Subject: RISKS DIGEST 10.73 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 21 December 1990 Volume 10 : Issue 73 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: *** HAPPY HOLIDAYS *** HERO - Hazard of Electromagnetic Radiation to Ordnance (Rodney Hoffman) Washington (state) E-mail Privacy Suit (Peter Marshall) Re: Process control risks discussed in IEEE Software (Nancy Leveson) Re: "Computer Models Leave U.S. Leaders Sure of Victory" ... (P.G. Capek, Jerry Hollombe, Neil Galarneau) Risks of Automated Collections and a Happy Ending (L.J. Hoffman) Re: The topic that wouldn't die: telephone voting (Gregory G. Woodbury) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j; j is TWO digits. Vol summaries in risks-i.00 (j=0); "dir risks-*.*" gives directory; bye logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri, 21 Dec 1990 13:47:30 PST From: Rodney Hoffman Subject: HERO - Hazard of Electromagnetic Radiation to Ordnance Summary of a 30-column-inch article in the Dec. 21, 1990 'Los Angeles Reader' (see final paragraphs below): WORLD'S MOST ADVANCED ARMY IS IN DANGER OF ZAPPING ITSELF The Hazard of Electromagnetic Radiation to Ordnance, Or, How an Electronic Accident Could Ignite a Gulf War By Patricia Axelrod and Capt. Daniel Curtis (USAF Ret.) HERO, a feature of the electronic battlefield the Pentagon prefers to keep secret, can launch a rocket or crash a plane without warning. During the Libyan air strike, it caused an American fighter bomber to crash and accidentally bomb friendly embassies and residences. USAF Col. Charles Quisenberry says electronic emissions from US weapons "were interfering with each other" in the Libyan attack, and that "we did it [the mishaps] to ourselves." He also blames HERO for a series of UH-60 Black Hawk Army helicopter crashes. Quisenberry is conducting a classified 3-year study of HERO called the Joint Electromagnetic Interference Study -- JEMI. Quisenberry says preliminary JEMI findings are that combinations of US weapons transmitting radio waves at certain frequencies can bring down an aircraft by putting it into an uncommanded turn or dive or by turning off its fuel supply. The Pentagon classifies the electroexplosive device (EED), as especially HERO-prone. The EED is used universally throughout the weapons industry as a fuse trigger, activating everything from artillery to nuclear missiles. Charles Cormack, Navy EED specialist, claims that the EED has caused 25 weapons accidents, but civilian experts believe that there have been many more. Defective wiring such as "Kapton," which can cause HERO, is reported to be used on more than 50 types of aerospace vehicles. Among many possible HERO-caused accidental firings, explosions, bombings, crashes, etc., a worst case scenario might be the accidental explosion of a Tomahawk or other nuclear device. The electromagnetic pulse following such an explosion could then trigger HERO chain reactions. - - - - [end of article summary] The 'Los Angeles Reader' is a weekly give-away not generally known for its hard news coverage, nor for any attempt at "balance" in its stories. At the end of the article I've excerpted, an editorial note says it "is based on ... findings extracted from personal interviews ... government and military documents, accident and mishap reports released through the Freedom of Information Act, and newspaper and journal articles, and expert research papers. It was made possible in part by a grant from The John D. and Catherine T. MacArthur Foundation ... for Research in Peace, Security and International Co-operation." [Los Angeles Readers not to be confused with Los Angeles Raiders, who have a newly regained electromagnetic pulse each week. PGN] ------------------------------ Date: Wed, 19 Dec 90 09:32:40 PST From: peterm@halcyon.UUCP (Peter Marshall) Subject: WA E-mail Privacy Suit >From Jim Simon, "Computer Privacy at Issue in Suit," THE SEATTLE TIMES, 9/17/90, D1: Like thousands of other state employees, Ron Collins figured the confidential computer messages he sent...couldn't be read by his bosses or anyone else. He figured wrong. The agency[Labor & Industries]in what officials say was an unprecedented monitoring of a state employee's private computer files, secretly retrieved and copied Collins' "electronic mail" messages as part of an investigation into whether he was improperly using state computers. In turn, Collins and the Washington Federation of State Employees filed suit last week...alleging the agency violated state privacy statutes, including those preventing wiretapping or other electronic surveillance without a court order.... the Collins case is already attracting national attention.... "We're in an era where every advance in technology means that each case like this brings us to the next frontier of privacy laws," says Sharon Beckman, an attorney for the...Electronic Frontier Foundation.... Collins...came under scrutiny in June after a supervisor noticed a message written by him on an open computer screen. Joe Dear, director of labor and industries, said the message prompted such concern that the agency--after getting approval from the state attorney general's office--had the Department of Information Services retrieve all of Collins' messages in early June.... Union officials said workers were never told the system couldn't be used for personal messages. They note that the use of electronic mail--a system known as PROFS and used by 3,000 state employees--requires a password.... "I think this is going way overboard, way too intrusive," said Gary Moore, head of the state employees union.... Collins' suit is one of a handful of of similar cases