The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 12 Issue 05

Friday 11 July 1991

Contents

o TRW Accused of Exploiting Consumers
PGN
o Dissemination of confidential information
Adam Curtin
o Phone disruptions
Ed Andrews
o (Im)probability theory
By Arthur Salm
o Leaking of Gates memo not an IT risk
Henry J. Cobb
o Coding bug
Dennis L. Mumaugh
o Re: A RISKy night in Georgia
Trevor Kirby
Bruce Perens
Paul Smee
o Risk Preferences [Research effort!]
Kevin Crocker
o FINAL CALL, COMPUTING & VALUES CONFERENCE, AUG 12-16
Walter Maner
o Info on RISKS (comp.risks)

TRW Accused of Exploiting Consumers

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 11 Jul 91 15:49:53 PDT
Six states have sued TRW Inc., charging that its credit bureau division
secretly grades consumers on their bill-paying ability -- sometimes with
inaccurate information -- and sells confidential mail to junk mailers.  The NY
State suit also charges TRW with providing inaccurate information about
consumers to banks and other credit grantors, which often results in denied
credit.  Texas, Alabama, Idaho, Michigan, and California have filed another
suit in State District Court in Dallas TX.  (Reuters report in the San
Francisco Chronicle, 10Jul91, p.C1)


Dissemination of confidential information

Adam Curtin <adam@ste.dyn.bae.co.uk>
Thu, 11 Jul 91 14:07:43 GMT
In RISKS-12.03, Klaus Brunnstein mentions:

> I personally just received Bill Gates memo on Microsoft's
> performance and future problems; .... I assume
> that Bill Gates will not be glad that I had it.

And in Risks 12.04, Hugh Cartwright comments:
>  Doubtless it was inept of Microsoft to allow their e-mail to be intercepted,
>but if the purpose of those publicising the interception is to expose flaws in
>the e-mail system, surely the right course is to deal with Microsoft, not to
>disseminate the information more widely.

Although it doesn't affect the points made by either party on this topic, this
does not seem to be a good specific example, for in the "US View" column in the
British trade paper "Computing" (4th July 1991), Tom Foremski looks at the
recent spate of industry "leaks", and describes Gates' memo as having been
"leaked to a Silicon Valley newspaper" and suggests that "[IBM's John Akers'
comments and] Gates' memo were deliberately leaked as US computer companies
learn from the White House how to manipulate the media." and describes how "...
Gates' memo played an important role in defusing overblown investor confidence
in Microsoft."

Foremski contrasted this underhand method of reducing stock price with other
methods which could lead to panic stock dumping, and described the cost of the
defusing: "Microsoft investors dumped stock when they read the newspaper report
and the company's share price fell 7% in value in just one day. Gates owns
about one-third of Microsoft, a paper loss to him of more than $320 Million."

Adam


Software Bugs Blamed for Telephone Outages [Excerpted by PGN]

"Peter G. Neumann" <neumann@csl.sri.com>
10 Jul 91 10:30:55 U
COMPUTER MAKER SAYS TINY SOFTWARE FLAW CAUSED PHONE DISRUPTIONS
(EDMUND L. ANDREWS, N.Y. Times, 10 Jul 91)

