Subject: RISKS DIGEST 15.68 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 22 March 1994 Volume 15 : Issue 68 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** EARLIER VOLUMES NOW IN FTP ARCHIVE SUBDIRECTORIES. ***** ***** See last item for information on RISKS (comp.risks) ***** Contents: Gambling (Phil Agre) I really like this guy's attitude (Alan Wexelblat) Phone Machines Call Each Other, Part Deux (Russell S. Aminzade) IRS Surveillance (Part II) (Zajac) Dutch legislators trying to pull a fast one? (Ralph Moonen) Funny Money article in THE SCIENCES (Mich Kabay) Human Genome Project & Privacy (Mich Kabay) SGML--archiving style + content (Mich Kabay) Risk of bringing plastic cards through UK customs (Ross Anderson) RISKs of safe ATMs (Sidney Markowitz) Re: Hard-drive headache! (David M. Miller) Re: The RISKS of whale removal, copyrights (Matthew B. Landry, Mark Stalzer) Comment on my earlier posting on puncutation and spelling errors (Don Norman) Re: Caught with their pants down (Sean Malloy) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Sat, 19 Mar 1994 09:04:47 -0800 From: Phil Agre Subject: Gambling For those with an interest in risks, the technology supplement to Forbes magazine, Forbes ASAP, is a regular smorgasbord. The 10/25/93 issue, for example, includes an article about Bally's casinos' use of customer databases to optimize their investments in "comping", the practice of offering free drinks, hotel rooms, plane tickets, and what-not to high rollers. Given enough information about an individual's bets (regardless of whether they win), a straightforward economic calculation can decide which level of comping is optimal. (The full reference is: David H. Freedman, Odds man in [Bally's Atlantic City casino], Forbes ASAP, 25 October 1993, pages 33-35.) The problem is getting the information into the computer. The Bally's casino accomplishes this in two ways. At roulette tables and the like, they simply have someone watch the game and enter bets into a portable computer. (This computer can also determine how much credit to extend to a given customer.) At the slot machines, they give each player a card with a magnetic strip that goes into the machine for as long as the player is playing. (They also offer a strap to keep the card attached to your wrist, so you don't walk away from the machine without it.) The risks, of course, are obvious. Rational gamblers can take advantage of competition between casinos, choosing the best comping deal. But many people are addicted to gambling, and these innovations also make it easy for an addict on a binge to gamble away the maximum possible sum. Furthermore, as the article points out, "the riot of blinking lights, the clacking of spinning wheels, the absence of outside views or public phones -- all of this encourages the otherwise solidly grounded visitor to lose track of time and space, not to mention financial common sense". Profit margins are high, and investors are pleased. The analogy to data-intensive marketing of cigarettes (see Risks 15.62) is strong. What's next? How about a frequent drinker's club for premium brands of liquor? Or individualized advice for children, based on detailed family demographics, about how to shame their parents into buying them expensive toys? It wouldn't be that hard. You could actually get a toy to do the explaining. Each product from a given toy company would contain a single chip with a small microprocessor, a simple RF receiver, some memory, and a speech synthesis device. When the toy goes through the checkout, an RF device built into the cash register downloads the toy with a demographic profile of the family derived from credit files pulled up through the purchase transaction. Then, as the child plays with the toy, the toy explains to the child the virtues of various other toys from the same company, along with suggestions for persuasion tactics that consumer research has shown to work well on parents in that particular market segment. If the toys can send as well as receive wireless data transmissions then newer toys can reprogram the older ones. Better yet, the child's videogame system, which will surely get its software over phone lines in the near future, could also download all of the child's other toys with new sales pitches, based on records of whether the previous pitches worked, as well as the latest market research and television and movie product tie-ins. Phil Agre, UCSD ------------------------------ Date: Mon, 21 Mar 94 11:51:55 -0500 From: "Alan (Miburi-san) Wexelblat" Subject: I really like this guy's attitude (Denver Baggage Handling) [From EDUPAGE...] > Problems with an automated baggage-handling system controlled by 100 > computers is delaying the opening of Denver's new airport. It's the first > such system to serve an entire airport, the first to be run by distributed > desktop computers, and the first to use radio links. Despite his woes, the > contractor says the project's worth it: "Who would turn down a $193 > million contract? You'd expect to have a little trouble for that kind of > money." (New York Times, 18 Mar 1994, C1) Sure, he's getting his money -- what does he care if bugs prevent the airport from