Subject: RISKS DIGEST 15.57 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 22 February 1994 Volume 15 : Issue 57 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Extra line in Chemical Bank program doubles ATM withdrawals (John Sullivan) What else happens when the airbag in your car is detonated? (William Caloccia) SimHealth (Mike Zehr) Risks of "doing it right" (David Wittenberg) The ultimate couch potato (Bruce Balden) Telephone Card Audit Trails (F.Baube[tm]) E-Mail Courtesy (Dan Yurman, Peter Cherna, Greg J B) E-mail to Bill (Aaron Barnhart) CompuServe Offers Credit Info (John Murray) Electronic Food Stamps (LoQuan Seh) Re: YAMIC [Yet Another Mistaken Identity Case] (Bryan J Dawson) John Perry Barlow WiReD article on Clipper (Martin Minow) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Sat, 19 Feb 94 19:55:58 PST From: sullivan@msri.org (John Sullivan) Subject: Extra line in Chemical Bank program doubles ATM withdrawals An extra line meant to be "dormant" for now caused Chemical Bank to deduct twice any amount its customers withdrew from ATM machines Tuesday night and Wednesday. However, they received praise from the state consumer board for their prompt and open response to the problem. My information comes from articles in The New York Times, 18 Feb 1994, p. A1 and 19 Feb 1994, p. C1. The new line of code was part of a year-long effort to add functionality to ATM machines. It sent a copy of the ATM withdrawal to a different computer system (the one that handles paper checks), which then deducted the money a second time. This second system is only run overnight, so the problem was not detected until Thursday morning. About 430 checks were bounced incorrectly as a result, but Chemical contacted the customers affected, and offered to pay any charges they incur, or write letters of explanation to the recipients of the checks. The NY state consumer board has also asked them to refund any fees for the ATM transactions which were completed incorrectly. There were about 150k ATM transactions incorrectly doubled, amounting to $15M. (Last year in the US there were 7G ATM transactions averaging $50, according to The NYT article.) Steven Bloom, who runs a consulting firm in NJ said: "There are similar episodes that take place all the time, but we never hear about them because the bank is able to get the accounts straight before it opens its doors in the morning. The problem in this case is the ATM system is highly visible and runs 24 hours a day, seven days a week." -John Sullivan@geom.umn.edu [Also noted by Linn H. Stanton , Mark Bergman , Jeremy Epstein , "Greg D." , and PGN. I took John's version because his version was the most Digest-able, although not entirely consistent with the others. Further sources included the following clips:] In one of the biggest computer errors in banking history, Chemical Bank mistakenly deducted about $15 million from more than 100,000 customers' accounts on Tuesday night, causing panic and consternation among its customers around the New York area. The mistake affected 150,000 transactions from Tuesday night through Wednesday afternoon. Some checks were bounced Thursday morning as a result, although the bank said the number was small. [The New York Times, Friday 18 Feb 1994] Millions of dollars vanished from New Yorkers' bank balances Wednesday, when a computer deducted $2 from accounts for every $1 withdrawn from automated teller machines." [...] Sean Kennedy, president of the Electronic Funds Transfer Association (a trade group) said "I'm beginning to learn that it does happen from time to time [and] usually it's a software error". [The Washington Post, 18 Feb 1994, from Jeremy Epstein]] Customers stormed into Chemical Banking Corp's branch offices to complain of empty accounts and bounced cheques after a computer glitch affected at least 70,000 of the bank's approximately one million customers. [The Financial Post, a Canadian business paper, from Greg D.] ------------------------------ Date: Thu, 17 Feb 94 17:25:49 -0500 From: William Caloccia Subject: What (else) happens when the airbag in your car is detonated ? [Autoweek 7 Feb. 1994] A British Ford dealer set out to impress potential purchasers with the burglar-proof features of the new Ford Mondeo by staging a break-in in his showroom. As a room full of potential customers watched, the hired thief walked up to the front of the car and gave it a swift kick in the bumper, near the airbag sensor. The bag inflated, AND the central locking system disengaged. The thief then opened the door, quickly broke the steering column lock, hot-wired the ignition and started the car. News spread quickly, and copycat incidents have followed. Autoweek says "Sales of The Club should increase." Historical Anecdote: Word from friends in MoTown, was that when Ford was testing the very first airbags in Police cars, the fuel cut-off relay would also be triggered by the same impact sensing circuit. Street-wise evaders found this out and they would tap the bumper to trigger the airbag if the cops were too close in pursuit, disabling the vehicle. (This also may have been how Ford was able to guarantee the ability to inspect the vehicle after the bags were deployed, as it was a testing situation.) --Bill caloccia@Team.Net caloccia@Stratus.Com [The first item was also