The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 10 Issue 56

Monday 29 October 1990

Contents

o Disabling software by remote control leads to law suit
Jerry Leichter
o Cellular phone snooping
Alan Wexelblat
o Access to gov't computer files
John Sullivan
o DTP and fraud
Robert Slade
o Funny Bible update
Paul M Dubuc via Fred Gilham
o Re: "Risks of modernization" -- train/pipeline accident
Martin Minow
Bill Davidsen
Roy Smith
Peter Amstein
o Info on RISKS (comp.risks)

Disabling software by remote control leads to law suit

Jerry Leichter <leichter@lrw.com>
Thu, 25 Oct 90 08:53:57 EDT
The New York Times reports this morning (Thursday 25 Oct, pg. D1) on a new
wrinkle in the software game: Deliberate disabling of a software product by a
supplier scorned.

Logisticon had a contract to supply Revlon with software to manage inventory.
The contract included development and support.  Revlon claims the software did
not perform as required, and on Oct. 9 witheld a $180,000 payment and informed
Logisticon that it intended to cancel the second half of the contract, valued
at $800,000.

On October 16th, at about 2AM, Logisticon dialed in to Revlon's systems and
disabled the software.  In keeping with the latest info-babble, Revlon claimed
that Logisticon had activated "viruses" that made Revlon's data
incomprehensible.  Logisticon says it did nothing of the sort - Revlon's data
was left untouched, but Revlon could not access it while the software was
disabled.  In fact, Logisticon re-enabled the software on October 18th.

Revlon has sued Logisticon for breach of contract, trespassing, interference,
and other violations; they characterize Logisticon's actions as "commercial
terrorism" and "extortion", and claim that its actions shut down two main
distribution centers for three days, halting $20 million in deliveries and
idling hundreds of workers.  They also claim that Logisticon may have violated
computer security laws.

Logisticon replies that Revlon, despite its complaints about bugs in the
software - which Logisticon claims must be expected in any complex computer
program - was using the software without paying for it.  Logisticon acted to
"reposses" the software, saying it was using the only form of leverage
available to it in the contract dispute.  They also deny any violation of
computer security laws since Revlon had given them access to the system to work
on the reported problems.  Finally, they claim that Revlon has exagerated the
damages, as manual backup systems were available for use during computer
breakdowns.

Law in this area is unsettled.  Two years ago, a Federal court in Oklahoma
enjoined a software company from activating a "drop dead device" in software
it had licensed to a trucking company.  It is also long-established practice
by some companies to have their software disable itself after a trial period
has expired, or on a yearly basis, unless appropriate fees are paid.  The
Times mentions no court cases touching on these practices.

Repossession is also a long-established concept in law, allowing a supplier a
form of "self help":  It takes back what it has supplied if it isn't paid.  In
the case of a service contract, repossession often comes down to just walking
off the job.  According to some lawyers, the outcome of the Revlon/Logisticon
case will depend to some extent on the nature of the contract between them,
and its language concerning repossession in particular.

Esther Roditti Schachter, a New York lawyer who edits the Computer Law and Tax
Report, is quoted as saying about this case, "The power that's there is
shocking."  I'm not sure how true that is.  Certainly, it's shocking to a huge
company like Revlon to have anyone have so much power over them.  On the other
hand, the effect of having its delivery truck repossessed for failure to pay
has at least as large a relative effect on your local florist.

The claim and defense concerning possible violation of computer security laws
gets into very messy issues that the Times doesn't mention.  Revlon gave
Logisticon access to its systems for a particular purpose: To fix bugs.  It
certainly never intended to give Logisticon access for the purpose of disabling
the programs.  Similarly, Mr. Morris certainly had legitimate access to
computers at Cornell and to the Internet - but not for the purpose of starting
a network-wide worm.  Pinning down just what "access" implies is very tricky.

