16-May-86 20:32:46-PDT,10331;000000000000 Mail-From: NEUMANN created at 16-May-86 20:32:43 Date: Fri 16 May 86 20:32:43-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-2.53 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Friday, 16 May 1986 Volume 2 : Issue 53 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: A late report on the Sheffield (AP [from Martin Minow], LATimes [Dave Platt]) News items [Lobsters; Eavesdropping] (Alan Wexelblat) More Phone Bill Bugs... (Dave Curry) Backup problems (Davidsen, Roy Smith) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.) (Back issues Vol i Issue j stored in SRI-CSL:RISKS-i.j. Vol 1: MAXj=45) ---------------------------------------------------------------------- Date: 16-May-1986 1241 From: minow%pauper.DEC@decwrl.DEC.COM (Martin Minow, DECtalk Engineering ML3-1/U47 223-9922) To: risks@sri-csl.ARPA Subject: A late report on the Sheffield -- RFI [PGN's SUMMARY LIST OF HORROR STORIES CONTAINS THIS ON THE SHEFFIELD: "Exocet missile not on expected-missile list, detected as friend" (SEN 8 3) [see Sheffield sinking, reported in New Scientist 97, p. 353, 2/10/83]; Officially denied by British Minister of Defence Peter Blaker [New Scientist, vol 97, page 502, 24 Feb 83]. Rather, sinking abetted by defensive equipment being turned off to reduce communication interference?] From the Boston Globe, May 16, 1986: Phone call jammed antimissile defenses LONDON -- Electronic antimissile defenses on the British frigate Sheffield, sunk in the 1982 Falklands conflict, were jammed during an Argentine attack by a telephone call from the captain to naval headquarters, the Defense Ministry said yesterday. Twenty crewmen were killed when the Sheffield was sunk May 4, 1982, by a French-made Exocet missile fired by an Argentine plane. A Defense Ministry spokesman, confirming a report in [the] London Daily Mirror, said Commodore James Salt, the Sheffield's captain, was making "an urgent operational call" to naval headquarters near London when the missile hit. "The electronic countermeasures equipment was affected by the transmission. Steps have been taken to avoid a repetition," the spokesman said. Commodore Salt now has a shore job as chief of staff to the fleet commander-in-chief. (AP) ------------------------------ Date: Fri, 16 May 86 17:13 PDT From: To: Risks@SRI-CSL.ARPA Subject: A late report on the Sheffield -- RFI [beginning of message duplicated the above] From Today's LA TIMES: [...] The telephone system's transmitter was on the same frequency as the homing radar of the French-built Exocet missile fired at the Sheffield, and the transmission prevented the Sheffield's electronic countermeasures equipment from detecting the missile's radar and taking evasive action. The article implies that this situation might have been avoided had the Sheffield been equipped with an uplink into the British satellite communication system; the article gives no details but I'd guess that such an uplink would have used a transmitter which was (a) less powerful, (b) more directional, or (c) on a completely different wavelength. Does anyone have additional information about the equipment in question? [Dave Platt] ------------------------------ Date: Thu, 15 May 86 14:11:13 CDT From: Alan Wexelblat To: risks@sri-csl.arpa Subject: News items [Lobsters; Eavesdropping] Here are a couple of items from today's paper that may be of interest to RISKS readers: (The following item was discussed in RISKS when the story first broke.) AWARD REVERSED IN WEATHER DEATH CASE Boston(AP) - A federal appeals court Tuesday overturned a $1.25 million award to the families of three lobstermen who died in a hurricane the National Weather Service had failed to predict because of an unrepaired buoy. The 1st Circuit Court of Appeals said the weather service is protected from awards like that made by U.S. District Judge Joseph Tauro because weather forecasting is a discretionary function. [...] Tauro found the government liable in the [fishermen's] deaths because of its failure to repair a weather buoy used to forecast conditions. In the appellate court ruling, Judge Bailey Aldrich wrote, "The government did not create the weather, it merely failed in the (lower) court's opinion to render adequate performance. "This was a discretionary undertaking." Michael Latti, attorney for the families, said he would ask the U.S. Supreme Court to review the Appeals Court decision. He said the 1st Circuit Court found the government did not have to exercise "ordinary reasonable care" when it undertakes a discretionary function such as issuing weather forecasts. HOUSE PANEL OKS LIMITS ON HIGH-TECH EAVESDROPPING By Mary Thornton, Washington Post Service After more than two years of study, a House subcommittee