The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 12 Issue 14

Monday 19 August 1991


o TRW Wrong on Credit Reports for Entire Town
Scot Drysdale
o Computer Crime Bill - S1322
Robert E. Van Cleef
o Bank Shot (RISKS of automatable documents)
Ed Ravin
o Misuse of computerized auto registration info
Rodney Hoffman
o Risk of licensing programmers -- lost freedom and creativity
John Gilmore
o A320 revisited
Robert Dorsett
o Re: Procter&Gamble
Steve Bellovin
o Re: FSF machine having to clamp down on security
Paul Mauvais
o Re: "locking" DoD smart weapons
Guy Sherr
o Re: Rumor regarding Soviet calibers
Michael Edelman
o More Credit Bureau Risks
Mike Waters
o RISKS of calling 911 from cellular phones
E.M. Culver
o Book: "Narcissistic process and corporate decay..."
Dan Jacobson
o Info on RISKS (comp.risks)

TRW Wrong on Credit Reports for Entire Town

Scot Drysdale <>
Tue, 13 Aug 91 11:08:43 -0400
TRW appears to have decided that every resident of Norwich, VT is deliquent
in paying property taxes.  An article in The Valley News from from a couple
of weeks ago follows.  (I foolishly clipped the article but not the date.)

      Company Wrong on Credit Reports,   by Roger Carrol and Rich Barlow

NORWICH - The Vermont Attorney General's office is investigating how one of
the largest credit-reporting companies in the world came to list every Norwich
property owner as a delinquent taxpayer.

Not every taxpayer is delinquent, of course, but Karen Porter - town clerk,
treasurer, and collector of taxes - said all 1,500 residential taxpayers are
listed that way by the California-based TRW, Inc., which distributes credit
information through a nationwide network. ...  Porter said she first got wind
of the problem about a month ago, when someone from Macoma Savings Bank called
the Norwich town office to verify that a customer applying for a loan had paid
off a "Norwich County" lien on property.  The taxpayer never had a lien on the
property, said Porter, who became more suspicious when the phrase "Norwich
County" popped up again.  "I heard that term three times in two days from
various banks and credit bureaus," she said.  It stood out because there is no
Norwich County.  She traced the source of the information to TRW, and it took
her a week of calling and writing before she got a company official who could
answer her questions.  "I had him pull up six or seven records on his computer
screen," said Porter.  "In each case they (Norwich taxpayers) were listed (on
the TRW computer) as having liens.  But in each case they had paid in a timely
fashion.  He's making long sighs on the other end of the phone while I'm
telling him there are 1,500 he has to correct."  [...]

The article goes on to describe how TRW blames the error on National Data
Retrieval of Norcross, GA.  An NDR representative came to the town office in
February and wrote down the names listed in the town's receipt book.  The NDR
representative blamed it on a keypunch operator in Georgia.

A couple of days ago Porter published a Letter to the Editor claiming that TRW
claims to have fixed all of the incorrect records, but that she has not yet
gotten that in writing.

Scot Drysdale

Computer Crime Bill - S1322

Robert E. Van Cleef <>
Mon, 12 Aug 91 14:35:51 -0700
Senator Leahy's Computer Crime Bill Would Close Loopholes in CFAA
(From Government Computer News, August 5, 1991, Page 98)

 "Sen. Patrick J. Leahy has reintroduced a computer crime bill that would close
 loopholes in the existing Computer Fraud and Abuse Act (CFAA) by making it a
 felony to introduce viruses or other damaging programs intentionally into
 computers. " [...]

 One recent study estimated that computer crime now causes between $3 billion
 and $5 billion in damages a year, [Sen. Hank] Brown said. " [...]

 Recognizing that some incidents are neither malicious nor intentional, Leahy
 said the bill would create a parallel misdemeanor charge for reckless actions
 that cause harm to computers. " [...]

Bob Van Cleef, NASA Ames Research Center (415) 604-4366

Bank Shot (RISKS of automatable documents)

Unix Guru-in-Training <elr%trintex@uunet.UU.NET>
Fri, 16 Aug 91 17:40:00 EDT
Yet another technology-enabled telephone scam -- a telemarketer calls up
someone and cons them into reading over the phone the numbers off one of their
checks.  The cons use this information to print up a "demand draft" which lets
them pull any amount of money they want from the victim's checking account.
The demand drafts, like checks, are automatable documents, and access to
check-printing technology seems to be a plus in pulling this off.