around the nation.... The problem, many observers say, is that privacy laws designed for telephones and telegraphs are being made obsolete by telecommunications advances. Privacy advocates around the nation have battled against caller-identification telephone programs, and observers say voice-mail systems could wind up as susceptible to employer snooping as E-mail.... The American Civil Liberties Union has sought federal laws preventing employers from monitoring employees' private computer files. And Dear concedes the Collins case should prompt agencies to write more explicit rules.... [Update: ...and, indeed, just that appears to be in the works now in Olympia, the state capital. With the lead taken by the Dept. of Information Services, who had no relevant rules in place before the Collins case, the Gov.'s Cabinet is developing rules expected to take final form in an Executive Order. The Collins case, however, is still in process.] ------------------------------ Date: Wed, 19 Dec 90 15:47:19 -0800 From: Nancy Leveson Subject: Process control risks discussed in IEEE Software (Oram, RISKS-10.72) Compared to some posters on this forum, [Leveson's] premise is an optimistic one: she takes for granted that computers should be used to control airplanes, factory production, power plants, etc. But she's very open about the difficulties of predicting and handling events. I guess I wasn't very clear in my Nov 90 IEEE Software article. Actually, I am more of a cynic than an optimist -- I take for granted that computers will (vs. should) be used in process-control and try to present some research topics that need to be addressed (it was an invited paper on challenges for the 90's). An article that deals more directly with software safety and techniques to try to reduce risk will appear in the February issue of CACM (it was supposed to appear side-by-side with and as an alternative viewpoint to Dave Parnas' article last May but somehow got delayed in press). nancy leveson ------------------------------ Date: Wed, 19 Dec 90 23:07:24 EST From: Peter G. Capek Subject: Re: "Computer Models Leave U.S. Leaders Sure of Victory" A colleague used to have a sign on his office wall which said roughly: "A model is an artifice for helping you convince yourself that you understand more about a system than you do." Enough said. Peter Capek -- IBM Research ------------------------------ Date: 20 Dec 90 01:57:12 GMT From: hollombe@ttidca.tti.com (The Polymath) Subject: "Computer Models Leave U.S. Leaders Sure of Victory" (RISKS-10.69) A friend of mine (name omitted for his protection) is a contract programmer who worked on one of these models for over 5 years. It's his opinion that parts of the model had been deliberately tweaked to "tell the generals what they want to hear." i.e.: That their equipment works as advertised, so they'll win. Model results can then be used to justify purchase of more of the same equipment. If things continue as they are, we may well find out if it matters in the real world. Jerry Hollombe, Citicorp(+)TTI 3100 Ocean Park Blvd. Santa Monica, CA 90405 (213) 450-9111, x2483 {csun | philabs | psivax}!ttidca!hollombe ------------------------------ Date: Thu, 20 Dec 90 14:44:30 GMT From: neil@progress.com (Neil Galarneau) Subject: Re: "Computer Models Leave U.S. Leaders Sure of Victory" An excellent book on the topic that has come out recently is Peter Perla's _The Art of Wargaming_ The book deals with both the military and commercial sides of the topic. He mentions some problems the Japanese had in wargaming the Battle of Midway, for example. Neil P.S. For those who are curious, the referee of the wargame (a Japanese admiral) pointed out to the Japanese team that although they had won, they had no plans for dealing with the American fleet if it was north-west(?) of Midway. Due to cryptanalysis, guess where we were? :-) ------------------------------ Date: Thu, 20 Dec 90 13:52:29 EST From: hoffman@eesun.gwu.edu (Lance J. Hoffman) Subject: Risks of Automated Collections and a Happy Ending Recently, I had a run-in with my bank which had a happy ending. The letters between me and it are self-explanatory, so, without further ado: LETTER FROM ME TO BANK ON NOVEMBER 28, 1990: Mr. (name deleted) President (bank name and address) Dear Mr. (name deleted): I am a professor of computer science at The George Washington University. I want to thank you for giving me an example of an insensitive and counterproductive computer-aided system to discuss with my classes. Let me explain. Yesterday evening, I received a telephone call at approximately 6:50 p.m. from your credit collection department. A human operator asked for me and then, when I identified myself, played a taped message asking me to pay my Visa bill (account number (deleted), after which the connection was broken. The tape stated that my account was overdue, despite the fact that when I called two days ago, I was told it was current. I had been away for a month or so and when I returned last week I immediately mailed in the complete payment for the old overdue bill and then, a day later, I mailed in a complete payment for the newly arrived and current bill. Since I received an overdue notice in the mail early this week and a(nother) phone call from a human on my recording machine, I called back. By that time, you must have received one of my payments at least, since I was told (three days ago) that my account was current! At about 9:50 a.m. this morning, I talked with Ms. (name deleted) of your customer service department. She was pleasant, understanding, volunteered that I had a valid point, and knew how the system operated. (That's