Subject: RISKS DIGEST 16.23 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Weds 13 July 1994 Volume 16 : Issue 23 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Inmates con jail computer (Peter Ilieve) White House Buys Off EES Patent Holder (Brock N. Meeks via Stanton McCandlish) New National ID Card Proposal (David Banisar) SimCity (Phil Agre) Teletext run amok (Michael J. Stern) "Glyphs" may track your demographics (Walter C. Daugherity) EMI of 'VW'? YES (Rick Cook) Correction to A330 report (Peter Ladkin) Re: Promises and "Scary" (Phil Agre) Laptop Danger for Airplanes (Dan Arias via Martin Howard) "If Ajax had a good computer system, Peter would still be alive." (Daniel P. B. Smith) Re: Roller coaster accident -- computer blamed (Clive D.W. Feather) Re: ACM Crypto Policy Statement (Dave Golber) Re: Phone records (S. E. Grove) Re: Signatures in electronic commerce (Robin Kenny) Re: Digitized CC Signatures (Mark Brader) Re: Shopping Risks... (Philip H. Smith III) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Tue, 12 Jul 94 13:14:57 BST From: Peter Ilieve Subject: Inmates con jail computer There was a piece under the above headline in the Times (a UK quality paper) on 5 July. The byline is Adam Fresco. `Prisoners at a top security jail beat an expensive security system using a mirror and a piece of wire to join each other in late-night card games. Inmates at Albany prison on the Isle of Wight had been roaming around at night for weeks, unknown to staff. `The sophisticated computerised security system was designed to end slopping out by allowing one prisoner at a time from each landing to go to the toilet during the night. [Sanitation is not the UK prison system's strong point, prisoners usually have to make do with a bucket in the corner of the cell, even if there are 2 or 3 people in the cell. Buckets are `slopped out' into a drain in the morning. PJI] By pressing a button in his cell, a prisoner was allowed out for a certain amount of time. When he returned he was supposed to punch in a number which would appear on a console inside his cell and the door would lock. The computer would then let the next inmate out. `However, the prisoners were staying outside their cells, shutting the door and threading a wire though the hinge to tap in the required number, which they could see through the mirror, set up before they closed the door. The computer, thinking the prisoner was back in his cell, would let the next person out. `The prisoners were found out when they made too much noise one night. An astonished guard discovered three of them in one cell playing cards. `Max Morrison, the governor, has started an enquiry into the incidents and has turned off the system, which has been installed in other prisons around the country. A Home Office [the government department responsible PJI] spokesman declined to comment on the cost of the equipment, which was installed a few months ago, but confirmed that the computer system had been suspended and alternative sanitation arrangements introduced.' Peter Ilieve peter@memex.co.uk ------------------------------ Date: Tue, 12 Jul 1994 17:52:21 -0400 (EDT) From: Stanton McCandlish Subject: Administration Buys Off EES Patent Holder (fwd) Date: Mon, 11 Jul 1994 14:53:56 -0700 From: "Brock N. Meeks" Subject: New National ID Card Proposal CBS Evening News just reported that Clinton has "tentatively signed off" on a National ID card recommended to him by a commission on immigration reform. The ostensible reason for the card is for employment and immigration. Each card will contain a name, photo, mag stripe with info and a "verified SSN." It was supported by Senator Alan Simpson of Wyoming, a long-time supporter of ID cards. Gov. Pete Wilson of California has apparently offered to make California a test-bed for the proposal. The proposal was opposed by Xavier Beccera, a Congressman from California. A previous effort to impose a national ID card was rejected by Congress in 1986. EPIC is working with Privacy International to investigate this report. PI has led successful campaigns against national ID cards in Australia, New Zealand, and the Philippines. In Australia, the PI-led campaign led to the dissolution of both houses of the federal Parliament in 1987 after hundreds of thousands marched in protest. The Australian campaign brought together groups from all parts of the political spectrum from the Communist Party to the Libertarian Alliance, farmers and conservation groups, rock stars, academics, large businesses such as banks and mining corporations, but the overwhelming support came from the public who created the biggest civil protest in Australian history. David Banisar (banisar@epic.org) Electronic Privacy Information Center 666 Penn. Ave, SE #301, Washington, DC 20003 202-544-9240 (v) 202-547-5482 (f) ------------------------------ Date: Tue, 12 Jul 1994 16:25:35 -0700 From: Phil Agre Subject: SimCity The spring issue of the liberal journal "The American Prospect" includes a detailed critique of policy simulation programs such as SimCity. The full reference is: Paul Starr, Seductions of Sim: Policy as a simulation game, The