Subject: RISKS DIGEST 13.38 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 10 April 1992 Volume 13 : Issue 38 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: New California lottery game delayed by program flaw (PGN) High Marks & Spencer -- it's-pence'r-pounds (Dorothy R. Graham via PGN) London Ambulance Service computer system problems (Dorothy R. Graham via PGN) Women's lives imperiled by medical software (Dorothy R. Graham via PGN) Computer "error" blamed for murder? (PGN) U.S. Justice Dept.'s Alien Deportation Notification File Prototype Inaccurate (Sanford Sherizen) Re: Killer Asteroids, Detect/Deflect (Tom Neff, Leslie DeGroff) FBI phone taps (Mark Seecof) Data compression & American cryptographic export policy (Conrad Hughes) Re: Cryptography used by Terrorist Organisation (Dik Winter) PBS TV Show Accuracy (R.Y. Kain, Dave Marvit for WGBH-TV) The makers of the PBS series respond (Dave Marvit) Computer Users Foil Virus (Don Clark via PGN) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri, 10 Apr 92 10:07:08 PDT From: "Peter G. Neumann" Subject: New California lottery game delayed by program flaw The new `Daily 3' numbers game slated to begin today in California was postponed at the last moment by state officials concerned that the game might have been unfair. The problem was discovered only on Wednesday (8 Apr 1992), and diagnosed the following day. The final test indicated that the quick-pick pseudorandom number generating algorithm was biased. After a quick-fix programming change, the game is now scheduled to start next Monday. [Source: San Francisco Chronicle, 10 Apr 1992, p.A21] [I suppose this will inspire a new research area -- Byzantine Pseudorandom Number Generators, in which 3n+1 PNGs are required to guarantee correct behavior in spite of n malicious or arbitrarily malfunctioning PNGs. I heard on 1 Apr 1992 that Les Lamport has been asked to apply to the State of California for a research grant on this topic. But he was skiing (or Byzantining?) in Nevada. PNG -- oops, I mean PGN] ------------------------------ Date: Fri, 10 Apr 92 13:35:50 PDT From: "Peter G. Neumann" Subject: High Marks & Spencer -- it's-pence'r-pounds Marks & Spencer is looking for the cause of an embarrassing glitch in systems at its shop in Paris which led to customers being massively overcharged. The retailer's Visa credit card transaction system added two zeros to 300 customer's bills so that a 1 pound pork pie cost 100 pounds. Marks' barcode and receipt printing systems were not faulty. [Source: a clipping from Computing, 21 Nov 1991, contributed by Dorothy R. Graham of Grove Consultants, Cheshire, UK.] ------------------------------ Date: Fri, 10 Apr 92 14:01:26 PDT From: "Peter G. Neumann" Subject: London Ambulance Service computer system problems London Ambulance Service continues to have software problems with its emergency dispatch system. The new 1.1M-puond system (being developed by Datatrak and Systems Options, with Apricot hardware) crashed on its first training session. Last year, an earlier system failed two major tests, and was scuttled; the Service sued the vendor (BT subsidiary IAL) and subcontractor (CGS). That system had costs escalate from 2.5M pounds to 7.5M pounds, and was supposed to have been ready in the summer of 1990. Another system for south London's nonemergency calls crashed in its first week, in April 1991. [Source: An article by Jason Hobby in the Computer Weekly, 5 Dec 1991] On 7 Feb 1992, an operator inadvertently switched off a screen, losing four emergency calls. On one occasion, the details of a call were lost; the caller called again half an hour later and was told that the details had been lost (by the computer), and an ambulance was dispatched. The patient later died, although ``it is not proven that there was any link between the delay and the death.'' [Source: An article by Jason Hobby in the Computer Weekly, 20 Feb 1992] [Both articles were contributed to RISKS by Dorothy R. Graham, Cheshire, UK] ------------------------------ Date: Fri, 10 Apr 92 14:08:05 PDT From: "Peter G. Neumann" Subject: Women's lives imperiled by medical software The National Audit Office has issued a report blaming ``unreliable computer data'' for failing to identify high-risk groups of women being screened for cervical and breast cancer, which reduces the chances of successful scanning, and so contributes to the deaths of 15,000 women in England each year. The software is developed by Family Practitioner Services in Exeter. The report is now up for review by a Parliament select committee. [Source: Article by David Evans, Computer Weekly, 20 Feb 1992, contributed by Dorothy R. Graham, Cheshire, UK] ------------------------------ Date: Fri, 10 Apr 92 10:02:40 PDT From: "Peter G. Neumann" Subject: Computer "error" blamed for murder? Drug Offender Faces Murder Rap PATERSON, N.J. (AP) A drug offender under house arrest killed another man after a computer error enabled him to break his electronic anklet and leave the house, authorities say. Tony Palmer, a 21-year-old who had been serving a three-year sentence, was charged with fatally shooting Vernon Major, 19, last week. The electronic surveillance system sets off an alarm if the prisoner moves more than 150 feet from a transmitter or breaks the bracelet or anklet. The alarm sounded and a printer in Trenton placed an asterisk by Palmer's name, but the information was not transmitted to a computer monitored by parole officers, Corrections Department spokesman Jim Stabile