noted by Chip Olson. PGN] ------------------------------ Date: Wed, 16 Feb 94 14:12:22 EST From: mikez@kenan.com (Mike Zehr) Subject: SimHealth Maxis Business Simulations, the creators of SimCity, have a new product called "SimHealth." The program is a simulation of a health care system, incorporating features from the new Clinton (US) health care proposal and other plans dating back to Truman (US president from a number of years ago). The other Maxis products are sold as games, and I imagine this one is sold that way too, but the February issue of CIO describe it as "to help the public better understand the complicated issues that underlie the nation's health-care debate." Furthermore, they attribute Maxis as "envision[ing] SimHealth being used by a wide range of concerned citizens to evaluate current policy and new proposals." The obvious risk is a public that expects a certain policy to work because it works in SimHealth. (Admittedly it is juse a game. But in addition to the benefits simulations give, there is always the danger that too much trust will be put in a simulation, or that the beliefs of the simulation developers will be giving too much credence after being filter through a computer.) michael j zehr sr. software engineer kenan systems corporation ------------------------------ Date: Tue, 22 Feb 1994 14:38:56 -0500 (EST) From: David Wittenberg Subject: Risks of "doing it right" >From "The New York Times Magazine" February 13, 1994: "It's a thin plastic card that will completely change the way you pay fares on New York City's subway and buses. No more searching for tokens in pockets or purses. Metrocard is convenient to carry and easy to use." So says the M.T.A. [Metropolitan Transit Authority] in its brochure on the new Metrocard, which can be obtained in several denominations and used instead of tokens in a number of subway stations. But -- and there's always a but -- should any problems arise, then, in the dim light in the wee hours at Grand Army Plaza, follow these instructions: "... Try it again and check the turnstile display to see what it says. If the card still doesn't work, try another turnstile. If the second turnstile doesn't let you enter, see what the Metrocard Reader near the turnstile says when you swipe the card there. If the information displayed on the Reader doesn't explain the problem, ask the clerk at the Metrocard window in the token booth for assistance." [description of what conditions the clerk can fix - often the clerk can give you a replacement immediately, when to mail the card in for a replacement, and addresses and phone numbers for assistance] [The Times adds this comment:] Meanwhile, carry spare tokens. Here the MTA has apparently done a good job of identifying likely problems, and providing solutions. They've explained what to do, and what they can do if something doesn't work. (I don't know the details, so I don't know if they have identified the right set of problems, but they've done a much better job than most new installations of card readers.) The language is slightly technical (In particular is "swipe" widely used?) but the directions for trouble shooting are quite clear. What do they get for their care? A cheap shot from the Times. Had they just said "the Metrocard will work perfectly" (as many places have), RISKS readers would smirk, but the Times would probably not have commented. As we've gotten more cynical about computerized systems, we've made it harder for the organizations which do plan for problems to get credit for their forethought. A week later (Feb. 21), the Times had an article saying that distribution of the first 40,000 cards went smoothly. Perhaps the MTA really has done a good job. --David Wittenberg dkw@cs.brandeis.edu ------------------------------ Date: Sun, 20 Feb 1994 23:17:27 -0800 (PST) From: balden@wimsey.com (Bruce Balden) Subject: The ultimate couch potato Recently, I heard the Chairman of Sun Microsystems on California Commonwealth, a Bay-area radio program, lampooning the National Information Infrastructure (aka information superhighway), and in particular lambasting its vision of doing everything at home. In his view, this would lead to birth of the ultimate couch potato. Those interested in the risks of computing should contemplate the following notion: is it possible to make communications too effective? When I heard Scott McNealy give his comments, my mind went back to a story by E.M.Forster, called The Machine Stops. This story, written before WWI, imagines a world where the NII is in place but the rest of the world has gone to hell, quite literally, and everybody has degenerated into couch potatoes. This, they imagine, is paradise until the Machine stops! Merchant and Ivory have had such a great time and made a lot of money turning other Forster stories into movies (Passage to India, Howard's End, A Room With a View). I think they should look this one over too. Should make quite a thriller. Bruce Balden Wimsey Information Services balden@wimsey.com ------------------------------ Date: Sat, 19 Feb 94 0:50:16 EET From: flb@flb.optiplan.fi (F.Baube[tm]) Subject: Telephone Card Audit Trails Here in Turku Finland one can make calls from pay phones using prepaid cards issued by the city phone company, Turun Telelaitos. These cards are on sale throughout