Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (01/05/84)
HUMAN-NETS Digest Thursday, 5 Jan 1984 Volume 7 : Issue 2 Today's Topics: Computers and the Law - Big Computer is Watching You (2 msgs) & How "High Society" gets its two cents, Computers and People - Japan and US on New Generation computing & Augmented Global Consciousness Computer Security - Passwording (2 msgs), Computer Networks - Usenet ---------------------------------------------------------------------- Date: Mon 2 Jan 84 05:08:51-CST From: Werner Uhrig <CMP.WERNER@UTEXAS-20.ARPA> Subject: the IRS welcomes you to 1984 ... (a true story) *** IRS OBTAINS LIST OF INCOMES TO TRACK DOWN TAX EVADERS *** ------------------------------------------------------------------- (NY Times Service) -- The IRS has obtained a computerized list of the estimated incomes of 2 million American households and has begun to test if the list can track down people who fail to pay their taxed. IRS is conducting the test despite the refusal of the 3 major companies that develop such information to give the government a list, and over the objections of their trade organization, the Direct Marketing Association. In the test, a commercially prepared list of 2 million households in Brooklyn, NY [exclusive Manhattan]; Wisconsin; northern Ohio; Indiana; and Nevada will be matched against an IRS list of people who filed income tax returns for 1982. All those whose names appear on the commercial list but not the IRS list will be notified that they are subject to a revenue service inquiry about their tax liability. The notices will start going out next spring. If the test identifies people who file no taxes at all, the service will try to determine if the same technique can be used to track whose who underpay. The decision on wether to use the technique nationwide will be made after 1985. [ BTW - the company which decided to provide the data to the IRS, the Dunhill Company of Washington, DC, is not a member of the Direct Marketing Association, so getting the DMA address from your local BBB and writing them to request removal of your name from the files of all their members would not have helped] ------------------------------ Date: Mon, 2 Jan 84 14:39:25 EST From: Jonathan Dreyer <jdreyer@BBN-UNIX> Subject: Thoughtcrime FBI BOARD CONSIDERS FILE ON SUSPICIOUS PEOPLE Associated Press NEW YORK--An FBI advisory board is considering whether to recommend expanding a national computerized file to contain information on people who aren't wanted for crimes but are considered suspicious, the New Your Times reported yesterday. Under a proposal under consideration, the National Crime Information center would have information on whether someone was suspected of organized crime connections, terrorism or narcotics or was a "known associate" of a drug trafficker, the Times said. An unidentified top FBI official told the Times a decision on the matter, first discussed Oct. 6 by the center's policy board, would not be made for some time. The proposed enlargement of the FBI's system would, law enforcement officials said, improve their ability to fight crime, track wrongdoing and help protect police against dangerous criminals. According to the agenda of the October meeting, the new "investigative applications" would represent "a logical progression" of the national crime center's efforts. The Times said the most controversial of 15 such applications was the proposed use of the FBI computer to track "known associates" of people who are named in warrants for arrest. Lee Colwell, executive assistant director of the FBI, said FBI director William Webster wouldn't act on the proposals until he had carefully and systematically reviewed them, according to the Times. The policy board has 28 members--21 state and local enforcement officials, three prosecutors, two judges, a prison administrator and a probation officer, the Times said. (from the Boston Globe, January 2, 1984 (!)) ------------------------------ Date: 2 January 1984 02:50 EST From: Jerry E. Pournelle <POURNE @ MIT-MC> Subject: How "High Society" gets its two cents I can see how High Society can get paid for calls made to their number, because the customers are paying; but I am told that Club Magazine also gets paid for calls made to their 800 number for "Free Phone Sex". I've been unable to figure out how anyone makes money by giving out the number for "Free Phone Sex". ------------------------------ Date: 2 January 1984 03:07 EST From: Jerry E. Pournelle <POURNE @ MIT-MC> Subject: New Generation computing: Japanese and U.S. views (2 msgs) Perhaps I have missed your point? 1. Is it your contenton that the United States shold disarm, or, failing that, simply not provide modern weapons to the armed forces? 2. Was it your point that the Defense Advanced Redearch Projects Agency should be engaged in pure research for purely civilian purposes? 3. Is it your point that defense of Western Civilization is not "for the good of mankind"? I should have thought that had we the military power to do so, we might consider it a benefit to all to dismantle the Gulag, and perhaps guarantee a "freedom of exodus"; and that would "benefit mankind". 