said Wednesday. The printout also is checked, but 700 names move constantly on that line, Stabile said. ------------------------------ Date: Fri, 10 Apr 92 16:59 GMT From: Sanford Sherizen <0003965782@mcimail.com> Subject: U.S. Justice Dept.'s Alien Deportation Notification File Prototype Inaccurate The Department of Justice's Central Address File, which will be used to record and preserve the names and addresses of aliens and their representatives in deportation proceedings, was reviewed by the General Accounting Office. The File is not yet fully implemented but initial reviews indicate problems. The General Accounting Office report (Jan. 23), covering a review of only four field offices, estimates that 22 percent of the records of the names and address of aliens involved in deportation proceedings were inaccurate. GAO believes that for ALL offices, some 12 percent of aliens may not be able to be notified about their deportation hearings due to inaccurate names and addresses under this system. The Justice Department indicates plans to revise its current procedures. However, it isn't clear how they are going to achieve 100 percent accuracy in notification, which is essential when a deportation matter is at stake. Not appearing at a hearing can mean that individuals will lose their rights under the law, since it can and will be assumed that they were notified as required by law and/or did not let the authorities know when they moved. Recently, the U.S. has drastically (and often unfairly) restricted appeals and other protections in many deportation and political asylum cases. The result has been shameful incidents, including the deportation of Haitians who are now being threatened upon return to their country of origin. Data entry problems will simply reinforce those governmental decisions, resulting in automatic deportation orders when persons do not show up for their hearings. Reliance upon the computer as an essential part of this critical process *without other forms of notification and review of agency procedures to ensure appropriate protection of applicants* will cause great problems. Sanford Sherizen, Data Security Systems, Inc., Natick, MASS ------------------------------ Date: 9 Apr 92 13:41:23 EDT (Thu) From: tneff@bfmny0.bfm.com (Tom Neff) Subject: Re: Killer Asteroids, Detect/Deflect For once, the New York Times had something intelligent to say on this matter in its lead editorial the other day. If astronomers are really convinced that the Earth-crossing asteroid impact threat is serious, would they be willing to take observing time away from other programs on *existing* instruments and devote it to the search? Oh, well maybe it's not THAT serious! :-) (The NYT stylebook forbids smilies, but if they ever used one, it would have been right there.) If the asteroid search is less important than anything telescopes are being used for now, the taxpayers might be forgiven for suspecting that this proposal has more to do with creating work and facilities for folks who've chosen to build their careers around space based interception issues than it does with a sensible and properly prioritized approach to protecting the planet. The RISK here is our old favorite: institutional and career imperatives are capable of improperly driving public policy unless we keep a watchful eye out. Most people trust "astronomers" and "scientists" to tell us what is really important in that mysterious realm out there. When they trot out diagrams and photos, we naturally tend to accept their conclusions. But it ain't necessarily so. (I am not saying anything is fundamentally wrong with the process, though, since public inquiry like this very discussion tends to weed out errors.) ------------------------------ Date: Fri, 10 Apr 92 13:53:24 PDT From: Leslie DeGroff Subject: Astroidal risks, minor core A minor correction might be in order on the posting about the problems and risks of "monitoring for astroidal risks". The (widely believed) event of 65 million years ago was probably the last "stream clean most of the planet" size event, actual estimates of large (nuclear explosive level) collisions are for much smaller time scales such as a few thousand years apart for megaton size to once per million years for objects capable of devestating medium sized countries. Still hypothetical but with some evidence is that a medium sized sea strike triggered or contributed to ice age. There are a couple of examples of visible "smallish hits" in last few thousand years such as "Arizona's Meteor" crater. Of significance (and I am sure done a disservic by the media) it that one of the Nasa's proposals is simply to find and track these smaller but not harmless objects which are also of a scale that would be currenly feasible to deflect. I don't recall the exact numbers but the explosive power of a meteorite (because of velocities range) range through equivalence in mass to power of high explosives.... as such a small objects of nickle iron are equivalent to lower nuclear range. A 20 meter chunk could be Hiroshima scale, a 100 meter chunk, megaton scale!!!! Les DeGroff (degroff@intellicorp.com) ------------------------------ Date: Fri, 10 Apr 92 11:31:36 -0700 From: Mark Seecof Subject: FBI phone taps (Kantor, RISKS-13.32) Like Brian Kantor (yo, dude) I'd be surprised to hear that there are many phones which can't be tapped at the end office switch. From reading the Sessions piece and other accounts I think what the FBI really wants is to place taps from their office in