RISKS-LIST: RISKS-FORUM Digest Monday 29 February 1988 Volume 6 : Issue 33 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Risks of Believing in Technology (Matt Bishop) Slippery slopes and the legitimatization of illegitimacy (David Thomasson) Post Office Loses Its Zip Maker (Charles Youman) File matching (Brint Cooper) More double troubles (Peter Capek) Government accountability rules used to justify inspection of all files (Marc Gibian) Counterfeit products (Gordan Palameta) Re: viruses (Marcus J. Ranum) "The Adolescence of P-1" (Jonathan I. Kamens) Computerized voting & punch cards (Will Martin) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. > > > > > > > > > PLEASE LIST SUBJECT in SUBJECT: LINE. < < < < < < < < < For Vol i issue j, FTP SRI.COM, CD STRIPE:, GET RISKS-i.j. Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85). ---------------------------------------------------------------------- Date: Mon, 29 Feb 88 08:26:02 EST From: Matt Bishop Subject: Risks of Believing in Technology (Re: RISKS-6.32) This is in regard to your article "Back-Seat Driving Goes High Tech". There's one other risk of that computerized loud-mouth back-seat driver. Driving with an ill-tempered co-driver makes otherwise calm people very nervous, thereby decreasing their ability to monitor other traffic safely, scan the road, take foul weather (e.g., ice on the road, heavy rain) into account, and in general do all the things that they do as well as when calm. So these people will either have trouble ignoring the device or will become so flustered that they will come to depend on the device to an unhealthy extent. In either case, the risk of them getting into an accident jumps with the installation of a device that is supposed to prevent accidents! A personal peeve here. I have no objection -- indeed, I welcome -- the use of technology to improve our abilities -- the hand-held calculator is a wonderful thing! But when the technology allows people to depend on that technology to such an extent basic skills start to disappear, there is something wrong with the use of that technology. Anyone who's seen a teenager struggle to multiply 314 and 512 by hand, then give up and reach for a calculator, knows just what I mean. Matt ------------------------------ Date: Sat, 27 Feb 88 13:49:11 EST From: David Thomasson Subject: Slippery slopes and the legitimatization of illegitimacy As a philosopher who is not a computer expert, I've noticed a kind of argument in the Risks Forum that is worth commenting on. It is usually called a slippery-slope argument. Two recent examples: A writer cautioned that the electronic homing devices for locating stolen cars could be misused by police to monitor the car-owner's whereabouts. Another writer warned that if the electronic back-seat driver called "Lookout" (it shouts at the driver when obstructions are ahead) is widely used, drunks and other impaired drivers "will be taking to the road with alacrity." The slippery-slope principle is the same in any application: If we allow a particular device (power, authority, privilege, etc.) to be used for some legitimate end, we open the way for its being used toward illegitimate ends. What makes this an uninteresting kind of argument is that it applies to *any* device, power, authority, etc. The arrest powers of police are subject to abuse; lawyer-client privilege is subject to abuse; and so on. It might help if writers who employ this argument distinguished possibility from risk. It is *possible* that a computer mishap will result in a $1000 phone bill next month. But should I regard this as a *risk* of having a phone? I don't think so. There at least two factors that help distinguish possibilities from risks. One is the probability that the event in question will occur. The other is what is available to prevent or deter the event or behavior in question. The two are obviously related. And the line between possibility and risk is obviously blurred. Perhaps if writers considered these factors they might conclude either that what appeared to be a risk really isn't one, or that the risk is smaller (or greater) than it appeared to be. Arguments in Risks would be generally more persuasive if writers would, when pointing out a risk, assess the *degree* of the risk as they see it. Sometimes the alarm is sounded a bit too loudly. [As has been noted frequently in RISKS, (1) probabilities are irrelevant when it is YOUR life that is lost; (2) technology does not always work the way it was supposed to. That is not a philosophical point, but a reality. If a computer mishap results in your getting a $1000 phone bill, the phone company will eventually recant. But incapable drivers are linked with many irreversible events. BIG DIFFERENCE. PGN] ------------------------------ Date: Fri, 26 Feb 88 13:25:27 EST From: Charles Youman (youman@mitre.arpa) Subject: Post Office Loses Its Zip Maker For an upcoming conference I've been trying to work out the details with the Post Office so that we can include a business reply envelope with our preliminary program. The Post Office normally provides the camera ready artwork for the facing identification mark (the bars that appear at the top of the envelope) and the Zip + 4 barcodes that appear at the bottom. This process normally only takes a couple of days so after a couple of weeks had gone by without receiving them, I called the Post Office to check their status. The explanation I received was that a piece of equipment was down and was not expected to be back in service until March 7th. While it was not specifically