taylor@hplabsc.UUCP (06/24/86)
Computers and Society Digest, Number 13
Thursday, January 30th 1986
Topics of discussion in this issue...
NCIC systems and so on...
Response to Computers in Society (2 msgs)
Worms and Viruses
Interesting question of privacy...
----------------------------------------------------------------------
Date: Sun, 26 Jan 86 11:39:28 est
From: jefu <ihnp4!seismo!rochester!steinmetz!putnam>
Subject: NCIC Systems and so on...
(Note, I tried to mail this twice before and someones mailer dropped it, so
here goes again)
The submission about the NCIC reminded me of an issue that has concerned me
for a while in relation to people and organizations collecting information
about individuals on computer systems.
In any system like the NCIC one, or like the credit checking databases, or
university student records on computers, or whatever, it seems to me that the
prime danger is not in an organization collecting information. This is often
their mandate. Instead, the dangers are threefold. First, the information
obtained may be incorrect. Second, it may be retrieved by persons or
organizations with no legitimate need to get it. Finally, the person
the information relates to often has no idea that it was collected, or where.
The first danger is obvious and the problems associated with it may have
the most pernicious effects. This kind of problem was hinted at in the
NCIC submission, and similar problems crop up fairly often. How many
people had not had a credit bureau make a mistake about their credit
history?
The impact of the second factor was also implied by the NCIC posting. But
it may be even more pervasive than was hinted at there. Employers who
have contracts in defense industries may use this kind of information to
screen applicants -- even to jobs that are entirely unrelated to defense
contracting. Local police departments may look up this information when
a complaint is issued by a citizen and treat the complainant differently
because of it. (Note: this actually happened to an acquaintance of mine
during the anti-war activism of the early 70's. His car was stolen, but
the local police found out about his activist record and harrassed him for
several hours about that rather than the stolen car.)
But in many ways it is the third problem that concerns me most. That this
information has been collected and published (albeit to a limited audience)
and I have no information about it. Perhaps a personal experience is
appropriate. After I got out of college, I applied for a credit card at
Sears. My request was turned down because of my credit history. I
eventually (it was not entirely simple to wade through the bureaucratic
morass) discovered that a credit bureau had a record of someone else
with my name (usurper!) who had defaulted on a student loan. I cleared
this up with the credit bureau and finally got the credit card. Several
years later when I tried to buy a house, a different credit bureau had
the same report on me, and my mortgage was delayed because of it. I still
wonder how many more people think I have defaulted on loans.
It is easy to see how information may enter this electronic web and eventually
percolate to (perhaps) thousands of different computers and organizations.
If this information is correct, there may be certain kinds of problems --
people testing positive for HTLV-III are a good example, inferences may be
drawn from such information which may not be in their best interest -- but
if the information is incorrect, the problems may be even more subtly
dangerous.
The Freedom of Information Act is designed to help people find out about
such things, but there are several major problems with it. The first
is that the average person may not even think to look. Or even if
she does look, she may not look in the right places. Or often enough.
Organizations holding such information have also been known to be rather
uncooperative in giving it out. A friend of mine was recently interested
in FBI involvement in Nixon's difficulties and made application to them
to get information he had good reason to believe existed. Three different
FBI offices claimed that it did not exist and that another office might
have it. (He did finally find it.) But for each of the FBI offices,
about 2 months of paperwork and delay went by.
So, A Modest Proposal:
There should be a single national database with all the information the
government and credit agencies collect. This database should be accessible
to anyone with a terminal and a telephone. However, for each individual
access should be granted and denied by class of organization, and on an
individual basis. For example, I should be able to read anything about
myself, even classified information - if it is about myself, I must already
know it (:-). The FBI may be able to read/write certain parts of the
information, and the local police others. Sam from down the street should
be able to read/write nothing, unless I grant him permission. Credit agencies
should be able to read/write only when I grant them permission. Traces
should be made of anyone reading my entry, and especially of anyone writing
it. Perhaps a search warrant might be necessary to read some parts. Any
information that is written and is in error, I should be able to protest.
There are obvious problems with this proposal, but I offer it in the hopes that
it might spur debate and help to find methods to alleviate the very real
problems that the increasingly common computer information agencies pose to
every one of us.
