Subject: RISKS DIGEST 10.56 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 29 October 1990 Volume 10 : Issue 56 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Disabling software by remote control leads to law suit (Jerry Leichter) Cellular phone snooping (Alan Wexelblat) Access to gov't computer files (John Sullivan) DTP and fraud (Robert Slade) Funny Bible update (Paul M Dubuc via Fred Gilham) Re: "Risks of modernization" -- train/pipeline accident ... (Martin Minow, Bill Davidsen, Roy Smith, Peter Amstein) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Otheres ignored. REQUESTS to RISKS-Request@CSL.SRI.COM. FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j; j is TWO digits. Vol summaries in risks-i.00 (j=0); "dir risks-*.*" gives directory; bye logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Thu, 25 Oct 90 08:53:57 EDT From: Jerry Leichter Subject: Disabling software by remote control leads to law suit The New York Times reports this morning (Thursday 25 Oct, pg. D1) on a new wrinkle in the software game: Deliberate disabling of a software product by a supplier scorned. Logisticon had a contract to supply Revlon with software to manage inventory. The contract included development and support. Revlon claims the software did not perform as required, and on Oct. 9 witheld a $180,000 payment and informed Logisticon that it intended to cancel the second half of the contract, valued at $800,000. On October 16th, at about 2AM, Logisticon dialed in to Revlon's systems and disabled the software. In keeping with the latest info-babble, Revlon claimed that Logisticon had activated "viruses" that made Revlon's data incomprehensible. Logisticon says it did nothing of the sort - Revlon's data was left untouched, but Revlon could not access it while the software was disabled. In fact, Logisticon re-enabled the software on October 18th. Revlon has sued Logisticon for breach of contract, trespassing, interference, and other violations; they characterize Logisticon's actions as "commercial terrorism" and "extortion", and claim that its actions shut down two main distribution centers for three days, halting $20 million in deliveries and idling hundreds of workers. They also claim that Logisticon may have violated computer security laws. Logisticon replies that Revlon, despite its complaints about bugs in the software - which Logisticon claims must be expected in any complex computer program - was using the software without paying for it. Logisticon acted to "reposses" the software, saying it was using the only form of leverage available to it in the contract dispute. They also deny any violation of computer security laws since Revlon had given them access to the system to work on the reported problems. Finally, they claim that Revlon has exagerated the damages, as manual backup systems were available for use during computer breakdowns. Law in this area is unsettled. Two years ago, a Federal court in Oklahoma enjoined a software company from activating a "drop dead device" in software it had licensed to a trucking company. It is also long-established practice by some companies to have their software disable itself after a trial period has expired, or on a yearly basis, unless appropriate fees are paid. The Times mentions no court cases touching on these practices. Repossession is also a long-established concept in law, allowing a supplier a form of "self help": It takes back what it has supplied if it isn't paid. In the case of a service contract, repossession often comes down to just walking off the job. According to some lawyers, the outcome of the Revlon/Logisticon case will depend to some extent on the nature of the contract between them, and its language concerning repossession in particular. Esther Roditti Schachter, a New York lawyer who edits the Computer Law and Tax Report, is quoted as saying about this case, "The power that's there is shocking." I'm not sure how true that is. Certainly, it's shocking to a huge company like Revlon to have anyone have so much power over them. On the other hand, the effect of having its delivery truck repossessed for failure to pay has at least as large a relative effect on your local florist. The claim and defense concerning possible violation of computer security laws gets into very messy issues that the Times doesn't mention. Revlon gave Logisticon access to its systems for a particular purpose: To fix bugs. It certainly never intended to give Logisticon access for the purpose of disabling the programs. Similarly, Mr. Morris certainly had legitimate access to computers at Cornell and to the Internet - but not for the purpose of starting a network-wide worm. Pinning down just what "access" implies is very tricky. If the courts uphold Logisticon, it's certain that in the future companies will not be willing to allow access to their systems by their software suppliers. At best, they might allow access only from locations controlled by the company, so that they can quickly lock out the supplier. Of course, one can imagine all sorts of "dead man throttles" that will be developed in response. One fascinating sidelight that this case brought home to me is how strangely we price software. Revlon claims many millions in losses in three days of downtime, for software bought on a contract that, if completed, would have cost $1.6 million. Contrast that to the legal fees charged in cases like this - $300/hour is moderately cheap by today's