Subject: RISKS DIGEST 11.57 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 30 April 1991 Volume 11 : Issue 57 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Reverse engineering and testing of students (Andrew Koenig) Re: Another commuter train wreck in London (Dave Roberts) Re: Cable TV "bullet" (David A Ladd) Re: Free Speech & Govt. Control of Information (Peter Marshall) Re: Freedom of Information vs Computers (Daniel C. Swinehart) Email, Privacy, and `small print' (Herman J. Woltring) Prodigy commentary (Jeremy Epstein, Tom Neff, Robert Hartman) Re: Four-digit address causes NYC death (W.A.Simon, Brinton Cooper, Steve Strassmann, Martin Minow) D.C. Seminar, "Social Importance of Privacy," May 3, 1991 (Robert Jacobson) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 11, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. =CarriageReturn; FTPs may differ; UNIX prompts for username, password. If you cannot access "CRVAX.SRI.COM", try Internet address "128.18.10.1". ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Tue, 30 Apr 91 09:45:12 EDT From: ark@research.att.com Subject: Reverse engineering and testing of students I was talking recently to someone who told me about his experience taking a multiple-choice test. There were a lot of questions, most of which he knew, but some of which were so poorly designed that he could not tell which of several alternatives was the right answer. Of course, he left those blank on his first pass. After he had answered the ones he knew for sure, he noticed a pattern beginning to emerge on the answer sheet. The spaces for answers were arranged in two columns, and he saw that the left column had exactly the same pattern of answers as the right column, not counting the gaps, except that it was inverted and reversed. The pattern was too consistent to be a coincidence, so he used that information to fill in the rest of the answers. Sure enough, each answer indicated by the pattern matched one of the answers he had considered possible for that question. When it came time to grade the test, the grading procedure explained everything. The grader took a sheet of opaque plastic with a bunch of holes in it, placed it over the answer sheet, and marked as wrong all the questions where an answer didn't show through a hole. He then flipped the template over, turned it upside down, and repeated the process for the second column. --Andrew Koenig, ark@europa.att.com ------------------------------ Date: Tue, 30 Apr 91 16:44:05 GMT From: Dave Roberts Subject: Re: Another commuter train wreck in London Following the report in RISKS-11.52 from ClariNet I thought that the Forum readers might like to know that the trains were not both under computer control at the time. The train which was on the receiving end of the bang was under manual control at the time because of "previous failures" according to the UK Daily Telegraph. The question which occurs to us is "Why did the computer driving the second train not know where the first one was?" No answers available in the UK at the moment because the inquiry is still in progress. The speed of impact was about 5mph and no one was hurt but the whole line was down for 7 hours. ------------------------------ Date: Tue, 30 Apr 91 12:28:41 EDT From: ladd@iwsgw.att.com (David A Ladd) Subject: Re: Cable TV "bullet" >But most of these folks in question are otherwise legitimate cable subscribers >who have been "sold" a modification to their cable boxes, MOST OFTEN BY A >CROOKED CABLE COMPANY INSTALLER Note that the installer need not be crooked, but may be merely incompetent or generous. When I was in high school, before everyone had cable-ready equipment, it was common to have a cable box fail, call for service, and end up with unaccounted-for and unrequested cable services. In fact, of the three households I was aware of with cable, all three eventually had the full set of movie channels without paying for them or in some cases even wanting them. To have this sort of case turn into a ``theft of cable services'' prosecution seems ridiculous. ------------------------------ Date: Tue, 30 Apr 91 08:42:15 PDT From: peterm@halcyon.UUCP (Peter Marshall) Subject: Re: Free Speech & Govt. Control of Information Larry's response to Jerry Leichter's earlier post on this topic is well-reasoned and compelling. Yet, while it may generally be the case, as Larry states, that "commercial entities do not have the same free speech rights that individuals do," this observation must, perhaps unfortunately, be qualified in part by the little matter of "corporate First Amendment rights." Amazing what you can do after defining "corporation" as "person" in legal terms. See, for example, THE INCORPORATION OF AMERICA. Peter Marshall halcyon!peterm@seattleu.edu The 23:00 News and Mail Service - +1 206 292 9048 - Seattle, WA USA ------------------------------ Date: Tue, 30 Apr 1991 08:40:11 PDT From: Daniel_C._Swinehart.PARC@xerox.com Subject: Re: Another article: Freedom of Information vs Computers (RISKS-11.55) Bob Frankston commented on the relative utility of data when provided in "the original machine readable tape format or on 'more than 1 million sheets of paper.'" Paper is becoming ever more machine-readable these days. It won't be long before these decisions can again be made solely on the basis of the message, not the medium. ------------------------------ Date: Tue, 30 Apr 91 10:24:00 N From: Herman J. Woltring Subject: Email, Privacy, and `small print' Sender: Biomechanics and Movement Science listserver Considering yesterday's issue of the RISKS-Forum Digest (volume 11, No. 56) on breach of privacy, email censoring, and improper `small print' in contract clauses, I am reposting part of my note of last February on public access to email facilities. [...] > Date: Sat, 23 Feb 91 11:10:00 N > Sender: Biomechanics and Movement Science listserver > From: Herman J. Woltring" > Subject: Public access to Internet etc. > > Dear Biomch-L readers, > > While email communication is usually available for free to account