Subject: RISKS DIGEST 12.68 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 13 December 1991 Volume 12 : Issue 68 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Hubble Trouble: Space Telescope shuts itself down (Henry Cox) Postal worker leaves automated stamper in test configuration (Palmer Davis, Joe Brownlee) 2 Safeway preferred customers, to go! (Bear Giles) Hospital computer solicits the dead (Adam Gaffin) Computer records track killer (Robert Jenkins) Train crash in UK - is it human error? (Olivier M.J. Crepin-Leblond) TRW lawsuit settled with FTC, 19 states (Phil R. Karn) National Fingerprint Database specs (Clifford Johnson) Bill on computer usage about to become law in Ireland (Mark Humphrys) The description is right, only the language is wrong (Dan Franklin) Poll tax incompetence (Robin Fairbairns) Truth in Antiviral Advertising (Russell Aminzade) Re: Pentagon computers vulnerable (Steve Bellovin) Post-structuralism and Technology (Phil Agre) Chaos Congress 91 Program (Klaus Brunnstein) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. REQUESTS please to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 12, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Wed, 11 Dec 91 08:26:42 EST From: cox@cadence.com (Henry Cox) Subject: Hubble Trouble: Space Telescope shuts itself down [A short blurb from the Boston Globe, 11 Dec. 1991] Washington - The Hubble Space Telescope has shut itself down temporarily because of a computer programming error that rotated its communications antenna into a technical no-parking zone. The Hubble went into a "soft safe mode," shutting down some but not all its systems and halting scientific work on Monday. It is programmed to take this kind of action whenever necessary to protect itself from harm. In this case, it was at the hands of what officials called a "fluke" buried undiscovered in its millions of lines of computer code. [PGN provides the following additional excerpt from an AP item:] The trouble was in the system that swivels to keep the Hubble's antenna pointed to an overhead relay satellite, as the telescope orbits the Earth. On Monday, the onboard computer issued a command that exceeded the software limits on the speed of antenna movement and the system went into an emergency "safe mode" to protect itself from harm. "These things are going to happen over 15 years," Weiler said, calling the incident "a non-problem." The Hubble's planned lifetime is 15 years. ------------------------------ Date: Tue, 10 Dec 91 00:33:56 -0500 From: Palmer Davis Subject: Postal worker leaves automated stamper in test configuration According to a report by WEWS-TV, a repair technician at a U.S. Postal Service facility in Columbus, OH, when repairing a machine used to automatically stamp messages on cancelled letters, reconfigured the machine to display a test message that he had learned from his instructor during training, but forgot to reset the machine to print the correct message after he completed his repairs. So now, instead of "MERRY CHRISTMAS" or "HOLIDAY GREETINGS", thousands of letters in circulation bear the message "YOU BITCH". [Also noted by Mowgli Assor : only envelopes 5 1/4-inches tall or taller were affected, but Johnson said postal officials estimated that more than 12,000 were printed and only a handful were caught before they were loaded onto trucks for delivery. The office handled about 5 million pieces of mail Saturday ...] ------------------------------ Date: 11 Dec 1991 8:17 EST From: Joe Brownlee Subject: Postal worker leaves automated stamper in test configuration This rings a bell with me, because I have seen a few cases where this type of message was used in test versions of software. For example, a young programmer I worked with placed a message in a program instructing the user to press a certain key to "bomb off", which would produce a dump of the program's current state so that he could examine it. The message made it out the door and into a customer's hands. They were less than amused. In another case, an obscene message was displayed when the use entered an illegal value at a prompt. That software was almost sent out the door, but was caught at the last minute and removed. I suppose the moral is don't enter anything in the system you wouldn't want a customer to see. ------------------------------ Date: Wed, 4 Dec 1991 20:16:52 -0700 From: Bear Giles Subject: 2 Safeway preferred customers, to go! >From _Westword_, an alternative Denver weekly (12/4/91): Safeway may be turning its "preferred customer" program into a "proffered customer" deal. According to the _Wall Street Journal_, grocery