taylor@hplabsc.UUCP (06/23/86)
Computers and Society Digest, Number 11
Wednesday, January 22nd 1986
Topics of discussion in this issue...
The NCIC and so on...
Computers and Society versus Human-Nets (3 msgs)
Re: OS friendiness Vs Security
----------------------------------------------------------------------
From: hplabs!hunter%YALE-RING%yale.arpa@CSNET-RELAY
Date: 17 Jan 86 14:07:55 EST (Fri)
Subject: The NCIC and so on...
First, regarding NCIC entries on people without outstanding arrest
warrants, the clippings I have indicate that the Justice Department (ie.
Ed Meese) has been campaigning hard to include "suspects in white collar
crime investigations in NCIC", but Don Edwards (D-San Jose) and Jerry
Berman (legislative counsel for the ACLU) have so far prevented it. The
database would be called the "economic crime index." Check the NY Times
26 April 85 p.A16 and 25 Oct 84 p. A1 for relevant articles. The April
85 Privacy Journal also discusses it. The LA Times reported that an
FBI advisory board is considering whether to recommend NCIC include
information on people who are "suspected of organized crime connections,
terrorism or narcotics or [are] a 'known associate' of a drug trafficer,"
in an article on 2 Jan 84 pt.1 p.1. That article is based on a NY Times
piece from 1 Jan 84, but I don't have a copy of it, so I'm not sure what
page. As was reported here previously, the Secret Service has been trying
to get names of the people it considers to be threats to its protectees
into NCIC since 1980.
As far as I can tell, none of the names that the Secret Service or the
FBI want to add to NCIC have been added yet. For the most current
information, I would recommmend contacting Rep. Edwards office. I for
one would be quite interested in hearing the latest scoop.
While we're on the NCIC, there's an indicative piece in the NY Times:
"FBI says 12,000 Faulty Reports on Suspects Are Issued Each Day" from
25 August 85 p. A1. There were scathing editorials in both USA Today
and the NY Times shortly thereafter, both noting that the FBI discovered
that the police in Mobile, Alabama submitted 338 entries (USA Today says
453) describing suspects who were "7 feet, 11 inches in height, 499 pounds
in weight and having hair color XXX."
As for your survey: yes, I read human nets; I believe that this digest
is different enough in readership/submissions to be interesting in its
own right -- even if there isn't a clear difference in "charter".
I think it is very important for computer professionals to keep abreast
of the ethical implications of their works. I am particluarly concerned
about privacy and "anonymity" issues, and I find both digests (CSD and
HUMAN-NETS) very useful in keeping up with what other people are thinking
on the subject.
Larry Hunter
HUNTER@YALE.ARPA
------------------------------
Date: Thu, 16 Jan 86 13:42:05 pst
From: hplabs!nsc!sequent!brian (Brian Godfrey)
Subject: Re: Computers and Society Digest #9
>In the few months that I've been moderating this group, I've been
>impressed with the large readership that it's receiving (over 250
>people right now) BUT I'm also quite shocked at the extremely low
>level of participation by the readers!
Sorry. I actually feel guilty when I read the Digest and have not
contributed. But I read it to learn. I spend my working life trying
to fix computers and improve their manufacture. I am very interested
in their effect on society, but I don't have anything to do with the
evaluation of it. What I know, I learn from sources such as the Digest.
I suppose I could submit articles copied from other sources, but this
seems like plagerism to me. At least without first getting permission.
I suspect that a lot of those people who read the Digest read it at
work. It takes time to compose a submission and they may feel that
they owe their time to their employer. That is not so much the case
Sequent as they issue every employee a terminal and modem to take home,
and encourage everyone to use it for personal as well as professional
tasks.
>We have people reading this group that work in Human Factors labs
>at large companies, professors of philosophy at major universities,
>and people that TEACH what we're trying to talk about here - the
>impact of technology on society!!
Yeah, and I am eager to hear from them. But they are probably pretty
busy people. When those people go to the effort to publish something
about their profession they probably do it in some "recognized" publication.
>My suspicion is that a lot of people aren't too comfortable using the
>computer to create and send messages, and that there's also a concern
>about being 'creative' and presenting oneself as 'intelligent' (this
>is starting to sound like a legitimate issue for the digest!).
>
>Alternatively, maybe this is an intrinsic problem with electronic
>communications systems. Certainly, it's rather difficult to compose
>a message to a person (let alone large group) sight unseen.
I actually find it easy - when I have something to say. Here at Sequent
electronic communication is about our only means of written communication.
Everyone in the company logs in in the morning and we sent lots of mail
and file pointers around. It's a marvelous encouragement for communication.
Some people do have a hard time with it, though. There are those who just
don't adjust very well to "new" ways of doing things. A lot of them, here,
are the old folks. Younger people seem to adapt to most things easier than
older people who get set in their ways. I hope I don't get that way, but I
suppose it is inevitable.