the city, and are bought anonymously for cash. On two different occasions I have had cards malfunction. When the card is placed in a phone it is read and seen as valid, and I can dial, but when the other party answers, and the card is locked in for debiting, an error is generated and the call is (frustratingly!) terminated. On both occasions I have taken the offending card to the phone company's office. The card is passed thru a reader which displays the card's unique identifying number. The service person then calls this number in to another bureau, where they can dump a complete calling history of the particular card, no doubt to verify malfunction and protect themselves against fraud. Having verified the card malfunction, the service person asks for a name and address before issuing a refund (in the form of another card) for the malfunctioning card's unused portion. I do not know whether the name and address are ever verified; in this country I would imagine not. It is all well and good that they can extensively track an individual card, and where it has malfunctioned, and that this card can be bought anonymously, but naturally my privacy breaks down when they take my name and address, which they can (in principle) match it to the card's audit trail to get a partial track of my calling activities. But given that such card malfunctions are an unusual occurrence, related perhaps to the recent spate of subzero (fahrenheit) weather, it does not seem to me to be an undue threat to my privacy. Nonetheless, can anyone suggest some ideas that I might take to the phone company to permit them to make the same checks but with a higher level of privacy? Or should I just give them a bogus name and see if it ever causes a problem (in the form of, for example, more intrusive checks before issuing refunds)? * Fred Baube(tm), GU/MSFS/88 baube@optiplan.fi ------------------------------ Date: Fri, 18 Feb 1994 07:29:28 -0800 From: Dan Yurman Subject: Email Courtesy Bill Fitler (bfitler@ccmail.com) asks about email courtesy issues in RISK 15.56. Perhaps one disturbing trend as more people use Internet is the practice by college students of using subject matter listservs as sources of first resort for information they should be looking up in their university library. Every year BIOSPH-L@UBVM.BITNET, a list dealing with environmental issues, is flooded with ill-expressed questions that should not be addressed to the list. These include questions such as "what is hazardous waste," etc. Another which came up today was a question which could be answered by using the Statistical Abstract of the US or any World Almanac, etc. Last year a hot debate erupted when a graduate teaching assistant at a major, dare I say, top 10, Eastern university, assigned a class of undergraduates to use Internet to seek information on research paper topics. The TA did not instruct the students to use the library first and then pose well formulated questions to the net. BIOSPH-L was flooded with questions on basic environmental science. Both the TA and the students were outraged by the complaints they received from list readers who objected to being asked fundamental questions that ought to be dealt with by the students themselves. The root cause appears to be neither the TA nor the students had any idea who was at the other end of the line. All they saw was a computer that should be giving them answers. What was said to them repeatedly is this. The courtesy issue is that traffic on BIOSPH-L is voluntary. If you want people to take the time to answer your questions, indicate you have done some legwork on your own and have a genuine problem looking for additional information. Otherwise, you are soaking up volunteer resources which could be better used to meet needs not answered elsewhere. Also, neither the students nor the TA took kindly to suggestions that if they absolutely insisted on using computer terminals instead of (gasp) books, that there are online services which for a fee will gladly give them the information they want. Dan Yurman dyurman@igc.apc.org Idaho Falls, ID 43N112W -7 GMT ------------------------------ Date: Tue, 22 Feb 1994 09:19:13 -0500 (EST) From: pcherna@BIX.com Subject: Re: E-mail risks: appalling grammar/notoriety (mathew, RISKS-15.55) Another RISK of the high prevalence of poor grammar and spelling in e-mail is the risk to one's own style. If immersion in a foreign language is an established way to improve one's fluency in that language, then surely immersion in a medium where capitalization, spelling, punctuation and grammar are weak might harm one's own ability to compose correctly. I've found that I sometimes question my own use of "it's" vs. "its", which I never had trouble with before I used e-mail, for example. Peter Cherna -- pcherna@bix.com ------------------------------ Date: Thu, 17 Feb 1994 17:45:32 -0500 From: gjb@fig.citib.com Subject: Re: E-mail Etiquette In the U.S., the CBS television network airs an "Olympic Late Night" show every night at 11:30 p.m. or 12:30 a.m. The show is a sort of hip, MTV-style rundown of the day's events in Lillehammer. The show also does a nightly "Information Highway" segment, and maintains a forum and e-mail address on Prodigy. Wednesday night, for instance, host Pat O'Brien sat down at a PC and personally answered