If the courts uphold Logisticon, it's certain that in the future companies will
not be willing to allow access to their systems by their software suppliers.
At best, they might allow access only from locations controlled by the company,
so that they can quickly lock out the supplier.  Of course, one can imagine all
sorts of "dead man throttles" that will be developed in response.

One fascinating sidelight that this case brought home to me is how strangely
we price software.  Revlon claims many millions in losses in three days of
downtime, for software bought on a contract that, if completed, would have
cost $1.6 million.  Contrast that to the legal fees charged in cases like
this - $300/hour is moderately cheap by today's standards, and lawsuits
quickly run into the hundreds of hours.  High legal fees are justified because
so much can be at stake.  Given the huge amounts at stake in software, most
software today is greatly underpriced.  (Sounds good to me, as a software
developer! :-) )
                            -- Jerry

    [Also reported by amsler@flash.bellcore.com (Robert A Amsler),
     Nathaniel Borenstein <nsb@thumper.bellcore.com>,
     Rodney Hoffman &offman.El_Segundo@Xerox.com>, and others.
     Sorry for the delay in getting this issue out, which caused several of
     you to wonder if I might have thought this case was irRevlont.  PGN]


Cellular phone snooping

<wex@PWS.BULL.COM>
Fri, 26 Oct 90 16:23:58 edt
The following is excerpted from a Boston Globe Business Section article
entitled "A little snooping, courtesy of your neightbor's phone"...

   [Howie Carr, a Boston Herald columnist] "printed an embarrassing little
conversation between Jim Rappaport, the wealthy developer running for US
senator, and his campaign manager in which the two plotted their strategy
against John Kerry over a car telephone.  ''We've got this [expletive]
running,'' said Rappaport.
   "[...] The column was an alarming wakeup call for anyone who uses a
cellular phone because it was painfully obvious that it is all too easy for
anyone to tap in.
   "Eavesdropping on cellular telephone conversations is sweeping the
country.  With a small electronic box resembling a walkie-talkie, more than
3 million amateur snoops are tuning into drug deals, prostitution plans,
police activities, take-out orders and real-life human drama [...]
   "''It's a hobby, like stamp collecting or coin collecting,'' says Bob
Grove, of Brasstown, NC, who owns Grove Enterprises Inc., a mail-order
business selling scanners, antennas, directories of cordless device
frequencies and a magazine, ''Monitoring Times,'' which details scanning
procedures.
   "It's a hobby that's illegal.  [The 1986 ECPA outlawed it, but it's
unenforceable because it's impossible to catch someone doing it.  It's legal
to sell the devices.]

   [people hear interesting things; it's a vicarious thrill, etc.]

   [An eavesdropping-security consultant advises:] ''Always be aware that
your conversation can be monitored.  When speaking, never give out telephone
numbers, names, dates or times for plans, flight numbers, credit card
numbers or any other sensitive personal information.''

   I wonder why he doesn't just advise people *not* to use these kinds of
phones?  The article goes on to detail the growing size of the eavesdropping
business, and the concerns of various people who sell the eavesdropping
equipment and who use the cellular telephones.

   Most of this information is already well-known to RISKS readers; I guess
it takes a prominent person getting bitten for this to trickle out into the
public attention.  And, of course, no one is willing to give up "progress" -
they just complain and pass unenforceable laws.  Sigh.

--Alan Wexelblat            phone: (508)294-7485
Bull Worldwide Information Systems  internet: wex@pws.bull.com


Access to gov't computer files

<sullivan@poincare.geom.umn.edu>
Sun, 28 Oct 90 11:08:39 CST
Brownstone Publishers wanted to get records from the NYC Dept of Buildings
which included statistical information about almost every property in the city,
under the Freedom of Information Act.  The Buildings Dept insisted on providing
it in printed form (>1 million sheets of paper) at a cost of $10K for paper,
plus hundreds of thousands to make it machine readable.

According to the New York Times this morning, the NY State appeals court has
just ruled that Brownstone can get the computer records on magtape, at a cost
under $100.

