RISKS-LIST: RISKS-FORUM Digest Tuesday 21 March 1989 Volume 8 : Issue 44 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computer-Justified Citations (Kevin Driscoll) Vehicle ID tags, cont'd (Steve Smaha) Ethics question re fonts (Michael Harrison, Elliott S Frank) Risks of shirt-pocket size floppy disks (Roy Smith) Re: Pushbutton Banking (Robert English) Credit card magstripe-encoded pictures (Peter Scott) Re: Remote Smart-Cards, English and Welsh soccer (Craig Cockburn, Dick King) Re: Risks of Registering Software (Bill Murray) Collecting for Shareware (Bill Murray) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. * RISKS MOVES SOON TO csl.sri.com. FTPable ARCHIVES WILL REMAIN ON KL.sri.com. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99). ---------------------------------------------------------------------- From: driscoll@draco.src.honeywell.com (Kevin Driscoll) Subject: Computer-Justified Citations (Re: RISKS-8.40) Date: 19 Mar 89 19:45:21 GMT Recently, in Atlanta, Georgia (GA), I was stopped and given three (!) traffic citations, when it was obvious that I was guilty of none: "Offense": Reality: --------------------------------- ------------------------------- Turning where posted No Left Turn Not posted Driving without valid license Gave officer valid license Driving without insurance Gave officer proof of insurance --------------------------------- ------------------------------- I gave the officer my plastic Minnesota (MN) license, which indicated that it had just been renewed (MN clips the corner of the plastic card when a new one is ordered) and the temporary paper license that MN issues to cover the 45 day period it takes to make a new plastic card. The officer refused to accept this documentation! He said his computer did not show that I had a valid license. When I suggested that he retry his computer query (he may have made a mistake in typing, the GA or the MN computer or the connection between them could be having problems), he refused to do so! His rationale for giving me a citation for no insurance was that I had signed the collision damage waiver for the National car I was renting. Apparently, he doesn't know that most major car rental companies are fully self-insuring for liability and he also doesn't know the difference between collision and liability insurance. He also refused the proof I had in hand that I also was covered by American Express, AND Honeywell, AND my personal MN liability insurance. I guess that none of this paper would stand up against his computer, which would only show GA insurance registration. Being quadruply insured with documents to prove it didn't help me at all. The next day I saw an Atlanta newspaper article by Bette Harrison entitled "The Bureaucracy Zone" (in the style of the "Twilight Zone") about foul-ups in GA's handling of auto insurance information. The article tells how the GA Highway Patrol visited a man's house and confiscated his driver's license because of a clerical error. After explaining that GA insurance companies must inform the Department of Public Safety (DPS) of any policy changes, the article records the following conversation between the man's insurance agent and the DPS: Agent: Look, if I send my policyholder down there with a letter from us indicating his policy didn't cancel, a copy of his insurance company's reinstatement notice, and a completed copy of your form O.C.G.A. 33-34-11 which we completed and and returned to you on Nov. 10, 1988 and he is stopped, what will happen? DPS: He'll be arrested and his car will be impounded. Agent: You've got to be kidding. DPS: That is our procedure. Agent: This is a clerical error and he is coming with the proof. Why should you penalize someone for a clerical error? DPS: That is our procedure. Agent to reporter: See, the machine that sits on their desk has become their God! They believe because the computer says it's right, it is. . . . There are three issues here: the penalization of the American public due to our dependency on computers; the bureaucratic attitude that we experience at every level; and a system that doesn't have safeguards to prevent the innocent from being victimized along with the real violators. I can confirm what the agent said. GA gave me two options, plead guilty or go to court. Pleading guilty to three moving violations (yes, in GA license and insurance are also moving violations) would mean loss of my license when GA forward the guilty info to MN. MN suspends licenses for 3 moving violations in 6 months. This happened on a Thursday. The officer said he only appeared in court on Mondays. But next Monday was too soon. It seems that GA's computer system can instantly accuse me of crimes, but it takes more than four days to get information from the police department to the courts! Just before I left GA on the following Wednesday (almost a week later), I went to the Traffic Court to see if I could straighten things out. The citation information hadn't