American Prospect 17, Spring 1994, pages 19-29. The gist is that the real politics of policy and its implementation are much more complicated than the basic framework of such simulations can possibly accommodate. Phil Agre, UCSD ------------------------------ Date: Sat, 9 Jul 1994 16:35:21 -0400 From: "Michael J. Stern" Subject: Teletext run amok The following comes from _New Scientist_, 21 May 1994. FEEDBACK JOHANNA Darlington often watches the news on television with her mother, who is deaf and relies on teletext to follow what is broadcast. Darlington has discovered that the words spoken by the news-caster and the words on the teletext frequently disagree with each other in surprising ways. Over the past 18 months she has culled a list of teletext "translations", some of which we give below. The first words in the list are what the newscaster said, the second are the teletext version: initially: in Italy romantics: Roman tricks Europe: querp Liverpool: limp pool nutrition: new electrician psychologist: sigh ecologist semblance: semi ambulance succeed: suck see rescue: regulars cue it really: trillion his street: history ozone: owe zone lesbians: lez beans solves: as far as categoric: cat gurk Darlington also reports a long news item about someone called the Princess of Whales. She adds, unsurprisingly, that watching the news is sometimes a rather baffling experience for her mother. Feedback finds these errors fascinating and wonders how they arise. Is a voice-recognising computer involved? Or is our old friend the spellchecker running amok again? /stern stern@deshaw.com stern@panix.com ------------------------------ Date: Mon, 11 Jul 94 18:38:10 -0500 From: daugher@chisholm.cs.tamu.edu (Walter C. Daugherity) Subject: "Glyphs" may track your demographics EDUPAGE (gopher to educom.edu) cites the 7/10/94 New York Times (Sec.3, p.9): ARE YOUR DOCUMENTS FULL OF GLYPHS? A Xerox technology known as glyphs will allow documents to carry thousands of characters of information placed unobtrusively in gray background patterns. One possible use: "If you see a spreadsheet in an annual report, it sits there, lifeless on the paper. But if there was a glyph border that had the mathematical model of the spreadsheet, you could scan that into a computer and make it come to life." Another possible use would be to encode info about the recipient of a direct mail piece or a survey, for ease of processing when the document is returned. (End quote from EDUPAGE) In that case, I'll be sure to xerox [sic] the anonymous survey form at a "light" setting to keep from telling them who I am. Walter C. Daugherity, Dept. of Computer Science, Texas A & M University College Station,TX 77843-3112 daugher@cs.tamu.edu uunet!cs.tamu.edu!daugher ------------------------------ Date: Sun, 10 Jul 1994 05:03:31 -0400 (EDT) From: rcook@BIX.com Subject: EMI of 'VW'? YES VWs of a certain vintage are indeed subject to EMI. This is a known 'bug' (so to speak) and is mentioned, I believe, in the later editions of "How To Keep Your Volkswagen Alive For The Complete Idiot" -- the standard reference for VW shade tree mechanics. The confusion arises from two things. First, it was not the 1963 models which were affected. The '63s had a thoroughly conventional ignition and fuel system. (I have owned two of them). Second, I don't think it was the fuel pump per se that was the problem. The problem comes in the later models fitted with the Bosch fuel injection system, one of the most misbegotten pieces of crap ever hung on an automobile. This used electronically operated injectors controlled by an on-board computer. Unfortunately the Bosch implementation as found on the 1969 or so VWs was not well designed, to put it mildly. Not only was it subject to EMI, but I am told it also had no way to adjust for the changing resistance of the wires as they aged. Meaning the thing would get flaky as it aged and there was nothing you could do about it. The standard advice on getting a bug or squareback with Bosch fuel injection was to discard the system and replace it with carburetors. As as result I've never had much dealings with the system personally -- except for pulling it. --Rick Cook ------------------------------ Date: Mon, 11 Jul 1994 19:42:23 +0200 From: Peter Ladkin Subject: Correction to my RISKS-16.22 account of the A330 report In my partial translation of the article from Air et Cosmos 11-24 Juillet concerning the A330 crash on 30 June, I translated `assiette' as `angle of attack', or `AoA'. Mea culpa. `Assiette' means `pitch', the angle that the airplane makes to the horizontal (`incidence' is `angle of attack'). The difference is important. Goodness knows what caused me to write that. The mistake may be rectified by replacing all occurrences of `AoA' (except only in the parentheses in which I comment on `incidence') by `pitch'. An autopilot can effectively command pitch, but not effectively angle of attack. Whether an aircraft stalls or not depends on the angle of attack. The two concepts are related via angle of climb. Roughly, angle of climb = pitch - angle of attack. Other vocabulary omitted from my article for US residents