holders > on EARN/BITNET, Internet, etc., (log-on time, disk usage, paper output > typically being charged), it may be useful to mention that email access is > also becoming increasingly available through PC and modem facilities by > telephone [...; typically, number of transmitted bytes and/or logon time > being charged -- HJW]. > > Interestingly, one such service (PRODIGY) has been accused of censoring > email to and from its subscribers. Whether this allegation is true or > not, such issues do raise concern about freedom of opinion, free access > to information, and similar fundamental rights in a networking context, > especially if (with some justification, perhaps) `network harrassment' is > used as an argument to counter network `flaming'. As said at a previous > occasion: "verba volent, scripta manent" ... The allegations in RISKS-11.56 against Prodigy and GEnie, two commercial email service providers in North America, warrant considering the question whether it is about time that Postal legislation (i.e., postal services are not entitled to refuse, (unnecessarily) delay, read, or censor your mail, or to divert it from its destination without a proper court order) shall also apply to electronic mail, whether through private or public channels. I do not propose to have this topic as a debate on this list; however, I think that a pointer to the relevant debate is not out of place even on a discussion list like ours, and I shall be happy to consider any comments sent to me privately. I might mention in this respect that the Dutch legislative is currently considering a Computer Crime Bill in which unauthorized access to computers, e.g., by networking, is considered a felony, and that some of the proposals remind more of the U.K.'s Official Secrets Act than of the U.S.A.'s Freedom of Information Act. One heavily debated topic is to what extent computer trespassing will be declared a criminal offence if no appropriate security is provided by system management. If not, private (and public) interests can afford to neglect system security and yet call upon public authorities for free to protect their interests once they observe that their sloppyness has been `used'. This is unusual in Civil Law as any insurance company will be happy to point out, and not very compatible with the classical view that Criminal Law is the Ultimate Resort, `when all else fails'. Herman J. Woltring, Biomch-L co-moderator & (former) member, Study-committees on s/w & chips protection / Computer crime, Neth. Society for Computers and Law ------------------------------ Date: Tue, 30 Apr 91 09:43:47 EDT From: epstein%trwacs@uunet.UU.NET (Jeremy Epstein) Subject: Prodigy commentary I found the comments on Prodigy very enlightening. I'm glad I'm not a subscriber. However, I was very concerned by one comment: > I invited you to look at your own STAGE.DAT file, if you're a Prodigy >user, and see if you found anything suspect. Since then I have had numerous >calls with reports of similar finds, everything from private patient medical >information to classified government information. If you have classified government information on your PC, you should not be using it to call *anywhere* using *any* comm package. That's just good sense (and it may even be the law, I'm not sure). I'm certainly not defending Prodigy...if what was described is accurate, it certainly sounds like a mass invasion of privacy, theft, and some nice big lawsuits. Has any of this made it into the non-technical press (e.g., Wall Street Journal, NY Times, LA Times). Jeremy Epstein, Trusted X Research Group, TRW Systems Division, Fairfax VA +1 703/876-8776 epstein@trwacs.fp.trw.com ------------------------------ Date: 30 Apr 91 15:18:47 EDT (Tue) From: tneff@bfmny0.bfm.com (Tom Neff) Subject: Prodigy and STAGE.DAT strangeness The simplest explanation for private customer data appearing quasirandomly in the Prodigy STAGE.DAT file is that the access program may allocate buffers without clearing them, then write a comparatively little bit of binary data into them and flush to disk. The unused buffer areas still contain whatever was lying around in memory before Prodigy was started, and this "garbage" will end up on disk. This neither proves malfeasance or innocence on Prodigy's part; but, at worst, carelessness. Clearly their program *could*, if it wished, transmit your computer's entire memory and/or disk contents back home to the Prodigy host. And it could do so *without* storing anything in a file like STAGE.DAT! That's simply a RISK of accepting some black box piece of software in the mail and running it. "Run me," Alice? ------------------------------ Date: Tue, 30 Apr 91 11:32:55 PDT From: rhartman@thestepchild.esd.sgi.com (Robert Hartman) Subject: Re: Prodigy, etc. (RISKS-11.56) WRT the controversies over censoring e-mail and selectively denying service to customers who complain, there already are some laws that should be applicable. It seems to me that there's nothing all that different between an e-mail service and a phone company--except the format of the data being carried. The various phone and long-distance companies are common carriers, and governed by FCC rules. Am I wrong in thinking that a common carrier is not allowed to interfere with the communications they carry, and that they cannot easedrop without a court order? Now, broadcast mail may be open for public scrutiny and rebuttal, but if a carrier offers a "conference call" service, I don't believe that they can restrict anyone from using it, or from saying what they like in the course of such a call. Bulletin board postings seem to me to be analogous to conference calls in the same way that private e-mail messages are akin to private calls. A sharp lawyer ought to be able to convince a judge or jury in a civil suit (where a preponderance of evidence is all that is necessary to win) that Prodigy and the others, in offering their e-mail and BBS services, are operating as de-facto carriers for electronic communications. As such, they should be held accountable under