Subject: RISKS DIGEST 15.51 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thus 10 February 1994 Volume 15 : Issue 51 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: FLASH: Vice President Gore Questions Current Key Escrow Policy! (Stanton McCandlish) CMU elections suspended due to computer problems (Declan B. McCullagh) TCAS blamed for near collision over Portland (Lauren Wiener) Pacific Bell Customers Get Unpleasant Messages (Lin Zucconi) Two recent UK tales: Gas payment notices; info network problem (Peter Ladkin) FBI falsely obtained wiretap in KC (Paul) Re: "Misunderstanding" a CERT advisory (Espen Andersen) Re: Altered White House Docs (A. Padgett Peterson, Pete Mellor, Jim Hoover) About Computer Software and Patents (Paul Robinson) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: 10 Feb 1994 17:55:25 -0600 From: mech@eff.org (Stanton McCandlish) Subject: FLASH: Vice President Gore Questions Current Key Escrow Policy! National Information Infrastructure Advisory Committee met today in Washington at the Old Executive Office Building. In comments made after a question and answer period, Vice President Al Gore said that key escrow policy announced last Friday (4 Feb 1994) had serious flaws and that he hope the issue of who holds the keys and under what terms would be given more serious, careful consideration. Gore made it clear that some amount of control of cryptography technology was necessary for national security. However, the key escrow policies announced by the Departments of Justice, Commerce & State, and the NSA, were "low level decisions" that got out before thorough analysis. In a conversation with Mitchell Kapor, Esther Dyson, and Mike Nelson (of the White House Staff), Gore said that he would prefer that the keys be held by some part of the Judiciary branch, or perhaps even by trusted, private escrow agents. He made it clear that he believed that the escrow agents named in last Friday's announcement (National Institute of Standards & Technology and the Treasure Department) were no appropriate key holders. Mike Nelson also indicated that there was real interest in a software-based escrow system instead of the hardware-based SKIPJACK standard Those of us who heard Gore were quite surprised. His remarks suggest that the key escrow policies to date do not have full support of the White House. Still, Gore was quite firm in asserting that some control of encryption technology is essential to national security. "Encryption and codebreaking have determined the outcome of world wars. He stated (incorrectly) that most our industrialized allies place must stricter controls in encryption that the US does. In fact, almost all COCOM countries allow the export of DES-based products, though some do not allow DES to be imported. The whole question of encryption was raised when Mitchell Kapor told the Vice President that over half of the Advisory Council members had serious reservations about the current Clipper/Skipjack policies. Gore and Kapor agreed that the Advisory Council should be used to have a serious dialogue about encryption policy. Given Gore's departure from the current Clipper proposals, there might actually be something to talk about. ========== NOTE: This DOES NOT mean that Clipper is going away. Part of stopping Clipper is to lift export controls on encryption and enable US companies to start producing products that enable all of us to protect our privacy with strong encryption. I urge you to write to Rep. Cantwell today at cantwell@eff.org. In the Subject header of your message, type "I support HR 3627." In the body of your message, express your reasons for supporting the bill. EFF will deliver printouts of all letters to Rep. Cantwell. With a strong showing of support from the Net community, Rep. Cantwell can tell her colleagues on Capitol Hill that encryption is not only an industry concern, but also a grassroots issue. *Again: remember to put "I support HR 3627" in your Subject header.* [For more info on the Cantwell bill, see Stanton's contribution in RISKS-15.47. I have deleted a lengthy repetition here. There is as yet no response from Stanton on Jon Leech's question in RISKS-15.50 on the address cantwell@eff.org. It is presumably NOT Cantwell's. PGN] Daniel J. Weitzner, Senior Staff Counsel 202-347-5400 (v) Stanton McCandlish Electronic Frontier Foundation 1001 G St, NW Suite 950 East Washington, DC 20001 202-393-5509 (f) ------------------------------ Date: Wed, 9 Feb 1994 23:33:03 -0500 (EST) From: "Declan B. McCullagh" Subject: CMU elections suspended due to computer problems Carnegie Mellon University is known around the world as a technological innovator. To a great extent, this also makes our entire university dependent on technology to function efficiently. Our reliance on computers and computer networks was made clear earlier today when the results of the student government elections -- for the first time in the history of the school -- could not be validated because a computer system with the master list of eligible students was offline. As might be expected, the ill-timed computer failure upset quite a few people who wanted to know the results, for this election marked the culmination of a drawn-out dispute between graduate and undergraduate students, who had planned to settle their difficulties at the ballot box. But the results can't be completely counted until the SIS (Student Information System) verifies that all the candidates -- and suspect voters -- have paid their bills this semester. We're hoping that it's going to be back up tomorrow... Declan McCullagh Student Govt Treasurer (fortunately, not up for re-election) ------------------------------ Date: Wed, 09 Feb 94 21:11:19 -0800 From: Lauren Wiener Subject: TCAS blamed for near collision over Portland >From the _Oregonian_, Sat. Feb. 5, 1994, p. B1, B3: Near collision at PDX prompts investigation Two commercial airplanes carrying 113 people nearly collided in flight near Portland Thursday afternoon, prompting an FAA investigation into whether an on-board warning system put the planes on a collision course. The pilot of Alaska Airlines flight 548 saw the Horizon Airlines Dash-8 out his window and later estimated it flew within three-fourths to one mile of his plane. [...deleted paragraph about standard minimum separation of 3 miles...] The Alaska MD-80 carried 80 passengers and five crew members; the Horizon Dash-8 had 25 passengers and 3 crew. The incident happened at 2:38 PM Thursday and involved the Alaska flight taking off from Portland International Airport and Horizon Airlines Flight 2215 from Spokane, which was on its descent for landing. Dick Meyer, a spokesman for the Federal Aviation Administration in Seattle, said the Alaska flight was climbing at a normal rate of speed when each plane's Traffic Collision Avoidance System warned of the possibility of collision. The planes were at between 9,000 and 10,000 feet elevation and 12 to 13 miles northeast of Portland when the collision alert was sounded. The warning system, also known as TCAS, is a computerized warning system now onboard every commercial flight in the United States. It uses radio signals emitted by each plane to determine whether there are other aircraft that are approaching a plane's course. If there are, TCAS sends out a "resolution advisory" consisting of a visual signal and audible warnings telling the pilot to either climb or descend. Meyer said the Horizon was at 10,000 feet and preparing to descend. The Alaska flight was climbing to 9,000 feet when the TCAS system on both planes went off. "The Horizon flight that was coming in received a TCAS alert that told it to descend. The Alaska plane was climbing at its normal rate and got a TCAS alert that told it to climb," Meyer said. Meyer said the Horizon pilot began dropping to 9,000 feet and radioed air traffic control. The controller, realizing there was a plane coming up to that altitude, got both pilots on the radio and ordered the Horizon flight "to climb and maintain separation," Meyer added. The two planes eventually flew within less than a mile of each other at the same elevation. "It was the response to the TCAS alerts that caused them to come closer than they should," Meyer said. Meyer said the Alaska pilot filed a near midair collision report with the FAA. Meyer said the incident was being investigated by the FAA and its TCAS program manager in Washington, D.C. Ted Blahnik, Horizon's chief pilot, said he didn't think the Thursday incident demonstrated any problems with TCAS. "This is not a glitch," he said. "This thing operated exactly as designed. [!! My *favorite* line!!] The guy who really went into stress mode was the air traffic controller." TCAS has been on most commercial planes for the past several years. It's been required on all U.S. flights carrying more than 30 passengers since Dec. 30. Air traffic controllers have been critical of TCAS, saying it is prone to warn pilots of phantom planes and order them to fly into the paths of nearby aircraft. The National Air Traffic Controllers Association has complained repeatedly about TCAS warnings in busy air space near airports. Controllers have contended that the devices tend to erode the margin of safety because pilots tend to adhere to the warning system rather than rely on the controller's directions. The association reported in 1992 that about 63% of the TCAS warnings from May 1991 to July 1992 were invalid. Groups representing airline pilots, however, favor the system. They testified before Congress in 1991 that TCAS was a "giant step forward" in preventing flight collisions. The FAA in May 1991 ordered that some of the TCAS devices on commercial airlines be removed temporarily because they were reporting false alarms. Technical improvements were made since then, and Meyer said that more improvements would be in place by the end of the year "that would make TCAS readings...more definitive." TCAS systems will be required on all planes carrying 10 passengers or more by 9 Feb 1995. ------------------------------ Date: 10 Feb 1994 09:03:15 U From: "Lin Zucconi" Subject: Pacific Bell Customers Get Unpleasant Messages Pacific Bell customers get messages on voice mail that they'd rather not hear Valley Times (Livermore Valley area), 10 Feb 1994 Electronic hackers have been intruding in to the Pacific Bell voice mail service. "The hackers have broken into the system, altering message greetings and changing passwords, which can keep legitimate users out of their mailbox." Pacific Bell spokeswoman Sandy Hale said that it is a rare occurrence. Patrice Papalus Director of the San Francisco-based Computer Security Institute said "Telecommunications, computer and switchboard fraud is on the increase...Breaking into voice mail is really common." The article went on to say that two teenagers who were infuriated because they didn't receive a free computer game poster in a magazine promotion broke into IDG's voice-mail system and distributed obscene messages and greetings to female employees. In some cases, customers couldn't get through. "The violations are unauthorized use of telephone services and a computer crime," said Joe Cancilla, an Asst. V.P. of external affairs with Pac Bell. Etc. Lin Zucconi zucconi@llnl.gov ------------------------------ Date: 10 Feb 94 21:32:59 GMT (Thu) From: Dr Peter B Ladkin Subject: Two recent UK tales: Gas payment notices; info network problem The Independent