------------------------------
Date: 24 Jan 1986 15:01-EST
From: hplabs!Benjamin.Pierce@GANDALF.CS.CMU.EDU
Subject: Worms and viruses
Dave,
The special issue on worms/viruses was interesting but much too
sensational. Is there anything more serious written on the subject?
Perhaps other CAS readers would be interested in a short bibliography
of the relevant technical literature.
Benjamin Pierce
P.S. You mentioned a distribution on RISKS a few issues ago. Who's
the moderator, or what's the address to request membership?
[contact Peter Neumann at ARPA address RISKS-REQUEST@SRI-CS.ARPA]
------------------------------
Date: 28 Jan 86 10:15 EST
From: hplabs!WAnderson.wbst@Xerox.COM
Subject: Computers In Society
A few comments on "Computers in Society or 'Winning through
Intimidation'" by Dave Taylor.
Although Mr. Taylor's analysis is thought provoking, I don't find it
particularly convincing. While it is true that high technology pervades
our life, it's not clear that a "state of seige" exists between machines
and society, although there is conflict.
Lewis Mumford (Technics and Civilization) points out pretty clearly that
mankind was mechanized long before the Industrial Revolution. For
example, the pyramids of Egypt were not build by machines, but by large
numbers of people working together in a machine-like way. This concept
of mechanized activity was further reinforced by the way monastic
discipline in the Middle Ages regularized activities in time. By the
time the Industrial Revolution came round, mankind was already primed
for mechanization. For Mumford, mechanization does not lay the ground
for a "state of seige" between people and machines. It simply applies a
steady regulating pressure on our life styles. It takes a conscious
effort to examine and withstand this pressure to behave mechanically.
I agree that standing next to a locomotive is an intense experience; it
is a very powerful machine. But I'm not sure that I feel intimidated.
Sometimes I simply feel awed at the fact that human beings have built
these things. But Mr. Taylor may be correct in saying that we haven't
adjusted (although it would help to define what "adjusted" means) to
large machines. Maybe we never will adjust. Perhaps they'll always
inspire awe, admiration, or some other intense feeling. Furthermore,
I'm not sure that everyone's reaction to large machines is defensive.
While Mr. Taylor's discussion of control over use contains undeniable
truths, I disagree that it all reduces to power. If we agree that our
need to control is only a response of a need to have power over things,
then what is left for discussion? It seems to me that this leaves only
one answer: Might is Right. (Remember the Arthurian Legend?)
There is more to the question. It's not that a locomotive has a mind of
it's own, and therefore must be rationalized as a lower form of life.
It's rather that a locomotive has no mind whatsoever, and yet is
extremely powerful when rolling down the track under its own steam. It
needs to be controlled because without any control it is extremely
dangerous. Even with human control trains are dangerous: a typical
freight train requires almost two miles to come to a complete stop. One
has to be looking ahead, to say the least.
I think that the same argument is applicable to the kinds of computer
systems that today run air traffic control, and banking, and a host of
other processes. The danger is that a good deal of faith is put into
the reliable operation of these systems. They need to be monitored and
controlled by humans. Perhaps this will change in the future. Perhaps
we will build more trustworthy systems. I'm not sure that reliable
systems are a threat. Maybe the fear people have of our reliance on
computers is that the current ones are too much like locomotives.
I must object to the statement that "technology unto itself is certainly
not either good or evil but simply like modelling clay - malleable."
Technology is a product of a social mileux. It promotes certain
behaviors, discourages others. For example, television promotes passive
intake of images, and it retards the development of active, imaginative
skills. Reading, or listening to stories, on the other hand, requires
active participation. The growth in inexpensive microcomputers in the
United States is possible, in part, because the chips used for memory
and processing are being built in places like Guatemala and the
Philippines by low paid labor working in who knows-what kind of
conditions. My Macintosh at home is bought for a price that is not
completely measured in dollars. I am responsible for the effects
(beneficial or otherwise) on people in small countries.
There is much more food for thought in Mr. Taylor's comments. I stop
here in the interests of time, and electronic courtesy. I've used
enough (nay, too many) bytes for one message.