   WASHINGTON A manufacturer of telephone call-routing computers said Tuesday
[9Jul91] that a defect in three or four lines of computer code, rather than a
hacker or a computer ``virus,'' appeared to be the culprit behind a mysterious
spate of breakdowns that disrupted local telephone service for 10 million
customers around the country in late June and early this month.  In
congressional testimony [...], an official of the manufacturer, DSC
Communications of Plano, Texas, said all the problems had been traced to recent
upgrades in its software, which had not been thoroughly tested for hidden
``bugs.''
   Although the telephone companies that experienced failures were using
slightly different versions of the software, the company said, each version was
infected with the flaw.  ``Our equipment was without question a major
contributor to the disruptions,'' Frank Perpiglia, DSC's vice president for
technology and product development, told the House telecommunications
subcommittee. ``We must be forthright in accepting responsibility for
failure.'' The flaws disclosed Tuesday are a dramatic example of the disastrous
consequences that can flow from tiny software glitches buried amid millions of
lines of computer code.  [...]  In making what seemed to be an innocuous
change, he said, DSC dropped several algorithms, or processing instructions,
that apparently caused the computers to go berserk when they experienced
routine malfunctions.
   The flawed software was shipped by DSC beginning in March and installed at
different times by the phone companies. Officials do not know why the system
breakdowns did not begin until June or why they occurred within a short time
span.
   In response to the breakdowns, the Federal Communications Commission on
Tuesday announced it was assembling a special team to investigate issues of
network performance.  The FCC also said it would meet with representatives from
all parts of the communications industry to address issues raised by the recent
disruptions, including risks facing the networks and the way technical
standards are set.
   At the House hearing, officials at Pacific Telesis Group and Bell Atlantic,
which own the telephone companies that experienced the trouble, said they were
almost certain that the ``silver bullet'' behind the problems had been
identified.  ``We have found the culprit that caused the serious service
disruptions,'' said Ross Ireland, general manager of network services for
Pacific Bell, the telephone subsidiary of Pacific Telesis.  Working with DSC,
engineers at Pacific Bell were able to duplicate the malfunctions that occurred
and successfully tested software containing corrective ``patches.''  But
telephone officials cautioned that they may still not have all the answers, and
they plan further tests.
   Telephone company officials emphasized that all the evidence thus far points
away from the likelihood of computer viruses or sabotage by computer
``hackers.''  ``To this date, we have found absolutely no evidence of sabotage
or a virus,'' said Fred D'Alessio, vice-president for operations and
engineering at Bell Atlantic.
   But other troubling questions remain. It is still unclear, for example,
whether the highly complex computer systems that run today's telephone networks
have been tested rigorously enough.
   Officials at DSC admitted that they had not put the software upgrade through
a customary 13-week test, because the change entailed only a few lines of new
code.  ``In hindsight, that was a huge mistake,'' Perpiglia said.
   Telephone company officials said they continue to have confidence in
Signaling System 7, the basic design of the advanced new network management
systems being installed by all the regional Bell companies.  But they did not
rule out the possibility of more fundamental design flaws.

        [One moral of the story is of course that even a one-line change can
        sink the ship...  But there is a more fundamental question for
        RISKS-motivated folks: can there be adequate assurances that the
        system will not have such fault modes?  Even the most elaborate
        testing in the testbeds will not always exhibit the stranger fault
        modes, particularly those that are dependent on subtle distributed
        control interactions, timing, load, etc.  PGN]


