Subject: RISKS DIGEST 16.51 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 28 October 1994 Volume 16 : Issue 51 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks), disclaimers ***** Contents: Stolen account used to send hate mail at Texas A&M (Bruce Sterling via Prentiss Riddle) Orwell was off by 499 channels, and what to do about it (Phil Agre) GRE Computer-Based-Testing scores reconsidered (Carlos I McEvilly) America Online Offlines America (PGN) More on backspace problems (John Vilkaitis) CAPS-LOCK Considered Harmful (Barton C. Massey) Microsoft Natural Keyboard (Don Alvarez) Re: Mailing lists risk critical-mass spamming (Paul Wallich) Re: CNID and screening (Robert Ellis Smith) Drivers license as universal ID? (John Sullivan) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: 27 Oct 1994 12:25:39 GMT From: riddle@zilker.net (Prentiss Riddle) Subject: Stolen account used to send hate mail at Texas A&M Bruce Sterling (bruces@well.sf.ca.us) cited the following in the austin.eff newsgroup: : *The Australian* on Tuesday October 25, 1994: : : Hacker uses Internet e-mail account to send racist material : : CHARLESTON, West Virginia: A college professor in Texas says someone broke : into his electronic mail account and fired off racist messages to about : 20,000 computer users in four States. : : The message brought death threats and other harsh responses from nearly 500 : users who thought it came from Professor Grady Blount, a white professor of : environmental science at Texas A and M University. : : "My door is locked. We cancelled a class last night and one today will be : moved to another location," Professor Blount said. He also changed his : computer password. : : His password was used to send electronic mail messages to 20,000 Internet : users in Mississippi, Wisconsin, Colorado and Texas. : : The Internet computer network links colleges research facilities and : individuals worldwide. : : The racist message echoes a flier printed by a white supremacist group : called the National Alliance. : : It urges readers to send "minority parasites packing to fend for : themselves" and condemns community development funding as support for black : "breeding colonies". : : A Texas A and M spokesman, Mr Greg Orwig, said the e-mail address : apparently was picked at random by someone who tapped into the university's : computer system on Sunday. -- Prentiss Riddle riddle@zilker.net Moderator of austin.eff ------------------------------ Date: Thu, 27 Oct 1994 12:48:17 -0700 From: Phil Agre Subject: Orwell was off by 499 channels, and what to do about it The NYT has an article about Bell Atlantic's video plans: Edmund L. Andrews, A launching pad for a video revolution, New York Times, 27 October 1994, pages C1, C6 [business section]. The point of the article is that BA wants to deliver video to customers, and is teaming up with Hollywood types to obtain the content. The main focus for Risks, though, is probably the privacy aspects of the scheme. A few quotes will probably give the idea: "Company executives, convinced that they must distinguish themselves from today's established cable programmers [and so they plan to] offer more customized entertainment and shopping. "Thus, the company has tied together a computer system that could, almost like Orwell's Big Brother, monitor the movies that a person orders and then suggest others with the same actors or themes. "Going a step further, the system would enable advertisers to send commercials directly to customers known to have bought particular kinds of merchandise. Thus, people who bought camping equipment from a video catalogue might start seeing commercials for outdoor clothing." ... "The scale of the new center ... makes clear how serious Bell Atlantic is about this venture." If this sort of thing is really what people want, of course, then that's their perfect right. But advocates for other visions of technology can do plenty to ensure that people make informed choices. One is to inform people (in honest but vivid terms) that their program selections and purchases are being recorded, kept, and used for secondary purposes. Another is to keep on building things like the Internet and community networks, and redouble efforts to publicize them by telling clear, powerful stories about them. The point is to show that privacy-enhancing and *genuinely* interactive technologies exist, and that they are useful, accessible, democratic, entertaining and convenient. As my colleague Francois Bar emphasizes, this sort of end-user experimentation is crucial for defining the architectures of the future. Bell Atlantic and its brethren are creating top-down, privacy-invasive, 500-channel visions of the future -- even though they haven't worked very well in pilot tests in carefully selected communities -- because that's the business model they know. We can try to suppress the Risks associated