Subject: RISKS DIGEST 14.14 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Weds 2 December 1992 Volume 14 : Issue 14 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Akron BBS trial update! (David Lehrer) Holiday reading on Risks (Phil Agre) Re: Books on Probability (Pete Mellor) FME'93 Call For Participation and Programme (Peter Gorm Larsen) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: 02 Dec 92 11:49:08 EST From: David Lehrer <71756.2116@compuserve.com> Subject: Akron BBS trial update! Akron BBS trial update: Dangerous precedents in sysop prosecution You may already know about the BBS 'sting' six months ago in Munroe Falls, OH for "disseminating matter harmful to juveniles." Those charges were dropped for lack of evidence. Now a trial date of 1/4/93 has been set after new felony charges were filed, although the pretrial hearing revealed no proof that *any* illegal content ever went out over the BBS, nor was *any* found on it. For those unfamiliar with the case, here's a brief summary to date. In May 1992 someone told Munroe Falls police they *thought* minors could have been getting access to adult materials over the AKRON ANOMALY BBS. Police began a 2-month investigation. They found a small number of adult files in the non-adult area. The sysop says he made a clerical error, causing those files to be overlooked. Normally adult files were moved to a limited-access area with proof of age required (i.e. photostat of a drivers license). Police had no proof that any minor had actually accessed those files so police logged onto the BBS using a fictitious account, started a download, and borrowed a 15-year old boy just long enough to press the return key. The boy had no knowledge of what was going on. Police then obtained a search warrant and seized Lehrer's BBS system. Eleven days later police arrested and charged sysop Mark Lehrer with "disseminating matter harmful to juveniles," a misdemeanor usually used on bookstore owners who sell the wrong book to a minor. However, since the case involved a computer, police added a *felony* charge of "possession of criminal tools" (i.e. "one computer system"). Note that "criminal tool" statutes were originally intended for specialized tools such as burglar's tools or hacking paraphernalia used by criminal 'specialists'. The word "tool" implies deliberate use to commit a crime, whereas the evidence shows (at most) an oversight. This raises the Constitutional issue of equal protection under the law (14th Amendment). Why should a computer hobbyist be charged with a felony when anyone else would be charged with a misdemeanor? At the pretrial hearing, the judge warned the prosecutor that they'd need "a lot more evidence than this" to convict. However the judge allowed the case to be referred to a Summit County grand jury, though there was no proof the sysop had actually "disseminated", or even intended to disseminate any adult material "recklessly, with knowledge of its character or content", as the statute requires. Indeed, the sysop had a long history of *removing* such content from the non-adult area whenever he became aware of it. This came out at the hearing. The prosecution then went on a fishing expedition. According to the Cleveland Plain Dealer (7/21/92) "[Police chief] Stahl said computer experts with the Ohio Bureau of Criminal Identification and Investigation are reviewing the hundreds of computer files seized from Lehrer's home. Stahl said it's possible that some of the games and movies are being accessed in violation of copyright laws." Obviously the police believe they have carte blanche to search unrelated personal files, simply by lumping all the floppies and files in with the computer as a "criminal tool." That raises Constitutional issues of whether the search and seizure was legal. That's a precedent which, if not challenged, has far-reaching implications for *every* computer owner. Also, BBS access was *not* sold for money, as the Cleveland Plain Dealer reports. The BBS wasn't a business, but rather a free community service, running on Lehrer's own computer, although extra time on the system could be had for a donation to help offset some of the operating costs. 98% of data on the BBS consists of shareware programs, utilities, E-mail, etc. The police chief also stated: "I'm not saying it's obscene because I'm not getting into that battle, but it's certainly not appropriate for kids, especially without parental permission," Stahl said. Note the police chief's admission that obscenity wasn't an issue at the time the warrant was issued. Here the case *radically* changes direction. The charges above were dropped. However, while searching the 600 floppy disks seized along with the BBS, police found five picture files they think *could* be depictions of borderline underage women; although poor picture quality makes it difficult to tell. The sysop had *removed* these unsolicited files from the BBS hard drive after a user uploaded them. However the sysop didn't think to destroy the floppy disk backup, which was tossed into a cardboard box with hundreds of others. This backup was made before he erased