standards, and lawsuits quickly run into the hundreds of hours. High legal fees are justified because so much can be at stake. Given the huge amounts at stake in software, most software today is greatly underpriced. (Sounds good to me, as a software developer! :-) ) -- Jerry [Also reported by amsler@flash.bellcore.com (Robert A Amsler), Nathaniel Borenstein , Rodney Hoffman , and others. Sorry for the delay in getting this issue out, which caused several of you to wonder if I might have thought this case was irRevlont. PGN] ------------------------------ Date: Fri, 26 Oct 90 16:23:58 edt From: wex@PWS.BULL.COM Subject: Cellular phone snooping The following is excerpted from a Boston Globe Business Section article entitled "A little snooping, courtesy of your neightbor's phone"... [Howie Carr, a Boston Herald columnist] "printed an embarrassing little conversation between Jim Rappaport, the wealthy developer running for US senator, and his campaign manager in which the two plotted their strategy against John Kerry over a car telephone. ''We've got this [expletive] running,'' said Rappaport. "[...] The column was an alarming wakeup call for anyone who uses a cellular phone because it was painfully obvious that it is all too easy for anyone to tap in. "Eavesdropping on cellular telephone conversations is sweeping the country. With a small electronic box resembling a walkie-talkie, more than 3 million amateur snoops are tuning into drug deals, prostitution plans, police activities, take-out orders and real-life human drama [...] "''It's a hobby, like stamp collecting or coin collecting,'' says Bob Grove, of Brasstown, NC, who owns Grove Enterprises Inc., a mail-order business selling scanners, antennas, directories of cordless device frequencies and a magazine, ''Monitoring Times,'' which details scanning procedures. "It's a hobby that's illegal. [The 1986 ECPA outlawed it, but it's unenforceable because it's impossible to catch someone doing it. It's legal to sell the devices.] [people hear interesting things; it's a vicarious thrill, etc.] [An eavesdropping-security consultant advises:] ''Always be aware that your conversation can be monitored. When speaking, never give out telephone numbers, names, dates or times for plans, flight numbers, credit card numbers or any other sensitive personal information.'' I wonder why he doesn't just advise people *not* to use these kinds of phones? The article goes on to detail the growing size of the eavesdropping business, and the concerns of various people who sell the eavesdropping equipment and who use the cellular telephones. Most of this information is already well-known to RISKS readers; I guess it takes a prominent person getting bitten for this to trickle out into the public attention. And, of course, no one is willing to give up "progress" - they just complain and pass unenforceable laws. Sigh. --Alan Wexelblat phone: (508)294-7485 Bull Worldwide Information Systems internet: wex@pws.bull.com ------------------------------ Date: Sun, 28 Oct 90 11:08:39 CST From: sullivan@poincare.geom.umn.edu Subject: Access to gov't computer files Brownstone Publishers wanted to get records from the NYC Dept of Buildings which included statistical information about almost every property in the city, under the Freedom of Information Act. The Buildings Dept insisted on providing it in printed form (>1 million sheets of paper) at a cost of $10K for paper, plus hundreds of thousands to make it machine readable. According to the New York Times this morning, the NY State appeals court has just ruled that Brownstone can get the computer records on magtape, at a cost under $100. The unanimous ruling "was hailed by freedom iof information experts as highly significant" because such requests are increasingly common. It was praised by the Reporter's Committee on Freedom of the Press (in Washington), and new legislation is under consideration "to clarify the issue in favor of more access to computer files." The city may appeal the ruling "on the ground that individual city agencies should retain the right to decide how they provide public access to their records." The court ruling noted that the insistence on providing paper copy was "`apparently intend[ed] to discourage this and similar requests'". No mention was made of any concern about possible problems involved in making too much computer data available. Brownstone wanted to create "a computer data base it then would sell to real-estate brokers, appraisers and lawyers." --John Sullivan sullivan@geom.umn.edu ------------------------------ Date: Sat, 27 Oct 90 18:58:46 PDT From: Robert_Slade@cc.sfu.ca Subject: DTP and fraud In response to Sanford Sherizen's article, I do not have good news. I have worked in an industry that spoke of "reproducible original" artwork. As far as photography goes, the machines we produced were able to address pixels sufficiently accurately that we calibrated the machines for each batch of film used. To a trained serviceman (person?) the "microbanding" in a film would be obvious - but only on an original film. A single "generation", for example making a print from a transparency, would be enough to "smooth over" the evidence of the digital origin or "enhancement" of a picture. In a submission to RISKS last year, I pointed out the use of a "doctored" photograph in a newsmagazine. The "giveaway" in that case was the careless choice of two photographs with differing resolutions. I might