Subject: RISKS DIGEST 13.67 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Wednesday 22 July 1992 Volume 13 : Issue 67 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: More identical name confusion (plus Scientific American item) (Mark Bergman) A computer as a criminal tool (Peter D. Junger) American Airlines software development woes (Randall Neff) RISKS of Antilock Braking Systems (David Palmer) RISKS of BBS ownership (David R. Cohen via Scott Bailey) The role of expertise in technological advances (Bertrand Meyer) Telephone wiretapping (E. Kristiansen) Bellcore threatens 2600 with lawsuit over BLV article (Emmanuel Goldstein) Re: Export of 40-Digit RSA (Dorothy Denning) Re: Qantas airliner challenged by US Pacific fleet (Leonard Erickson) Re: Nuclear reactor control (Rusty Teasdale) Re: Airbus -- Countering Urban Myths (Bjorn Freeman-Benson) AVIATION restructuring in progress (Robert Dorsett) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Wed, 22 Jul 92 1:03:51 EDT From: bergman@panix.com (Mark Bergman) Subject: More identical name confusion (plus Scientific American article) Here is another story from the AP wires about health service computers and name collisions. (There is also an article in this month's Scientific American, "Achieving Electronic Privacy," by David Chaum, about encryption and smart card transactions to ensure privacy _and_ verify each side to the transaction.) I don't feel qualified to comment, but I'd like to hear other people's thoughts. Mark Bergman 718-855-9148 {cmcl2,psi,uunet,apple}!panix!bergman Computer Confuses Babies With Same Name, Denies Benefits to One PENSACOLA, Fla. (AP) - A Pensacola woman says her 5-month-old daughter cannot get state social service benefits because a computer has her child confused with a St. Petersburg baby with the same name. The children, both named Samantha Marie Morris, were born only eight days apart but are linked by a maze of computer glitches haunting the Florida Department of Health and Rehabilitative Services. The Pensacola baby isn't getting food stamps or Medicaid benefits, her mother, Tina Morris, said Monday. "If my daughter had an emergency, got sick or something, some places might take it, but they wouldn't pay for it," she said. "I've been real lucky. She hasn't been sick." The HRS' balky new $104.2 million computer thinks she is the St. Petersburg Samantha, eligible for the same benefits and listed with the same Social Security number, the Pensacola mother said. HRS District Administrator Chelly Schembera said she was unfamiliar with the case. She said the computer problems that have been affecting the agency across the state exceeded normal start-up glitches for a new system. Ms. Morris said she spent two days at the local HRS office trying to clear up her daughter's problem without success and that her case worker has been trying since April. The computer problems have caused Ms. Morris and other HRS clients to wait in long lines. She said she waited 20 minutes outside under a hot sun to get food stamps last week for the rest of her family and once in the building was told it would take another hour. Schembera said the agency is considering lemonade stands, extra chairs, awnings, baby changing tables and play rooms to help clients bear the long waits. One man already has capitalized by setting up a snack stand outside an HRS building in Pensacola, accepting food stamps as payment. "This guy could be fairly wealthy by the time the crisis is over," Schembera said. ------------------------------ Date: Tue, 21 Jul 1992 22:19:05 GMT From: Junger@samsara.law.cwru.edu (Peter D. Junger) Subject: A computer as a criminal tool In the Cleveland Plain Dealer for July 21, 1992 a story appears with a headline nearly worthy of the National Enquirer. The headline is: POLICE PULL PLUG ON COMPUTER IN MORALS STING The byline is: By DEBORAH A. WINSTON, PLAIN DEALER REPORTER The venue is: MUNROE FALLS [I've lived in Cleveland for over twenty years and have never heard of Munroe Falls--that's how small it is. It turns out that it is in Summit County, Ohio, near Akron.] The story suggests that there is an especial risk to having computers in a very small, Midwestern town. According to the story, the Munroe Falls police received a complaint that a local electronic bulletin board "containing sexually explicit material might be accessible to children." So the police set up a sting operation, using a local 15 year-old boy as their agent. The story goes on to say: "After the youth was able to hook into the bulletin board, police arrested Mark Lehrer, 22, owner and operator of Akron Anomaly, a 1,000 member bulletin board." And the police also seized all of Lehrer's computer--apparently on the ground that it was "criminal tools." [From talking to the reporter and Lehrer's lawyer, I found out that Lehrer was indicted today "of disseminating matter harmful to juveniles and possession of criminal tools," with the criminal tools being the computer.] It seems that Lehrer's bulletin board included some gif files containing pictures of James Bond and Captain Kirk and subjects like that, which could be downloaded by subscribers. There were also some gif files that were supposed to be accessible only by adults over