e-mail from a doting user. On the air, O'Brien tells viewers to send Prodigy e-mail to "Ask Pat O'Brien". (And he doesn't mention whether there are spaces, hyphens, or anything else in his address.) Some readers of the rec.sport.olympics newsgroup are upset with the CBS coverage, so someone suggested mailing "obrien@prodigy.com". The poor Prodigy user with the username "obrien" was understandably upset when his mailbox flooded with harsh criticism of the CBS Olympic coverage. I don't know if other Prodigy users joined Internet users in sending their CBS-bashing to the wrong address, but poor Mr. O'Brien had to have his e-mail address changed. greg ------------------------------ Date: Thu, 17 Feb 94 16:19 CST From: barnhart@mcs.com (Aaron Barnhart) Subject: E-mail to Bill According to the 21 Feb 1994a _Business Week_, Microsoft chairman Bill Gates has never had anyone screen his electronic mail. With the recent publication of his e-mail address in _The New Yorker,_ however, he's reconsidering. While in the short run that would be a good idea, I don't know why Gates hadn't installed aliases and mail filters long before. Now I suspect that Microsoft Mail doesn't even have these capabilities. Aliases would allow re-routing of mail to billg, but with a different "To:" header. In combination with mail filters, Bill could give out a separate VIP address and send all non-VIP mail to a reserve mailbox for a staffer to read. ------------------------------ Date: Tue, 22 Feb 1994 19:52:55 -0500 From: John Murray Subject: CompuServe Offers Credit Info (From AP News Service) CompuServe Inc. and National Information Bureau Ltd. (NIB) have agreed to give CompuServe users access to NIB's credit information, as well as motor vehicle, workers' compensation, real-estate, tax, crime, and employment databases --- subject to "several levels of security" (which may seem like a bad joke to some RISKS readers). [PGN Abstracting Service] ------------------------------ Date: 18 Feb 1994 01:45:27 GMT From: eng350d3@csulb.edu (LoQuan Seh) Subject: Electronic Food Stamps Electronic food stamps might be a good way to prevent fraud, but they also may make it easier to steal from the government. It will stop thieves from robbing the food stamp from people's mail, but thieves may be able to use computers to steal from the accounts on the card. The criminals use of technology to commit food-stamp fraud may be more educated than the criminals who were robbing mail boxes. ------------------------------ Date: 17 Feb 1994 16:43:14 -0800 From: dawson@ornews.intel.com (Bryan J Dawson) Subject: Re: YAMIC [Yet Another Mistaken Identity Case] (Cook, RISKS-15.56) >... I would think that while his assets could be seized, they >couldn't be sold except after conviction or a motion for a court order at >which time the defendant would allowed to object. Sorry, but no. His property was no doubt subject to 'Civil Seizure' (probably the single MOST SERIOUS threat to the foundation of the US constitution). Under 'Civil Seizure' a strange legal circumlocution allows the PROPERTY to be arrested because it 'participated in a crime' and since property cannot defend itself there is no due process. The only recourse for the prior owner is for him to sue for its return and HE MUST PROVE THE PROPERTY IS 'INNOCENT' (note no assumption of 'innocent until proven guilty'). Furthermore, there is a fairly short period of time during which the prior owner must take action or his property is considered 'abandoned' and he has no further recourse. I'm not a lawyer, a legal expert, or even an expert on Civil Seizure but the above comments are substantially correct... (C) 1994 ------------------------------ Date: Fri, 18 Feb 94 11:43:09 -0800 From: Martin Minow Subject: Wired article on Clipper The April 94 issue on Wired will have an article on Clipper that is probably relevant to Risks readers. WIRED 2.04 Electrosphere: Jackboots on the Infobahn Clipper is a last ditch attempt by the United States, the last great power from the old Industrial Era, to establish imperial control over cyberspace. By John Perry Barlow [Note: The ... article will appear in the April 1994 issue of WIRED. We, the editors of WIRED, are net-casting it now in its pre-published form as a public service. Because of the vital and urgent nature of its message, we believe readers on the Net should hear and take action now. You are free to pass this article on electronically; in fact we urge you to replicate it throughout the net with our blessings. If you do, please keep the copyright statements and this note intact. For a complete listing of Clipper-related resources available through WIRED Online, send email to with the following message: "send clipper.index". - The Editors of WIRED] ------------------------------ Date: ongoing From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA) with SUBSCRIBE RISKS or UNSUBSCRIBE RISKS as needed. Users on US Military and Government machines should contact (Dennis Rears). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, send requests to (not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "FTP CRVAX.SRI.COMlogin anonymousYourName CD RISKS: GET RISKS-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is vital. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 15.57 ************************