From: “E. ALLEN SMITH” <EALLENSMITH@ocelot.Rutgers.EDU>
To: cypherpunks@toad.com
Message Hash: ebe78155031ab280fb248e833e45812f250d811f5bb304c106304d1161174f20
Message ID: <01I8MN2K25089JDD4G@mbcl.rutgers.edu>
Reply To: N/A
UTC Datetime: 1996-08-24 03:17:43 UTC
Raw Date: Sat, 24 Aug 1996 11:17:43 +0800
From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 24 Aug 1996 11:17:43 +0800
To: cypherpunks@toad.com
Subject: Some cypherpunks-relevant Risks articles
Message-ID: <01I8MN2K25089JDD4G@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain
In regards to the first part (the 911 transcript), I was considering
the idea (common in cyberpunk RPGs) of a privately-set-up ambulance and
emergency room service, with monitors (possibly with action capabilities) on
registered clients. You'd want the data flow from and to the monitors
encrypted, of course.
-Allen
From: IN%"rre@weber.ucsd.edu" 20-AUG-1996 22:41:21.74
To: IN%"rre@weber.ucsd.edu"
CC:
Subj: Risks: Atlanta 911 transcript, SSN's, web plagiarism
[If you've never seen the famous Olympic Park 911 transcript, it's worth
reading closely. I'm embarrassed to say this, but it always reminds me
of the time I couldn't get a taxi in Chicago because I could tell the
dispatcher what intersection I was standing on but I could not see any
of the street addresses anywhere around me, and her dispatch computer
needed an address to dispatch a cab. Dispatch systems requiring addresses
are one of those absolutely classic cases of system being driven by the
database designer rather than by the people who know how the system will
actually be used. Database designers are fine people, but they shouldn't
be doing requirements analysis unless they're trained for it. Also in
this issue of Risks is an interesting message from Robert Ellis Smith
about managing social security numbers and other identifiers for privacy,
and a funny/scary piece about web plagiarism.]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command. For information on RRE, including instructions
for (un)subscribing, send an empty message to rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Date: Mon, 19 Aug 1996 18:11:10 -0700 (PDT)
From: risks@csl.sri.com
RISKS-LIST: Risks-Forum Digest Monday 19 August 1996 Volume 18 : Issue 35
----------------------------------------------------------------------
Date: Fri, 16 Aug 96 10:45:34 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: The Atlanta 911 transcript
[The following transcript of the Olympic 911 bomb call and the ensuing
conversation suggests that many of our nontechnological risks are not
being adequately addressed. PGN]
http://www.cnn.com/US/9608/09/olympics.bomb.911/911.transcript.wir/transcript.html
Excerpts from a transcript released Thursday by the Atlanta Police
Department regarding the bomb threat telephoned to 911 on July 27. Times
have been converted from military time to standard notation, and punctuation
and spelling have been edited. Parenthetical notes are part of the police
transcript except where labeled as an editor's note.
The transcript refers to these police terms: Code 73, bomb threat; and
Zone 5, a police precinct near Centennial Olympic Park.
The transcript did not explain the Zone 5 dispatcher's references to Code
17 and Code 8, which apparently were unrelated to the bomb call.
12:58:28 a.m.: [Call to 911]
12:58:32 a.m.: Atlanta Police Department 911 Operator: "Atlanta 911."
Caller: "There is a bomb in Centennial Park, you have 30 minutes."
12:58:45 a.m.: Caller hangs up.
1:01:20 a.m.: 911 operator calls APD Agency Command Center (all lines busy).
....
1:01:30 a.m.: 911 operator calls Zone 5 and notifies Zone 5 of Signal 73 and
requests address of Centennial Park -- unable to get street
address.
Dispatcher: "Zone 5."
911 Operator: "You know the address to Centennial Olympic Park?"
Dispatcher: "Girl, don't ask me to lie to you."
911 Operator: "I tried to call ACC but ain't nobody answering the phone ...
but I just got this man called talking about there's a
bomb set to go off in 30 minutes in Centennial Park."
Dispatcher: "Oh Lord, child. One minute, one minute. I copy Code 17. OK,
all DUI units are Code 8 and will not be able to
assist on the freeway.
Oh Lord, child. Uh, OK, wait a minute, Centennial
Park, you put it in and it won't go in?"
911 Operator: "No, unless I'm spelling Centennial wrong. How are we spelling
Centennial?"
Dispatcher: "C-E-N-T-E-N-N-I -- how do you spell Centennial?"
