Subject: RISKS DIGEST 13.58 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 15 June 1992 Volume 13 : Issue 58 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: SoundWars: SW Sabotage, Creative Technology vs. Media Vision (PGN) FBI raid on bulletin board (Gary Chapman) NY TIMES MAGAZINE story on defects in personal computer software (Jon Jacky) Computer system refuses large deposit (Richard Frantz Jr.) Delivery Failure in a Paging System (William Griswold) Update on vote-by-telephone disaster in Nova Scotia (Daniel MacKay) Risks of not foreseeing supplement and maintenance funds (Geraldo Xexeo) Re: Follow-up to dead driver (Michael Favor) Re: Where on earth are you? (Scott Traurig) Re: Car computer downloading (Bruce Oneel) Re: Perot computers cracked (Steve Bellovin, Joe Morris) Product risks (Re: Parnas, Girl killed in automatic window) (Bergtor Skulason) Online Symposium: Visions for a Sustainable World Pugwash Conference (Jeffrey Porten) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. If you CANNOT read RISKS on-line, try FAX: for info, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri, 12 Jun 92 10:07:17 PDT From: "Peter G. Neumann" Subject: SoundWars: SW Sabotage, Creative Technology vs. Media Vision Creative Technology makes Sound Blaster, a sound board used by IBM compatibles to create game noises and other sound effects. Media Vision, Inc. develops computer peripherals and also makes a competing Thunder Board, designed to be compatible with software commonly used with Sound Blaster. However, a new release of a developer's software apparently works fine with Sound Blaster, but not with Thunder Board. Media Vision claims Creative Technology inserted a crash code that disables Media Vision's product, and has sued them for restraint of trade, unfair competition, and monopolization. (Media Vision was sued LAST MONTH by Creative Technology for violation of copyrights.) [Source: Article by Pamela Burdman, San Francisco Chronicle, 12 June 1992, p.B1] [Sounds like the Suit-of-the-Month Club. Everyone seems to be joining. By the way, your media vision of RISKS is going to be creatively and technologically sporadic for a while as we observe Summer Slowdown Time. New subscribers should not be surprised if the traffic is light. PGN] ------------------------------ Date: Thu, 11 Jun 92 10:30:37 -0400 From: chapman@silver.lcs.mit.edu (Gary Chapman) Subject: FBI raid on bulletin board Summarized from *The Boston Globe*, June 11, 1992, page 39: The FBI raided the home of a computer bulletin board operator in Millbury, Massachusetts, yesterday, confiscating "several" computers, six modems, and a piece of equipment called "PC Board," which the FBI said was used to run the bulletin board system. The Software Publishers' Association brought the bulletin board to the FBI's attention, claiming that the system, called "Davy Jones' Locker," contained pirated copies of copyrighted software that users were encouraged to download. SPA claimed that there were over 200 different programs on the system, and users who uploaded copies of copyrighted software got free log-on time as a bonus. The alleged operator of the bulletin board, Richard Kenadek, was not arrested. The FBI would not comment on the case. An SPA spokesperson said that the system had nearly 400 subscribers paying $49 for three months or $99 for a year to gain access to downloadable copies of Lotus 1-2-3, Microsoft Word, and other programs. SPA estimated that the system distributed $675,000 worth of software since March of this year. Sanford Sherizen, a computer security specialist in Natick, was quoted as saying, "We're making legal history here," because this case is apparently the first time federal authorities have gone after a bulletin board system for violations of copyright law. The SPA representative said that the organization runs a telephone hotline for reports on bulletin boards offering downloadable copyrighted software, and they get "at least ten calls a day." SPA takes action against about two bulletin boards a week, usually with the threat of a lawsuit. Gary Chapman, Coordinator, The 21st Century Project, Computer Professionals for Social Responsibility, Cambridge, Massachusetts chapman@lcs.mit.edu ------------------------------ Date: Mon, 15 Jun 1992 9:11:47 -0700 (PDT) From: JON@gaffer.radonc.washington.edu (Jon Jacky) Subject: NY TIMES MAGAZINE story on defects in personal computer software This week's Sunday New York Times Magazine has a story by James Gleick, "Chasing bugs in the electronic village," (June 14, 1992, p. 38 ff). It describes users' experiences with the Microsoft Word for Windows product, as reported in a Compuserve forum and at user's group meetings. Gleick reports that, through several successive product versions, the vendor did not fix defects that were reported by many users and claimed the product included features