precedence: bulk Subject: Risks Digest 20.11 RISKS-LIST: Risks-Forum Digest Tuesday 8 December 1998 Volume 20 : Issue 11 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at and at ftp.sri.com/risks/ . Contents: San Francisco power outage delays this issue (PGN) How a FUSE caused a hospital to disconnect from the Power Grid (Joan L. Grove Brewer) FAA investigating near-collision of passenger jets off Long Island (Richard Schroeppel) Y2K panic could be as disruptive as computer problems (Declan McCullagh) NRC ERDS TMI risk? (Lloyd Wood) MS Outlook's calendar shifts with time zone (Greg Marriott) Shanghai entrepreneur tried in China (Edupage) Typo causes wild stock fluctuations for wrong company (Lee Somerman) Wassenaar Arrangement signed (Seth David Schoen) "A very interesting development": export exemptions for free software (Seth David Schoen) Electronic Vote Rigging? Shurely shome mishtake... (Malcolm Pack) Spamming to Spy (Dick Mills) Re: Dulles radar fails for half-hour (Steve Peterson) Re: the Internet has {no|perfect} memory (Mike Perry) A risk --or at least a highly undesirable use-- of JavaScript (Joe Thompson) Faulty failure modes (Mike Ellims) Re: Root login on SecureID server (Jay R. Ashworth) Author response to Slade review of Democracy & Technology (Richard Sclove) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 8 Dec 1998 11:33:12 -0800 (PST) From: "Peter G. Neumann" (Neumann@CSL.sri.com) Subject: San Francisco power outage delays this issue (PGN) At 8:15 this morning, failure of a power substation in San Mateo County south of San Francisco propagated, knocking two power plants off line, and affecting about 372,000 customers in San Francisco and some northern Peninsula cities, some for up to two or three hours. The blackout took down the SFO Airport, the Pacific Stock Exchange, rapid transit, and ATMs, as well as homes, offices, and hospitals. There were reports of people stuck in elevators and problems with home medical equipment. SFO was back up by 9:45 with emergency generators. The surge was felt in the North Bay and East Bay as well. SRI experienced only a power blip, but it was enough to wipe out a bunch of servers throughout the institute; CSL's computers were down for more than two hours. [Sources: patched together from various early on-line reports...] [I look on this as a further reminder of how dependent we are on electric power, and how outages tend to propagate. Y2K-ologists will undoubtedly take this as a microcosm of what might happen on 1/1/00.] ------------------------------ Date: Sun, 6 Dec 1998 15:29:29 -0800 From: "Joan L. Grove Brewer" Subject: How a FUSE caused a hospital to disconnect from the Power Grid.:-) In April 1998, the Valley Medical Center in Renton WA attempted to cut over to its new power cogeneration plant, independent of the local utility's power grid. The staff was apparently not adequately prepared, because it was assumed the cutover would be seamless. Initially, the hospital indeed ran smoothly, but then lights began to flicker, ventilation fans cut out, alarms beeped, and computer screens blinked on and off. [Source: How a $5.9 million power plant brought a hospital to its knees, by Byron Acohido, Seattle Times staff reporter, *The Seattle Times*, 6 Dec 1998, http://www.seattletimes.com/news/local/html98/vall_120698.html; PGN Abstracting] ------------------------------ Date: Tue, 8 Dec 1998 09:13:50 -0500 (EST) From: Richard Schroeppel Subject: FAA investigating near-collision of passenger jets off Long Island A near collision between two Europe-bound passenger jets (British Caledonia L-1011 and Delta 767) occurred on the evening of 6 Dec 1998, avoided by onboard collision warning systems. Controllers blamed the absence on the expected earlier (2.5 minutes) warning from controllers on the failure of the Boston air-traffic control center in Nashua NH; the FAA is investigating. Over the same weekend, the FAA blamed onboard TCAS systems for a near collision over Albany NY. [Sources: *San Francisco Chronicle* 8 Dec 1998, A3 unsourced, and an AP item from Boston, 8 Dec 1998, http://www.nandotimes.com; PGN Abstracting] ------------------------------ Date: Fri, 04 Dec 1998 12:36:38 -0500 From: Declan McCullagh Subject: Y2K panic could be as disruptive as computer problems One of the more interesting -- and perhaps serious -- Y2K risks is not computer snafus, but widespread panic. As Y2K coverage becomes increasingly mainstream (60 Minutes and CBS News ran pieces this week), stockpiling by individuals and businesses could lead to a recession or even bank runs. At least that was the verdict at a Y2K summit on Thursday. --Declan http://www.wired.com/news/news/business/story/16618.html Bankers: Prepared for a Panic? 