Subject: RISKS DIGEST 14.49 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 9 April 1993 Volume 14 : Issue 49 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Re: Columbia and Discovery shuttle problems (Dan Sorenson) "Massive Tax Fraud found in Toronto" and EFILE security (Peter Yamamoto) Video Surveillance Tapes and TV Programs (Sanford Sherizen) Re: Using your company's E-mail for private ... (Pat Place) Re: Sound of the Fury: Sub-liminal highway monitoring... (Rob Horn) Lessons from the London Ambulance Service (Bill Murray) Re: Another Mystery for the San Francisco Muni Metro (Joe Brennan) Review of "Syslaw" by Rose/Wallace (Rob Slade) Availability of Berne Convention (Selden E. Ball, Jr., Mike Godwin, Jerry Leichter) The RISKS Forum is a moderated digest discussing risks; comp.risks is its Usenet counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. For information regarding delivery of RISKS by FAX, phone 310-455-9300 (or send FAX to RISKS at 310-455-2364, or EMail to risks-fax@cv.vortex.com). ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Thu, 8 Apr 1993 03:02:16 GMT From: viking@iastate.edu (Dan Sorenson) Subject: Re: Columbia and Discovery shuttle problems (RISKS-14.47) Path: ponderous.cc.iastate.edu!viking Today, WHO radio in Des Moines, Iowa ran a story on STS-56 in their newscast. The "fix" is to bypass the sensor, fooling the computer into thinking the valve is properly closed. What's the risk? I somehow doubt totally bypassing a sensor can be any safer than fixing the problem, and the cost of delays might be contrasted with the cost of Challenger. Beware that of quick kludge, particularly when there are lives literally riding on its working correctly. Dan Sorenson, DoD #1066 z1dan@exnet.iastate.edu viking@iastate.edu ------------------------------ Date: Thu, 8 Apr 1993 14:21:43 -0400 From: pjyamamo@watdragon.uwaterloo.ca (Peter Yamamoto) Subject: "Massive Tax Fraud found in Toronto" and EFILE security Path: watdragon.uwaterloo.ca!pjyamamo I just found a bounced risk in an old mailbox. When it bounced expired locally on some machine, I decided not to pursue it; but in light of the recent "Massive Tax Fraud" claims by the Canadian government, I resubmit it with an update. Update: In an earlier unposted risk I mentioned: > I recently went to one of these services and was appalled at the (relative) > incompetence of the prepaper and the fact that he sends the data to > Vancouver over an insecure line (I only found out after it was not > done in the promised time frame and he explained the delays). Although the risk I cited was security, the incompetence of the preparer made him over-calculate my refund by $1600. I wonder if the recent "Massive Tax Fraud" (headline of the Kitchener-Waterloo Record, Thursday, April 8) reported by the government is partly due to such incompetent preparers. On the CTV news last night (Wed. April 7, 11pm), they reported that a financial analyst said that the "Massive Tax Fraud" (in the headlines of the Kitchener-Waterloo Record, Thursday, April 8) was more likely a scare tactic by the Canadian Government since the numbers quoted by the government don't add up and the filing deadline April 31 is approaching. They said most of the blame is on "fraudulent tax preparers" who are trying to taking advantage of the electronic filing system since the return is not accompanied by receipts. I suppose the specific "risk" is the one the government took by allowing anybody to become an EFILE tax preparer. Peter Previous risk submission (bounced): Subject: Canadian EFILE tax return confidentiality measures (NOT!) To: comp.risks Date: Mon, 1 Mar 93 10:57:28 EST Canada now has a nationwide program to facilitate the electronic submission of tax forms, called the EFILE Electronic Filing program. >From the Applicant's kit: What is EFILE -- understanding the service The service or combination of services that you choose to provide to your clients determines what type of electronic filer you are. There are two basic services, and therefore two types of electronic filers: preparers and transmitters. ... Communications system ... Contact, using a modem, with our EFILE receiving system will have to come through a "packet switch" network. You can buy access to this network directly, from either Telecom Canada (DataPac) or Unitel (FasPac). In order to protect the confidentiality of income tax information, minimum security requirements for data sent over one of these packet switch networks are that the data must be transmitted over secure lines (ie a dedicated line together with membership in RCT's closed user group). In the near future, an alternative will be available whereby encrypted data is transferred without the need for a dedicated