Subject: RISKS DIGEST 11.91
REPLY-TO: risks@csl.sri.com

RISKS-LIST: RISKS-FORUM Digest  Thursday 13 June 1991  Volume 11 : Issue 91

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator    

  Contents:
Another answering machine risk? (Dave Brower)
Fraud aided by insider (Steve Smaha)
Failure to Manage Risks Can Reduce Claim (Patrick Wolfe)
Fiction is truer than fact? (Grant Hogarth)
Fear of Censorship (PGN abridged)
Caller ID -- The risks are already here. (Jim Purtilo, J.G. Mainwaring)
Re: Fighting phone hackers in SoCal (Ralph Moonen, John R. Levine)
Re: Formalism versus Experimentation (Ed Nilges, A. Padgett Peterson)

 The RISKS Forum is moderated.  Contributions should be relevant, sound, in 
 good taste, objective, coherent, concise, and nonrepetitious.  Diversity is
 welcome.  CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive 
 "Subject:" line.  Others ignored!  REQUESTS to RISKS-Request@CSL.SRI.COM.  For
 vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
 CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 11, j always TWO digits).  Vol i
 summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
 The COLON in "CD RISKS:" is essential.  "CRVAX.SRI.COM" = "128.18.10.1".
 <CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
 ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
 Relevant contributions may appear in the RISKS section of regular issues
 of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date: Thu, 13 Jun 91 08:38:32 PDT
From: daveb@ingres.com (Dave Brower, UNIX Group, [415] 748-3418)
Subject: Another answering machine risk?

[From the 6/13/91 SF Chronicle]

   LEAVE A MESAGE AT THE TONE:  Either a disgruntled employee or a 
   disgusted fan somehow changed the telephone message at the Minnesota
   Viking's offices recently.  Instead of the regular message, callers
   hears this: ``Thank you for calling the most rotten, stinking team
   in the history of man.  that's right, you have reached the
   Minnesota Vikings.''

The possibilities of hacking answering machines/voice mail have been beaten to
death in RISKS several times before.  This one may be a good exemplary tale to
spread around showing the pitfalls of undersecured systems.
                                                               Dave Brower

------------------------------

Date:  Thu, 13 Jun 91 17:08 EDT
From: Steve Smaha <Smaha@DOCKMASTER.NCSC.MIL>
Subject:  Fraud aided by insider

From the 13 Jun 91 Austin American-Statesman, staff report:

"Son testifies against father in insurance case"

The son of a Houston insurance fraud defendant told jurors Wednesday that he
installed a command in a computer system that would delete traces of an
investment plan created by his father.  Bud Skillern, 56, former financial
consultant to the insolvent American Teachers Life Insurance Co., has pleaded
innocent to accusations that he stole funds from an investment plan involving
the firm.

Tuesday, witnesses outlined Skillern's plan, which used ATL to sell $100,000
single-premium annuities.  [...]

Prosecutors spent Tuesday questioning witnesses to try to show that Skillern's
method of having buyers acquire the annuities through promissory notes - simple
IOUs - is highly questionable, because annuities normally are bought with cash.

On Wednesday, Skillern's son, 24-year-old Michael Don Skillern, testified that
he was in charge of programming computers at ATL to make calculations required
by the investment plan.  The son told jurors that he built a command into the
program that would delete all traces of the plan in the computer system.  "The
idea was that if (State Board of Insurance) examiners came into American
Teachers Life, it would not look good for General Mercantile to be doing
business out of American Teachers (office).  So I installed an erase feature,"
said the younger Skillern.  He also said that General Mercantile Finance Corp.
- a company owned by his father - was supposed to lend money to the annuity
buyers.  [...]

In the grand jury indictment of Bud Skillern, it is alleged that Skillern sold
the $100,000 annuities to Premier [Bank of Dallas] after he assured the bank
officials that ATL had been fully paid for the annuities.  [...]

------------------------------

Date: Thu, 13 Jun 1991 13:00:00 CDT
From: pwolfe@kailand.kai.com (Patrick Wolfe)
Subject: Failure to Manage Risks Can Reduce Claim

The following paragraphs are extracted from the article "Contingency Planning -
The Failure to Manage Risks Can Reduce Claim" by J.T. Westermeier which appears
in "Computer Law Strategist" Volume VIII, Number 1 - May 1991, published by
Leader Publications, New York, NY.  Considering the performance of our local
electric utility company, I found the limitation on liability interesting.