the files off the hard drive. The prosecution, lacking any other charges that would stick, is using these several floppy disks to charge the sysop with two new second-degree felonies, "Pandering Obscenity Involving A Minor", and "Pandering Sexually Oriented Matter Involving A Minor" (i.e. kiddie porn, prison sentence of up to 25 years). The prosecution produced no evidence the files were ever "pandered". There's no solid expert testimony that the pictures depict minors. All they've got is the opinion of a local pediatrician. All five pictures have such poor resolution that there's no way to tell for sure to what extent makeup or retouching was used. A digitized image doesn't have the fine shadings or dot density of a photograph, which means there's very little detail on which to base an expert opinion. The digitization process also modifies and distorts the image during compression. The prosecutor has offered to plea-bargain these charges down to "possession" of child porn, a 4'th degree felony sex crime punishable by one year in prison. The sysop refuses to plead guilty to a sex crime. Mark Lehrer had discarded the images for which the City of Munroe Falls adamantly demands a felony conviction. This means the first "pandering" case involving a BBS is going to trial in *one* month, Jan 4th. The child porn statutes named in the charges contain a special exemption for libraries, as does the original "dissemination to juveniles" statute (ORC # 2907.321 & 2). The exemption presumably includes public and privately owned libraries available to the public, and their disk collections. This protects library owners when an adult item is misplaced or lent to a minor. (i.e. 8 year olds can rent R-rated movies from a public library). Yet although this sysop was running a file library larger than a small public library, he did not receive equal protection under the law, as guaranteed by the 14'th Amendment. Neither will any other BBS, if this becomes precedent. The 'library defense' was allowed for large systems in Cubby versus CompuServe, based on a previous obscenity case (Smith vs. California), in which the Supreme Court ruled it generally unconstitutional to hold bookstore owners liable for content, because that would place an undue burden on bookstores to review every book they carry, thereby 'chilling' the distribution of books and infringing the First Amendment. If the sysop beats the bogus "pandering" charge, there's still "possession", even though he was *totally unaware* of what was on an old backup floppy, unsolicited in the first place, found unused in a cardboard box. "Possession" does not require knowledge that the person depicted is underage. The law presumes anyone in possession of such files must be a pedophile. The framers of the law never anticipated sysops,or that a sysop would routinely be receiving over 10,000 files from over 1,000 users. The case could set a far ranging statewide and nationwide precedent whether or not the sysop is innocent or guilty, since he and his family might lack the funds to fight this--after battling to get this far. These kinds of issues are normally resolved in the higher courts-- and *need* to be resolved, lest this becomes commonplace anytime the police or a prosecutor want to intimidate a BBS, snoop through users' electronic mail, or "just appropriate someone's computer for their own use." You, the reader, probably know a sysop like Mark Lehrer. You and your family have probably enjoyed the benefits of BBS-ing. You may even have put one over on a busy sysop now and then. In this case; the sysop is a sober and responsible college student, studying computer science and working to put himself through school. He kept his board a lot cleaner than could be reasonably expected, so much so that the prosecution can find very little to fault him for. [The original message from David contained a plea for contributions for an independent legal defense fund, with any overflow to EFF. RISKS does not include such solicitations here, so I have excised those paragraphs. However, if you are interested in further info, you may of course contact David, or else Mark directly. See below. PGN] Help get the word out. If you're not sure about all this, ask your local sysops what this precedent could mean, who the EFF is--and ask them to keep you informed of further developments in this case. Please copy this file and send it to whoever may be interested. This case *needs* to be watchdogged. Please send any questions, ideas or comments directly to the sysop: Mark Lehrer CompuServe: 71756,2116 InterNet: 71756.2116@compuserve.com Modem: (216) 688-6383 USPO: P.O. Box 275, Munroe Falls, OH 44262 ------------------------------ Date: Mon, 30 Nov 92 21:36:53 -0800 From: pagre@weber.ucsd.edu (Phil Agre) Subject: holiday reading on Risks Here are two books that subscribers to RISKS may consider reading over the holiday vacation. Neither one is directly concerned with computers, but both are deeply concerned with the social management of risk, technological and otherwise. I think it would be well worthwhile exploring their consequences for our emerging