There are, however, more esoteric security measures being developed by computer companies. Callback is a recently-devised procedure where the user telephones the computer, the computer compares their number with a list of approved user numbers and calls the user back if the numbers match. User Verification/Encryption is a system still under development where a microchip in the user's terminal identifies them as authorized and translator encoded data coming from the main computer.

But nothing is perfect. "If people try hard enough and long enough and are cunning enough they can penetrate almost anything," Ganaghan says. Further, even the most effective security system is helpless against an inside attack--the kind of computer crime security consultants say is most frequently practiced. "Insider crime, people stealing data or money using information they've gotten during the course of the day, is definitely our biggest problem," says Jim Greenleaf a computer crime specialist at FBI headquarters in Boston.

Santis speaks of similar problems: as technology increasingly centralizes operating procedures but diversifies access "you're getting a potentially dangerous change in areas like separation of duties," he says. "Whereas before you'd have one guy who'd write the check now they're being done by the same data operator." It is from inside and costs the company $500,000 whereas average white-collar crimes are for $20,000," Santis says.

To prevent this new kind of criminal activity, computer users and manufacturers are pushing for touch new laws against "illegal entry," and "illegal manipulation of data." "To a great extent, if there are laws that have teeth in them, they can discourage a lot of the [criminal] actions we're talking about," says Ganaghan Prime and other Massachusetts high technology companies have been working with the Lioutenant Governor's Office for the past year deafting what many consultants call model computer crime legislation. Under the proposed law unauthorized users of computer systems would be viewed as electronic trespassers and suffer stiff penalties for violating corporate or individual privacy by unwanted intrusion. Penalties for data theft or electronic manipulation of data would also be increased by the bill.

Although the measurer has been highly praised in the computer industry politicians have levied same stern criticisms. "We sat down with a panel of people from the legal area and scientists to try to define the terms of the legislation and found that they couldn't even agree on what was meant by "computer" says Lisa Herwitt, legislative analyst to House Majority Leader W. Paul White (D-Derchester). "There were also questions about the penalties; the type of activities that they were trying to attach penalties to were much different if they were done manually," she added. According to Hewitt, the bill is unlikely to receive a hearing this year but a new version will be presented for debate before the House sometime in 1985.

With or without the new Massachusetts legislation the exploding concern with legal action against computer mischief-makers or downright thieves has caught law-enforcement agencies flat-footed. "I don't think we really have a handle on the problem. We're spending a 1st of time right now getting our agents trained so that they can understand the way the system operates," says Greenleaf. Indeed, he adds, "there's no federal statute as it stands now that allows the FBI to get involved in computer crime . . . Generally speaking, we go in through trespassing or fraud-by-wire statutes." The FBI has from one to ten of its 200 New England agents concentrating on computer crime at any given time, Greenleaf says.

Unlikely though it may seem, it is the Customs Service and the Department of Commerce that are the federal agencies with the largest and most active computer monitoring operations "Computers are a major concern to the Administration at large. Higher technology is considered a matter of extreme importance because it is seen to have military applications, says Dan Landra, a Public Information Director for the Commerce Department. In general, the two agencies are most concerned with preventing resale of sensitive computer equipment to the Soviet Union through "false front" exporting companies that purchase equipment for an authorized destination and then reroute it behind the Iron Curtain.

"Typically a U.S. manufacturer will be approached by an exporter who claims to be shipping the product to West Germany, say. They sell the material to another exporter--perhaps it goes to Sweden instead--and they send it to the Soviet Union," explains Prime's Ganaghan. It was this kind of smuggling ring that made headlines earlier this fall when Swedish and U.S. Customs intercepted a shipment of Digital VAX computers bound originally for West Germany but headed instead to a destination in the Soviet Bloc. VAX computers have potential military applications, according to the Defense Department. As a result of the bust, a part of the Custom Service's counter-intelligence Operation EXODUS, Digital lost its general export license for several months. Without a general license, the company was forced to apply to the Commerce Department for special permission every time it wanted to ship a computer out of the country. "If you're doing a bit of selling that's obviously a cumbersome procedure," says security consultant Kay, Customs officials refused last week to comment on EXODUS, which is still running a number of sensitive under cover investigations.

Although it did not permanently damage Digital's position, the temporary license suspension has prompted manufacturers to take a close look at their own responsibilities. While businesses might previously have looked the other way to turn a quick sale with unauthorized export firms, they now reject those offers out of hand. "We simply don't do business with those companies," says Ganaghan. We just comply with the law and maintain a very low profile says Michael Ferrante, a Corporate Public Relations Specialist with Wang Computers. The nature of corporate Public Relations Specialist with Wang Computers. The nature of corporate compliance is clearly defined by the government: computer companies must first obtain sufficient documentation and verification to know positively who the final recipient of their products will be and second they must not do business with companies on the Defense or Commerce Departments unauthorized list Companies on the unauthorized list have proven untrustworthy in their descriptions of product destinations according to the Commerce Department.

So your operating system is secure your passwords are changed every day and the whole computer system is monitored around the clock by a trained team of security agents. You still aren't safe. Companies that like banks demand absolute security for their data are responsible for the development of a curious new breed of companies known as disaster recovery specialists. With names like Phoenix Systems Comdisco Disaster Recovery Systems and The Iron Mountain Group these firms operate heavily guarded bunkers and caves across the country where magnetic tape can be stored safe from fire, flood or theft. For fees that run to more than $10,000 each month these and similar companies have "hot sites" where computers compatible with your own hum day and night--standing by in the case of an emergency. For smaller fees "shells" empty rooms fitted with telephone and electrical connections, can host a replacement computer that you procure and provide a temporary base of operations while you refit your headquarters.

Some companies go even farther. The Hewlett-Packard site in Loveland is one example, the underground vault constructed in Rhode Island by a consortium of banks to store electronic data during a nuclear war is a another, and the subterranean vault run for AT&T by Vital Records, Inc, in Raritan N.J. is a third. Isn't that comforting; even after a nuclear war, you'll still get your telephone bill.