that were incompletely and incorrectly implemented. Gleick also says these problems were not much reported in reviews in the trade magazines, even though they were widely known in the user community. - Jon Jacky, Radiation Oncology RC-08, University of Washington, Seattle 98195 ------------------------------ Date: 14 Jun 92 06:57:14 EDT From: "Richard Frantz Jr." <72570.2264@compuserve.com> Subject: Computer system refuses large deposit A branch bank officer told me that they had to refuse to accept deposit of a check for $200,000 because the software, used by several banks in the area, couldn't handle more than $99,999.99 in the deposit field. She insisted it was a computer error even though I tried to explain it was a specification error. Richard Frantz Jr. ------------------------------ Date: Mon, 15 Jun 92 16:32:19 PDT From: wgg@cs.UCSD.EDU (William Griswold) Subject: Delivery Failure in a Paging System I have a friend who is a clinical psychologist specializing in crisis counseling. Last weekend one of her patients was in an auto accident and called the counseling center hotline to ask for my friend. The patient's record indicated that her behavior could be self-destructive under stress. Following clinic procedure, the clinic (1) paged my friend. After a 10 minute wait for a call back they (2) paged her again. After another 10 minutes they (3) called her home, reaching her immediately. Her pager had been on and the batteries were fine, but it had not received the page. Anyway, my friend immediately called the patient to discover that she had taken a large dose of pills perhaps 30 minutes earlier. An ambulance was called and the woman was (barely) saved. My friend's reaction to this failure was to update the patient's record specifying special handling procedures in the case of a crisis call. She rather blithely accepted the paging system failure and said that it happens all the time: phantom pages, missed pages, etc. Some of these are due to keying errors by the caller, others are due to environmental conditions blocking the radio signal. This incident is likely neither; two pages were made and my friend has never missed a page at home before. Here are my questions: 1) What are the failure modes of pager systems? For example: Can the system detect that a page is not getting through? What range of causes are there for a failed page? Can the person initiating the page be notified of failure? 2) What responsibilities does a paging service have to inform its users of failures as soon as it can detect them? What responsibility does it have to inform its users of recent failure rates? BTW, The location of this incident was not in a metropolitan area. This means, apparently, that this paging service has a monopoly. Bill Griswold, University of California, San Diego Dept. of Computer Science and Engr. wgg@cs.ucsd.edu ------------------------------ Date: Mon, 15 Jun 92 10:27:45 ADT From: daniel@nstn.ns.ca (Daniel MacKay) Subject: Update on vote-by-telephone disaster in Nova Scotia (RISKS-13.56) This is a follow-up on the huge local vote-by-phone fiasco. In RISKS-13.56 I wrote about the vote-by-phone system contracted from the telco by the Liberal Party for their leadership convention, following Murphy's Law. On June 8th, the telco held meetings with the Liberal Party, and with the media. As always, there's a little second guessing to do about what the press releases mean. Here's what they *say*: - The system was composted of two software packages which had never been tested together at high call volume. ``All I can say, is it never occurred to anybody in my staff, and it never occurred to me.'' said Colin Lantham, the vice-president of business services for Maritime Tel and Tel. - The first part of the system [presumably the touchtone answering /selection system] was capable of handling 78,000 calls an hour. - The second part of the system, "set up to receive the caller's 8-digit PIN" proved much slower. [I'd guess that this was the interface to the databases that kept track of votes and who had voted. -dm] The *first* part of the system had a dead-session detection function, to keep people from tying up phone lines. However, when the second part of the system started to slow down [transactions queued up? -dm] the first module hung up before the second part issued an acknowledgement. Also, the telco says when voting was restarted, ``some rogue information stayed in the system, causing some voters to be rejected.'' [They didn't reset the who-had-voted list, perhaps? -dm]. On the day of the fiasco, the telco initially blamed the problem on a missing line of code in the software, but they say now that that was a mistake. The problem of people being able to vote twice hasn't been mentioned. The telco says the Liberal Party won't be charged for the services rendered on Saturday. [Like the power utility burning down your