gotten there yet! I told the clerk my story, and said that I had, with me, the proof of license and insurance. She said, "OK, give me your copy of the citation and the fine and we can process it." Fine? She thought I was pleading guilty. Bringing in proof of license and insurance (if you have them) is required to plead GUILTY! Not only must a driver have both, but also must have them in the car when driving. Bringing them in later is no proof of not being guilty. I spent all of that afternoon convincing the Court to let me see a judge and to plead not guilty. The majority of the cases I witnessed while waiting for the judge were license and insurance citations. In the first concession to reasonableness I had seen in this affair, I got the license and insurance citations dropped. However, the judge said I would have to come back for the No Left Turn citation. I had to be in California the next Monday, so I asked if I could do it by deposition through the mail. No, I had to appear in person. So one can be accused by remote information by cannot use the same process for defense. Not being able to be in Atlanta, I have pleaded nolo contendere under duress. I nolo plea HAS to be handled through the mail and can be accepted or rejected by a judge. I am still waiting for the outcome. The moral: When in GA, watch out, that caricature of southern justice may now have silicon help. P.S. You would think that Atlanta, which is trying to be a major convention city, would have special provisions to make things easier for out of state visitors. Because just the opposite appears to be true, I will stay clear of Atlanta. Also the conventions and meetings that I have influence over will also not be in Atlanta. Kevin R. Driscoll, Principal Research Scientist (612) 782-7263 FAX: -7438 Honeywell M/S MN65-2500; 3660 Technology Drive; Mpls, MN 55418-1006 [In the old days -- 40s, 50s, maybe even 60s -- Georgia was famous for its speed traps, e.g., 15 mph (poorly marked) for a few yards in the middle of a stretch of 45 mph, with squad cars and a judge sitting there waiting for unsuspecting out-of-staters. Apparently "Poli want a Cracker" is NOT the operative principle -- except maybe for Floridians. PGN] ------------------------------ Date: Tue, 14 Mar 89 21:33 EST From: Steve Smaha Subject: vehicle ID tags, cont'd From the 6 March 1989 _PC Week_: Like every other U.S. airport, San Francisco International always charged a monthly fee to the rental-car and hotel courtesy vans that sweep through its terminal areas to pick up customers. But the flat rate became problematic. Courtesy vehicles, free to swarm through ground-transportation areas as often as they liked, jammed up the limited space in passenger pick-up areas. Airport managers even began suspecting courtesy vans were driving into passesnger areas "more for advertising than for carrying people," said Sheldon Fein, airport manager of traffic control. Now, the airport is pioneering a PC-based system it hopes will relieve traffic congestion and help it bill courtesy providers for every time they cruise by. The airport is requiring vehicle [sic] to mount radio-frequency identification tags on the roof of each vehicle. Each electronic tag, made by General Railway Signal Corp. of Rochester, N.Y., emits a unique ID code that's logged automatically by overhead receiving boxes every time a vehicle drives into a ground-transportation area. The receivers link by modem to a back-office PC AT, where custom-developed software help bill vehicle operators accurately and report on driver activity. Now, instead of $50 to $100 a month, vehicle operators pay 35 cents a trip. The fee will hit $1 next January. Fein believes this will reduce traffic jams and create an airport profit center. [There are other vendors for such systems, as well. I wonder what the reset time is for a sensor? If I drove my (slightly-modified) personal vehicle slowly beneath a sensor, could I enrich the Airport with hundreds of my competitors' dollars? Could I trigger every sensor in the area? Would they receive an appropriately itemized bill? Would anyone (except Cliff Stoll) even notice?] ------------------------------ Date: Tue, 21 Mar 89 09:07:47 PST From: harrison@mahogany.Berkeley.EDU (Michael Harrison) Subject: Ethics question re fonts Several colleagues have been kind enough to tell me about the message sent to the Risks Forum by Randall Neff of Stanford University concerning my recent seminar talk on the VorTeX project. In this note, I hope to set the record straight and to clear up Mr Neff's misunderstandings. 1. As Mr. Neff indicated, the VorTeX group implemented an interpreter to display PostScript on our workstations. Adobe has given us a license to use their PostScript commands in this software. 