4:50 p.m. 3.Dec.98.PST by Declan McCullagh (declan@well.com) Fear of electric-power outages and bank failures could lead to widespread panic as disruptive as the Y2K glitch itself, Senator Robert Bennett warned Thursday at the first summit organized by President Clinton's Y2K council. "Even if the Y2K problem is solved, the panic side of it can end up hurting us as badly," said Bennett, the Utah Republican who heads the Senate's Year 2000 committee. [remainder snipped] ------------------------------ Date: Fri, 4 Dec 1998 12:56:19 +0000 (GMT) From: Lloyd Wood Subject: NRC ERDS TMI risk? From: http://xent.ics.uci.edu/FoRK-archive/nov98/0071.html [Ob-Bits] I recently discovered something interesting about the NRC's (Nuclear Regulatory Comm.) ERDS (Emergency Response Data System). Instituted as a response to TMI (Three Mile Island) ERDS is the computer link that US nuclear plants are supposed to use to transmit critical release data in the event of an accident. Well, guess what, they have ONE modem at the NRC. A big help that will be on Jan 1, 2000. Sleep tight. [No URL available, this is my own observation] PGP ------------------------------ Date: Sat, 5 Dec 1998 14:41:47 -0800 From: Greg Marriott Subject: MS Outlook's calendar shifts with time zone Martin Minow suggested that I send this item. A friend told me about this a few weeks ago. I didn't believe him. I had to see it for myself. Just imagine... [wavy dream lines] You live in San Francisco and go to New York for business. You enter all your business meetings in MS Outlook's calendar on your Windows laptop before you leave. You fly to New York and adjust your location (time zone) so your computer will what time it is. Then you miss a crucial appointment because the calendar claims a meeting is at 3pm even though you said it was at noon. All your appointments get time shifted when you change your location. They claim this is a feature. I kid you not. I can only guess that somebody decided appointments should be stored as GMT and then displayed as local times depending on the time zone the computer thinks it's in. As to why they thought this was a good thing, I have no clue. Greg Marriott ------------------------------ Date: Sun, 06 Dec 1998 13:36:36 -0500 From: Edupage Editors Subject: Shanghai entrepreneur tried in China (Edupage) The Chinese government has put 30-year-old Shanghai computer software businessman Lin Hai on trial for "inciting the overthrow of state power" by providing 30,000 e-mail addresses to a U.S. Internet magazine called "Big Reference" published by Chinese dissidents. Chinese authorities closed the four-hour trial for what it said were "national security" reasons, and "persuaded" one member of Lin's legal team not to attend the trial. Lin's wife Xu Hong, who was questioned by the police for six hours, has indicated that Lin's lawyer "said he didn't have a very good feeling -- that things won't be good for Lin and he will probably be found guilty." (*The Washington Post*, 5 Dec 1998; Edupage, 6 December 1998) ------------------------------ Date: Fri, 4 Dec 1998 20:29:42 -0800 From: "Lee Somerman" Subject: Typo causes wild stock fluctuations for wrong company That's Ticketmaster, With an 'S' Wired News Report, 3 Dec 1998 Ticketmaster Online-CitySearch's initial public offering later today will raise a whopping US$98 million for the online entertainment guide. It also bolstered the fortunes of a tiny office cleaning company in Manhattan, thanks to a misprint. Ticketmaster's stock is slated to trade under the symbol TMCS. But Reuters and ZDNet mistakenly printed the symbol as TMCO in their coverage of the IPO. TMCO is the stock symbol of Temco Service Industries International. Because of the erroneous reports, the stock zoomed to an all-time high of $65 from $23. In early afternoon trading, the stock settled back down at $31, after investors apparently figured out their mistake. Representatives of the company were not immediately available for comment, nor were Ticketmaster officials. Talk about a random walk on Wall Street. ------------------------------ Date: Fri, 4 Dec 1998 13:15:01 -0800 From: Seth David Schoen Subject: Wassenaar Arrangement signed According to a press release and Reuters reporting, the Wassenaar Arrangement, a major treaty on export controls, has been signed by 33 member states. The most significant provision of the