Subject: RISKS DIGEST 13.20 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 28 February 1992 Volume 13 : Issue 20 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: [DON'T FORGET TO LEAP TOMORROW.] Risks of poor design (IRS Teletax phone system) (Andrew Marchant-Shapiro) Digital RF Link - at 2 Mbps - Wireless Monitoring (Joe Jesson) Overly curious exhibit at Chicago museum (Karl Swartz) CallerID for PC's (Jonathan D Arnold) International Cooperation on Computer Crime and Extradition (Sanford Sherizen) Re: More on the Airbus A320 (Robert Dorsett) Re: The long arm of the law fingers old fingerprint (Brinton Cooper, PGN) Re: Calculators in exams (Robert J Woodhead, Espen Andersen, Mark Jackson, Joe Morris, Mark Kantrowitz) *** DIAC-92 *** (Douglas Schuler) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP domain folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: 27 Feb 92 19:35:00 EDT From: "MARCHANT-SHAPIRO, ANDREW" Subject: Risks of poor design (IRS Teletax phone system) Earlier this evening, I tried to find out the status of my refund from the IRS. I called up Teletax, the IRS's voice-mail-like system, and followed the instructions. In general, these seem to be well-done; the most-requested functions are first on each menu, and things seem to be done consistently. I say "seem" for a very good reason... Following the instructions, I entered my SSN, heard it repeat back, and confirmed that it was correct. I was then told to enter my filing status, which I was about to do, when I heard "error, error, I cannot process your request!" repeated several times. Thinking that the system had burped, I hung up and dialed again. Once more, I gave the machine my SSN. But now, I was given a message to the effect that the IRS updates the system approximately every seven days, that my status had not changed since my last call, and that I should wait seven days before calling again. And, oh yes, thanks for using Teletax. Now, I know that I probably shouldn't complain about this, since the whole thing is a freebie, but it is truly irritating. A well-designed system would (I think) have told me SOMETHING about the nature of the error, rather than sounding like it dropped out of Lost in Space (come to think of it, THAT robot was a good deal more informative than Teletax). What bothers me most about the system is its assumption that, once the SSN is entered, you have a completed transaction. I haven't tested this out yet, but I'm willing to bet that entering a bogus number (which, btw, gets you a 'your return has not yet been processed') a second time would get you the same message that I got -- call back in seven days. Of course, this is a minor risk -- it's really more a case of poor error-handling. If I were a true paranoid, I guess I could see some legal claim based on the notion that computer records show me having been apprised of something when I was not; but for now, it's just an irritation. The only real RISK is that someone who enters somebody else's SSN by mistake would, while not getting the other person's information, effectively block the correct person from their information for approximately seven days. [...] Andrew Marchant-Shapiro, Depts of Sociology and Political Science, Union College, Schenectady NY 12308 518-370-6225 marchana@union.bitnet ------------------------------ Date: 28 Feb 92 03:09:30 GMT From: jessonj@nic.cerf.net (Joe Jesson) Subject: Digital RF Link - at 2 Mbps - Wireless Monitoring With all the recent interest in wireless communications, I was somewhat surprised at a recent NCR meeting. On display was an NCR WaveLAN wireless network card. No big deal, I thought, since wireless Local Area Network cards are produced by several companies using different wireless media. Radio Frequency and infrared seem to be the wireless media of choice with one limiting aspect - coverage of one room or, at most, a single office floor. Since the WaveLAN product uses 902 - 928 MHz no-license band, I assumed the one floor 100 foot limitation. Here is the surprise; a FIVE MILE distance between transmitter-receiver!! At 2 Mbps!! Real DX for a 250 Mw Digital System... I asked the NCR salesman to confirm this unusual claim. He said a "typical" distance in an enclosed office is 100 - 800 feet but, with an optional antenna and direct line-of-sight path, five miles IS reasonable. He did not have info on the optional antenna. I would assume, at 902 Mhz, the size of the antenna has to be small (even a directional multi-element yagi at 902 Mhz is really small). Ethernet (CSMA/CA) protocol with a low RF bit error rate of 10 exp -8 (at 5 miles?). Using spread spectrum and optional DES encryption, the 2 Mbps could represent a T-1 data stream with some overhead bits (2 - 1.544 Mbps) potentially as a Local Loop replacement or a no license repeater system. Since the antennas are directional and spread spectrum would allow simultaneous transmissions over the same frequency band (with an increase in noise level). INTERESTING applications and security aspects for a wireless 2 Mbps, 250 Mw power, Spread Spectrum , Differential Quadrature Phase Shift Keying Modulation (DQPSK) system... Joseph E. Jesson, 21414 W. Honey Lane, Lake Villa, IL, 60046 (day) 312-856-3645 (eve) 708-356-6817; jej@chinet.chi.il.us mhs!amoco!joseph_e_jesson@attmail.com [FORGET ATTMAIL UNTIL THEY GET THEIR ACT TOGETHER. THEY HAVE BEEN KILLING ME WITH RAMPANT BARFMAIL. This is an editorial comment based on a month of agony. PGN] ------------------------------ Date: Thu, 27 Feb 92 2:28:10 PST From: kls@ditka.chicago.com (Karl Swartz) Subject: overly curious exhibit at Chicago museum I was back home in Chicago several weeks ago and visited the Museum of Science and Industry one afternoon. The Post Office sponsored an area with exhibits on how our mail gets (mis)delivered. One of these was a computer which would tell you your 9-digit zip code, based on a normal address screen: NAME APARTMENT NUMBER STREET AND NUMBER CITY AND STATE 5-DIGIT ZIP CODE I recently moved and was mildly interested so I gave it a try with my old (as a check) and new addresses. But right of the top it occurred to me ... why do they need my name?! They don't, but I'm sure many folks just blindly type it in. If this data were actually accumulated by the exhibit (I have no reason to believe it is) one could envision all sorts of potential uses and abuses. (I believe the thing got testy if one left the name blank; I used the "dummy" name Dan Quayle. :-) ) Karl Swartz, 2144 Sand Hill Rd., Menlo Park CA 94025 1-415/854-3409 UUCP uunet!decwrl!ditka!kls [GOOD FOR YOU! Now just wait for the mailing lists... PGN] ------------------------------ Date: Fri, 28 Feb 92 3:02:13 PST From: kls@ditka.chicago.com (Karl Swartz) Subject: Re: overly curious exhibit at Chicago museum (responding to PGN) I thought that might catch someone's attention! But I'm not sure they could get the mail to me -- I recall something a few years ago where somebody sent a letter to Ronald Reagan in (wherever), CA. It came back stamped "moved, forwarding address unknown". Of course I shouldn't pick on government workers too much since as a SLAC employee I'm one of 'em. ------------------------------ Date: Wed, 26 Feb 92 17:28:43 -0500 From: jdarnold@world.std.com (Jonathan D Arnold) Subject: CallerID for PC's New for PC: $79 Caller ID Device 02/17/92 ROSWELL, GEORGIA, U.S.A., 1992 FEB 17 -- A start-up company announced a device which lets your PC access callers' numbers using the Caller ID service, at a price of $79. Whozz Calling? is a box, a few inches square, which connects to the phone line using standard RJ-11 jacks and to an IBM-compatible PC through a 9-pin RS-232C port. Zeus Phonestuff President Mark Sutherland says the device is designed for applications like inbound call management, mail list creation, and modem security. When linked to an online system, for instance, the device can assure that only calls from designated numbers get through. Software comes bundled with it. "We intend to go into mail order to see what markets are interested in the device, then go to distributors. They need a track record before they pick it up," he said. Caller ID is becoming available in increasing numbers of states, usually with a provision that callers be able to block their numbers from going out, free, on a per-call basis. The Federal Communications Commission has suggested per-call blocking might become a national policy but a number of states, including Georgia, do not allow consumers to block the sending of the number. Press Contact: Mark Sutherland, Zeus Phonstuff, 404-587-1541 [This announcement was found on RelayNet, an IBM PC store and forward network.] Jonathan Arnold, BBS Phone: (617)335-6842 Home Phone: (617)335-5457 Internet: jdarnold@world.std.com uucp: uunet!world!jdarnold ------------------------------ Date: Fri, 21 Feb 92 16:51 GMT From: Sanford Sherizen <0003965782@mcimail.com> Subject: International Cooperation on Fighting Computer Crime and Extradition of Computer Criminals Re: Police Foil Million Pound Hacking Plot (Bob Frankston, PGN) Bob Frankston and PGN raise some interesting questions about extradition problems with the recent UK hacking plot. However, that particular case does not prove that extradition is impossible. Work on improving international cooperation in fighting computer crime, including extradition of computer criminals, is developing on the political agreements and cross-border law enforcement levels. Several years ago, I developed a project on how crime control problems have become an important aspect of foreign policy and international agreements. A few of the more active areas of this trend are fighting drug smuggling, anti-terrorist coordination, stock market regulation, and riot control/civil unrest training. Slowly, computer crime has become part of this international agenda. Many of the international efforts that affect computer crime are related more to financial fraud and money laundering efforts. While these efforts may not explicitly mention computer crime, some attention has been paid to the fact that much of financial fraud and money laundering today is computer-aided. In