Washington (or perhaps from say, Colorado, to save on toll charges) so that they won't have to spend the staff effort to actually visit a CO. Instead, they'll just type a few keys and have the datastreams associated with calls from or to certain numbers duplicated and copied to their equipment. This capability will save them money and effort, reduce the chance that targets will learn about taps by suborning telco personnel, enable them to place many more taps, and just maybe increase the incidence of unlawful (warrantless) tapping. Of course, I am surprised that Sessions thinks the American people will want to pay higher phone bills in order to help the FBI tap their phones. Mark Seecof ------------------------------ Date: Fri, 10 Apr 92 11:42:30 +0100 From: Conrad Hughes Subject: Data compression & American cryptographic export policy Could use of "non-standard" or uncommon compression techniques to facilitate high-speed data transmission also be undesireable for the NSA/FBI? Use of experimental/modified "coding" of data for purposes of compression could make data just as inaccessible as if it were encrypted for purposes of security.. Should we expect laws against use of non-standard data compression to succeed laws against data encryption? On top of the patent problems related to data compression techniques, could this provide a killing blow for non-corporate research into coding/modelling? (I may have used "compression" & "coding" in a slightly more interchangeable way than experts in the field would like - do not hesitate to correct me, but please accept my apologies in advance..) Smail: Conrad Hughes, 42 Temple Road, Dublin 6, Ireland Email: chughes@maths.tcd.ie Voice: +353-1-976143 ------------------------------ Date: 9 Apr 92 22:46:35 GMT From: Dik.Winter@cwi.nl (Dik T. Winter) Subject: Re: Cryptography used by Terrorist Organisation > the Guardian reported that all the leaders of the Basque separatist > organisation ETA had been captured in a police raid in France. (ETA is a > terrorist organisation in Basque, Spain which want independence from Spain. A correction here. Basque country consists of three Spanish provinces and two French prefectures. The ETA wants to get all five in a independent country, but they are currently only active in Spain, although they take refuge in France. dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland dik@cwi.nl ------------------------------ Date: Fri, 10 Apr 92 13:22:06 -0500 From: kain@ee.umn.edu (faculty R. Y. Kain) Subject: PBS TV Show Accuracy Seeing the praises for the TV series in RISKS, I must add that while what was shown was well done, I did notice that the one BIG OMISSION in the "conventional" histories of the business was also omitted from the show. That is the pioneering work in Iowa in the 1930s (about 1937) by Atanasoff, a physicist, who built a working machine that did perform calculations using vacuum tubes. I recall that he actually won a patent suit against Univac, which had been claiming patents on the basic idea of programmable (?) electronic computers. So why doesn't he get the credit that is his due? Perhaps he needed a better public relations department! Dick Kain (kain@ee.umn.edu) - EE Dept., University of Minnesota ------------------------------ Date: Fri, 10 Apr 92 18:17:28 EDT From: WGBH-TV (Information Age) Subject: Re: TV Show Accuracy] Out of respect for John V. Atanasoff's efforts with the ABC Computer, "The Machine That Changed the World" has been very careful to avoid the term "first" in speaking of the ENIAC computer. Generally, we refer to it as the first "working" electronic computer. However, the decision NOT to include Atanasoff's computer in the series was made only after a great deal of consideration. There is much debate about Atanasoff's machine -- did it ever really work?; could it be considered a "programmable, digital, computer" as we defined the computer for the purposes of our series?; how does one weigh the pronouncement of a judge against the opinion of the majority of the computer community (including historians) regarding Eckert and Mauchly's place in computer history versus Atanasoff's? Ultimately, we came to the conclusion that the series (with its inevitable time constrictions) can only focus of those machines that influenced further development in the field. With that criteria, we could not justify spending the large amount of time that would have been necessary to tell the Atanasoff story. In addition, some authors claim that Mauchly "stole" the idea from Atanasoff is unproven and without Mauchly to tell his side, we felt that exploration of this part of computer history would only lead to the dead end of inconclusiveness. We understand and appreciate the controversy regarding Atanasoff, but feel that our decision was correct. In the words of Sir Francis Darwin (in 1914): "In science, the credit goes to the man who convinces the world, not to whom the idea first occurs. Producers, "The Machine That Changed the World" [From dave marvit, wgbh@media.mit.edu] -------------------- Date: Thu, 9 Apr 92 18:38:05 EDT From: WGBH-TV (Information Age) Subject: The makers of the PBS series respond (Tompsett, RISKS-13.37) We saw the posting by Brian Tompsett who asks ... > Are we being manipulated by global telecasting > on an Orwellian scale? Who can tell? Not easy is it. I can assure readers of RISKS that there is nothing Orwellian in the multi-versioning of the series. Jon Palfreman (executive producer) responds: BBC programs are about 7 minutes