Chapter 20

Friday, January 8 Washington, D.C.

The New Senate Office Building is a moderately impressive struc- ture on the edge of one of the worst sections of Washington. Visitors find it a perpetual paradox that the power seat of the Western World is located within a virtual shooting gallery of drugs and weapons. Scott arrived at the NSOB near the capitol, just before lunchtime. His press identification got him instant access to the hearing room and into the privileged locations where the media congregated. The hearings were in progress and as solemn as he remembered other hearings broadcast on late night C-SPAN.

He caught the last words of wisdom from a government employee who worked for NIST, the National Institute of Standards and Technol- ogy. The agency was formerly known as NBS, National Bureau of Standards, and no one could adequately explain the change.

The NIST employee droned on about how seriously the government, and more specifically, his agency cared about privacy and infor- mation security, and that ". . .the government was doing all it could to provide the requisite amount of security commensurate with the perceived risk of disclosure and sensitivity of the information in question." Scott ran into a couple of fellow reporters who told him he was lucky to show up late. All morn- ing, the government paraded witnesses to read prepared statements about how they were protecting the interests of the Government.

It was an intensive lobbying effort, they told Scott, to shore up whatever attacks might be made on the government's inefficient bungling in distinction to its efficient bungling. To a man, the witnesses assured the Senate committee that they were committed to guaranteeing privacy of information and unconvincingly assur- ing them that only appropriate authorized people have access to sensitive and classified data.

Seven sequential propagandized statements went unchallenged by the three senior committee members throughout the morning, and Senator Rickfield went out of his way to thank the speakers for their time, adding that he was personally convinced the Govern- ment was indeed doing more than necessary to obviate such con- cerns.

The underadvertised Senate Select Sub Committee on Privacy and Technology Protection convened in Hearing Room 3 on the second floor of the NSOB. About 400 could be accommodated in the huge light wood paneled room on both the main floor and in the balcony that wrapped around half of the room. The starkness of the room was emphasized by the glare of arc and fluorescent lighting.

Scott found an empty seat on a wooden bench directly behind the tables from which the witnesses would speak to the raised wooden dais. He noticed that the attendance was extraordinarily low; by both the public and the press. Probably due to the total lack of exposure.

As the session broke for lunch, Scott asked why the TV cameras? He thought this hearing was a deep dark secret. A couple of fellow journalists agreed, and the only reason they had found out about the Rickfield hearings was because the CNN producer called them asking if they knew anything about them. Apparently, Scott was told, CNN received an anonymous call, urging them to be part of a blockbuster announcement. When CNN called Rickfield's office, his staffers told CNN that there was no big deal, and that they shouldn't waste their time. In the news business, that kind of statement from a Congressional power broker is a sure sign that it is worth being there. Just in case. So CNN assigned a novice producer and a small crew to the first day of the hear- ings. As promised, the morning session was an exercise in termi- nal boredom.

The afternoon session was to begin at 1:30, but Senator Rickfield was nowhere to be found, so the Assistant Chairperson of the committee, Junior Senator Nancy Deere assumed control. She was a 44 year old grandmother of two from New England who had never considered entering politics. Nancy Deere was the consummate wife, supporter and stalwart of her husband Morgan Deere, an up and coming national politician who had the unique mixture of honesty, appeal and potential. She had spent full time on the campaign trail with Morgan as he attempted to make the transition from state politics to Washington. Morgan Deere was heavily favored to win after the three term incumbent was named a co- conspirator in the rigging of a Defense contract. Despite the pending indictments, the race continued with constant pleadings by the incumbent that the trumped up charges would shortly be dismissed. In the first week after the Grand Jury was convened, the voter polls indicated that Deere led with a 70% support factor.

Then came the accident. On his way home from a fund raising dinner, Morgan Deere's limousine was run off an icy winter road by a drunk driver. Deere's resulting injuries made it impossible for him to continue the campaign or even be sure that he would ever be able to regain enough strength to withstand the brutality of Washington politics.

Within days of the accident, Deere's campaign manager announced that Nancy Deere would replace her husband. Due to Morgan's local popularity, and the fact that the state was so small that everyone knew everyone else's business, and that the incumbent was going to jail, and that the elections were less than two weeks away, there was barely a spike in the projections. No one seemed to care that Nancy Deere had no experience in politics; they just liked her.

