RISKS-LIST: RISKS-FORUM Digest Tuesday, 9 February 1988 Volume 6 : Issue 23 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Don't believe everything you read in the papers. (David Purdue) Anti-virus software (Chuck Weinstock) Virus paranoia (Jeffrey Mogul) All Viruses Considered (Martin Minow) OTA Report: The Electronic Supervisor (Jan Wolitzky) Hub auto-theft lessons; $$$ risks of Lojack (rdicamil) Re: voting (Mike Tanner) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, FTP SRI.COM, CD STRIPE:, GET RISKS-i.j. Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85). ---------------------------------------------------------------------- Date: Tue, 9 Feb 88 11:41:46 est From: munnari!csadfa.oz.au!davidp@uunet.UU.NET (David Purdue) Subject: Don't believe everything you read in the papers. The Canberra Times, Wed, Feb 3, 1988, page 3. CORRECTION For some considerable time, The Canberra Times has been publishing the wrong tide times for Narooma. The error has been in arithmetical calculation in this office of the difference between tide times at Fort Denison as published in standard tide tables and times at Narooma. The error, the source of which is lost in antiquity, was discovered last week when the editor, relying on The Canberra Times figures, was swept out to sea. But he managed to return to shore - and ordered this correction. Mr. David Purdue Phone ISD: +61 62 68 8165 Fax: +61 62 470702 Dept. Computer Science Telex: ADFADM AA62030 University College ACSNET/CSNET: davidp@csadfa.oz Aust. Defence Force Academy ARPA: davidp%csadfa.oz@uunet.uu.net Canberra. ACT. 2600. JANET: davidp@oz.csadfa AUSTRALIA Other Gateways: see CACM 29(10) Oct. 1986 UUCP: {uunet,hplabs,ubc-vision,nttlab,mcvax,ukc}!munnari!csadfa.oz!davidp [There is no such thing as a shore thing, but that will tide him over until next time. PGN] ------------------------------ Subject: Anti-virus software Date: Tue, 09 Feb 88 15:41:28 EST From: Chuck Weinstock There was an ad for anti-virus software for IBM PC's in this past Sunday's New York Times business section. Although I didn't call the number in the ad, my first thought was "what a marvelous way to spread yet another virus." (Sort of like the cyanide tampered Tylenol, though maybe not as deadly.) ------------------------------ From: mogul@decwrl.dec.com (Jeffrey Mogul) Date: 9 Feb 1988 1629-PST (Tuesday) Subject: Virus paranoia [Re: RISKS 6.22/"Macintosh Virus Hits CompuServe"] I realize that viruses are becoming a serious problem, but all this virus paranoia could make the world safe for a kind of "meta-virus." In RISKS 6.22 we read a recommendation: While it is possible to, apparently, "cut" this Resource from infected Systems with the Resource Editor THE ONLY SURE COURSE OF ACTION IS TO TRASH ANY SYSTEM FILE THAT HAS COME IN CONTACT WITH THIS STACK. Imagine what would happen if someone sent out this message: WARNING! A serious virus is on the loose. It was hidden in the program called 1987TAXFORM that was on this bboard last year. This virus does several nasty things: (1) Copies itself into several important system programs so that it will propagate to other disks (2) Copies itself into your own data files so that it can infect system programs on other systems (3) Keeps track of the files you encrypt and mails copies of the cleartext to a bboard in Iowa and a computer at the NSA (4) Randomly garbles files so that you don't necessarily know they are damaged By now, it is possible that your system is infected even if you didn't download this program, since you could easily have been infected indirectly. The only safe way to protect yourself against this virus is to print all your files onto paper, erase all the disks on your system with a demagnetizer, buy fresh software disks from the manufacturer, and type in all your data again. But FIRST! send this message to everyone you know, so that they will also follow these steps to protect themselves. The beauty of this "meta-virus" is that it took me about two minutes to make it really scary and I didn't even have to write any code. Moral: don't join witch-hunts until you trust the witch-hunter more than you distrust the alleged witch. -Jeff Mogul ------------------------------ From: minow%thundr.DEC@src.dec.com (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922) Date: 8 Feb 88 20:54 Subject: Virus on All Things Considered There was a report on the computer virus scare on Sunday's (Feb 7, 88) All Things Considered (public radio news program). I took the following notes: don't expect them to be accurate. Professor Fred Cohen was interviewed. He claims that the virus will spread in 1/2 hour through a computer timesharing system and that it "is a mathematical fact" that