taylor@hplabsc.UUCP (06/23/86)
Computers and Society Digest, Number 11 Wednesday, January 22nd 1986 Topics of discussion in this issue... The NCIC and so on... Computers and Society versus Human-Nets (3 msgs) Re: OS friendiness Vs Security ---------------------------------------------------------------------- From: hplabs!hunter%YALE-RING%yale.arpa@CSNET-RELAY Date: 17 Jan 86 14:07:55 EST (Fri) Subject: The NCIC and so on... First, regarding NCIC entries on people without outstanding arrest warrants, the clippings I have indicate that the Justice Department (ie. Ed Meese) has been campaigning hard to include "suspects in white collar crime investigations in NCIC", but Don Edwards (D-San Jose) and Jerry Berman (legislative counsel for the ACLU) have so far prevented it. The database would be called the "economic crime index." Check the NY Times 26 April 85 p.A16 and 25 Oct 84 p. A1 for relevant articles. The April 85 Privacy Journal also discusses it. The LA Times reported that an FBI advisory board is considering whether to recommend NCIC include information on people who are "suspected of organized crime connections, terrorism or narcotics or [are] a 'known associate' of a drug trafficer," in an article on 2 Jan 84 pt.1 p.1. That article is based on a NY Times piece from 1 Jan 84, but I don't have a copy of it, so I'm not sure what page. As was reported here previously, the Secret Service has been trying to get names of the people it considers to be threats to its protectees into NCIC since 1980. As far as I can tell, none of the names that the Secret Service or the FBI want to add to NCIC have been added yet. For the most current information, I would recommmend contacting Rep. Edwards office. I for one would be quite interested in hearing the latest scoop. While we're on the NCIC, there's an indicative piece in the NY Times: "FBI says 12,000 Faulty Reports on Suspects Are Issued Each Day" from 25 August 85 p. A1. There were scathing editorials in both USA Today and the NY Times shortly thereafter, both noting that the FBI discovered that the police in Mobile, Alabama submitted 338 entries (USA Today says 453) describing suspects who were "7 feet, 11 inches in height, 499 pounds in weight and having hair color XXX." As for your survey: yes, I read human nets; I believe that this digest is different enough in readership/submissions to be interesting in its own right -- even if there isn't a clear difference in "charter". I think it is very important for computer professionals to keep abreast of the ethical implications of their works. I am particluarly concerned about privacy and "anonymity" issues, and I find both digests (CSD and HUMAN-NETS) very useful in keeping up with what other people are thinking on the subject. Larry Hunter HUNTER@YALE.ARPA ------------------------------ Date: Thu, 16 Jan 86 13:42:05 pst From: hplabs!nsc!sequent!brian (Brian Godfrey) Subject: Re: Computers and Society Digest #9 >In the few months that I've been moderating this group, I've been >impressed with the large readership that it's receiving (over 250 >people right now) BUT I'm also quite shocked at the extremely low >level of participation by the readers! Sorry. I actually feel guilty when I read the Digest and have not contributed. But I read it to learn. I spend my working life trying to fix computers and improve their manufacture. I am very interested in their effect on society, but I don't have anything to do with the evaluation of it. What I know, I learn from sources such as the Digest. I suppose I could submit articles copied from other sources, but this seems like plagerism to me. At least without first getting permission. I suspect that a lot of those people who read the Digest read it at work. It takes time to compose a submission and they may feel that they owe their time to their employer. That is not so much the case Sequent as they issue every employee a terminal and modem to take home, and encourage everyone to use it for personal as well as professional tasks. >We have people reading this group that work in Human Factors labs >at large companies, professors of philosophy at major universities, >and people that TEACH what we're trying to talk about here - the >impact of technology on society!! Yeah, and I am eager to hear from them. But they are probably pretty busy people. When those people go to the effort to publish something about their profession they probably do it in some "recognized" publication. >My suspicion is that a lot of people aren't too comfortable using the >computer to create and send messages, and that there's also a concern >about being 'creative' and presenting oneself as 'intelligent' (this >is starting to sound like a legitimate issue for the digest!). > >Alternatively, maybe this is an intrinsic problem with electronic >communications systems. Certainly, it's rather difficult to compose >a message to a person (let alone large group) sight unseen. I actually find it easy - when I have something to say. Here at Sequent electronic communication is about our only means of written communication. Everyone in the company logs in in the morning and we sent lots of mail and file pointers around. It's a marvelous encouragement for communication. Some people do have a hard time with it, though. There are those who just don't adjust very well to "new" ways of doing things. A lot of them, here, are the old folks. Younger people seem to adapt to most things easier