with this model, but that's like shoveling the tide back into the ocean -- a lot of work. Another approach to pursue in parallel is to create alternatives that offer *both* democratic values *and* a lucrative business model for the people who can supply the necessary infrastructure. This process starts with experimentation and continues with public relations. Here's a plan. If you're doing something terrific with networks, volunteer to demonstrate it in your local school. Have great stories ready to tell about it. Ask the kids to tell their parents. Then write a press release. Send it to all the newspapers and TV stations in your area -- especially the small ones. And make it available on the net as a model for others to follow. Phil Agre, UCSD ------------------------------ Date: Tue, 25 Oct 1994 23:58:40 -0600 From: Carlos I McEvilly Subject: GRE Computer-Based-Testing scores reconsidered A friend of mine who is from outside of the US, and who is now in the US for graduate school, took the computer-administered version of the GRE (Graduate Record Examination) General test last year. The school where this individual was enrolled had a policy that allowed accepted students in some departments to begin graduate studies prior to having taken the GRE, so long as the GRE was then taken and passed with a minimum aggregate score by the beginning of the second semester. The aggregate score was to be the total score in the verbal and quantitative testing categories -- the other category, analytical, was not considered. With analytical out of the picture and with this person being a non- native speaker of Enlish, the math (quantitative) section offered the best hope for scoring badly needed points. With preparation, things would go fine. The Computer-Based-Testing option seemed perfect, because it was scheduled late in December which allowed some vacation days for pre-test cramming, and it also promised quick scoring, which would ensure that the results would arrive at the school before the start of the spring semester. When the day of the test arrived, my friend felt well prepared and was especially confident for the math section. For the five-section test, the software makes a random assignment of sections drawn from the three categories: verbal, quantatative, and analytical. Therefore some categories are repeated (with different questions, of course). With my friend's fortunes resting so heavily on the quantitative category, naturally the computer's random algorithm chose to assign not two, but THREE analytical sections -- the one category not regarded by the school. This left one verbal and one quantatative section. (It seems strange that the computer was not programmed to choose combinations of 2,2,1 and avoid those of 3,1,1 -- but there's more to this story.) The Computer-Based-Testing administration of the GRE is also known as the "Computer Adaptive Test (CAT)," because it uses a new technique that presents different questions of varying difficulty based on this examinee's previous answers. Since my friend had done a good job boning up on math, the software, detecting a run of correct answers, began selecting more advanced questions. This was no problem, but it did mean that it took more time to answer each question. And the test had both a time limit, and a minimum number of questions that had to be answered. Now you see where this story is going -- when my friend had ALREADY clicked the answer of the last required question, and was just about to click "Confirm" with the mouse, the time expired and the screen went blank. So instead of a good score for answering difficult questions, or a low score for leaving one question blank, my friend received a "No Score," or "NS." Added to a low verbal score, this was enough to ensure that there would be no more graduate studies for this student, at least not at the original school. The rest of the story: In September 1994 a carefully hedged letter arrived from the ETS (the Educational Testing Service, which administers the GRE). "...We have recently determined that it is possible that a small number of examinees who took the [CAT] received a NS (No Score) because they were unable to confirm an answer selection before time expired...." The ETS offered to replace the NS with a newly calculated score based on the completed questions. The new aggregate score turned out to be 130 points HIGHER than the minimum that would have been required for the student to maintain graduate status at the school. The offer of score adjustment is welcome, but seems to trivialize the (already incurred) very heavy costs to the student, who had to sacrifice a full semester of a graduate career while still being responsible for maintaining cost of living abroad--many visitors to the US on student visas are not allowed to work, so this was a great drain financially, in addition to being very stressful for the