  The recent ruling by the Minnesota Court of Appeals in "Computer Tool &
Engineering Inc. v. Northern States Power Co.", underscores the importance of
managing effectively the problems that may arise in the operation of a computer
system and represents an important lesson in contingency planning and risk
management.

  Computer Tool & Engineering Inc. had its computer system damaged seriously as
a result of a power surge.  To recover for those damages, the company brought a
lawsuit against two parties, its electric utility company, Northern States
Power Co. and its telephone company, the United Telephone Company of
Minnesota.  The telephone company's liability arose from its conduct when it
was engaged in placing underground telephone cables.  During the installation
of the telephone lines, the telephone company severed a primary feeder cable
and a secondary cable of the power company, which caused a power surge to
travel through the power company's cable, damaging Computer Tool's computer
equipment.

  The Court of Appeals affirmed the trial court's ruling denying any liability
by the power company on the grounds that the limitation on liability granted to
the power company in its rate tariff protected it against damages resulting
from interruptions in power.

  At the jury trial of the negligence claims against the telephone company for
the damages resulting from it's cutting the power company's cables, under
Minnesota's comparative fault statute, the jury assessed 85 percent of the
fault to the telephone company for severing the cables in question, and 15
percent against Computer Tool for failing to install surge protection
equipment.  The evidence at trial showed that Computer Tool had experienced
power surges in the past, and, that it did not use surge protection equipment
even though it knew such equipment was available at a relatively low cost.

"If the probability of an injury-causing event be called "P"; the injury "L";
and the burden of adequate precautions "B"; liability depends upon whether B is
less than L multiplied by P; i.e., whether B<PL."

Because this B<PL formulation serves as a tool for analyzing risks, it was
applied in essence in the Computer Tool case, and can be applied to computer
system risks other than power surges.

Liability can be imposed where management knew or should have known what to do,
but failed to act, as in Computer Tool.

        Patrick Wolfe  (pwolfe@kai.com, uunet!kailand!pwolfe)
        System Programmer, Kuck & Associates

------------------------------

Date: Thu, 13 Jun 91 11:52:52 xxx
From: Anonymous 
Subject: "Risks of getting caught" (Wright , RISKS-11.87)

Ed Wright writes that he is "often intrigued by people apparently worrying
about the risk of 'getting caught.'"

Ed, because of the ways that laws are made in the society in which we live,
there are ethical behaviors which an individual may choose that, for whatever
reasons, happen to be illegal.

It is sometimes in the interest of individuals who engage in these
ethical behaviors (1) to fix those laws, and (2) in the meantime,
to prevent authorities from becoming aware of those activities.

The issue being raised is the government tracking and control of activities
which, ethically, are the choice of the individual.  It is unethical for the
government to interfere with or control that particular class of activity
(ethical but illegal), yet they attempt to do so nonetheless.

I think that the concern brought to RISKS was the effect of new technologies on
the government's ability to carry out such unethical behavior.  When a new
technology makes such unethical government behavior easier, faster, or more
cost-effective, it should be no surprise that educated people would worry about
the increased risk of "getting caught."

------------------------------

Date: Wed, 12 Jun 91 12:53:36 PDT
From: cgh@frame.com (Grant Hogarth)
Subject: Fiction is truer than fact? (Re: RISKS-11.88)

Two (admittedly fictional) texts which touch on issues discussed in Risks 11.88:

Peter G. Neumann (neumann@csl.sri.com) talks about a pre-programmed [or
common-mode embedded hardware] systematic failure point.

  In his book _The Stone Dogs_, SM Sterling uses exactly this device
  (implemented, as I recall, by a viral mechanism), as a weapon to
  simultaneously disable all of the "bad guys" computing systems.  (A similar
  technique, based in biology, is used by the baddies against the "good guys".)

Lauren Weinstein (lauren@vortex.com) discusses the interlinking of databases
and caller ID.

  There is a short story by Robert A. Heinlein titled "We Also Walk Dogs"
  (Anthologized, I believe, in _Waldo and Co._) that shows a "positive" use of
  such a database by a commercial company.  It's a little idealistic, but does
  demonstrate some of the issue raised by his article.

------------------------------

Date: Wed, 12 Jun 91 14:42:30 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Fear of Censorship

An article contained two incidents that I do not recall previously appearing in
RISKS.  Excerpts follow. 

     FINANCIAL UPDATE  Data base users fear censorship   
     By Frank Green, Copley News Service, 12 June 1991?
 
[...] Consider these recent showdowns on the fiber-optic web:

 * Internet, a computer network connecting thousands of scientists and
   researchers worldwide, kicked two users off the system after they
   transmitted digital images of Playboy centerfolds, as well as some hard-core
   pornography.                           [well, Internet is not a system...]