essence, computer crime is covered by many of these "other" crime control efforts. Here are some specific examples of this international cooperation. The European Commission has developed a number of directives and regulations that relate to computer crime issues in the Single Market Europe. The most directly related are the various information protection, privacy, copyright and computer evidence requirements. Some of these have been adopted from the Council of Europe while other are derived from various EC actions. Computer crime-related decisions are also found in EC decisions regarding banking, EDI, and other important industry/sector areas. If anyone is interested in details on the security aspects of EC '92, they can contact me for my recent article in _Computers and Security_, which is adapted from my book published by Lafferty Publications in Dublin in 1990. International law experts have also been been attempting harmonization of law. Extradition has been considered. Recognition has been given to a requirement that offenses shall be punishable under the laws of both the requesting and the requested country and that the offense in question must be of sufficient seriousness. Conventions concerning mutual assistance and extradition have been discussed at the Council of Europe Select Committee of Experts level and the UN has created the UNCITRAL, which relates to aspects of the problem. ITSEC may also create opportunities for classified discussions of these problems. The BCCI case will probably make this international cooperation even more solid. Even before this case, significant international cooperation had developed regarding the fight against money laundering. Banks are increasingly being forced to give information about depositors to their governments and to act as "quasi-investigators" in responding to suspicious deposits. Even the Swiss banking system, known for its secrecy, has changed significantly in recent years in response to highly publicized money laundering cases and international crooks/political figures. Once again, although not explicit in the legal language or the media coverage, computer-aided crime is a major issue in these situations. As of last year, the U.S. had a number of bilateral agreements between regulations in markets around the world. U.S. pacts have been signed with the EC on regulating world financial marketplace as well as securities industry reviews. An important regional agreement was signed between the U.S. Securities and Exchange Commission and the Inter-American Development Bank, which could affect some of the Asian exchanges that are now becoming active in Latin America. Again, computer crime is not explicitly discussed in these agreements but they are inherent in the nature of the regulations. The EC has created the Unite de Coordination de la Luttee Anti-Fraude (UCLAF), which seeks to coordinate anti-fraud activites within the EC. I do not know whether there are extradition aspects to this. I got this information from Gary Marx from MIT, who is working with European criminologists on research concerning policing across national borders. Finally, PGN raises the question of possible data havens, where people will be free to electronically cross borders but be safe from punishment. Adrian R. D. Norman raised that issue many years ago in his book, "Computer Insecurity" in 1983 Worth reading even today. Sanford Sherizen, Data Security Systems, Natick, Massachusetts, USA ------------------------------ Date: Fri, 28 Feb 92 01:59:15 CST From: rdd@rascal.ics.utexas.edu (Robert Dorsett) Subject: Re: More on the Airbus A320 (Marchant-Shapiro, RISKS-13.19) > According to this report, MOST 320 aircraft have an alarm that informs > the pilot that s/he is flying too low, but France does not require this ... You're referring to a Ground Proximity Warning System (GPWS). Air Inter did not have them, because the A320 was only used within France, and, as you say, French law doesn't require them. The Habsheim crash involved an Air France airplane, which was used in continental operations; it did have one. The Bangalore crash, which involved an Indian Airlines airplane, also had one. GPWS was mandated in the US following the 1972 crash of an Eastern Airlines L-1011 in the Florida Everglades. The crew was distracted by a minor systems problem; in the process, the altitude-hold feature of the autopilot was disengaged. The airplane then very slowly started a descent, and ended up flying into the ground. Nobody was minding the shop. Following the US decision to require them, most other countries followed suit. The GPWS normally works by comparing radio altitude (actual height above ground), speed, and vertical speed rates. Because of the radio altitude component, it's only effective after the airplane has been flying under approximately 2500' for some length of time. On the A320, there are five distinct modes which are handled by the system, with corresponding aural alerts: Excessive rate of descent "Sink Rate" and "Whoop! Whoop! Pull Up!" Excessive terrain closure "Terrain