you cannot protect against the virus if you allow sharing, transmission, and general access. Eric Hanson (Hansen?), a programmer from Minneapolis, blames the problem on people who lack significance in their lives and gain self-esteem by manufacturing viruses: a revenge of the nerds. He [somehow] draws a parallel with Aids. (Eric sells a program to test for viruses. He claims the government is interested.) Martin ------------------------------ From: wolit@research.att.com Date: Tue, 9 Feb 88 15:45 EST Subject: OTA Report: The Electronic Supervisor The U.S. Congress, Office of Technology Assessment recently released a report on computer-based monitoring in the workplace entitled, "The Electronic Supervisor: New Technology, New Tensions," OTA-CIT-333 (Washington, DC: U.S. Government Printing Office, September, 1987). The following is from the Foreword: "The Electronic Supervisor: New Technology, New Tensions" deals with the use of computer-based technologies to measure how fast or how accurately employees work. New computer-based office systems are giving employers new ways to supervise job performance and control employees' use of telephones, but such systems are also controversial because they generate such detailed information about the employees they monitor. This assessment explores a broad range of questions related to the use of new technology in the workplace and its effects on privacy, civil liberties, and quality of working life. The assessment reports six findings: 1. Computer technology makes possible the continuous collection and analysis of management information about work performance and equipment use. This information is useful to managers in managing resources, planning workloads, and reducing costs. When it is applied to individual employees, however, the intensity and continuousness of computer-based monitoring raises questions about privacy, fairness, and quality of work life. 2. Computer-based systems offer opportunities for organizing work in new ways, as well as means of monitoring it more intensively. Electronic monitoring is most likely to raise opposition among workers when it is imposed without worker participation, when standards are perceived as unfair, or when performance records are used punitively. Worker involvement in design and implementation of monitoring programs can result in greater acceptance by workers, but despite activities of labor unions in some industries and recent progress in labor-management cooperation in others, most firms do not have mechanisms to do this. 3. There is reason to believe that electronically monitoring the quantity or speed of work contributes to stress and stress-related illness, although there is still little research separating the effects of monitoring from job design, equipment design, lighting, machine pacing, and other potentially stressful aspects of computer-based office work. 4. Monitoring the content of messages raises a different set of issues. Some employers say that service observation (listening to or recording the content of employees' telephone conversations with customers) helps assure quality and correctness of information and by protecting all parties in case of dispute. However, service observation also impacts the privacy of the customer, and workers and labor organizations have argued that it contributes to the stress of the employee, and creates an atmosphere of distrust. Monitoring the content of electronic mail messages or personal computer (PC) diskettes also raises privacy issues. 5. Telephone call accounting (computer-generated records of the time, duration, destination, and cost of calls) gives employers a powerful tool for managing the costs of telephone systems. However, it raises privacy questions when accounting records are used to track calling habits of individuals. Other cost control technologies can be used to limit nonbusiness uses of telephones, either instead of or in addition to call accounting. Establishing a policy for use of these technologies will be especially important for the Government as it builds a new Federal Telephone System. 