 * A dozen customers on the Prodigy network, owned by Sears and IBM, were
   kicked off the system by the company for a few weeks after they complained
   on-line about a planned increase in user fees.

 * Bowing to 30,000 consumer complaints, Lotus Development Corp.  and Equifax
   Inc. in January jettisoned a computer program with data on 120 million
   American households. The program contained the names, addresses, marital
   status and estimated income of consumers.  [old stuff]

      RIGHTS IN CYBERSPACE

     These cases raise intriguing legal and constitutional questions:

 * Did Prodigy and Internet violate computer users' First Amendment rights to
   freedom of speech?

 * Can the National Security Agency legally intercept computer messages
   transmitted in the United States and beyond?

 * Does a computer user in Austin, Texas, have the right to "talk" to a friend
   in Tel Aviv about Iraqi missiles landing in Israel, thus breaching both U.S.
   and Israeli security?

     "Constitutional protections have not been adequately extended to digital
media and digital technologies," said Mike Godwin, staff counsel of the
Washington-based Electronics Frontier Foundation, a new lobbying group.
     Harvard law professor Laurence Tribe has gone so far as to propose a 27th
amendment, shielding travelers on the computer highways from government or
corporate invasions of their privacy while guaranteeing their freedom of
speech.  [old stuff for RISKS]
     Others, however, consider this unnecessary.  "All the protections we need
currently exist," said Marc Rotenberg, director of Computer Professionals for
Social Responsibility, a Washington-based lobbying group that boasts 2,500
members.  In his eyes, the principle at stake in the computer age is the
unrestricted flow of information and the presumption that any government
efforts to restrict it is impermissible.  That doesn't mean that the government
shouldn't have a policing role, Rotenberg said.  Criminal activity conducted
over computer networks such as the trafficking of stolen telephone-access codes
would justify government intervention. So would threats to public safety, such
as the unleashing of a computer virus in the Pentagon's computer system.
"Trouble is, the law is always 10 to 20 years behind the technology, "
Rotenberg said.  "Many mistakes are made, at great cost to people, before it
catches up."  [...]

------------------------------

Date: Wed, 12 Jun 91 14:29:50 -0400
From: purtilo@cs.UMD.EDU (Jim Purtilo)
Subject: Caller ID -- The risks are already here. (Re: Weinstein, RISKS-11.88)

Indeed they are.  This technology has now *really* hit me where it hurts.  One
of the better pizza joints near campus has decided not to deliver to campus any
more, save to "known good customers".  They know they do not want to deliver to
you based upon the phone number you call from.  I suppose the chief risk here
is in reduced quality of my software due to its production during a period of
low blood sugar.

Fortunately, the phone number for Vic Basili's secretary is on the "good" list,
since she has done most of the ordering for the "software engineering lunch
bunch" over the years.  So even though I can't order a pepperoni 'za from my
office, I can get it any time I can sneak down the hall to Claire's office and
call from there ...
                                        Jim

------------------------------

Date:       12 Jun 91 19:11:00 EDT
From: John (J.G.) Mainwaring <CRM312A@bnr.ca>
Subject:    re: Caller Id -- The Risks are already here!

I found Lauren Weinstein's posting quite stirring.  At least, it seems to be
stirring the pot a bit.

A call to an 800 number is in fact a collect call.  A person (or company) has
at least a plausible argument that they should know who is calling, and have
the right to refuse calls from whomever they please.  Most 800 numbers are
owned by businesses, which can be expected to make decisions on business
grounds.  If their decisions are wrong, they will offend customers (or
potential customers), and their business may suffer. If they are the sort of
business that deserves to succeed, they will avoid bad policy or recognize it
and fix it.

If you really want to talk to someone who has an 800 number, and you don't like
the way they deal with the 800 number, you can always get their real telephone
number from directory assistance and pay for the call yourself.

It seems to me that the main risk created by Caller ID on 800 numbers is a
common risk created by new technology, namely the unlimited ability of some
people to make stupid or insensitive use of it.  Still, they're mostly the same
people who were rude or insensitive before the new technology came along.  We
can always hope that at least some of the companies using ANI on 800 numbers
will think of pleasant ways to use it, just as some companies have always been
more pleasant to deal with than others.