house with a million volts by accident, and saying ``Don't worry, you won't be billed for the electricity.'' -dm] 150 telco employees were recruited to test the system, [compared to 8000 voters in the real system! -dm] on Thursday the 11th, and it apparently worked. The telco reduced the number of incoming lines to cut down on system load. The Liberal Party has decided to have another go at the vote-by-telephone system in a few days, but there won't be another convention. The telco will be posting a 350,000$Cdn performance bond on the system, and there will be a paper-ballot backup system on hand. Sme candidates have asked the telco for partial reimbursements of their campain costs on the basis that disclosure of the numbers (leaked via the kid with the scanner listening to the cellular conversations) have destroyed their chances of winning. The telco claims that the numbers leaked (numbers of calls recorded to each of the candidate's phone number) bear no relationship to the number of votes that had been collected or would have been collected. Daniel MacKay, NOC Manager, NSTN Operations Centre, Dalhousie University, Halifax, Nova Scotia, Canada 902-494-NSTN daniel@nstn.ns.ca ------------------------------ Date: Thu, 11 Jun 1992 13:58:21 GMT From: xexeo@dxlaa.cern.ch (Geraldo Xexeo) Subject: Risks of not foreseeing supplement and maintenance funds I was very impressed by Mr. Shannon's message of a $150 printer hanging up a $0.5M VAXcluster (RISKS-13.57). Meanwhile, it reminded me a common "hang-up" problem we have in my institution (Federal University of Rio de Janeiro - Brazil). It's reasonably easy for us to get money to buy hardware; actually, we have an ever-growing Sun and IBM-PC network. But, it is difficult to get money to buy supplements. This means that we are usually working under bad conditions, because of: 1. lack of paper or toner for our printers 2. lack of tapes to do backup 3. lack of maintenance contracts, due to lack of funds, etc... It can be a third-world problem, but it is really a risk to invest in an expensive system if you cannot afford its maintenance. It can happen that the cheapest choice turns to be just wasted money. Geraldo Xexeo, CERN - PPE Division, 1211 Geneve 23, Switzerland xexeo@dxlaa.cern.ch gxexeo@cernvm.bitnet FAX: (41) (22) 785 - 0207 ------------------------------ Date: Wed, 10 Jun 92 19:40:08 pdt From: Michael Favor Subject: Re: Follow-up to dead driver (Berman, RISKS-13.57) How can Howard Yerusalim, State Secretary of Transportation, miss the point so completely while claiming to offer us the "rest of the story"? He accepts the fact that an anonymous driver was killed in a car accident while in possesion of Mr. Smith's stolen driver's license, yet completely ignores Mr. Smith's claim that the anonymous driver was also responsible for the traffic violations which caused the license to be suspensed. I am not comforted by Mr. Yerusalim claims that State Law prohibits him from from disclosing details of an individual's driving record, when he then accuses Mr. Smith of vague and sweeping "disregard for state traffic safety laws" in a public newspaper. If Mr. Smith is cleared by the police investigation, will he sue the state for lost wages, related damages, and slander? It might help motivate Pennsylvania to correct the situation. Perhaps some RISKS readers know what procedures are used by other state transportation departments to prevent similar situations, or could this happen to you? Michael Favor, favor@csuchico.edu ------------------------------ Date: Thu, 11 Jun 92 08:54:24 EDT From: Scott Traurig Subject: Re: Where on earth are you? (Richard Murnane, RISKS-13.57) > I'm very suprised that the Coast Guard could have been caught out by this: It > suggests that the "decimal minutes" representation is non-intuitive, or at > least counter to the way most "non-mariner" people (e.g. the radio amateurs > providing voice relays) have been educated to read geographical coordinates. > (Or, perhaps, there are two different readout systems currently in use?) Having raced "the big boats" for 9 years or so now, primarily as navigator, I may be able to supply a little background information here. With the advent of reliable and relatively inexpensive Loran navigational equipment, decimal minutes has become a very popular "readout system" for displaying position. Most, if not all, units allow the user to select either degrees-minutes- seconds or degrees-minutes-decimal minutes for display. Most users opt for the decimal minutes display. It is usually easier to plot to the nearest tenth of a minute, it is usually sufficient accuracy (approx. 