Unfortunately, no one has yet called for changes to the technology used in
checks and demand drafts.  [Remember the Forbes cover story on how easy it is
to fabricate a check -- they were able to clear a forged $30,000 check that
they manufactured with a color photocopier and a desktop publishing system.]
It's kind of scary to think that the banking industry so far finds the threat
of massive fraud insufficient motivation to change a technology they're
comfortable with.

Here's a recent news article on the subject.  Note that the words
"computer crime" or "hacker" aren't being used, but they would be if
the technology involved was owned by a less respectable institution
than the U.S. banking industry...

           by Jean Iida, American Banker, NY Newsday, July 25, 1991

A new high-tech telemarketing scam that is stinging banks and consumers is
catching the attention of Washington, DC lawmakers.  But a proposed law aimed
at protecting consumers may do little to limit banks' exposure to the crimes.
The drafted legislation would address the problem of fraudulent demand drafts
-- a check-like mechanism that can be used to siphon money from checking

Demand drafts, used legitimately by a variety of businesses to collect
recurring payments from their customers, are automatic withdrawals from a
checking account.  Insurance companies, for instance, often use them to collect
premium payments.

The scam has cost banks and their unwitting customers hundreds of millions of
dollars since it cropped up late last year, bankers and investigators said.
And despite the big losses, bankers seem to have few ways to combat criminals
who use sophisticated check-printing equipment to take advantage of banks' need
to quickly process checks and demand drafts.

As a result, Congress may pick up the gauntlet.  Rep. Ron Wyden (D-Oregon) is
proposing legislation that would register and set bonds of about $200,000 for
each telemarketer.  The bill, for which Rep. Wyden is now seeking comment,
could even include restrictions on the types of companies that can buy
sophisticated check-printing equipment often used in the crimes.  ...

Because banks' check-processing operations are so highly automated, it is
nearly impossible for a bank to catch a questionable demand draft.  "There's no
automated way to catch bogus demand drafts," said one banker who asked not to
be named.  Usually, "you don't know you have a problem until you get the return
items, and by then it may be too late."

In the scam, whose victims are frequently older people, a telemarketer obtains
checking account and other codes found on the magnetic-ink character line of
checks, often promising in return cosmetics, prizes, or trips.  Later, the
consumer may be charged for the goods but receive nothing, or receive the
promised goods but find them shoddy.  Or victims may find that their checking
accounts have been drained of far more money than expected.  The consumer may
then turn to the bank, demanding a refund.  Once a bank has paid funds from a
consumer's account to the telemarketer's, the bank is frequently liable.

Once a telemarketer knows a consumer's checking account and transit routing
numbers, he can use demand drafts as a blank check to withdraw almost unlimited
sums of money.

But demand drafts are here to stay.  Millions of legitmate demand drafts are
processed every year.

And the proposed measures, such as requiring telemarketers to post bonds, would
protect only the first consumer to notice the fraud.  Typically, consumers do
not know they have been victimized until after they receive their monthly bank

"The problem is how high do you go" in setting a bond, Barker said.
"Some telemarketers got $1.7 million in small amounts in six weeks."

Ed Ravin     philabs!trintex!elr

Misuse of computerized auto registration info

Rodney Hoffman <>
Mon, 19 Aug 1991 08:15:02 PDT
Precis of a `Los Angeles Times' article by Paul Jacobs headlined

The California Department of Motor Vehicles regularly opens its address files
to 14,000 businesses and individuals, many of whom have direct access to the
DMV's computerized files.  Audits found unauthorized use and other problems in
more than 25% of a recent sampling of these accounts.  None have yet been

In the wake of a 1989 murder of an actress in which the accused killer used
automobile registration records to track down the victim, California enacted a
new law restricting access to DMV information.  However, the law exempts banks,
insurance companies, car dealers, wrecking yards, and process servers.
Virtually anyone can register as a process server for less than $100.  A black
market in DMV data has developed.  There have also been some cases of DMV
employees altering or misusing data.