Bill Anderson
------------------------------
Date: Tue 28 Jan 86 13:18:16-PST
From: Diana <hplabs!Egly%HP-HULK@HPLABS>
Subject: winning through intimidation
Frankly, I am not intimidated by machines. I am more impressed by people with
skills that I don't have, than intimidated by them. But after all, as Dave
put it:
> I think the conceptual issue here is that man is a curiously
>egocentric being and so to be upstaged by anything (or anyone) is quite
>devastating.
And I am not a man.
As for paper vs. electronic media. I suspect that if display technology
remains constant, younger people will start prefering everything on paper
when they reach the age of bifocals. I don't think it's as much of a
longing for days gone by as it is a physical limitation. And one that
most of us will someday have.
As for the reactions of children to computers. Watch a child with any
plaything. Most children that I have observed initially treat any new
plaything as if it were another creature. But only very young ones really
believe, even at the beginning, that the new plaything is really alive and I'd
bet if you ask the child, the same would be true of the computer. What I have
been impressed by in the reaction children to computerized toys is that they
are not awed by them nor are they more impressed by them than they are by
clever non-computerized toys.
My perception of the progression in attitude towards computers is much
different than Dave's. I think that at first people generally believed
that computers were some kind of advanced scientific tool that had no
more relevence to their life than an oscilloscope. They were used to fly
people to the moon and to discover prime numbers.
Then came the business machine and people began having some contact with them
in their daily life. And the experience was largely unpleasant. Stores sent
them bills for $0.00 and insisted on being paid (it's our new computer...).
Bank tellers telling them that they were overdrawn (when they weren't) and
refusing to check into it because "the computer said so and computers don't
make mistakes". And their reaction was that these miracle machines that
allowed us to send people into space had somehow gone mad. Indeed computers
were beginning to be present (maybe omnipresent, who knows) and rather
malevolent. And so we see HAL as a archtype of this perception.
And recently. Well, I see two basic belief systems about computers. One has
to do with their versatility. People tell me that they will need to learn to
use computers in order to continue doing their job in the future and are even
studying programming to prepare for this eventuality. (When asked I recommend
learning to edit text and use Lotus 1-2-3 instead.) The other belief system
is a willingness to disbelieve results that come from a computer. Nurses in
intensive care units tell me that they don't pay any attention to computers
alerting them that something is wrong because 9 times out of 10, it's the
computer that is wrong and the patient is fine. (If I understand rightly,
they look at the patient to see if they see anything wrong first and then they
start checking which of the monitors claims that there's a problem.) Drug
stores institute a policy where the pharmacist double checks on the medication
the computer claims that a person is to receive (after giving me and several
other patrons the wrong medicine). Bureaucrats have procedures to override
the claims of a computer (the computer claims that there is a weed filled
vacant lot at the address where my house is; the house is 12 years old which
has given rise to several interesting interactions with bureaucrat with
computers).
And I personally think that society has adapted fairly well to the increasing
use of computer. Perhaps not as rapidly as some technologists would want,
but I can't think of any social units that are casualties of the changes.
And so far, computers haven't been outlawed either.
Diana
-------
------------------------------
From: veeger!hpcnof!dat
Subject: Interesting question of privacy...
[not from me originally]
How long have you used the net? Do you really understand the possible
results of plastering your "real name" all over the system? It has come
as a painful surprise to me twice before just how many people use that
information to set you up. I've had my home robbed with very specific
items stollen. The criminal was caught and some of my property returned
but not before finding out that he had used an account on CompuServer to
stake me out. You see, I used my real name there all the time and never
worried about saying where I lived or what electronic 'toys' I'd collected.
Maybe I'm still a bit paranoid, but it seems simpler not post my name on
messages where I ask specific info relating to my stereo, car, computers,
etc.
On the other hand, I always make a point of signing response messages
with my correct name and even providing my work number when requested as
there is less of a chance that a one-on-one sharing of information will
lead to any problems.
-----------------------------------
To have your item included in this digest, please mail it to any
of the addresses; ihnp4!hpfcla!d_taylor, {ucbvax} !hplabs!hpcnof!dat or
hpcnof!dat@HPLABS.CSNET. You can also simply respond to this mailing.
-----------------------------------
End of Computers and Society Digest
***********************************