Subject: RISKS DIGEST 11.50
REPLY-TO: risks@csl.sri.com

RISKS-LIST: RISKS-FORUM Digest  Monday 22 April 1991  Volume 11 : Issue 50

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

  Contents:
Dutch Intruders (John Markoff via PGN)
Dutch crackers and irresponsible officials (Fernando Pereira)
Computers Cause False Images [anonymous] 
Pilots convicted for libel in Habsheim controversy (Lars-Henrik Eriksson)
"I can't work this ?#!!~* thing!" (Rodney Hoffman)
Re: drive-by-wire (Martyn Thomas)

 The RISKS Forum is moderated.  Contributions should be relevant, sound, in 
 good taste, objective, coherent, concise, and nonrepetitious.  Diversity is
 welcome.  CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive 
 "Subject:" line.  Others ignored!  REQUESTS to RISKS-Request@CSL.SRI.COM.  For
 vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
 CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 11, j always TWO digits).  Vol i
 summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
 <CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
 If You cannot access "CRVAX.SRI.COM", try Internet address "128.18.10.1".
 ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
 Relevant contributions may appear in the RISKS section of regular issues
 of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date: 22 Apr 91 10:12:20 PDT
From: Peter G. Neumann <neumann@csl.sri.com>
Subject: Dutch Intruders                             (courtesy of John Markoff)

COMPUTER INTRUDERS TAPPING U.S. SYSTEMS, By JOHN MARKOFF
c.1991 N.Y. Times News Service
   Beyond the reach of American law, a group of Dutch computer intruders have
been openly defying United States military, space and intelligence authorities
for almost six months.  Recently they broke into a U.S. military computer while
being filmed by a crew from Dutch television station.
   The intruders, working over local telephone lines that enable them to tap
American computer networks at almost no cost, have not done serious damage,
federal investigators say.  And they have not penetrated the most secure
government computer systems.  But they have entered a wide range of computers,
including those at the Kennedy Space Center, the Pentagon's Pacific Fleet
Command, the Lawrence Livermore National Laboratory and Stanford University via
an international computer network known as the Internet.
   While the information on these systems is not classified, the computers
store a great variety of material, including routine memorandums, unpublished
reports and data from experiments. Federal officials said the group had
tampered with some information stored on systems they have illegally entered.
   U.S. government officials said that they had been tracking the interlopers,
but that no arrests had been made because there are no legal restrictions in
the Netherlands barring unauthorized computer access.
   A reporter's efforts to reach Dutch government officials for comment have
been unsuccessful.
   ``This has been a terrible problem,'' said Gail Thackeray, a former Arizona
assistant attorney general who has prosecuted computer crimes. ``Until recently
there have been few countries that have computer crime laws. These countries
are acting as hacker havens.''  She said that just as offshore banks in certain
countries have traditionally protected financial privacy, today some countries
protect intellectual property violations.
   American law-enforcement officials said they believed there were three or
four members of the Dutch group, but would not release any names. A Dutch
television news report in February showed a member of the group at the
University of Utrecht reading information off a computer screen showing what he
said was missile test information taken electronically from a U.S. military
computer. His back was to the camera, and he was not named.
   Military and intelligence agencies physically separate classified computer
networks from those used by businesses and researchers to protect the data from
electronic forays. When classified information is transmitted over unprotected
computer networks or telephone lines it must be specially coded.