where I got the bank president's name -- LJH) According to her, if a bill is not paid by me by the 17th of a month, I will get a recorded call from the Collections system, even if my payment is received in the intervening time. (Your bank) obviously doesn't care enough to fax to the human operator who initiates the call a list of "late pays, now current", and would rather have people like me tell my friends horror stories about (your bank). I don't enjoy having my dinner interrupted by taped messages, especially when your right hand apparently doesn't know what your left hand is doing. Whatever bozo put in this telephoning system should be demoted, after being called at dinnertime every day for a month. He or she would have been lucky to pass with a low D any system design course I taught! I have now stopped telling my friends about the 1% rebate (a definite plus for your Visa card); they can give their business to whatever bank they want, as far as I am concerned. I think your action is especially uncalled for since my record in the past is exemplary in paying my bills, including yours. I think you owe me an apology. Moreover, I think your recording may violate harassment provisions of the Fair Credit Reporting Act or some other federal law; by copy of this letter, I am asking my attorney for a quick opinion. To date this year, I have written $(amount deleted) in checks to your bank in payment of my Visa bills: (I inserted a transaction log here, generated by Quicken) I think such a customer deserves more consideration than your "system" gives him, and I hope you take steps to change it. Sincerely, Lance J. Hoffman c: (name deleted), Manager, Collections (name deleted), Supervisor, Customer Service (name of a friend who is an attorney), Esq. * * * * BANK'S RESPONSE DATED DECEMBER 13, 1990, RECEIVED DECEMBER 20, 1990 Dear Mr. Hoffman: Your letter to (bank president) has been referred to me as I am directly responsible for the Collections Department. ... [The Collection Recording System's] scheduling of the recorded call is designed to allow sufficient time for our customers to submit a payment before their account reaches 30 days past due. ... The taped messages were scheduled to be made on November 19th, 20th, and 21st. Regrettably, our processor (which type?!-LJH) did not begin calling until November 27th. ... Your letter has prompted us to reanalyze the entire program. As stated earlier its purpose is to serve as a friendly reminder for payment. Its (sic) obvious, however, that any delays that may occur in the future will only serve to offend our good customers such as yourself. Therefore, we've decided to phase out the Collection Recording System within the next three months. I sincerely apologize ... (name deleted) Group Vice President (bank) Card Center It's nice to see that sometimes one well-aimed missive can change things. Professor Lance J. Hoffman, Department of Electrical Engineering and Computer Science, The George Washington University, Washington, D. C. 20052 202-994-4955 ------------------------------ Date: Thu, 20 Dec 90 19:28:05 GMT From: ggw%wolves@cs.duke.edu (Gregory G. Woodbury) Subject: Re: The topic that wouldn't die: telephone voting Brian Rice notes that the Directory of the NC State Board of Elections forsees a day when big brother will have everyone marked by voiceprint. Fortunately, not all of the folks here are going to take his comments seriously. The NC legislature has to make any changes to the system and they are NOT inclined to trust technology. A few years back, the NC House of Representatives installed an electronic voting system in response to public pressure to provide more accountability. It has taken them nearly 10 years to get used to it. As for the challenging of all votes by a certain candidates workers in some precincts: the process of challenging a voter in NC is specific and costly. An incorrect challenge costs the challenger cash and personal court appearances when the challenge is overturned. Following the severe problems with the machines in Durham and Guilford counties, there have been all sorts of stories trying to account for why these two counties had all the problems. The latest reports that I have heard from the Durham BoE confirmed my earlier report that these two counties had some specific changes in the way the voting machines were to be programmed that were not anticipated as leaving the machines vulnerable to jamming. In both counties, there was ONE independent candidate for a partisan office that had a relatively full slate in each of the two main parties. In this case it seems that the way the machines are physically linked in the back had only one long and inadequate lever connecting the third row to the interlock section. Voting for a full complement in the main parties and then also selecting the independent candidate would spring the interlock section for that race and render the machine unuseable until the mechanics could get there and unjam the machine. In my precinct, we spotted the inoperative machines very quickly and quit using them until they could be fixed. In other precincts it was reported that the malfunctions were not noticed until several voters had used the malfunctioning machines. There are rumours that this jamming may have been deliberatly caused by some (unknown) party's instructing voters how to jam the machines, but there is no confirmation of this that I am aware of. Gregory G. Woodbury @ The Wolves Den UNIX, Durham NC ggw%wolves@mcnc.mcnc.org UUCP: ...dukcds!wolves!ggw ...mcnc!wolves!ggw ------------------------------ End of RISKS-FORUM Digest 10.73 ************************