Willis H. Ware

Security and privacy in computer systems

With the advent of computer systems which share the resources of the configuration among several users or several problems, there is the risk that information from one user (or computer program) will be coupled to another user (or program). In many cases, the information in question will bear a military classification or be sensitive for some reason, and safeguards must be provided to guard against the leakage of information. This session is concerned with accidents or deliberate attempts which divulge computer-resident information to unauthorized parties.

Soviet Computer Technologyߞ1959

The paper presents a factual account of the trip of the 1959 U. S. technical delegation in computers to the Soviet Union. It includes the itinerary, descriptions of specific Soviet computers, descriptions of certain computing centers, a discussion of Soviet computer-oriented education, and a description of current circuit and component development. In appendices are given the instruction repertoire of the URAL-I and the URAL-II machines, and an analysis of some magnetic cores. The paper is extensively illustrated and contains a bibliography of relevant Soviet documents.

The electronic medical record: a challenge for computer science to develop clinically and socially relevant computer systems to coordinate information for patient care and analysis

Abstract Creating a Patient Centered Information System (PCIS) or Electronic Medical Record System (EMRS)—the former terminology emphasizing the clinical purpose, the latter the missing product—is now viewed by the health care community as necessary to coordinate modern patient care in a manner that can control costs. However, despite 25 years of significant effort, the distance between the information systems available today in health care and what will be needed to fulfill this promise in the future remains very large. Success depends on achieving three goals that are generally in conflict: (1) giving the users the full scope of features and detail needed to create and use electronic clinical records for decision making, (2) providing the speed and reliability necessary for their online use, and (3) preserving system security and patient confidentiality. The vendors of the current generation of Hospital Information Systems (HIS) are being asked to supply these new capabilities before most have fully suc...

The new faces of privacy

Abstract This paper summarizes the concept of privacy, reviews some of its underlying tenets and axioms, illustrates the drift toward a national counterprivacy posture in terms of events involving the Social Security number (SSN), and discusses new faces in terms of three case histories: the California action to require SSNs on drivers licenses, the effort by telephone companies to introduce calling number identification, and the aggregation of public records into dossier databases. Remedial actions by government and legislators are suggested.

The Cyber-Posture of the National Information Infrastructure

The infrastructure of every nation is vulnerable to physical and cyber-based attacks. While there is no evidence that “the sky is falling in” or that there is imminent danger of a massive disruption from such attacks, a country cannot be complacent about the issue. Each country has a natural resilience stemming from many sources to offset the effects of such attacks, but more directed and extensive examination of the matter is essential.

Emerging privacy issues

Because of the essential nature of information in the affairs of society, governments, and institutions, computer- and communications-based systems are creating new aspects of personal privacy threats. Because people and organizations will tend to carry forward established expectations derived from old systems and their characteristics to new systems and their procedures, it can be expected that new privacy threats will frequently not be perceived, (e.g. the transition from physical mail to electronic mail). Moreover, things which are not a privacy threat in the small (e.g. a single telephone number) can pose threats in the large (e.g. a years worth of telephone billings). The networking of information systems will tend to aggregate information invisibly and create privacy threats (e.g. automatic check verification information blended with financial transaction information). Matching of computer files and the diversification of established industries (e.g. banks providing general accounting services to small business) also will create new dimensions of privacy. The future world will be so tightly stitched together by its information threads that a combination of approaches to protecting privacy will be essential. Technical security safeguards can contribute; privacy laws will surely afford protections. But for some situations, perhaps many, the individual will have to take care of himself. To do so, he will have to be well-informed about information systems and their impact on himself; and he must have a legal standing to recover damages and compel remedial actions by offending organizations.

New vistas on info-system security

This paper traces the history and evolution of the various criteria efforts associated with computer system and network security. It notes several new security requirements arising from new system architectures, intense networking, different operational environments, and evolving online services. Finally, it speculates on the continuing role of the Common Criteria.

What do we mean by integrity

Almost from the start, more than twenty-five years ago, of broadly-based concern for the safety of data in computer-based systems, we have found it convenient to say that the goals of an information security programme are to preserve the confidentiality,integrity, and availability of data. Most people involved with the information security issue are at ease with this terminolog except that the meaning of the word ‘integrity’ is not adequately resolved. The terms ‘confidentiality’ and ‘availability’ occasionally require further explanation in specific situations, but they are generally well understood; we are comfortable with them. Integrity is quite another matter.

Policy aspects of privacy and access

Abstract This paper first reviews the development of record‐keeping privacy, together with its legislative attention and major studies of it. It then identifies new dimensions of personal privacy and illustrates them with electronic mail. It notes the intricacy of policy issues arising from large‐scale use of computers and communications for systems that provide a variety of services, many of them oriented toward the individual. The legislative awkwardness of providing protection to the individual and the role of the federal government in the entire issue is described. Other systems that will create new privacy issues are touched on. The “privacy future” is discussed in terms of access‐without‐action, information representation, information protection, exploitation of information such as computer matching, the large‐scale availability of personal information to many people, and the widespread appearance of systems that deal with information about people but for other than record‐keeping purposes. Finally,...

State of the privacy act: an overview of technological and social science developments

Abstract : Privacy is a problem of many dimensions, even for the limited context in which this conference will examine it. It is a complex issue, but one set in a much broader information policy issue.