stores in Chicago, Dallas, Los Angeles and Denver are part of a Citicorp program that uses checkout scanners to record shoppers' buying habits. You may have thought that preferred customer card was just a way to get some free Jimmy Dean sausage and a friendly monthly letter from Safeway's Bob Green -- but it also links your name and mailing address to your shopping list. Once you've presented your card, your personal purchases are no longer so personal. Citicorp originally planned to sell data on shoppers' purchasing patterns to grocery marketers. But for the last month, the _Journal_ says, that information has been for sale to all comers. It's handily divided into eight categories, including "weight-conscious consumers" (511,227 names of people caught buying lo-cal treats) and "fancy food buyers" (refrigerated pasta is enough to brand you fair game for marketers of travel magazines). And just where does the fried-pork-rind-and-Cheese-Whiz contingent fit in? [Imagine the fun a health insurance company could have with this information: if (subscriber) { if (high-fat-foods && !fiber) { colon-cancer++; rates++; } if (cigarettes) { lung-cancer++; rates++; } if (condoms) { sexually-active++; rates++; } if (KY-Jelly) { test-for-aids++; rates *= large-number }} (Of course, they would never purchase the records from my health club for "physically-active++; rates--"). The fact that Citicorp offers this information for Safeway customers certainly implies the same type of information is available on your Citicorp-issued credit cards. Aha! A new, high-interest category: unfaithful spouses! (Check for flowers or hotel rooms within 50 miles of home charged to credit cards). Sure to be read by divorce lawyers across America! Bear Giles bear@fsl.noaa.gov ] ------------------------------ Date: Wed, 11 Dec 91 07:29:13 pst From: well!adamg@fernwood.UUCP (Adam Gaffin) Subject: Hospital computer solicits the dead Middlesex News, Framingham, Mass., 12/11/91, page 1 Framingham Union letter solicits from dead - again By Adam Gaffin NEWS STAFF WRITER FRAMINGHAM - The letter expresses the hope that Matthew Jong's recent stay in Framingham Union Hospital went well and asks him to consider making as large a donation as possible. The only problem is that Matthew Jong was pronounced dead in the hospital emergency room on Oct. 5 after a car accident on Rte. 9 in Natick. ``This solicitation was the final straw,'' says his mother, Gail, a Wellesley resident. She has been fighting with the hospital for two months over the way she was told Matthew was dead - a phone call from the emergency-room doctor, rather than a visit from a Natick or Wellesley police officer. At least one other deceased Framingham Union patient has received a similar letter since September, when the hospital said it had fixed a computer glitch that resulted in a number of dead people being sent fund- raising letters. At the time, Ross Mauro, the hospital director of marketing, said he had been assured this ``will not, cannot happen again,'' by the hospital's data processing department and the firm hired to send out the letters to former patients. ``Your gift will be an investment in the future health of your family and your community,'' the letter, signed by medical-staff President Joseph Baron concludes. ``It could help save the life of someone you love.'' ``This family has suffered enough and we wish they never had gotten the letter,'' said hospital spokeswoman Ruth Stark. She said the mix-up occurred partly because of the way the emergency-room physician who attended Jong filled out a form on his case. A standardized form is required for every patient who enters the hospital, and care-givers are supposed to mark a box on the form with a one-letter code indicating the patient's status. In Jong's case, the doctor wrote ``deceased - sent to morgue'' in longhand across the form, rather than putting an ``E'' - for ``expired'' - in this box, Stark said. The form ultimately wound up in a data-processing office, where workers type patient information into a hospital computer. A clerk did not notice the box was empty on Jong's form, and did not read the doctor's comments, and so entered his data into the computer, she said. The computer is supposed to delete the records of anybody who is deceased, a prisoner or a Medicaid patient before the data is shipped to the mailing company, Stark said. ``It's not a foolproof system,'' despite efforts to reduce such incidents.''