line by "dialing-in" to the network. ... The risk is that the government's "minimum security" policy only covers transmission to the government computer. Before that, there is the freedom for the preparer to transmit the form anywhere by any means. This in fact happens since a dedicated line represents a significant cost (approx. $300 installation, $250/month) which means that there are "transmitter centers" to which preparers send their data via modem or diskette. Since tax preparers in Ontario are connecting via modem to centers as far away as Vancouver illustrates that such centers facilitate the task of mass interception if one is really intent on doing so. In any case, it should be clear that the current policy does not adequately protect the confidentiality of the information. I recently went to one of these services and was appalled at the (relative) incompetence of the prepaper and the fact that he sends the data to Vancouver over an insecure line (I only found out after it was not done in the promised time frame and he explained the delays). The head office is: Revenue Canada Taxation, EFILE Project Office, 400 Cumberland Street Ottawa, Ontario, K1A 0L8 613-957-8113 [Canadians may call collect for serious inquiries] ------------------------------ Date: Thu, 8 Apr 93 17:53 GMT From: Sanford Sherizen <0003965782@mcimail.com> Subject: Video Surveillance Tapes and TV Programs I was recently contacted by someone from Dick Clark Productions, asking me to help them develop an NBC TV special called CAUGHT IN THE ACT. This will be a one-hour special in May featuring real-life videotapes of criminals from surveillance (security) cameras, covert camera installations, and in-car cameras. The producers contacted me to see if I had any tapes or could help them to locate some. They said that they are looking for solid, dramatic footage--and are especially interested in "dramatic incidents, unsolved crimes, and bungling crooks". Here is the RISK issue. "We are looking for interesting footage, especially that which will help educate the public about the necessity for video surveillance, and to illustrate how effective cameras can be in preventing and solving crimes." Recently, there has been a flood of cheap-to-produce programs, where viewers contribute their (sometimes staged only for tv) videos. Many of these programs contain shocking sequences, guaranteed to attract a wide consumer audience. Some social scientists and other killjoys have suggested that these programs add to a sense of doom and danger that is found today, especially among those who gain their newscoverage or sense of the world mainly from tv. While at least one of these programs has led to the capture of wanted criminals, the heightened view of continual violence and the ineffectiveness of law enforcement adds to social tension without resolution, except for more use of surveillance. Thank you, Dick Clark, but I would rather not have you educate the public about the necessity for video surveillance. That necessity is filled with danger for us all. And it is not even so certain how effective cameras have really been in preventing and solving crimes, with certain well known exceptions. I'll not be watching the program when it airs. In the meanwhile, I hope readers of RISKS and others interested in contributing to more quality tv and curbing this attempt to glorify surveillance will contact Dick Clark Productions and NBC to let them know that we are being entertained to death. Sanford Sherizen, Data Security Systems, Natick, Mass. ------------------------------ Date: Wed Apr 07 13:45:14 1993 From: Pat Place Subject: Re: Using your company's E-mail for private ... (Zak, RISKS-14.47) states that companies have the right to control the use of their computers and can therefore limit private use for, say, E-mail. The solution is to consider E-mail access as a fringe benefit. But aren't benefits taxable, so how much should I declare to the IRS for the 437 bytes of this message? I have only counted the text and none of the header information. Pat Place prp@sei.cmu.edu ------------------------------ Date: 07 Apr 1993 15:20:54 -0400 (EDT) From: horn%temerity@leia.polaroid.com (rob horn) Subject: Re: Sound of the Fury: Sub-liminal highway monitoring... I have worked with traffic flow equations. The ones I dealt with were subject to shock waves and had some very stiff regions. In fact they are very similar to adiabatic supersonic fluid flow. I suppose one could argue that this is chaotic in the sense that I read into this comment. But they did not have strange attractors. Rob Horn horn@temerity.polaroid.com ------------------------------ Date: Thu, 8 Apr 93 19:53 EDT From: WHMurray@DOCKMASTER.NCSC.MIL Subject: Lessons from