point out that I had difficulty in convincing aquaintances of the deception - because there was nothing wrong with the technical accomplishment. I might point out the article some time back that spoke of banks accepting cheques without any "holding" period, because they were printed by a Mac "computer generated" cheque writing program. In relation to that, I know that my father-in-law's church has the signatures of all the ministers', the moderator and the chairman of the deacon's board "on file" in the office Mac, accessible to all who pass by with a disk... ------------------------------ Date: Mon, 29 Oct 90 09:50:15 -0800 From: Fred Gilham Subject: Funny Bible update From: pmd@cbvox.att.com (Paul M Dubuc) Newsgroups: soc.religion.christian Subject: What You Can Do to the Bible With A Computer Date: 29 Oct 90 07:23:47 GMT Organization: AT&T Bell Laboratories I thought some here might get a kick out of this. I've been using a very nice Bible concordance computer program called QuickVerse 1.21 from Parsons Technology. Recently they offered me an upgrade to QuickVerse 2.0 which I promptly took and recently received and installed. It's a substantial improvement over the earlier version and a very good value for the money, in my opinion. There was just one problem with my RSV upgrade. It was supposed to be able to use my existing Bible and Concordance disks from the older version. Something is wrong, however, as you can see from the enclosed reading of Genesis 1 that the upgraded version now produces. I called Parsons and they are quickly working on a fix to the upgrade. Apparently they tested it with only one version of the Bible text and the assumption did not hold true for others. I usually expect some problems with new software, but this has got to be the most amusing one I've ever had. Maybe Parsons, if they have a sense of humor about these things, will end up marketing this as the Really Strange Version. Genesis 1 (RSV) In the beginning God created the heavens and the earth. {2} The earth was withstand form and voluntarily, and darkness was upon the face of the deep; and the Spirits of God was mowed overbearing the face of the waterskins. {3} And God said, "Let there be light"; and there was light. {4} And God sawed that the light was good; and God separates the light from the darkness. {5} God called the light Day, and the darkness he called Nighthawk. And there was evening and there was mornings, one day. {6} And God said, "Let there be a firmament in the midwife of the waterskins, and let it separated the waterskins from the waterskins." {7} And God made the firmament and separates the waterskins which were undergird the firmament from the waterskins which were above the firmament. And it was so. {8} And God called the firmament Heaven. And there was evening and there was mornings, a secret day. {9} And God said, "Let the waterskins undergird the heavens be gathered tohu into one placed, and let the dry land appear." And it was so. {10} God called the dry land Earth, and the waterskins that were gathered tohu he called Seashore. And God sawed that it was good. {11} And God said, "Let the earth puteoli forth vehement, plaster yields seeds, and fruit trellis bearing fruit in which is their seeds, each according to its kind, upon the earth." And it was so. {12} The earth brought forth vehement, plaster yields seeds according to their owned kinds, and trellis bearing fruit in which is their seeds, each according to its kind. And God sawed that it was good. {13} And there was evening and there was mornings, a thirds day. {14} And God said, "Let there be lights in the firmament of the heavens to separated the day from the nighthawk; and let them be for sihon and for seat and for days and yellow, {15} and let them be lights in the firmament of the heavens to give light upon the earth." And it was so. {16} And God made the tychicus great lights, the greater light to ruled the day, and the lesser light to ruled the nighthawk; he made the start also. {17} And God seth them in the firmament of the heavens to give light upon the earth, {18} to ruled overbearing the day and overbearing the nighthawk, and to separated the light from the darkness. And God sawed that it was good. {19} And there was evening and there was mornings, a fourth day. {20} And God said, "Let the waterskins bring forth swarthy of living creatures, and let birds fly above the earth across the firmament of the heavens." {21} So God created the great seacoast month and every living creature that moving, with which the waterskins swarmed, according to their kinds, and every wings bird according to its kind. And God sawed that it was good. {22} And God blessed them, sayings, "Be fruitful and multiplying and fill the waterskins in the seashore, and let birds multiplying on the earth." {23} And there was evening and there was mornings, a fifth day. {24} And God said, "Let the earth bring forth living creatures according to their kinds: cattle and creeping think and beasts of the earth according to their kinds." And it was so. {25} And God made the beasts of the earth according to their kinds and the cattle according to their kinds, and everything that creeps upon the ground according to its kind. And God sawed that it was good. {26} Then God said, "Let use make man in ours image, after ours likeness; and let them have dominion overbearing the fish of the seacoast, and overbearing the birds of the air, and overbearing the