In one recent case, Edward Jack Vijfvinkel is alleged to have misrepresented
himself as a private investigator and paid $50 to open a DMV account.  He is
said to have used license plate numbers to get addresses and other information
which he used to write to women he spotted while driving.

One woman received a letter saying in part, "I'll give you one week to respond
or I come looking for you."  A letter to another woman said, "I looked for you
though all I knew about you was your license plate.  Now I know more and yet
nothing.  I know you're a Libra but I don't know what it's like to smell your
hair while I'm kissin' your neck and holding you in my arms."  The woman called
the police.  Vijfvinkel bragged to the arresting officer that he could find
anyone with a license plate.  He had in his possession the book, `You Can Find

Risk of licensing programmers -- lost freedom and creativity

John Gilmore <>
Sun, 4 Aug 91 04:16:12 PDT
I can't believe all the people who are posting in RISKS that they like
the idea of government mandated licensing of the software craft.  (I don't
care if you call it designing, engineering, programming, or hacking.)
What ever happened to the idea of freedom of speech in software?

Maybe I'm just an old-timer, but while "some of my best friends" came into
software through traditional college courses, most of the best, brightest, and
most inventive programmers I know became programmers without formal training.
The fathers of the computer revolution you are now staring at and typing to,
were able to make the great strides they did, in an incredibly short period of
time as measured against any other industry, because there was nobody to say
"no, you can't do that".  Why would anyone who has the equipment and training
that permits them to read this message, want to squelch such creativity and
productivity gains for the entire society?

I've heard all the drivel about raising standards and driving out the low
quality practitioners.  Right.  What it really does it makes it more painful
for *everyone* to enter the industry -- the best *and* the worst.  It creates a
monopoly, ruled by an old boys' "board of licensing" who entrench their idea of
proper programming.  It's a good thing this bill didn't pass during the "Goto
considered harmful" phase, or it might have ended up "Goto considered illegal"
and stuck us programming in Pascal forever.  (I also note that the explosion of
C programming in the last ten years was mostly among people on micros who
typically hadn't programmed before.  E.g. if you were required to go through
college to be allowed to try C, you wouldn't bother, since the college courses
of the time taught Pascal and Fortran; you'd have already been taught how to
constrain your thinking to what was possible in inferior languages.)

By the way, I never went to college at all.  Among the three co-founders of my
current successful software startup company, only one of us has a degree - and
it isn't in computers (I think it's history).  And while I am really very
talented with computers, if continuing to work with them means getting a
government license, I'll just retire on what I've already made in computers,
and start exploring one of the other ten or twelve things I've never had time
for.  I mean, we turn down government contracts now just over the added

Did you notice in the bill that it allows people to gain a license to be a
programmer even if they don't go to an "approved" college?  But it requires
years of work experience -- which will be illegal to get after the bill passes.
Essentially a grandfather clause disguised as an alternative route.  It means
that the bright kids and 20 year olds and 30 year olds who currently wander
into programming from chemistry or physics or MCAD or library science, or
bartending (I know a few!), will be banned from the industry.  I'd really
rather not replace these talented, motivated people with drones who learned how
to take tests and warmed a seat in some state college for four years.  We need
more interdisciplinary people already -- you want to cut the supply to a tiny
trickle of those who're willing to sit through two or three entire courses of
formal study?

My reaction to the NJ bill was: O boy.  Now the programmers will all get upset
at it, and not only can we kill off this stupid bill, but perhaps while we're
incensed, we can even repeal some of the other ridiculous occupational
licensing that's already on the books -- like hairdressers, barbers, car
mechanics, etc.

If you really care about this issue, I recommend that you implement it in your
personal life without waiting for the government.  Only buy computers designed
by licensed and bonded EE's.  (Hint: your SPARCstation is not one of them.)
Only buy software that was written by programmers who passed the CDP exam.
(Better send back Unix, Emacs, Lotus 1-2-3, and Usenet.)  I don't think TCP/IP
was designed by registered communications engineers either.  (Maybe OSI was --
it has that smell.)  Well, you can always run DOS -- ahem -- uh, Bill Gates
*started* college, but I don't think he ever finished it.  Too busy making
better products than all those people who wasted four years.  But maybe he
*hired* a lot of fully certified licensed degreed people to write the code.  Or
maybe not.

