[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some cypherpunks-relevant Risks articles



	In regards to the first part (the 911 transcript), I was considering
the idea (common in cyberpunk RPGs) of a privately-set-up ambulance and
emergency room service, with monitors (possibly with action capabilities) on
registered clients. You'd want the data flow from and to the monitors
encrypted, of course.
	-Allen

From:	IN%"[email protected]" 20-AUG-1996 22:41:21.74
To:	IN%"[email protected]"
CC:	
Subj:	Risks: Atlanta 911 transcript, SSN's, web plagiarism

[If you've never seen the famous Olympic Park 911 transcript, it's worth
reading closely.  I'm embarrassed to say this, but it always reminds me
of the time I couldn't get a taxi in Chicago because I could tell the
dispatcher what intersection I was standing on but I could not see any
of the street addresses anywhere around me, and her dispatch computer
needed an address to dispatch a cab.  Dispatch systems requiring addresses
are one of those absolutely classic cases of system being driven by the
database designer rather than by the people who know how the system will
actually be used.  Database designers are fine people, but they shouldn't
be doing requirements analysis unless they're trained for it.  Also in
this issue of Risks is an interesting message from Robert Ellis Smith
about managing social security numbers and other identifiers for privacy,
and a funny/scary piece about web plagiarism.]

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  [email protected]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Mon, 19 Aug 1996 18:11:10 -0700 (PDT)
From: [email protected]

RISKS-LIST: Risks-Forum Digest  Monday 19 August 1996  Volume 18 : Issue 35

----------------------------------------------------------------------

Date: Fri, 16 Aug 96 10:45:34 PDT
From: "Peter G. Neumann" <[email protected]>
Subject: The Atlanta 911 transcript

  [The following transcript of the Olympic 911 bomb call and the ensuing
  conversation suggests that many of our nontechnological risks are not
  being adequately addressed.  PGN]

http://www.cnn.com/US/9608/09/olympics.bomb.911/911.transcript.wir/transcript.html

Excerpts from a transcript released Thursday by the Atlanta Police
Department regarding the bomb threat telephoned to 911 on July 27. Times
have been converted from military time to standard notation, and punctuation
and spelling have been edited.  Parenthetical notes are part of the police
transcript except where labeled as an editor's note.

The transcript refers to these police terms: Code 73, bomb threat; and
Zone 5, a police precinct near Centennial Olympic Park.

The transcript did not explain the Zone 5 dispatcher's references to Code
17 and Code 8, which apparently were unrelated to the bomb call.

12:58:28 a.m.:  [Call to 911]

12:58:32 a.m.:  Atlanta Police Department 911 Operator: "Atlanta 911."
Caller:         "There is a bomb in Centennial Park, you have 30 minutes."
12:58:45 a.m.:  Caller hangs up.

1:01:20 a.m.:   911 operator calls APD Agency Command Center (all lines busy).
....

1:01:30 a.m.:   911 operator calls Zone 5 and notifies Zone 5 of Signal 73 and
                requests address of Centennial Park -- unable to get street
		address.

Dispatcher:     "Zone 5."
911 Operator:   "You know the address to Centennial Olympic Park?"
Dispatcher:     "Girl, don't ask me to lie to you."
911 Operator:   "I tried to call ACC but ain't nobody answering the phone ...
                but I just got this man called talking about there's a
                bomb set to go off in 30 minutes in Centennial Park."
Dispatcher:     "Oh Lord, child. One minute, one minute. I copy Code 17. OK,
                all DUI units are Code 8 and will not be able to
                assist on the freeway.
                Oh Lord, child. Uh, OK, wait a minute, Centennial
                Park, you put it in and it won't go in?"
911 Operator:   "No, unless I'm spelling Centennial wrong. How are we spelling
                Centennial?"
Dispatcher:     "C-E-N-T-E-N-N-I -- how do you spell Centennial?"
911 Operator:   "I'm spelling it right, it ain't taking."
Dispatcher:     "Yeah."
911 Operator:   "Centennial Park is not going. Maybe if I take 'park' out,
		maybe that will take. Let me try that."
Dispatcher:     "Wait a minute, that's the regular Olympic Stadium right?"
911 Operator:   "Olympic Stadium is like Zone 3, though. Centennial Park."
Dispatcher:     "That's the Centennial Park?"
911 Operator:   "It's near the Coca Cola Plaza, I think."
Dispatcher:     "In 5?"
911 Operator:   "Uh huh."
Dispatcher:     "Uh, hold on. Sonya, you don't know the address to the
		Centennial Park?"
2nd Dispatcher (in background): "Downtown."
911 Operator:   "Male, about 30."
Dispatcher:     "1546, Code 17, 23."
911 Operator:   "White."
Dispatcher:     "Uh, you know what? Ask one of the supervisors."
911 Operator:   "No, Lord help me, you know they don't know."
Dispatcher:     "I know, but it gets it off you."
911 Operator:   "Alrighty then, bye."
Dispatcher:     "Bye."

