SSN, so I
can't see what they'd correlate it with.
I do know that when the U.S. Government asks for your SSN it is
required to give a reason why and explain what will happen if you
don't give it; I think Minnesota has a similar law, but I can't
remember for sure, but then, I'm not sure either one applies to
private industry.
Something ironic about this all happening because AT&T was busted up
for free enterprise and competition, and yet by asking for the SSN it
is heading in exactly the opposite sort of direction.
Ted
------------------------------
Date: 5 Jan 1984 1015-PST
Subject: voice recognition as password
From: Dave Dyer <DDYER@USC-ISIB>
Sorry to throw cold water on a good idea, but voice recognition
won't provide security. No one need ever do "impressions"
of you to gain access, because of a little known device
called a tape recorder.
------------------------------
Date: Thu 5 Jan 84 13:59:24-PST
From: Richard Treitel <TREITEL@SUMEX-AIM.ARPA>
Subject: Re: HUMAN-NETS Digest V7 #2
Re: voice recognition for login
OK, so what happens when I catch a cold? or when there are a bunch of
people talking in the background while I try to login? This kind of
objection seems to me to apply, more or less, to all "personal
characteristics" that can be used for authentication: what you are
authenticating is the body, not the mind, and either can change
independently of the other.
Gee, I just had a thought. What if DoD develops a system that will
only let you login if it can determine that you are still loyal to the
Alliance (i.e. if you became a Moonie last week, forget it, bud)?
- Richard
------------------------------
Date: 5 January 1984 20:33 EST
From: Andrew Scott Beals <BANDY @ MIT-ML>
Subject: Passwords etc
Isn't there a problem with analyzing your voice patterns that they
may change, esp when you're sick?
Let's face facts: your computer's secure only when you controll all
access to it.
andy
------------------------------
Date: 5 Jan 1984 14:40:23-EST
From: csin!cjh@CCA-UNIX
Subject: phone vs calculator pads
It has been put to me that the phone pad design mimics the dial
design, in which 0 and 1 are farther apart than any other number pair;
the reasoning behind this being to minimize the chance of misdialing
area codes, in which the middle digit is always 0 or 1. (It is also
argued that most pairs of codes m{0,1}n are geographically far apart,
to minimize the number of confusable pairs people would want to
remember, e.g. relatively few people will want to roughly know the
area codes for Connecticut and Los Angeles.)
------------------------------
Date: Thu, 5 Jan 84 19:27:24 pst
From: decwrl!qubix!msc@Berkeley (Mark Callow)
Subject: Re: Keyboards
The phone keyboard was designed before small electronic calculators
existed. Extensive research went in to its layout. I can't quote any
because I've been away from this area of work for too long. Contrary
to the previous message, it appears to be the person who layed out the
calculator keypad who was unaware of the research done by the phone
companies not vice-versa.
I'm happy to see the current discussion of the Dvorak keyboard.
I'd love to get one for my terminal.
An even more interesting keyboard is the "Maltron" keyboard.
This features a block of keys for each hand and a central group
to be worked by the thumbs. It is not flat but is shaped to
match the way the hand lies. I first saw this described in Time
about 2 years ago.
------------------------------
From: andyb%dartvax@BRL-BMD.ARPA
Date: Thu, 5 Jan 84 22:28:33 est
From: Andy Behrens <decvax!dartvax!andyb@BRL-BMD.ARPA>
Subject: Keyboards ...
The designer of the (U.S.) push-button telephone keyboard didn't just
go ahead and ignore the calculator keyboard. Both keyboard layouts
were tested, and they found that most people made fewer dialing errors
with the "1-2-3 on top" design.
Remember that back then calculators were expensive enough that not
many people owned them. Maybe the phone company assumed that with so
many phones in existence, the calculator makers would change *their*
design.
Doesn't the IBM keypunch have yet another layout? I think the zero is
above the digits.
------------------------------
Date: Thu, 5 Jan 84 15:37:46 CST
From: Robert.S.Kelley <kelleyr@rice>
Subject: Input devices-- Dvorak and numeric
Re. the Dvorak keyboard-- Although there is still considerable
controversy over its merits (some say the improvement from automatic
carriage returns is greater) there is a considerable body of
literature (and data) on the subject in the field of psychology. We
need to be careful not to reinvent the wheel here. Incidentally, I
know of no data supporting the claim that it is hard to return to
qwerty after learning Dvorak; was that Dr. Pournelle's personal
opinion or does he know something I don't?
On the subject of numeric keypad ordering, the Bell people went to a
lot of trouble in designing their phone layout. As I recollect, they
discovered that even ten-key adding machine operators who expressed a
preference for the lower-numbers-at-the-bottom arrangement,
nonetheless made fewer mistakes with the current arrangement. I don't
have the reference at my fingertips, but I think I could dig it out.
------------------------------
Date: 5 January 1984 20:35 EST
From: Andrew Scott Beals <BANDY @ MIT-ML>
Subject: Usenet messages
True there are losers in usenetland, but there are just as many per
population out there as there are in here (arpa) ... The population is
just larger, that's all, and there isn't the spectre of DARPA hanging
over everyones head about what you say and have said (sure, a site can
be flushed out, but what generally happens is that sites leave the net
when something ``offensive'' happens).
andy
------------------------------
End of HUMAN-NETS Digest
************************mmt@dciem.UUCP (Martin Taylor) (01/09/84)
Several messages commented unfavourably on the idea of using voice
recognition for security. They are wrong. Properly done, voice is
at present the most secure method of ensuring that the correct people
can get access to a physical facility, and presumably it could be
arranged similarly for a smart terminal to ensure access. Texas
Instruments has for some time controlled access to its Corporate
Computer Centre by a voice security system (ask George Doddington
for details). In tests for the US Air Force, voice was more accurate
than any other single method. Naturally, for even better security
you mix methods.
Security methods can depend on the posession of an object or on
physical characteristics or on abilities. A key or a card can be stolen,
fingerprints can be duplicated on a mould, but a voice response cannot
be duplicated when the person does not know what string the computer
is going to request. If you have a security access card, the right
fingerprints AND the right voice, it is highly unlikely you are an
impostor. Incidentally, impressionists do only marginally better than
random "impostors" at getting past the voice check.
Voice security checks are vastly different from voice identification
in criminal investigation. That's a much tougher problem.
--
Martin Taylor
{allegra,linus,ihnp4,uw-beaver,floyd,ubc-vision}!utzoo!dciem!mmt