What remained of the campaign was run on her part with impeccable style. Unlike her opponent who spent vast sums to besmirch her on television, Nancy's campaign was largely waged on news and national talk shows. Her husband was popular, as was she, and the general interest in her as a woman outweighed the interest in her politics. The state's constituency overwhelmingly endorsed her with their votes and Senator Nancy Deere, one of the few woman ever to reach that level as an elected official, was on her way to Washington.

Nancy Deere found that many of the professional politicians preferred to ignore her; they were convinced she was bound to be a one termer once the GOP got someone to run against her. Others found her to be a genuine pain in the butt. Not due to her naivete, far from that, she adeptly acclimated to the culture and the system. Rather, she was a woman and she broke the rules. She said what she felt; she echoed the sentiments of her constituency which were largely unpopular politically. Nancy Deere didn't care what official Washington thought; her state was behind her with an almost unanimous approval and it was her sworn duty to represent them honestly and without compromise. She had nothing to lose by being herself. After more than a year in Washington, she learned how the massive Washington machinery functioned and why it crawled with a hurry up and wait engine.

In Rickfield's absence, at 1:40 P.M., Senator Nancy Deere called the session to order. Her administrative demeanor gave no one pause to question her authority. Even the other sole Congres- sional representative on the sub-committee fell into step. While Senator Stanley Paglusi technically had seniority, he sat on the committee at Rickfield's request and held no specific interest in the subject matter they were investigating. He accepted the seat to mollify Rickfield and to add to his own political resume.

"Come to order, please," she announced over the ample sound system. The voluminous hearing room reacted promptly to the authoritative command that issued forth from the petite auburn haired Nancy Deere who would have been just as comfortable auc- tioning donated goods at her church. She noticed that unlike the morning session, the afternoon session was packed. The press pool was nearly full and several people were forced to stand. What had changed, she asked herself.

After the procedural formalities were completed, she again thanked those who had spoken to the committee in the morning, and then promised an equally informative afternoon. Nancy, as she liked to be called on all but the most formal of occasions intro- duced the committee's first afternoon witness.

"Our next speaker is Ted Hammacher, a recognized expert on the subject of computer and information security. During 17 years with the Government, Mr. Hammacher worked with the Defense Inves- tigatory Agency and the National Security Agency as a DoD liai- son. He is currently a security consultant to industry and the government and is the author of hundreds of articles on the subject." As was required, Nancy Deere outlined Hammacher's qualifications as an expert, and then invited him to give his opening statement.

The television in Rickfield's office was tuned to C-SPAN which was broadcasting the hearings as he spoke into the phone.

"Only a couple more and then I'm off to spend my days in the company of luscious maidens on the island of my choice," he bragged into the phone. The Senator listened intently to the response. "Yes, I am aware of that, but it doesn't change the fact that I'm calling it quits. I cannot, I will not, continue this charade." He listened quietly for several minutes before interjecting.

"Listen, General, we've both made enough money to keep us in style for the rest of our lives, and I will not jeopardize that for anything. Got it?" Again he listened. "I don't know about you, but I do not relish the idea of doing ten to twenty regard- less of how much of a country club the prison is. It is still a prison." He listened further.

"That's it, I've had it! Don't make me use that file to impli- cate you, the guys over at State and our Import . . .hey!" Rick- field turned to Ken Boyers. "Who started the afternoon session?" He pointed at the TV.

"It looks like Senator Deere," Ken said.

"Deere? Where does that goddamned bitch get off . . ?" He remem- bered the phone. "General? I have to go, I've got a suffragette usurping a little power, and I have to put her back in her place. You understand. But, on that other matter, I'm out. Done. Fini- to. Do what you want, but keep me the fuck out of it." Rick- field hung up abruptly and stared at the broadcast. "Some house- broken homemaker is not going to make me look bad. Goddamn it, Ken," Rickfield said as he stood up quickly. "Let's get back out there."

"Thank you, Senator Deere, and committee members. I am honored to have a chance to speak to you here today. As a preface to my remarks, I think that a brief history of security and privacy from a government perspective may be in order. One of the reasons we are here today is due to a succession of events that since the introduction of the computer have shaped an ad hoc anarchism, a laissez-faire attitude toward privacy and security. Rather than a comprehensive national policy, despite the valiant efforts of a few able Congressmen, the United States of America has allowed itself to be lulled into technical complacency and indifference. Therefore, I will, if the committee agrees, provide a brief chronological record."