(Im)probability theory

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 11 Jul 91 9:13:16 PDT
INSIDE PEOPLE  `Why We Know What Isn't So', By Arthur Salm, Copley News Service
     You're about to learn something new, something that has been demonstrated,
mathematically, to be true yet probably you won't believe it. Ready?
     There's no such thing as a "hot hand" in basketball. Players who seem to
be shooting in a hot streak or, for that matter, a cold streak are just hitting
and missing at random, playing out the inevitable results of whatever each
man's shooting percentage happens to be.
     If a player shoots 50 percent, for example, the odds of his hitting any
one shot are exactly the same as a coin toss coming up heads. That's easy
enough to accept. But if you toss a coin 20 times, there is a 50-50 chance of
getting four heads (or, of course, tails) in a row, and a 25 percent chance of
getting five in a row. Should you see a basketball player with a 50 percent
shooting average take 20 shots in a game and, at one point, hit five in a row,
it's almost impossible not to conclude that he's "hot."
     The player himself will no doubt say that when he's hot he feels more
relaxed, that he just "knows" that the ball is going in. Yet, although analysis
of shooting patterns has shown that his chances of hitting a shot after just
having hit another are exactly the same as when he has just missed, try to
convince him. You're not convinced either, are you?
     (Neither is the Boston Celtics' Red Auerbach: "Who is this guy?"  he said
of the author. "So he makes a study. I couldn't care less.")
     This, "The Clustering Illusion," is one of the many psychological
phenomena discussed in Thomas Gilovich's "How We Know What Isn't So: The
Fallibility of Human Reason in Everyday Life" (The Free Press: 194 pages;
$19.95).  "Random distributions seem to us to have too many clusters or streaks
of consecutive outcome of the same type," Gilovich writes, "and so we have
difficulty accepting their true origins. The term illusion is well-chosen
because, like a perceptual illusion, it is not illuminated by repeated
examination."
     Gilovich says that people do not hold questionable beliefs simply because
they aren't supplied with relevant data. Rather, we tend to be unduly
influenced by expectation, and to misinterpret the data we have: "It is widely
believed that infertile couples who adopt a child are subsequently more likely
to conceive than similar couples who do not. Clinical research has shown this
to be untrue."
     Why do people believe it? Because they expect it to be so. No one notices
when an infertile couple adopts and does not subsequently conceive. We tend to
count only the hits, and not the misses.
     Another good example is that of "precognition."
     You'll happen to think of your former roommate, and the next day she
calls; you dream of death and two days later Uncle Murray keels over. Amazing!
Except that every day hundreds of random thoughts whiz through our heads,
largely ignored and certainly forgotten unless statistically, "until
inevitably" one jibes with reality. Then it's, "It was so weird I just had a
feeling." Never mind the 2,878 other "feelings" that have come and gone and
predicted nothing.
     (And what if Uncle Murray had cashed in three days later? Four days? Five
weeks? It's so open-ended that you can't lose: Either "you had a feeling about
it just recently" a period of time to be determined in retrospect in which case
it's determined to be extrasensory perception; or you didn't, making it a
non-event signifying nothing.)
     Ironically, these misperceptions are the result not of human frailty but
of the very abilities that make us human: Pattern recognition and the ability
to connect cause and effect.
     "Many of the mechanisms that distort our judgment," Gilovich writes, "stem
from basic cognitive processes that are usually quite helpful in actually
perceiving and understanding the world."
     Unfortunately, so powerful is this tendency that we tend to overgeneralize
to see patterns where none exists, to insist that an effect be paired with a
cause (if no plausible cause is evident, glom onto an implausible one) ... in
short, to impose order upon chaos.
     The implications of misguided reasoning, Gilovich points out, go beyond
the NBA and betting pools among adoptive parents' friends.
     Misunderstanding of regression (extreme results, on a second test, tend to
deviate toward the norm) can lead dying patients, tragically, to an unshakable
reliance on alternative medicines: Since they tend to resort to them when at
their worst, they will almost assuredly feel better soon after administering
the quack remedies.
     Open-endedness also comes into play here: If a patient miraculously
recovers, as happens occasionally, the alternative medicines get credit; if the
patient dies, he started the new program "too late."


Leaking of Gates memo not an IT risk.

Henry J. Cobb <hcobb@fly2.Berkeley.EDU>
Wed, 10 Jul 91 00:56:24 PDT
    Mr Gates should have expected a memo he sent to all of his employees to
be quickly made public. The only difference being that the e-mail memo would
need to be printed by a Microsoft employee before being handed off to the
press.

    I suspect that Gates himself planned the leak for the publicity value.
(Perhaps to distinguish himself from the other Gates in the news?  :)

    Henry J. Cobb   hcobb@fly2.berkeley.edu SFB Tyrant
    Ph# (415) 233-7432  6527 Morris Ave. El Cerrito, Ca 94530


Coding bug (Minow, RISKS-12.03)

Dennis L. Mumaugh <dlm@cuuxb.att.com>
Wed, 10 Jul 91 15:42 CDT
In RISKS-12.03, Martin Minow writes on finding a coding bug in the Time Server
Daemon:
        /* this piece of code is critical: DO NOT TOUCH IT */
        ...
            i++
            if (i = j)
                j++;
        ...


    And had some reflections: [...]

I wish to make a couple of comments:

The new ANSI C compiler package provided by AT&T UNIX Systems Laboratories
(USL) has added features to lint (C semantic error anaylyzer) to provide
warnings about this and other common coding errors (legal but not wanted).
These additions were originally developed by the people supporting the
switching machines software (5ESS).  C Language tools are availble but not used
(such as lint) to point out the bad code cited above.

The problem is two-fold: First the UNIX paradigm of separating semantic error
analysis into a separate program (e.g. lint) mens that the developer must take
special action to discover the potential; problems.  Second, designing a
language to use a minimal number of characters (e.g.  C) and overload their
meaning, causes potential errors due to mind sets and patterns.  Note that C++
is even worse (by design) in overloading and attibuting meaning - varables are
type converted (e.g. string to integer) without warning.

The RISK is that most programmers never lint their code, much less use the
other available tools.  The imfamous network outage the AT&T had last year
might have been found if the code had been checked with a special version of
lint.

