The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11 Issue 23

Sunday 10 March 1991

Contents

o IRS agent and information privacy
Ed Ravin
o Secret Service Foils Cellular Phone Fraud
Ed Ravin
o Telephone risks revisited
Jim Griffith
o Computer does everything
Robert Mokry
o High Tea at the Helmsley in New York City
Gligor Tashkovic
o Citibank Machines
David C. Frier
o Re: Medical image compression
Tom Lane
o Info on RISKS (comp.risks)

IRS agent and information privacy

Unix Guru-in-Training <elr%trintex@uunet.UU.NET>
Fri, 8 Mar 91 23:40:14 EST
New York Newsday, Friday March 1, 1991

"IRS Agent Says She's Penalty-Free", by Leonard Levitt

    An Internal Revenue Service agent under investigation by her agency
over her contacts with [infamous Bronx defendant in cop-shooting and other
drug-related cases] Larry Davis yesterday denied giving confidential tax
information to the Bronx murder suspect and said she has resigned her federal
job.
    [ to summarize, the IRS agent was accused of looking up the tax
records and home addresses of judges, jurors and detectives involved in
Larry Davis's arrests and trials.  Why post this on RISKS?  Read on: ]
    [The IRS agent] insisted that she did not get the addresses of court
officials for [Davis].  "I would never go into the master [computer]
system.  Not that he even asked me," she said.
    [So the information the agent is accused of giving out is kept on a
computer.  Not at all surprising.  RISKS readers have known for years
that computer database systems often lend themselves to this kind of
abuse where authorized people make unauthorized forays into other
people's data.]
    [The agent] was asked [by the IRS] why she accessed the tax files of
[Davis's] sister and brother-in-law, who live in Huntington, L.I., and
who a law enforcement source said owed the federal government about
$10,000.  [The agent's] jurisdiction was limited to [several counties not
in Long Island].  [...] It is a criminal offense for a revenue officer to
access a tax file outside an officer's jurisdiction.

What I find interesting is that if I've not "read too much" into this article,
it would appear the IRS has the ability to tell when its officers peek into
computer files they're not supposed to, or at least the ability to find out
afterwards if they suspect misdeeds.  This kind of audit tracking and control
is the kind of stuff CPSR has been asking be put into the NCIC to prevent
similiar abuses by police and criminal justice personel.  Anyone out there know
more about what the IRS uses for their information systems and how they track
accesses to it?

glossary:
  CPSR: Computer Professionals for Social Responsibility, who
        track Star Wars and privacy related issues.
  NCIC: National Crime Information Center, a nationwide database of stolen cars
        and outstanding arrest warrants, accessible by state cops and others.

Ed Ravin                                                  elr@trintex.UUCP


Secret Service Foils Cellular Phone Fraud

Unix Guru-in-Training <elr%trintex@uunet.UU.NET>
Fri, 8 Mar 91 23:57:30 EST
New York Newsday, March 7, 1991, By Joshua Quittner

    The US Secret Service said one of its agents cracked the code of
counterfeit computer chips to block a kind of cellular telephone fraud
responsible for an estimated $100 million a year in unbillable long-distance
calls.
    During the past two months, the service has quietly distributed a free
software "patch" that blocks unauthorized long-distance calls at cellular
telephone switches.  The patch is being heralded in New York City, where more
phone service is stolen than anywhere else in the country.  The first day the
patch was put into use in Los Angeles, more than 5,000 illegal cellular calls
were blocked, a Secret Service spokesman said yesterday.
    [...]  The counterfeit chip used by phone cheats exploits a weakness in
the cellular telephone system that allows a caller's first call to be completed
before the billing status is verified...  A legitimate mobile phone has a
silicon chip that generates an identification number.  When a call is made,
that number is relayed to the carrier, along with the caller's phone number,
and the two numbers are compared to establish billing.
    However "depending on where you're roaming and how busy the cellular
network across the country is, you can make a phone call before that procedure
is completed." [Norman Black, Cellular Telephone Industry Association] To
exploit that weakness, underground engineers designed a counterfeit chip that
generates a different, phoney identification number on each call, tricking [the
cellular telephone exchange] into thinking each call is the first.
    One illegally rigged phone, confiscated by police in New York City last
year, was turned over to the Secret Service, which investigates, among other
things, telecommunications fraud.  Like a hacker -- a phone computer cheat --
the agent broke into the chip, read the microcode, decoded the algorithm at its
core, then wrote a program that would help carriers detect its peculiar
pattern.
    Dave Boll, who heads the Secret Service's Fraud Division in Washington,
said that cellular telephones equipped with the counterfeit chips "sell for as
much as $5,000 each".  And he estimated that such phones are used to make $100
million in unbillable calls each year.

    [The article goes on, to talk about the call-stealing problem being
the worst in NYC and how the unbillable calls tied up the network for
the paying customers].