than older people who get set in their ways. I hope I don't get that way, but I suppose it is inevitable. >ps: An interesting conversation could be started by a professor teaching > a Computers and Society class posting a copy of the syllabus for > comment... You know what would be interesting is if you could get one of those profs to give essays as homework assignments and require submission of them to the Digest as part of the assignment. That would give us lots of interesting viewpoints, and give the students a chance to experience the phenomenon you mentioned above (difficulty of composing to an unseen, unknown audience). Everybody learns something - everybody benefits. [Anyone out there interested in this??? Sounds pretty excellent to me! -- Dave] --Brian M. Godfrey Sequent Computer Systems ------------------------------ Date: Sun 19 Jan 86 11:22:52-PST From: Ken Laws <hplabs!Laws@SRI-AI.ARPA> Subject: Human-Nets Despite the narrowness of the Human-Nets description, it used to be the "miscellaneous" forum -- anything of general interest to network users/builders/dreamers was likely to end up there. AIList, IRList, Usenet discussion groups, and various other network channels now handle a lot of that function, so that Human-Nets seems to have reverted to its intended function. It has also dropped from about one issue per day to about one every two weeks. The Computers and Society list is attempting to pick up a big chunk of the discussion space that Human-Nets used to have. I would say that the main difference is simply in the level of activity -- CaS is new and actively soliciting discussion, and so has more activity than Human-Nets. -- Ken Laws ------------------------------ Subject: Re: Lack of Submissions Vol 1, # 9. From: hplabs!gcj%qmc-ori.uucp@cs.ucl.ac.uk Date: Mon, 20 Jan 86 17:12:23 GMT It will probably be well known to people on the net that computer mail and bulletin boards can generate a large amount of garbage. However a moderated digest such as this does provide a very useful forum for "flaming". I have on occasion had entries refused on the grounds that they were too cryptic. I hope there is a place for humour in this digest. [of course - we included this note didn't we? *smile*] Gordon Joly ARPA: gcj%qmc-ori@ucl.cs-arpa UUCP: ...!ukc!kcl-cs!qmc-ori!gcj ------------------------------ Date: Friday, 27 Dec 1985 08:33:12-PST From: "B.J." <hplabs!herbison%ultra.DEC%decwrl.dec.com@CSNET-RELAY> Subject: Re: OS friendiness Vs Security [and in the interesting information from another group department...] I saw the message by Eliot Lear <Lear@BLUE.RUTGERS.EDU> in the 22 December 1985 Security Digest and disagree with the thesis that there is a necessary tradeoff between user friendliness and security. Making a system secure requires thought, planning, and research, and the same is true of making a system user friendly or any other aspect of a system. If a system wants to do many things than it requires a large amount of work to achieve all of the goals at once. If user friendliness has a higher priority than security, the end system can have poor security at the expense of user friendliness and vice versa. Developing a system that does both well would be much harder. (Another problem is security in systems developed by people who don't understand security and user friendliness in systems developed by people who don't really understand user friendliness.) On a related topic, I believe that user friendliness is important to security. Security problems can occur when users make mistakes and users are less likely to make mistakes on a system that is user friendly. For example, if a user does not fully understand how to protect files then files could receive the wrong protection and be accessible by users who should not be able to access it. If a system is user friendly then this is less likely to happen. The original message mentioned the large number of privileges in VMS. These privileges are good as fire walls that can prevent accidental errors by trusted users, but they are not strong security. Of the large number of privileges, many of them can be used to acquire other privileges even if SETPRV is not given (BYPASS or PHY_IO can rewrite the authorization file, CMKRNL can change the VMS data structures in memory, etc.) and most can be used for some variety of denial of service attacks. With the exception of some common privileges like TMPMBX and NETMBX, only trusted users should be given privileges. To further demonstrate the relationship between security, user friendliness and the number of privileges, compare VMS Version 4 with Version 3. Version 4 is much more secure than Version 3 (the DoD has announced that VMS V4 is being evaluated for a C2 rating). The number of privileges is about the same. But Version 4 is more user friendly than Version 3. This has no relation to security, but to other features such as command line recall and editing. B.J. Herbison%Ultra.DEC@decwrl.ARPA Disclaimer: I work for DEC, but these are my own opinions and not DECs. I believe that the facts are accurate, but they do not represent DEC policy. ----------------------------------- To have your item included in this digest, please mail it to any of the addresses; ihnp4!hpfcla!d_taylor, {ucbvax} !hplabs!hpcnof!dat or hpcnof!dat@HPLABS.CSNET. You can also simply respond to this mailing. ----------------------------------- End of Computers and Society Digest ***********************************