the London Ambulance Service The following line from the report on the London Ambulance Service reminded me of some early experience. >The resilience of the hardware under a full load had not been tested. In the late sixties I worked on IBM's "Advanced Administrative System." This was a very large system for its day. It was expected to have 5000 users and, at its peak, 300 developers. The system was very successful and we learned a great deal. The success of the system was due in large part to the experience of its management. Some of the management team had worked on the American Airlines Sabre System. Their experience was reflected in part by a collection of system lore, stories that were told and retold. One of the stories was about the behavior of systems under load. It recounted the conversion of the New York Reservation Center of AA to Sabre. The conversion had gone very well. The NY center was the last of many to be converted and no problems were expected. However, the NY center was also the biggest and represented the largest load. After it was converted, response time, which had been relatively short, flat, and stable, suddenly went up dramatically until the system essentially stopped. There was no plan to back off the load, i.e., de-convert from Sabre back to the manual system. It took three weeks to get the system back on line. While response time had not appeared to be sensitive to load, at some critical point the system began to spend so much time managing its queues that it did not have time to take anything off of them. The queues grew until the system fell over. The story may well be apocryphal but the lesson was valid and important and our management was very sensitive to it. William Hugh Murray, Information System Security, 49 Locust Avenue, Suite 104 New Canaan, CT 06840 1-0-ATT-0-700-WMURRAY WHMurray at DOCKMASTER.NCSC.MIL ------------------------------ Date: Thu, 8 Apr 93 12:24:47 EDT From: Joe Brennan Subject: Re: Another Mystery for the San Francisco Muni Metro > * An `automatic' speed-control system has three speeds, 10, 27, and 50 mph. > [Apparently ZERO is not considered a speed.] These three speeds are recognizable to railfans as the typical of a DC-motor system. The speeds are approximate. The speed is determined simply by the current running through the motors, which is controlled by passing the current through resistors and by feeding the current through pairs of motors in series or parallel. 50 would be full parallel, 27 (about half speed) full series. Those are the only two running speeds, and intermediate speeds are accomplished mainly by coasting, as powered running at intermediate speeds would heat up the resistors, which are meant to be used just to reach a running speed. The 10 mph speed calls for further explanation. Apparently the system uses "permissive" signalling, meaning the driver does not have to stop at red. Bear in mind that the Muni cars run in streets "by sight" where the drivers have to be trusted to run at a speed appropriate to conditions and not other hit Muni cars or automobiles on the tracks. Because of the limited sight distance in the subway, they're not given free rein as they are in the street, but are held to 10 mph or less. Running at 10 would of course require using the resistors, so what is really done is to apply power briefly and then coast. This should work if the drivers can be trusted. If the drivers cannot be trusted, they shouldn't be allowed in the street either. > The controls were thought to be `foolproof', because the car > automatically slows or stops if the operator exceeds the maximum > indicated speed. There are also impedance bonds in the tracks that > are supposed to determine whether the track ahead is clear. The signal system must include timers to detect speed, and some kind of feedback device that controls the car. The simplest, old-fashioned device is a trip, a little arm that rises from track level and hits a "trip cock" hanging from the train, and applies the emergency brake. Since this says "slows or stops" I take it something a little more electronic must be used. Likewise the signal system detects presence of a car in a section of track, that is, what's known as block signals. I believe this is also is a permissive system, where cars are allowed to approach right up to each other as long as they run dead slow, the 10 mph limit. ("Heavy" subways and mainline railroads would typically have absolute block, where a second train is not allowed at all in the same block.) > ``... was the result of the operator deliberately disabling the > safety system so that he could speed up his train, sources close to the > investigation said''. This is extremely bad, not only that the operator did it, but that he -could- do it. I doubt he has the same car every day, so he had to be able to prepare this fairly quickly. I wonder whether disabling it is meant to be done en route under some conditions? --probably not. If even one signal failed, for example, it would be safer to make everyone pass it at 10 than at any higher speed. Joe Brennan Columbia University in the City of New York brennan@columbia.edu ("affiliation shown for identification only") ------------------------------ Date: 7 Apr 93 17:35 -0600 From: "Rob Slade, DECrypt Editor, 604-984-4067" Subject: Review of "Syslaw" by Rose/Wallace BKSYSLAW.RVW 930402 PC Information Group, Inc.,. 