* Forwarded (from: netmail) by Roy J. Tellason using timEd 1.10.y2k.



Date: Wed, 23 Apr 2003 11:10:42 -0400
From: "Treu, Jill" 
Subject: Pilots fail exams

  [For those readers who wonder about why this item is relevant to RISKS,
  please remember that technology usually depends on a lot of people.  PGN]

The pilots couldn't pass the psychological and physical tests to be allowed
to carry a firearm --- but flying huge planes full of people is OK.  Oh, this
makes so much sense! The risks should be obvious.

  Four pilots did not finish gun training.  Four of the 48 veteran airline
  pilots who began the government's first training course for pilots wishing
  to carry guns in the cockpit were rejected after they failed at least one
  of the battery of required background checks, psychological exams and
  firearms tests.  Officials said the four rejections showed that the
  government was serious about providing guns only to pilots who were
  psychologically and physically fit to carry firearms in flight and defend
  their planes against attackers.  The bill permitting airline pilots to
  carry guns was passed by Congress last year, a legacy of the hijackings on
  11 Sep 2001, over the serious objections of senior members of the Bush
  administration and some members of Congress.  [Source: *The New York
  Times*, 22 Apr 2003]
    http://www.nytimes.com/2003/04/22/international/worldspecial/22PILO.html

--

Date: Tue, 22 Apr 2003 02:26:16 -0400
From: Monty Solomon 
Subject: Inside Cisco's eavesdropping apparatus (from Declan McCullagh)

By Declan McCullagh, 21 Apr 2003

Cisco Systems has created a more efficient and targeted way for police and
intelligence agencies to eavesdrop on people whose Internet service
provider
uses their company's routers.

The company recently published a proposal that describes how it plans to
embed "lawful interception" capability into its products. Among
the highlights: Eavesdropping "must be undetectable," and
multiple police agencies conducting simultaneous wiretaps must not learn of
one another. If an Internet provider uses encryption to preserve its
customers' privacy and has access to the encryption keys, it must turn over
the intercepted communications to police in a descrambled form.

Cisco's decision to begin offering "lawful interception"
capability as an option to its customers could turn out to be either good
or bad news for privacy.

Because Cisco's routers currently aren't designed to target an individual,
it's easy for an Internet service provider (ISP) to comply with a police
request today by turning over all the traffic that flows through a router
or switch. Cisco's "lawful interception" capability thus might
help limit the amount of data that gets scooped up in the process.

On the other hand, the argument that it hinders privacy goes like this: By
making wiretapping more efficient, Cisco will permit governments in other
countries -- where court oversight of police eavesdropping is even more
limited than in the United States -- snoop on far more communications than
they could have otherwise.

Marc Rotenberg, head of the Electronic Privacy Information Center, says:
"I don't see why the technical community should hardwire surveillance
standards
and not also hardwire accountability standards like audit logs and public
reporting. The laws that permit 'lawful interception' typically incorporate
both components -- the (interception) authority and the means of oversight
-- but the (Cisco) implementation seems to have only the surveillance
component. That is no guarantee that the authority will be used in a
'lawful' manner."

U.S. history provides many examples of government and police agencies
conducting illegal wiretaps. The FBI unlawfully spied on Eleanor Roosevelt,
Martin Luther King Jr., feminists, gay rights leaders and Catholic priests.
During its dark days, the bureau used secret files and hidden microphones
to blackmail the Kennedy brothers, sway the Supreme Court and influence
presidential elections. Cisco's Internet draft may be titled "lawful
interception," but there's no guarantee that the capability will
always be used legally.

Still, if you don't like Cisco's decision, remember that they're not the
ones doing the snooping. Cisco is responding to its customers' requests,
and if they don't, other hardware vendors will.

If you're looking for someone to blame, consider Attorney General John
Ashcroft, who asked for and received sweeping surveillance powers in the
USA
Patriot Act, along with your elected representatives in Congress, who gave
those powers to him with virtually no debate.

I talked with Fred Baker, a Cisco fellow and former chairman of the Internet
Engineering Task Force (IETF), about his work on the "lawful
interception" draft.  ...

http://news.com.com/2010-1071-997528.html



Date: Tue, 22 Apr 2003 10:50:54 -0400
From: Meng Weng Wong 
Subject: Breastfeeding mothers, avoid Continental (via Dave Farber's IP)

Deborah Wolfe, a Canadian citizen who was just breast-feeding her son and
changing his diaper while en route between Houston and Vancouver, says her
"subversive" actions led to her being threatened with detainment, RCMP
involvement and legal charges for terrorist action against a U.S. citizen in
international airspace while on an American flight during a time of war.
...  Wolfe says she refused a flight attendant's offer of an airline blanket
to hide herself because it hadn't been sealed and, given the SARS scare,
she'd rather use her own things. Thus, unbeknownst to her, a "Level 1" crew
complaint was filed.  ...  She says the flight attendants also began to call
her and her travelling party "foreign nationals in international airspace on
an international flight during a time of war." And she was informed both of
the complaint and that it could be upgraded to a Level 3, which meant
possible mandatory detainment by U.S. authorities for 24 hours, RCMP
involvement and criminal charges for an act of war upon an American.
  http://www.canada.com/montreal/montrealgazette/story.asp
  ?id=51AA6AB6-034B-4FE0-911C-04871E6B1EC5

IP archives at: http://www.interesting-people.org/archives/interesting-people/

--

Date: Mon, 21 Apr 2003 11:01:55 +0100
From: John Beattie 
Subject: Re: NCIC database accuracy requirements

As reported in RISKS-22.65, etc., the accuracy requirements for the FBI's
National Crime Information Center have been reduced or eliminated.  Also
discussed in the April 2003 Cryptogram:
  http://www.counterpane.com/crypto-gram-0304.html

At first sight this is bad. But the other point of view may be worth noting:
a widely used database which is "accurate" but has a high false positive
rate may provide a useful widespread learning experience. Most users of
databases regard "the computer" as infallible.  A 100-to-1 false positive
rate would be salutary!  :-)

It isn't enough that engineers and computer scientists understand accuracy
requirements; the end-users, as represented by lawyers, have to have a
feeling for it as well. Bad databases already do damage -- it may be that
what is needed is a really high-profile failure.

You can argue probabilities as much as you like; the thing will only hit
home when almost everyone who's had contact with the database has actual
knowledge of a failure.

  [Perhaps if a few Senators, Representatives, Justice Department folks,
  and other government officials were mistakenly apprehended, that might
  help.  PGN]

--

Date: Mon, 28 Apr 2003 15:58:19 +0200
From: "Jan C. =?iso-8859-1?Q?Vorbr=FCggen?="

Subject: Re: Friendly Fire (Ladkin, RISKS-22.68)

I believe a technical contribution to this organizational problem was the
fact that Aegis computed/computes the first and second derivatives of
measured target height to derive sink/climb rate and acceleration. These
values, derived as they are from noisy measurements, are notoriously
unreliable. The crew seems to have treated these "measurements" at face
value, deriving a threat from the fact that they indicated a high sink rate
directed at the Vincennes, when in reality the aircraft was flying level. So
in this case the misinterpretation (at least in part) resulted in the
ability of computers to provide processed but unreliable data, very likely
without an indication of its unreliability (ever seen error bars on such
displays?).

Jan Vorbrüggen - MediaSec Technologies, Berliner Platz 6-8, D-45127 Essen
Research & Development  - Tel. +49 201 437 52 52  http://www.mediasec.com

---