understanding of computer risks. Brian Wynne, Risk Management and Hazardous Waste: Implementation and the Dialectics of Credibility, Berlin: Springer-Verlag, 1987. This book is the report of a project at the IIASA in Vienna on the politics of regulation of hazardous wastes. This is a fascinating enough topic on its own, but what's particularly relevant about this particular study is its attention to the administrative dimensions of regulation and risk. Wynne et al spell out in a sophisticated and sustained way an argument already made by Charles Perrow and others, that "risks" are located not exactly in technologies but in the institutions (and by extension the larger cultures and social arrangements) that contain them. This view has many consequences (at least, several more than I had thought about myself), which Wynne explains with some force. Lorraine Daston, Classical Probability in the Enlightenment, Princeton: Princeton University Press, 1988. This is a detailed and scholarly history of early modern mathematical ideas of probability. Though not really a social history, it focuses on the developing practices of life insurance, lotteries, and gambling, tracing the shifting ideas about the morality and rationality of these things. It was not until the early 19th century, for example, that insurance ceased to be understood as a variety of gambling. And Daston explores at length various explanations for the great slowness with which insurance companies came to use probabilistic models rather than individual interviews and judgements. Her central argument, though, concerns the rise of the idea of large-scale statistical regularities. She says: "Whereas De Moivre took the order revealed in stable statistical frequencies as incontrovertible evidence that an intelligent agent was at work in the world, Poisson argued that such order was only to be expected; we should suspect divine tinkering only when it was absent. For the mathematicians, the clock no longer implied a clockmaker. The ascent of statistical regularities ultimately marked the decline of the reasonable man, as probability theory shifted its sights from the psychology of the rational individual to the sociology of the irrational masses (page 187)." "Consequently, the targets of persuasion also differed: Quetelet wanted governments to change their ways on the basis of his figures, not individuals. But both sorts of probabilistic rationality presupposed the stable, orderly phenomena that made calculation possible, even if they singled out different *kinds* of phenomena as quantifiable. Classical probabilists believed that judicial decisions, but not traffic accidents, were regular; their successors believed just the reverse (page 385)." Phil Agre, UCSD ------------------------------ Date: Tue, 1 Dec 92 11:02:29 GMT From: Pete Mellor Subject: Re: Books on Probability (Mellor, RISKS-14.08) Phil Earnhardt has pointed out that the two books I recommended in RISKS DIGEST 14.08: "How to take a chance" by Darrel Huff, and "Making Decisions", D.V. Lindley, John Wiley & Sons, 2nd Ed., 1985 are not listed in _Books in Print_ in the US. Thanks for the information, Phil. Both books are fairly old, so may well be out of print. The ISBN of Lindley's book is: 0 471 90803 7, in case that helps you to find it. I bought it through our local university bookshop about 2 years ago, so I'm surprised that it's out of print, but it's possible. I don't have a copy of Huff's book to hand, so I can't quote you the ISBN. Peter Mellor, Centre for Software Reliability, City University, Northampton Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@city.ac.uk ------------------------------ Date: Wed, 2 Dec 1992 14:53:53 GMT From: pgl@imada.ou.dk (Peter Gorm Larsen) Subject: FME'93 Call For Participation and Programme The FME'93 Symposium Industrial-Strength Formal Methods Call for Participation and Programme 19 - 23 April 1993 Supported by the Commission of the European Communities (CEC) Organized by Formal Methods Europe 1. Symposium Programme The first FME Symposium will be held at Odense Technical College in Denmark, during the week of 19. to 23. April, 1993. It is being organised by Formal Methods Europe, as the successor to the last four VDM symposia, to promote the interests of users, researchers and developers of precise mathematical methods in program development. This symposium will focus on The Application of Industrial-Strength Formal Methods. The symposium is divided into two parts for which registration, symposium fees and proceedings are separate. The first two symposium days consists of two parallel tracks with tutorials on formal methods. The last three symposium days offer presentations of refereed papers, in parallel with presentations of project experience reports, short presentations of tools and presentations of European projects dealing with formal methods. The FME'93 symposium programme features 8 half-day tutorials, 32 papers, 3 invited talks, 6 project reports, 20 tool presentations and exhibitions. The papers to be presented cover a broad range of interests: among the formal methods represented are VDM, Z, LOTOS, RAISE, and B. They also come from different backgrounds, both industry and academia, and from 15 different countries. FME'93 will be an intense and important event, and you are advised to submit your registration as soon as possible. 