and non-pilots: QNH is indicated altitude above sea level with the altimeter set to mean pressure at sea level for that day/time (as given by Flight Control). QFE is indicated altitude above highest elevation of the field with the altimeter set to airport measured pressure. So 460mQFE = approximately 460m above the airport surface's highest point. Peter Ladkin ------------------------------ Date: Fri, 8 Jul 1994 15:51:25 -0700 From: Phil Agre Subject: Re: Promises and "Scary" In RISKS-16.21, Peter Denning asks why I find it scary that politicians might use individually targeted communications to make personalized promises based on information from demographic databases. He considers that contradictory promises would be exposed through public bulletin boards. This is conceivable, but it's not something I'd want to bet the future of democracy on. Nobody would be stupid enough to make clearly contradictory promises to different people. Rather, extrapolating some current practices, they would find out the "hot button" themes for particular segments of the electorate and tailor strongly worded but vague statements for each group, based on its particular themes. (Right now the most common way to find out the "hot button" themes is to call people on the phone and ask them under the guise of poll-taking. If someone doesn't have any buttons you can press, you simply say "thank you" and leave them out of your get-out-the-vote plans. The expense of this method limits its application, but once the data collected this way is pooled, stored, and merged with other available databases, the costs should come way down.) When analyzing the pathologies of electoral systems, I think it's a big mistake to focus on "politicians". It's a system with a logic, and changing the faces won't change the logic. Quite the contrary, term limits (which PD says he supports) will intensify the role of money and campaign experts, since candidates will be even more unknown to voters on average than before. (For those outside the US, the US is currently experiencing a wave of plebiscites, promoted by a far right-wing organization, limiting political candidates to one or two terms of office.) The computer-related Risk here pertains to the construction of the sphere of public debate. When public debate is conducted through a common medium, such as the newspaper, there exists at least a *chance* that public decisions that affect everyone equally will be made by the citizenry reasoning together as a group. But when every campaign has a separate channel to every voter, the whole notion of a public goes out the window, replaced by fragmentary micropublics who know they're being manipulated but cannot do anything about it without investing enormous effort in organizing. If computer networks facilitate that organizing then that's terrific, but first we need to achieve something much more like universal access to them. Phil Agre, UCSD ------------------------------ Date: 11 Jul 1994 17:49:31 +0800 From: MARTIN@411.uptown.com (MARTIN) Subject: Laptop Danger for Airplanes From: Martin Howard, Hong Kong Reposted from comp.protocols.ibmpc.tcp-ip From: darias@netmanage.com Subject: Laptops and Airplanes Not Recommended Date: Thu, 7 Jul 1994 23:01:59 GMT Here's something to think about for anyone who's considering using their laptop computer, cellular phone, or radio on an airplane. Non-pilots should be aware that a course deviation of plus or minus 10 degrees is the maximum tolerance for an approach to landing using instruments, e.g., in clouds or bad weather. In general flying more than 10 degrees off course is considered "flying all over the sky." This excerpt is reproduced from "Callback" which is a safety bulletin for pilots derived from the reports of pilots, controllers, and other aviation personnel to NASA's Aviation Safety Reporting System. ASRS is a research organization and not a regulatory organization such as the Federal Aviation Administration nor an oversight organization such as the National Transportation Safety Board. --Dan Arias, Cupertino, CA ============= Callback, Number 180, May 1994 A Monthly Safety Bulletin from The Office of the NASA Aviation Safety Reporting System, P.O. Box 189, Moffet Field, CA 94035-0189 Flight Interference More than 40 reports submitted to ASRS over the last few years indicate that in-flight operation of personal electronic devices by passengers may be a factor in aircraft track deviations, communications problems, and other incidents. While some crews are quick to pick up on the possibility of electronic interference, others find these events initially difficult to detect. More from this ASRS report: * After takeoff, we were given a turn direct to the fix. The ONS (Omega Navigation System) checked good on the ground and was used to turn towards fix. The heading seemed good, cross-checking with the VOR. There was a strong crosswind from the northwest which made determining a quick fix-to-fix on the VOR only a rough estimate... Center gave us about a 20 to 30 degree correction to the right or north of course to intercept... We then noticed an intermittent "DR" [Ded Reckoning] light