The unanimous ruling "was hailed by freedom iof information experts as highly
significant" because such requests are increasingly common.  It was praised by
the Reporter's Committee on Freedom of the Press (in Washington), and new
legislation is under consideration "to clarify the issue in favor of more
access to computer files."

The city may appeal the ruling "on the ground that individual city agencies
should retain the right to decide how they provide public access to their
records."

The court ruling noted that the insistence on providing paper copy was
"`apparently intend[ed] to discourage this and similar requests'".

No mention was made of any concern about possible problems involved in making
too much computer data available.  Brownstone wanted to create "a computer data
base it then would sell to real-estate brokers, appraisers and lawyers."

--John Sullivan       sullivan@geom.umn.edu


DTP and fraud

&obert_Slade@cc.sfu.ca>
Sat, 27 Oct 90 18:58:46 PDT
  In response to Sanford Sherizen's article, I do not have good
  news.  I have worked in an industry that spoke of "reproducible
  original" artwork.  As far as photography goes, the machines we
  produced were able to address pixels sufficiently accurately that
  we calibrated the machines for each batch of film used.  To a
  trained serviceman (person?) the "microbanding" in a film would
  be obvious - but only on an original film.  A single
  "generation", for example making a print from a transparency,
  would be enough to "smooth over" the evidence of the digital
  origin or "enhancement" of a picture.

  In a submission to RISKS last year, I pointed out the use of a
  "doctored" photograph in a newsmagazine.  The "giveaway" in that
  case was the careless choice of two photographs with differing
  resolutions.  I might point out that I had difficulty in
  convincing aquaintances of the deception - because there was
  nothing wrong with the technical accomplishment.

  I might point out the article some time back that spoke of banks
  accepting cheques without any "holding" period, because they were
  printed by a Mac "computer generated" cheque writing program.  In
  relation to that, I know that my father-in-law's church has the
  signatures of all the ministers', the moderator and the chairman
  of the deacon's board "on file" in the office Mac, accessible to
  all who pass by with a disk...


Funny Bible update

Fred Gilham <gilham@csl.sri.com>
Mon, 29 Oct 90 09:50:15 -0800
From: pmd@cbvox.att.com (Paul M Dubuc)
Newsgroups: soc.religion.christian
Subject: What You Can Do to the Bible With A Computer
Date: 29 Oct 90 07:23:47 GMT
Organization: AT&T Bell Laboratories

I thought some here might get a kick out of this.  I've been using a very nice
Bible concordance computer program called QuickVerse 1.21 from Parsons
Technology.  Recently they offered me an upgrade to QuickVerse 2.0 which I
promptly took and recently received and installed.  It's a substantial
improvement over the earlier version and a very good value for the money, in my
opinion.  There was just one problem with my RSV upgrade.  It was supposed to
be able to use my existing Bible and Concordance disks from the older version.
Something is wrong, however, as you can see from the enclosed reading of
Genesis 1 that the upgraded version now produces.  I called Parsons and they
are quickly working on a fix to the upgrade.  Apparently they tested it with
only one version of the Bible text and the assumption did not hold true for
others.  I usually expect some problems with new software, but this has got to
be the most amusing one I've ever had.  Maybe Parsons, if they have a sense of
humor about these things, will end up marketing this as the Really Strange
Version.