1126 East Broadway, Winona, MN 55987 Syslaw, 2nd ed., Lance Rose and Jonathan Wallace, 1992 The introduction to "Syslaw" states that although the title implies the existence of a new kind of law relating to electronic bulletin board systems, in reality it is simply and extension of existing laws, mores and practices. In the same way, although the book states itself to be aimed at the BBS community, and particularly sysops, there is much here of interest and moment to anyone involved with sharing information through computer systems. The book also starts with a "disclaimer": the authors suggest that any significant concerns with legal affairs be taken to a lawyer. Parts of the book may give concern to experts in the specific fields: I was disappointed by the coverage of viral programs (and rather intrigued by a somewhat idiosyncratic definition of "worm"). That aside, the book is an excellent overview of the legal situation and considerations with regard to computer communications systems. Chapter one is entitled "Your rights as a sysop", although "First Amendment" (the first amendment to the American constitution deals with "free speech") arguments seem to comprise the bulk of it. Chapter two discusses contracts, and the advisability to have a formal contract so that there is an express understanding between caller and sysop. Chapter three deals with copyright and other "intellectual property" issues. Chapter four deals with "injurious materials": it is somewhat surprising that it is not more closely related with chapters eight ("Viruses and other dangerous code") and nine ("Sexually explicit material). chapters five, six and seven deal with privacy, crime directly related to BBS operation and search and seizure, respectively. All of them rely quite heavily on examination of the existing American statutes. A number of appendices are included. B through H are copies of various related American legislation: I is a list of various state computer crime laws (although the table of contents makes reference to "Sexual Exploitation of Children"). Appendix J is an annotated bibliography of sources for further study. Interestingly, for a book supposedly targeted at BBS sysops, none of the materials are cited in "online" form. Appendix A, however, is probably of greatest interest: it is a sample "caller contract"; an agreement between the "users" and "owners" of computer systems. Written in a "folksy" style, and intended as a understanding between sysops and their "members", it is still a valuable template for any organization with online information systems and general "communications" functions such as email (and, these days, voice mail). A recommendation that I would make to the authors for the third edition is to make the book less "American". On the face of it, this might seem like a strange request. Laws vary from country to country, and it is impossible to write a book covering all possible laws. However, there are many legal precepts which are common to almost all legal systems. Chapter two of "Syslaw", for example, deals with contracts. It does so in a very general way, applicable to almost all situations. Chapter one, on the other hand, deals with the "First Amendment" to the American Constitution, and is therefore of little use to anyone in any other country. Chapter three falls into the range between: it deals with copyright and other related concepts, but from an American perspective and with specific and extensive reference to American laws. Most of the book falls somewhere into the middle ranges. Most systems managers and computer operators tend to see "systems law" primarily in relation to "pirate software". Syslaw is a valuable guide in opening discussions of many related topics which are all too often either neglected, or pass over as being of little importance. copyright Robert M. Slade, 1993 BKSYSLAW.RVW 930402 ------------------------------ Date: Wed, 7 Apr 1993 13:54 EST From: "Selden E. Ball, Jr." Subject: Availability of Berne Convention (was Re: Personal letters) I don't know why they don't have a copy of the U.S. treaty