1:02:40 a.m.:   911 operator calls APD ACC for address (telephone line problem;
                operators cannot hear each other.) ...

1:02:50 a.m.:   911 operator calls APD ACC again and requests address for
                Centennial Park and is given the telephone number.

ACC:            "Atlanta Police, Agency Command Center."
911 Operator:   "Hey, can you hear me now?"
ACC:            "Uh huh."
911 Operator:   "OK, can you give me the address of the Centennial Park?"
ACC:            "I ain't got no address to Centennial Park, what y'all
		think I am?"
911 Operator:   "Can you help me find the address to Centennial Park?"
ACC:            "I can give you the telephone number of Centennial Park."
911 Operator:   "I need to get this bomb threat over there to y'all."
ACC:            "Well."
911 Operator:   "But I need the address of Centennial Park. It's not taking,
                the system is not taking Centennial Park, that's not
                where it came from, but you know the system is not
                taking Centennial Park, that's where he said the bomb was."
ACC:            "No particular street or what?"
911 Operator:   "He just said there's a bomb set to go off in 30 minutes in
                Centennial Park."
ACC:            "Ooh, it's going to be gone off by the time we find the
		address."
911 Operator:   "Are you kiddin'? Give me that, give me that."
ACC:            "I mean I don't have an address, I just have phone
                numbers."
911 Operator:   "Give me the phone number."
   ...

1:05:10 a.m.:   911 operator calls Centennial Park for street address and
		is placed on hold. Receives address at 1:07:10 a.m.

Centennial Park: "Centennial Park, this is Operator Morgan."
911 Operator:   "Hi, can you give me the address to Centennial Park?"
Cen Park:       "The address?"
911 Operator:   "Uh huh."
Cen Park:       "Uh, hold on a second."

1:06:30 a.m.:   911 operator notifies Communications Supervisor, Sgt.
		Montgomery.

911 Operator:   "Does anybody -- Sgt. Montgomery, do you know the address of
                Centennial Park? Do you know the address to Centennial Park.
                Well, I need to get the address of Centennial Park 'cause, I
                mean I don't mean to upset nobody, but we got a bomb threat
                over there."

(Editor's note: The transcript does not further indicate whether this
comment about a bomb threat was directed only to Sgt. Montgomery in the
911 center or to Centennial Park's Operator Morgan, who is shown to come
back on the line just after the comment.)

Cen Park:       "Ma'am."
911 Operator:   "Yes."
Cen Park:       "OK, it's 145 International Boulevard."
911 Operator:   "145 International Boulevard."
Cen Park:       "Uh huh."
911 Operator:   "OK."
Cen Park:       "All right, uh huh."
911 Operator:   "Thank you. Bye bye."

1:08:35 a.m.:   911 operator sent call to dispatch.

1:11:10 a.m.:
Dispatcher:     "1591. Radio raising 1594."
Unit 1594:      "1594. You call?"

1:11:20 a.m.:
Dispatcher:     "1594, that's affirmative, got a Signal 73 at 145
		International Boulevard. It came from the pay phone at
		the Days Inn.  The caller is advising that he has one set
		to go off in 30 minutes at Centennial Park. Sounded like
		a white male."

(Editor's note: The same information is then given to Unit 1593 and the
dispatcher calls Unit1546.)

1:12:30 a.m.:
Dispatcher:     "Did you copy?"