200 yards - depends on latitude), and Loran isn't much more accurate than that for absolute position anyway. I do because all of my racing marks have been measured and listed in this manner by the local racing association, probably because of the above reasons. GPS units provide increased accuracy, of course, but 200 yards is usually plenty close most of the time. It is not unusual for a powerboat with a Loran or GPS coupled autopilot to collide with the buoy selected as a waypoint by an inattentive skipper. I am also surprised that the Coast Guard couldn't figure it out. At the very least, the previous day's position would make it obvious, and the leading zero would make me suspicious. Scott (traurig@ncavax.decnet.lockheed.com) ------------------------------ Date: Thu, 11 Jun 92 11:09:07 EDT From: oneel@arupa.gsfc.nasa.gov (Bruce Oneel) Subject: Re: Car computer downloading (Sidebotham, RISKS-13.57) >As a sidenote, when you check in for Saturn service, your car's history is also >uploaded to Saturn HQ. Every engine stall, my salesman told me, is recorded, as >is the entire service history for each vehicle. Hmm, how 'bout every engine overspeed (or overrev)? Or, since I suspect the engine knows what gear the transmission is in, how 'bout %time over 65mph? I can see it now. "I'm sorry, Mr Foo, but we show that you drive this car outside of it's limits. We can't do any warranty sevice because of this" When engine computers were newer, I read in Car and Driver that Cadillac's new engine computer would record overspeeds. The person they were talking to implied that this might be used later if you reported engine problems. Bruce O'Neel, NASA/GSFC/STX/Code 664 oneel@heasfs.gsfc.nasa.gov ------------------------------ Date: Wed, 10 Jun 92 20:31:32 EDT From: smb@ulysses.att.com (Steve Bellovin) Subject: Re: Perot computers cracked There were actually several reassuring things about the Perot incident, especially as per the full AP story. First, of course, they did have backups. Not only that, the backups were stored off-site. Second, the spokesperson said that they didn't store sensitive information on that machine, because too many people had access to it. Finally, he implied that the level of computer security wasn't that high, precisely because anyone, from anyone else's campaign, could have walked in off the street and achieved a position of trust. In other words, don't worry about your technical security measures if your other protections, including personnel screening, don't match up. Security is as strong as the weakest link, not the strongest. --Steve Bellovin ------------------------------ Date: Thu, 11 Jun 92 11:19:21 -0400 From: Joe Morris Subject: Re: Perot Computers Hacked (Hunter, RISKS 13.57) One of the local radio stations broadcasting the report of this incident noted that the Perot office had been staffed over the weekend with untrained *and unsupervised* volunteers. The broadcast drew no conclusions from this statement, but it strongly suggests that the problem may have the result of an innocent mistake in a poorly organized activity. While it may in fact be somebody's deliberate attempt at sabotage, I'm more inclined at this point to agree with the old adage that one should not ascribe to malice anything which can be explained by simple stupidity. (On the other hand, this *is* a political environment, in which most rules are stood on their heads...) Joe Morris [There was also a related comment from Bill Bauserman, william.d.bauserman@gte.sprint.com] ------------------------------ Date: Mon, 15 Jun 1992 15:13:25 +0200 From: Bergtor Skulason Subject: Product risks (Re: Parnas, Girl killed in automatic car window) In RISK Volume 13 Issue 55, David Parnas writes: > Isn't it just like our technocratic society to react to such an accident, > caused by a completely unnecessary luxury becoming too complex, by making it > even more complex? Wouldn't the simpler solution be to ban automatic windows Integrating new technology into society is never painless. There is constant conflict between pressure for new technology (or new features) and need for stability. New technology causes changes no one can foresee, even less control. There is no easy solution. Public debate involving specialists, interest groups and lay people, and economic pressure on those "responsible" seems to be the least bad way of "controlling" technology. Banning products usually harms the consumer more than protects him. Banning specific products or features can be feasible in clear cut cases, but cases usually are not clear cut. If they are, we usually have a case for product liability not a ban. Value of products can never be stated objectively. Its always relevant to a person or a group. What is useless to some does have value for others. (Very few things, if any, can be shown to have objective value independent of a person or a group). Complex regulations on safety usually lead to more complex products, that are more expensive and more error prone. And worse it releases producers from responsibility, because they can refer to the regulations. There is a conflict between goverment