... She said hospital personnel have been reminded to fill out the box to prevent such mishaps. But she added that the computer program that does the deleting is currently set up to assume that a blank disposition box means the patient went home and that officials are looking at ways to change that. ``We are intending to insure that this doesn't happen in the future,'' she said. [...] ------------------------------ Date: Sun, 8 Dec 91 20:05 GMT From: Robert Jenkins Subject: Computer records track killer According to a report in the Guardian newspaper (London), of 6 Dec 91, a recent murder case was solved by police partly through a computer disproving a suspect's alibi. John Tanner murdered his student girlfriend and hid her body underneath the floorboards of her house. Initially, the police treated him as a witness rather than a suspect, but his story began to fall apart. He told the police that he and the girl had taken a bus ride together to the train station at a time when she was already dead. The Guardian reports: "The company that runs the local bus service keeps computerised records of its tickets. Only one person got on the bus and bought a ticket to the station at the time Mr Tanner claimed." A RISK, I suppose, of trying to get away with murder. But also another example of low-level, invisible, surveillance that computers introduce into our lives. Jolyon Jenkins (rjenkins@cix.compulink.co.uk) ------------------------------ Date: Sun, 8 Dec 91 19:55 BST From: "Olivier M.J. Crepin-Leblond" Subject: Train crash in UK - is it human error? From Oracle Teletext Service (ITV, UK), 8 Dec 1991: "Urgent checks are going-on following the Severn Tunnel rail crash on backup equipment installed after earlier technical problems with the signals. Sixteen people are still in hospital after the crash between an Intercity and a two-carriage Sprinter on Saturday. BR [British Rail] is looking at whether there was `further failure of equipment' or whether human error was involved. The express had slowed to 20mph after a proceed-with-caution signal and was hit by the Sprinter from behind - so what signal, if any, did the Sprinter get?" [`Intercity' and `Sprinter' are two types of train. The crash which happened on Saturday morning injured close to 100 people.] Olivier M.J. Crepin-Leblond, Imperial College London, UK. ------------------------------ Date: Tue, 10 Dec 91 14:04:11 EST From: karn@thumper.bellcore.com (Phil R. Karn) Subject: TRW lawsuit settled with FTC, 19 states [see RISKS-12.05] Excerpted from an article by EVAN RAMSTAD, AP Business Writer, 10Dec91: DALLAS (AP) _ TRW Inc. has settled a lawsuit with 19 states and the Federal Trade Commission, which accused the company's credit reporting unit of violating consumer privacy and making reporting errors that harmed the credit ratings of thousands of consumers. The settlement requires Cleveland-based TRW to make sweeping changes in its credit reporting business, including providing reports to consumers who ask within four days. [...] The settlement comes against a background of growing consumer anger over the enormous power of credit reporting companies, which keep financial dossiers on tens of millions of Americans. [...] The lawsuit cited cases where different consumers' reports were mixed together and said such inaccuracies are hard to correct. The states and FTC charged old information reappeared in consumers' files and that consumer disputes were not adequately investigated. [...] The settlement requires TRW to improve its procedures so that files of consumers are not mixed up and to prevent old information from reappearing in consumers' files. TRW also agreed to establish a toll-free number for consumer inquiries, investigate information disputed by consumers and check public records if necessary to verify information. The company also agreed to notify consumers of their rights to dispute information and to tell them, upon request, about other companies to whom the credit reports have been sold. TRW also agreed to disclose to consumers their individual credit scores, starting Dec. 31, 1992. The company will have to keep records of its compliance and pay the states $300,000 to cover legal costs, according to the settlement. [PGN saw a Washington Post article on 11Dec91, page F1, by Albert B. Crenshaw, who noted that as part of the settlement TRW said it would * Adopt procedures to prevent data mixups * Review within 30 days any disputed information, and delete any that cannot be confirmed within 30 days * Delete any disputed information when the consumer presents relevant documentation * Implement procedures to prevent reappareance of seriously derogatory information that has been deleted following a complaint. ] ------------------------------ Date: Thu, 12 Dec 91 11:34:38 