911 Operator: "I'm spelling it right, it ain't taking."
Dispatcher: "Yeah."
911 Operator: "Centennial Park is not going. Maybe if I take 'park' out,
maybe that will take. Let me try that."
Dispatcher: "Wait a minute, that's the regular Olympic Stadium right?"
911 Operator: "Olympic Stadium is like Zone 3, though. Centennial Park."
Dispatcher: "That's the Centennial Park?"
911 Operator: "It's near the Coca Cola Plaza, I think."
Dispatcher: "In 5?"
911 Operator: "Uh huh."
Dispatcher: "Uh, hold on. Sonya, you don't know the address to the
Centennial Park?"
2nd Dispatcher (in background): "Downtown."
911 Operator: "Male, about 30."
Dispatcher: "1546, Code 17, 23."
911 Operator: "White."
Dispatcher: "Uh, you know what? Ask one of the supervisors."
911 Operator: "No, Lord help me, you know they don't know."
Dispatcher: "I know, but it gets it off you."
911 Operator: "Alrighty then, bye."
Dispatcher: "Bye."
1:02:40 a.m.: 911 operator calls APD ACC for address (telephone line problem;
operators cannot hear each other.) ...
1:02:50 a.m.: 911 operator calls APD ACC again and requests address for
Centennial Park and is given the telephone number.
ACC: "Atlanta Police, Agency Command Center."
911 Operator: "Hey, can you hear me now?"
ACC: "Uh huh."
911 Operator: "OK, can you give me the address of the Centennial Park?"
ACC: "I ain't got no address to Centennial Park, what y'all
think I am?"
911 Operator: "Can you help me find the address to Centennial Park?"
ACC: "I can give you the telephone number of Centennial Park."
911 Operator: "I need to get this bomb threat over there to y'all."
ACC: "Well."
911 Operator: "But I need the address of Centennial Park. It's not taking,
the system is not taking Centennial Park, that's not
where it came from, but you know the system is not
taking Centennial Park, that's where he said the bomb was."
ACC: "No particular street or what?"
911 Operator: "He just said there's a bomb set to go off in 30 minutes in
Centennial Park."
ACC: "Ooh, it's going to be gone off by the time we find the
address."
911 Operator: "Are you kiddin'? Give me that, give me that."
ACC: "I mean I don't have an address, I just have phone
numbers."
911 Operator: "Give me the phone number."
...
1:05:10 a.m.: 911 operator calls Centennial Park for street address and
is placed on hold. Receives address at 1:07:10 a.m.
Centennial Park: "Centennial Park, this is Operator Morgan."
911 Operator: "Hi, can you give me the address to Centennial Park?"
Cen Park: "The address?"
911 Operator: "Uh huh."
Cen Park: "Uh, hold on a second."
1:06:30 a.m.: 911 operator notifies Communications Supervisor, Sgt.
Montgomery.
911 Operator: "Does anybody -- Sgt. Montgomery, do you know the address of
Centennial Park? Do you know the address to Centennial Park.
Well, I need to get the address of Centennial Park 'cause, I
mean I don't mean to upset nobody, but we got a bomb threat
over there."
(Editor's note: The transcript does not further indicate whether this
comment about a bomb threat was directed only to Sgt. Montgomery in the
911 center or to Centennial Park's Operator Morgan, who is shown to come
back on the line just after the comment.)
Cen Park: "Ma'am."
911 Operator: "Yes."
Cen Park: "OK, it's 145 International Boulevard."
911 Operator: "145 International Boulevard."
Cen Park: "Uh huh."
911 Operator: "OK."
Cen Park: "All right, uh huh."
911 Operator: "Thank you. Bye bye."
1:08:35 a.m.: 911 operator sent call to dispatch.
1:11:10 a.m.:
Dispatcher: "1591. Radio raising 1594."
Unit 1594: "1594. You call?"
1:11:20 a.m.:
Dispatcher: "1594, that's affirmative, got a Signal 73 at 145
International Boulevard. It came from the pay phone at
the Days Inn. The caller is advising that he has one set
to go off in 30 minutes at Centennial Park. Sounded like
a white male."
(Editor's note: The same information is then given to Unit 1593 and the
dispatcher calls Unit1546.)
1:12:30 a.m.:
Dispatcher: "Did you copy?"
1:12:40 a.m.:
Unit 1546: "1546. I copy. Advise the state police, they police that park.
I'll go the Days Inn and see if I can locate the caller."