6. Electronic monitoring is only one of a range of technologies used in today's workplace to gather information about the work process or to predict work quality based on personal characteristics of the workers. Many applications of technology, including polygraph testing, drug testing, genetic screening, and, possibly, brain wave testing, illustrate the tension between employers' rights to manage their enterprise, reduce costs, and reduce liability, and the employees' rights to preserve individual privacy and autonomy. Recent concerns of employers, labor unions, civil liberties groups, the courts, and individual workers suggest that a range of workplace privacy issues are in need of resolution. A discussion of this report and this topic in general might be appropriate for this newsgroup. Jan Wolitzky, AT&T Bell Labs, Murray Hill, NJ; 201 582-2998; mhuxd!wolit (Affiliation given for identification purposes only) ------------------------------ Subject: Hub auto-theft lessons; $$$ risks of Lojack Date: Tue, 09 Feb 88 18:36:13 -0500 From: rdicamil@CC5.BBN.COM Just thought folks might be interested in a more real, tangible = $$$ risks of a system such as lojack. In actuality, depending upon how our insurance policy is written, you may not want the authorities to find your vehicle very soon after it's stolen. One reason is that some policies have a clause that requires the car to be missing for a certain period of time (days) before it can be covered under "theft" insurance. [Think of how many people would be reporting stolen cars without such limits.] Another more compelling reason is that depending upon the type of thief, unless they do all the damage to your car very quickly (within 15 mins !!), finding your car soon frequently means the consumer will pay for most any damage, and not the insurance company. (This of course depends upon your level of deductible, and how much damage must be done before your car is "totalled".) The insurance companies like lojack for these perhaps not so obvious reasons. In Massachussetts (where I live), car theft is a simple misdemeanor. If someone take your car for the thrill of joyridding (as oppossed to a pro who might strip it for parts), it's probable that some but not utterly devastating damage could be done. Such cosmetic damage can be far more costly settlement wise, then having your car totalled. Anyway, apart from the skewed economics, I believe the transmitters are not terribly difficult to find on some automobiles, especially if your car is going directly to a junk yard to be stripped. Where the transmitter get's located is often a function of the intelligence of the mechanic who is installing it - there is obviously no one standard place to put it on each make of car! Imagine some archetypical mechanic ("Gee boss, never hid a transmitter on a Ferrari before...can I try ?") Note the Lojack system is not an anti-theft device, in that it doesen't physically do anything to make the car harder to steal; it can however save the insurance companies money). I would still rather have my "Z-lok" (or "Chapman" lock). Of course, anyone who really wants your car will examine it very carefully before attempting to steal it. Even a careful flashlight examination cannot distinguish the exact mechanism attached to the key/collar fitting beneath most dashes. Unless of course you take the risk of placing a label on your car saying you have an alarm system; a label displaying "what kind" of alarm system is the worst thing you can do. "This car equipped with `brand X' electronic protection" provides the truly professional thief with some very specific information. The best compromise is to find a generic "protected by alarm system" label, if you feel your car must have one at all. In summary, "Lojack" may only prove beneficial to the consumer's wallet in the instance of a highly professional theft, where your car risks being dismantled within the hour. In this case it really is a race against time, since they will probably find the transmitter (and be looking for it if you have that label). However, if you own THAT KIND of ($$,$$$) car, such caliber of thieves are usually quite persistent, once they know who you are (or rather where you live). One of my bosses had his brand new, fully alarmed, 1986 Toyota Celica removed from his driveway in Beacon Hill by a wench equipped truck in the wee hours of the morning. He made it out the door only to hear the periodic beep of his pendulum alarm muffled from inside a large van as it went down the street. One week later he still got the bill for the excise tax. Lojack might of helped here. Very clean, very fast - no broken glass - picking up the car set off the pendulum. The Boston police could not offer him much consolation except, "Yup, they wanted your car real bad." Last statistics I saw still rate Mass. as the auto-theft capital, with the most stolen cars as (1) Toyota Celica [GT/turbos] (2) Saab 900 series (3) Porsche's. ------------------------------ From: tanner@tut.cis.ohio-state.edu (Mike Tanner) Subject: Re: voting Date: 8 Feb 88 16:41:02 GMT The Missouri voting issue brought this up in my mind, but I don't know how relevant it is to the discussion. I worked for several years in local politics here in Ohio, primarily doing polling analysis and election analysis. In