PST From: "Clifford Johnson" Subject: National Fingerprint Database specs >From Gov't Computer News, Dec. 9, 1991: FBI SHOPS FOR A SPEEDY FINGERPRINT SYSTEM ... The FBI wants IAFIS [Integrated Automated Fingerprint Identification System] to complete urgent fingerprint matches in under 15 minutes. It expects a three second response to searches for name and description against its Criminal Master Database. Now the fingerprint and information searches can take two weeks... The system is slated to start running in Clarksburg, W.Va., in late 1994 ... IAFIS will give law enforcement agencies throughout the country a way to check fingerprints electronically, through the FBI's National Crime Information Center (NCIC) network... AFIS will perform a search of the agency's national fingerprint database. The system will provide a list of the most likely candidates, or a message reporting that none were found... The FBI wants a system that has a 95% accuracy rate for 10-print searches. For crime scene prints, "the correct candidate shall be listed in the top-ranked position 50% of the time, and in the top 20 positions 65% of the time"... To keep the system secure, the FBI will not make technical details public. ------------------------------ Date: Wed, 11 Dec 91 01:46:11 GMT From: Mark Humphrys Subject: Bill on computer usage about to become law in Ireland The Criminal Damage Bill, 1990, is about to be passed into law in Ireland, containing what appears to be an extremely broad definition of 'unauthorised' use of computers. Section 5 reads as follows: (1) A person who without lawful excuse operates a computer ... within the State with intent to access any data kept either within or outside the State ... shall, whether or not he accesses any data, be guilty of an offence ... (2) Subsection (1) applies whether or not the person intended to access any particular data or any particular category of data or data kept by any particular person. Section 6 states that "lawful excuse" applies: "...if at the time ...he believed that the person... whom he believed to be entitled to consent to or authorise the ... accessing of the [data] in question had consented, or would have consented to or authorised it if he or they had known of .. the accessing and its circumstances, [or] if he is himself the person entitled to consent to or authorise accessing of the data concerned" This Bill has been passed by the Dail (roughly equivalent to the House of Representatives) and is on its 2nd stage in the Senate (roughly equivalent to the US Senate) on Thur 12th Dec. I would appreciate any comments on what this Bill implies, and examples of legislation in other jurisdictions. The wording would appear to me to be extremely dangerous and ill-conceived. This is NOT a hypothetical case. I have contacts in the Labour Party ( the 3rd largest party here ) who want to propose amendments to this Bill, and they have asked me for advice. There is every chance that they will succeed, if they can propose an intelligent alternative. The last chance to amend it will be late Dec / early Jan. Then it will become law. Mark Humphrys, Dublin, Republic of Ireland ------------------------------ Date: Mon, 09 Dec 91 11:53:18 -0500 From: dan@BBN.COM Subject: The description is right, only the language is wrong The Boston Globe "TV Week" movie listings had an unusual description for one movie this past week: _New York, New York_ (1977) Robert De Niro, Liza Minelli. Apres la deuxieme guerre mondiale, une chanteuse aide un saxophoniste a joindre un orchestre fameux de jazz. (120m.) The rest of the listings were in English, as they normally are. The Globe had this to say (Saturday, December 7, 1991): A spokeswoman for Tribune Media Services, which supplies the movie listings to newspapers in the United States, Canada, and the Caribbean, tells us someone selected the wrong description of the film from the company's data base and included it in the listings sent to the Globe. Some television stations carry English-language films dubbed in French, she notes. The English description reads: "A singer and a saxophonist team up and break up in the postwar big-band era. Directed by Martin Scorsese." It is hard to believe that this error would have occurred, and not been caught, before the age of computers. The RISK here is that as the chain of events handled purely by computers lengthens, it becomes possible for relatively major errors to occur unnoticed, because no one is looking closely at the output at any stage. Dan Franklin P.S. A non-RISK is that those of us who can understand a little French can be amused at how different the