Don't forget to restrict your reading to government-approved writers, and your
thinking to government-approved thoughts.

Sometimes I think the worst mistake the founders of our country made was giving
governments the power to control commerce and trade.
                                                   John Gilmore, Cygnus Support

A320 revisited

Robert Dorsett <>
Fri, 16 Aug 91 13:01:03 CDT
[This is a re-worked sci.aeronautics reply to a comp.sys.mac.programmer post.
It's somewhat relevant in its RISKS-of-RISKS aspects...]

And Mr. Finnegan wrote:

  >The Airbus suffers from what many software safety experts consider a major
  >design problem - it uses redundant flight computers and a polling computer
  >to pick the 'majority' answer to each input (I forget the technical term
  >for this theory -- it's been way too long since I've been immersed in stuff
  >like this in school/industry).  This system is used because some CS people
  >think polling can replace stringent software testing - if 5 s/w teams all
  >write code to the same spec and test just a little, the polling computer (if
  >it is calibrated properly - another issue) statistically should be able to
  >deduce the proper answer and weed out any incorrect input.  Needless to say
  >many experts aren't convinced.

The A320 flight control system is comprised of five computers: two elevator and
aileron computers (ELAC) and three spoiler and elevator computers (SEC).  The
computers use diverse software and hardware implementations: the ELACS are
based on the 68000 and Pascal, the SEC's on the 80186 and C.  At any one time,
there is *one* and only one "hot" computer, and one standby computer.

Each computer is actually a combination of two "channels," one microprocessor
driving each channel.  One such channel is a "command" channel; the other is a
"monitor" channel.  Each is responsible for guaranteeing the output of the
other.  The command channel was written in a high-level language; the monitor
channel was written in assembler.

The ELACS are the higher-level computers, providing all the functionality as-
sociated with the complete FBW pilot interface (there are four distinct direct-
control flight modes the A320 can be in).  ELAC1 is the primary computer.
Graceful degradation is accomplished, going from ELAC1 to ELAC2 to SEC1 and so
forth.  The SEC computers provide a "direct" control law, in which sidestick
deflection more or less correlates to control surface movement.  SEC3 only
controls roll.  The pilots can also command switching from one computer to

Various means (checksums, range tests, time-outs, etc) are used to determine
computer robustness.  If the checks fail, the computer takes itself off-line.

SEC and ELAC development teams were isolated, and prevented from communicating
with one another.  This was intended to prevent teams from "contaminating" each
others' code with common approaches.  Any problems theoretically will only
arise from the *specification,* although it's entirely probable that each team
opted for similar approaches to solving problems.

The software and hardware verification regime was performed in accordance to
EUROCAE/ED-12A.  This is virtually identical to RTCA/DO-178A.  The overall
system design is fault-tolerant.

Considering the need for hardware and software diversity, I really can't see a
credible way of implementing this thing, other than a loosely-coupled,
asynchronous network--which precludes anything much more sophisticated than
polling by client services.  In general, the A320 Electronic Flight Control
System (EFCS) is a bit too complex to be condemned by a broad statement that it
uses "polling."  The A320 does not use a "judging" computer such as you
describe; clients are partially responsible for minor things such as parity or
range checking on the single inputs from the currently active flight control

What you seemed to be indicating is more akin to how the *Space Shuttle* works,
i.e., having a "majority rules" system of verifying hardware integrity.

  = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

I suppose I should put a big caveat on all my gripes about the A320 over the
past three years: yes, I do think the airplane is unsafe.  But no, I do not
believe that slipshod work went into its design and construction.  There is
much to suggest that the design of the A320 EFCS represented a quality control
system unprecedented in the industry, and which utilized the best techniques
of the time.  One might quibble with some isolated aspect of it, but the
overall approach was sound.

My major problem with the *reliability* aspect of the system is Airbus's claim
of being able to satisfy the "one catastrophic failure every million hours"
clause for flight control systems in the Federal Aviation Regulations.  Airbus
can't prove it.  Moreover, the FAA requirement for the 1e-9 figure explicitly
does *not* apply to flight control *software*, even though it applies to
flight control *systems*.  Draw your own conclusions.