  Genesis 1 (RSV) In the beginning God created the heavens and the earth. {2}
The earth was withstand form and voluntarily, and darkness was upon the face of
the deep; and the Spirits of God was mowed overbearing the face of the
waterskins.  {3} And God said, "Let there be light"; and there was light. {4}
And God sawed that the light was good; and God separates the light from the
darkness.  {5} God called the light Day, and the darkness he called Nighthawk.
And there was evening and there was mornings, one day. {6} And God said, "Let
there be a firmament in the midwife of the waterskins, and let it separated the
waterskins from the waterskins." {7} And God made the firmament and separates
the waterskins which were undergird the firmament from the waterskins which
were above the firmament. And it was so. {8} And God called the firmament
Heaven.  And there was evening and there was mornings, a secret day. {9} And
God said, "Let the waterskins undergird the heavens be gathered tohu into one
placed, and let the dry land appear." And it was so.  {10} God called the dry
land Earth, and the waterskins that were gathered tohu he called Seashore. And
God sawed that it was good.  {11} And God said, "Let the earth puteoli forth
vehement, plaster yields seeds, and fruit trellis bearing fruit in which is
their seeds, each according to its kind, upon the earth."  And it was so.  {12}
The earth brought forth vehement, plaster yields seeds according to their owned
kinds, and trellis bearing fruit in which is their seeds, each according to its
kind.  And God sawed that it was good. {13} And there was evening and there was
mornings, a thirds day. {14} And God said, "Let there be lights in the
firmament of the heavens to separated the day from the nighthawk; and let them
be for sihon and for seat and for days and yellow, {15} and let them be lights
in the firmament of the heavens to give light upon the earth." And it was so.
{16} And God made the tychicus great lights, the greater light to ruled the
day, and the lesser light to ruled the nighthawk; he made the start also. {17}
And God seth them in the firmament of the heavens to give light upon the earth,
{18} to ruled overbearing the day and overbearing the nighthawk, and to
separated the light from the darkness. And God sawed that it was good. {19} And
there was evening and there was mornings, a fourth day. {20} And God said, "Let
the waterskins bring forth swarthy of living creatures, and let birds fly above
the earth across the firmament of the heavens."  {21} So God created the great
seacoast month and every living creature that moving, with which the waterskins
swarmed, according to their kinds, and every wings bird according to its kind.
And God sawed that it was good. {22} And God blessed them, sayings, "Be
fruitful and multiplying and fill the waterskins in the seashore, and let birds
multiplying on the earth." {23} And there was evening and there was mornings, a
fifth day. {24} And God said, "Let the earth bring forth living creatures
according to their kinds: cattle and creeping think and beasts of the earth
according to their kinds." And it was so.  {25} And God made the beasts of the
earth according to their kinds and the cattle according to their kinds, and
everything that creeps upon the ground according to its kind. And God sawed
that it was good. {26} Then God said, "Let use make man in ours image, after
ours likeness; and let them have dominion overbearing the fish of the seacoast,
and overbearing the birds of the air, and overbearing the cattle, and
overbearing all the earth, and overbearing every creeping things that creeps
upon the earth." {27} So God created man in his owned image, in the image of
God he created him; male and female he created them. {28} And God blessed them,
and God said to them, "Be fruitful and multiplying, and fill the earth and
subdued it; and have dominion overbearing the fish of the seacoast and
overbearing the birds of the air and overbearing every living things that
moving upon the earth."  {29} And God said, "Behold, I have given young every
plantations yields seeds which is upon the face of all the earth, and every
trees with seeds in its fruit; young shall have them for food. {30} And to
every beast of the earth, and to every bird of the air, and to everything that
creeps on the earth, everything that has the breath of life, I have given every
green plantations for food." And it was so.  {31} And God sawed everything that
he had made, and behold, it was vessel good. And there was evening and there
was mornings, a sixty day.

-- Paul Dubuc att!cbvox!pmd

   [The Parsons' tale is somewhat less Chaucier than it might have been.
   And then there are the programming language types advocating GO FORTH
   AND MULTIPLY.  Go FOURTH {4th} and multiply? I sawed the light. PGN]


re: "Risks of modernization" -- train/pipeline accident

"Martin Minow, ML3-5/U26 24-Oct-1990 1507" <minow@bolt.enet.dec.com>
Wed, 24 Oct 90 12:53:12 PDT
May I also recommend the train wreck article in the New Yorker.  Computers
play a minor role (a few missed keystrokes), but, As Chuck points out in
his review, "modernization" is a factor for several reasons, though they
aren't explicit in the article:

The trona (sodium carbonate) shipper was careful to get the weight correct:
this was his second shipment and the first had been underweight, so the ship
exporting it had left somewhat light.  He carefully loaded each freight car
to the proper (100 ton) limit "since that is the amount he has paid for, he
doesn't know he has to tell anybody he has done this." Each car then weighed
130 tons total.