It is nice to see a technical issue covered reasonably well in a major
newspaper.  Even moderately awake RISKS readers will notice that the Secret
Service's efforts only help a cellular telephone company reprogram their
exchange to recognize one particular random number generator.  When the next
"counterfeit" chip comes out, probably selling at a higher price, it will no
doubt use a different algorithm and the Secret Service will have to do the
whole thing over again.  It would be nice if someone would expend a little
effort to fix the "roamer" system so that it would know a real mobile
identification number from a spoofed one; when I use a calling card to make a
regular phone call, someone's computer seems to always know if my number is
real or not -- what's the problem over in cellular land?

Ed Ravin                                                 elr@trintex.UUCP


Telephone risks revisited

Jim Griffith <griffith@dweeb.fx.com>
Sat, 9 Mar 91 22:06:17 PST
We received a telephone bill with a notice of scheduled public hearings
on proposed features to be provided by Pacific Bell.  The services include:

    - Caller ID - a special display device displays the number of the
      caller.

    - Call Return - lets callers dial the last person to call, whether or
      not the caller actually answered the call.

    - Repeat Dialing - when a number you call is busy, it polls the number
      until it is no longer busy, places the call, and rings you back.

    - Priority Ringing - allows customers to specify a list of "priority"
      numbers.  When someone calls you from one of those numbers, your
      telephone rings in a distinctive manner.

    - Select Call Forwarding - allows customers to specify a list of numbers
      which are automatically forwarded to another number.

    - Call Trace - allows customers to order a trace of the last number
      called.  Information is not provided to customers, but it is held
      for future use by law enforcement agencies.

    - Call Block - allows customers to reject calls from specific numbers.

These features strike me as being both scary and attractive.  Certainly,
they're intended towards the convenience and protection of the customer.
But the potential for abuse is also there.  The notice says that the
California Public Utilities Commission will be holding hearings around the
state to gauge public opinion on the Caller ID and Call Trace features.  I
can also see where the Call Return feature could be effectively used in
place of Caller ID.  I suspect this is going to be a hot topic for debate.

Welcome to the age of Big Brother.
                                Jim


Computer does everything

Robert Mokry <mokry@sirius.ctr.columbia.edu>
Fri, 1 Mar 91 13:26:08 -0500
The Feb 26th issue of the New York Times contained an article about Marist
College, a small liberal arts college in New Jersey, that got a large mainframe
computer donated from IBM.  Here's an excerpt from the article:

   The computer, which might be found at a Fortune 500 company with a
   spare $10 million, handles tuition bills, class enrollment records,
   freshman applications, administration records and correspondence,
   college payrolls and investments, student essays, classroom exams,
   polling data, student and faculty bulletin boards and messages between
   professors and students.  It handles campus crime records and
   patterns, investment and marketing plans for hypothetical student
   companies, all the articles for the student newspaper, faculty lecture
   notes, campus parking permits, files on every Marist alumnus, all
   personnel records, every college bill and invoice, every grade for
   every student in every course, the records for every telephone on the
   120-acre campus and communications between Marist and campuses
   worldwide.  Oh, and it holds the library's entire card catalogue and
   circulation files including when every book is due.

The article praised all these great technological advantages for a small
college.  The article was headlined "Biggest Brain at this College is Not
Enrolled."  Somehow, I would interpret the headline in a different way, perhaps
that anyone with any knowledge of computers would not go to this college.  I
guess that might be stretching the quote a bit, and it's just my opinion.

Some risks that I can think of are: (1) IBM can view and control everything on
campus -- this need not even be done in an obviously-illegal way like a
wire-tap, since computers need superusers (possibly generously supplied by
IBM), and a liberal-arts college is unlikely to have any students who can
handle such a complicated computer.  (2) Since everything is done on one large
computer that everyone has access to, potentially anyone might be able to
change anything (students changing grades, for example); sure everything can be
checked against written records, but then there's no need for the computer.
(3) If the computer crashes, everything crashes and possibly the whole college
grinds to a hault.

In my opinion, many small computers are much better than one large computer,
because then computers handling unrelated functions (like payroll, grades, and
student communication) can be physically isolated from each other, and the
computers that are connected together can restrict communications to what is
necessary.  Perhaps the difference between technological advancement and
bigbrotherism is how the computing power is distributed.

Some of these ideas may only be speculation, and I think that most people can
think of more problems than I can, so I just sent it in without much comment,
leaving potential risks as an exercise for the reader :-).
                                                              --Robert


High Tea at the Helmsley in New York City

<TASHKOVI@CRNLGSM.BITNET>
Sun, 10 Mar 91 12:41 EST
My friend and I wanted to pay the $50 bill after enjoying a once-in-a-lifetime
(for that price!) High Tea at the Gold Room in the Helmsley New York.  She only
had enough to cover about 2/3rds of the cost, so I handed that to the waiter
and gave him my credit card with the instructions to put the remaining charge
on the card.