student. Compared to some of the stories we read about x-ray machines and airplanes, this may not seem like much, but it is another reminder that as designers of information systems we need to remember that our work affects people's lives, and we should try to anticipate this in our designs. Carlos McEvilly mcevilly@netcom.com, cim@lanl.gov ------------------------------ Date: Fri, 28 Oct 94 14:42:32 PDT From: "Peter G. Neumann" Subject: America Online Offlines America AOL, now boasting 1.25M subscribers, up by a factor of more than three in the past year, apparently cannot boast about its E-mail performance. Yes, it is handling something like 15 million E-mail messages a month, about 7 times any of its competitors. But, No, it is not delivering 15 million E-mail messages a month. MANY MESSAGES sent to AOL are bounced back to the senders. Steve Outing, with 150 AOL subscribers on his discussion group, complained of getting a few hundred bounces a day. Message volume seems to be overburdening AOL's Internet gateway. AOL admits that a ``bug'' between 21 Sep and 5 Oct 1994 caused outgoing mail to ``go awry'' --- but that has been fixed. More recently, five-day delays have been reported for receipt of mail on AOL. [Source: An article by John Eckhouse in the San Francisco Chronicle, entitled "AOL Users Find E-mail Going Undelivered", 28 Oct 1994, p. D1.] [From my vantage point of sending out RISKS, AOL FINALLY provides RISKS (comp.risks) as a newsgroup, although most of my direct subscribers have not caught on yet and are still getting private subscriptions. AOL apparently splits RISKS issues (normally just under 32K) into max-22K chunks, so perhaps one half of an issue gets through and the other half doesn't, which at least enables someone to realize that something is missing. A reminder to AOL subscribers: Your mailbox is limited to 550 messages, after which new incoming mail is simply rejected. More-than-week-old messages just vanish. Presumably that means you should not use AOL if you are going to be away for more than a week, or if you get a lot of mail. I presume the newsgroup stuff ages just as rapidly. PGN] ------------------------------ Date: Wed, 26 Oct 1994 18:39:42 -0700 (PDT) From: javilk@netcom.com (Javilk) Subject: More on backspace problems A follow-up to the backspace/delete problem I've been having with my cut-rate internet service provider, NETCOM. PROBLEM: Dialing the standard local NETCOM number will occasionaly give me one server which displays ^? when I hit backspace; and in a later session, _without_ reloading or restarting my telecom package, give me another server with a backspace key that properly ERASEs. I thank the avalanche(!) who provided me with suggestions on STTY and UNIX arcania. I apologize for resorting to form replies. Particular thanks for info on "The UNIX Hater's Handbook". OBSERVATIONS: 1.) Others e-mailed me with the _same_ NETCOM problem! 2.) the duration of the blink of the SD light on my modem clearly differentiates the Backspace key from the DEL key, and indicates I am always sending BACKSPACE. 3.) The only thing which changes between these sessions is: a.) the telephone path, b.) Equipment and software on THEIR end. c.) The modem's compressions session??? NETCOM's latest official response: "Sir, with all due respect, other UNIX personnel do not have the ability to diagnose concerns about Netcom's system. They may have experience with differently configured Sparcs, but it's good to keep in mind that our configuration may not necessarily be what you are used to." "You have repeatedly described a problem that is characteristic of terminal software problems. Our technical support staff has diagnosed this kind of problem innumerable times.... it is in our opinion clear [?] that any remaining problem is the fault of your terminal software. ... We have concluded to our satisfaction that this is not an error on our end." [With original a-gramatica.] They then repeatedly tell me to put STTY ^H in my .login, file, which they have already done WITHOUT my permission! It does NOT, and CAN NOT work as both my modem, and the command line clearly show they receive the ^? code, hex 7F, "DEL"; Not ^H, 08, "Backspace"." CONCLUSION: Something on NETCOM's end occasionally decides (at log-in) to map both BACKSPACE and DEL together to the DEL code. The ONLY way I can fix the problem, is by typing STTY ERASE, and then tapping the key which is, at the moment, producing the ^? code at their command level -- the backspace (^H) key; usually after I commit a blunder I can not backspace out of! I often hang up. The RISK of not fixing intermittent problems is having to increase your marketing budget. Same for not understanding English. John V. Vilkaitis, Senior Consultant, Software General Corp. 408-983-0518 [John asks whether anyone knows of a more competent internet server for less money serving both Northern