newspaper for Tuesday 11 Jan 94, p6 reports that a "Computer upsets 15,000 gas customers". Apparently, 15,000 paid-up customers in British Gas's south-eastern regional area got notices warning that their payments were not up to date, and asking for payment. They complained, and British Gas is sending out apology letters "at a cost of several thousand pounds". The process is automated and "at no stage before posting is any human check made on whether the machine is mistaken." British Gas said that "faulty programming is to blame". (These two last sentences were adjacent. The journalist, Nicholas Schoon, obviously didn't fall for the "dog ate my homework" tale fed him by BG.) The Independent newspaper for Thursday 10 Feb 94, p2, reports that "Computer flop cost taxpayers \pounds 59m". The system was to provide an `information network' for the department's Training and Enterprise Councils. The article is a little hazy on details that would enlighten RISKS readers, but mentions a highly negative report on the system by the Commons Public Accounts Committee. (The Commons is the British lower House of Parliament, i.e. the significant part of the governing body of Britain.) Noone bothered to "test a pilot scheme" to see if things worked. The "info network" cost \pounds 48m, and the department had spent \pounds 11m by Sept 92 on 200 management consultants to help with it, despite planning only \pounds 1.3m for this in 1989. But it's really hard to tell from the article how much of this was a computer system that cost too much and didn't fill expectations, and how much was simply bad management. Peter Ladkin ------------------------------ Date: 9 Feb 94 06:46:21 CST From: paul@kuhub.cc.ukans.edu Subject: FBI falsely obtained wiretap in KC Newsgroups: alt.privacy Quotes from Chief U.S. Magistrate Judge John T. Maughmer regarding FBI wiretaps in a case against now deceased Kansas City financier Frank Morgan: "...disturbing pattern of material misstatements, overstatements, and omissions" in the government affidavit seeking court permission to wiretap Frank Morgan's office. "The conduct of the FBI...rises to such a level of recklessness as to mandate suppression" of the evidence obtained through the wiretap. The judge's comments were included in the 9 Feb 1994 Kansas City Star. ------------------------------ Date: 10 Feb 1994 08:05:36 -0400 (EDT) From: ESPEN ANDERSEN Subject: Re: "Misunderstanding" a CERT advisory >Expect journalistic exaggeration. I can't resist: In 1982 (I think) a Polish climbing team had a fatal accident in the Troll wall ("Trollveggen") in Norway. In the serious Oslo morning paper the climbers were reported to have fallen 600 meters to their deaths. In the liberal afternoon paper, the fall was 800 meters. In the sensational afternoon paper, the figure was 1200 meters. "Trollveggen" is approximately 1000 meters high. Espen Andersen (eandersen@hbs.harvard.edu) ------------------------------ Date: Thu, 10 Feb 94 16:37:33 -0500 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Re: Altered White House Documents (nothing new?) It was my understanding that politicians have a "right of revision" to anything that is placed in the Congressional Record such that if they happen to say something in a speech that is later judged to have been "incorrect", the error can be corrected before it goes into the Record. As a result, it appears that there need not be any correlation between what is said "for the Record" and what actually appears there. So why should we be surprised if the same executive privilege is extended to Whitehouse.gov ? Padgett ------------------------------ Date: Thu, 10 Feb 94 12:21:13 GMT From: Pete Mellor Subject: Re: Altered White House Documents (Firth, RISKS-15.47) > The relevant quote came to mind immediately: > > "He who controls the past controls the future." My recollection of the intended quotation (from George Orwell's "1984") is:- "He who controls the past controls the present. He who controls the present controls the future." (I haven't looked it up in the book, so my recollection may be inaccurate, too!) Readers may recall that this was the slogan of the "Ministry of Truth" (which was in charge of lies and propaganda) where the hero, Winston Smith, was employed to doctor public archives according to the latest political line which the Party had decreed was the current infallible and unchangeable version of the "truth". Winston's work was demanding and creative. He would receive old issues of newspapers, which landed on is desk via a delivery spout, and rewrite any articles or news items which did not conform. Where this was not possible, he had to take an item out altogether, and replace it with a suitably anodyne item which he had to concoct on the spot. He would then pop the "incorrect" version into a chute which led directly to the furnace. Orwell once remarked that what he feared most was "Ghengis Khan with a telegraph". With Stalin, he got more-or-less that. Even Orwell's imagination could not foresee the possibilities for manipulating the "truth" which the advent of the computer has opened up, and the capabilities of electronic communication. Orwell was also concerned about the decay of language. The Party was in favour of "Newspeak", a language in which it was impossible to express a politically incorrect thought. At its best, this would become "duck-speak", the articulation of sounds in the throat without the involvement of the higher centres of the brain. (Remind you of any political speeches you've heard recently? :-) However, that is a separate concern. "Orwell, thou shouldst be living at this hour!" Peter Mellor, Centre for Software Reliability, City University, Northampton Sq, London EC1V 0HB Tel: +44 (71) 477-8422, p.mellor@csr.city.ac.uk ------------------------------ Date: Thu, 10 Feb 1994 17:15:54 -0700 From: Jim Hoover Subject: Re: Controlling the future (Altered White House documents) The quote by firth@SEI.CMU.EDU reminds me of a Polish saying from the Communist era: "Only the future is certain, the past is always changing." Prof. Jim Hoover, Dept. of Computing Science, University of Alberta Edmonton, Alberta, Canada T6G 2H1 hoover@cs.ualberta.ca +1 403 492 5401 or 5290 ------------------------------ Date: Thu, 10 Feb 1994 00:59:30 -0500 (EST) From: Paul Robinson Subject: About Computer Software and Patents The following represents the text I will be reading at the Patent Office hearing on the relationship between computer software and patent issues, Crystal City, Virginia, 9:15am February 10. This text has been edited to allow me to fit it, and possible questions, into an 11 minute space. This is a short portion of my remarks on the matter. This will be part of a complete comment on the Federal Register text. My comment will be posted to the Internet once completed. -------------------------------------------- Good Morning Commissioner Lehman, Mr. Kushan, the staff here, members of the audience, people reading this report in the future and anyone else I've forgotten. My name is Paul Robinson. I am Chief Programmer for Tansin A. Darcos & Company, a software development firm specializing in text processing applications; I also do work on Commercial Philosophy and metaphysics of computer systems. My special interest and my personal hobby is collecting compiler and other program sources. My reasons for this are that these all solve problems. By reading the manner and method other people have solved other problems, it gives me insight into how to solve mine. This is a common practice in the computer world in order to, as the expression goes, "Not reinvent the wheel." I assume this is common in other industries. In fact, this is most likely the reason that we have a patent system; someone is granted the exclusive right over commercial use of an invention for a limited term in exchange for telling the world about it. For most computers, every application such as word processing or spreadsheets has at least two and possibly three or more different applications fighting for market share. The fights in this industry are usually referred to by the expression "Dinosaur mating dances" as huge companies fight for market share by releasing new programs to introduce new features that the companies believe the customers want. Version 3 of Turbo Pascal was an excellent language compiler and less than 40K. Version 4 would fit on one 360K diskette. Today, Turbo Pascal for Windows version 1.5 takes 14,000K of disk space. The program that is probably the premiere application for graphics design is Corel Draw!, which has so much material it is now being released on not one, but two 500 megabyte CD-Rom disks. But there are probably still niches for smaller companies to move into. With the rapid changes in the marketplace, it is necessary to be ready to have new programs and new releases of old programs out to encourage people to move to the next release. In some cases, companies make more money from upgrades, and need to do so to stay alive. These kind of cycles mean new releases have to be out very quickly; in a matter of weeks to months. With this kind of rapid development cycle, delays in the release of a program could be fatal and the time available to create the work is sometimes barely enough. Until recently, the only legal issue that anyone had to worry about was copyright infringement. That could be avoided by creating new work from scratch. Now we have another issue altogether. A programmer can independently create something without ever knowing about any other developments, and yet be sabotaged by the discovery that the method that they used is patented. This is a standard problem that all industries have had to face, and it is part and parcel of living in an industrial society. But there is another problem. A computer program is the written instructions by a human being to tell a computer how to perform a particular task. As such, there are only two parameters: the input supplied to the program and the expected output. Everything else is literally a figment of someone's imagination. This bears clarification. A computer program is the means of manipulating the internal data paths of a computer system. There is no requirement that the manipulations have any correspondence to the real world. In this, the real world, doing anything requires the expensive movement of people and goods from one point to another, the possible refinement of materials into other materials, and the expenditure of energy and resources. Doing anything in a computer is merely the essentially cost-free movement of electron paths from one direction to another; it brings forth the apportation of the concepts of the madman Imanuel Kant into reality: a world in which anything is possible: - We can see this in the current discussions going on about violent computer games where someone goes about maiming, shredding and killing their opponents, in graphic detail, then when the game is over, nothing in the real world has changed except the clock. One of my favorites happens to be the game "DOOM" where the weapon of choice is a 12-gauge shotgun, but a chainsaw does a nice job on people close to you. - We have seen it in motion pictures such as "Total Recall", where, if one is acting within a part of a computer program, you cannot be certain what is real or what is fantasy. The movie "Brainstorm" had simulations of sexual contact apparently indistinguishable from reality. There are