RISKS-LIST: RISKS-FORUM Digest day 1 October 1988 Volume 7 : Issue 63 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Re: Killer terminals (Steve Wilson) Can't Happen and Antilock Braking Systems (Marcus Barrow and Robert Allen, via Mark Brader) ATM's credit check (Amos Shapir) Dive Computers (Terry S. Arnold, Henry Spencer) Emergency Access to Unlisted Telephone Numbers (Dave Wortman) Re: Risks of Cellular Phones (Wes Plouff, Peter Robinson, Walter Doerr) Computers, Copyright Law, and the Honor System (a talk) (Mark Mandel) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Wed, 5 Oct 88 12:42:58 PDT From: Steve Wilson Subject: Re: Killer terminals After seeing all the articles about Killer terminals I thought I'd relate a story about a killer card reader. Many moons ago I was a computer operator at the local community college. The computer was a Nova 2/10 that spent most of the day running a Basic interpreter talking to 4 ASR-33s. Every afternoon we would bring the Basic system down and run jobs for the Fortran class. We couldn't do this often because the card reader(this was ALONG time ago) would work for about a week, then mysteriously die. We must have had 20 service calls on this card reader over 3-4 month period. Everytime the technician would come out with a new card reader and replace the old one. Finally, the technician who had to keep on making this weekly trip looked into what was causing the problem. (I'm not sure why he didn't do this the 2nd time the card reader went out, but...) His explanation was that the card reader was "too fast" for the Nova and the real damage was being done by the interface card from the Nova trying to slow the card reader down. They repaired the problem by "turning down" the card reader to a level the Nova could keep up with. Steve Wilson, National Semiconductor ------------------------------ Date: Thu, 6 Oct 88 05:54:10 EDT From: Mark Brader [SoftQuad Inc., Toronto] Subject: Can't Happen and Antilock Braking Systems (from Usenet rec.autos) From: marcus@bbn.com (Marcus Barrow) Newsgroups: rec.autos Subject: abs, just say no... Date: 3 Oct 88 15:40:03 GMT Organization: Bolt Beranek and Newman Inc., Cambridge MA I've been seeing this discussion of abs for awhile now, and i have a small story to tell. A friend of mine runs a very modified '87 'vette in the New England Hillclimb series. This car naturally enough has abs, along with oversize rotors, suspension mods and a ~350 b.h.p. smallblock. Abs is probably a "good thing" for many drivers. But for Mike, " I ain't 'fraid o' no ZR1", there is another story. It seems at Burke Mt. he approached a corner, pushing 90 as he is wont to do. The paved surface at these hills is less than ideal, and the situation is agravated by tripling and quadrupling the speed limit. So the car hit a bump or waver in the pavement and took a skip. Now what does the abs do once the wheels are off the ground? It's not programmed to deal with wheel lockup. It's supposed to prevent that. When four wheels lock up, the unit apparently shuts down for .5 seconds. The pedal stays hard but nothing happens for a terribly long moment... Mike's car is repairable, but now he's afraid of abs at least! Marcus@bbn p.s. please folks, don't try this at home... - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = From: robert@milk10.uucp (Robert Allen) Newsgroups: rec.autos Subject: Re: abs, just say no... Date: 3 Oct 88 21:43:03 GMT Organization: SRI International, Menlo Park CA This isn't the first time this problem has been noted. When abs first became popular some track racers tested it out. Their universal complaint was that when they topped a certain bump in the track, the car lost traction as it became temporarily airborne, and abs interpreted that to mean that abs should be activated since traction was lost. Computer programs in big computers aren't yet smart enough to do the instant pattern recognition that the human mind can apparently make in such circumstances (ie "I haven't REALLY lost traction yet"), let alone some gimpy program in cars ROM. - abs. Just say No. Robert Allen, robert@spam.istc.sri.com, 415-859-2143 (work phone, days) ------------------------------ Date: 8 Oct 88 21:33:29 GMT From: amos@taux02.UUCP (Amos Shapir) Subject: ATM's credit check The other night I tried to make a withdrawal of the maximum daily amount allowed. The ATM considered my request, and the said something like: "Service temporarily unavailable", which usually means "I have run out of cash". Trying again later, it insisted that I was no longer allowed to withdraw anything on that business day. As Murphy would have it, I was completely out of cash. Since all major banks here are tied on the same network, no ATM in town would allow me any credit, and those that can show previous transactions indicated that a withdrawal of the requested amount has been