Subject: RISKS DIGEST 13.66 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Saturday 18 July 1992 Volume 13 : Issue 66 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Qantas airliner challenged by US Pacific fleet (Anthony Naggs) Residual Gulf war battle plans provide evidence of stolen computers (PGN) U.S. encryption export control policy softens somewhat (PGN) 911 call lands caller in jail (Mel Beckman) Re: Nuclear reactor control (Bill Park) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. If you cannot read RISKS on-line, try FAX! For fax info, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Thu, 16 Jul 92 0:35 BST From: Anthony Naggs Subject: Qantas airliner challenged by US Pacific fleet [I'm not sure about the degree of computer influence here, but I thought it would fit with the discussion here about the Vincennes attack on the Iranian airliner. The following item appeared on page 11 (International News) of the British national newspaper The Guardian, on Wednesday July 15 1992, attributed to Reuters in Canberra.] QANTAS AIRLINER THREATENED BY US NAVY WARSHIP A US warship threatened yesterday to shoot down an Australian airliner with more than 300 passengers over the Pacific. The pilot of Qantas flight QF12, an hour out of Los Angeles on its way to Sydney, was jolted by a call from the warship saying he faced "hostile action" if the aircraft did not leave the area, a Qantas spokesman said. The US Navy's Pacific Fleet in Pearl Harbour later identified the ship as the USS Cowpens, the same class of Aegis missile cruiser as the USS Vincennes which shot down an Iranian civilian airliner in the Gulf in July 1988, killing 290 people. The Qantas pilot radioed the Federal Aviation Authority in Los Angeles which put him on a frequency to the warship. [Why was this necessary?] The FAA resolved the crisis by putting the Qantas flight on a path bypassing the Cowpens which was taking part in a military exercise. Elly Brekke, a spokeswoman for the FAA in Los Angeles, confirmed that the airliner, following its predetermined flight path, was told it risked risked facing hostile action. Ms Brekke said the Qantas flight was "where it should have been", and the FAA had not been told that the US Navy was conducting manoeuvres that would require any restriction of airspace. The Pacific Fleet spokesman said the Cowpens had inadvertently [!] used "an international distress frequency" in trying to contact planes taking part in the exercise. "We're looking into how it happened", Commander Jim Kudla said. He also said the exercise commander had taken measures to ensure the incident would not happen again. [How do you prevent something from recurring if you don't know how it happened before?] Anthony Naggs, PO Box 1080, Peacehaven BN10 8PZ, Great Britain E-mail: amn@vms.brighton.ac.uk +44 273 589701 (vox) ------------------------------ Date: Sat, 18 Jul 92 15:52:23 PDT From: "Peter G. Neumann" Subject: Residual Gulf war battle plans provide evidence of stolen computers About $70,000 worth of computers used in the Persian Gulf operations turned up for sale in Ventura County, CA. An unidentified computer hobbyist reported observing `Welcome to Saudi Arabia' on the screen of one computer, along with a map and locations of unit deployments. He reported it to the Crime Stoppers hotline. Subsequent Army investigators have now led to the conviction of a serviceman for multiple counts of larceny and wrongful disposition of government property. [There was some residual military information in some of the computers, although no indication was given as to whether any of it was sensitive.] [Los Angeles Daily News item, in San Francisco Chronicle, 17 July 1992, p.E6] ------------------------------ Date: Sat, 18 Jul 92 16:05:01 PDT From: "Peter G. Neumann" Subject: U.S. encryption export control policy softens somewhat The Bush administration has agreed to ease export controls on encryption-based software somewhat. In the battle between NSA's desires to be able to intercept international communications and software vendors' desires to be able to compete in international markets, this decision transfers control of encryption software to the Commerce Department (from the State Department). Evidently, systems that work with up to 40-digit RSA keys will now be eligible for export, although one can already buy much better stuff on the streets of in Europe -- for example, Cryptos, which uses both DES and RSA, is available in Moscow! In addition, the administration will now meet with industry representatives up to twice a year. [Source: Don Clark, San Francisco Chronicle, 18 July 1992, p.B1] ------------------------------ Date: Sat, 18 Jul 92 11:47:06 PST From: mbeckman@mbeckman.mbeckman.com (Mel Beckman) Subject: 911 call lands caller in jail In this morning's Ventura County Star/Free Press newspaper (Sat 92jul17) appears an article headlined "Woman calls for help, lands in jail." Here is my own summary of their story (cross-posted to comp.society.privacy): Oxnard, CA resident Helene Golemon called 911 to report (twice) a loud teenage street party in the wee hours. Later, at 6:00am, an officer arrived and arrested her on a (subsequently learned-to-be) erroneous misdemeanor traffic warrant. Golemon expressed outrage at the 911 records check, and that the warrant even existed at all. "Those kids were out there drinking and driving drunk. Nothing happened to them and I got arrested." After booking, including fingerprints and mug shots, she was detained in a holding cell until her husband posted $188 bond later that morning. Assistant police chief William Cady claimed that dispatchers often check available records, even on a reporting person, to know as much as possible about the people