HEARINGS BEFORE THE SUBCOMMITTEE ON TRANSPORTATION, OF THE COMMITTEE ON SCIENCE AND TECHNOLOGY U.S. HOUSE OF REPRESENTATIVES NINETY-EIGHTH CONGRESS ROBERT A. ROE, New Jersey GEORGE E. BROWN, JR., California MARILYN LLOYD, Tennessee MERVYN M. DYMALLY, California NORMAN Y. MINETA, California TIM VALENTINE, North Carolina ROBERT G. TORRICELLI, New Jersey LARRY WINN, JR., Kansas MANUEL LUJAN, JR., New Mexico F. JAMES SENSENBRENNER, JR., JUDD GREGG, New Hampshire CLAUDINE SCHNEIDER, Rhode Island ROD CHANDLER, Washington HERBERT H. BATEMAN, Virginia SHERWOOD L. BOEHLERT, New York ALFRED A. MCCANDLESS, California TOM LEWIS, Florida Neal Patrick, Milwaukee, Wis., accompanied by Paul Piaskoski, Esq., Jimmy McClary, division leader for operational security and safeguards division, Los Alamos National Laboratory, Los Alamos, N. Mex., accom- panied by Dotty Camillo, group leader, communications and telecom- munications group, Los Alamos National Laboratory, N. Mex...... Donn B. Parker, senior management systems consultant, Informations Systems Management Department, ŠRI International, Menlo Park, Calif., and Geoffrey S. Goodfellow, senior systems analyst, SRI Interna- Stephen T. Walker, president, Trusted Information Systems, Inc., Infor- mation Systems Telecommunications, Glenwood, Md.. Joseph R. Wright, Jr., Deputy Director, Office of Management and Budget, accompanied by John P. McNicholas, Chief, Information Policy, Office of Management and Budget.. Warren Reed, Director, Information Management and Technology Divi- sion, U.S. General Accounting Office, accompanied by Walter L. Ander- son, Senior Associate Director, Information Management and Technol- ogy Division, and Harold J. Podell, Group Director with Information Management and Technology Division John W. Lyons, Acting Director, National Bureau of Standards, and Dennis Branstad, Manager, Computer Integrity and Security Technol- ogy Group, Institute for Computer Sciences and Technology, National Bureau of Standards, U.S. Department of Commerce... Melville H. Klein, Director, DOD Computer Security Center, National Security Agency, U.S. Department of Defense, accompanied by Col. Roger R. Schell, Deputy Director, DOD Computer Security Center..... Floyd I. Clarke, Deputy Assistant Director, Criminal Investigative Divi- sion, Federal Bureau of Investigation, accompanied by Kier T. Boyd, Acting Assistant Director, Technical Services Division, Federal Bureau of Investigation, and Anthony J. Adamski, Jr., Chief, Financial Crimes Unit, Federal Bureau of Investigation Richard H. Shriver, Assistant Secretary of the Treasury, Electronic Sys- tems and Information Technology, accompanied by Dr. Bob Conley, Deputy, Advanced Technology; Joe Bishop, Deputy, Programs and Re- sources Management; and Paul Trause, Inspector General, U.S. Treas- Elmer I. Clegg, vice president, marketing, Federal Systems Division, Hon- eywell Information Systems, Inc., accompanied by James I Bolton, pro- gram director, Federal Systems Division, and Paul E. Flaherty, direc- tor, software engineering, Federal Systems Division Appendix-Statement submitted for the record by IBM Corp.... Statement submitted for the record by the Memorial Sloan-Kettering Cancer COMPUTER AND COMMUNICATIONS SECURITY AND PRIVACY MONDAY, SEPTEMBER 26, 1983 HOUSE OF REPRESENTATIVES, COMMITTEE ON SCIENCE AND TECHNOLOGY, SUBCOMMITTEE ON TRANSPORTATION, Washington, D.C. The subcommittee met, pursuant to call, at 9:30 a.m., in room 2318, Rayburn House Office Building, Hon. Dan Glickman (chairman of the subcommittee) presiding. Mr. GLICKMAN. Why don't we go ahead and begin this morning. I might mention to the audience, after all of the members have their chance for opening statements, then the lights will have to go off, and we are going to show about 4 minutes from the movie "War Games," which I think outlines the problem fairly clearly, and then we'll go into our witnesses. Today the subcommittee will turn to one of those emerging technical and legal issues that is beginning to affect our society in a very broad way-computer and communications security and privacy. Computers and the communications links that connect them are becoming more and more important to modern society. Banks, hospitals, schools, businesses of all kinds, and the military have assembled vast amounts of data on which they, and we, depend. In fact, the average citizen is probably unaware of the true extent that computers touch his daily life. Because computers are usually unseen, few of us, I suspect, are fully aware of their growth and importance. Possibly for this reason we have also been largely unaware of the possibilities for the improper use of computers or access to the information they contain. In some cases, we have failed even to take the most elementary precaution, the electronic equivalent of locking the door. Yet, as recent events have shown, whenever there is something of value, we must take steps to protect it. First, there was the popular film "War Games" in which a youngster is able to penetrate the computers of the North American Defense Command and almost precipitates World War III. While this ultimate disaster is not likely possible, the film does illustrate, I am told, certain break-in methods that are factual. Then there was the disclosure that a group of Milwaukee young people-known as the 414's-had, in fact, broken into computers |