------------------------------

Date: Wed, 12 Jun 91 09:48 MDT
From: rmoonen@hvlpa.att.com (Ralph 'Hairy' Moonen)
Subject: Re: Fighting phone hackers in SoCal (RISKS-11.87)

[account of female Clifford Stoll deleted]
->A non-negotiable condition of Bigley's out-of-court settlement provided that
->the guilty party relinquish his (or, infrequently, her) computer and modem.
->Thrifty Tel donates the confiscated weapons [computers] to law enforcement
->agencies.

Who the hell gives someone the right to blackmail alleged criminals into
giving them their computers? (Did the article really say "weapons"??)
I could understand a settlement being made on the terms of "pay up or face 
charges". This is actually quite normal. But to also include a term "...and
I'll have your computer & modem too, please" is downright blackmail!!

However sure Bigley may be that she has proof that a certain individual
commited a crime, she does not have the right to confiscate computer
equipment. People are innocent untill *proven guilty by a court of law*...
or not anymore? If the alleged criminal indeed has commited a crime, (s)he
may well be tempted to go for the offer. In that case, the settlement should
involve the paying of the financial losses that the company has suffered, 
AND NOT MORE. 

Imagine someone stealing an apple (Thrifty only offered the settlement to
*small* time crackers), and getting cought. The shop owner now says: "Pay for
the apple, and I won't call the police" (acceptable) "... oh, and by the way,
gimme your new leather jacket & wallet also, and we'll forget the whole thing"
This in my opinion is unacceptable.
                                                  --Ralph Moonen

------------------------------

Date: 12 Jun 91 11:40:32 EDT (Wed)
From: johnl@iecc.cambridge.ma.us (John R. Levine)
Subject: Re: Fighting phone hackers in SoCal

John Higdon recently sent the Telecom digest a summary of a radio talk show
in LA on which he appeared along with the head of Thrifty Tel.  Thrifty is a
most unusual phone company.  They offer flat rate long distance service to
any point in the USA for a fixed monthly charge.  Their tariffs include a
special multi-thousand dollar "hacker rate" that applies to anyone who uses
their facilities other than through legitimate means.  Their access is almost
entirely through the obsolescent 950-XXXX access numbers, and their code
numbers are apparently much shorter than anyone else's.  It was clear from
the presentation made by Thrifty's head that she is much more interested in
punishing illegitimate phone use than in preventing it, since she had no
interest at all in going to longer and harder to guess access codes nor in
switching to the nearly hack-proof 10XXX equal access dialing.  Her main
thrust was that these hackers have broken the law and should be punished.

Their dedication to obeying the law apparently does not deter them from
completing intra-LATA calls via their 950 numbers, in violation of their own
tariffs and of state law (as do most other long distance companies.)  There
are also reports which may or may not be true that Thrifty puts their access
codes on pirate BBSes to encourage and entrap potential illegitimate users.

The risk here is a familiar one -- the tension between technical and
political means of enforcing legitimate use of technology.  I expect that few
readers of Risks think that the legal prohibitions against listening to
cellular telephone broadcasts keep many snoops from listening in.  Similarly,
you don't have to condone phone phreaking to think that a company that makes
their facilities unusually easy to break into deserves what they get.

John Levine, johnl@iecc.cambridge.ma.us, {spdcc|ima|world}!iecc!johnl

------------------------------

Date: 13 Jun 91 19:41:58 GMT
From: egnilges@phoenix.princeton.edu (Ed Nilges)
Subject: Re: Formalism vs. Experimentation (RISKS-11.89)

>   Dijkstra does not deal with large programs.   [Leveson]

Actually, he does deal with large programs.  The entire reason for his original
CACM letter was the fact that while toy programs could be produced using go to
and adhoc methods, some theory (such as the theory that any possible program
could be written satisfactorily without go to) is needed to "scale up."

And I don't believe that YOU believe the first sentence in the above
paragraph.  What works in place of some person (or group) sitting
back and thinking logically?  Prayer?  Transcendental meditation?

>I looked up "physics" in the index of one "deconstruction of science" [Tobis]

Michael, the very reason why spent 14 bucks on Andrea Nye's book Words and
Power is because I am fascinated by such "deconstructions" of science.  This
does not mean, however, that I hew to any "politically correct" line that (for
example) women's needs should always have precedence over the requirements of
the field.  Nonetheless, I found much to profit by in Nye's book, and I think
that the notion that physics has some sort of genesis in a gentleman's need to
distinguish his activity from that of the herd a fascinating and illuminating
notion.  This may be confusing: however, it is also a highly CRITICAL reading
of critical theory and a theory which cannot stand self-application is
undeserving of honor.