made. This transaction disappeared from the records the next day, and my credit was restored automatically. It's quite obvious that to save network traffic, the same message from the ATM to the central database which asks for confirmation of credit, also serves to inform it of a withdrawal; it seems that the ATM does not report incomplete transactions. Such sloppiness in programming would not be tolerated in any business, but frankly, my dear, I don't think the banks give a $%^&$@. Amos Shapir, National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel Tel. +972 52 522261 ------------------------------ Date: Tue, 4 Oct 88 21:07 EDT From: "Terry S. Arnold" Subject: Dive Computers (Re: RISKS-7.60, Brian Randell) The advent of dive computers has changed the way most serious divers go about their sport. Prior to the introduction of dive computers we had to rely on a variety of dive tables based in most cases on originals published in 1959. The current generation of dive computers are based on more current research work on Decompression Sickness and just how nitrogen (the cause of Decompression Sickness) is exchanged during diving. In the past we had to work with our own fudge factors for the artificial dive profiles that the tables assumed. Most divers fudged on the "safe" side were successful in avoiding the bends. The modern dive computers use a more realistic model of how sport diving is really done and eliminates the need for fudge factors. Like any piece of modern safety equipment dive computer can and are misused sometimes with ill effects. Unlike the usual dive tables the dive computer come with a considerable amount of literature including research references. When I purchased my dive computer I looked up the refrences and read the papers. I found that the dive computers were more conservative than the tables and provided guidance on how to take age, sex, and physical activity into account in a much more realistic way than the guidance published for the dive tables. I use a dive computer for all of my diving (>200 dives in the last 18 months) and will not dive any other way. I have developed methods so that I can revert back to the tables if a computer failure ever occurs. Most of the reports that I have read in the diving press including the professional association journals indicates that dive computers lead to an overall improved level of safety. The reports that I have seen where divers have suffered from the bends while using dive computers have been strongly correlated with using them to the limits under extreme conditions. In short they were being pushed to the region where the theory was starting to get on thin ground and the tables were just as questionable. This is one case where computers are most likely reducing the risk rather than increasing the risk. Terry Arnold ------------------------------ Date: Wed, 5 Oct 88 12:38:24 EDT From: henry@utzoo <@RELAY.CS.NET,@neat.ai.toronto.edu:henry@utzoo> Subject: Re: Diving Computers >... the computer software may be based on unsafe data, that it does not >take into account such factors as age, fitness, sex and exertion, and therefore >gives divers a false sense of security.... I am not a diver, but I am driven to wonder whether the old tables make any real effort to take age, fitness, sex, and exertion into account. It seems much more likely to me that the *real* problem here is not that the software is buggy or unsafe, but that divers are falling into the "computers are always right" trap. That is, everyone knew that the tables were only an approximation to the truth, and used them cautiously, but the supposedly- omniscient computer is not inspiring the same level of distrust. Another consideration: the computers do (I'm told) take more variables into account. But this isn't necessarily a good thing: since the tables could not do so, they needed safety margins that would accommodate extremes of those variables. That meant that, most of the time, the tables had large safety margins. Divers may well have gotten used to that. It's even possible that those big safety margins were hiding some over-optimistic assumptions, which the software writers have copied. Henry Spencer at U of Toronto Zoology uunet!attcan!utzoo!henry henry@zoo.toronto.edu ------------------------------ Date: Wed, 5 Oct 88 12:35:37 EDT From: Dave Wortman Subject: Emergency Access to Unlisted Telephone Numbers The article below was originally posted to misc.consumers. I thought it might be of interest to RISKS readers as an example of a well-thought-out set of administrative procedures designed to balance the needs of protection of privacy and response to emergency situations. ======================================================================= All examples in this message pertain to Illinois Bell Telephone Company, which covers the Chicago metropolitan area, and quite a bit