"I for one would be most interested," said Senator Deere. "It appeared that this morning our speakers assumed we were more knowledgeable that we are. Any clarifications will be most welcome." The crowd agreed silently. Much of the history was cloaked in secrecy.

The distinguished Ted Hammacher was an accomplished orator, utilizing the best that Washington diplomatic-speak could muster. At 50 years old, his short cropped white hair capped a proper military bearing even though he had maintained a civilian status throughout his Pentagon associations. "Thank you madam chairman." He glanced down at the well organized folder and turned a page.

"Concerns of privacy can be traced back thousands of years with perhaps the Egyptian pyramids as the first classic example of a brute force approach towards privacy. The first recorded at- tempts at disguising the contents of a written message were in Roman times when Julius Caesar encoded messages to his generals in the field. The Romans used a simple substitution cipher where one letter in the alphabet is used in place of another. The cryptograms found in the Sunday paper use the same techniques. Any method by which a the contents of a message is scrambled is known as encryption."

The CNN producer maintained the sole camera shot and his atten- tion on Ted Hammacher. He missed Senator Rickfield and his aid reappear on the dais. Rickfield's eyes penetrated Nancy Deere who imperceptibly acknowledged his return. "You should not over- step your bounds," Rickfield leaned over and said to her. "You have five years to go. Stunts like this will not make your time any easier."

"Senator," she said to Rickfield as Hammacher spoke. "You are obviously not familiar with the procedures of Senate panel proto- col. I was merely trying to assist the progress of the hearings in your absence, I assure you." Her coolness infuriated Rick- field.

"Well, then, thank you," he sneered. "But, now, I am back. I will appreciate no further procedural interference." He sat up brusquely indicating that his was the last word on the subject. Unaware of the political sidebar in progress, Hammacher contin- ued.

"Ciphers were evolved over the centuries until they reached a temporary plateau during World War II. The Germans used the most sophisticated message encoding or encryption device ever devised. Suitably called the Enigma, their encryption scheme was nearly uncrackable until the Allies captured one of the devices, and then under the leadership of Alan Turing, a method was found to regularly decipher intercepted German High Command orders. Many historians consider this effort as being instrumental in bringing about an end to the war.

"In the years immediately following World War II, the only per- ceived need for secrecy was by the military and the emerging intelligence services, namely the OSS as it became the modern CIA, the British MI-5 and MI-6 and of course our opponents on the other side. In an effort to maintain a technological leadership position, the National Security Agency funded various projects to develop encryption schemes that would adequately protect govern- ment information and communications for the foreseeable future.

"The first such requests were issued in 1972 but it wasn't until 1974 that the National Bureau of Standards accepted an IBM pro- posal for an encryption process known as Lucifer. With the assistance of the NSA who is responsible for cryptography, the Data Encryption Standard was approved in November of 1976. There was an accompanying furor over the DES, some saying that the NSA intentionally weakened it to insure that they could still decrypt any messages using the approved algorithm.

"In 1982 a financial group, FIMAS endorsed a DES based method to authenticate Electronic Funds Transfer, or EFT. Banks move upwards of a trillion dollars daily, and in an effort to insure that all monies are moved accurately and to their intended desti- nations, the technique of Message Authentication Coding was introduced. For still unknown reasons it was decided that en- crypting the contents of the messages, or transfers, was unneces- sary. Thus, financial transactions are still carried out with no protection from eavesdropping."

"Excuse me, Mr. Hammacher, I want to understand this," interrupt- ed Senator Deere. "Are you saying that, since 1976, we have had the ability to camouflage the nation's financial networks, yet as of today, they are still unprotected?" Rickfield looked over at Nancy in disgust but the single camera missed it.

"Yes, ma'am, that's exactly the case," replied Hammacher.

"What does that mean to us? The Government? Or the average citi- zen?"

"In my opinion it borders on insanity. It means that for the price of a bit of electronic equipment, anyone can tap into the details of the financial dealings of banks, the government and every citizen in this country."

Senator Deere visibly gulped. "Thank you, please continue."

