Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (01/06/84)
HUMAN-NETS Digest Friday, 6 Jan 1984 Volume 7 : Issue 4 Today's Topics: Administrivia - House testimony on MIT-MC, Responce to Query - Networks, Networks Everywhere, Computers and the Law - Ma Bell and Privacy, Computer Security - Voice Recognition Passwording (3 msgs), Input Devices - Keypads and Dvorak Keyboards (3 msgs), Computer Networks - Usenet ---------------------------------------------------------------------- Date: 5 January 1984 02:03 EST From: Christopher C. Stacy <CSTACY @ MIT-MC> Subject: House testimony The Willis Ware (on Information Systems, Security and Privacy) and the Geoff Goodfellow (on Telecommunications Security and Privacy) Congressional Subcommittee testimony transcriptions are also available on MIT-MC in the file COMMON;HOUSE WARE and COMMON;HOUSE GEOFF, respectively. ------------------------------ Date: Thu, 5 Jan 84 16:11:36 pst From: dual!fair@Berkeley Subject: Two more comments on the DEC E-net --- BEGIN FORWARDED MESSAGE >From ucbvax!decwrl!rhea!lipman Thu Jan 5 12:33:42 1984 Date: Thursday, 5 Jan 1984 09:48:41-PST Subject: Re: HUMAN-NETS Digest V7 #1 To: ucbvax!ucbarpa:fair Erik, That was a very useful note and I enjoyed reading it. I can give you a little more detail on the DEC-Enet. The DEC-Enet provides services via DECNET to a number of different operating systems on 3 different machine architectures. The DECSYSTEM 10's and 20's run TOPS-10 and TOPS-20 (nee TENEX). The PDP-11's run RSX, RSTS, and RT. And of course the VAXes run VMS. Though there are (a growing number of) VAXes within DEC running UNIX, they do not support DECNET and are not actually on the DEC-Enet. All of the above systems provide MAIL service. I am unsure about the DECNET capabilities of the TOPS-10 operating system, so the rest of this discussion does not apply to it. All the remaining systems provide remote terminal (TELNET) and file transfer (FTP) support. Some number of these systems provide a new "on line DEC Phone Book" service which looks very promising indeed. The VAX VMS operating system provides a significant set of additional capabilities that only operate between VMS systems. There is a PHONE program that provides the ability to call a user at another site and hold a conversation. I believe it can handle "conference calls" as well. A bulletin board like service is available called NOTES. And there is a very general capability to execute a program at the remote site and send results back. Peter >From ucbvax!decwrl!rhea!lipman Thu Jan 5 12:33:57 1984 From: ucbvax!decwrl!rhea!lipman Date: Thursday, 5 Jan 1984 09:49:21-PST Subject: Re: HUMAN-NETS Digest V7 #1 To: ucbvax!ucbarpa:fair By the way, decwrl has a relatively new CSNET connection and in the not too distant future we should be providing a direct gateway to the ARPA and CSNET communities without first using uucp to get to Stanford or Berkeley. As I understand it, we are waiting for some software being developed at Purdue (and possibly Rice?) to allow 4.2 BSD UNIX to send mail using SMTP on top of TCP/IP out CSNET. Peter ------------------------------ Date: 5 January 1984 15:03 est From: TMPLee.DODCSC at MIT-MULTICS Subject: SocSecNumbers, Ma Bell, and Privacy For what it's worth to anyone: I had just finished reading Willis' testimony to Congress when I went to return a used telephone to one of the AT&T "Phone Centers" today (so I can buy my own and don't have to rent it.) I had to fill out a monstrous long form, part of which (yes!) asked for my social security number. I vaguely remember that that is if not illegal, certainly not recommended practice. I asked what it was for, and the clerk replied, to guarantee it gets credited to the right account. (Isn't the phone number -- including area code -- good enough?) And when I objected, she, (working for AT&T) said I should call Northwestern Bell (the operating company for our area) -- it appears that Northwestern Bell uses the SSN as the way of tallying the leasing and long distance charges it handles for AT&T; if not, I can't think of any reason I would have been answered that way. Funny thing, though, is that I'm sure I have NEVER told NW Bell my SSN, so I can't see what they'd correlate it with. I do know that when the U.S. Government asks for your SSN it is required to give a reason why and explain what will happen if you don't give it; I think Minnesota has a similar law, but I can't remember for sure, but then, I'm not sure either one applies to private industry. Something ironic about this all happening because AT&T was busted up for free enterprise and competition, and yet by asking for the SSN it is heading in exactly the opposite sort of direction. Ted ------------------------------ Date: 5 Jan 1984 1015-PST Subject: voice recognition as password From: Dave Dyer <DDYER@USC-ISIB> Sorry to throw cold water on a good idea, but voice recognition won't provide security. No one need ever do "impressions" of you to gain access, because of a little known device called a tape recorder. ------------------------------ Date: Thu 5 Jan 84 13:59:24-PST From: Richard Treitel <TREITEL@SUMEX-AIM.ARPA> Subject: Re: HUMAN-NETS Digest V7 #2 Re: voice recognition for login OK, so what happens when I catch a cold? or when there are a bunch of people talking in the background while I try to login? This kind of objection seems to me to apply, more or less, to all "personal characteristics" that can be used for authentication: what you are authenticating is the body, not the mind, and either can change independently of the other. Gee, I just had a thought. What if DoD develops a system that will only let you login if it can determine