The resulting confusion was astonishing.  The waiter didn't know what to do
(and it wasn't a language problem either).  He asked his boss, who asked his
boss and they finally decided that it couldn't be done.  Why?  Because the
computer system only accepted one method of payment (i.e. cash or credit card)
and not a mix of them.  Not a very customer-friendly system!

(The reason I had not taken her cash in the first place was because some of it
was in quarters!  Oh well. )

    [You should have asked for separate checks.  But, if there is a "next
    time", you may need separate tables, if you still want her to pay 2/3.
    PGN]


Citibank Machines

"David C. Frier {DBADVISOR}" <76702.1417@compuserve.com>
10 Mar 91 08:52:08 EST
My encounter with a Citibank ATM, to which I recently gained access by means
of an new link between several ATM nets, left me wondering just who checks
the algorithms for these machines: are there any standards?

After dispensing my cash, the large bright screen oriented in the vertical
plane announced my account balance in what seemed to my astonished eyes to
be characters more than 1/2" high.  It did not request my permission to do
so, nor did it warn me it was about to do so,  nor did it check to see who
might be standing with or behind me.  It then waited patiently for me to
press a key...

...which I did with all dispatch.  Now the ATM programmers are obviously
readers of Risks and know very well the horrors of receipt printers running
out of paper.  In an ingenious move to conserve this precious commodity,
their next question was whether I wanted a "record." I had to recover
sufficiently from my rattled state (after seeing my account balance
displayed in a public place for any passers-by to chuckle at) to realize
that "record" referred to my printed receipt.   Then I had to respond by
pressing the correct one of two adjacent keys labelled by the screen "Yes"
and "No."  Not to mention that determining which key is labelled for which
repsonse depends highly on the angle from which the screen and buttons are
being viewed: could a user in a wheelchair have seen the "No" key as being
"Yes?"  I think so.  I may try this out next time by crouching low in front
of the machine and trying to read the screen from that angle.  Passers-by
will already be in sufficient hysterics at my balance that they will take no
note of my odd contortions.

I leave an enumeration of the Risks as an exercise for the reader.

--David C. Frier, Logical Software, Inc., (301) 358-3100


Re: Medical image compression

<Tom.Lane@G.GP.CS.CMU.EDU>
Thu, 07 Mar 91 15:33:24 EST
In RISKS 11.21, David A. Honig points out risks of using lossy compression
schemes for medical images (or, presumably, any other critical application).

I believe the compression scheme involved is JPEG.  As leader of a group
producing a free JPEG implementation, I've run into the lossy-compression-
is-unacceptable mindset quite a bit.  I think that in most cases this is a
knee-jerk reaction.  Why?  Because *any digital rasterization of an image loses
data* compared to the real world.  You lose spatial resolution by reducing the
continuous scene to pixels; you lose color resolution by having a finite number
of color values (to say nothing of the fact that computer displays have limited
color ranges); and in many cases you lose more color resolution by having to
map an image into 256 or fewer distinct colors for display on colormapped
hardware.  (Or you can trade spatial resolution for color resolution by
dithering.)  Need I say anything about monochrome (B/W or grayscale) images?

In short, whatever image representation you're using now already loses data
compared to the real world.  A lossy compression scheme may actually permit
more data to be carried.  For example, the GIF image format currently
popular on Usenet carries only 8 bits per pixel, so quite a bit of color
resolution is sacrificed.  JPEG compression permits close to 24-bit-per-pixel
color resolution to be carried in a file about one-quarter the size of a GIF
file, with approximately equal spatial resolution.

The JPEG spec includes a large number of adjustable compression parameters.
The extent of compression can be traded off against recovered image quality
over a very large range, from thumbnail-sketch quality to below-threshold-
of-perception errors.  Thus the user has the ability (and responsibility)
to decide what is an acceptable error level; a decision which is pre-empted
by most older image formats.

I think the true RISK here is rejecting a new technology on the basis of
perceived characteristics, without considering the actual characteristics
of current technology.  If people allow themselves to be dissuaded by the
adjective "lossy", they may blind themselves to significant improvements.

Unfortunately, David is probably correct that the lawyers will have a field
day the first time a bad medical decision is made on the basis of a
compressed image.  Never mind about lives that are saved because images
are transmitted more quickly, or because more images can be kept on file.

(None of this is intended to claim that JPEG is an ideal solution for all
applications; only that thorough appraisal of benefits and disadvantages is
necessary.)
              tom lane  tgl@cs.cmu.edu  BITNET: tgl%cs.cmu.edu@cmuccvma

Please report problems with the web pages to the maintainer

Top