on the Omega... Jet route was intercepted and VOR track was annunciated on our FMA [Flight Management Annunciator]. We appeared to be tracking Jet route outbound when Center gave us about a 20 to 30 degree turn to the north, saying it was "a vector for climb." We were now around 25,000-27,000 feet. The VOR fluctuated 30 to 40 degrees again, settled down, and we appeared to be south of course. Upon intercepting Jet route, Center gave us a left turn of 10-20 degrees and said we were established on Jet route and to continue our flight planned course... [This] was a surprise to us since we had not been apprised we were off course initially... After level-off, the Captain went back through the cabin and found a portable radio with headset in use. A cellular phone was also found on, although its owner claimed it had not been used. We believe the VOR fluctuations and navigation problems could have been caused by these items... Several passenger announcements were made explaining the importance of leaving these items off as well as the required announcements concerning electrical items. Loss of EFIS and Autonav * During climb EFIS [Electronic Flight Instrumentation System] screens blanked suddenly, then indicated missed approach fail along with loss of all auto nav functions. We immediately reverted to manual lateral nav and kept the aircraft climbing on autopilot while requesting the flight attendants to see if any personal electronic devices were in use. As this aircraft is equipped with inertial reference units that were properly aligned at the gate, it was very suspicious that a failure occurred. The flight attendants found 3 passengers using laptop computers and one listening to a portable radio. We asked that they be turned off and, after reprogramming the FMS [Flight Management System], resumed auto nav. At cruise altitude the laptops were allowed to be used... [but] the listener was asked not to use his [radio]. A serious study needs to be made of the electronic interference problem on today's modern fleets in order to resolve the issue of what the newspapers are telling the public that they may bring aboard and use in-flight. The printed material on the aircraft does not seem to be effective. While in this event no serious harms was done, the effect could have been different if the aircraft was in heavy weather flying a complicated departure or arrival... Compass Deflection * In cruise flight at FL310 [31,000 feet] 24 NM [nautical miles] west of the VOR, the #1 compass suddenly precessed 10 degrees to the right. I asked the First Flight Attendant if any passenger-operated electronic devices were in operation in the cabin. She said that a passenger had just turned on his laptop computer. I asked that the passenger turn off his laptop computer for a period of 10 minutes, which he did. I slaved the #1 compass, and it returned to normal operation for the 10-minute period. I then asked that the passenger turn on his computer once again. The #1 compass immediately precessed 8 degrees to the right. The computer was then turned off for a 30-minute period during which the #1 compass operation was verified as normal. It was very evident to all on the flight deck that the laptop computer operation was adversely affecting the operation of the #1 compass. I believe that the operation of all passenger-operated electronic devices should be prohibited on airlines until the safe operation of all of these devices can be verified. Short Hops Turning to a different type of flight interference, here's a report that gives new meaning to the expression, "short hop": * On a night flight... we had a passenger with a massive bladder attack and poor timing. Traffic was stacked up and we had a 20-minute delay in taking off. We were cleared into position on the runway behind landing traffic and prepared for an immediate takeoff ahead of traffic on a two-mile final approach. We had signaled the flight attendants (F/As) that we were taking the active runway when a passenger bolted out of his seat and headed into the lavatory. The flight attendant asked him to return to his seat. He ignored her request. She then demanded he be seated. He still ignored her command. She promptly called the lead F/A who called us in the cockpit. We cancelled our takeoff clearance and headed for the nearest exit. It was blocked by departing traffic. We then headed 2,000 feet down the runway to the next turnoff. Traffic on final approach was closing in on our tail as we departed the runway, an aircraft whizzing past our tail with precious few feet to spare. It was the quick thinking and timing of our flight attendant that allowed me the time to clear the runway... ======================================== Uptown 411 Online Information Exchange ------------------------------ Date: Mon, 11 Jul 1994 19:41:53 -0400 (EDT) From: "Daniel P. B. Smith" Subject: "If Ajax had a good computer system, Peter would still be alive." OK, it's fictional. I don't know if it's interesting to the RISKS readership or not, but it caught _my_ eye. (Someone else can figure out whether it actually indicates some kind of actual RISK). from Sara Paretsky's