2. It is also the case that in order to preview output, we needed outline fonts. When we inquired about the use of Adobe fonts, we were told that they were not available (at any price). I attempted to obtain fonts from Bitstream, but their price of $85,000 plus royalties was beyond our means for research software. Mr. Neff's quotations are erroneous. I never objected to Adobe's refusal to let us use their fonts. That is their right. I did express concern that commercial interests were forming an impediment to research in document processing. 3. In the US, type faces may not be copyrighted (although their names may be trademarked). It has always been perfectly legal to measure or photograph characters appearing in a book, for example, and to use those measurements or images for the type face of some other manuscript. In our case, we wrote Postscript code that measured the characters of various fonts, and then used curve fitting to reconstruct approximations to the shapes of the original characters. As I indicated in my talk and others have discussed in this forum our methods were legal and proper. It is unfortunate that Mr Neff thought we were trying to put one over on Adobe. He alleges that we acquired Adobe's product. This is certainly incorrect. In particular, we did not try to extract the "hints" that make low-resolution rendering possible, although others done so. 4. Once we had devised this approach, which seemed to solve our problem, I phoned a senior staff member at Adobe to report what we had done and to find out if Adobe had any problems with it. After telling me that he knew a faster way to do what we were doing (but not indicating what it is!), he said that he would report it to management and that I should expect a call. A day later, I received a call from the Adobe general counsel requesting only that I obtain a license for the use of the PostScript instruction set. We honored that request. Thus not only do I see nothing unethical about our behavior, Adobe has registered no objection. 5. Finally, let me mention that there was a formal question/answer session at the end of my seminar. I stayed around afterwards talking with people. After that, there was a dinner to which all interested parties were invited. Mr Neff had ample time to raise ethical or any other issues with me had he chosen to do so. [Messages from Mike Haertel and Kenton A. Hoover reiterated one or two of Mike's points, and are omitted here. PGN] ------------------------------ Date: Fri, 17 Mar 89 10:09 PST From: esf00@uts.amdahl.com (Elliott S Frank) Subject: Re: reverse engineering of type fonts This latest controversy [about UCB "reverse engineering" Adobe fonts] smells suspiciously like the incident several years ago in which another UC campus duplicated and distributed around the campus multiple copies of a CAD package. When sued by the owners of the CAD package, the successful defense was that the Regents of the University of California *are* the State of California, as so far as the law is concerned; and, under the Constitution, a State may only be sued with its consent and the Regents did not consent to be sued. This suggests that under current case law, there is a significant commercial risk in selling (or, far worse, allowing to be sold) intellectual property, or anything containing significant intellectual property, to, at least, anyone involved with the UC system. Since it appears UC is not bound by the usual "fair use" rules of copyright, we may now start to see strange restrictions in the "shrink wrap" agreements as companies and their lawyers attempt to protect their products. Elliott Frank ...!{hplabs,ames,sun}!amdahl!esf00 (408) 746-6384 or ....!{bnrmtv,drivax,hoptoad}!amdahl!esf00 [the above opinions are strictly mine, if anyone's.] ------------------------------ Date: Tue, 21 Mar 89 11:31:57 EST From: Roy Smith Subject: Risks of shirt-pocket size floppy disks I suddenly remembered just now that 1) I don't remember taking the 3.5" floppy out of my shirt pocket last night and 2) My wife was doing laundry this morning. Yet another risk to data integrity. Gives another definition to "cleaning out your old files". We didn't have these problems back in the old days; when's the last time you forgot to take a reel of tape (or a deck or cards!) out of your pocket before doing the laundry? ------------------------------ Date: Mon, 20 Mar 89 11:14:01 pst From: Robert English Subject: Re: Pushbutton Banking (Lynn Grant, RISKS-8.38) I found this message highly disturbing. Not only did this obvious weakness not occur to the bank, but after it had been pointed out, there solution was removing the individual that noticed from the system, rather than doing anything to fix the problem. --bob-- ------------------------------ Date: Sat, 18 Mar 89 11:17:19 PST From: Peter Scott Subject: Credit card magstripe-encoded pictures [A comment on Henry Spencer's comment in RISKS-8.40 on Ruaridh Macdonald's "A Touching Faith in Technology", RISKS-8.35] An item that could be encoded on the magstripes in credit cards that would pose little privacy risk while enhancing protection for the consumer would be a digital image of the credit card holder. When