California and Connecticut. Unfortunately, each one has some partially overlapping set of problems. RISKS does not wish to get into a war among the Internet service providers, more or less all of whom have been dinged here at one time or another, and all of whom seem to be eagerly creating their images as fly-by-nighters. RISKS most equanimiously hopes that a little public exposure will goad them into doing something reasonable. Our very best wishes to all of them for getting well soon. PGN] ------------------------------ Date: 25 Oct 1994 22:49:40 -0700 From: bart@cs.uoregon.edu (Barton C. Massey) Subject: CAPS-LOCK Considered Harmful IMHO, the worst button-placement crime is one almost every computer manufacturer for the last 20 years has perpetrated: the CAPS-LOCK key on the keyboard. Consider: this is a key which has a completely different interface than every other key on a standard keyboard (toggle instead of momentary contact), which performs a function almost completely obsoleted 15 years ago (by decent text-editing and word-processing software), and which is a factor in a number of fiendish user-interface traps. As an example of the latter point, consider the most common solution around our shop to "I can't log into my account anymore", namely, "Did you bump the CAPS-LOCK key on?" Since the characters of the password are (IMHO quite rightly) not echoed, and since the password is (IMHO quite rightly) case-sensitive, there is no obvious indication given to the user of this error. Another example, which has bitten me several times, is what happens under many versions of UNIX when I inadvertently type my login name (a single smooth motion) before realizing I have the CAPS-LOCK key on. The getty program (IMHO quite cleverly) decides that I must be on an uppercase-only terminal (when was the last time you used one of those babies?) and configures the TTY driver accordingly. The only ways I know of to cure this condition are (1) type a control-D at the login process to restart getty, or (2) get logged on (assuming that my current password contains no uppercase characters, or that I remember to backslash them) and type "stty -lcase" (I understand why the parameter is called "lcase" instead of "ucase", but I'm still amazed at the choice of name): suffice it to say that I consider neither method intuitive, or obvious to a novice. Manufacturers, please: let's make this particular dinosaur extinct. Bart Massey bart@cs.uoregon.edu ------------------------------ Date: Wed, 26 Oct 1994 16:38:53 -0400 (EDT) From: Don Alvarez Subject: Microsoft Natural Keyboard This is more of an anti-risk than a risk, but I thought a mention of the Microsoft Natural Keyboard might be appropriate. In case you haven't seen a picture of it, it's an ergonomic keyboard with the left and right hand key areas tilted in two planes for more natural hand positioning. It was the best looking design I'd ever seen in a $99 keyboard, so I bought one. At the risk of being incredibly subjective, I love it. This is one of the nicest keyboards I have ever used. (50th percentile hand dimensions make me a keyboard-designers dream) *BUT* it p***es me off that it is still a secretary's keyboard. I understand that it has to be as close as possible to an 1890's QWERTY keyboard for backwards compatibility reasons, but: The caps-lock key is where the control key *should* be, requiring an impossible stretch of the left pinky every time a right-handed control character is required. A similar stretch of the right pinky past the '/" key is required to get to the enter key. That stretch of the pinky was fine when you only hit the enter key every 60 characters or so, but it is (IMHO) unadvisable for programmers, spreadsheet users, etc., who are likely to need to hit the enter key every ten or fifteen characters. Speaking from personal experience with a Dec keyboard I suffered considerable hand pains from those pinky-stretching motions until I rebound the control key on top of the physical caps-lock key and swapped the enter and '/" keys. The change in my hand problems was immediate and dramatic. [If anybody knows of a Dos/Windows way to do that rebinding please let me know (email to me, not risks... I'll summarize if people want). I've tried doing it with the DOS ANSI driver but the '/" and enter keys only seem to accept incompatible combinations of shift, control, alt, etc. modifiers] Anyway, on the whole I'd say Microsoft did a real nice job on the hardware (installing the new keyboard driver software on my laptop was another story, but we all know hardware companies rarely write good software :-) -Don (Just my opinions, of course... your handage may vary) ------------------------------ Date: Wed, 26 Oct 1994 11:05:53 EDT From: pw@sciam.com (Paul Wallich) Subject: Re: Mailing lists risk critical-mass spamming (Sylvar) Many lists accept posts from non-subscribers. One need only know