mystery novel, "Indemnity Only," copyright 1982, chapter 15, p. 206 in the Dell 1990 reprint: "'... one of the things they asked him to do was check records of claim drafts against claim files--see if they matched, you know. Did Joe Blow get fifteen thousand dollars when his file shows he should only have gotten twenty thousand dollars. That kind of thing. They had a computer program that did it, but they thought there was something wrong with the program, so they wanted Peter to do a manual check.... You know, if Ajax had a good computer system, Peter would still be alive. I think of that sometimes, too, and it makes me want to shoot all their programmers.'" Daniel P. B. Smith dpbsmith@world.std.com ------------------------------ Date: Mon, 11 Jul 1994 14:58:38 +0100 (BST) From: "Clive D.W. Feather" Subject: Re: Roller coaster accident -- computer blamed (RISKS-16.22) I heard an item about this on the radio last week. According to this item, the roller coaster is of a standard design: trains are hauled up to the high point, and then run free under gravity without brakes until they approach the station. On the approaches to the station are several more braking units - movable clamps which grip the train wheels to slow it down. The system should stop each train just behind the previous one. The various stopping points are called "berths" in railway terminology. The problem appears to be that there was one train in the station, and a second waiting to enter. The third train was braked so as to stop in the berth nearest the station (occupied by the second train), rather than the previous (empty) berth. Clive D.W. Feather, Santa Cruz Operation, Croxley Centre, Hatters Lane, Watford WD1 8YN, UK clive@sco.com Phone: +44 923 816 344 Fax: +44 923 210 352 ------------------------------ Date: Mon, 11 Jul 1994 09:09:19 -0700 From: dgolber@uniblab.aero.org (Dave Golber) Subject: Re: ACM Crypto Policy Statement (van Zuurens, RISKS-16.22) You claim that there is no reason for the police stopping a vehicle to know the registered address of the vehicle or the driver? "Officer, I was just going out to buy some groceries." "But why do you shop for groceries 150 miles from your home?" Sounds pretty believable to me. I think this is more than just me being picky. Rather than me trying to explain why, just ask yourself, Dear Reader: Why did you first read Mr van Zuuren's statement as being reasonable? What does that tell you about your own prejudices? Dave Golber ------------------------------ Date: Wed, 13 Jul 1994 13:11:16 GMT From: segrove@pbhya.pacbell.com (S. E. Grove) Subject: Re: Phone records (Weinstein, RISKS-16.20) As I remember it the giving of information to vendors of telecomunication services is normal if you don't state you want it private. The reason is the local telephone company already has the information as a part of its service, and if they don't share it with their competitors, it gives them an unfair advantage. It is all part of trying to open the telephone utilities to competition in as fair as possible way. Stephen Grove Comm. Tech. ESS Pacific Bell segrove@pbhya.PacBell.COM ------------------------------ Date: Mon, 11 Jul 94 9:54:09 EST From: Robin Kenny Subject: Re: Signatures in electronic commerce (Kabay/Wright, RISKS-16.21) In RISKS DIGEST 16.21, Benjamin Wright was quoted: You can write e-mail and make it appear to come from someone else. You can easily send e-mail from an address opened under a false name. But just as you can send fake e-mail, so you can send fake letters, telegrams, telexes, and faxes. !!!-----------^^^^^^^^^^^^^^^^^^ Small error. Telegrams in Australia have a copy made by the communications authority that is kept on file for six (?seven) years. I think that is part of the Berne convention. Other countries' communications companies would also keep copies - expressly for legal verification. I believe the same is true of Telex. *Also in Australia a FAX is legally binding, as is a VERBAL AGREEMENT OVER THE TELEPHONE. (You merely have to "believe you are talking to a company officer" even if the other party is actually not authorised to negotiate - like the cleaning staff answering the Sales department phones at night) Robin Kenny - robink@hparc0.aus.hp.com ------------------------------ Date: Fri, 8 Jul 1994 04:40:50 -0400 From: msb@sq.sq.com (Mark Brader) Subject: Re: Digitized CC Signatures (Richards, RISKS-16.21) > ... I'm not especially thrilled of the notion that someone can have a > digitized version of my signature. Neither would I be, but let's be fair: if they have your signature in traditional form, there's nothing to stop them from using a scanner on it. Mark Brader, msb@sq.com "Remember that computers are very, SoftQuad Inc., Toronto very fast..." -- Steve Summit ------------------------------ Date: 31 May 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: Issue j of volume 16 is in that directory: "get risks-16.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. See risks-15.75 for WAIS info. To search back issues with WAIS, use risks-digest.src. With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.23 ************************