that you are still loyal to the Alliance (i.e. if you became a Moonie last week, forget it, bud)? - Richard ------------------------------ Date: 5 January 1984 20:33 EST From: Andrew Scott Beals <BANDY @ MIT-ML> Subject: Passwords etc Isn't there a problem with analyzing your voice patterns that they may change, esp when you're sick? Let's face facts: your computer's secure only when you controll all access to it. andy ------------------------------ Date: 5 Jan 1984 14:40:23-EST From: csin!cjh@CCA-UNIX Subject: phone vs calculator pads It has been put to me that the phone pad design mimics the dial design, in which 0 and 1 are farther apart than any other number pair; the reasoning behind this being to minimize the chance of misdialing area codes, in which the middle digit is always 0 or 1. (It is also argued that most pairs of codes m{0,1}n are geographically far apart, to minimize the number of confusable pairs people would want to remember, e.g. relatively few people will want to roughly know the area codes for Connecticut and Los Angeles.) ------------------------------ Date: Thu, 5 Jan 84 19:27:24 pst From: decwrl!qubix!msc@Berkeley (Mark Callow) Subject: Re: Keyboards The phone keyboard was designed before small electronic calculators existed. Extensive research went in to its layout. I can't quote any because I've been away from this area of work for too long. Contrary to the previous message, it appears to be the person who layed out the calculator keypad who was unaware of the research done by the phone companies not vice-versa. I'm happy to see the current discussion of the Dvorak keyboard. I'd love to get one for my terminal. An even more interesting keyboard is the "Maltron" keyboard. This features a block of keys for each hand and a central group to be worked by the thumbs. It is not flat but is shaped to match the way the hand lies. I first saw this described in Time about 2 years ago. ------------------------------ From: andyb%dartvax@BRL-BMD.ARPA Date: Thu, 5 Jan 84 22:28:33 est From: Andy Behrens <decvax!dartvax!andyb@BRL-BMD.ARPA> Subject: Keyboards ... The designer of the (U.S.) push-button telephone keyboard didn't just go ahead and ignore the calculator keyboard. Both keyboard layouts were tested, and they found that most people made fewer dialing errors with the "1-2-3 on top" design. Remember that back then calculators were expensive enough that not many people owned them. Maybe the phone company assumed that with so many phones in existence, the calculator makers would change *their* design. Doesn't the IBM keypunch have yet another layout? I think the zero is above the digits. ------------------------------ Date: Thu, 5 Jan 84 15:37:46 CST From: Robert.S.Kelley <kelleyr@rice> Subject: Input devices-- Dvorak and numeric Re. the Dvorak keyboard-- Although there is still considerable controversy over its merits (some say the improvement from automatic carriage returns is greater) there is a considerable body of literature (and data) on the subject in the field of psychology. We need to be careful not to reinvent the wheel here. Incidentally, I know of no data supporting the claim that it is hard to return to qwerty after learning Dvorak; was that Dr. Pournelle's personal opinion or does he know something I don't? On the subject of numeric keypad ordering, the Bell people went to a lot of trouble in designing their phone layout. As I recollect, they discovered that even ten-key adding machine operators who expressed a preference for the lower-numbers-at-the-bottom arrangement, nonetheless made fewer mistakes with the current arrangement. I don't have the reference at my fingertips, but I think I could dig it out. ------------------------------ Date: 5 January 1984 20:35 EST From: Andrew Scott Beals <BANDY @ MIT-ML> Subject: Usenet messages True there are losers in usenetland, but there are just as many per population out there as there are in here (arpa) ... The population is just larger, that's all, and there isn't the spectre of DARPA hanging over everyones head about what you say and have said (sure, a site can be flushed out, but what generally happens is that sites leave the net when something ``offensive'' happens). andy ------------------------------ End of HUMAN-NETS Digest ************************
mmt@dciem.UUCP (Martin Taylor) (01/09/84)
Several messages commented unfavourably on the idea of using voice recognition for security. They are wrong. Properly done, voice is at present the most secure method of ensuring that the correct people can get access to a physical facility, and presumably it could be arranged similarly for a smart terminal to ensure access. Texas Instruments has for some time controlled access to its Corporate Computer Centre by a voice security system (ask George Doddington for details). In tests for the US Air Force, voice was more accurate than any other single method. Naturally, for even better security you mix methods. Security methods can depend on the posession of an object or on physical characteristics or on abilities. A key or a card can be stolen, fingerprints can be duplicated on a mould, but a voice response cannot be duplicated when the person does not know what string the computer is going to request. If you have a security access card, the right fingerprints AND the right voice, it is highly unlikely you are an impostor. Incidentally, impressionists do only marginally better than random "impostors" at getting past the voice check. Voice security checks are vastly different from voice identification in criminal investigation. That's a much tougher problem. -- Martin Taylor {allegra,linus,ihnp4,uw-beaver,floyd,ubc-vision}!utzoo!dciem!mmt