The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 11 Issue 28

Thursday 14 March 1991


o BeeperScam
Jake Livni
o The Mailing List Business
Mary Culnan
o Census Bureau Seeks Changes
o Roadway information base risk
John McMahon
o How to deal with "DROIDS"
o Re: EM solution for new buildings - risk solved?
Christopher Owens
o Computer Obtuseness File (Medical Division)
Anthony E. Siegman
o Info on RISKS (comp.risks)


Jake Livni <JAKE@DBCLUA> <>
Tue, 12 Mar 91 18:58:27 EST
I just saw a news item describing the arrest, today, of someone in New York
City on possible wire-fraud and mail-fraud charges.  Apparently, he used a
computer to dial common beeper exchanges and left a return phone number on as
many beepers as he could.  Those people who called the number heard a message
stating that they were being billed $55.00 for this call.  There weren't many
more details in the report - except that the Secret Service didn't have much
difficulty finding this guy.

Maybe that explains a strange return number my boss got a few weeks ago, I
think a 900-number.  I knew that some FAX-supply companies were sending out
junk-FAXes to FAX-numbers but what could a beeper-supply company try and sell?!

On a slightly divergent note, should there perhaps be some kind of restriction
on phone numbers that cost umpteen-dollars after the first second of connect
time?  It's not so difficult for a misdialled call to cost plenty.


   [An anonymous RISKS reader noted that their company phone switches are
   protected from making outgoing calls on 900 and 540 numbers.  However, their
   employees may use phones at customer sites in response to a page.  Their New
   York office has alerted employees to this scam.  They expect similar
   activities in other areas in the future.  PGN]

The Mailing List Business

"Mary Culnan" <>
14 Mar 91 13:38:00 EST
In today's Wall Street Journal (3/14/91, p. A1;A8), there is an extended
article describing the extent to which the mailing list business extends its
tentacles into the details of our private lives.  The article by Mike Miller
not only provides extensive examples of individual lists which many people are
likely to find offensive, but also provides information on some of the largest
mailing list firms in the country and the ways they gather data about all of
us.  Evan Hendricks of the Privacy Times is quoted as saying, "You go through
life dropping little bits of data about yourself everywhere.  Most people don't
know there a big vacuum cleaners sucking it up."

Specific lists cited in the article include:

* Metromail's "Young Family Index Plus" which lists about 67,000
new births each week compiled from clipped birth announcements,
referrals from Lamaze coaches and names acquired from companies that
deal in baby supplies

* America List Corp sells lists based on high school yearbook listings
about virtually every high school class in the U.S.

* Benadryl bought names and addresses (based on phone numbers sold
to them) of people calling an 800 number for pollen count information

* The Big 3 credit bureaus sell mailing lists based on aggregated
credit data, e.g. "Credit Seekers Hotline" of people who recently
applied for credit and are "prospects who want to make new purchases"

Finally, an Atlanta-based company which prepares marketing questionnaires asks
if there has been a recent death in the family.  The company's President is
quoted, "Death has always been a negative life style change nobody thought
could be sold, but I differ.  I think it's a very good market."

The RISKS are clear.  If you aren't aware that personal information is being
collected, i.e. you thought you had an expectation of privacy, ignorance makes
it impossible to exercise the options that exist for getting one's name taken
off of lists.  However, even these mechanisms are not foolproof if companies
are not committed to privacy on principle. One example was cited of a company
who mailed to people who had signed up for a "delete me" list because these
people would have uncluttered mailboxes.