=Dennis L. Mumaugh, ATT Computer Systems, Computer Systems Technical Services,
 Lisle, IL  ...!{att,attmail}!cuuxb!dlm  OR dlm@cuuxb.att.com

    [For archivalists gathering lint lore, see RISKS-9.54 and 56.]


re: A RISKy night in Georgia (Robert E. Van Cleef)

Trevor Kirby <Trevor.Kirby@newcastle.ac.uk>
Thu, 11 Jul 91 11:43:22 BST
In Risks-12.04 Robert E. Van Cleef writes :-

>To protect the child from being recognized, they are doing something to the
>video of his face so that it consists of several large squares that change as
>he moves.  This seems to be the standard way to hide things on TV now.
>Is this safe?  [...]

The answer is the human eye can sort it out. Just try squinting at the picture
and it becomes recognisable. It might prevent the film being used as evidence
in a court of law but provides minimal protection against people who know you.

 TRev


Re: hiding a face on television

pixar!news@ucbvax.berkeley.edu <bruce@pixar.com>
Thu, 11 Jul 91 14:29:49 PDT
The process used to hide a face on television is called "pixellation".
An area of the screen is imaged at a reduced resolution.  Image
processing can allow one to smooth the image, and make it somewhat more
recognizable, but does not recover lost information. There IS sometimes
a way to recover more information:

If the sampling method used to make the squares is simple point
sampling of a single point under the square, one could recover some of
the lost information by watching the face MOVE under the squares and
tracking the position and value of the sample points. These could then
be combined into a still picture. If the value of the square is an
average of the pixels under it, this gets harder. If there isn't much
movement, or there are too few squares, you won't have enough pixels.

You can also recover the original voice from those voice-distorter
boxes.  Most of the modern ones use commutation, and I think older ones
used a hetrodyne. Both processes can be reversed.

Defeating this kind of thing takes an engineer with the right equipment, and a
willingness to put in the time to guide the process manually.
                                            Bruce Perens


Hiding a face on television

Paul Smee <P.Smee@bristol.ac.uk>
Thu, 11 Jul 91 15:16:14 BST
> Is this safe?

Seems to depend on the version of the video processor used.  Certainly,
with the earlier versions at least, you could get a very clear visual
image of what was being hidden by simply squinting while watching the
picture.  Popular folklore, over here at least, had it that the image
you got WAS in fact a reasonable reconstruction of what they were
trying to hide, and at least one of the broadcasters paid lip service
to this by switching to a different video processor which was said to
garble things more efficiently.  A good artist (or someone with a
PhotoFit identification kit) could of course convert their visual
impression to a hardcopy one.

There was always the question of how accurate this visualisation effect
was.  The problem being, of course, that the human mind tends to fill
in details that it can't see but that it knows should be present.  So,
is the visualisation really an accurate reconstruction of what they are
trying to hide?  To my mind, this question is a red herring.  If the
impression is accurate, then you are (potentially) endangering the
person you are trying to protect.  If the impression is inaccurate, it
is still likely to resemble SOMEBODY, so putting them at risk.

(I'd guess that the latter case, inaccurate mental reconstruction, would
probably be worse, in fact.  I'd suspect that if the image you get is
really due to your brain 'filling in' the missing parts, it would be
likely that it is using people you know for reference.)

Paul Smee, Computing Service, University of Bristol, Bristol BS8 1UD, UK
 P.Smee@bristol.ac.uk - ..!uunet!ukc!bsmail!p.smee - Tel +44 272 303132


Risk Preferences [Research effort!]

Kevin Crocker <risk@cs.athabascau.ca>
11 Jul 91 22:43:25 GMT
Hello everyone!  I'm doing some research on Risk Preferences (specifically
computer users attitudes towards risks - both endogenous and exogenous) and am
seeking some volunteers to complete a survey.

If you are interested in participating in this endeavour you can ftp the files
from:

131.232.10.8 (aupair.cs.athabascau.ca) in the directory

/risk/ps for the postscript files
/risk/txt for the text files, and
/risk/scr for the screen files.

Please make sure that you take all the files in whichever form you wish.  Each
directory has several files in it.

Please also e-mail me telling me what you took so that I can keep track of
what's what!  risk@cs.athabascau.ca

Thanks for your indulgence and assistance.