Arrangement from the point of view of most computer users is a promise by signatories to adopt US-style export controls on cryptography. While the Arrangement does not dictate specific policies for its member states, they are still expected to try to bring their export rules in line with certain standards, which analysts said were dictated by the US and intended to promote an anti-crypto agenda. The member countries are Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Republic of Korea, Luxembourg, The Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Russia, Slovakia, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, United States. Some of these countries are presently the major sources for the international distribution of cryptographic software. http://biz.yahoo.com/rf/981203/3l.html http://www.wassenaar.org/ ------------------------------ Date: Fri, 4 Dec 1998 14:15:13 -0800 From: Seth David Schoen Subject: "A very interesting development": export exemptions for free software According to some international developers of crypto software, some Wassenaar countries have exemptions in the works for free or Open Source crypto software (with various definitions of what's allowed). There are also supposed to be exemptions for public domain software. The Norwegian developer Eivind Eklund wrote on slashdot.org: I just got information on how Norway (where I live) implement this (ie, how the regulations are changed). The new rules prohibit export of crypto-software, but with a deliberate exception for open source software. This is a very interesting development. Several other countries seem to be developing similar policies (including Sweden and Canada); these rules could protect the development of free crypto software on the Internet. Seth David Schoen L&S '01 (undeclared) / schoen@uclink4.berkeley.edu ------------------------------ Date: Fri, 04 Dec 1998 06:00:45 GMT From: mpack@email.com (Malcolm Pack) Subject: Electronic Vote Rigging? Shurely shome mishtake... I recently received the following e-mail from a former colleague: > An attempt is being made to influence the result of the voting for BBC > Sports Personality of the year. It has been decided that David Beckham > would provide most embarrassment to the organisers if winning, so > could you all e-mail your vote to the following address: > > > > More importantly, can you forward this mail to all your mates & > acquaintances ASAP in the hope that they will participate. > > Your co-operation in this matter is greatly appreciated. For those with no interest in English sport, David Beckham was the player who, by deliberately fouling another player during the recent Football (Soccer) World Cup in France, made himself responsible (the scapegoat?) for England's departure from the competition. To have to proclaim him "Sports Personality of the Year" would indeed be a delicious and embarrassing irony for the BBC. The intent of the mail is relatively harmless, even amusing. The risks to the BBC of opening up the voting to such an inexpensive, anarchic, insecure and easily-spoofed medium as e-mail are, as we so often have to say, obvious. Needless to say, I've already registered my vote. ;-) Malc, Southend-on-Sea, UK ------------------------------ Date: Sat, 12 Dec 1998 20:54:32 -0500 From: Dick Mills Subject: Spamming to Spy In RISKS-20.10, (Jason Stokes) wrote about voice mail with embedded audio playback software embedded in e-mail. He said: >I don't have to remind comp.risks readers of the potential for viruses and >Trojan horses to spread after being inserted into executable files sent >over e-mail. Ugh. The post prompted me to think of the reverse kind of Trojan horse. If users accepted e-mail with embedded programs, and also leave their audio systems and or video systems enabled, then someone could send a mail message that would launch a program that would turn on the microphone and camera and transmit the information back to a remote location. Bugging via spam. Hmmm, I wonder if there's an Internet enabled PC in the Oval Office or in the corridor outside? Dick Mills http://www.albany.net/~dmills ------------------------------ Date: Mon, 07 Dec 1998 22:56:45 -0600 From: Steve Peterson Subject: Re: Dulles radar fails for half-hour (RISKS-20.10) RISKS-20.10 reports that, due to a radar failure, "controllers had no information on the altitude, airspeed or identification of about a dozen planes circling the airport." While radar failures are certainly important, it's wrong to say that radar failures deprive controllers of this information. In