Dispatcher: "OK, that's affirmative."
(Editor's note: There are sporadic entries over the next seven minutes.
Another officer, designated Unit 1593, also instructs the dispatcher at
1:18:50 a.m. to "contact the state police supervisor." The transcript
contains no indication, however, that state police were notified.)
1:20:00 a.m.:
Unit 2924: "2924 to Radio, be advised that something just blew up at
Olympic Park."
------------------------------
Date: Fri, 16 Aug 96 15:24 EST
From: Robert Ellis Smith <0005101719@mcimail.com>
Subject: Alternatives to Social Security Numbers
Last spring, I asked readers of RISKS for suggestions on alternatives to
Social Security numbers in organizations with large data bases of
information about individuals. Many such organizations find they do not
need to use SSNs, and avoid privacy problems associated with using them.
For a copy of all of the responses, send a request to us and specify whether
you want hard copy or electronic edition of our August issue, and provide
postal address or e-mail address.
Robert Ellis Smith, Publisher, Privacy Journal newsletter,
Providence, RI, 401/274-7861, e-mail 5101719@mcimail.com.
Excerpts from the suggestions follow:
* FROM WASHINGTON, D.C.: Maryland uses Soundex (of name and birth date
concatenated [linked in a chain]) both for driver and vehicle registrations.
* FROM CAMBRIDGE, MASS.: "Against Universal Health-Care Identifiers" in the
JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION 1:316-319, 1994, by
Dr. Peter Szolovits of MIT and Dr. Isaac Kohane of Children's Hospital in
Boston, discusses a number of ways in which cryptography- based health care
identifiers can be used to preserve privacy while remaining manageable for
typical medical purposes. This is publication #49 (in Postscript format) at
http://medg.lcs.mit.edu/people/psz/publications.html.
* FROM YARDLEY, PA.: One way is to use a simple scheme like three letters
from last name, the first initial, and some digits; another is just to use
sequential numbers. Another is an MD5 hash of the full-name string [a
one-way mathematical function as a stand-in for the name that makes
translation back to the original name impossible]. This is always unique
for a unique string, so you might need to add some numbers.
* FROM MADISON, WISC.: When I was working on the development of the
Wisconsin Student Data Handbook - we tried to develop
what we called an "SSN surrogate," also of nine bytes per
individual. It involved an algorithm which combined year,
month, and date of birth with sex and two consonants each
extracted from the first and middle names.
* FROM CYBERSPACE: I worked with a banking software company that set up
employee records simply by exact hire date and time. Since they never hired
anyone at exactly the same time, it gave each person a unique number. You
could do the same for any data base in which records are added gradually one
at a time - just number them based on exact date and time added.
* FROM PALO ALTO, CAL.: At Stanford University we made a decision long ago
not to use SSN for identification except where required by law (payroll
taxes, for example). We use a unique Stanford University ID (SUID), which
is a lifetime number and applies to all students, alumni, faculty, staff,
and patients. It serves all the same purposes that the SSN would do if it
were used.
------------------------------
Date: Wed, 14 Aug 1996 00:03:42 +0200
From: "Roy Dictus, NET" <roy@net.be>
Subject: The risk of plagiarism with Websites
My company recently got ripped off by a competitor. We build Websites and
thus had constructed a site detailing our products and services.
A rival Website constructor (!) copied practically the entire site,
changing the background color, changing our name into theirs, and making
other slight changes like alignment, add and delete a word or phrase
here and there...
I complained about it, not only to them directly, but also on a local
USENET newsgroup (we're both located in Belgium, so the newsgroup was
be.providers).
On the phone they just laughed at me and admitted to copying, but on
USENET they claimed I had copied their site!
There's nothing I can do to prove them wrong, even though we both know
what happened.
The risk: if you put your materials on the Internet, where they can be
freely copied, make sure you have some way to prove you made them yourself,
and when you did it.
Roy Dictus, NET bvba, Internet Projects & Consulting
roy@net.be http://www.net.be
[Interdictus becomes Enter Dictus. PGN]
------------------------------
End of RISKS-FORUM Digest 18.35
************************
Return to August 1996
Return to ““E. ALLEN SMITH” <EALLENSMITH@ocelot.Rutgers.EDU>”
1996-08-24 (Sat, 24 Aug 1996 11:17:43 +0800) - Some cypherpunks-relevant Risks articles - “E. ALLEN SMITH” <EALLENSMITH@ocelot.Rutgers.EDU>