1:12:40 a.m.:
Unit 1546:      "1546. I copy. Advise the state police, they police that park.
                I'll go the Days Inn and see if I can locate the caller."
Dispatcher:     "OK, that's affirmative."


(Editor's note: There are sporadic entries over the next seven minutes.
Another officer,  designated Unit 1593, also instructs the dispatcher at
1:18:50 a.m. to "contact the state police supervisor." The transcript
contains no indication, however, that state police were notified.)

1:20:00 a.m.:
Unit 2924:      "2924 to Radio, be advised that something just blew up at
                Olympic Park."

------------------------------

Date: Fri, 16 Aug 96 15:24 EST
From: Robert Ellis Smith <[email protected]>
Subject: Alternatives to Social Security Numbers

Last spring, I asked readers of RISKS for suggestions on alternatives to
Social Security numbers in organizations with large data bases of
information about individuals.  Many such organizations find they do not
need to use SSNs, and avoid privacy problems associated with using them.
For a copy of all of the responses, send a request to us and specify whether
you want hard copy or electronic edition of our August issue, and provide
postal address or e-mail address.

Robert Ellis Smith, Publisher, Privacy Journal newsletter,
Providence, RI, 401/274-7861, e-mail [email protected].

Excerpts from the suggestions follow:

* FROM WASHINGTON, D.C.: Maryland uses Soundex (of name and birth date
concatenated [linked in a chain]) both for driver and vehicle registrations.

* FROM CAMBRIDGE, MASS.: "Against Universal Health-Care Identifiers" in the
JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION 1:316-319, 1994, by
Dr. Peter Szolovits of MIT and Dr. Isaac Kohane of Children's Hospital in
Boston, discusses a number of ways in which cryptography- based health care
identifiers can be used to preserve privacy while remaining manageable for
typical medical purposes.  This is publication #49 (in Postscript format) at
http://medg.lcs.mit.edu/people/psz/publications.html.

* FROM YARDLEY, PA.: One way is to use a simple scheme like three letters
from last name, the first initial, and some digits; another is just to use
sequential numbers.  Another is an MD5 hash of the full-name string [a
one-way mathematical function as a stand-in for the name that makes
translation back to the original name impossible].  This is always unique
for a unique string, so you might need to add some numbers.

* FROM MADISON, WISC.: When I was working on the development of the
Wisconsin Student Data Handbook - we tried to develop
 what we called an "SSN surrogate," also of nine bytes per
individual.  It involved an algorithm which combined year,
month, and date of birth with sex and two consonants each
 extracted from the first and middle names.

* FROM CYBERSPACE: I worked with a banking software company that set up
employee records simply by exact hire date and time.  Since they never hired
anyone at exactly the same time, it gave each person a unique number.  You
could do the same for any data base in which records are added gradually one
at a time - just number them based on exact date and time added.

* FROM PALO ALTO, CAL.: At Stanford University we made a decision long ago
not to use SSN for identification except where required by law (payroll
taxes, for example).  We use a unique Stanford University ID (SUID), which
is a lifetime number and applies to all students, alumni, faculty, staff,
and patients.  It serves all the same purposes that the SSN would do if it
were used.  

------------------------------

Date: Wed, 14 Aug 1996 00:03:42 +0200
From: "Roy Dictus, NET" <[email protected]>
Subject: The risk of plagiarism with Websites

My company recently got ripped off by a competitor.  We build Websites and
thus had constructed a site detailing our products and services.

A rival Website constructor (!) copied practically the entire site,
changing the background color, changing our name into theirs, and making
other slight changes like alignment, add and delete a word or phrase
here and there...

I complained about it, not only to them directly, but also on a local
USENET newsgroup (we're both located in Belgium, so the newsgroup was
be.providers).

On the phone they just laughed at me and admitted to copying, but on
USENET they claimed I had copied their site!

There's nothing I can do to prove them wrong, even though we both know
what happened.

The risk: if you put your materials on the Internet, where they can be
freely copied, make sure you have some way to prove you made them yourself,
and when you did it.

Roy Dictus, NET bvba, Internet Projects & Consulting  
[email protected]  http://www.net.be

  [Interdictus becomes Enter Dictus.  PGN]

------------------------------

End of RISKS-FORUM Digest 18.35 
************************