of the rest of Illinois. There are three types of phone numbers which do not appear in the printed and publicly available directory: (1) Too new to list (2) Non-listed (3) Non-pub. [discussion of types (1) and (2) deleted.] The third category of numbers not in the phone book or available from the Directory Assistance Bureau are non-published numbers. Non-pub numbers are NOT available at the Directory Assistance level. Inquiries about same which are input into a DA terminal simply come up with a message that 'at the customer's request, the number is not listed in our records; the number is non-published.' Well, who does keep non-pub records then? The Business Office has no handy way to retrieve them, since they depend on an actual phone number when they pull up a record to discuss an account. Once a service order is processed, the number and associated name are no longer available to the average worker in the central office. There was for several years a small group known as the 'NonPub Number Bureau' which at the time was located in Hinsdale, IL. Needless to say, the phone number to the NonPub Number Bureau was itself non-published, and was only available to specified employees at Bell who were deemed to have a 'need to know'. Now I think with all the records being highly computerized, the keepers of the non-pub phone numbers are themselves scattered around from one phone office to another. When there is some specific need for an employee at the phone company to acquire the non-published number of a subscriber, then certain security precautions kick into place. Only a tiny percentage of telephone company employees are deemed to have a 'need to know' in the first place; among these would be the GCO's (Group Chief Operators), certain management people in the central offices, certain people in the Treasury/Accounting office, and of course, security representatives both from Illinois Bell and the various long distance carriers, such as AT&T/Sprint/MCI. Let us have a hypothetical example for our Correspondent: Your mother has taken seriously ill, and is on her deathbed. Your brother is unable to reach you to notify you of this because you have a non-pub number. When his request for the number has been turned down by Directory Assistance, simply because they do not have it, he asks to speak with a supervisor, and he explains the problem. He provides his own name and telephone number, and the supervisor states he will be called back at a later time. The supervisor does not question if in fact an emergency exists, which is the only valid reason for breaking security. The supervisor may, if they are doing their job correctly, ask the inquirer point blank, "Are you stating there is an emergency situation?". Please bear in mind that the law in Illinois and in many other states says that if a person claims that an emergency exists in order to influence the use (or discontinuance of use) of the telephone when in fact there is no emergency is guilty of a misdemeanor crime. You say yes this is an emergency and I need to contact my brother/sister/etc right away. The supervisor will then talk to his/her supervisor, who is generally of the rank of Chief Operator for that particular facility. The Chief Operator will call the NonPub people, will identify herself, and *leave her own call back number*. The NonPub people will call back to verify the origin of the call, and only then will there be information given out regards your brother's telephone number. It helps if you know the *exact* way the name appears in the records, and the *exact* address; if there is more than one of that name with non-pub service, they may tell you they are unable to figure out who it is you want. The NonPub person will then call the subscriber with the non-published number and explain to them what has occurred: So and so has contacted one of our operators and asked for assistance in reaching you. The party states that it is a family emergency which requires your immediate attention. Would it be alright if we give him/her your number, *or would you prefer to call them back yourself?* Based on the answer given, the number is either relayed back to the Chief Operator, or a message is relayed back saying the non-pub customer has been notified. If the customer says it is okay to pass his number, then the Chief Operator will call you back, ask who YOU are, rather than saying WHO she wants, and satisfied with your identification will give you the number you are seeking or will advise you that your brother has been given the message by someone from our office, and has said he will contact you. Before the NonPub people will even talk to you, your 'call back number' has to be on their list of approved numbers for that purpose. A clerk in the Business Office cannot imitate a Chief Operator for example, simply because NonPub would say that the number