"In 1984, President Reagan signed National Security Decision Directive 145. NSDD-145 established that defense contractors and other organizations that handle sensitive or classified informa- tion must adhere to certain security and privacy guidelines. A number of advisory groups were established, and to a minimal extent, the recommendations have been implemented, but I must emphasize, to a minimal extent."

"Can you be a little more specific, Mr. Hammacher?" Asked Senator Deere.

"No ma'am, I can't. A great deal of these efforts are classified and by divulging who is not currently in compliance would be a security violation in itself. It would be fair to say, though, that the majority of those organizations targeted for additional security measures fall far short of the government's intentions and desires. I am sorry I cannot be more specific."

"I understand completely. Once again," Nancy said to Hammacher, "I am sorry to interrupt."

"Not at all, Senator." Hammacher sipped from his water glass. "As you can see, the interest in security was primarily from the government, and more specifically the defense community. In 1981, the Department of Defense chartered the DoD Computer Secu- rity Center which has since become the National Computer Security Center operating under the auspices of the National Security Agency. In 1983 they published a series of guidelines to be used in the creation or evaluation of computer security. Officially titled the Trusted Computer Security Evaluation Criteria, it is popularly known as the Orange Book. It has had some minor updates since then, but by and large it is an outdated document designed for older computer architectures.

"The point to be made here is that while the government had an ostensible interest and concern about the security of computers, especially those under their control, there was virtually no overt significance placed upon the security of private industry's computers. Worse yet, it was not until 1987 that any proposed criteria were developed for networked computers. So, as the world tied itself together with millions of computers and net- works, the Government was not concerned enough to address the issue. Even today, there are no secure network criteria that are universally accepted."

"Mr. Hammacher." Senator Rickfield spoke up for the first time. "You appear to have a most demeaning tone with respect to the United States Government's ability to manage itself. I for one remain unconvinced that we are as derelict as you suggest. Therefore, I would ask that you stick to the subject at hand, the facts, and leave your personal opinions at home."

Nancy Deere as well as much of the audience listened in awe as Rickfield slashed out at Hammacher who was in the process of building an argument. Common courtesy demanded that he be per- mitted to finish his statement, even if his conclusions were unpopular or erroneous.

Hammacher did not seem fazed. "Sir, I am recounting the facts, and only the facts. My personal opinions would only be further damning, so I agree, that I will refrain." He turned a page in his notebook and continued.

"Several laws were passed, most notably Public Law 100-235, the Computer Security Act of 1987. This weak law called for enhanced cooperation between the NSA and NIST in the administration of security for the sensitive but unclassified world of the Govern- ment and the private sector. Interestingly enough, in mid 1990 it was announced, that after a protracted battle between the two security agencies, the NCSC would shut down and merge its efforts with its giant super secret parent, the NSA. President Bush signed the Directive effectively replacing Reagan's NSDD-145. Because the budgeting and appropriations for both NSA and the former NCSC are classified, there is no way to accurately gauge the effectiveness of this move. It may still be some time before we understand the ramifications of the new Executive Order.

"To date every state has some kind of statute designed to punish computer crime, but prosecutions that involve the crossing of state lines in the commission of a crime are far and few between. Only 1% of all computer criminals are prosecuted and less than 5% of those result in convictions. In short, the United States has done little or nothing to forge an appropriate defense against computer crime, despite the political gerrymandering and agency shuffling over the last decade. That concludes my opening re- marks." Hammacher sat back in his chair and finished the water. He turned to his lawyer and whispered something Scott couldn't hear.

"Ah, Mr. Hammacher, before you continue, I would like ask a few questions. Do you mind?" Senator Nancy Deere was being her usual gracious self.

"Not at all, Senator."

"You said earlier that the NSA endorsed a cryptographic system that they themselves could crack. Could you elaborate?" Senator Nancy Deere's ability to grasp an issue at the roots was uncanny.

"I'd be pleased to. First of all, it is only one opinion that the NSA can crack DES; it has never been proven or disproven. When DES was first introduced some theoreticians felt that NSA had compromised the original integrity of IBM's Lucifer encryp- tion project. I am not qualified to comment either way, but the reduction of the key length, and the functional feedback mecha- nisms were less stringent than the original. If this is true, then we have to ask ourselves, why? Why would the NSA want a weaker system?"

A number of heads in the hearing room nodded in agreement with the question; others merely acknowledged that it was NSA bashing time again.