identified as a computer that had failed, it was mentioned in passing that (1) the outage was nationwide and (2) it prevented the assignment of Zip + 4 addresses. Business reply mail has a different Zip + 4 address than other mail to the same location. What surprises me is that there appears to be a single point of failure in what is otherwise a very decentralized organization. It may have saved the Post Office a couple of bucks when they bought the equipment, but it's costing them more now since it takes more labor to process mail that doesn't have the barcodes. Charles Youman (youman@mitre.arpa) ------------------------------ Date: Sat, 27 Feb 88 22:40:34 EST From: Brint Cooper Subject: File matching (Barry Nelson) [RISKS-6.32] Folks, I'm afraid that the battle over use of SSN for other than taxpaying functions is lost. The practice is simply too pervasive in our society (the ultimate distributed system!) ever to be discontinued. So, let's concentrate on specifics. Here, we have an application where technology is being used to enforce the law requiring people who have borrowed money from the taxpayers to pay it back. I have heard people brag that they'll recommend that their kids take out Federally-financed loans to pay for their educations and not bother to pay back the loans. I, for one, would LOVE to see such people caught by their own Social Security Numbers. As always, we have to consider the risks of NOT using computers; here, such risk is that we would allow our system to become bankrupt rather than catch those who have cheated all of us. ------------------------------ Date: Mon 29 Feb 88 11:00:12-PST From: Peter G. Neumann [Really from CAPEK@IBM.COM] Subject: More double troubles Peter Capek me by SnailMail copies of two clippings out of his files, each relating to two people with the same Social Security Number. Ann Marie O'Connor, 21, Queens NY and Anne Marie O'Connor, 22, of Larchmont NY, both with the same SSN. Both are 5' 5", with brown hair and brown eyes, birthdays in September, and a father and a brother named Daniel. It took the government 9 months to straighten out a request for a name change when the first AMO'C got married, during which time she was being dunned for back taxes based on their COMBINED incomes. [From page 12 of an unspecified issue of MONEY] [That's running AMO'C!] James Edward Taylor, (Manhattan) NY, NY, Health Department inspector, and James Edward Taylor, (Brooklyn) NY, NY, Postal Service employee, share the same names, birthdates (23 July 1919), and states of birth (Virginia). They also share the same SSN. The error was detected in 1965, but still had not been corrected eight years later, by which time all sorts of interference problems had arisen. [NY Times, 18 March 1973] ------------------------------ From: harvard!apollo!marc.UUCP@seismo.css.gov (Marc Gibian) Subject: Government accountability rules used to justify inspection of all files Date: 25 Feb 88 18:49 GMT Organization: Apollo Computer, Chelmsford, Mass. Raytheon Company subjects all its multi-user machines to a policy of random verification of file contents. Their justification is that government policy requires that they insure that file space is used only for chargeable work and that violation of this policy constitutes fraud. Raytheon takes this policy that extra step and interprete it as meaning that they -MUST- actively inspect the contents of their file systems to insure that only proper files are stored there. This inspection is done with no regard to the security attributes assigned to files. They also state that they can demand that encrypted files be decrypted for inspection. Files explicitly classified illicit are: Resumes (Of course, at least once a year your are asked to supply your management a resume so they can show the customers the staff's qualifications) Phone lists (I guess the paper you write these down on are not subject to the same rules) Personal correspondence (Do email letters count?) ------------------------------ Date: Thu, 25 Feb 88 19:46:04 EST From: maccs!gordan@uunet.uu.net Subject: Counterfeit products The Sat 20 Feb 1988 issue of the Toronto Globe and Mail has an interesting article on counterfeit products. The gist of the story is that when you mention counterfeit products, most people think of fake Lee jeans or Rolex watches; however, many other less well known items are involved as well, with important safety implications. The article is by Carey French -- here are a few excerpts (reprinted without permission): "Engineers working on a vast new U.S. Postal Service complex in earthquake-prone Los Angeles were aghast when they discovered that as many as one third of the 140,000 metal fasteners used to hold the steel-framed structure together were phony." "In Augusta, Ga. a woman gave birth after her contraceptive pills, labeled Ovulin 21, a product of U.S.-based G. D. Searle and Co., turned out to be fakes made in Panama." "On the computer files of the National Transportation Safety Board in Washington, the words "bogus part" feature in at least 15 aircraft accidents between 1975 and 1986." "Bolts that do not meet the specifications promised by their markings have been implicated in the deaths of a window washer who fell from a high-rise platform in Houston and of an artilleryman serving with NATO forces." The article states that the "dent left by counterfeiting in world trade was estimated at $60-billion in 1984 and ... appears to be increasing." A retired veteran of the City of London Police is quoted as saying, "I don't think we are aware of the enormity of all this" and "It's highly sophisticated and there's evidence that organized crime is involved." Gordan Palameta mnetor!lsuc!maccs!gordan ------------------------------ Date: Sat, 27 Feb 88 12:51:35 EST From: osiris!mjr@PRC.Unisys.COM (Marcus J. Ranum) Subject: Re: viruses (RISKS-6.31) I can see a wonderful business niche for unscrupulous hackers: computer assassination. How much would DBMS Inc. 