this situation, pilots report all three items (plus their position) to ATC via radio. ATC procedures provide for increased separation between aircraft to compensate for the lack of radar data. In the US (and presumably elsewhere), there are many places where reports by the pilot are the _only_ source of information on the location of aircraft. Steve Peterson, Principal Consultant, Virtation Technologies, Inc. http://virtation.com +1 612 948 9729 ------------------------------ Date: Fri, 4 Dec 1998 21:39:06 est From: Mike_Perry@DGE.ceo.dg.com Subject: Re: the Internet has {no|perfect} memory (RISKS-20.09-10) Before the last election here in the UK, the Labour party was against controls on encryption, and promised, on their website, to oppose them. Now that they are in power, they are planning to introduce a law controlling encryption - all the usual key escrow, TTP stuff. And they've quietly removed the pages on their site which promised opposition to such legislation. Old fashioned paper pamphlets are impossible to retract, but I personally find the ease with which the Internet facilitates this Orwellian rewriting of history a bit scary. The RISK? - not simple disappearance, but the replacement of the real past with a false one. Mike Perry ------------------------------ Date: Fri, 04 Dec 1998 12:44:42 -0500 From: Joe Thompson Subject: A risk (or at least a highly undesirable use) of JavaScript Today I was browsing the Macintouch web site (http://www.macintouch.com/) and saw a link to a Wired News article on Virginia's new proposal for anti-spam legislation. As a Virginia resident and anti-spam activist, wanting to know more from having seen bits yesterday, I clicked the link and got the article at: http://www.wired.com/news/news/politics/story/16591.html After reading the article I hit the Back button to go back and finish today's Macintouch news. What happened next surprised me: a new browser opened up and presented me with a survey, unasked-for and certainly unwanted. Checking through the HTML code of the Wired article, I found the following lines: [...] var MBIstudyUrl = "http://mass.mbinteractive.com/mass/bedemir.dll/"; //this line will change for final deployment of pages. [...] function RDABV(){ [...] if(MBIsampledUser && MBIvisitor) { getSetMBICookie(MBIcookName); if (MBIcookie == "") MBIcookie=0; window.open(MBIstudyUrl + MBIstudyName + "?Ntc=" + MBIcellVal + "&Ntookcook=" + MBIcookie , "survey"); sampledUser = 0; } [...] } [...] [...] For those not familiar with JavaScript, "onUnload" is called whenever a page ceases to be displayed (the users types in a new URL, clicks a link, or clicks a navigational button on the toolbar). In this case, when I leave the Wired site, a URL is constructed from previously set variables and I am sent to it. The security and privacy implications of a web page redirecting users to random sites without their prior knowledge or approval are obvious. A simple case is a web site which redirects the user to a pornographic site, triggering alarms in corporate monitoring software. -- Joe Joe Thompson, Charlottesville, VA joe@orion-com.com http://kensey.home.mindspring.com/ ------------------------------ Date: Fri, 4 Dec 1998 17:55:02 -0000 From: Mike Ellims Subject: Faulty failure modes Faulty Failure Modes or It could give you a heart attack. A couple of nights ago I was talking on the phone to my father (who lives in Lower Hutt, New Zealand) from here in Cambridge, England when the line went dead. When I tried to ring back all I could get was a ringing tone. Now as my father had a quad heart bypass operation about four months ago and as far I could tell (even after ringing British Telecom) that the phone was working, I rang the police in Lower Hutt and asked to send a car around to check. They also attempted to phone and on getting no answer decided to upgrade the call to 111 (i.e. 911 in the US) and dispatched both a police car and an ambulance. My rather amused (and healthy) father was greeted by two emergency vehicles arriving on his doorstep as was an abused telephone "engineer" who had the cut the wire carrying our conversation. The failure mode is of course that cutting a connection completely make it look as if someone won't or more importantly can't answer the phone. All was well though, as one of the police officers and one of the ambulance crew had been coached by father at football (soccer in US)... It's a very small world. Mike Ellims Pi Technology www.pitechnology.com +44 (0)1223 441 434 ------------------------------ Date: Sat, 05 Dec 