Hammacher continued. "There is one theory that suggests that the NSA, as the largest eavesdropping operation in the world wanted to make sure that they could still listen in on messages once they have been encrypted. The NSA has neither confirmed or denied these reports. If that is true, then we must ask our- selves, if DES is so weak, why does the NSA have the ultimate say on export control. The export of DES is restricted by the Muni- tions Control, Department of State, and they rely upon DoD and the NSA for approval.

"The export controls suggest that maybe NSA cannot decrypt DES, and there is some evidence to support that. For example, in 1985, the Department of Treasury wanted to extend the validation of DES for use throughout the Treasury, the Federal Reserve System and member banks. The NSA put a lot of political muscle behind an effort to have DES deaffirmed and replaced with newer encryption algorithms. Treasury argued that they had already adapted DES, their constituents had spent millions on DES equip- ment for EFT and it would be entirely too cumbersome and expen- sive to make a change now. Besides, they asked, what's wrong with DES? They never got an answer to that question, and thus they won the battle and DES is still the approved encryption methodology for banks. It was never established whether DES was too strong or too weak for NSA's taste.

"Later, in 1987, the NSA received an application for export of a DES based device that employed a technique called infinite en- cryption. In response to the frenzy over the strength or weakness of DES, one company took DES and folded it over and over on itself using multiple keys. The NSA had an internal hemorrhage. They forbade this product from being exported from the United States in any form whatsoever. Period. It was an extraordinary move on their part, and one that had built-in contradictions. If DES is weak, then why not export it? If it's too strong, why argue with Treasury? In any case, the multiple DES issue died down until recently, when NSA, beaten at their own game by too much secrecy, developed a secret internal program to create a Multiple-DES encryption standard with a minimum of three sequen- tial iterations.

"Further embarrassment was caused when an Israeli mathematician found the 'trap door' built into DES by the NSA and how to decode messages in seconds. This quite clearly suggests that the gov- ernment has been listening in on supposedly secret and private communications.

"Then we have to look at another event that strongly suggests that NSA has something to hide."

"Mr. Hammacher!" Shouted Senator Rickfield. "I warned you about that."

"I see nothing wrong with his comments, Senator," Deere said, careful to make sure that she was heard over the sound system.

"I am the chairman of this committee, Ms. Deere, and I find Mr. Hammacher's characterization of the NSA as unfitting this forum. I wish he would find other words or eliminate the thought alto- gether. Mr. Hammacher, do you think you are capable of that?"

Hammacher seethed. "Senator, I mean no disrespect to you or this committee. However, I was asked to testify, and at my own ex- pense I am providing as accurate information as possible. If you happen to find anything I say not to your liking, I do apologize, but my only alternative is not to testify at all."

"We accept your withdrawal, Mr. Hammacher, thank you for your time." A hushed silence covered the hearing room. This was not the time to get into it with Rickfield, Nancy thought. He has sufficiently embarrassed himself and the media will take care of the rest. Why the hell is he acting this way? He is known as a hard ass, a real case, but his public image was unblemished. Had the job passed him by?

A stunned and incensed Hammacher gathered his belongings as his lawyer placated him. Scott overheard bits and pieces as they both agreed that Rickfield was a flaming asshole. A couple of reporters hurriedly followed them out of the hearing room for a one on one interview.

"Is Dr. Sternman ready?" Rickfield asked.

A bustle of activity and a man spoke to the dais without the assistance of a microphone. "Yessir, I am."

Sternman was definitely the academic type, Scott noted. A crum- pled ill fitting brown suit covering a small hunched body that was no more than 45 years old. He held an old scratched brief- case and an armful of folders and envelopes. Scott was reminded of the studious high school student that jocks enjoy tripping with their feet. Dr. Sternman busied himself to straighten the papers that fell onto the desk and his performance received a brief titter from the crowd.

"Ah, yes, Mr. Chairman," Sternman said. "I'm ready now." Rick- field looked as bored as ever.

"Thank you, Dr. Sternman. You are, I understand, a computer virus expert? Is that correct?"

"Yessir. My doctoral thesis was on the subject and I have spent several years researching computer viruses, their proliferation and propagation." Rickfield groaned to himself. Unintelligible mumbo jumbo.

"I also understand that your comments will be brief as we have someone else yet to hear from today." It was as much a command as a question.

