Can A System Keep a Secret?
By Philip Elmer-DeWitt
When Lieut. Colonel Oliver North sat down at his computer terminal to compose memos to his superiors at the National Security Council, he made a common assumption. He thought his electronic missives -- relaying confidential details of the ill-fated Iran-contra deal -- were more secure than messages sent by post or by telephone. The magnitude of that error now confronts him in bookstore windows around the country. For not only have hundreds of those potentially incriminating messages been recovered by federal investigators but they also are available to all, in published copies of the Tower commission report.
North's miscalculation holds a lesson for the millions of office workers who have traded in their memo pads for keyboards, including some 125,000 people worldwide who use the same IBM PROFS (Professional Office System) software installed at the NSC. "This has worried me for years," says Susan Nycum, a Palo Alto, Calif., attorney specializing in technology. "There are two very different assumptions at work here: the guy using the system assumes he has total privacy; the guy running the system assumes he has total access."
At the White House, those running the NSC computer -- unbeknownst to North and his colleagues -- were keeping backup tapes of each file in the system, a routine practice. These backups, which are typically made on a daily or weekly basis, included copies of files containing the private notes of every NSC officer with a password. In response to requests from the Tower commission, White House Communications Agency programmers searched their storage tapes for NSC memos and eventually turned over a stack of printouts nearly 4 ft. high. Explains Donn Parker, a computer security specialist at SRI International: "It is so ingrained in computer operators that they have to preserve data that if you tell them to erase a disk, the first thing they do is make a backup tape."
Attempts by North to alter, and perhaps even delete, certain key files may have been foiled by another feature of the system. Like most computers, the NSC mainframe deletes electronic documents not by obliterating the data they contain, but by removing their file names from a central disk directory. The body of information remains intact indefinitely -- or until the space it occupies is written over with new data. Thus a resourceful programmer, armed with a description of a document that has been zapped, can often resurrect it from the disk. "We were living under a delusion," admitted one Administration official after North's computer notes were first revealed. "We thought when we deleted them from our own files, they disappeared."
One does not have to be a whiz kid to uncover secrets hidden in a computer. Many large office systems have a hierarchy of password privileges that gives supervisors access to the files of subordinates and systems operators access to everything. At the San Francisco Examiner, which like most modern newspapers is highly computerized, employees have to be reminded from time to time that "cruising the baskets" (reading the private files) of their co- workers is a serious breach of privacy.
Newspaper office computers are frequent targets for prying. One reason: news organizations make extensive use of open telephone lines to transmit and receive electronic messages. In addition, notes Geoffrey Stokes, press columnist for New York City's Village Voice, "We are all professional snoops." Stokes' columns frequently contain items leaked to him from the computers of the large New York dailies. Last year he gleefully printed a memo purloined from the New York Times revealing that Arthur Gelb, one of that paper's top editors, asked a Paris reporter to investigate the effects of the Chernobyl nuclear accident on Russian caviar.
Unfortunately, computer users have little in the way of legal protection from such invasions of privacy, especially when they are working on a company- owned system. Recent court actions provide plenty of examples. In one case, the Government used computer backup tapes obtained by the FBI to help prove that a Pratt & Whitney employee was selling sensitive pricing data to a competitor. Lawyers for the employee argued that the FBI had violated his Fourth Amendment rights against unreasonable search by seizing messages from a storage device that constituted his personal "electronic file cabinet." The appeals court disagreed, saying that since he did not own the machine on which the messages were stored, he had no reasonable or legitimate expectation of privacy.
What protections there are primarily apply to those using public communications networks like the Source and CompuServe. The Electronic Communication Privacy Act, signed into law last fall, makes it a felony to intercept private messages sent through the networks and stipulates that law- enforcement officials must obtain a search warrant in order to examine backup copies stored in their computers.
Even these measures fall short of guaranteeing privacy. In recent months, the Reagan Administration made several attempts to monitor the use of public data bases as part of an effort aimed at controlling access to unclassified but "sensitive" information. This controversial policy, initiated by former National Security Adviser John Poindexter, was hastily withdrawn two weeks ago. It would have given the Government "Big Brother control over all the computer systems in the country," according to Democratic Congressman Jack Brooks of Texas, who headed a committee investigating the matter.
While concern over computer security has garnered headlines in recent . weeks, veteran users tend to take the matter in stride. "There is no such thing as privacy on a computer," says Thomas Mandel, an analyst at SRI and a regular on several Silicon Valley computer networks. "The view here is that if you don't want something read, don't put it on the system."