things that can be done within a computer program that cannot be done in the real world, or would have undesirable consequences. As such, we should ask whether the patent rules, which are designed to apply to real-world conditions where doing something requires the expenditure of energy and resources, should apply in a world where the known rules of the universe do not apply. Because the entire design starts from scratch, and the designer doesn't just get to play God, he is<\italic> God. Despite the ease under which someone can do something, we still live under real-world constraints. Once a design choice is made, it is very expensive in time and effort to change it. Worse, because most programs have interactions that cover every part, a change to one part can cause unexpected and even undesirable side effects in unknown and unexpected places. Computer programs may be "the stuff that dreams are made of" but once placed into concrete form as written in software instructions, it's just as expensive to repair or change as if it was carved out of real materials. It may be necessary to change the rules on patents to comply with the conditions that exist for computer programs. There has been talk of instituting "first to file" in order to "harmonize" with the systems in other countries; I think that is not a good choice; most countries have fewer patents, and provide protection which is much narrower than our system does. This would also mean that someone who does invent a new and useful technique for use in a computer application would be unable to collect any royalties from someone else who is using the same invention, who thought of it after they did, but started using it before they filed. The two really large problems that exist in our system are probably two part: the secrecy under which patent applications are filed, and the problems if a program uses parts of several patents, which might not be discovered until later. As I mentioned earlier, computer programs are created out of the figment of someone's imagination, then mass copied, the way an original painting can be reproduced by lithograph. A single large application might have a dozen people working on it, and upwards of 50 different features, and might have upwards of 200 or more different parts, any one of those might be infringing on zero, one or more patents depending on what the claims are. I doubt seriously that all but the largest corporations have the resources to do 200 patent searches on a single software application, which would be prohibitive for a small company, because it is likely that a large program could infringe dozens of patents, due to the continued development of ever larger applications that do multiple simultaneous functions. But more than that, you can't do patent searches on works which are under application form, until after the patent has been issued. And more importantly, with more than 1,200 patents issued every week, checking them all for possible interconnection would make it impossible to do any serious work. Seventy years ago, fears that the major piano player manufacturer would tie up the entire song market and prevent other companies from creating player piano rolls caused Congress to institute compulsory licensing. This may be an idea whose time has come again. Therefore it might be considered to make two changes in the patent law with respect to computer programs: to implement a standard compulsory license, perhaps 10 percent of the manufacturer's suggested list price, and to eliminate secrecy provisions in the filing of patent applications. Either of these could certainly help the situation. Eliminating secrecy and publishing applications once filed would let people know about pending inventions: they could endeavor to avoid infringements in advance; it might also allow them to file interferences early, if it turns out that they invented the concept earlier, while it is cheap to do so; and would allow people to be aware of what is being developed which would comply with Article 1, Section 8 of the Constitution, where patent protection was designed "to encourage the improvement of the useful arts". The other option of setting a standard royalty via compulsory license would eliminate the worries of someone infringing upon an existing patent or one that is filed after their work is created. It would also grant to inventors an income stream from those who use their inventions, which started before they filed their application but after they reduced the invention to practice. It would also limit liability and exposure to sustainable limits. As it stands, if someone develops a program that infringes upon 40 patents, and they each want a 3% royalty, it isn't hard to see that 120% of the program's income is not going to be possible. Paul Robinson - Paul@TDR.COM ------------------------------ Date: ongoing From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. PLEASE read it as a newsgroup if possible and convenient for you. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. CONTRIBUTIONS to risks@csl.sri.com, with appropriate, substantive "Subject:" line; others may be ignored! Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially .UUCP folks. If you cannot read RISKS locally as a newsgroup (e.g., comp.risks), or you need help, send requests to risks-request@csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS"; UNSUBSCRIBE RISKS if needed. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousYourName CD RISKS:GET RISKS-i.j" (where i=1 to 15, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is vital. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ------------------------------ End of RISKS-FORUM Digest 15.51 ************************