"Yessir, it will be brief."

"Then, please, enlighten us, what is a virus expert and what do you do?" Rickfield grinned menacingly at Dr. Les Sternman, Pro- fessor of Applied Theoretical Mathematics, Massachusetts Insti- tute of Technology.

"I believe the committee has received an advance copy of some notes I made on the nature of computer viruses and the danger they represent?" Rickfield hadn't read anything, so he looked at Boyers who also shrugged his shoulders.

"Yes, Dr. Sternman," Nancy Deere said, "and we thank you for your consideration." Rickfield glared at her as she politely upstaged him yet again. "May I ask, though, that you provide a brief description of a computer virus for the benefit of those who have not read your presentation?" She stuck it to Rickfield again.

"I'd be happy to, madam Chairwoman," he said nonchalantly. Rick- field's neck turned red at the inadvertent sudden rise in Senator Deere's stature. For the next several minutes Sternman solemnly described what a virus was, how it worked and a history of their attacks. He told the committee about Worms, Trojan Horses, Time Bombs, Logic Bombs, Stealth Viruses, Crystal Viruses and an assorted family of similar surreptitious computer programs. Despite Sternman's sermonly manner, his audience found the sub- ject matter fascinating.

"The reason you are here, Dr. Sternman, is to bring us up to speed on computer viruses, which you have done with alacrity, and we appreciate that." Rickfield held seniority, but Nancy Deere took charge due to her preparation. "Now that we have an under- standing of the virus, can you give us an idea of the type of problems that they cause?"

"Ah, yes, but I need to say something here," Sternman said.

"Please, proceed," Rickfield said politely.

"When I first heard about replicating software, viruses, and this was over 15 years ago, I, as many of my graduate students did, thought of them as a curious anomaly. A benign subset of comput- er software that had no anticipated applications. We spent months working with viruses, self cloning software and built mathematical models of their behavior which fit quite neatly in the domain of conventional set theory. Then an amazing discovery befell us. We proved mathematically that there is absolutely no effective way to protect against computer viruses in software."

Enough of the spectators had heard about viruses over the past few years to comprehend the purport of that one compelling state- ment. Even Senator Rickfield joined Nancy and the others in their awe. No way to combat viruses? Dr. Sternman had dropped a bombshell on them.

"Dr. Sternman," said Senator Deere, "could you repeat that?

"Yes, yes," Sternman replied, knowing the impact of his state- ment. "That is correct. A virus is a piece of software and software is designed to do specific tasks in a hardware environ- ment. All software uses basically the same techniques to do its job. Without all of the technicalities, if one piece of software can do something, another piece of software can un-do it. It's kind of a computer arms race.

"I build a virus, and you build a program to protect against that one virus. It works. But then I make a small change in the virus to attack or bypass your software, and Poof! I blow you away. Then you build a new piece of software to defend against both my first virus and my mutated virus and that works until I build yet another. This process can go on forever, and frankly, it's just not worth the effort."

"What is not worth the effort, Doctor?" Asked Nancy Deere. "You paint a most bleak picture."

"I don't mean to at all, Senator." Dr. Sternman smiled soothing- ly up at the committee and took off his round horn rim glasses. "I wasn't attempting to be melodramatic, however these are not opinions or guesses. They are facts. It is not worth the effort to fight computer viruses with software. The virus builders will win because the Virus Busters are the ones playing catch-up."

"Virus Busters?" Senator Rickfield mockingly said conspicuously raising his eyebrows. His reaction elicited a wave of laughter from the hall.

"Yessir," said Dr. Sternman to Rickfield. "Virus Busters. That's a term to describe programmers who fight viruses. They mistakenly believe they can fight viruses with defensive software and some of them sell some incredibly poor programs. In many cases you're better off not using anything at all.

"You see, there is no way to write a program that can predict the potential behavior of other software in such a way that it will not interfere with normal computer operations. So, the only way to find a virus is to already know what it looks like, and go out looking for it. There are several major problems with this approach. First of all, the virus has already struck and done some damage. Two it has already infected other software and will continue to spread. Three, a program must be written to defeat the specific virus usually using a unique signature for each virus, and the vaccine for the virus must be distributed to the computer users.