   Because there are no computer crime laws in the Netherlands, American
investigators said members of the Dutch group boasted that they could enter
computers via international data networks with impunity.  But some of the
intruders have been identified, and a federal official, who spoke on the
condition of anonymity, said there were numerous other criminal offenses for
which the they could be prosecuted in both the United States and the
Netherlands. One possible charge might be telephone fraud.  But legal experts
said that because there are no prohibitions against unauthorized computer entry
in the Netherlands successfully prosecuting the group may still prove
impossible.
   The case is significant, legal experts said, because while the United States
and many European countries have strict laws barring illegal access to
computers, there are many nations that have no computer crime laws.
   There is a proposed law before parliament in the Netherlands that would make
unauthorized computer access a crime. Also, a governmental committee of the
European Community is now working to standardize computer crime laws in Europe.
   Because computer networks are accessible from anywhere in the world via a
telephone call they are potentially vulnerable to those who cannot easily be
prosecuted or convicted of a crime.
   In the Netherlands case, the group was detected last year after an unusually
skilled U.S. government computer researcher at a national laboratory tracked
the group's every move using advanced computer security techniques. He notified
U.S. authorities of the break-ins.
   The researcher has been able to make computer records of the intruders'
keystrokes as they have electronically prowled through U.S. military, NASA,
university and dozens of other computers. It has then been possible to play
this information back and gain an exact picture of the computer screen as it
appeared to the intruders in the Netherlands.
   From 1986 to 1988 Clifford Stoll, an astronomer at Lawrence Berkeley
Laboratories traced a similar group of West Germans, who were illegally
entering U.S. computers and selling computer data and software to a Soviet
intelligence officer.  Stoll was able to persuade law enforcement officials to
locate the group in West Germany and three arrests were made. A German court
eventually convicted them, but gave them suspended sentences.
   One computer expert who has watched the electronic recordings made of the
activities of the Dutch group said they do not demonstrate any particularly
unusual computer skills, but instead appear to have access to a compendium of
documents that contain recipes for breaking computer security on many U.S.
systems.
   These documents have been widely circulated on underground computer systems.
   A computer industry executive, who spoke on the condition that he not be
identified, said that he had seen several recordings of the break-in sessions
and said that one of the members of the group used an account named ``Adrian''
to break in to computers at the Kennedy Space Center and the Pentagon's
commander in chief of the Pacific.  ``You could tell that the guy wasn't
conversant with the computer he was on,'' he said, ``It looked like he had a
cookbook sitting next to him telling him what to do next at each step.''
   The tactics of the group are of particular interest to computer security
experts because they have repeatedly used security loopholes demonstrated by a
program written by Robert Tappan Morris, a Cornell University student, more
than two years ago.
   Last month a federal appeals court upheld the conviction of Morris, who in
1988 unleashed a program that jammed several thousand computers in a nationwide
network.  He was convicted of violating federal computer crime statutes and was
fined $10,000 and ordered to perform 400 hours of community service.
   The fact that the same security flaws can be used to illicitly enter
computers several years after they were widely publicized, indicates that many
professional computer managers are still paying only minimal attention to
protecting the security of the information contained on the computers they
oversee, computer security researchers said.