4. Is it your contention that only DARPA is working on advanced computers in the US? 5. I should have thought that one advantage the Japanese have is their reliance on the US military for their protection, allowing them to keep their Self-defense forces comparatively small and thus inexpensive. Perhaps the US should adopt this policy? Or is it possible that wealthy nations simply don't need defense? ------------------------------ Date: 4-Jan-84 23:20 PST From: Kirk Kelley <KIRK.TYM@OFFICE-2> Subject: Augmented Global Consciousness working definitions How exactly is a self-referential tele-collaborated simulation to be modeled? A model for the augmented global consciousness project needs working definitions. Here are some suggestions. tele-collaboration, a process of working together from a distance on a project. self-referential tele-collaboration, a tele-collaboration on a model of itself. For the model, simple difference equations with a time unit of one year would go pretty far. model, a set of difference equations designed to compute the values of a set of variables representing the state of a system for one unit of time. simulation, the computation of the equations in a model over time. change-message, a message that changes the computation in a tele-collaborated simulation. life-time (of a tele-collaborated simulation), the number of time units between the times when the total change-messages are zero. Collaborators work together from a distance to formulate equations and compute the life-time of the process. Would such a "consciousness" ever begin? End? -- kirk ------------------------------ Date: 30 December 1983 04:20 EST From: Robert Elton Maas <REM @ MIT-MC> Subject: Passwords: Is there a better way? Being required to manually permute whatever the computer throws at you has several problems. First, it's very painful and prone to error and frustration. Second, it makes you type slowly so somebody watching you can see what you're doing, jot it down (with the challange) and figure out offline your permutation algorithm. Third, it's awful hard to remember a particular permutation unless it's a trivial one that would be easy to guess (such as simple rotation or pair-swapping), whereas even ridiculous passwords like aleminco are relatively easy to memorize after a little practice. Forth it's considerably harder to program your microcomputer to log in on your behalf using a permutation scheme because it must parse the challange-sequence given by the host in order to figure out what sequence to send. Fifth, just try documenting this to novice users who never had a math course past Algebra 1 (haven't the foggiest what a permutation is) and are afraid of computers! I think we're stuck with passwords/numbers for direct human confirmation, or some physical characteristic like fist size when jammed down on the keyboard or typing speed or fingerprint etc., and public-key encryption for intelligent-terminal access to host via packet protocol. ------------------------------ Date: Fri, 30 Dec 83 13:36:57 EST From: Adam Moskowitz <adamm@BBN-UNIX> Subject: Passwords: Is there a better way ? (V6 #87) In Response To: Randy Saunders' message of 23 Dec 1983 01:03 CST Such a scheme has been discussed for use on such networks as the ARPA-net and the MILNET. However, the idea was taken, at least on paper, one step further. Each user would be issued a credit-card- sized 'encryptor'. When the user logged on, the system would present him/her with a challenge. The user would then type this challenge (most likely a 10-12 digit number) into his/her 'encryptor'. The 'encryptor' would permute the challenge via an UNKNOWN algorithm ans display a reply. The user then types in this reply. Ths system then permutes the same challenge with the SAME UNKNOWN (except to the system) algorithm and compares the user's reply to the answer it gets. This method, if it ever gets implemented, has several advantages: 1) The user cannot divulge his/her algorithm because s/he DOES NOT KNOW what it is ! If the user gives away the 'encryptor', s/he now has no way of gaining access to the system. 2) New 'encryptors' can be issued when if security is ever breached. Old 'encryptors' then become obsolete. I don't know if/when this scheme will ever come to life. I hope I haven't breached any security restrictions by talking about it, but I heard it at aa 'open' meeting. It must be OK to talk about it. AdamM (adamm @ bbn-unix) ------------------------------ Date: 3 Jan 1984 1618-PST From: Chuck McManis <MCMANIS@USC-ECLC> Subject: Passwords etc The state of the art in terminal design is such that what used to be a small minicomputer is now regularly included in the terminal as "smarts." These rather sophisticated microcomputers are capable of any number of physical parameter analysis given the hardware or even limited voice recognition capabilities. For instance, if one were to include a 256K buffer (additional 8 chips) and an Analog to Digital converter (one chip) And a rather simple Fourier transform algorithim, you could program your terminal to only go "online" when *you* said "open sesame!". Also a computer could verify your login by asking the terminal for the results of its fourier analysis (probably 10 to 20 floating point numbers) and compare them to its files. We all know how tough it is to get a voice interface to recognize the same word from more than one person now so I don't see how even a good impressionist, even if he/she new your passphrase could duplicate it. One might additionally place a ETM type card reader on any RS232 line for access verification. Simply slip in your card and login as yourself (with your password) and poof! you must be physically there or your card wouldn't be there. If you lose you card, cancel it, and you should be able to do that before anyone who found it had guessed your password. Both of these systems are implementable today, in the future I think we can look forward to a simple thumbprint scanner for verification, this is a bit tougher due to the image processing constraints and equipment cost restraints. --Chuck P.S. Note that in the above Voice suggestion the floating point numbers could be encrypted as character strings and the encryption sent. you could still defeat it by trying to guess the numbers but 20 10 digit numbers with floating decimal point could be hard to crack. ------------------------------ Date: 3 Jan 1984 1724-PST From: Chuck McManis <MCMANIS@USC-ECLC> Subject: Usenet messages Another point to consider on the relative quality of usenet vs. Arpanet messages might be that a large fraction of the ARPA computers are based in "think tanks" and colleges. Whereas a usenet computer can be anything from a research computer at some large company to an IBM pc in someones home. Giving access to an entirely different sort of computer user. --Chuck ------------------------------ End of HUMAN-NETS Digest ************************