Kevin Crocker, Assistant Professor, Finance Studies, Athabasca University

   [If you cannot FTP, contact Kevin, NOT RISKS!  Also, I presume
   KEVIN will share any interesting results with all of us.  PGN]


FINAL CALL, COMPUTING & VALUES CONFERENCE, AUG 12-16

Walter Maner <bgsuvax!maner@cis.ohio-state.edu>
12 Jul 91 03:00:52 GMT
                    FINAL CALL FOR PARTICIPATION
                             N C C V / 91
           THE NATIONAL CONFERENCE ON COMPUTING AND VALUES
              August 12-16 in New Haven, Connecticut USA

   o  CURRENT STATUS

The workshop structure of N C C V / 91 limits participation to approximately
500 registrants, but space is still available at this time (mid-July).
Registration is $225 for the full conference, $100 for any of the special
one-day workshops.  Limited scholarships are available for persons with
disabilites.  Deeply discounted motel rates (Quality Inn, 203/387-6651) and air
fares (USAir Gold File #36470000) remain available.

   o  MORE THAN 50 DISTINGUISHED SPEAKERS

Ronald E. Anderson, Daniel Appleman, John Perry Barlow, Tzipporah Ben Avraham,
Tora Bikson, Timothy Binkley, Della T. Bonnette, Leslie Burkholder, Terrell
Ward Bynum, David Carey, Jacques N. Catudal, Gary Chapman, David Chaum, Frank
Connolly, Marvin Croy, Peter Danielson, Dorothy Denning, Peter Denning, Charles
E. M. Dunlop, Batya Friedman, Ken W. Gatzke, Richard Gordon, Donald Gotterbarn,
Michael S. Hart, Barbara Heinisch, Deborah Johnson, Mitch Kapor, Isaac Victor
Kerlow, John Ladd, Marianne LaFrance, Ann-Marie Lancaster, Paul Lansky, Doris
Lidtke, Walter Maner, David H. Martin, Dianne Martin, Keith Miller, James H.
Moor, William Hugh Murray, Barbara Nessim, Peter Neumann, George Nicholson,
Helen Nissenbaum, Daniel Ort, Judith Perrolle, Amy Rubin, Lillian F. Schwartz,
Sanford Sherizen, John Snapper, Kenneth Snelson, Eugene Spafford, Richard
Stallman, T.C. Ting, Willis H. Ware, Sally Webster, Vivian Weil, Joseph
Weizenbaum, Terry Winograd, Richard A. Wright, and Bob Zenhausern

   o  18 FOUR-DAY WORKSHOPS ON SIX MAJOR THEMES (MAIN TRACKS)

      -  Computer Privacy & Confidentiality
      -  Computer Security & Crime
      -  Ownership of Software & Intellectual Property
      -  Equity & Access to Computing Resources
      -  Teaching Computing & Values
      -  Policy Issues in the Campus Computing Environment

   o  7 ADDITIONAL ONE-DAY WORKSHOPS (SHORT TRACKS)

      On August 13th
      -  Short track on philosophical and ethical issues
      -  Short track on campus computing issues

      On August 14th
      - Short track on legal and governmental issues
      - Short track on business and computer ethics issues
      - Short track on ehical issues in city government computing

      On August 15th

      - Short track on issues of accessibility for persons with
        disabilities
      - Short track on software ownership issues

   o  COMPUTER ART BY WORLD-FAMOUS ARTISTS

   o  COMPUTER MUSIC BY A NATIONALLY KNOWN COMPOSER

   o  FILM FESTIVAL ON COMPUTING AND HUMAN VALUES

   o  EXTENSIVE EXHIBITS

      -  Books and articles
      -  Organizations and resources
      -  Hardware and software
      -  Adaptive technology

N C C V / 91 is funded in part by the National Science Foundation
and hosted by the Research Center on Computing and Society and
Southern Connecticut State University.

TO REGISTER IMMEDIATELY and assure yourself of a place at N C C V,
please send a check payable to "B G S U" for $225 (full conference) or
$100 (one-day) to
     Professor Walter Maner
     Dept. of Computer Science
     Bowling Green State University
     Bowling Green, OH 43403 USA

FOR ADDITIONAL INFORMATION and literature, contact Professor Maner as follows

   BITNet      MANER@BGSUOPIE.BITNET
   InterNet    maner@andy.bgsu.edu (129.1.1.2)
   Fax         (419) 372-8061
   Phone       (419) 372-8719  (answering machine)
   Phone       (419) 372-2337  (secretary)

Please report problems with the web pages to the maintainer

Top