shorter and that is the main difference. There are small differences of emphasis to reflect the interests and knowledge of the different audiences. For example, where there is a British figure who is well known he is mentioned (i.e. Sir Clive Sinclair Subject: Computer Users Foil Virus [Augments Slade, RISKS-13.27, for archives] By Don Clark, c.1992, San Francisco Chronicle, 7 March 1992 Michelangelo claimed relatively few victims Friday, leaving experts to debate whether news media over-hyped the computer virus or performed a useful service by warning the public to take precautions. The virus apparently destroyed data in a few thousand personal computers around the world, far short of expectations. Researchers had estimated that the destructive software program had spread to anywhere from 100,000 to 5 million computers out of about 80 million IBM-compatible machines worldwide. Most large businesses and institutions heeded the headlines and used special software to inspect and clean their personal computers before Michelangelo's birthday March 6, when the virus was set to go off. But some individuals and small businesses did not and came to regret it. One of them was Bill Permar, a Sausalito accountant who turned on his computer to find that Michelangelo had destroyed the contents of two large disk drives containing his clients' tax data and other records. Although he had backup copies of that data, he was still struggling with his computer late Friday. ``I thought it was a lot of media hype,'' Permar lamented. Michelangelo, written by an unknown prankster last year, caught the public imagination for several reasons. The program is among the most destructive of the more than 1,000 viruses in existence; when activated, the virus writes random characters over data on a personal computer's hard disk, making recovery almost impossible without backup copies of files. The program spreads through the exchange of floppy disks. The widespread publicity over the March 6 deadline led to a drawn-out countdown on television, radio and in newspapers. Some computer professionals think Michelangelo did a good deed by making millions of people aware of the danger of viruses. The state of California, for example, spent most of this week checking its thousands of personal computers for Michelangelo. Only one infection of that virus was found, but the check turned up other viruses on numerous machines. On the other hand, some said the coverage may have unduly caused public hysteria and could inspire other pranksters to develop destructive programs. ``I'm sure there are a dozen kids right now saying, `I bet I can top that,''' said Joseph Pujals, the state's information security manager. Michelangelo's typical victims include New Salem Baptist Church in Kennesaw, Ga.; Vigil Printing, a small firm in Chicago; and Save the Whales, the Venice (Los Angeles County) nonprofit group. Save the Whales lost its membership list, correspondence and a newsletter that was about to be printed. Patricia Hoffman, a Santa Clara virus expert, said she had confirmed reports of 125 small U.S. businesses affected. American Telephone & Telegraph Co. confirmed that Michelangelo hit four of its 250,000 computers nationwide. Other countries were hit harder. Some 750 to 1,130 personal computers in South Africa reportedly were plagued by Michelangelo because of the widespread use of a bootleg version of the operating system used on IBM and compatible machines. Forty-eight companies or institutions were hit in Australia, 25 in Hungary, 10 in China and eight in Japan, Hoffman said. Many victims were loath to admit that they did not take action, a possible factor in the low number of Michelangelo victims reported. ``They were warned,'' said Martin Tibor, a San Rafael data-recovery expert. ``If they got hit, it will be arrogance or stupidity.'' One Bay Area public school with up to 20 stricken computers called Tibor but would not let its name be used, he said. Some experts hope that Michelangelo will hasten the development of modified operating software that make it harder for viruses to be created and transmitted. ``Some folks are working on it,'' said Peter Neumann, principal scientist in the computer-security group at SRI International in Menlo Park. ``We need something on the order of a Chernobyl before people will wake up.'' There is little doubt that the virus hype was great advertising for companies that specialize in selling virus-detection software. Symantec Corp., based in Cupertino, said it gave away 250,000 copies of a free program tailored to get rid of Michelangelo. Friday, Symantec was logging about 33 Michelangelo-related calls per hour, with about 5 percent of those people claiming that their data was destroyed. Another controversial topic is the effectiveness of anti-virus software. Some people claimed such programs did not work. ``There are a lot of really ticked off people,'' said John McAfee, a noted virus expert who runs a Santa Clara firm that sells anti-virus software. ``I think we're going to see some massive fallout in the anti-virus community.'' Manufacturers of anti-virus programs blamed the problem on the fact that customers failed to buy updated versions of the software that included protection against Michelangelo. McAfee was criticized by some observers for suggesting that millions of computers had been infected. Friday, he estimated that 10,000 computers lost data worldwide. ------------------------------ End of RISKS-FORUM Digest 13.38 ************************