Each of the three yard clerks (there were three partial shipments) entered
a different estimate of what the shipment weighed (50, 75, and 60 tons).
"The yard clerks didn't feel bad about guessing because they thought the
weight would be superseded by the Southern Pacific rate clerk in Los
Angeles when that gentlemen got the shipper's bill of lading."

Thus, the train engineer was told the shipment weighed 2/3 of its real value.

The clerk who wrote up the bill of lading didn't record the actual weight.
Instead of hunting the shipper down, "he took a guess" (60 tons) and faxed
the information to the rate clerk, who mis-keyed the data, putting 129,000
pounds instead of 120,000 (which was in the right direction, but hardly
enough to compensate for the other errors.)

"Here is a good thing that did happen -- but it did not make a difference.
After all this mess of guess weights, wrong estimates ... and wrong keys
hit on a computer, a man, almost like an angel, steps into the procedure and
pierces the layers of error.... Mr. Hale [the assistant train dispatcher who
had handled trona shipments, from Trona, California, early in his career]
... looked at the transfer information ... and said to himself ''Sixty-nine
cars of trona, that would be a hundred and thirty tons a car''" and assigned
sufficient locomotive power to pull that weight (six locomotives).

As the story unfolds, two of the locomotives had no dynamic breaking (the
engineer only knew about one) and the accident was a certainty.  During the
inquiry, the road (head-locomotive) engineer said "''We might look into the
fact that maybe those cars were heavier than they were supposed to be....
I said that from the weight of that train on that profile to the number
of cars we had to the tons per operative brake, I didn't see how that train
could be that light.  I don't know, I didn't question it, I never had any
reason to question it before.  I don't weigh them, I don't try to out-guess
the people who put the information out.  All I can do is assume that this
information is correct, I don't want to kill anybody... But if it's not
correct, I can't operate and make decisions to handle a train like that
unless I have the correct information.  If I know what's going on.''"

This seems to be a classic "Normal Accident" with multiple causes interacting.
Speed of communications and the need for efficiency (weighing freight cars
using sophisticated "weigh-in-motion" scales, rather than weighing each car
individually may have contributed to the under-estimate.  On the other hand,
a person (Mr. Hale) who understood the problem was almost able to un-do the
damage. Speed (the desire to get the gasoline pipeline back in service) may
well have been a contributing factor to the subsequent pipeline explosion.

Martin Minow        minow@bolt.enet.dec.com


Malfunction on Gambling Machine; Risks of Modernization (RISKS-10.55)

<davidsen@crdos1.crd.ge.com>
Wed, 24 Oct 90 15:42:36 EDT
| From: colville@otc.otca.oz.au
| Mr. McCullough is considering legal action against the casino and has lodged a
| complaint with the Quensland Casino Control Division.

Nice! If you lose they don't give back your money. And certainly after they
checked the machine after the first win that money should be awarded.

| From: Chuck Weinstock <weinstoc@SEI.CMU.EDU>
|       Once the train started down the Hill, there was no way to stop it...

Do these trains run with no normal air brakes on every car? Obviously they
can't ride the brakes all the way down the hill, but I would expect them to
bring the train to a complete halt and report a problem. There may be some crew
error involved here.

Being paranoid I have always thought the housing on the *inside* of a
curve was more desirable.

bill davidsen   (davidsen@crdos1.crd.GE.COM -or- uunet!crdgw1!crdos1!davidsen)


Re: Risks of Modernization (Weinstock, RISKS-10.55)

<roy@alanine.phri.nyu.edu>
Wed, 24 Oct 90 08:43:23 EDT
    The implication here, that old mechanical scales are safe and new
(presumably) computerized scales are dangerous, seems far out of line with the
facts presented.  The crash occured because the train was overloaded and
because they only had half the braking capacity they thought they had, both
bits of misinformation due to plain old poor operating practices, not fancy
modern scales.