1998 14:26:40 -0500 From: "Jay R. Ashworth" Subject: Re: Root login on SecureID server (Dean, RISKS-20.10) No, this one's not Security Dynamics' fault, as you've no doubt found out by now. This is a common, and well documented, failure of the NIS client code for most versions of Unix. The format of the "send other inquiries to the NIS server" line in your password file is such that, if NIS isn't running, you're likely to find yourself logged in as root, unless the administrator was careful. I don't remember exactly, it may not be possible to avoid the hole at all and still have NIS run correctly when it _is_ running; this is in the Red book, but I haven't read it lately, and it's not handy. ------------------------------ Date: Wed, 18 Nov 1998 10:27:57 -0500 (EST) From: Richard Sclove Subject: Author response to Slade review of Democracy & Technology Response by Richard Sclove to Rob Slade review of _Democracy and Technology_ in RISKS FORUM (6 November 1998 Volume 20 : Issue 05) Several fans of my book, _Democracy and Technology_ (New York and London: Guilford Press, 1995), urged me to reply to Rob Slade's recent review (RISKS FORUM 6 Nov. 1998). I thank Rob for taking the trouble to read my book. It's difficult to respond point by point to his criticisms, because in some instances these are matters of judgement, and who would be surprised if an author disagrees with a negative review? But I'll do what I can within a limited amount of space. Rob's principal, repeated complaint is that my empirical examples are uncompelling and too few in number, and that I provide no convincing evidence that a democratic politics of technology can actually come about. I'm surprised, because numerous previous reviewers have found my book's rich array of empirical cases, and its careful balance of idealism tempered by realism, precisely its greatest virtue. One example: Professor Bart Schultz (University of Chicago), reviewing _Democracy and Technology_ in the journal _Ethics_ (Jan. 1997), judges that: "The great strength of [Sclove's] book is surely in just this effort to bring together materials from the United States and across the globe, demonstrating how technology can and should be democratized. ... The Amish, the Berger Inquiry over the MacKenzie Valley Pipeline (in Canada), different policy strategies toward AIDS, the Dutch science shops and Denmark's consensus conferences, the Boimondau watchcase factory, the Mondragon system, the movement by people with physical disabilities for barrier-free design, the mobilization against toxic waste by the residents of Woburn, Massachusetts, the Chicago Center for Neighborhood Technology, Lucien Kroll's 'Zone Sociale' for the Catholic University of Louvain Medical School -- these are but a few of the cases marshalled to show how realistic it is to go beyond conventional economic analysis and unregulated markets to make technological development subject to democratic design and assessment." Rob Slade judges the provisional democratic design criteria that I propose without merit. His test case is that he finds that military technologies come up looking democratic using these criteria. His finding is perplexing. The first criterion I propose recommends avoiding technologies that support authoritarian social relations, and other criteria prescribe avoiding technologies that hinder democratic deliberation or that promote unduly centralized political power relations. Now, as my book also observes (on pp. 22, 232-233), nuclear weapons are associated domestically with highly centralized, secretive power relations that even circumvent the basic U.S. constitutional balance of powers (i.e., by allowing the President to put hundreds of millions of lives at stake without consulting Congress). On these grounds, I would judge, contrary to Rob, that nuclear weapons fail spectacularly to pass muster against the democratic criteria I propose. A major motivation of my book is to establish the mildly audacious claim that democratic evaluation should supersede conventional economic analysis as the principal basis for technological decisions. (E.g., when fundamental democratic principles are at stake -- as I show they often are in technological decisions -- we shouldn't rely in the first instance on a narrow economic cost-benefit analysis.) Rob's review complains, however, that, "Economic theory is not actually challenged in chapter ten [of Sclove's book]. Instead it is turned into a straw-philosophy. ..." Gosh, Rob, isn't it peculiar that trained economists don't seem to read my