"This process can take from three to twelve months, and by the time the virus vaccine has been deployed, the very same virus has been changed, mutated, and the vaccine is useless against it. So you see, the Virus Busters are really wasting their time, and worst of all they are deceiving the public." Dr. Sternman com- pleted what he had to say with surprising force.

"Doctor Sternman," Senator Rickfield said with disdain, "all of your theories are well and good, and perhaps they work in the laboratory. But isn't it true, sir, that computer viruses are an overblown issue that the media has sensationalized and that they are nothing more than a minor inconvenience?"

"Not really, Senator. The statistics don't support that conclu- sion," Dr. Sternman said with conviction. "That is one of the worst myths." Nancy Deere smiled to herself as the dorky college professor handed it right to a United States Senator. "The incidence of computer viruses has been on a logarithmic increase for the past several years. If a human disease infected at the same rate, we would declare a medical state of emergency."

"Doctor," implored Rickfield. "Aren't you exaggerating . . .?"

"No Senator, here are the facts. There are currently over 5000 known computer viruses and strains that have been positively identified. Almost five thousand, Senator." The good Doctor was a skilled debater, and Rickfield was being sucked in by his attack on the witness. The figure three thousand impressed everyone. A few low whistles echoed through the large chamber. Stupid move Merrill, though Nancy.

"It is estimated, sir, that at the current rate, there will be over 100,000 active viruses in five years," Dr. Sternman dryly spoke to Rickfield, "that every single network in the United States, Canada and the United Kingdom is infected with at least one computer virus. That is the equivalent of having one member of every family in the country being sick at all times. That is an epidemic, and one that will not go away. No sir, it will not." Sternman's voice rose. "It will not go away. It will only get worse."

"That is a most apoplectic prophesy, Doctor. I think that many of us would have trouble believing the doom and gloom you por- tend." Rickfield was sloughing off the Doctor, but Sternman was here to tell a story, and he would finish.

"There is more, Senator. Recent reports show that over 75% of the computers in the People's Republic of China are infected with deadly and destructive software. Why? The look on your face asks the question. Because, almost every piece of software in that country is bootleg, illegal copies of popular programs. That invites viruses. Since vast quantities of computers come from the Pacific Rim, many with prepackaged software, new comput- er equipment is a source of computer viruses that was once con- sidered safe. Modem manufacturers have accidentally had viruses on their communications software; several major domestic software manufacturers have had their shrink-wrapped software infected.

"If you recall in 1989, NASA brought Virus Busters to Cape Kenne- dy and Houston to thwart a particular virus that threatened a space launch. A year later as everyone remembers, NASA computers were invaded forcing officials to abort a flight. The attacks go on, and they inflict greater damage than is generally thought.

"Again, these are our best estimates, that over 90% of all viral infections go unreported."

"Doctor, 90%? Isn't that awfully high?" Nancy asked.

"Definitely, yes, but imagine the price of speaking out. I have talked to hundreds of companies, major corporations, that are absolutely terrified of anyone knowing that their computers have been infected. Or they have been the target of any computer crime for that matter. They feel that the public, their custom- ers, maybe even their stockholders, might lose faith in the company's ability to protect itself. So? Most viral attacks go unreported.

"It's akin to computer rape." Dr. Sternman had a way with words to keep his audience attentive. Years of lecturing to sleeping freshman had taught him a few tricks. "A computer virus is uninvited, it invades the system, and then has its way with it. If that's not rape, I don't know what is."

"Your parallels are most vivid," said a grimacing Nancy Deere. "Let's leave that thought for now, and maybe you can explain the type of damage that a virus can do. It sounds to me like there are thousands of new diseases out there, and every one needs to be isolated, diagnosed and then cured. That appears to me to a formidable challenge."

"I could not have put it better, Senator. You grasp things quickly." Sternman was genuinely complimenting Nancy. "The similarities to the medical field cannot go unnoticed if we are to deal with the problem rationally and effectively. And like a disease, we need to predict the effects of the infection. What we have found in that area is as frightening.

"The first generation of viruses were simple in their approach. The designers correctly assumed that no one was looking for them, and they could enter systems without any deterrence. They erase files, scramble data, re-format hard drives . . .make the comput- er data useless.

"Then the second generation of viruses came along with the nom-de-guerre stealth. These viruses hid themselves more elabo- rately to avoid detection and had a built in self-preservation instinct. If the virus thinks it's being probed, it self de- structs or hides itself even further.