------------------------------

Date: Mon, 22 Apr 91 11:09:14 EDT
From: pereira@klee.research.att.com (Fernando Pereira)
Subject: Dutch crackers and irresponsible officials

A report today by AP writer Jerome Soclovsky about the Dutch crackers who, as
reported by John Markoff in yesterday's NYT, have been been breaking into
various Internet sites by using the usual tricks, quotes Maarten Rook, director
of economics and personnel at Utrecht University as saying about the sites
broken into: ``They should take care of their own secrets ... If they don't
want to be called they shouldn't be hooked up to the system.''

Blame the victim again!  Should a site whose officials show this kind of
disregard for the common good of the network-using community be allowed to stay
on the Internet? It is Utrecht, not the victims, who should not be allowed the
benefits of the network, at least until its officials become more responsible
and enforce rules of civilized network use, laws or no laws.

Fernando Pereira, 2D-447, AT&T Bell Laboratories
600 Mountain Ave, Murray Hill, NJ 07974                pereira@research.att.com

------------------------------

Date: Sun, 21 Apr 91 
From: [anonymous] 
Subject: Computers Cause False Images

   CHICAGO (AP) [21 April 1991]
   Air-traffic controllers around the country say phantom images of airplanes
often appear on cockpit computers, but the Federal Aviation Administration says
safety isn't affected.  The pilot of a United Airlines flight approaching
O'Hare International Airport on Thursday tried to avoid a plane that wasn't
really there, said Joel Hicks, national director of safety and technology for
the National Air Traffic Controllers Association in Washington, D.C.
   The incident began when a computer system called T-CAS Traffic Alert and
Collision Avoidance System told the pilot another airplane was coming toward
him, Hicks said.  T-CAS ordered the pilot to descend from 7,000 feet to 6,000
feet, and the pilot began the move. At the same time, another aircraft leaving
O'Hare was climbing from 5,000 feet to 6,000 feet.  "The pilot advised
(air-traffic controllers) as he was changing altitude," Hicks said Friday. "But
more times than not they don't have time to do that.  They're busy taking the
plane up or down."
   Controllers told the United pilot to return to 7,000 feet, and he did,
although by law pilots can override information from T-CAS only if they see the
other airplane. Controllers and the FAA say the standard separation the
distance pilots must keep between their airplanes was maintained.  Standard
separation within 40 miles of O'Hare is three miles horizontally or 1,000 feet
vertically.
   FAA officials said the appearance of "ghost planes" might be caused by a
software problem. They said it has posed no threat to air safety.  "We're in
the process of eliminating a problem in the software that might have caused
this," said FAA spokesman Mort Edelstein.  "From our standpoint, we know the
system works the way it was designed to work," he said. "There was no problem
with separation.  There was no threat to safety."  He said the FAA has recorded
750,000 hours of operational use of T-CAS, adding that in all those hours no
incidents of planes flying too close together were discovered.
   But Hicks charged that the system caused planes being handled by the
Washington, D.C., air traffic control center to fly too close to each other
earlier this year.
   A retired pilot also said the habit of pilots to blindly trust the computer
puts them in danger.  "Pilots are in a spring-loaded position to act when one
of these devices tells them to, regardless of rhyme or reason," said Dick
Russell, a retired United captain with 26,000 hours of flying time.
   After years of research, the FAA issued regulations in 1989 requiring all
commercial aircraft with more than 30 seats to install T-CAS within three
years. Officials gave commercial planes with 10 to 30 seats six years to
install the system.  T-CAS currently is used in about 20 percent of the
nation's passenger planes, Hicks said.

------------------------------

Date: Mon, 22 Apr 91 06:41:50 +0200
From: Lars-Henrik Eriksson  <lhe@sics.se>
Subject: Pilots convicted for libel in Habsheim controversy

The following article is taken from the latest issue of a newsletter (Uppsikt)
published by the flight safety department of the Swedish Civil Aviation
Adminstration (Luftfartsinspektionen). It relates to the controversy about the
fly-by-wire system of the Airbus A320 and the Habsheim accident.

Translated without permission by me. The quotes can not be completely trusted
as they were first translated from French and English into Swedish, and then
into English.

              FRANCE: PILOTS CONVICTED FOR LIBEL

A French court of law has convicted two pilots for libel as they incorrectly
attributed the blame for a fatal accident on technical malfunctions.

In a TV programme, the two pilots claimed that technical malfunctions, rather
than mistakes by the pilots, was the cause of the accident during the air
display at Habsheim on June 26th, 1988, when an Airbus Industries A320 crashed
and three people were killed.

Michael Asseltine, pilot of the Airbus aircraft, and Norbert Jacquet, head of
the French pilot union, were convicted for having defamed the "Direction
Generale de l'Aviation Civile" and its director Daniel Tenenbaum during the TV
program.

Asseltine and Jacquet had claimed that the accident was caused by a technical
malfunction, and that the "black box" had been tampered with in order to free
the manufacturer. The court decided on a fine of 10,000 francs (about $ 5,600).

After the verdict, Daniel Tenenbaum made an official statement: "The court has
shown that the claims and insinuations made by the pilots about the so-called
tampering with, and exchange of, the black box of the aircraft were completely
unfounded."

Airbus Industries, having vehemently protested against the accusations in the
TV programme, did not comment on the verdict. The spokesman for Airbus
Industries in North America, David Venz, declined to make a comment as his
company prefers to, as Venz put it, "let the decision of the court speak for
itself."