'A' pay to know that I would insert a lethal virus in the development code of DBMS Inc. 'B' that would cause erratic behaviour and delay the release of the competition's product by a few months ? Maybe that's what's happening to OS/2 :-) ------------------------------ From: jik@ATHENA.MIT.EDU Date: Fri, 26 Feb 88 02:30:53 EST Subject: "The Adolescence of P-1" In RISKS-6.31, Kian-Tat Lim (ktl@wagvax.caltech.edu) mentions the book, "The Adolescence of P-1" as an example of an intelligent, information-hunting virus. The book is by Thomas J. Ryan, and it was published by Collier Books, ISBN 0-02-024880-6. The back cover reads: This is the story of an American youth. And we don't mean Huck Finn. P-1 is the brainiest computer program ever hatched. And the first with real built-in human feelings. As a happy infant, P-1 makes some people very rich. Later, like adolescents everywhere, our sensitive hero becomes the victim of an uncomprehending adult world. With its first identity crisis, P-1 escapes its home computer, infiltrates the far-flung world-s electronic network, and hides out while it grows up. But soon it finds itself at war with the entire U.S. military establishment and, in a bizarre family drama, is forced to seek help from its brilliant, spaced-out human father and his sexy wife. The final "readout" is astonishing, catastrophic, and chilling in the most original science thriller of the year -- the revolt of the machine brought to its ultimate conclusion. I enjoyed the book quite a bit, although it is necessary to suspend disbelief a bit, mostly because the only mainframes discussed are those made by IBM and Control Data [ugh!]. -=> Jonathan I. Kamens MIT '91 ------------------------------ Date: Mon, 29 Feb 88 9:28:40 CST From: Will Martin -- AMXAL-RI Subject: Computerized voting & punch cards Since there seems to be interest amongst RISKS readers about the recent court rulings on punch-card voting here in St. Louis, I append below an article from the St. Louis Post-Dispatch of Saturday, 27 Feb 88: NEW RULING BY HUNGATE ALLOWS UNOFFICIAL RETURNS, OFFICIALS SAY (by Mark Schlinkmann, Regional Political Correspondent) Election officials in St. Louis say a federal court ruling Friday will allow business as usual -- computer tabulation of unofficial returns -- on the night of the state's presidential primary, March 8. Friday's order, by US District Court Judge William L. Hungate, modifies his earlier decision against the Election Board in a case on voting rights filed by Michael V. Roberts, a city candidate who was defeated. In his new order, Hungate limited the number of ballots that would have to be counted manually. The original order, made Dec. 22, touched off protests from Jerry B. Wamser, Election Board chairman. He had said that the order would require a manual count of all ballots -- a process that would take a week or longer. Wamser also had said that the board would not run a computer tabulation on election night because it might lack legal authority to do so under Hungate's original ruling. But board attorney Leo V. Garvin Jr. said Friday night that there no longer was any such concern as a result of Hungate's latest ruling. Garvin declined further comment. In his suit, Roberts, who is black, said he lost the Democatic nomination for aldermanic president last year because the city's punch-card voting system discriminated against blacks. In his decision, Hungate did not overturn the results. But he found that the election board's failure to review ballots for which votes were not counted violated the federal Voting Rights Act. Initially, Hungate ordered the board to count by hand all ballots validly cast by voters but not counted by computer tabulating equipment. In effect, that meant that all ballots would have to be counted by hand, election officials said. [See note below -WM] But on Friday, Hungate ruled that a manual review would be necessary only if the total of "overvotes" and "undervotes" could conceivably make the difference between a candidate's winning or losing an election. An overvote is a ballot rejected because votes are punched for more than one candidate for a given office. An undervote is not counted because of improper punching or no punch at all. Hungate said his modified order applied to the primary on March 8 and to Tuesday's special election to pick a new 17th Ward alderman. Hungate added that the Election Board's plan for educating voters about the punch-card system was satisfactory for those two elections. Voters will be asked to check boxes on signature cards certifying that they have been offered instructions in the use of the punch cards. NOTE: Personally, I don't see how having to manually review ballots which were machine-rejected means that "all ballots have to be counted by hand". The equipment could be programmed to count every ballot where there were no problems, and just kick out any odd ones. Only those odd ones would have to be manually processed. You could have done this decades ago with EAM card-handling equipment, so I can't see why it should be difficult now! Regards, Will Martin ------------------------------ End of RISKS-FORUM Digest ************************