the age of 18. The article reports, however, that: "when police seized Lehrer's records they found that even the `clean' files contained images that were not entirely wholesome." [Lehrer's attorney told me that these were files that had been uploaded to the bulletin board and had not yet been seen by Lehrer.] The article then quotes the Munroe Falls Police Chief as saying of these "not entirely wholesome files": "One was Bugs Bunny eating a carrot, one was Bart Simpson riding a skateboard and one was called (a slang term for oral sex), and that was in the clean file." There were apparently also some pictures of naked women and of "naked women engaging in sexual acts" that were not in the adult category. According to the article, the Police Chief also said that "it's possible that some of the games and movies are being accessed in violation of copy right laws." And then there is a final direct quote from the Police Chief: "I'm not saying it's obscene because I'm not getting into that battle, but it's certainly not appropriate for kids, especially without parental permission." Peter D. Junger, Case Western Reserve University Law School, Cleveland, OH Internet: JUNGER@SAMSARA.LAW.CWRU.Edu -- Bitnet: JUNGER@CWRU ------------------------------ Date: Wed, 22 Jul 92 09:22:19 PDT From: neff@mandor.Metaphor.COM (Randall Neff) Subject: American Airlines software development woes [San Jose Mercury News, Monday, July 20, 1992 Business Monday section p. 9F] Software nightmare comes alive for airline American finds the pieces of new reservation system do not fit together [Dallas Morning News] DALLAS -- AMR Corp. for decades sliced up competition with its Sabre computer system for making airline reservations. Last week, the parent of American Airlines, Inc. said it fell on its sword trying to develop a state-of-the-art, industry-wide system that could also handle car and hotel reservations. AMR cut off development of its new Confirm reservation system only weeks after it was supposed to start taking care of transactions for partners Budget Rent-A-Car, Hilton Hotels Corp. and Marriott Corp. Suspension of the $125 million, 4-year-old project translated into a $165 million pre-tax charge against AMR's earnings in the second quarter and fractured the company's reputation as a pacesetter in travel technology. "In an area where we arguably are one of the world's leading companies, it's particularly disappointing to us when we have to recognize a loss of that magnitude on that kind of activity," said ARM senior vice president and treasurer Michael J. Durham. The disappointment comes after a series of technical and management missteps that surprised not only AMR, but the entire industry. As far back as January, the leaders of Confirm discovered that the labors of more than 200 programmers, systems analysts and engineers had apparently been for naught. The main pieces of the massive project -- requiring 47,000 pages to describe -- had been developed separately, by different methods. When put together, they did not work with each other. The system was based on twin IBM mainframes that stored the two main pieces of the reservation system, according to project leaders. One IBM 3090 computer stored customer records, pricing information, and other "decision support" data. The other IBM 3090 kept track of available rooms and cars, managing the actual transaction. But the two pieces were developed on different operating systems. When the developers attempted to plug the parts together, they could not. Different "modules" could not pull the information needed from the other side of the bridge. Response times were slow on other requests. Not until April did officials begin to "recognize the magnitude of the situation" and begin to realize that the problems might not be under control. Warnings of lengthy delays -- as much as two years -- began to surface. "Somewhere in there, you've got a management problem," said Donald Tatzin, director of Arthur D. Little's travel consulting practice. AMR Information Services fired eight senior project members, including team leader John Mott, saying it had "determined that information about the true status of the project appears to have been suppressed by certain management personnel." In late June, Budget and Hilton said they were dropping out. For the record, AMR said it was not giving up hope of salvaging Confirm, although a Coopers & Lybrand market study for AMR is believed to cast doubt on its viability. ------------------------------ Date: Thu, 16 Jul 1992 15:56:53 GMT From: palmer@cco.caltech.edu (David Palmer) Subject: RISKS of Antilock Braking Systems The 15 July 1992 Washington Post has an article about one side effect of Antilock Braking Systems (ABS). Accident investigators typically estimate how fast the various vehicles involved in a collision were going by looking at the skid marks left behind. However, with ABS systems, the skid marks are faint, intermittent, and not as durable as conventional skidmarks. (ABS works by releasing the brakes whenever the tires start skidding. Therefore, the tires never get a chance to cook a strip of rubber into the asphalt.) The skid marks are visible, if you look carefully and get to the accident site before they've been