that the list exists and where to send contributions. It would be a simple task to poll ten thousand LISTSERVs for a list of lists. Having compiled such a listing, one could then send one's advertisement into several hundreds of thousands of mailboxes. It's been done. In mid-September I (and the readers of all the other publicly-known mailing lists beginning with A or B) got a pitch for a remote-backup service that started, "Dear Friend, since you read email..." Paul Wallich [It can happen to RISKS BITNET subscribers and USENET comp.risks readers, but not to the mainstream direct subscriptions. This was a problem only in the early days of RISKS, where my distribution macro on the Foonly made the live broadcast address accessible while it was being run. PGN] ------------------------------ Date: Wed, 26 Oct 94 12:56 EST From: Robert Ellis Smith <0005101719@mcimail.com> Subject: CNID and screening A. Padgett Peterson wrote in RISKS that everybody should have Caller ID, to screen unwanted calls to a computer system or a personal telephone. There's a difference between Caller ID - which transmits and displays the number of the calling party, often without that person's full awareness - and programming one's telephone or modem to screen out unfamiliar incoming telephone numbers. Devices for screening out unfamiliar numbers are on the market and may be used without subscribing to Caller ID. These devices - or software that does the same thing - present no privacy problems that I can identify. It's the display of the number and the ability to capture it for later commercial exploitation that create the privacy problems. Robert Ellis Smith, Privacy Journal, Providence, RI 0005101719@mcimail.com. ------------------------------ Date: Thu, 27 Oct 1994 15:05:53 -0500 From: sullivan@geom.umn.edu Subject: Drivers license as universal ID? Minnesota is just introducing a new drivers license, with new security features, as well as a bar code and a magnetic stip (with full name, date of birth, and license number). The photo and signature are digitized, and presumably stored by the state as well as being printed on the card. I learned about the new licenses from an article in City Pages, a free weekly here in the Twin Cities. The new licenses are produced (for $1.29 apiece) by Deluxe (the check printers). About 4000 drivers had to go back to have their pictures retaken because they were transmitted at night from one computer to another over "incompatible phone lines" [whatever that means] and billions of bits went "screaming into the ether". Deluxe blames a subcontractor. Since the magstripe can hold about 256bytes, there have been discussions about what else might be stored there. Things like a list of cars and guns registered in your name, perhaps. Or, people receiving food stamps or welfare might use their license to obtain their benefits, either at a food-store cashier or from an ATM. Don Gemberling, director of MN's Public Information Policy Analysis Divison, evidently did raise the privacy issues during the planning process, noting that a "universal personal identifier ... has been consistently resisted in this country". Alice Gonzalo (assistant director of DVS, the state Driver and Vehicle Services Division) notes that DVS already sells driver's license information, sorted by different fields. (One could buy a list of Minnesotans over 6'3", for instance.) There is already a national database of drivers with commercial licenses, called AAMVANET, and there are plans to expand this to all drivers. In Wisconsin, a driver's license can be suspended for failure to pay fines unrelated to driving (like library fines). MN dept of Administration's Bob Schroeder says In my opinion, the driver's license has nothing to do with driving. How many times have you pulled it out because an officer asked you for it? You pull it out much more because someone at a store of a check-cashing place wants to know who you are. It has less to do with driving and more to do with being a universal identifier, a way for you to be identified over the long term. Business really relies on the state to establish this sort of identifier for them. -John Sullivan sullivan@geom.umn.edu ------------------------------ Date: 20 October 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. All other reuses of RISKS material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using RISKS material should obtain permission from the contributors. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: or cwd risks:, depending on your particular FTP. Issue j of volume 16 is in that directory: "get risks-16.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 15, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. See risks-15.75 for WAIS info. To search back issues with WAIS, use risks-digest.src. With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.51 ************************