Wednesday unanimously approved a bill that would make it illegal to eavesdrop on electronic communications, including cellular telephone conversations, electronic fund transfers, and computer messages and data transmissions. The bill would also extend to such communications Fourth Amendment protection against unreasonable search and seizure. A report by the congressional Office of Technology Assessment last October [...]included a survey of federal agencies, including six that said they planned to intercept or monitor electronic mail as part of their investigative work. The bill would require a court-approved search warrant for law enforcement agencies to obtain a computer message within six months of its generation and a subpoena after that. [...] Also, under the legislation law enforcement agencies would have to meet the strict standards of the federal wiretap statute to eavesdrop on cellular telephone conversations. The bill contains several provisions to make it easier for federal law enforcement agencies to obtain court-approved wiretaps. It would expand the categories of crimes for which a wiretap may be approved as well as the number of officials in the Justice Department who can approve such a request. The bill also would make it a misdemeanor to use a satellite dish to intercept subscription television signals, but only if the information is then used commercially. The bill is currently being called "The Electronic Communications Privacy Act of 1986". No HR number was given in the article. --Alan Wexelblat ARPA: WEX@MCC.ARPA UUCP: {ihnp4, seismo, harvard, gatech, pyramid}!ut-sally!im4u!milano!wex ------------------------------ Date: Thu, 15 May 86 16:14:31 EST From: davy@ee.purdue.edu (Dave Curry) To: risks@sri-csl.arpa Subject: More Phone Bill Bugs... To add to the ever-increasing list of screwed up phone billing software, this is from the May 12 issue of Communications Week (selected excerpts): "GTE Sprint Communications failed to bill customers for millions of dollars worth of calls made between Feb. 21 and April 26 of this year, Communications Week has learned." ".... cost Sprint between $10 million and $20 million." "The errors were made through 10 of Sprint's 58 switches...." "Regular calls.... went undetected in those 10 switches...." ".... $1 billion in revenues a year, $20 million represents about 2 percent of the company's annual revenue." "The errors apparently happened because programmers made billing software changes in some, but not all, of Sprint's switches. The omissions have since been corrected." Sometimes one wonders if we'll ever learn... I wonder what happens now to the poor slob who approved those software changes ("ooops.")... --Dave Curry, Purdue University [davy@ee.purdue.edu] ------------------------------ Date: 14 May 86 11:50 EST From: davidsen%kbsvax.tcpip@ge-crd.arpa Subject: backup problems To: risks@csl.sri.com Getting people to do backup can be done by management (or whatever passes for it in educational institutions). The trick is to convince people at the gut level that there will be consequences if they don't backup. One method might be to quietly pick people at random, and if their files are not backed up, pull hardcopy of the work and revoke the user's rights to use the computer. A really hardnosed management might just randomly trash a disk now and then (after warning people that this would be done) and letting the resulting cries of pain get the job done. There will *ALWAYS* be those who are too stupid or stubborn to respond to any education. You might as well either (a) get rid of them, or (b) if they are really valuable in other ways, assign someone to back up their work. At one (unnamed) site, management was encouraged to read their electronic mail regularly by having top management send meeting notices and requests for data to the middle management. Just one phone call from an irate top manager asking why a meeting was missed usually did the trick. The middle management started passing the concept on, and now Email is used instead of paper for most messages. ------------------------------ Date: Thu, 15 May 86 21:10:48 edt From: allegra!phri!roy@seismo.CSS.GOV (Roy Smith) Subject: More on backup procedures (amusing ad) Organization: Public Health Research Institute, NYC, NY There have been several items in RISKS-DIGEST recently about the dangers of not doing backups. I've already made my contribution, but an interesting ad from 3-M caught my eye. As the ad says, "when it comes to doing computer backup, any excuse will do" [i.e. for not doing it -- RHS]. See the June Sci. Am., page 21 for the rest. BTW, I have no connection with 3-M. I just liked the ad. ------------------------------ End of RISKS-FORUM Digest ************************ -------