------------------------------ Date: Tue, 3 Sep 91 17:05:01 CDT From: edtjda@MAGIC322.CHRON.COM(Joe Abernathy) Subject: File 4--Houston Chronicle spacemail follow This story appeared on Page 1A of the Houston Chronicle on Monday, Sept. 2, 1991. Permission is granted for redistribution in the ACM Risks Digest, Patrick Townson's Telecom Digest, the newsgroup sci.space.shuttle, Computer Underground Digest, and the interesting_people mailing list. Our thanks to these groups for their ongoing contributions to the online community and our coverage of it. Please send comments and suggestions to edtjda@chron.com. NASA severs connection on electronic mail linkup By JOE ABERNATHY Copyright 1991, Houston Chronicle Although declaring the experiment a success, NASA has called a halt to a project by which space shuttle astronauts briefly were linked with the nation's computer networks through electronic mail. The e-mail experiment, conducted during the recent flight of Atlantis, was part of a larger effort to develop computer and communications systems for the space station Freedom, which is to be assembled during the late 1990s. The National Aeronautics and Space Administration cited unauthorized access as the reason for severing the network connection, but NASA officials did not provide details. The space agency initially attempted to carry out the project in secrecy, but word leaked out on the nation's computer networks. Details were closely guarded because of concerns over malicious computer hacking and astronauts' privacy. "Hello, Earth! Greetings from the STS-43 Crew! This is the first Applelink from space. Having a GREAT time, wish you were here!" read the first message home. It went from Atlantis astronauts Shannon Lucid and James Adamson to Marcia Ivins, a shuttle communicator at Johnson Space Center. It was the use of AppleLink -- a commercial electronic mail network connected to the global computer matrix -- that apparently contained the seeds of trouble. When an AppleLink electronic mail address for the shuttle was distributed online and then published in the Houston Chronicle, it generated about 80 responses from well-wishers. Although the address was created just for this purpose, the flight director nearly pulled the plug on the project, according to Debra Muratore, the NASA experiment manager. The project was concluded as scheduled and declared a success. But ultimately, it was decided, at least for now, to cease all interaction with public computer networks. The decision eventually could mean that NASA's premier research facility, the space station, may not have access to its premier research communications tool, the NASA Science Internet -- the space agency's portion of the vast Internet global computer network. Electronic mail, which is becoming commonplace in offices, is simply the transmission of messages via computers to one or more people, using electronic addresses. Users linked to the right networks can send electronic messages or other data to specific recipients nearly anywhere in the world -- and for a short time, could send them to space. "The problem was that the information had gotten leaked prematurely. There was no problem with security," Muratore said. Even previous to the leak of the addresss, however, the experiment was structured in such a way that it was vulnerable to hackers, she acknowledged. "As a result of this whole experience, at least my project plans never to use a public (electronic) mail system again," she said. Muratore indicated that the space agency may explore other ways of providing "connectivity" -- communication between orbiting astronauts and NASA's broader collection of computerized resources -- which will become increasingly important as the use of computerized information grows. The decision to sever the short-lived e-mail connection has drawn strong criticism among computer security experts and other scientists, who charge that NASA was attempting to design "security through obscurity." "This is another example of an ostrich-oriented protection policy -- stick your head in the sand and pretend no one will find out what you know," wrote Peter G. Neumann, moderator of the Association for Computing Machinery's RISKS Digest, a respected online publication that assesses the risks posed by technology. "Things like that don't stay 'secret' for very long." NASA told Newsday, but would not confirm for the Chronicle, that more than 80 "unauthorized" messages from around the world were sent to the Atlantis address -- which a source told the Chronicle was set up explicitly to handle public requests for a shuttle e-mail address. Private addresses were used for the actual experiments. "The old 'authorization' paradox has reared its ugly head again," wrote Neumann, who prepared a study for NASA on the security requirements of the space station. " 'Threatened by unauthorized e-mail,' eh? Sending e-mail to someone REQUIRES NO AUTHORIZATION." Muratore defended the use of secrecy as a security tool. "I feel that that was a viable option," she said. She said operators of AppleLink told NASA that it was impossible to keep public e-mail from being sent to the on-orbit address, so the only option was to try to keep it secret. But network users questioned this viewpoint. "Why is an e-mail system 'in jeopardy' when it receives 80 messages? And what is an 'unauthorized user?' " asked Daniel Fischer of the Max-Planck-Institut feur Radioastronomie, in Bonn, Germany. "Once the system is linked up to the real world, it should expect to receive real mail from everyone. "If NASA can't handle that, it really shouldn't get into e-mail at all," added Fischer, writing in an online discussion group composed of scientists involved with the space program. "Consider that (heavy response) a success, NASA!" The disposition of the electronic mail sent to Atlantis is still up in the air. A Chronicle message was not acknowledged, and no one has reported receiving a response. +++++++++++++++++++++++++++++++++++ Chronicle reporter Mark Carreau contributed to this report. Downloaded From P-80 International Information Systems 304-744-2253