There is also sufficient cause to doubt even our best software engineering
techniques.  This is an issue that many people like to ignore, assuming that,
of course we can produce "perfect" software; if it doesn't work, then somebody
must have screwed up.  NOT true.

IMHO, this sort of thing doesn't belong in a civilian airliner--yet.  Airbus
proudly points to its revolutionary airplane, but *revolutionary* anythings
are rarely well-understood.  Related effects of their decision to use FBW--
namely, in the form of the pilot interface--will cause other problems.

But Airbus set a precedent, and created a marketing force in the process.
Now, other companies have to raise the stakes, too, or risk losing market
share.  Airbus is extending the A320 EFCS model to include the A330 and A340;
Boeing's developing a "tower" (geographically localized hardware) system for
the 777.

Lastly, there *is* a lot wrong with the A320.  But I'm also noticing a lot of
scapegoat-bashing going on.  The A320's problems are fairly well defined, and
need to be corrected.  Let's NOT assign our favorite software-engineering
pet peeve, arbitrarily, to such a large and accessable target.  I'm not
addressing this to you in particular, Greg; it's become pretty frequent over
the past few months.

Robert Dorsett!!rdd
[References available on request.]

Re: Procter&Gamble (RISKS-12.13)

Mon, 19 Aug 91 15:54:02 EDT
It's not just the computerized risks -- apparently, the police officer running
the investigation is a part-time P&G security consultant.  And no one at either
the company or the police department seems to think that there's any conflict
of interest.

Re: FSF machine having to clamp down on security (RISKS-12.12)

Paul Mauvais <MAUVAIS@psuorvm.bitnet>
Mon, 19 Aug 91 12:24:19 LCL
I have heard from someone that Richard Stallman was interviewed on TV after the
anonymous accounts were shutdown, and during the interview, several people
noticed that his root password was written on the white board behind him, in
plain view of the TV camera.

Needless to say, it was changed soon after this was realized....
Always nice to have one's root password broadcast to a few million people.

Talk about RISKS....

Re: "locking" DoD smart weapons (RISKS-12.13)

Mon, 19 Aug 91 21:14 GMT
I would rather not spend unbelievable amounts of money on making smart weapons
smart enough to know whether they are being fired by the enemy.  That runs to
the opposite idea, first, that smart US made weapons should NEVER kill the
allied forces; thus eliminating Friendly Fire kills.

Instead, let the DoD spend a few dollars making innovative things that will
explode WHENEVER they are used, and then tell the allies what to look for in the
boobytraps.  For example, you could mark alot of hand grenades M27A3 instead of
M27A1; the A1 variety go off as expected, but the A3's will detonate when the
safety pin is removed (without even losing the spoon). Granted that would be
rather rude, however, consider that our enemy would suddenly think, hesitate,
and perhaps even abandon the idea of using ANYTHING we leave behind.

Better that than dropping leaflets...

Guy Sherr, Lab Configuration Manager, MCI NSIL, Reston, VA
Voice: (703)648-8645 (Vnet 262)

Re: Rumor regarding Soviet calibers

Mon, 19 Aug 91 19:55:08 GMT
The most recent issue of comp.risks [RISKS-12.13] repeated a classic bit of
modern arms folklore: That Soviet weapons are designed with calibers slightly
larger than US arms so that Soviet arms may fire US ammunition, but not

Although this story has been repeated for years, most noteably in Alexander
Cockburn's book on defense (itself a wonderful source of misinformation), it is
most assuredly false. It probably has its origins in the fact that some Soviet
arms have odd sizes- like the "121mm mortor".  This, according to Suvarov, is
to avoid confusion of mortar rounds with gun rounds. While there is a 120 mm
gun and a 121mm mortor, both are actually 120mm.