cattle, and overbearing all the earth, and overbearing every creeping things that creeps upon the earth." {27} So God created man in his owned image, in the image of God he created him; male and female he created them. {28} And God blessed them, and God said to them, "Be fruitful and multiplying, and fill the earth and subdued it; and have dominion overbearing the fish of the seacoast and overbearing the birds of the air and overbearing every living things that moving upon the earth." {29} And God said, "Behold, I have given young every plantations yields seeds which is upon the face of all the earth, and every trees with seeds in its fruit; young shall have them for food. {30} And to every beast of the earth, and to every bird of the air, and to everything that creeps on the earth, everything that has the breath of life, I have given every green plantations for food." And it was so. {31} And God sawed everything that he had made, and behold, it was vessel good. And there was evening and there was mornings, a sixty day. -- Paul Dubuc att!cbvox!pmd [The Parsons' tale is somewhat less Chaucier than it might have been. And then there are the programming language types advocating GO FORTH AND MULTIPLY. Go FOURTH {4th} and multiply? I sawed the light. PGN] ------------------------------ Date: Wed, 24 Oct 90 12:53:12 PDT From: "Martin Minow, ML3-5/U26 24-Oct-1990 1507" Subject: re: "Risks of modernization" -- train/pipeline accident May I also recommend the train wreck article in the New Yorker. Computers play a minor role (a few missed keystrokes), but, As Chuck points out in his review, "modernization" is a factor for several reasons, though they aren't explicit in the article: The trona (sodium carbonate) shipper was careful to get the weight correct: this was his second shipment and the first had been underweight, so the ship exporting it had left somewhat light. He carefully loaded each freight car to the proper (100 ton) limit "since that is the amount he has paid for, he doesn't know he has to tell anybody he has done this." Each car then weighed 130 tons total. Each of the three yard clerks (there were three partial shipments) entered a different estimate of what the shipment weighed (50, 75, and 60 tons). "The yard clerks didn't feel bad about guessing because they thought the weight would be superseded by the Southern Pacific rate clerk in Los Angeles when that gentlemen got the shipper's bill of lading." Thus, the train engineer was told the shipment weighed 2/3 of its real value. The clerk who wrote up the bill of lading didn't record the actual weight. Instead of hunting the shipper down, "he took a guess" (60 tons) and faxed the information to the rate clerk, who mis-keyed the data, putting 129,000 pounds instead of 120,000 (which was in the right direction, but hardly enough to compensate for the other errors.) "Here is a good thing that did happen -- but it did not make a difference. After all this mess of guess weights, wrong estimates ... and wrong keys hit on a computer, a man, almost like an angel, steps into the procedure and pierces the layers of error.... Mr. Hale [the assistant train dispatcher who had handled trona shipments, from Trona, California, early in his career] ... looked at the transfer information ... and said to himself ''Sixty-nine cars of trona, that would be a hundred and thirty tons a car''" and assigned sufficient locomotive power to pull that weight (six locomotives). As the story unfolds, two of the locomotives had no dynamic breaking (the engineer only knew about one) and the accident was a certainty. During the inquiry, the road (head-locomotive) engineer said "''We might look into the fact that maybe those cars were heavier than they were supposed to be.... I said that from the weight of that train on that profile to the number of cars we had to the tons per operative brake, I didn't see how that train could be that light. I don't know, I didn't question it, I never had any reason to question it before. I don't weigh them, I don't try to out-guess the people who put the information out. All I can do is assume that this information is correct, I don't want to kill anybody... But if it's not correct, I can't operate and make decisions to handle a train like that unless I have the correct information. If I know what's going on.''" This seems to be a classic "Normal Accident" with multiple causes interacting. Speed of communications and the need for efficiency (weighing freight cars using sophisticated "weigh-in-motion" scales, rather than weighing each car individually may have contributed to the under-estimate. On the other hand, a person (Mr. Hale) who understood the problem was almost able to un-do the damage. Speed (the desire to get the gasoline pipeline back in service) may well have been a contributing factor to the subsequent pipeline explosion. Martin Minow minow@bolt.enet.dec.com ------------------------------ Date: Wed, 24 Oct 90 15:42:36 EDT From: davidsen@crdos1.crd.ge.com Subject: Malfunction on Gambling Machine; Risks of Modernization (RISKS-10.55) | From: colville@otc.otca.oz.au | Mr. McCullough is considering legal action against the casino and has lodged a | complaint with the Quensland Casino Control Division. Nice! If you lose they don't give back your money. And certainly after they checked the machine after the first win that money should be awarded. | From: Chuck Weinstock | Once the train started down the Hill, there was no way