2. Symposium Sponsors The symposium would not have been possible without the very kind support and financial assistance of the associations and corporations listed below: Scandinavian Airlines System (SAS) Odense Steel Shipyard Ltd. Deutsche System Technik Fyns Telefon Praxis Lloyd's Register DDC International Space Software Italia Computer Resources International (CRI) ICL Data A/S (SUN Division) 3. General Information Odense: Odense is Denmark's third largest city in the center of Denmark's second largest island, the Isle of Funen. Odense celebrated its 1000th anniversary in 1988, and Danmark's famous fairy-tale writer, Hans Christian Andersen was born in Odense. The symposium will be held at Odense Technical College (Odense Teknikum) which is located 4 kilometers from the center of town. Special Events: Tuesday evening there will be a reception at the City Hall where the Mayor will give a short speech. Wednesday evening there will be a reception at IFAD. On Thursday evening the symposium banquet is to be held in the Knights' Hall of Nyborg Castle. Fee: We offer you three packages for this symposium: Tutorial package: 2000 DKK (late registration 2500 DKK) incl. tutorial material and reception at Odense City Hall. Conference package: 2800 DKK (late registration 3300 DKK) incl. conference proceedings, reception at Odense City Hall, reception at IFAD and the symposium banquet. Symposium package: 4300 DKK (late registration 4800 DKK) incl. both tutorial material and conference proceedings, reception at Odense City Hall, reception at IFAD and the symposium banquet. All packages in addition contain coffee and cookies at breaks and lunch at Odense Technical College, local transport to/from hotels and a free telephone card worth 50 DKK. If it becomes necessary to cancel a reservation, this must be done in writing to KongresBureau Fyn before April 1th 1993 to obtain a refund (less 100 DKK). Cancellation after April 1st will incur a 500 DKK administration charge. For further information please contact: KongresBureau Fyn Raadhuset DK-5000 Odense C Denmark tel: +45 66 12 75 30, fax: +45 66 12 75 86 4. Tutorial Programme (April 19 and 20, 1993) The two first days of the symposium are dedicated to 8 half-day tutorials on formal development. The programme is organised into two parallel tracks. The first track contains 2 tutorials about program development and 2 tutorials about proving such developments to be correct, and track 2 contains 4 tutorials about different ways to model parallelism. Track 1 Functional Programming - Phil Wadler Data Refinement - Tim Clement Proof in Z with Tool Support - Roger Jones Prototype Verification System - John Rushby Track 2 Coloured Petri Nets - Kurt Jensen CCS with Tool Support - Kim G. Larsen LOTOS with Tool Support - Jeroen Schot Provably Correct Systems - Anders P. Ravn 5. Tools Presentation (Wednesday, April 21, 1993) During the symposium, exhibitions of tools for the support of formal methods will be organised. On April 21, in parallel with the conference, a short introduction to each of the following exhibited tools will be given. ICL Data are sponsoring the tools exhibition by providing most of the SUN hardware. DST-fuzz - DST CADiZ - York Software Engineering Ltd ProofPower - ICL The Centaur-VDM environment - CEDRIC-IIE SpecBox - Adelard Mural - Manchester University The IFAD VDM-SL Toolbox - IFAD The IPTES Tool - IFAD LOTOS Tools - ITA Centaur - INRIA Pet Dingo - NIST ExSpect - Eindhoven University Design/CPN - Elektronikcentralen DisCo-tool - Tampere University The Boyer-Moore Theorem Prover - CLI B-Toolkit - B-Technologies SALR The RAISE Tools - CRI PVS - SRI TAV - Aalborg University FDR - Formal Systems Ltd 6. Invited Speakers (April 21, 22 and 23, 1993) Each morning during the conference an invited talk will be given by one of the 3 specially invited speakers. These are: Cliff B. Jones, Manchester University (UK), Reasoning about Interference in an Object-Based Design Method Willem-Paul de Roever, Kiel University (D), Correctness of a Fault Tolerant Algorithm: an application of Starke's dense time temporal logic for refinement Peter Lupton, IBM Hursley (UK), The CICS Experience with Z: Successes and Problems 7. Project Reports (Thursday, April 22, 1993) In parallel with the April 22 conference sessions, the following project reports will be presented. Project reports will focus on experiences and problems encountered in the use of formal methods in real projects. Specification and Validation of a Security Policy Model (T. Boswell) Role of VDM(++) in the Development of a Real-Time Tracking and Tracing System (E. Durr et.al.) Experiences from Applications of RAISE (B. Dandanell et.al.) The Integration of LOTOS with an Object-Oriented Development Method (M. Hedlund) Towards an Implementation-Oriented Specification of TP Protocol in LOTOS (I. Widya et.al.) LOTOS Introduction in a conventional