agreeing to abide by the Berne Convention. The Convention itself is a bit more than 4 years old, though :-). Perhaps you've been looking in the wrong place? At any rate, as a member of the information elite, the text of the Berne Convention is readily available to you. The following was clipped from a file available from the gopher server run by Cornell's Law School (fatty.law.cornell.edu). It is one of the historical documents provided to them by the Fletcher School of Law and Diplomacy, Tufts University. I assume that the first line refers to a UN publication series. You might want to check to see if the Copyright Office carries that. Presumably the Library of Congress does. For further information, contact: Peter H. Stott, Fletcher School of Law and Diplomacy/ Urban and Environmental Policy, Tufts University 97 Talbot Avenue Medford MA 02155 pstott@pearl.tufts.edu pstott@igc.apc.org I hope this helps. Selden Ball seb@lns61.tn.cornell.edu - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - U.N.T.S. No. 11850, vol. 828, pp. 221-293 BERNE CONVENTION FOR THE PROTECTION OF LITERARY AND ARTISTIC WORKS OF SEPTEMBER 9, 1886, COMPLETED AT PARIS ON MAY 4, 1896, REVISED AT BERLIN ON NOVEMBER 13, 1908, COMPLETED AT BERNE ON MARCH 20, 1914, REVISED AT ROME ON JUNE 2, 1928, REVISED AT BRUSSELS ON JUNE 26, 1948, AND REVISED AT STOCKHOLM ON JULY 14, 1967; and PROTOCOL REGARDING DEVELOPING COUNTRIES [remainder of document omitted ;-) ] ------------------------------ Date: Wed, 7 Apr 1993 19:41:35 GMT From: mnemonic@eff.org (Mike Godwin) Subject: Re: Berne Convention (Robinson, RISKS-14.47) Paul Robinson writes: >On < Mon, 29 Mar 1993 13:24:37 (PST) > In Comp Privacy 2-11, >Steven Hodas > >> If I send a personal letter to someone do they have the right to >> disclose it to others without my consent? > >No. The Copyright act of 1978 and later amendments gave statutory >protection at the federal level for the first time to unpublished works. To a lawyer like me, this doesn't sound right. True, copyright protection extends to unpublished works, and, since the U.S. became signatory to the Berne Convention, to unregistered unpublished works. But this has not yet been interpreted to mean that the recipient of a letter cannot *disclose* it without the author's permission--only that the recipient cannot *publish* it. Now, in this medium the distinction between between disclosure and publication is a lot muddier than it is elsewhere, but it seems likely to me that the mere disclosure of e-mail by a recipient is not going to lead to copyright-infringement case unless the recipient takes money for disclosing it. The normal measure of damages in a copyright action is based on the amount of lost profits to the author and/or the amount of profits earned by the publisher. Statutory damages require that the author register the letter with the Copyright Office. If someone sent me flaming e-mail, and I felt like reposting it to the Net, I certainly wouldn't hesitate for fear of an infringement lawsuit. (I'd hesitate because I think it's bad manners, but that's about it.) >> If it is permitted doesn't that suggest that we have greater privacy >> protection for electronic communication because the ECPA would prohibit >> that kind of disclosure? > >I think you are confusing things. The ECPA gives to Electronic mail the >same protections which are available for telephone conversations - the >protection against interception by third parties or the use of intercepted >E-Mail by law enforcement personnel without a warrant, i.e. what the laws >against wiretapping and recording of telephone calls, the ECPA provides to >the same extent to E-Mail. ECPA explicitly does not prohibit recipients from disclosing the contents of their communications. Sadly, ECPA also does not provide any protection against "the use of intercepted E-Mail by law enforcement personnel without a warrant." An attempt to exclude illegally seized e-mail would have to be based solely on the Fourth Amendment (a slim reed, IMHO). >... there are no formalities or requirements of notification in order for >a work to obtain copyright protection. Not quite true. As I understand the current Copyright Act, statutory damages, for example, still require registration of copyright. Mike Godwin, EFF, Cambridge mnemonic@eff.org (617) 576-4510 ------------------------------ Date: Wed, 7 Apr 93 16:26:08 EDT From: Jerry Leichter Subject: Berne convention (Robinson, RISKS-14.47) [Paul's message] is a mix of truth and irrelevancies. I checked with a friend who is an intellectual properly lawyer, and he looked in one of the standard books on copyright protection (Zimmer). However, the following is MY GLOSS on rather complex (and not completely settled) area of