you are asking us to call back to is not on our list. "Tell your supervisor what it is you are seeking and have them call us..." Other emergency type requests for non-pub numbers would be a big fire at some business place in the middle of the night, and the owners of the company must be notified at their home; or a child is found wandering by the police and the child is too young to know his parent's (non-pub) number. They will also handle non-emergency requests, but only if they are of some importance and not frivolous in nature. You have just come to our city to visit and are seeking a long lost friend who has a non-pub number; you are compiling the invitations to your high school class fiftieth re-union and find a class member is non-pub. Within certain reasonable limits, they will pass along your request to the desired party and let them make the choice of whether to return the call or not. But always, you leave your phone number with them, and in due time someone will call you back to report what has been said or done. You would be surprised -- or maybe you wouldn't -- at the numerous scams and [........] stories people tell the phone company to get the non-pub number of someone else. Fortunately, Bell takes a great deal of pride in their efforts to protect the privacy of their subscribers. Patrick Townson, The Portal System(TM) uunet!portal!cup.portal.com!Patrick_A_Townson ------------------------------ Date: 6 Oct 88 09:45 From: plouff%nac.DEC@decwrl.dec.com (Wes Plouff) Subject: Re: Risks of Cellular Phones Recent writers to RISKS, starting with Chuck Weinstock in issue 7.57, have focused on the risk of vehicle location by cellular telephone systems. In my opinion, they exaggerate this risk and underestimate another risk of mobile phones, the complete lack of privacy in radio transmissions. Roughly 10 years ago I designed vehicle location controller hardware and firmware used in the Washington-Baltimore cellular demonstration system. That system led directly to products sold at least through the first waves of cellular system construction a few years ago. Since cellular base stations have intentionally limited geographic coverage, vehicle location is a requirement. This limitation is used to conserve radio channels; one cell's frequencies can be re-used by others far enough away in the same metropolitan area. The cell system must determine which cell a mobile user is located in when he begins a call, and when during a conversation a vehicle crosses from one cell into another. Cells are set up perhaps 3 to 20 miles in diameter and range from circular to very irregular shapes. Cellular phone systems are designed with ample margins so that statistically very few calls will be lost or have degraded voice quality. Making this system work does not require anything so fancy as triangulation. Vehicle location needs to be only good enough to keep signal quality acceptably high. John Gilmore explained in RISKS 7.58 how this works while the mobile phone is on-hook. During a conversation, the base station periodically measures the signal strength of an active mobile in its cell. When the signal strength goes below a threshold, adjacent cells measure the mobile's signal strength. This 'handoff trial' procedure requires no interaction with the mobile. If the mobile was stronger by some margin in an adjacent cell, both the mobile phone and the cellular exchange switch are ordered to switch to a channel and corresponding phone line in the new cell. Since base stations commonly use directional antennas to cover a full circle, mobiles could be reliably located in one third of the cell area at best. Distance-measuring techniques advocated by AT&T were not adopted because the added cost was too high for the modest performance gain. Certainly a cellular phone system can locate a mobile at any time, and always locates a mobile during a conversation. But the information is not fine-grained enough to implement some of the schemes imagined by previous writers. A more important risk is the risk of conversations being intercepted. The public airwaves are simply that: public. Scanner radios can easily be found or modified to cover the cellular band, and listeners will tolerate lower signal quality than cellular providers, hence one scanner can listen to cell base stations over a wide area. The communications privacy law is no shield because listeners are undetectable. To bring this back to risks of computers, automated monitoring and recording of selected mobile phones is probably beyond the reach of the average computer hobbyist, but easily feasible for a commercial or government organization using no part of the infrastructure whatever, just the control messages available on the air. Wes Plouff, Digital Equipment Corp, Littleton, Mass. plouff%nac.dec@decwrl.dec.com ------------------------------ Date: 28 Sep 88 10:10:47 +0100 (Wednesday) From: Peter Robinson Subject: Re: Risks of cellular telephones As a radio amateur, I have always been taught that using mobile transmitters near petrol stations is bad form - the radiation from the transmitter can induce currents in nearby metalwork and perhaps cause a spark. The thought of a cellular telephone being able to transmit without the operator's consent (in response to a paging call) is, therefore, slightly RISKy. This could even get worse as technology progesses. As the sunspot cycle advances, it seems plausible that transmissions will carry further and interfere with those in nearby cells (not the adjacent ones, they usually have distinct frequencies). Before long the manufacturers will introduce adaptive control where the transmitter power is adjusted dynamically to compensate for variations in the signal path between the mobile and base stations. So then when you pull into a petrol station and receive a call, the system will notice that all the surrounding metal is impairing your signal and will increase the transmitter power accordingly... Incidentally, I am not sure what power these radios use, but I would be slightly nervous about using a hand-held telephone with the antenna anywhere near my eyes if it is more than a few Watts. ------------------------------ Date: Sat, 8 Oct 88 15:59:56 MET From: "Walter Doerr" Subject: Risks of cellular phones Chuck Weinstock writes in RISKS 7.57: > Subject: Risks of Cellular Phones? > > While discussing radio triangulation last night, the question came up: > If I dial a phone number attached to a cellular phone, how does the > cellular system know which cell should send the ring signal to the > phone? Is it a system wide broadcast, or does the cellular phone > periodically broadcast a "here I am" signal? In the 'C-Net' here in Germany, all mobile phones send a "here I am" signal whenever they move to a new cell. This information (the cell where the phone can be reached) is stored in the database of the phone's "home" base. Calls to mobile phones are routed to a computer in Frankfurt which contacts the home base computer (based on the first few digits of the mobile phonenumber), which, in turn, knows the cell the phone is currently in. > If the latter, a less than benevolent government (or phone company for > that matter) could use that information to track its citizens' cars' > whereabouts. According to an article in an electronics magazine, the German PTT was approached by a police agency, who expressed interest in the data stored in the networks computers. The article quotes a Siemens mobile telephone specialist as saying that it isn't possible to pinpoint the current location of a mobile phone because: - the phone must be switched on for the network to recognize it - the cells use omnidirectional antennas, so it isn't possible to determine the direction from where the mobile phone's signal came. While this is true, it is certainly possible to determine the location of a phone with an accuracy of a few miles (the size of the cell the phone is in) without using any additional direction finding methods (radio triangulation). Walter Doerr ------------------------------ Date: Mon, 10 Oct 88 09:47 EDT From: Mark Mandel Subject: Computers, Copyright Law, and the Honor System (a talk) "ARE WE ALL ON THE HONOR SYSTEM?": Computers, Copyright Law, and the Honor System Mark A. Fischer, of counsel to the firm of Wolf, Greenfield & Sacks Boston Easy access to information through computer databases has given tremendous power to people once called readers -- now known as "end-users." The change in title is significant. End-users have the power to reproduce, store, transmit, and use information once reserved to publishers. Are the legal obligations coincident with the ethical? Are the legal obligations enforceable? Are we all on the honor system? Mr. Fischer represents publishers, software firms, musicians, authors, performing artists, and theatrical and motion-picture producers. He holds a law degree from Boston College Law School and specializes in copyright, publishing, entertainment, arts and computer law. He has taught courses in Copyright and Trademark Law and in Intellectual Property. His writing has appeared in BILLBOARD, the JOURNAL OF THE COPYRIGHT SOCIETY, and ANIMAFILM. He is a member of the American Bar Association's Forum Committee on the Entertainment and Sports Industries, and chairman of the Boston Patent Law Association's Copyright Law Committee. WEDNESDAY, 19 October 1988 7:30 P.M. 8th floor lounge, 545 Technology Square, Cambridge (Corner of Main & Vassar Streets, in Kendall Square) Free parking in front SPONSORED BY COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY CPSR/Boston * P.O. Box 962 * Cambridge, MA 02142 * 617-666-CPSR ------------------------------ End of RISKS-FORUM Digest 7.63 ************************