two descriptions are... ------------------------------ Date: Thu, 05 Dec 1991 09:14:47 +0100 From: Robin Fairbairns Subject: Poll tax incompetence I've now simmered down, but I was in a state of seething fury yesterday from the behaviour of our local Poll Tax office. Earlier this year, I split up from my wife, and moved house. Still within the city, but they gave me a new tax account number: I thought it pretty daft then. Three months ago I changed the method of payment; in October, they recognised this and sent me a letter saying that the first payment would be requested from my bank on 26th November. On the 2nd December I received a tax demand; when I finally got through to the payments office, they agreed that it was silly, and should be dealt with by the direct debit. Almost immediately, they rang me back and said there was no direct debit mandate on my account. If I'd really given them one, would I please call my bank and ask them to send a copy of their half of the mandate? Yesterday, I called them again: I had with me a copy of their letter about the mandate. They were adamant; finally we came to the joint realisation that there were _3_ accounts involved - the one at my old address, my present one, and the one that had the mandate. The payment people had no record on any account they could look at of my mandate. Through to the registration people: ah yes, they said, we had a problem with the accounts of the previous occupants of your house, so we deleted all accounts with that address. Sorry, we seem not to have transferred your mandate when we created a new account for you. The risk? Incompetent use of computers causes raised blood pressure! Robin Fairbairns, Senior Consultant, postmaster and general dogsbody Laser-Scan Ltd., Science Park, Milton Rd., Cambridge CB4 4FY, UK ------------------------------ Date: Mon, 9 Dec 1991 07:17 EST From: "Russell Aminzade: Trinity College of VT" Subject: Truth in Antiviral Advertising An advertisement has been running in major computer professional magazines that I find both obnoxious and dangerous. I've seen it in several places, but I'm looking at the inside back cover of the December 2, 1991 PC WEEK (Vol 8. #48). It's an ad for Central Point Software's "Central Point Anti-Virus." The ad has an illustration of nine computer screens. Eight of them appear to show illustrations of the results of these virii, but to anyone familiar with one or more of them they are obviously "artists interpretations." Though I haven't encountered every virus "shown," it appears that all of these screens embellish the actual results of the virus, not only making the results of infection look scarier, but giving some expensive publicity to the authors of the Stoned Virus, Friday the 13th Virus, Datacrime Virus, Aircop, Ping Pong, and Falling Letters. The RISK here, of course, is that giving free publicity to virus authors will encourage them (and others) to new heights of "creativity". I'm angry in part because I have been victimized by computer virii. I think I've got at least some understanding of the mind of a computer vandal, and the only motivation I could see for releasing a virus would be a desire to see your program widely publicized and your programming "skill" demonstrated. This ad takes it one step further, prominently identifying and enhancing (in garish color) the on-screen look of the virus. I would feel the same way if I was a park system manager, and a company that sold cleaning agents highlighted the work of a graffiti artist who was well-known in my town. If they also hired professional artists to improve the quality of this punk's graffiti, and ran photographs showing statues and benches allegedly painted by him or her, I'd be raging mad. Central Point makes some pretty good software. I've purchased some of it (not this product, though). I angered that they seem willing to stoop this low to sell their product. I also wonder how long it will be before some company is willing to stoop low enough to unleash some nasty code from which their product can protect users. ------------------------------ Date: Mon, 02 Dec 91 19:55:12 EST From: smb@ulysses.att.com Subject: Re: Pentagon computers vulnerable I certainly can't speak about all of the break-ins. But I was part of a team that monitored many such attempts -- and these were very definitely traced back to the Netherlands. For more details, see Bill Cheswick's paper at the forthcoming Usenix conference. As for the notion that it's up to the U.S. military to take precautions -- nonsense! What ever happened to ethics? Is it not sufficient that it's their computer -- for almost