worn away by rain and other traffic. Thus, the new technology makes it harder to reconstruct accidents. The article did, however, quote one investigator as saying (paraphrased from memory) that he'd rather see faint skid marks for 45 feet than dark skid marks for 55 feet ending at a wall. David Palmer, Goddard Space Flight Center/NASA palmer@tgrs.gsfc.nasa.gov ------------------------------ Date: Wed, 22 Jul 1992 06:28:00 PDT From: Scott Bailey Subject: RISKS of BBS ownership (From David R. Cohen, forwarded) I found this posted in one of the Star Trek newsgroups (!). Looks like interesting RISKS material to me. Scott Bailey Xerox Computer Center sbailey@xcc.mc.xerox.com Webster, NY X-NEWS: oasis rec.arts.startrek.misc: 1583 Relay-Version: VMS News - V6.0-1 14/11/90 VAX/VMS V5.5; site oasis.xcc.mc.xerox.com Path: oasis.xcc.mc.xerox.com!rocksanne!rochester!rutgers!cs.utexas.edu!uunet! zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!usenet.ins.cwru.edu! cleveland.Freenet.Edu!bx953 Newsgroups: rec.arts.startrek.misc Subject: Help, please forward this message From: bx953@cleveland.Freenet.Edu (David R. Cohen) Date: 21 Jul 92 14:09:03 GMT I have no idea where this message should be posted, I only know that it **should** be posted. I'm posting here only because I know this board is widely read and someone should be able to get this message to the right place. In [the 21 July 1992] Cleveland Plain Dealer, it was reported that a 22-year old male got arrested for distributing pornography, and possibly for contributing to the delinquency of a minor. His "crime" was running a bulletin board out of his home ... the cops found out that minors were able to get ahold of pornographic gif files. The arrestee had apparently set things up so that "adult" files were supposed to be restricted, but either the files weren't restricted after all, or someone else had "unrestricted" them. The paper reports that this type of arrest is one of the first of its kind in the state. The cops used a "cooperative" 15 year old -- after the kid accessed the adult files, the cops grabbed the alleged criminal. If any Ohio law enforcement types are reading this, I am an Ohio attorney, and I think this sucks. David David R. Cohen or Tracey L. Ridgeway bx953@cleveland.freenet.edu ------------------------------ Date: Sun, 19 Jul 92 18:30:08 PDT From: bertrand@eiffel.com (Bertrand Meyer, Interactive Software Engineering) Subject: The role of expertise in technological advances This note is a call for argued opinions about the effect of technological advances on the value of people's expertise and qualifications. In particular it would be interesting to hear views about the relative merits of the following two opposite conjectures: A. The introduction of a new technology gives the highest advantage to people who are already the most advanced experts, as they are in the best position to understand the new developments, and thus will benefit the most from them. The advances will in face increase the lead that the best people already had over the others. B. Introducing a new technology makes it possible for many people to do what was previously the exclusive specialty of a few experts. So it levels off the field, putting everyone at the same position. I can see serious arguments and examples supporting both conjectures. To keep this note short, I have selected just two widely different examples, one for each. Only the second is computer-related. (My personal interest in this discussion is with respect to advances in software engineering, but the problem is more general.) A. In his book ``Tristes Tropiques'', the ethnologist Claude Levi-Strauss recounts how he visited a South American tribe that didn't know writing. He introduced it to them; writing was immediately put to good use by the tribe's chief, who could see how the ability to record and retrieve his decisions would increase his power. B. It used to be quite hard to get a taxi in Paris. The situation has considerably improved thanks to the installation by the biggest taxi company of a computer-based system. This might at first seem to be an argument for A since this system has (at least temporarily) given the company a big lead over its competitors, but here is the other side. In a recent stay in Paris in which I frequently needed taxis to pick me up, I was able almost every time to obtain one in about five minutes. I once complimented a driver on this efficiency. He responded by heaping tons of abuse on the system. After a period of astonishment, I understood the reason for his anger. He has been in the business for twenty years or so, and knows every street and lane in the city; he also knows the best itineraries, and where he should and should not be at each time of day and year to get good business (go to the Gare d'Austerlitz at certain times, to the airports at certain others and so on). But now the new system puts every upstart driver, who has just passed his exam and paid for his license, at the same level as him! You just key in a certain code to indicate where you are, and get queued for customers' requests in that area. Then when your turn comes you get the next customer. The computer system apparently also indicates where the hottest areas