>ps: An interesting conversation could be started by a professor teaching
> a Computers and Society class posting a copy of the syllabus for
> comment...
You know what would be interesting is if you could get one of those profs
to give essays as homework assignments and require submission of them to
the Digest as part of the assignment. That would give us lots of interesting
viewpoints, and give the students a chance to experience the phenomenon you
mentioned above (difficulty of composing to an unseen, unknown audience).
Everybody learns something - everybody benefits.
[Anyone out there interested in this??? Sounds pretty excellent to me! -- Dave]
--Brian M. Godfrey
Sequent Computer Systems
------------------------------
Date: Sun 19 Jan 86 11:22:52-PST
From: Ken Laws <hplabs!Laws@SRI-AI.ARPA>
Subject: Human-Nets
Despite the narrowness of the Human-Nets description, it used to be
the "miscellaneous" forum -- anything of general interest to network
users/builders/dreamers was likely to end up there. AIList, IRList,
Usenet discussion groups, and various other network channels now handle
a lot of that function, so that Human-Nets seems to have reverted to
its intended function. It has also dropped from about one issue per
day to about one every two weeks.
The Computers and Society list is attempting to pick up a big chunk
of the discussion space that Human-Nets used to have. I would say
that the main difference is simply in the level of activity -- CaS
is new and actively soliciting discussion, and so has more activity
than Human-Nets.
-- Ken Laws
------------------------------
Subject: Re: Lack of Submissions Vol 1, # 9.
From: hplabs!gcj%qmc-ori.uucp@cs.ucl.ac.uk
Date: Mon, 20 Jan 86 17:12:23 GMT
It will probably be well known to people on the net that computer
mail and bulletin boards can generate a large amount of garbage.
However a moderated digest such as this does provide a very useful
forum for "flaming". I have on occasion had entries refused on the
grounds that they were too cryptic. I hope there is a place for
humour in this digest.
[of course - we included this note didn't we? *smile*]
Gordon Joly
ARPA: gcj%qmc-ori@ucl.cs-arpa
UUCP: ...!ukc!kcl-cs!qmc-ori!gcj
------------------------------
Date: Friday, 27 Dec 1985 08:33:12-PST
From: "B.J." <hplabs!herbison%ultra.DEC%decwrl.dec.com@CSNET-RELAY>
Subject: Re: OS friendiness Vs Security
[and in the interesting information from another group department...]
I saw the message by Eliot Lear <Lear@BLUE.RUTGERS.EDU> in the
22 December 1985 Security Digest and disagree with the thesis that
there is a necessary tradeoff between user friendliness and security.
Making a system secure requires thought, planning, and research,
and the same is true of making a system user friendly or any other
aspect of a system. If a system wants to do many things than it
requires a large amount of work to achieve all of the goals at once.
If user friendliness has a higher priority than security, the end
system can have poor security at the expense of user friendliness
and vice versa. Developing a system that does both well would be
much harder. (Another problem is security in systems developed by
people who don't understand security and user friendliness in systems
developed by people who don't really understand user friendliness.)
On a related topic, I believe that user friendliness is important
to security. Security problems can occur when users make mistakes
and users are less likely to make mistakes on a system that is user
friendly. For example, if a user does not fully understand how to
protect files then files could receive the wrong protection and
be accessible by users who should not be able to access it. If a
system is user friendly then this is less likely to happen.
The original message mentioned the large number of privileges in
VMS. These privileges are good as fire walls that can prevent
accidental errors by trusted users, but they are not strong security.
Of the large number of privileges, many of them can be used to
acquire other privileges even if SETPRV is not given (BYPASS or
PHY_IO can rewrite the authorization file, CMKRNL can change the
VMS data structures in memory, etc.) and most can be used for some
variety of denial of service attacks. With the exception of some
common privileges like TMPMBX and NETMBX, only trusted users
should be given privileges.
To further demonstrate the relationship between security, user
friendliness and the number of privileges, compare VMS Version 4
with Version 3. Version 4 is much more secure than Version 3
(the DoD has announced that VMS V4 is being evaluated for a C2
rating). The number of privileges is about the same. But
Version 4 is more user friendly than Version 3. This has no
relation to security, but to other features such as command line
recall and editing.
B.J.
Herbison%Ultra.DEC@decwrl.ARPA
Disclaimer: I work for DEC, but these are my own opinions and not DECs.
I believe that the facts are accurate, but they do not represent DEC policy.
-----------------------------------
To have your item included in this digest, please mail it to any
of the addresses; ihnp4!hpfcla!d_taylor, {ucbvax} !hplabs!hpcnof!dat or
hpcnof!dat@HPLABS.CSNET. You can also simply respond to this mailing.
-----------------------------------
End of Computers and Society Digest
***********************************