Terrain. Whoop! Whoop! Pull Up!" Altitude loss after takeoff "Don't Sink!" Unsafe terrain clearance "Too Low Gear!" and "Too Low Flaps!" Descent beneath glide slope "Glide Slope!" The aural messages are normally taped, but knowing Airbus, they're probably digitized. :-) A master caution (yellow--not a warning light) also appears. Most airliners have some variation on the above. The pilot is able to inhibit the various modes, through four smart switches. Following the introduction of GPWS after the EAL crash, there were numerous false warnings, and GPWS got a bum rep among many pilots. The system still has problems, due to its basic design premise, but the number of false alarms has dropped significantly, overall. Air Inter has stated that it *removed* its units because of excessive false warnings, i.e., operational considerations. Which raises the question that, even if the ill-fated A320 HAD the devices, the crew might very well have ignored the alert. As with most crashes, the Air Inter crash was likely the result of a complex number of factors; no single protection could have "saved" the airplane. As for Habsheim, the GPWS went off once, during the set-up to the flyover, but after that, the last few seconds of the approach was beneath the threshold arming altitude of 30'. Which was also beneath the trees. It wouldn't have made any difference. At Bangalore, there were two excessive rates of descent warnings, but the crew either ignored them, didn't hear them (unlikely, since they're quite loud), or filtered them out. A very basic lesson here is that if we're going to mandate these systems, we'd better make sure their warnings are accurate. To do otherwise is to limit the effect they may have on pilots, who tend to have more confidence in their airmanship than with a poorly functioning subsystem. Similar arguments can be applied to the imperfect T/CAS 2 system, which was mandated following a highly publicised mid-air collision. Too many wrong warnings can be worse than none at all. Robert Dorsett UUCP: ...cs.utexas.edu!rascal.ics.utexas.edu!rdd ------------------------------ Date: Thu, 27 Feb 92 20:07:18 EST From: Brinton Cooper Subject: Re: The long arm of the law fingers old fingerprint You write of "A fingerprint found in an unsolved 1984 murder" and which fingerprint ... matched a new one taken in connection with a petty theft case..." leading to solution of the murder! This isn't the sort of thing we usually see in Risks Digest. This time, the risk is "good," as it was a risk to the bad guys! _Brint ------------------------------ Date: Thu, 27 Feb 92 18:38:22 PST From: RISKS Forum (Peter G. Neumann) Subject: Re: The long arm of the law fingers old fingerprint Brint, You are absolutely correct. I could have added a nice note at the end, soliciting more HAPPY stories. I used to get a lot of grumbles from folks who say we never run anything but the bad news. But we don't get much good news submitted. I had to submit that one myself! Peter ------------------------------ Date: Fri, 28 Feb 1992 03:06:06 GMT From: trebor@foretune.co.jp (Robert J Woodhead) Subject: Re: Calculators (RISKS-13.19) >... Then the examination will necessarily have to be a real test of > problem-solving ability rather than a test of the candidate's > ability to regurgitate memorized data. Alas, this would add the requirement that the teachers be capable of asking good questions. In all but a few cases, this may be too much to ask. ;^) Robert J. Woodhead, Biar Games / AnimEigo, Incs. trebor@foretune.co.jp ------------------------------ Date: Thu, 27 Feb 1992 22:58 EDT From: ESPEN ANDERSEN Subject: Re: Calculator Use During Exams I was involved in setting up rules for calculators etc. at exams a few years ago. The problems was: we wanted to permit students to use simple calculators on exams (as part of "regular exam tools", but did not want to make all exams open book because of students programming text etc. into small (and ever getting smaller) computers. At the same time we could not make the rules too technically oriented: the business school (in Norway) I worked for used retirees as exam proctors, and technical specificities were beyond their horizon. Solution: devices allowed as long as they - did not require AC - did not make noise or could output to paper - could not display more than 80 characters of text or numbers The philosophy being that if the students really wanted to use devices that filled these specs on exams to cheat, they were welcome to: they would probably not derive any substantial benefit from it. (In fact, if a student goes through all the trouble of programming all the formulas into his HP-whatever, he (or she) will probably have learned them by heart and would not really need to have them programmed). ------------------------------ Date: Fri, 28 Feb 1992 03:26:08 PST From: Mark_Jackson.wbst147@xerox.com Subject: Re: Proposal for policy on calculator use during exams (Frankston 13.19) > ... but that would reduce closed book exams to an abstract > exercise unrelated to actual practice. Too late. ------------------------------ Date: Fri, 28 Feb 92 08:45:25 -0500 From: Joe Morris Subject: Re: Calculator Use During Exams In RISKS 13.19 several postings commented on the issues involved in the control of hand-held calculators during closed-book exams. The original posting is Bezenek (RISKS 13.16). Despite the recent interest shown by the postings, the issue isn't at all new. My father, who for many years was the head of Tulane University's Physics department, refused to permit the use of slide rules by students taking exams for his undergraduate classes. While I don't necessarily agree that such an absolute ban was necessary, his reasoning was that while the slide rule (if correctly used...which wasn't a given assumption) could provide the correct digits in a problem, the user had the responsibility for keeping track of the decimal point...and since problems in physics involve huge ranges of exponents, the students would not develop the necessary recognition of "reasonableness" for the answers if they didn't work out the problems on paper. This is close to the issues raised by Cooper in RISKS-13.19. There's been a story floating around so long that it may be urban legend, but supposedly there was an experiment several years ago in which a class was given an examination in which hand-held calculators were provided for their use. Unknown to the students, the calculators were rigged so that some of the calculations required on the examination would produce answers which were so far out of line that anyone paying the least attention to the results would have known that they were wrong. According to the story, only a minuscule number of the students caught the problem; the others blindly copied down the impossible results. (Can anyone provide an authoritative citation for this? It's a good example even if it can't be verified, but it would be even better if it can be authenticated.) Joe Morris ------------------------------ Date: Fri, 28 Feb 92 10:32:11 EST From: Mark.Kantrowitz@GLINDA.OZ.CS.CMU.EDU Subject: Re: Calculator Use During Exams My mother, a high school mathematics teacher, has a simple solution to the problem of calculator use during exams -- she maintains lists of the models her students are and are not allowed to use. At the beginning of the exam, she walks around the room and erases the memory of the calculators. (Most calculators have a short sequence of keystrokes which will erase all the memory.) A calculator which does symbolic integration, of course, is not allowed on an integration exam. Whenever a manufacturer debuts a new calculator, she buys or borrows one to evaluate it. --mark ------------------------------ Date: Mon, 10 Feb 92 14:20:21 PST From: douglas@atc.boeing.com Subject: DIAC-92 DIRECTIONS AND IMPLICATIONS OF ADVANCED COMPUTING DIAC-92 Berkeley, California U.S.A May 2 - 3, 1992 8:30 AM - 5:30 PM The DIAC Symposia are biannual explorations of the social implications of computing. In previous symposia such topics as virtual reality, high tech weaponry, national priorities, computers and education, affectionate technology, computing and the disabled, and many others have been highlighted. Our fourth DIAC Symposium, DIAC-92, will be held this Spring. The first day will consist of individual presentations and panels on a variety of issues. The second day will consist of workshops that will be less formal and more highly interactive. Most of the workshops will be working sessions where output of some kind will be produced by the participants. Preliminary topics include: + Community and Global Electronic Networks + Computing in the 21st Century + Social Interactions in the MUD (Multi-User Dimension) + Work, Power, and Computers + Computing and Education + Civil Liberties in an Electronic Age DIAC-92 will take place in 100 Genetic Plant Biology Building at the University of California at Berkeley. The GPB Building is in the northwest corner of the campus. *************************************************************************** PLEASE NOTE: Workshop Proposals are due March 1, 1992. Please contact Doug Schuler - dschuler@cs.washington.edu for "Call for Workshop Proposals." *************************************************************************** To attend DIAC-92 send name, address, email address and registration form to: DIAC-92 Registration, P.O. Box 2648, Sausalito, CA, 94966 Conference Fees: CPSR Member $40 __ (or AAAI, BCS, ACM SIGCAS, ACM SIGCHI) Non-member $50 __ New CPSR Membership (including DIAC Registration) $80 __ Student $25 __ Proceedings Only $20 __ Proceedings Only (foreign) $25 __ Additional Donation __ Contact Doug Schuler, 206-865-3832 (work) or 206-632-1659 (home), or Internet dschuler@cs.washington.edu for additional information. Sponsored by Computer Professionals for Social Responsibility P.O. Box 717 Palo Alto, CA 94301 DIAC-92 is co-sponsored by the American Association for Artificial Intelligence, and the Boston Computer Society Social Impact Group, in cooperation with ACM SIGCHI and ACM SIGCAS. ------------------------------ End of RISKS-FORUM Digest 13.20 ************************