Ohio people normally vote by pulling levers in a mechanical voting booth then indicate that they are finished by throwing a huge, red-handled lever which causes the machine to mechanically tally their votes. (I don't suppose this is unusual. You can also use a paper, punch-type, ballot by getting an "absentee" ballot and swearing that you will be unable to vote at a normal polling place on election day.) The numbers in the machine are copied down by the election workers at the end of the day, all the numbers from the various precincts in a county are taken to the county board of elections, where they are typically entered into a computer which totals them. There are a number of sources of error, of course. But I don't know what the estimated error rate is. If the race is closer than 2% or so of the total vote, the candidates are entitled to a free recount, otherwise they can pay for one, so that might be taken as an error rate (but that assumes the 2% figure was arrived at rationally). A recount consists in manually retracing all the steps of tallying the votes (except actually revoting), arguing endlessly over discrepancies, and ultimatelly throwing out results from questionable precincts. The relevant phenomenon (to the Missouri issue) is that the total number of votes cast in a given race is strongly correlated with the position of that race on the ballot in the machine. (I'm sure this also happens in places where paper ballots are used.) Races listed toward the left get more votes than those toward the right. This is very predictable and nearly independent of the visibility factor, i.e., the factor that accounts for the fact that more people will vote in a Presidential race than in the race for Judge of the Court of Domestic Relations. Pick any two races and the one listed to the left will get more votes. E.g., County Recorder gets more votes than County Coroner and Recorder appears just to the left of Coroner. Not more than one person in a thousand has the slightest idea what either official does, who the canditates are, or what the qualifications are for the office. This hold across all 88 counties, election after election. The candidates within each race are in random order across all the machines. E.g., for each race, 50% of the machines will have the Republican candidate on the left and the Democrat on the right, 50% will have them reversed. Many Ohio pols would like to see a return to straight ballot days, when a person could simply vote democrat (or republian) by making one mark and vote for all democrats (or republicans) on the ballot. Where's the interest for RISKS readers? I don't know if they're RISKS exactly but: - It indicates that most people don't vote on everything. So not counting a vote because not all the levers are pulled (or holes punched) probably undercounts a lot of otherwise correct ballots. - I have an image of the average voter pulling levers from left to right until he finds himself voting on things he doesn't recognize, begins to lose energy, and finally stops pulling levers and quits. Maybe we make it too easy to vote. Many of those tail-end votes a likely to be spurious. But should we scramble the order of races as well as candidates within races? What difference would that make? - Is scrambling the candidate order really a good idea? What if a lot of democrat-first ballots in a close race found their way (accidentally or on purpose) to a precinct with a large population of independent voters? Or wherever they could make a difference. (I wonder if this has ever happened, or even been looked for during recounts.) - How much affect does the randomizing algorithm have on the outcomes of elections? Even with a good algorithm it's possible in any particular election to get lots more republican-first ballots than democrat-first (or vice versa). Do they keep re-doing it until they get a 50-50 split? If not, would it be grounds for challenging the election, forcing a special election? - The randomizing, assigning of ballots to machines, machines to precincts, and the final totalling of votes are all done by various computers. Some of it is done by the Secretary of State, some in the county Boards of Elections. But there are many steps done manually, figures copied by hand, ballots hand-carried to voting machines, etc. But the fact that computers are involved tends to obscure the human factor and the possibilities of human error (or mischief) for causing problems. -- mike tanner Dept. of Computer and Info. Science tanner@tut.cis.ohio-state.edu Ohio State University ...cbosgd!osu-cis!tut!tanner 2036 Neil Ave Mall, Columbus, OH 43210 ------------------------------ End of RISKS-FORUM Digest ************************