are at any time of day. Very little advantage remains for an experienced professional driver. He was looking with even more horror to a future (apparently promised) extension of the system, whereby ``the computer'' would show recommended itineraries! Please note that the discussion is not about people whose job is simply made obsolete by the new advances (as craftsmen at the time of the industrial revolution, or draughtsmen at the time of the introduction of computer-aided design). Assuming people are experts in a field, and remain in that field, is new technology a way to increase their lead or should they fear losing their advantage? [Please respond directly to Bertrand, who will share the results with us. PGN] ------------------------------ Date: Wed, 22 Jul 92 09:16:03 CET From: "E. Kristiansen - WMS" Subject: Telephone wiretapping [Cross-posted to privacy@cv.vortex.com] NRC Handelsblad, a Dutch newspaper, of 20 July has two articles concerning telephone wiretapping. The first article describes several cases of alleged unauthorized wiretaps performed by PTT Telecon, the Dutch telephone company. The PTT is accused of establishing wiretaps on telephone lines without the required court order, on request of the police and legal authorities (district attorney). In one case, a PTT employee has allegedly passed on information obtained from illegally bugging a phone line, to a criminal (drug dealer). The employee has been fired. A PTT spokesperson says that "according to current procedure", the police cannot request a wiretap directly. The request is to be submitted through the proper legal channels. From a technical point of view, the article suggests, without giving much detail, that it is very easy to establish a wiretap, and that the only control is through procedures, relying on "highly trusted personnel". Further, it is said that the PTT never performs wiretapping itself, it only establishes the tap to a line going to the police office. It is not said that the PTT CANNOT do wiretapping, and I would assume that they can, e.g. for technical monitoring of line quality. The other article describes how an on-hook telephone set can be used for bugging the room in which it is installed. The trick can be performed by anybody who can gain access, legally or illegally, to any point of the wire pair connecting the telephone set to the exchange. A high frequency signal is injected into the line. This signal bypasses the hook switch of the set (capacitive coupling, I suppose). The microphone modulates the signal (technical details not given), and the intruder can demodulate, and listen to the conversation in the room. When this trick was published in the press, PTT says it will shortly be offering a telephone plug with a built-in capacitor to short the HF signal. The plug will sell for about Dfl.5 (USD 3). Consumer organizations urge that the plug should be available free of charge to anybody asking for it. It is not said whether the trick will work on all current types of phones, or only on particular brands. Erling Kristiansen ------------------------------ Date: Wed, 22 Jul 92 09:07:20 -0700 From: Emmanuel Goldstein Subject: Bellcore threatens 2600 with lawsuit over Busy Line Verification item THE FOLLOWING CERTIFIED LETTER HAS BEEN RECEIVED BY 2600 MAGAZINE. WE WELCOME ANY COMMENTS AND/OR INTERPRETATIONS. Leonard Charles Suchyta General Attorney Intellectual Property Matters Emanuel [sic] Golstein [sic], Editor 2600 Magazine P.O. Box 752 Middle Island, New York 11953-0752 Dear Mr. Golstein: It has come to our attention that you have somehow obtained and published in the 1991-1992 Winter edition of 2600 Magazine portions of certain Bellcore proprietary internal documents. This letter is to formally advise you that, if at any time in the future you (or your magazine) come into possession of, publish, or otherwise disclose any Bellcore information or documentation which either (i) you have any reason to believe is proprietary to Bellcore or has not been made publicly available by Bellcore or (ii) is marked "proprietary," "confidential," "restricted," or with any other legend denoting Bellcore's proprietary interest therein, Bellcore will vigorously pursue all legal remedies available to it including, but not limited to, injunctive relief and monetary damages, against you, your magazine, and its sources. We trust that you fully understand Bellcore's position on this matter. Sincerely, LCS/sms [The 2600 article in question will not appear in RISKS, for the obvious reasons. PGN] ------------------------------ Date: Wed, 22 Jul 92 14:45:34 EDT From: denning@cs.georgetown.edu (Dorothy Denning) Subject: Export of 40-Digit RSA I talked with Dennis Branstad at NIST and found out that the 40-digit system approved for export is not the RSA public-key system (PKS) but rather the systems RC-2 and RC-4 which are single-key systems marketed by RSA Data Security. These systems can be "married to" a 512-bit RSA PKS used for key management and the whole package can be exported. Dorothy Denning [Dorothy and I had an earlier off-line dialogue on the fact that 40-digit RSA was child's-play to break. This clarification is very helpful. PGN] ------------------------------ Date: Mon, 20 Jul 1992 04:28:42 