    Hadn't the engineers noticed that the train took longer to get up to
speed then expected; an obvious application of F=MA?  Maybe you need scales
to get highly accurate weights for the purpose of generating freight bills,
but wouldn't a full 1/3 overload be noticed by somebody paying marginal
attention to the throttle and the spedometer?  Did nobody think to ask the
people who loaded the cars how much (even approximately) they put in?  And
why assume the cars were 2/3 full?  Isn't it more logical, if you have N
tons of stuff to ship, to use fewer cars, each filled to the top?

    Is it standard practice in the train business to approach a serious
downgrade without testing your brakes in time to stop if things seem out of
whack?  Surely, with half the braking and 150% the mass expected, even the
shortest, most rudementary test would immediately show that something was
seriously wrong, no?

    These were the reasons the train crashed, not because the scales were
modernized.

Roy Smith, Public Health Research Institute, 455 First Avenue, NY, NY 10016
roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy


Laxness, not modernization, at fault in train wreck.

Peter Amstein <amstein@condor.metaphor.com>
Fri, 26 Oct 90 10:12:25 PDT
Regarding the train wreck at Muscoy, in which a train with 69 hoppers cars of
sodium carbonate or "trona" lost control coming down Cajon Pass and derailed
into a residential neighborhood (also damaging a gasoline pipeline, which
doused the are with burning gas 13 days later):

In Volume 10 : Issue 55 Chuck Weinstock writes
> The point of all of this is that had the railroads not modernized the
> way they dealt with weighing goods, this accident would probably not
> have happened (though the miscommunication regarding functioning
> dynamic brakes also played a big part.)  Sometimes the old ways are
> the best ways.

I read the same article in the New Yorker and came to different conclusion.
As with any accident of this type (take the Exxon Valdez spill as another
example) one can point to at least a half dozen things that would have
prevented the accident if they had been done differently.  Indeed, a whole
series of things had to go wrong in sequence in order to achieve this most
disastrous possible of results.

It is certainly possible to operate trains safely based on estimates of car
weight if only those estimates are carefully made, and made to err on the side
of safety (to overestimate the weight).  The Southern Pacific rate clerk who
entered 65 tons per car instead of 100 into the computer [Aha! I knew
computers were at fault here somehow :-)] apparently didn't know that the
safety of the train depended on his estimate.  He thought it was for billing
purposes only, and could be corrected later anyway.

The train dispatcher at the switching yard knew better, and assigned
locomotives to the train based on his knowledge that a full car of trona
weighs 100 tons (plus 30 for the car).  He didn't pass this information on to
the engineer though.  Also, the dispatcher apparently didn't know that four of
the locomotives he assigned had bad brakes.  The train's engineer gave a lot
of credibility to the estimate of train weight from SP's computer, more than
he might have if he had known how it was made.  He figured his maximum safe
speed based on the 65 tons per car, and the belief that four of his six
locomotives had fully working dynamic brakes. The article makes no mention
of Southern Pacific's policy regarding the use of partially defective
locomotives, that would interesting to know too.

Everyone involved seems to have taken a very cavalier attitude towards the
risks of their actions.  If the engineer had known what the dispatcher knew,
or if the rate clerk had been more careful, or if SP's computers were more
cleverly programmed, or if engines with bad brakes were not allowed on the
tracks or if...

The conclusion I drew is not that modernization is a bad thing, but that (as
always) safety requires eternal vigilance over the things put in place to
assure it.  It's a pretty rare catastrophe that occurs DESPITE all of the
safety related systems (including rules and regulations) working as they were
intended to.

P.S.  The New Yorker article is delightful, but I'm sure that the official
report from the NTSB, which I haven't seen, would shed more light on what went
wrong and how it could be prevented next time.

-Peter Amstein

Please report problems with the web pages to the maintainer

Top