Software Development Life Cycle: An Industrial Experience (G. Leon et.al.) 8. ESPRIT Project Presentation (Friday, April 23, 1993) In parallel with the April 23 conference sessions, the following European projects on formal specification and design will be presented. SPEC and REACT DEMON and CALIBAN LOTOSPHERE PROOFS AFRODITE RAISE and LACOS IPTES 9. Conference Programme (April 21, 22 and 23, 1993) * Wednesday, April 21: Cliff B. Jones (invited talk) Applications of Modal Logic for the Specification of Real-Time Systems (L. Chen et.al.) Generalizing Abadi & Lamport's Method to Solve a Problem posed by A. Pnueli (K. Engelhardt et.al.) Adding Specification Constructors to the Refinement Calculus (N. Ward) Real-Time Refinement (C. Fidge) A Concurrency Case Study using RAISE (C. George et.al.) A Metalanguage for the Formal Requirement Specification of Dynamic Systems (E. Astesiano et.al.) A VDM study of Fault-Tolerant Stable storage towards a Computer Engineering Mathematics (A. Butterfield) Automating the Generation and Sequencing of Test Cases from Model-Based Specifications (J. Dick et.al.) Maintaining Consistency under Changes to Formal Specifications (K. Ross et.al.) The Parallel Abstract Machine: A Common Execution Model for FDTs (G. Doumenc et.al.) Putting Advanced Reachability Analysis Techniques Together: the `ARA' Tool (A. Valmari et.al.) Process Instances in LOTOS Simulation (S. Pickin et.al.) * Thursday, April 22: W-P. de Roever (invited talk) A Proof Environment for Concurrent Programs (N. Brown et.al.) Encoding W: A Logic for Z in 2OBJ (A. Martin) On the Derivation of Executable Database Programs from Formal Specifications (T. Gunther et.al.) Application of Composition Development Method for Definition of SYNTHESIS Information Resource Query Language Semantics (L. Kalinchenko et.al.) Different FDTs Confronted with Different ODP-viewpoints of the Trader (J. Fischer et.al.) Invariants, Frames and Postconditions: a Comparison of the VDM and B Notations (J. Bicarregui et.al.) Formal Verification for Fault-Tolerant Architectures: Some Lessons Learned (S. Owre et.al.) Verification Tools in the Development of Provably Correct Compilers (M. Krishna Rao et.al.) Formal Methods Reality Check: Industrial Usage (D. Craigen et.al.) The Industrial Take-up of Formal Methods in Safety-Critical and Other Areas: A Perspective (J. Bowen et.al.) Selling Formal Methods to Industry (D. Weber-Wulff) * Friday, April 23: Peter Lupton (invited talk) Integrating SA/RT with LOTOS (A. van der Vloedt et.al.) The SAZ Project: Integrating SSADM and Z (F. Pollack et.al.) Symbolic Model Checking for Distributed Real-Time Systems (F. Wang et.al.) Model Checking in Practice: the T9000 Virtual Channel Processor (G. Barrett) The Frame Problem in Object-Oriented Specifications: An Exhibition of Problems and Approaches (A. Borgida) Algorithm Refinement with Read and Write Frames (J. Bicarregui) Specifying a Safety-Critical Control System in Z (J. Jacky) An Overview of the SPRINT Method (H. Jonkers) Conformity Clause for VDM-SL (G. Parkin et.al.) 10. Registration form Complete and send this registration form before March 1, 1993 to: KongresBureau Fyn, Raadhuset, DK-5000 Odense C, Denmark. Registration Prof [ ] Dr [ ] Mr [ ] Mrs [ ] Miss [ ] Name: _______________________________________________________ First name: _______________________________________________________ Company: _______________________________________________________ Address: _______________________________________________________ _______________________________________________________ Country: _______________________________________________________ Telephone: _____________________ Telefax: _______________________ Presenter of regular tool [ ] paper [ ] tutorial [ ] ESPRIT [ ] delegate [ ] Registration Fee Before March 1 After March 1 ================================================================= Tutorial package DKK 2000 DKK 2500 Conference package DKK 2800 DKK 3300 Symposium package DKK 4300 DKK 4800 ================================================================= Chosen package DKK DKK [ ] I enclose a banker's cheque in DKK, drawn on a Danish bank, made payable to FME'93, KongresBureau Fyn. [ ] Please charge my credit card: [ ] MasterCard [ ] Eurocard [ ] Visa [ ] JCB [ ] Access card no. ___________________________________________________ exp. date __________________________________________________ card holders signature _____________________________________ Att. Registration only possible when accompanied by payment of fee. Accommodation I would like to reserve: Cat. single room double room A [ ] DKK 720 [ ] DKK 890 B [ ] DKK 590-645 [ ] DKK 705-795 C [ ] DKK 300-395 [ ] DKK 430-525 I want to share a double room with: ________________________________ Date of arrival: _________________ Departure: _____________________ Att. Hotel bills are to be handled directly with the hotel. The prices include breakfast, taxes and service. Reservations will be made in the order received. Date: __________________ Signature: ______________________________ ------------------------------ End of RISKS-FORUM Digest 14.14 ************************