law. It is true that under the Berne convention copyright notices are optional. This is not a big a change as you might think: Under common-law copyright, they were always optional *until publication*. If someone stole an unpublished work - say, a program sitting in someone's account - and posted it on a bulletin board, copyright protection would still apply, and the original author could come after, not just the person who stole the work, but any party who made a copy from the bulletin board. There would be a difference in what the copyright owner could come after the various parties *for*, however. He could go for major damages against the thief, but someone who copied the program off the bulletin board could claim that they were an innocent infringer who had no way of knowing the material was protected by copyright. If successful in that claim, about all that could happen would be that the innocent infringer would be required to return or destroy all copies of the material. Berne changed nothing in this scenario, EXCEPT that the same rights now apply even if the ORIGINAL AUTHOR published the material without a copyright notice. The "innocent infringer" defense is still available. Under Berne, the main effect of INCLUDING a copyright notice - and the authorities on the subject strong recommend that you do - is that it absolutely blocks any attempt at an "innocent infringer" defense. (Of course, if a thief removed the copyright notice and passed the material on to someone who had no reason to suspect that the copyright was claimed on the material, that's another story - just as someone who buys a car from a used car dealer cannot be charged with theft (or even, generally, made to return the car) if it turns out to have been stolen. Buy the same car from some guy in the street who claims to have "lost" the paperwork and you will be treated very differently.) Mr. Robinson's mention of "licensing" is irrelevant. There is no such thing as licensing in copyright law, which has to do with copying. It is pretty well established that RUNNING a program does not constitute copying it, any more than reading a book constitutes copying it into your brain cells. (There were attempts early on to claim that running a program was like performing a piece of music, but that theory didn't make much sense and went nowhere. If it had, you would have had to receive a "right to copy" of some bizarre limited sort every time you bought a program. The closest analogy now made is that running a program is like playing a recording - permission of the copyright owner is needed to MAKE the recording, but anyone can PLAY the recording as many times as they like, at least for themselves.) As for the damages, if you are an innocent infringer, you are not liable for any. Of course, you'd better be damn sure of your "innocent infringer" status. If you got the program off a pirate bulletin board that specializes in stolen software, you could be in trouble, copyright notice or no. Stepping back a bit to look at the ethical issues, I find Mr. Robinson's whole approach most disturbing. I was brought up under the injunction that one should not use someone else's property without permission. If I don't have good reason to believe something is in the public domain, I won't use it without permission. It doesn't matter if the author has gone to the trouble of attaching a legal copyright notice: *The stuff isn't mine.* The law generally takes as its basis this same moral stand. I don't need to put a sign a my car to tell others that I claim it as mine. Even if I leave it running, with the keys in it, you have no right to use it. If you want to use it, ask me. For whatever historical reasons in the United States, copyright law has required notice. Trespassing requires notice, too, but that's because in unmarked countryside it's difficult for anyone to know where the boundaries are: If you want to keep people off your land, you have to make it clear where your land starts. You don't need to put a "No trespassing" sign on your front door to tell people to stay out of your house. The Berne convention simply recognizes that it's simple to tell when you are using someone else's words, music - or computer program. There's no ambiguity about it. So why should advance notice be required? If you want to use the fruit of someone else's work, simple morality says you should get permission - whether blanket permission in the form of a release to the public domain on the work itself, or specific, personal permission. If that inconveniences you, well, just what makes YOUR time and effort so damned important when SOMEONE ELSE did the work? -- Jerry ------------------------------ End of RISKS-FORUM Digest 14.49 ************************