the same rules as any other carrier, and liable for any breaches. Esp. when they are run by large corporations with legal staffs. They can't plead ignorance. I can't understand why they'd risk legal exposure in this way, not to mention the negative publicity of a trial! A risk in obtaining such a ruling would be that all BBS operators--at least those using the phone lines, might have to be licensed. But then, if there are enough of them who write enough letters to legislators, a new class of licenses for "amateur e-mail and BBS carriers" could be mandated. We could even make it an automatically-granted license, so long as there is no charge for the service. As far as the issue of Prodigy uploading private data goes, this sounds like a clear case of wire fraud to me. Wish I were the lawyer to get that case! Can you spell "class action?" I knew you could. Mr. and Mrs. Middle Class America will be mightily annoyed if this is true. ------------------------------ Date: Tue, 30 Apr 91 14:56:06 EDT From: W.A.Simon Subject: Four-digit address causes NYC death (Nilges, RISKS-11.55) I have a hard time accepting this. I have designed and programmed applications for the military, for banks, for large corporations, for government administrations, and even for a hospital. I have never encountered a situation where this limitation could have been a problem. If a 9 position field was required, it showed on the screen as a 9 position field, or the analyst (and later the users) would catch it. Testing would also take care of internal field truncations (due to programming errors rather than design weaknesses). Blaming the language for poor discipline is like blaming Henry Ford for road casualties. From a different perspective, there is no way to garantee that a program will be error free (in respect to field truncation) simply by mandating dynamic field length. There can be other sources for this kind of error. And we should remember that it is not possible to outlaw human failures or plain stupidity. > How about legislation concerning responsible display and capture of > COMPLETE information? And legislation concerning the proper use of toilet seats... > Or, at the level of civil lawsuits, the fact that a > defendant's system truncates data should always weigh against the defendant. It is very probable that, should such error be documented, a civil court judge would find sufficient ground against the defendant. Alain UUCP: alain@elevia.UUCP ------------------------------ Date: Mon, 29 Apr 91 23:22:58 EDT From: Brinton Cooper Subject: Re: Four-digit address causes NYC death Ed Nilges reports on the death of a man in NYC because the computer system which dispatches emergency personnel was not programmed to handle 5 digit addresses. Ed goes on to make a well-reasoned argument on what might and might not be done about this. I have another suggestion: I believe that cases such as this argue my theses that there should be less "programming," in the traditional sense of the word. It seems to me that spreadsheet and database tools which permit a limited number of "well-defined" and "obvious" operations by the user may well inhibit many of the errors permitted, even encouraged, by so-called "powerful" languages. This is just a hunch; I wonder if Risks folks know of data to refute or support this bias? _Brint ------------------------------ Date: Mon, 29 Apr 91 22:52:12 EDT From: Steve Strassmann Subject: static memory allocation causes NYC death One RISK of using C and unix extensively, so it would seem, is that it makes it hard for some people to distinguish between "C does this incredibly stupid thing" and "most languages do this incredibly stupid thing." For example, since C is a de-facto standard, these people make so-called "general-purpose" CPU's, saying "of course it's general-purpose, it's optimized to run C, isn't it?" ------------------------------ Date: Mon, 29 Apr 91 19:32:22 PDT From: Martin Minow 29-Apr-1991 2226 Subject: re: truncation of fields (Risks 11.55) In Risks 11.55, Ed Nilges comments that only a few programming languages allow completely variable-length strings. The problem isn't quite as bad as Ed suggests. In addition to "REXX and certain Basic interpreters," one might add Ansi Mumps (which is quite suitable for database applications), Pascal (which supports variable length strings up to 255 bytes), PL/I, the VMS command language, and many, if not all, personal computer database packages. In many cases, however, the problem is not due to the programming language, but to the original database design. Many of these systems grew, one small step at a time, from punch-card based address lists, without the benefit of -- or opportunity for -- a redesign. Martin Minow ------------------------------ Date: Tue, 30 Apr 1991 05:38:07 GMT From: cyberoid@milton.u.washington.edu (Robert Jacobson) Subject: CPSR Washington Seminar, "Social Importance of Privacy," May 3, 1991 * CPSR Seminar Series * "The Social Importance of Privacy" Priscella M. Regan, Department of Public Affairs, George Mason University CPSR Washington Office, Friday, May 3, 1991, noon - 2 pm Most legal and philosophical writing views privacy as important to the individual, as a safeguard that allows for personal self-development, and a political freedom that protects private or intimate relationships. But this emphasis on the importance of the individual has concealed another aspect of privacy P its social importance. Professor Regan will explore the philosophical and legal basis for the social or public importance of privacy, and will examine the policy implications of viewing privacy from a social perspective. CPSR Washington Office, 666 Pennsylvania Ave., SE, Suite 303, Washington, DC, 202/544-9240 (one block from the Eastern Market metro) In cooperation with The United States Privacy Council [if you would like to be notified of future CPSR Seminars, please send a note with e-mail address to mrotenberg@csli.stanford.edu] ------------------------------ End of RISKS-FORUM Digest 11.57 ************************