I find it interesting, have read my critical theory, that status and class
anxieties blind people in programming to the realities of that field.
Programming is like writing was to Plato in that it may empower the formerly
silent, and this produces anxiety even in the formerly silent.  Thus the need
to differentiate Serious and Mission Critical software from Not Serious and Not
Critical software, even when writers with the intelligence of Dijkstra have
pointed out the inability to computer science majors to write a simple
match-merge problem for business (presumably a Not Serious application.)

It should also be noted that deconstruction, like Algol, is a
European import and as such what you were subjected to may have
been the product of the American mis-reading of deconstruction,
based on the decline in standards at our universities that began
in the Sixties.  Derrida himself, one of the luminaries of the
French school, has commented on how Americans misread him when he
writes about notions like "free play" and the differing "semantic
networks" around "jeu" versus "play".

>With PCs (Personal Computer, not Political Correctness ...) [Frankston]

 ...or puissance/connaissance, Foucault's power/knowledge represented
 by computer power...

>The fundamental fallacy in a "pure logic" approach to programming is that it 
>doesn't scale and deal with complexity.  Chemical engineering is not just 
>quantum mechanics with a few more numbers.

     Computer programmers hate the idea of having to use formal methods.
     Formal methods have the air about them of being kept after school,
     since they essentially use the same symbolic notions as
     programming.  However, training in formal methods enables you to
     use them informally...to produce, say, a cogent argument in
     natural language concerning a piece of code.

>I find the assertion that formal proofs and other formalisms should be
>required subjects for programmers and system designers to be ludicrous.
                                                             [anasaz!qip!john]

Richard Slomka wrote a book years ago, "No-Nonsense Management" which
said that although you'll never get perfect numbers this is no excuse
for not continually trying to improve your numbers.  Training in
formal methods produces programmers better able to produce INFORMAL
(natural language) proofs and arguments about their code. 

>Likewise, there are few people who end up writing compilers for a living, yet
>computer science curricula require courses in formal grammars. Why? [...]

Training in the development of compilers is excellent preparation for
developing front-ends to business programs, and I am also reminded of the
recent comp.risks article mentioning a reinsurance system that could not handle
recursive cycles.  As a consultant and programmer in that aforementioned
real-world, I have encountered a number of disasters that could have been
avoided if the original designers had been CS-literate:

     *  A Cobol program for telecom switch billing that had to
        simulate the switch in order to reconstruct calls from
        basic events such as off-hook.  The original designers
        did not know anything about finite-state automata, around
        which the actual switch was built.  The resultant program
        was for this reason a collection of pious hopes connected by 
        gotos which I rewrote in a few weeks...using finite state automata.

     *  A bill of materials processing program that, like the
        reinsurance program, did not use stacks and as such did
        not handle self-embedding parts (part A needs part B needs part C)

     *  IBM's "arbitrary character" hack in XEDIT, an editor
        for the mainframe VM/CMS operating system, which
        is "simpler than" regular expressions...and which is
        essentially unpredictable in common instances.

------------------------------

Date: Thu, 13 Jun 91 16:01:56 -0400
From: padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson)
Subject: Formalism vs Experimentalism

1) Am not sure what purpose sexism has in this argument, my staff is evenly
   divided & I haven't seen any correlation - all of my people have equally
   odd and complementary abilities.

2) Both F & E have a place in good software design as does art, formalism 
   is necessary to "define the envelope" and experimentalism is necessary 
   to fill it.
   
   But art is necessary in determining that it can be done in the first
   place: it takes a peculiar sort of attitude to take "it can't be done"
   as a challenge rather than a fact & I choose my people for attitude,
   ignorance is curable.

   When I use maxterms & minterms to establish a logical path from inputs
   to outputs, formalism tells me how many steps are necessary and hints
   at the best path and experimentalism will often find innovative paths
   to sucess, (of course having learned FORTRAN II as my milk language 
   and having used EQUVALENCE & reverse dimensioned arrays in the past to 
   accomplish goals probably does not make me a good model for the innocent), 
   but neither is of much use for creating the model - that takes art.

   As do many things, this reminds me of a quotation attributed to W. A. Mozart
   (if incorrect, I am certain that the RISKS readers will correct me). A
   student asked how both/he/it/she (covers all bases alphabetically) could
   learn to write an opera. When told that it took a combination of schooling,
   study, & practise that totaled over twenty years, the response was: "But
   Herr (do not think this is in question) Mozart, you wrote your first opera
   when you were sixteen !?". Wolfie replied: "Ah yes, but I did not have to 
   ask."
							Padgett

------------------------------

End of RISKS-FORUM Digest 11.91
************************