GMT From: leonard@qiclab.scn.rain.com (Leonard Erickson) Subject: Re: Qantas airliner challenged by US Pacific fleet (RISKS-13.66) >The Qantas pilot radioed the Federal Aviation Authority in Los Angeles which >put him on a frequency to the warship. [Why was this necessary?] The FAA >resolved the crisis by putting the Qantas flight on a path bypassing the >Cowpens which was taking part in a military exercise. It was probably necessary to use such a roundabout means of communication because the airliner had no idea what frequencies the ship was using, and likely *couldn't* respond on many of them if it wanted to! >Elly Brekke, a spokeswoman for the FAA in Los Angeles, confirmed that the >airliner, following its predetermined flight path, was told it risked risked >facing hostile action. Ms Brekke said the Qantas flight was "where it should >have been", and the FAA had not been told that the US Navy was conducting >manoeuvres that would require any restriction of airspace. Somebody goofed. My guess is the military *should* have warned the ATC center! >The Pacific Fleet spokesman said the Cowpens had inadvertently [!] used "an >international distress frequency" in trying to contact planes taking part in >the exercise. The inadvertently part is all too simple. And it has bearing on my comment above about why the airliner may not have been able to directly contact the ship. All those nice agreements about which frequencies are used for what have a *large* loophole. All governments are allowed to ignore the international frequency allocations when it comes to *military* use. Most military gear can tune all sort of civilian (and other) frequencies. And for peacetime operations, they do have the civilian frequncies set up. Somebody may have done something as simple as punch the wrong "general frequency" button! There are two risks here. First, from the pictures that I've seen of military radio gear, the "user interface" is lacking in a few areas. Mainly in that the user has no idea that some of the "channels" are not strictly military. The second risk is the usual one of what happens when folks that are allowed to "ignore the standards" get to share the operating environment with folks that *do* have to follow them... Leonard Erickson leonard@qiclab.scn.rain.com 70465.203@compuserve.com CIS: [70465,203] FIDO: 1:105/56 Leonard.Erickson@f56.n105.z1.fidonet.org ------------------------------ Date: Mon, 20 Jul 92 18:08:28 GMT From: rteasdal@polyslo.csc.calpoly.edu (Rusty) Subject: Re: Nuclear reactor control (Park, Re: RISKS-13.66) I suspect that, given the context in which they were mentioned, that Bill is correct. However, what I first think of when the phrase "magnetic core systems" comes up in discussions of reactor safety is something rather different. It is the practice in many PWR reactors to have the cadmium control rods, which must be withdrawn partly from the reactor core for substantial fission to take place, lifted vertically up and out of the core by electromagnets, which are themselves powered by the output of the generators driven by the reactor. If there is a sudden drop in reactor output for some reason, the magnets cut out, and the rods drop back into the core. Gravitic passive safety! However, this does not help at all in cases where the reactor is running out of control but still producing steam and power, nor will it do any good if something has happened to prevent the reinsertion of the damper rods themselves... Russ Teasdale -- rteasdal@polyslo.CalPoly.EDU -- (Rusty) ------------------------------ Date: Thu, 16 Jul 92 11:00:44 PDT From: bnfb@ursamajor.UVic.CA (Bjorn Freeman-Benson) Subject: Countering Urban Myths re: Airbus In RISKS 13.64, I read these two stories about the A320: >> #1 A Pan Am Airbus A300 or A310 (I don't remember which) was on final ... >> #2 Apparently as a safety feature derived from the crash of the ... And I immediately recalled that the same article was posted to sci.aeronautics and then immediately countered as a collection of Urban Myths. I'm sorry that I cannot quote the sci.aeronautics article, but the local news system has already erased it. Not a fan of the A320, yet also a crusader against misinformation, Bjorn N. Freeman-Benson ------------------------------ Date: Tue, 21 Jul 92 18:13:35 CDT From: rdd@rascal.ics.utexas.edu (Robert Dorsett) Subject: AVIATION restructuring in progress Rec.aviation is currently in the request-for-discussion period of a comprehensive re-organization proposal. A number of proposed sub-groups may be of interest to RISKS users, including two airliners proposals (in the sci and rec hierarchies), a safety-group, a generic airplane-group, and others. The RFD was posted last week; a "survey" of user preferences (which will be used to shape the final CFV) was posted about the same time. The survey was re-posted this afternoon. Copies of both documents are available on rec.aviation, sci.aeronautics, and rec.travel.air, depending on your news spool. Copies may also be obtained from me, directly, at rdd@rascal.ics.utexas.edu. Robert Dorsett, Internet: rdd@rascal.ics.utexas.edu UUCP: ...cs.utexas.edu!rascal.ics.utexas.edu!rdd ------------------------------ End of RISKS-FORUM Digest 13.67 ************************