------------------------------ Date: 23 September, 1990 From: Various Contributors Subject: The CU in the News ******************************************************************** *** CuD #2.04: File 7 of 7: The CU in the News *** ******************************************************************** "Justice Department Computer Security Questioned" The General Accounting Office (GAO) has issued a report criticizing the Justice Department (DOJ) for failing to have a management system in place to secure its highly sensitive computer systems and has concluded that classified files were at risk. The report concludes that immediate action is required to correct security weaknesses at the main Justice Department data center and in computer systems used by DOJ litigating organizations. The report found several security weaknesses at DOJ's new data center in Rockville, MD, a site leased by DOJ from Control Data Corp. for 17 years. According to GAO, there are "numerous uncontrolled entrances...through which individuals could easily remove sensitive data." In addition, the report is critical of DOJ's lack of contingency plans for emergencies at the center and has not conducted a complete risk assessment that takes into account possible adverse actions by disgruntled employees. Copies of the report, entitled "Justice Automation: Tighter Computer Security Needed" may be obtainable from the GAO (202/225-6241). The report is GAO/IMTEC-90-69 and is dated July 30, 1990. ------------------------------ TRENTON, N.J. (UPI) -- Assembly Speaker Joseph Doria said Monday he was concerned by news that an alleged Republican break-in of Democratic computer files took place with the knowledge of the GOP's highest-ranking staff member. Doria, D-Hudson, said he had instructed all Assembly members and staff with knowledge of the ``hacking'' incident to turn their information over to Attorney General Robert Del Tufo, who is investigating the repeated break-ins. John Kohler, executive director of the GOP Assembly staff, resigned Friday admitting he had been aware of the activities of Jeffrey Land, a low-level staffer who reportedly broke into Democrats' files in the legislative computer system and discovered that Democrats had used the state-owned computer for political work. State law bars use of state equipment for political work or doing political work on state time. Previous to Kohler's resignation, however, top lawmakers had dismissed the break-ins as a computer hacker's prank. ------------------------------ "Think that Computer Message you just sent was Secret? Think Again" By Bart Ziegler Associated Press +++++++++++++++++ NEW YORK -- Next time you push that button on your computer to send a co-worker a racy electronic mail message about the boss, think twice. Someone may be reading your mail. Every day, millions of computer users send electronic messages to fellow employees, supervisors, clients and friends. Many assume these computer-to-computer electronic mail systems -- the postal system of the Information Age -- are confidential. But a recent lawsuit challenges that notion. The class action contends a California company spied on employees for months by monitoring thousands of their electronic messages. The lawsuit, filed last month by several employees again Epson America Inc. of Torrance, Calif., claims the company's computer operations manager made printed copies of electronic mail sent and received by 700 Epson workers. The suit claims such snooping violates a state wiretap law. Epson, a Japanese-owned company that sells personal computers, calls the lawsuit unfounded. "It is clearly not the policy of Epson to indiscriminately read electronic mail," said spokesman Scot Edwards. He declined to comment on the suit's specific allegations. The lawsuit is an example of a growing privacy debate surrounding "E-mail," which has mushroomed in popularity during the past decade with the growth in personal computers. Among other cases: o The mayor of Colorado Springs, Colo., caused a stir this year when it was discovered he had been reading printouts of electronic messages that City Council members had sent each other in confidence. o The Iran-Contra affair unraveled partly because investigators discovered electronic messages sent by L. Col. Oliver North and supporters. The North team didn't realize that every message was stored on computer tape. Computer experts say some E-mail systems automatically destroy electronic messages once they are read. Others keep a copy. But even systems that erase old messages aren't safe from snoops. In most systems, computer room operators can rea messages that haven't yet been opened by recipients, said Mike Zisman, president of SoftSwitch Inc., a Wayne, Pa., company that helps corporations link E-mail systems. "When you send a message, most people think it's as private as sending it through the U.S. Postal System. But in some companies it can be as private as writing it on the bathroom wall," said David Atlas, an E-Mail analyst at International Data Corp., a research firm. Atlas said he knows of another suit similar to the Epson class action, as well as employees at two other companies who are considering their own lawsuits, but he declined to identify them. Few employers have explicit policies on the use and privacy of E-Mail, said Walter Ulrich, an office automation specialist at the consulting firm Arthur D. Little Inc. "That's an area where companies should give guidance to employees," said Ulrich, who estimates that there are 10 million E-Mail users in North America. Ulrich recommended companies state they will not snoop in E-Mail systems unless they believe users are using them illegally or abusively. But he doesn't think companies should be barred outright from reading E-Mail, since the companies own the systems. The American Civil Liberties Union takes a stronger stance. It believes federal privacy safeguards are needed to prevent employers from eavesdropping on employees' personal affairs that happen to be contained in computer files. "There's virtually no law that would stop any employer from systematically reading al of the computerized information of any of their employees," said Lewis Maltby, coordinator of the ACLU's National Task Force on Civil Liberties in the World Place. Federal laws that bar wiretapping don't apply to computer systems, Maltby said. ******************************************************************** ------------------------------ **END OF CuD #2.04** ******************************************************************** Downloaded From P-80 International Information Systems 304-744-2253 12yrs+