they apply for their card they send in a picture, and their card's stripe is encoded with a compressed image, say 100 * 100 * 8 bits. A display terminal would be small and reasonably cheap in mass production, and would end a great deal of credit-card fraud. I see no disadvantage to the consumer. Of course, if they just laminated the photograph on the credit card in the first place... but perhaps using the stripe would be easier since it requires no time-consuming human intervention in the card fabrication process, and the company could store your digitized image along with your account information. (Which provides new possibilities for verifying your identity over the telephone: "So, sir, do you still have that wart on the left side of your nose?" "What wart?" "That's what I wanted to hear. How may I help you?") Peter Scott (pjs@grouch.jpl.nasa.gov) ------------------------------ Date: 21 Mar 89 11:08 From: cockburn%marvin.DEC@src.dec.com (Craig, PhaseV & FCNS) Subject: Re: Remote Smart-Cards (for English and Welsh soccer) (RISKS-8.41) The bill I believe only requires ENGLISH and WELSH football clubs to enforce the card ID scheme. Scotland is EXEMPT from this scheme, probably for much the same reasons as ENGLISH and WELSH teams were banned from playing on the continent (and still are), whereas Scottish teams ARE NOT. Please use the term `English and Welsh' instead of UK, when the bill does not apply to Scotland (I don't know the exact situation in NI). Scotland has it's own laws, and is proud to remain separate from its southern companions. Craig. cockburn@marvin.wessex.co.uk [Hmm. Amusing that this message follows contributions from English and Scott? But no one is Welshing. PGN] ------------------------------ Date: Tue, 21 Mar 89 09:01:28 PDT From: king@kestrel.arpa (Dick King) Subject: Remote Smart-Cards (RISKS-8.41) Why is writability necessary for anti-passback? Seems to me that remembering what cards have been used is more than sufficient. Putting writable cards in the hands of the public and trusting what they say would be just "asking for trouble" in this country, and likely so in other countries. The one thing you probably want to be able to say to a card is "please, card #1234, don't squawk for ten seconds", so the electronic turnstile could make sense out of a crowd. But even this is probably unnecessary with careful design. ------------------------------ Date: Tue, 21 Mar 89 08:13 EST From: WHMurray@DOCKMASTER.DCA.MIL Subject: Re: Risks of Registering Shareware There seems to be an implicit assumption here, and in other discussions on RISKS, that simple possession on my credit card number is all of the authorization that one needs to charge me. It should be noted that all of the ethical people with whom I do business by credit card do have my number. They do not re-use it for the simple reasons that they are ethical AND that I can disown the transaction. You see, not only must you have my number, you must also have my consent. While it is true that possession of the number transfers the burden of action to me, the burden is still on you to prove that you have my consent. In the absence of some other evidence on your part (such as a receipt for the delivery of goods), a simple assertion on my part that you do not have my consent is sufficient. Note that in the credit card system, my right to disown the transaction persists even after you have received your money. This is a much better remedy than is available to me if you have gotten your money by currency or check. William Hugh Murray, Fellow, Information System Security, Ernst & Whinney 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 ------------------------------ Date: Tue, 21 Mar 89 08:32 EST From: WHMurray@DOCKMASTER.DCA.MIL Subject: Collecting for Software Many of the control problems that are suggested here will be dealt with through the application of digital envelopes (to prevent the disclosure of the credit card number) and digital envelopes (to demonstrate your intent to pay for the software and to enable you to disown any transactions not so signed.) However, two other innovative methods for distributing and collecting for software are being used by companies engaged in selling crypto products. For example, EnigmaLogic, who sells one-time password software, has a license fee that is based upon the number of users that you employ it for. If you want to change the number, you call them. They give you a one-time password that can be used to adjust the software and they adjust your bill accordingly. RSA Security Inc. market public/private key software. They will freely distribute the software, but charge you a license fee for it only when you wish to register your key. William Hugh Murray, Fellow, Information System Security, Ernst & Whinney 2000 National City Center Cleveland, Ohio 44114 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 ------------------------------ End of RISKS-FORUM Digest 8.44 ************************