[From Lars-Henrik Eriksson, Swedish Institute of Computer Science
Box 1263, S-164 28  KISTA, SWEDEN           +46 8 752 15 09

                                 [No puns on Luftfartsvergnugen, please.  PGN]

------------------------------

Date: 	Sun, 21 Apr 1991 21:34:06 PDT
From: Rodney Hoffman <Hoffman.El_Segundo@Xerox.com>
Subject: "I can't work this ?#!!~* thing!"

The cover of the current (29 April) issue of `Business Week' proclaims:

                 I CAN'T WORK THIS ?#!!~* THING!

   From VCRs and telephones to copiers and microwaves, poorly designed
   machines cluttered with unwanted features are driving consumers crazy.
   Whatever happened to user-friendly?"

No surprises for RISKS readers in the horror stories included.  It's a good
overview of the problems, and a preview of some of the simpler, cleaner
products beginning to come out.

The cover story leads off with a quote from Don Norman's 1990 book, `The Design
of Everyday Things'.  The authors also plug the "new discipline of information
design" and the two books by Edward R. Tufte: `The Visual Display of
Quantitative Information' and `Envisioning Information'.

A few choice bits:

"Human engineering -- or the lack of it -- has always been a problem in some
products, of course.  But there's a reason why it bedevils us much more now
than ever before: the microchip.  Modern electronics has turned the economics
of design on its head.  No more does the cost of adding features limit the
number of capabilities a designer can put into a machine.... so why not pile on
the features?"

"All the rules boil down to one thing:  Be obvious.  A machine should be
designed so that customers can look at it, understand it, and figure out how to
use it -- quickly."

"People don't mind trouble as long as they can understand what's wrong and
correct it.  But for that they need feedback.... a machine must provide the
user with tools to manage trouble."

[Says the owner of a high-end audio store:] "I don't know why the Japanese put
so many buttons on their machines.  They have given us programming, and
programming is not music.  Programming means computers."

"[Even in computers themselves,] survey after survey has shown that consumers
want `plug-and-play' computers.  They want to turn the machines on and get to
work immediately.  They don't want to spend hours consulting manuals."

------------------------------

Date: Mon, 22 Apr 91 16:22:56 +0100
From: Martyn Thomas <mct@praxis.co.uk>
Subject: Re: drive-by-wire

In RISKS 11.49, brad@looking.on.ca (Brad Templeton) writes that drive-by-wire
will not be introduced for many years because of the liability issues, and
human intolerance to being killed by a computer.

Brad is clearly envisaging a system which takes over some or all of the
decision and executive actions of the human driver, since he contrasts
drive-by-wire fatalities with those caused by human error.

He continues:

	This is sad, and perhaps the greatest RISK (in terms of loss of
	life) ever.  Tens of thousands of people are killed and more
	are injured by auto accidents, and this system could make a
	dramatic reduction in this.  We have the technology now to do
	it, but we won't for some time because of fear of computers and
	litigation.

My own guess is that drive-by-wire wouldn't reduce deaths on the road, per
million users or per million passenger-miles, but I haven't done the
calculation (probability of failure per year * number of probable fatalities
per failure * hours of drive-by-wire per year) because the assumptions are too
difficult to make and justify.

A drive-by-wire system could enforce current guidelines for "safe" speeds and
distances between vehicles (eg the UK "Highway Code"). This would certainly
increase journey times and may reduce road capacity and throughput.

Alternatively, the system could use the assumed safer behaviour of software
"drivers" to reduce spacing or increase speeds, in which case accidents from
any cause would be likely to create more fatalities per accident (kinetic
energy increases as the square of speed; more nearby vehicles mean more nearby
people mean more casualties).

Remember that some accidents (what proportion?) are caused by mechanical
failure, and that the drive-by-wire system would have many new failure
opportunities (software, EMI, components, sabotage ...). We *might* eliminate
driver error - but only if the driver has *no* override.

Have any calculations been carried out to estimate the effects of some
drive-by-wire scenario on the fatality rates? If so, what were the assumptions
and the conclusions?

If not, why assume that such a system would be safer?

------------------------------

End of RISKS-FORUM Digest 11.50
************************