"In addition, second generation viruses learned how to become targeted. Some viruses have been designed to only attack a competitor's product and nothing else."

"Is that possible?" Asked Nancy Deere.

"It's been done many times. Some software bugs in popular soft- ware are the result of viral infections, others may be genuine bugs. Imagine a virus who sole purpose is to attack Lotus 123 spreadsheets. The virus is designed to create computational errors in the program's spreadsheets. The user then thinks that Lotus is to blame and so he buys another product. Yes, ma'am, it is possible, and occurs every day of the week. Keeping up with it is the trick.

"Other viruses attack on Friday the 13th. only, some attack only at a specified time . . .the damage to be done is only limited by imagination of the programmers. Third generation viruses were even more sophisticated. They were designed to do damage not only to the data, but to the computer hardware itself. Some were designed to overload communications ports with tight logical loops. Others were designed to destroy the hard disk by directly overdriving the disk or would cause amonitor to self-destruct. There is no limit to the possibilities.

"You sound as though you hold their skills in high regard, Doc- tor." Rickfield continued to make snide remarks whenever possi- ble.

"Yessir, I do. Many of them have extraordinary skills, that are unfortunately misguided. They are a new breed of bored criminal."

"You mentioned earlier Doctor, that there were over 5000 known viruses. How fast is the epidemic, as you put it, spreading?" Senator Nancy Deere asked while making prolific notes throughout.

"For all intents and purposes Senator, they spread unchecked. There is a certain amount of awareness of the problem, but it is only superficial. The current viral defenses include signature identification, cyclic redundancy checks and intercept verifica- tion, but the new viruses can combat those as a matter of rule. If the current rate of viral infection continues, it will be a safe bet that nearly every computer in the country will be in- fected ten times over within three years."

Dr. Arnold Sternman spent the next half hour answering insightful questions from Nancy Deere, and even Puglasi became concerned enough to ask a few. Rickfield continued with his visceral comments to the constant amazement of the gallery and spectators. Scott could only imagine the raking Rickfield would receive in the press, but being Friday, the effects will be lessened. Besides, it seemed as if Rickfield just didn't give a damn.

Rickfield dismissed and perfunctorily thanked Dr. Sternman. He prepared for the next speaker, but Senator Deere leaned over and asked him for a five minute conclave. He was openly reluctant, but as she raised her voice, he conceded. In a private office off to the side, Nancy Deere came unglued.

"What kind of stunt are you pulling out there, Senator?" She demanded as she paced the room. "I thought this was a hearing, not a lynching."

Rickfield slouched in a plush leather chair and appeared uncon- cerned. "I am indeed sorry," he said with the pronounced drawl of a Southern country gentleman, "that the young Senatoress finds cross examination unpleasant. Perhaps if we treated this like a neighborhood gossip session, it might be easier."

"Now one damned minute," she yelled while pointing a finger right at Rickfield. "That was not cross-examination; it was harassment and I for one am embarrassed for you. And two, do not, I repeat, do not, ever patronize me. I am not one of your cheap call girls." She could not have knocked Rickfield over any harder with a sledgehammer.

"You bitch!" Rickfield rose to confront her standing nine inches taller. "You stupid bitch. You have no idea what's at stake. None. It's bigger than you. At this rate I can assure you, you will never have an ear in Washington. Never. You will be deaf, dumb and blind in this town. I have been on this Hill for thirty years and paid my dues and I will not have a middle aged June Cleaver undermine a lifetime of work just because she smells her first cause."

Undaunted, Nancy stood her ground. "I don't know what you're up to Senator, but I do know that you're sand bagging these hear- ings. I've raised four kids and half a neighborhood, plus my husband talked in his sleep. I learned a lot about politicians, and I know sand bagging when I see it. Now, if you got stuck with these hearings and think they're a crock, that's fine. I hear it happens to everyone. But, I see them as important and I don't want you to interfere."

"You are in no position to ask for anything."

"I'm not asking. I'm telling." Where did she get the gumption, she asked herself. Then it occurred to her; I'm not a politician, I want to see things get fixed. "I will take issue with you, take you on publicly, if necessary. I was Presi- dent of the PTA for 8 years. I am fluent in dealing with bitches of every size and shape. You're just a bastard."

****************************************************************