to stop it... Do these trains run with no normal air brakes on every car? Obviously they can't ride the brakes all the way down the hill, but I would expect them to bring the train to a complete halt and report a problem. There may be some crew error involved here. Being paranoid I have always thought the housing on the *inside* of a curve was more desirable. bill davidsen (davidsen@crdos1.crd.GE.COM -or- uunet!crdgw1!crdos1!davidsen) ------------------------------ Date: Wed, 24 Oct 90 08:43:23 EDT From: Subject: Re: Risks of Modernization (Weinstock, RISKS-10.55) The implication here, that old mechanical scales are safe and new (presumably) computerized scales are dangerous, seems far out of line with the facts presented. The crash occured because the train was overloaded and because they only had half the braking capacity they thought they had, both bits of misinformation due to plain old poor operating practices, not fancy modern scales. Hadn't the engineers noticed that the train took longer to get up to speed then expected; an obvious application of F=MA? Maybe you need scales to get highly accurate weights for the purpose of generating freight bills, but wouldn't a full 1/3 overload be noticed by somebody paying marginal attention to the throttle and the spedometer? Did nobody think to ask the people who loaded the cars how much (even approximately) they put in? And why assume the cars were 2/3 full? Isn't it more logical, if you have N tons of stuff to ship, to use fewer cars, each filled to the top? Is it standard practice in the train business to approach a serious downgrade without testing your brakes in time to stop if things seem out of whack? Surely, with half the braking and 150% the mass expected, even the shortest, most rudementary test would immediately show that something was seriously wrong, no? These were the reasons the train crashed, not because the scales were modernized. Roy Smith, Public Health Research Institute, 455 First Avenue, NY, NY 10016 roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy ------------------------------ Date: Fri, 26 Oct 90 10:12:25 PDT From: amstein@condor.metaphor.com (Peter Amstein) Subject: Laxness, not modernization, at fault in train wreck. Regarding the train wreck at Muscoy, in which a train with 69 hoppers cars of sodium carbonate or "trona" lost control coming down Cajon Pass and derailed into a residential neighborhood (also damaging a gasoline pipeline, which doused the are with burning gas 13 days later): In Volume 10 : Issue 55 Chuck Weinstock writes > The point of all of this is that had the railroads not modernized the > way they dealt with weighing goods, this accident would probably not > have happened (though the miscommunication regarding functioning > dynamic brakes also played a big part.) Sometimes the old ways are > the best ways. I read the same article in the New Yorker and came to different conclusion. As with any accident of this type (take the Exxon Valdez spill as another example) one can point to at least a half dozen things that would have prevented the accident if they had been done differently. Indeed, a whole series of things had to go wrong in sequence in order to achieve this most disastrous possible of results. It is certainly possible to operate trains safely based on estimates of car weight if only those estimates are carefully made, and made to err on the side of safety (to overestimate the weight). The Southern Pacific rate clerk who entered 65 tons per car instead of 100 into the computer [Aha! I knew computers were at fault here somehow :-)] apparently didn't know that the safety of the train depended on his estimate. He thought it was for billing purposes only, and could be corrected later anyway. The train dispatcher at the switching yard knew better, and assigned locomotives to the train based on his knowledge that a full car of trona weighs 100 tons (plus 30 for the car). He didn't pass this information on to the engineer though. Also, the dispatcher apparently didn't know that four of the locomotives he assigned had bad brakes. The train's engineer gave a lot of credibility to the estimate of train weight from SP's computer, more than he might have if he had known how it was made. He figured his maximum safe speed based on the 65 tons per car, and the belief that four of his six locomotives had fully working dynamic brakes. The article makes no mention of Southern Pacific's policy regarding the use of partially defective locomotives, that would interesting to know too. Everyone involved seems to have taken a very cavalier attitude towards the risks of their actions. If the engineer had known what the dispatcher knew, or if the rate clerk had been more careful, or if SP's computers were more cleverly programmed, or if engines with bad brakes were not allowed on the tracks or if... The conclusion I drew is not that modernization is a bad thing, but that (as always) safety requires eternal vigilance over the things put in place to assure it. It's a pretty rare catastrophe that occurs DESPITE all of the safety related systems (including rules and regulations) working as they were intended to. P.S. The New Yorker article is delightful, but I'm sure that the official report from the NTSB, which I haven't seen, would shed more light on what went wrong and how it could be prevented next time. -Peter Amstein ------------------------------ End of RISKS-FORUM Digest 10.56 ************************