opening? I'd like to see the comments of the people who let the contract in the first place. On second thought, I probably wouldn't. It'd probably be the usual uninformed pablum about how complex systems "always" have a few "small" problems, and no thought given to how the problems might have been prevented in the first place. Anyone want to bet they hire this same guy to do the upgrade when it's needed? Feeling cynical on Monday morning... --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard, Media Lab - Advanced Human Interface Group wex@media.mit.edu Voice: 617-258-9168 ------------------------------ Date: Mon, 21 Mar 1994 12:28:53 -0500 (EST) From: "Russell S. Aminzade: Trinity College of VT" Subject: Phone Machines Call Each Other, Part Deux Several years ago, I posted an amusing story in this journal about two answering machines talking to each other. It was a choice enough RISKS tidbit to earn a place in Dunlop & Kling's Compterization and Controversy. I don't expect my 15 minutes of fame from this next one, but it seems I'm doomed to be the innocent witness while chatty answering machines interact with each other. Imagine my surprise when I checked my answering machine at work and found a message which began "Hi, My name is [name]. I'm not at my desk, but if you'll..." Whoa! This was the voice-mail message of a friend. This friend works for a certain large, blue computer company which shall remain nameless :-) I was certain this was the work of a prankster for a few reasons: 1) I don't know her direct-dial number. I've don't think I've ever called her at work, though I often talk with her husband who teaches at a nearby college. 2) We have an aging PBX. No direct-dial to me. Any call would have to be routed through our (very human) operator. After a call to her to sic her company's phone-security cops on the perpetrator, and one to her husband (to play the message and prove I wasn't crazy) I had the weekend to ponder this odd event. I realized that it's entirely possible. Here's how: Professor X calls my school, asks operator for my extension, gets answering machine, hangs up. He then calls his wife, gets voicemail, and hangs up. His college's switchboard, though, interprets the first hangup as a "flash," which means "forward this call to the next number I call" The problem is a classical case of poor human-interface design -- the use of a switchhook flash to mean "transfer this call" when a slightly-longer flash means "hang up and give me new dialtone." I can think of many grisly RISKs here, but for me the small but nagging one is that my friends may have jumped to the most obvious conclusion -- that I was the prankster. Russell Aminzade: Academic Computing Coordinator, Trinity College of Vermont [If it had been Pennsylvania, it would have been a PA de Deux. PGN] ------------------------------ Date: Mon, 21 Mar 94 01:22 EST From: Zajac@DOCKMASTER.NCSC.MIL Subject: IRS Surveillance (Part II) Recently, RISKS carried a posting on how the IRS was bidding for Dialed Number Recorders (DNRs) to record phone numbers. The author suggested the IRS might be looking for a way to get the identity of individuals who call for information. Readers should be aware that DNRs record the numbers that are called out on a target line. They are generally used only in criminal investigations. If the IRS wanted to get caller information, they could do what large companies do today and get the caller ID (ANI) from each call that comes in on an 800 line. They would not have to go out and bid DNRs, the information is already available for free with their 800 number. DOCKMASTER.NCSC.MIL ------------------------------ Date: Tue, 22 Mar 94 15:07:37 GMT From: ralph@runner.knoware.nl (Ralph) Subject: Dutch legislators trying to pull a fast one? Yesterday, leading Dutch newspaper 'De Volkskrant' reported that included into a new bill that deals with telecommunication, is an article that will outlaw cryptography in the Netherlands. One can apply for a waiver but they will want to know why you want to use cryptography, and they want your keys. It looks like the Dutch government is trying to slip this one behind the backs of the voters just before the elections in may. Most stunning was that the Green party and others considered the issue 'a matter of little importance' and were not willing to do anything about it. Lucklily the proposal is still in draft state, which means there is still time to get something done about it, but only if people are made aware of the consequences of such a law. --Ralph Moonen --ralph@knoware.nl ------------------------------ Date: 20 Mar 94 21:05:47 EST From: "Mich Kabay [NCSA]" <75300.3232@CompuServe.COM> Subject: Funny Money article in THE SCIENCES In "Funny Money" (_THE SCIENCES_ 34(2):6, March/April 1994), Brian Mono writes about counterfeiting using off-the shelf hardware and software. Nothing very new for RISKS readers, but it's a good one-page summary of the problem for novices. In brief: o A report published in the autumn of 1993 by the National Research Council warns that the U.S. government has not kept up with technology used by amateurs to print counterfeit money. o Scanners, computers, colour printers and colour copiers [the distinctions among all of these devices are fading fast] tempt more people today to print small amounts of money. o Traditionally, counterfeiters have been few and concentrated in a few areas such as New York City. Casual counterfeiters are the opposite: many people over an enormous area. o In 1991, there were about $6-$8 million of counterfeit money detected by officials in the U.S. (only ~0.003% of the the Federal Reserve System's yearly total of $265 billion in currency handled). o "The dollar amount of scanned and color-copied fakes has doubled in each of the past three years...." o All countermeasures contemplated by the government must include consideration of backward compatibility: money-changing machines and business people have to be able to use both the older bills and whatever new ones appear. o Some recent countermeasures have had little effect; e.g., many bills have "so-called security threads, metallic polyester strips inscribed with USA and the denomination of the bill." Unfortunately, "hardly anyone outside the Treasury Department is aware of their existence." o Proposed countermeasures include colour-shifting ink and aliasing (a technique that tricks photographic reproduction machines into printing a line along the intersections of sets of parallel lines which are offset from each other at a particular angle). Holograms are also a practical possibility to deter amateurs. o One proposal from the NRC is that every copy machine print its serial numbers on every copy it produces. This technology is already in place in Xerox Corporation's "MajestiK" colour photocopiers. However, many observers are concerned about privacy issues. Norbert S. Baer, a member of the NRC committee, asked, "Would the Pentagon Papers have been leaked if identification numbers were implanted on them?" [MK thinking out loud: AI pattern recognition algorithms coupled with a library of currency images could permit a smart copier to blank out all attempts to photocopy money. Such a technique would drive criminal hackers wild with the uncontrollable urge to crack the protection codes and actually make the poor machine _print_ the currency images. So the currency images would have to be one-way encrypted. But then the criminal hackers would try to decrypt the images. So there would have to be a cryptographically-sound checksum that could permit identification but not reproduction. Comments?] Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: 20 Mar 94 21:05:40 EST From: "Mich Kabay [NCSA]" <75300.3232@CompuServe.COM> Subject: Human Genome Project & Privacy A quick note to RISKS readers about a peripherally related subject--genetic counselling. This is a technique which far antedates computers, but today's Human Genome Project is heavily computer-dependent for data collection, analysis and storage of enormous amounts of information. In a recent article (* see below), Robert Cook-Degan summarizes some of the problems we face with the growing ability to detect "bad" genes before birth as well as afterwards. Should everyone know about their own genetic defects? Always? Sometimes? What are the principles upon which to decide? Who should be allowed to know about _your_ personal genetic makeup? Do employers have a right to know that your family carries the gene for Huntington's chorea, which leads to uncontrollable movements and frank insanity in middle life? Do insurance companies have a right to reject an applicant for life insurance because of a family history of diabetes, breast cancer and alcoholism? There's a section of the political debate between those who argue for abortion of severely affected embryos (extremists argue for eugenic screening) versus those who argue for a more inclusive, accepting, less demanding society that can live with physical differences (extremists deny the existence of handicaps of any kind). Interesting reading. It will be of special interest to those concerned about personal privacy in the computer age. *Cook-Degan, Robert (1994). Private parts. _THE SCIENCES_ 34(2):18 Michel E. Kabay, Ph.D. / Director of Education, National Computer Security Association ------------------------------ Date: 20 Mar 94 21:05:51 EST From: "Mich Kabay [NCSA]" <75300.3232@CompuServe.COM> Subject: SGML--archiving style + content In _THE SCIENCES_ 34(2):4 (March/April 1994), Derek Coleman writes about the problem of interpreting machine-readable formatted text in archives. Technology changes so fast that an archive created a decade ago may be unreadable by programs running today. Standard Generalized Markup Language (SGML). SGML includes standard English-language tags (e.g., , <author>, <bold> and so on) that can easily by converted to any specific typesetting or word-processing system using a table-driven program (input string -> output string) or macro facility. Using SGML, one converts today's text into standard ASCII. As long as the storage medium is physically readable (something that can be ensured by appropriate conversion over the years), SGML will permit a readable copy including enhancements to be prepared at any time on any platform. Contact for more info: International SGML users' group (U.K.) c/o Ms Gaynor West voice tel +44-793-512-515; fax +44-793-512-516 North America (Toronto): Mr Yuri Rubinsky voice tel 1-416-239-4801; fax 1-416-239-7105 ------------------------------ Date: Sat, 19 Mar 94 14:01:09 +0000 From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk> Subject: Risk of bringing plastic cards through UK customs UK customs officers have just been issued by the banking industry with magnetic card readers. The idea is that they will check suspects' plastic cards to make sure that the magnetic strip details tie up with those embossed on the card face. This is reported in a recent issue of `Banking Technology'. Not only are faults in magnetic strips fairly common, but poor maintenance of card readers has caused problems in the past. I have advised one man in the USA who is suing his bank after being arrested for altering the magnetic strip on his credit card. It turned out that he had not done this; the read head in the merchant terminal was probably misaligned, but in any case there was an alarm from the bank which the police took at face value. In the event, it took him about a year to slog through the banks' denials, get access to the card and have it tested by VISA to prove his innocence. The risk to travellers is that some defect, whether in your card or in the customs man's reader, could get you arrested for fraud. If you are not resident in the UK, the courts might well refuse bail and keep you in jail for a year or more awaiting trial. If you are lucky, the Home Office might just deport you; but even this might be serious if you have relatives or other interests here. Ross Anderson Cambridge University Computer Lab rja14@cl.cam.ac.uk ------------------------------ Date: Tue, 22 Mar 1994 16:51:48 -0800 From: sidney@apple.com (Sidney Markowitz) Subject: RISKs of safe ATMs I just saw a report of a press release from Dassault Automatismes Et Telecommunications, a French company that makes automated teller machines, about their new secure indoor lobby ATMs. The spokesperson is quoted: "What a lot of people don't realize is that, if a thief tries to use a card which has been stolen, our ATMs are programmed to lock the doors and call the police. Not only is the customer secure from muggers, but the lobby ATM prevents card fraud," So if you use one of their cards, you had better hope that there are no data entry errors when a card with an account number similar to yours is reported stolen. And will a bank be careful to verify that it is really you calling to report your card as stolen and not someone who has decided to make trouble for you? -- sidney markowitz <sidney@apple.com> ------------------------------ Date: Wed, 23 Mar 94 00:42:12 HKT From: dmiller@hk.net (David M. Miller) Subject: Re: Hard-drive headache! I enjoyed the story told by Robert Telka (RISKS-15.65) but think there is more to be learned from this almost comical series of events than "you are never prepared enough". The RISKS are procedural rather than technical, but still related to IT. The disk crashes caused Company P to be without IT services for several weeks. This surely cost them a tidy sum. Yet, recourse against the Plant Manager, who was the senior staff member on the scene, is limited as the "rule" he broke is unwritten. Should the manager be sacked, any lawyer worth their salt would make a good case for unfair dismissal. "Unwritten rules" can be broken as long as one doesn't do it in writing :-) . The RISK is that staff members may not comply with the spirit. (They obviously can't comply with the text.) Furthermore, the fact that both the primary and backup disks were in the same cabinet raises serious concerns about the contingency plans of the company. Contingency plans are often written for specific scenarios, when in practice nasty events such as these are never so neatly packaged. The RISK is that IT people are optimistic, causing them to underestimate threats, while Murphy is an absolute S.O.B. I would speculate that company IT management did not consider all aspects of a head crash -- obviously cabinet movement would be a likely cause.... IMO, the computer site should have been treated with more care and respect, since it was used by the sales force and other plants. RISK: You lose your sales computer, maybe you lose your business. David M Miller, GPO Box 4761, Central, Hong Kong dmiller@hk.net CompuServe: 100032,341 Fax: +852 987 1185 ------------------------------ Date: Fri, 18 Mar 94 20:28:24 EST From: Matthew B. Landry <mbl@ml7694a.leonard.american.edu> Subject: Copyright violations in RISKS Digest >I am absolutely not making this incident up; in fact I have it all on >videotape. The tape is from a local TV news show in Oregon, ... The beginning of the quote saying "I am not making this up" tipped me off to begin with, but I read almost the whole thing before being positively sure that this message was in fact plagiarized from a humor column by Dave Barry. They even reprinted this column in one of his books. Just thought people might like to know that this column is copyrighted by the Miami Herald and the author. Matthew B. Landry, President of Project SAVE mbl@ml7694a.leonard.american.edu [Similar comments also came from Ted Lemon <mellon@ncd.com>, straz@cambridge.apple.com (Steve Strassmann), danny burstein <dannyb@panix.com>, hoaglund@tecnet1.jcte.jcs.mil, Alan Bawden <Alan@lcs.mit.edu>, hartley@AIC.NRL.Navy.Mil, "Jonathan I. Kamens" <jik@cam.ov.com>. Marc Horowitz <marc@MIT.EDU>, "MARCHANT-SHAPIRO, ANDREW" <MARCHANA@gar.union.edu>, mbraun@hydra.urbana.mcd.mot.com, ROBINSON_PAUL@tandem.com, and I also got another posting of the Mahoney message from youngman@signal.dra.hmg.gb (neil youngman)! It is of course inevitable that some not-too-careful folks will pluck stuff off the net without including any source info. The problem compounds itself as the information moves along the net food chain. Stalzer's explanation follows. PGN] ------------------------------ Date: Mon, 21 Mar 1994 08:55:34 +0800 From: stalzer@macaw.hrl.hac.com Subject: Re: The RISKS of whale removal I have been informed that most of the text of my posting was a Dave Berry column. The text was forwarded to me by a friend and, after laughing many minutes, I removed the headers to protect my friend's privacy and sent it off to risks in the hopes that everyone would get a good laugh. I apologize for any inconvenience. -- Mark ------------------------------ Date: Mon, 14 Mar 1994 09:46:48 -0800 From: dnorman@apple.com (Don Norman) Subject: Comment on my earlier posting on puncutation and spelling errors Commentary on my earlier note on punctuation and the resulting errors in spelling. I have now received sufficient private and public messages to indicate that my knowledge of the history of punctuation and English orthography is seriously deficient: a clear example of the RISK that a little knowledge is a dangerous thing. So, please disregard my explanation of the origin of the confusion between the spelling of words of possession or that are contractions. In my defense, however (the never-give-up defense), I still wish to argue that spelling errors are a result of what would amount to "poor design" were language and spelling actually designed. the average speaker of English doesn't know the historical development of punctuation symbols or spelling and so is forced either to memorize apparently arbitrary and conflicting rules and examples or to construct a mental model that makes sense of the underlying structure. In my case, I constructed a mental model that has served me well in avoiding the common confusions among "its" and "it's." Alas, when I shared that model with you, the more scholarly among you were able to demolish its validity. This doesn't change the main thrust of the argument: were English punctuation and spelling designed with usability in mind rather than reflecting the complex evolutionary factors of its historical and technological development, we would have had less spelling confusions, especially of the its-it's variety. I'll back down and apologize about my scholarship, but not about the main point. Don Norman, Apple Computer, dnorman@apple.com +1 408 862-5515 Apple Computer, Inc MS 301-3UE 1 Infinite Loop Cupertino, CA 95014 USA ------------------------------ Date: Sun, 20 Mar 94 14:52:09 PST From: malloy@nprdc.navy.mil (Sean Malloy) Subject: Re: Caught with their pants down (Kabay, in RISKS-15.66) Animators have been putting 'easter eggs' like this into films almost since "Steamboat Willie"; it's an industry in-joke. In addition to the scene with Jessica Rabbit, there are also claims that a couple frames of the scene with Betty Boop were retouched, and that in the scene in the rest room, the phone number in the graffiti "For a good time, call Allisyn Wonderland XXX-XXXX" is the real phone number for one of the head animators. In fact, I think that it may be that slipping a few frames like this into an animated production may have been easier when the shooting was all done by hand -- you just swapped a couple of reworked character cels for the regular ones while you're shooting a stack of cels onto film; when the tweening and coloring and 'cel' combination is all done electronically, there's more work involved in getting everything into the computer so you can tell it 'use _this_ set of character cels in frames X through Y instead of the pregenerated character cel sequence' without it being noticed. In my opinion, anybody who takes this seriously deserves to. Sean Malloy, Navy Personnel Research & Development Center, San Diego, CA 92152-7250 malloy@nprdc.navy.mil ------------------------------ Date: ongoing From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA) with SUBSCRIBE RISKS or UNSUBSCRIBE RISKS as needed. Users on US Military and Government machines should contact <risks-request@pica.army.mil> (Dennis Rears). UK subscribers please contact <Lindsay.Marshall@newcastle.ac.uk>. Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, send requests to <risks-request@csl.sri.com> (not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR> Issue j of volume 15 is in that directory: "get risks-15.j<CR>". For issues of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 14, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00. "dir" (or "dir [.i]") lists (sub)directory; "bye<CR>" logs out. CRVAX.SRI.COM = [128.18.30.65]; <CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 15.68 ************************