RISKS-LIST: RISKS-FORUM Digest Tuesday 5 December 1989 Volume 9 : Issue 51 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Computer bungling of auto insurance premiums (Barry Kolb) Computerized voting machine misbehaves (Rodney Hoffman) Re: Vote counting problems - experience in Michigan (Jeffrey R Kell) Privacy issues raised about automating toll collection (Stephen W Thompson) Re: Electronic Interference in Fast Food Automation (David Chase) Digital Cellular and the government (Tim Russell) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]get risks-i.j . Vol summaries now in risks-i.0 (j=0) ---------------------------------------------------------------------- Date: 03 Dec 89 22:41:42 EST From: Barry Kolb <70426.1251@CompuServe.COM> Subject: Computer bungling of auto insurance premiums PGN's calling for RISKS readers to "play a stronger role in ensuring that our R&D and our educational offerings are suitably concerned with realistic stringent requirements" is appreciated [Letter From the Editor, ACM Software Engineering Notes, vol. 14, no. 6, October 1989, p. 2]. I often use RISKS examples in class (to demonstrate that the instructor is in touch with the world). In fact the current issue of SEN arrived in time to illustrate to a class the need for stringent requirements and testing. As if to underline the point, the following appeared on page A3 of the 1 December 1989 Asbury Park Press: Computer Error Slashes JUA Surcharges: by Coleen Dee Berry "Some 18,000 people who get their JUA automobile insurance policies through Computer Sciences Corporation may have thought their premiums were surprisingly less expensive this year. "They were right. "Due to computer error, CSC did not assess bad driver surcharges against about 18,000 of their policyholders. CSC is one of the four new computer companies hired to handle New Jersey Joint Underwriting Association policies. "As a result, CSC has had to advance $3.6 million to the JUA to cover the delayed payments, and last week began notifying those customers to expect a bill for the surcharges. ... "The delayed surcharges were due to a glitch in the CSC's computer system during April and May, when the company was first taking over the JUA account. ... "The move to computer companies was undertaken because it was thought to be cheaper and more efficient, according to state insurance officials." I wonder if this "glitch" is any relation to the fellow who once stole Christmas? ... Barry Kolb, Computer Science Dept., Ocean County College Toms River, NJ 08753 (201) 255 - 0357 ------------------------------ Date: 5 Dec 89 09:20:22 PST (Tuesday) From: Rodney Hoffman Subject: Computerized voting machine misbehaves The 3-Dec-89 "Los Angeles Times" carried a story by Paul Houston headlined COMPUTERIZED VOTE TALLIES HAVE TOO MANY GLITCHES, EXPERTS CHARGE. The bulk of the story was a review of criticisms of these systems, pegged to last month's close gubernatorial election in Virginia. The article cited Mae Churchill of Los Angeles-based Election Watch, Computer Professionals for Social Responsibility, Roy Saltman (NIST) and Robert Naegele, a San Jose computer consultant. The final paragraphs of the article related a miserable demo: ... one of Fairfax County's (VA) 600 Shouptronic machines fouled up in a demonstration for Los Angeles Times reporter William Trombley last May. "The machines have worked very well," Jane G. Vitray, secretary of the county board of elections, said as she prepared to demonstrate one of the machines to Trombley. But the machine that prints out the names of candidates and issues -- the information that appears on the face of each machine -- printed everything in Italian. The ballot plotter also prints in French, German, and Spanish, as well as in English. "We didn't know it did that," Vitray said with some annoyance. "We didn't want that feature." While an aide was left to deal with the language problem, Vitray and the reporter moved on to the voting booth, where bells were chiming and red lights were blinking and an inviting green button at the bottom right corner of the machine said "vote." "Don't push that," Vitray warned. "Once you push that, you can't vote for anything else. You only push that button when you're finished." In a previous election, a number of voters had pushed the green button too soon and then "called to tell us we were depriving them of their constitutional right," Vitray noted. After Trombley finished voting, another red light came on to indicate that the result had been printed on a tape at the back of the machine. But when he and Vitray checked the tape, it was empty. Vitray was exasperated. "I can't understand it," she said. "Everything worked so well last week, when the Girl Scouts were here." ------------------------------ Date: Mon, 04 Dec 89 16:57:46 EST From: Jeffrey R Kell Subject: Re: Vote counting problems - experience in Michigan (RISKS-9.50) Some 15 years ago I worked the graveyard shift as a computer operator at a local service bureau. On two occasions we audited the city/county punched card tallies. Two (or more) members of the election commission brought the cards along with a tape containing the auditing/tallying software. The tape was IPL-ready for any generic IBM 360 to run standalone. It stacker-selected any multipunched cards as well as "spurious" punches which should be blank. Any cards munged by the reader were recreated and verified by the election officials. Of course this does not solve the issue of missing/extra cards, write-ins, and other issues previously mentioned, but it does show that there was very little chance of our [the service bureau] tampering with or altering the results. The audit was done completely without interaction of the host site's software, operating system, or any other typical "hacking" paths. Jeffrey R Kell, Dir Tech Services, Admin Computing, 117 Hunter Hall Univ of Tennessee at Chattanooga, Chattanooga, TN 37403 ------------------------------ Date: Tue, 05 Dec 89 09:59:49 -0500 From: "Stephen W Thompson" Subject: Privacy issues raised about automating toll collection Last night on "Market Place", a nightly half-hour program which is broadcast on one of the National Public Radio stations here, I heard a story reported by Joyce Miller about an Electronic Toll Collection (ETC) trial program in San Diego, California. ETC is intended to speed cars along crowded highways and still continue to collect tolls. The idea apparently involves placing a small (credit-card sized?) device on the car, which is then electronically sensed by ETC equipment that then automatically bills the owner's account. As I understood the explanation, the driver doesn't need to stop (and maybe doesn't even have to slow down(?)). Drivers would pay a fee in exchange for the convenience, and traditional systems would never be phased out entirely. Someone spoke saying that the system saves 15 seconds per car over traditional toll collection systems, which adds up when the roadways are crowded. There are 1000 cars in the trial program, which has been ongoing for several months (?). One participant was very pleased with the system. The story included views by critics, who oppose the system because it is collecting information about drivers' driving habits, which they say could infringe drivers' privacy. One speaker said that ETC is particularly dangerous because the system is a government-controlled one. I may have misunderstood that part, but it seemed that the critic wouldn't be as worried if the database of drivers' tolls were in the hands of a private company. I assume he was concerned with a greater opportunity for merging unrelated databases. (But a private company could misuse such data too, couldn't it?) The reporter did not mention what authentication efforts are made. I don't know the method of sensing the ETC device (radio? optical? mag stripe?), but I wonder if there's any method of checking if device belongs to a particular car. If there is not, the devices might be very tempting to theives. Anybody know anything more on this? Stephen W. Thompson, 215-898-4585 Institute for Research on Higher Education, University of Pennsylvania 4200 Pine Street 5A, Philadelphia, PA 19104-4090 ------------------------------ Date: Sun, 03 Dec 89 17:08:27 -0800 From: David Chase Subject: Re: Electronic Interference in Fast Food Automation (RISKS 9.50) [McDonald's toaster voltage controls introduced zero-crossing transients, which fouled up clocks that count zero-crossings] I'm surprised that this hasn't occurred somewhere else. The same technology that causes spikes in the toaster power regulator (triac or SCR switching) is also used in dimmers and other AC power regulators -- some of these available for home use. We used triacs in a home-made theater lighting controller some years ago, and it put some hellacious transients on the line. For the circuit-phobic, an SCR is a three-terminal semiconductor device that has two states -- (1) don't conduct and (2) conduct (from positive terminal to negative terminal) until the current stops flowing on its own. The SCR is made to conduct by placing a small voltage on its trigger terminal while there is a forward voltage across its two main terminals. (A triac conducts in either direction, and is what we used, because it cuts the number of parts). These devices regulate power very efficiently -- the triacs we used were rated to conduct up to 40 amps (RMS) with a maximum power dissipation of 40 watts (regulating "house current", that comes to 4600 watts). In triac-based AC power controllers, the power is regulated by varying that amount of time that current flows. The triac will stop conducting each time the current passes through zero (120 times a second in this country), so what is actually controlled is how long to wait after a zero-crossing to turn on the power. For full power, you wait not at all; for little power, you wait almost 1/120 second; for 1/2 power you wait 1/240 second. When the power switches on (120 times per second), it tends to put a voltage spike on the line -- for large loads, and/or appropriate amounts of power, we found that it was pretty easy for the transient spike to cross all the way through zero (which, it happens, screwed up *our* zero-crossing detectors and made the lights flicker). David ------------------------------ Date: 29 Nov 89 18:14:07 GMT From: fritz@unocss..unl.edu (fritz) Subject: Digital Cellular and the government An excerpt from an article entitled "Cellular Goes Digital" in the January 1990 issue of Popular Science, which discusses Digital Cellular, a new scheme using digital encoding and TDMA to allow three calls on one frequency: Digital phones could also be used for what Sodha calls locational services. "With the time-division multiple-access system, you have the ability to measure the time it takes for a signal to go to a vehicle and back. That enables you to measure how far you are from the antenna tower," he says. What for? "You could pinpoint fairly accurately the location of a vehicle." The information could be used for navigation, or even to catch car thieves. "Your insurance might be cheaper if you subscribed to the service," Sodha suggests. While I have no doubt that the information gained by such a system would be put to good use in combating crime, I do have my doubts as to how responsibly the government would use such information. The article also mentions the fact that eavesdropping will be much more difficult since the transmissions will be digitally encoded and separated into discrete time slices. Although transmissions wouldn't be encrypted, special hardware would be required to listen in. Is the trade-off worth it? Not to me. I'll trade the possibility of someone listening in on my boring phone conversations over the government possibly having ongoing information of my whereabouts any day. Tim Russell Univ. Of Nebr. at Omaha russell@{zeus.unl.edu | unoma1.bitnet} ------------------------------ End of RISKS-FORUM Digest 9.51 ************************