involved when responding to 911 calls. "Procedurally, our people did nothing wrong" he said. The arrest warrant, dated from an illegal left turn from May, 1988. Golemon fought the ticket and lost, then attended state-sponsored driver's education (a CA alternative to fines available for first-time offenders) in August 1988. The court has a copy of Golemon's driver education certificate on file, and Linda Finn, deputy executive officer for Ventura County Superior and Municipal Courts, couldn't explain why a warrant was later issued in 1989. Golemon was never notified of the warrant. Goleman felt the incident was vindictive, because the dispatcher was annoyed with her. "When I tried to explain the continuing problems we're having, she was very short with me," she said. Golemon then asked for the dispatchers name, and the dispatcher in turn demanded Golemon's full name. After Golemon complied, the dispatcher only told Golemon her badge number. The dispatcher remains unidentified in the news report, and an Oxnard police sergeant who reviewed the tape said the dispatcher was "absolutely professional." The privacy and computer risk concerns here seems to me three fold. First, the police often act with inappropriate gravity on erroneous, and apparently unverifiable, data. Under what circumstances does a misdemeanor warrant demand a 6:00am public arrest? Certainly more time could have been expended verifying the data, as an at-large illegal left-turner hardly threatens public safety. Second, apparently innocuous -- even beneficial -- contacts with government can result in record searches for unrelated information. Not only may this result in egregious seizures, as in this case, but such an atmosphere can only stultify public/government relations. Crime and corruption thrive in such an environment. Third, although individuals have the right to know most information the government retains on them (FOIA), that right becomes meaningless if the government can, at any time, decided to integrate facts from disjoint data bases and then act without notice on resulting conclusions. One cannot submit an FOI request on the union of multiple far-flung data sets! Mel Beckman, Beckman Software Engineering, 1201 Nilgai Place, Ventura, CA 93003 Compuserve: 75226,2257 805/647-1641 mbeckman@mbeckman.com ------------------------------ Date: Fri, 17 Jul 92 18:33:40 PDT From: park@netcom.com (Bill Park) Subject: Re: Nuclear reactor control (Re: RISKS-13.65) > "Magnetic core systems, supplied by GEC, have been used for years in UK ... I think rather that "magnetic core systems" probably refers to a early type of electrical signal amplification device -- the magnetic core amplifier or MCA. They have been used since at least the 1950s in the highly-critical control systems of U.S. nuclear submarines, and, I suppose, in nuclear power plants as well. They are little-known and somewhat "old-fashioned" devices now, much like fluidic devices -- remember them? Much faster, smaller, lighter, more efficient and less expensive semiconductor devices are widely available these days that are reliable enough for many critical uses. An MCA is super-reliable because it is simple: just two coils of wire on an iron core, like a transformer. The ancient Romans could have made one. It has no moving parts, no connections that open and close sputtering arcs of metal vapor as do relays, and no semiconductors to fail when their part per billion impurities finally migrate far enough to cause a short or reduce gain. As long as the insulation on its wires holds up, an MCA can't do anything *but* work correctly. Don't make smoke come out of it and it'll literally last forever. Simplified Theory of MCA Operation: One of the coils in an MCA has many turns, is driven with direct current (DC), and is the input, or controlling coil. The other, output coil has relatively few turns, and is placed in series with an alternating-current (AC) load to be controlled, such as an AC motor. With no current through the controlling coil, a rapidly-varying magnetic field produced by the iron core induces a "bucking" voltage in the output coil that that opposes any current that tries to flow through the load, turning it "off." To turn on the load, put a relatively weak DC current through the controlling coil. This drives the magnetization of the iron so far in one direction that it "saturates" (all magnetic domains are aligned in the same direction and the iron is fully magnetized). Although the magnetic field in the iron is still very strong, it is now constant instead of varying, so it no longer induces any bucking voltage, and current can flow almost unimpeded through the load, turning it "on." The larger number of turns in the input coil allows a small current through it to overcome any demagnetizing forces produced by the load current flowing through the output coil. By combining MCAs with solid-state rectifiers (though not necessarily semiconductor ones -- the Romans could have made them, too), and by wiring them in cascade, large amplifications are possible. MCAs can also exert proportional control over the power to a load. Bridge circuits enable bidirectional control. Individual MCAs in a control system may be very reliable, but that does not mean the system will fail safe if one of the MCAs fails. A classic dilemma from robotics is, "Should the robot freeze or go limp if something fails?" If it freezes while it is reaching inside a car body going by on a conveyor belt, the car body will collide with the arm. But if the arm goes limp, it can fall (or sag down) onto something breakable, or drop something heavy. Moral: Look at the whole system. Murphy will. ------------------------------ End of RISKS-FORUM Digest 13.66 ************************