book that way at all? For instance, economics professor Steve Cohn writes in the _Ecological Economics Bulletin_ (4th Quarter 1997): "For economists, the meat of Sclove's theoretical argument is contained in Chapter 10, where he challenges the optimality conclusions conferred on market outcomes by neoclassical economics. ... The book is well worth reading and could easily contribute to courses in economics, political science, science and technology, and public policy." Thus here and elsewhere, I find Rob's somewhat ranting style cute and engaging to read, but also judgementally sloppy, cavalier, and misleading. On the other hand, I think a weakness in my book (albeit one that neither Rob nor other reviewers have noted) is that I didn't suggest a specific institutional means for debating and applying my provisional democratic design criteria within participatory settings. I'm currently working on that task under a grant awarded by the U.S. National Science Foundation and in collaboration with the Danish Parliament's Board of Technology. Indeed, my book is not at all a work in idle scholarship. The nonprofit Loka Institute, which I founded over a decade ago, works full-time on trying to promote a democratic politics of technology in practice, and we've had some notable successes (e.g., in promoting a worldwide network of centers for conducting community-based research, and in our introduction into the U.S. of European-style deliberative citizens' panels on science and technology policy). Anyone interested can learn more from Loka's Web page or by subscribing to Loka Alerts, our free, occasional (and quite popular -- 15,000+ subscribers worldwide) newsletter; just E-mail a subscription request to . Stylistically and in the complexity of its argument, my book is pitched midway between a scholarly work and a popular one. The result has been that academic reviewers tend to find it accessible and engaging, while reviewers in more popular venues often agree with Rob that my book makes considerable demands upon the reader. So, is Slade wrong in all his judgments? Nope, he is entitled to his opinions--and I agree that a couple of them are on target. But since numerous other readers and reviewers have reached rather different conclusions overall, I hope those curious will read my book and judge for themselves. My own view is that while my book is certainly imperfect, it addresses vitally important questions, and it remains the most comprehensive and incisive work written on its topic to date. (I guess I'm not entirely alone in that opinion; Rob's review neglected to inform RISKS subscribers that _Democracy and Technology_ received the 1996 Don K. Price Award of the American Political Science Association as the "year's best book on science, technology and politics.") Thus, my suspicion is that whether one agrees with it or not, it's hard to read _Democracy and Technology_ and not find oneself challenged to think about the social and political significance of technologies in a new, more illuminating way. Thanks again to Rob Slade and to this forum. Richard Sclove, Founder & Research Director, The Loka Institute, P.O. Box 355, Amherst, MA 01004 USA +1-413-559-5860 http://www.loka.org Loka@amherst.edu ------------------------------ Date: 23 Sep 1998 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The RISKS Forum is a MODERATED digest. Its Usenet equivalent is comp.risks. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL REQUESTS to with one-line, SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or INFO [for unabridged version of RISKS information] .MIL users should contact (Dennis Rears). .UK users should contact . => The INFO file (submissions, default disclaimers, archive sites, copyright policy, PRIVACY digests, etc.) is also obtainable from http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info The full info file will appear now and then in future issues. *** All contributors are assumed to have read the full info file for guidelines. *** => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line. => ARCHIVES are available: ftp://ftp.sri.com/risks or ftp ftp.sri.comlogin anonymous[YourNetAddress]cd risks [volume-summary issues are in risks-*.00] [back volumes have their own subdirectories, e.g., "cd 19" for volume 19] or http://catless.ncl.ac.uk/Risks/VL.IS.html [i.e., VoLume, ISsue]. PostScript copy of PGN's comprehensive historical summary of one liners: illustrative.PS at ftp.sri.com/risks . ------------------------------ End of RISKS-FORUM Digest 20.11 ************************