There has never been a Soviet infantry rifle that would safely fire US issue
ammunition. Fitting ammunition to a rifle is a critical matter; an error of a
few thounsandths in headspace can create a lethal hazard.
                                                           --mike edelman

More Credit Bureau Risks

Strawberry Jammer <>
Thu, 15 Aug 91 08:15:54 MST
In Risks a few weeks ago was an account concerning someone's problems with the
automated credit bureaus. I read it with a little bemusement thinking "it cant
happen to me". I soon learned better, that same day I received a rejection
notice for a credit card application. The reason?  Bankruptcy. BANKRUPTCY? I
haven't filed bankruptcy nor do I even plan to, and you would think that *I*
would know about it.

The credit bureau checked and responded "yes thats correct - tough" (in so many
words). It took a letter to my U.S. congressman to get to the bottom of it.

It seems my EX-WIFE had filed bankruptcy and two of our former joint accounts
were reporting "a party on the account is bankrupt". TRW interpreted this to
mean "liquidated through bankruptcy", and LO! I too had no credit!

TRW (under presure) has agreed to remove the items from my credit report, but
when I next pay my mortgage and they report the on time payment, who knows what
will happen!

Watch out, folks, it CAN happen to you!

Mike Waters,

RISKS of calling 911 from cellular phones

"E. M. Culver x5416" <>
Thu, 15 Aug 1991 08:09 EDT
I have wondered what happens when you call 911 from a cellular phone.  In
Connecticut, you get the State Police who will (maybe) help you.  911 coverage
here approaches 100%, so calling 911 from a cellular phone is not necessarily
silly.  Somebody tried, nobody got hurt and the human side of the system did
not work...

[Digested from "Cellular Caller Gets Runaround Reporting Fire", New Haven
(Connecticut) Register, 13 August 1991.  I removed the individual names.]

A Wallingford, Connecticut woman called to report a fire in her public housing
duplex on August 9 (at about 11:45am) by calling 911 on her cellular telephone.
In Connecticut, 911 calls from cellular phones are routed to the nearest state
_State Police_ barracks. The State Police dispatcher told the woman "This
number is for state police emergencies only. You have to call 1-411 {the
information number } and get the number of your local fire department."
Fine--she did that. The Wallingford Fire Department's dispatcher told her to
call 911.....

In frustration, she called the Wallingford Police, told the story and waited.
After a few minutes (this was less than a mile from the fire house) she
concluded the Fire Department had not been told. She called the fire department
again, saying "My house is burning down and nobody's going to come?" and
getting agitated. About 25 minutes after the call to 911 the fire trucks
arrived. A maintenance worker sent by the housing authority had already put out
the fire. There were no injuries.

The Fire Chief said the Fire Department is instituting a policy change so
dispatchers will handle emergency calls on non-911 lines instead of directing
callers to dial 911.

The State Police get 911 calls from cellular phones because these calls are
usually report traffic accidents. State Police dispatchers are supposed to
route fire calls to the appropriate local fire department.  911 calls made from
regular phones can be traced to the physical address from which the call
originated--either the old fashioned way or with an advanced form of caller ID,
which give the dispatcher the physical address of the phone originating the

Book: "Narcissistic process and corporate decay..."

Thu, 15 Aug 91 10:01 CDT
Interesting sounding book:

Howard S. Schwartz.  Narcissistic process and corporate decay : the theory of
the organization ideal.  New York University Press, c1990. xiv+151 pp.
ISBN 0-8147-7913-1.  Corporate culture; Organizational behavior; Challenger
(Space shuttle)--Accidents; General Motors Corporation--Management; U.S.
National Aeronautics and Space Administration--Management.

PART ONE - The Theory of the Organization Ideal
 1 The Clockwork or the Snakepit: An Essay on the Meaning of
   Teaching Organizational Behavior
 2 On the Psychodynamics of Organizational Totalitarianism
 3 Antisocial Actions of Committed Organizational Participants
PART TWO - Organizational Decay and Organizational Disaster
 4 Totalitarian Management and Organizational Decay: The Case of General Motors
 5 Organizational Disaster and Organizational Decay: The Case of
   the National Aeronautics and Space Administration
 6 On the Psychodynamics of Organizational Disaster: The Case of
   the Space Shuttle "Challenger"
PART THREE - American Culture and the "Challenger" Disaster: A Historical
 7 The Symbol of the Space Shuttle and the Degeneration of the American Dream
 8 Conclusion: Addiction and Recovery

Please report problems with the web pages to the maintainer