  [A lot of the info came from the same public sources I mentioned in my
  earlier RISKS posting and also in the handout I sent to the 10 or so people
  who wrote me.  MC]

  [Roger.Pick@UC.Edu (Roger Pick) also noted this article, headlined
  "Data Mills Delve Deep To Find Information About U.S. Consumers: Folks
  Inadvertently Supply It By Buying Cars, Mailing Coupons, Moving, Dying:
  Treasure for Direct Marketers."  He highly recommends it.  PGN]

Census Bureau Seeks Changes

Tue, 12 Mar 91 12:37:37 XST
Today's AP reports that the Census Bureau is already asking for $10.1M next
year for needed modernization of the census process for the year 2000.  Census
Director Barbara Bryant told the census and population subcommittee of the
House Post Office and Civil Service Committee that "The increasing diversity in
ethnic and language groups will certainly make data collection in the 2000
census more difficult."
   Bryant said the bureau is considering changes such as the following:
 * A "user-friendly short questionnaire" that would include only the questions
   needed to redraw voting districts. The agency hopes more people will fill
   out the census form if it is shorter.
 * Distributing forms at public locations, much as tax returns are, and using
   computers to weed out duplicate mailings.
 * Using new technologies to produce forms in languages other than English and
 * Allowing people to file their census forms by home computer directly into
   the agency's data banks.
 * Obtaining information about people from other government agencies rather
   than from the people themselves.

Let your fingers do the walking thought the roadway information base

John 'Fast-Eddie' McMahon <mcmahon@TGV.COM>
Thu, 14 Mar 91 16:03:00 PST
In the 3/13/91 issue of the San Francisco Examiner, a columnist (I have
forgotten the name) describes the new transportation department service where
you can use your phone to dial up and request information on the status of a
particular roadway.  From a touch tone phone, you answer the prompt with the
highway number.

It appears the default for any given road is a message which states that "no
construction/detour information is available".  This was the information that
the columnist received when he punched in "480", the code for Interstate
Highway 480 in downtown San Francisco.

The problem is that I-480 (a.k.a. The Embarcadero Freeway) was closed after the
1989 Loma Prieta Earthquake earthquake and is in the process of being torn
down.  Anyone who reads a San Francisco newspaper know this.  Obviously no one
bothered to tell the computer...

John 'Fast-Eddie' McMahon, TGV, Inc., 603 Mission Street, Santa Cruz CA 95060
                          408-427-4366 or 800-TGV-3440   :    MCMAHON@TGV.COM

How to deal with "DROIDS"

Thu, 14 Mar 91 19:05:53 -0600
The recent discussions on "droid" workers has prompted me to pass along a bit
of "wisdom" that I've acquired from dealing with many "droid-related" problems.

Feel free to quote the following:


Re: EM solution for new buildings - risk solved?

Christopher Owens <>
14 Mar 91 16:08:53 GMT
> ... which stops any electromagnetic radiation from leaving the building.
> It is therefore impossible to hack inside information from outside ...

It appears that the author of the magazine article uses the term "any" to mean
"some", and "impossible" to mean "more difficult".  Clearly (bad pun) the stuff
can't stop *all* electromagnetic radiation, else you couldn't see through it.

Christopher Owens, Department of Computer Science, The University of Chicago
                         (312) 702-2505

Computer Obtuseness File (Medical Division)

Anthony E. Siegman <>
Sun, 10 Mar 91 16:27:10 PST
   My wife's father, elderly and ill, has had many medical bills lately.  These
bills are sent by the medical providers (doctors, hospitals, etc.) directly to
Medicare, which pays part of the charges, leaving a balance to be paid by
supplementary insurance or his personal funds.

   Because so many patients in this situation have supplementary Blue
Cross/Blue Shield coverage, Medicare has set up an automatic forwarding
procedure to transmit the unpaid portions of these bills directly to Blue
Cross.  My wife's father has supplementary coverage with another carrier,
however, and no Blue Cross coverage; yet it turns out this automatic forwarding
feature can be neither redirected to his carrier nor turned off.

   For every single bill, therefore — and there are dozens — the unpaid
portion gets forwarded to Blue Cross, which tries to process it and discovers
he has no coverage.  So after a suitable delay they mail him (really, us) a
form letter (a separate one for each bill) saying they are unable to identify
his coverage.  There seems to be no way to turn this process off or
short-circuit it.

Please report problems with the web pages to the maintainer