any value of ``their'' -- and they don't want you there? I note that Herschberg's students have prior permission to conduct their break-ins. That's fine -- I not only have no problem with that, I conduct such authorized break-ins myself as part of my job. Again, though, note that I'm acting with prior permission. --Steve Bellovin ------------------------------ Date: Mon, 2 Dec 91 17:20:07 pst From: pagre@weber.ucsd.edu (Phil Agre) Subject: Post-structuralism and Technology John Bowers (University of Manchester) and I were talking a couple months ago about various interesting people who have been studying technological issues using new-fangled methods from philosophy, literary criticism, and sociology. One recurring theme is the influence of "post-structuralists" like Derrida, Foucault, Lacan, and Deleuze [*]. We realized, though, that these folks are all scattered among disciplines and countries, so that a lot of them don't yet know each other. So we've started up a network discussion group for such people and their sympathizers. Its main purpose is to get everyone introduced and exchanging papers, though perhaps some interesting discussion will start up as well. Its address is postech@weber.ucsd.edu. Anyone who wants to be included can send a note to postech-request@weber.ucsd.edu. (Make sure to include a network address that's accessible from the Internet: me@here.bitnet, uucpnode!me@gateway.somewhere.edu, me@machine.here.ac.uk, me@ibm.com, or whatever.) We'll collect addresses for a month or so; then we'll invite everyone to describe their work and see what happens. Phil Agre, UCSD [*] The relevance to Risks is that a number of these people tend to take a dim view of technology as a system of social practices, and have novel things to say about why we should care. Foucault in particular has defined an interesting broad sense of "technology" that includes both the physical machinery and the kinds of cultivated selves that together, he argues, make up the deep workings of power. These ideas have led to some challenging new work, such as Valerie Walkerdine's book "The Mastery of Reason" (Routledge, 1988), which uses ideas from Foucault and Lacan in a genuinely deep way to explain how children learn to use mathematical language. ------------------------------ Date: 12 Dec 91 16:08 +0100 From: Klaus Brunnstein Subject: Chaos Congress 91 Program I just receiving the program of Chaos Congress 1991 (over 300 lines, in German), the following is a condensed survey/translation: 8th Chaos Communication Congress: "Hitchhiking through the Networks - The European Hacker Party" -------------------------------------------------------------- Friday, Dec.27 (12:00) to Sunday, Dec.29 (16:00), 1991 Eidelstedter Buergerhaus, Hamburg-Eidelstedt (54), Elbgaustr.12 Fee: CCC members 20 DM; non-members: 30 DM; press: 50 DM; commercial participants: 150 DM. Program: Fri 27 11:00 press conference 12:00 Opening session, welcome 12:30 Informatics and Ethics 12:30 Corn Flake Whistles and new methods (workshop) 12:30 Journalists and new media 14:30 Liability in cases of program faults and viruses (Freiherr von Gravenreuth, lawyer) 16:30 Data protection - theory and practice 16:30 DTP 16:30 Btx DocuSystem (Btx=minitel) 17:30 Feminin computer handling (only female participants!) 19:00 Questions of nomenclature and definitions Sat 28 10:00 ComLink and APC (regional networks for social communication and environment protection) 10:00 Waffle (UUCP on MS-DOS) 10:00 Mercury/Hermes (UUCP on Atari ST) 10:00 AmigaUUCP (UUCP on Amiga) 12:00 Individual Network (IN) for private communication) 12:00 Zerberos 12:00 Unix 14:00 Mailboxes and telecommunication as seen from German PTT Dr. Ruetter, German Telecom 14:00 TeX 14:00 MUD - Cyberspace (Multi User Dungeons) 16:00 Net services (email, news, IRC, FTP, Telnet, remote login, Talk ...) 16:00 Workshop Mailboxes and legal status 16:00 Voice Mail and PID 18:30 Citizen Networks, example Gay-Net 18:30 Stupidity in Networks (#3) 18:30 Workshop Net services Sun 29 11:00 Computer Viruses - State of the Art: Morton Swimmer (VTC) 11:00 Citizen Packet Radio 11:00 Hack center: net demonstrations (INTERNET) 13:00 10 years CCC 13:00 Workshop on Viruses - questions and discussion (M.Swimmer) 13:00 RISC - CISC comparison 15:00 Closing session 16:00 Party If you wish to receive the full German program, including details on location (telephone/fax number..), how to arrive and get rooms etc, please contact me. Klaus Brunnstein, University of Hamburg (Dec.12,1991 at 4:00 pm German time) ------------------------------ End of RISKS-FORUM Digest 12.68 ************************