intervention and freedom. To much or too little harms the public, not the producers. Through public debate and by placing (economic) responsibility were its possible, pressure can be built to increase product quality and safety. Under pressure products become simpler and safer, and their price reflects the producers risk of producing, because he can not put that risk anywhere else. Private replies to: B. Skulason, Univ. of Iceland, beggi@rhi.hi.is ------------------------------ Date: 14 Jun 92 04:58:45 GMT From: porten@eniac.seas.upenn.edu (Jeffrey Porten) Subject: Online Symposium: Visions for a Sustainable World Pugwash Conference CALL FOR PARTICIPATION VIA ELECTRONIC MAIL STUDENT PUGWASH USA SEVENTH BIENNIAL CONFERENCE ON SCIENCE, TECHNOLOGY, AND SOCIAL RESPONSIBILITY VISIONS FOR A SUSTAINABLE WORLD Emory University, Atlanta, Georgia June 14-20, 1992 The Student Pugwash USA Biennial Conference assembles ninety students from around the world for a week-long conference to address the impact of science and technology on society. The students will join accomplished men and women from science, government, industry, and academe for an intensive week of discussion and interaction focusing on the following issues: - Environmental Challenges for Developing Countries - Energy Options: Their Social and Environmental Impact - Health Care in Developing Countries - Changing Dynamics of Peace and Global Security - Educating for the Socially Responsible Use of Technology - Ethics and the Use of Genetic Information We are inviting all members of the e-mail community to take part in an online symposium discussing the topics at the conference. Each day, a summary of the plenary and working group discussions will be mailed out as soon as possible following their completion. Participants in the online symposium are invited to send back their replies, commenting on what you receive. Copies will be redistributed back through electronic mail, and printed and used at the conference. Of course, you're welcome to sign up for the mailings even if you won't have the time to participate. If you are interested in participating, send e-mail to porten@eniac.seas.upenn.edu. You will be sent more information about Student Pugwash USA, and will receive all conference summaries. Feel free to subscribe anytime during the conference, or even after it's over, as all messages will be archived and can be sent out at any time. Please include in your message your full name; we would also appreciate if you include your current occupation (or student affiliation), and your city, state, and country, but this is optional. You can also call the Student Pugwash electronic bulletin board at 215/898-2019, for more information about Student Pugwash, and to participate in ongoing discussion about the impact of science and technology on society. Feel free to write me, as well, if you have any specific questions. Student Pugwash USA is a non-partisan, non-profit organization with chapters at 35 colleges and high schools across the country. Sister Student/Young Pugwash organizations exist in 20 countries on four continents. For more information, reply to this message at porten@eniac.seas.upenn.edu. More information about the conference follows. For each of the listed topics, student and senior participants form small working groups in which they will meet every morning throughout the conference week to discuss areas of mutual interest and expertise. These intensive discussions offer an invaluable opportunity for students to explore the ethical and value questions posed by advances in science and technology with forward-thinking professionals. Senior Participants will be present from the U.S. Congress, National Institutes of Health, National Academy of Sciences, Carter Center, Centers for Disease Control, Brookings Institution, Emory University, and many other prominent institutions. Several special events will also be held, including a day at the Carter Presidential Center in Atlanta and an interactive, multi-media World Game Workshop. The separate working group meetings are complemented by afternoon and evening plenary sessions for the full conference. Plenaries will address issues which cut across disciplinary boundaries such as ethical conduct in scientific research, race and gender in science, technology and global responsibility, and religion and science. Student Pugwash USA is committed to representing a broad spectrum of political,international, and disciplinary perspectives. Previous conferences have attracted participants from over thirty nations. We are striving for even greater international, intergenerational, and interdisciplinary representation at the 1992 conference. Jeff Porten, Annenberg School for Communication, UPenn Graduate Group in American Civilization, UPenn ------------------------------ End of RISKS-FORUM Digest 13.58 ************************