The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 12 Issue 6

Tuesday 16 July 1991


o Bay-Area Long-Distance Service Disrupted
o Computer Showers a Briton with Gifts
Henry Cate III via Mark Brader&rec.humor
o Computer "assistance" in the UK Grand Prix
Brian Randell
o Re: auto telemetry records
Erik Nilsson
o Free [Canadian] Money?
Mark Batten
o Nitwit ideas (Niven and Pournelle)
Clive Feather
o Puzzle boxes for critical device interfacing
Ross Williams
o U.S. Electronic Data Move Challenged on Privacy Issue
NYT via Jeff Helgesen
o NPTN Infosphere Report
Sue Anderson
o Re: Risks of Posting to RISKS
Chuck Dunlop
o Info on RISKS (comp.risks)

Bay-Area Long-Distance Service Disrupted (again!)

"Peter G. Neumann" <>
Tue, 16 Jul 91 9:08:41 PDT
At 9:29am on 15 July, a US Sprint fiber-optic cable was cut by a construction
crew working at Tassajara Road near Interstate 580 in the SanFrancisco/Oakland
East-Bay area.  Repairs were completed 3.5 hours later.  Long distance calls
from 415 and 408 area codes were affected.  In the interim, some Sprint
customers were rerouted through AT&T's long distance network.  However, this
caused `congestion problems' [for both AT&T and Sprint!].  This was the third
outage in the Bay Area this month.  [Source: San Francisco Chronicle article,
16Jul91, by Carl T. Hall]


Mark Brader <>
Tue, 16 Jul 91 05:55 EDT
[NY Times via, at least, Henry Cate III,, and Mark Brader,
SoftQuad Inc., Toronto, utzoo!sq!msb,]

According to a posting in rec.humor, the following story appeared in the
New York Times in April 1972.


Eveashan, England.  -- Joseph Begley saved 2,000 cigarette coupons and mailed
them in to a British cigarette company in order to get a watch.  When the watch
didn't arrive he wrote and asked why.

Back came three watches.  Mr. Begley only wanted one so he mailed back the
other two.  The next day 10 parcels arrived from the cigarette company.  The
following day 18 parcels arrived.  The day after that 10 more parcels came.

All were trade-in gifts given by the cigarette company in exchange for coupons
Mr. Begley never had.  Among the gifts were three tape recorders, a doll, a
golf bag, two electric blankets, a cot, saucepans, a pressure cooker, and
long-playing records.

Mr. Begley wrote a long, pleading letter to the company asking them to stop.
In the return mail came a reply saying: "It was a computer error."

The company gave Mr. Begley 10,000 coupons in compensation for his troubles.
With these Mr. Begley ordered some tools and a bedspread.

He received a plant stand and two stepladders.

Computer "assistance" in the UK Grand Prix

Tue, 16 Jul 91 10:34:11 BST
Today's issue of the Independent (a UK national newspaper) has an article about
the British Formula 1 Grand Prix held at Silverstone on Sunday (14/7/91) which
was won by Nigel Mansell, with Ayrton Senna running out of fuel within sight of
the finishing line. The article contains the following paragraphs:

  For the second successive week, Senna was fooled by a computer read-out.  In
France, he was led to believe that the car was low on fuel. It was not. At
Silverstone, he was told it had plenty. It had not. Mansell, meanwhile, was
attempting to outwit the gearbox computer which left him stranded on the last
lap of the Canadian Grand Prix.

  He said: "It was just like Canada. I felt it just the same. But you learn
from experience. I was able to identify the problem and knew what to do about
it. I kept up the revs and kept it in fifth gear as long as possible.

  "I'm increasingly worried about being controlled by computers. The driver is
becoming more and more the prisoner of the computer."

[Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK
PHONE = +44 91 222 7923  FAX = +44 91 222 8232]

Re: auto telemetry records (John Moore, RISKS-11.86)

Erik Nilsson <>
Thu, 20 Jun 91 17:44:13 PDT
One of our customers makes a part used with air bags.  The controls for air
bags use accelerometers to determine when an air bag should be deployed.
Apparently, the speed of the vehicle is also factored into the deploy decision.

Because the auto companies are afraid of lawsuits over faulty deployment, the
airbag control includes a flight-recorder-like telemetry record.  It isn't
clear how accurate this record is.  The advice our customer gave us was, if we
were in an accident, find and destroy the black box as soon as possible.

- Erik Nilsson erikn@boa.MITRON.TEK.COM

Free Money?

Mark Batten <>
Wed, 10 Jul 91 15:42:05 EDT
A few weeks ago (June 1991) I saw a news article on Canada's NewsWorld (a 24
hour news channel) which related the following story (paraphrased from memory):

   A man decided to use his Royal Bank ATM card to get some money out of
   his account.  He used a Co-op (trust company, I believe) ATM machine.
   He entered his id number and received the money he requested.
   He then noticed that there was a problem with the printed receipt.
   It was missing the balance, a transaction number, and similar items.
   He checked the ATM card and discovered that he had accidentally used
   his Bell Calling Card rather than the Royal Bank card he intended.
   He immediately reported the problem to the Co-op branch.  They called
   in the Royal Bank and Bell to determine what had happened.

   It turns out the money he received had not been deducted from his account.
   It had come out of the Co-op's general fund or something like that.
   The Co-op spokesperson assured the reporter that the problem had been
   determined and resolved by the end of the day and that it was unique
   to Bell Calling Cards and the Co-op's ATM software.
   (It was not clear from the report but I believe this happened in Toronto.)

Does anyone know anything more about this?

Mark Batten     uunet!shl!mark

Nitwit ideas (Niven and Pournelle)

Clive Feather <>
Mon, 15 Jul 91 12:07:09 BST
  Re: Patriot missile specifications, Robert I. Eachus, RISKS-12.01, "This is
  NOT a failure of design or specification or production, it is often the
  result of someone trying something because he is dead anyway if it doesn't
  work.  Such successful tactics quickly become the normal way the weapon is

I am reminded of something from _The_Mote_in_God's_Eye_ by Niven and Pournelle:

    "It's a nitwit idea. Nitwit ideas are for emergencies. The rest of the
    time you go by the Book, which is mostly a collection of nitwit ideas
    that worked."

Clive D.W. Feather,  IXI Limited, 62-74 Burleigh St. Cambridge CB1 1OJ  UK          Phone: +44 223 462 131

Puzzle boxes for critical device interfacing

Ross Williams <>
21 Jun 91 15:18:49 GMT
INTRODUCTION: I have had an idea for the reliable interfacing of computer
systems with critical hardware that I would like to air in this newsgroup.

IDEA: The idea is to place some kind of "puzzle" between the microprocessor and
the critical hardware device such that in order to activate the critical
device, the microprocessor must send a complex sequence of signals, the
sequence being the solution to a puzzle. I call such a device a "puzzle box".

BENEFIT: The benefit of the puzzle box is that the microprocessor is far less
likely to activate the critical device under failure conditions than if a
simpler interface were used (e.g. address decoder and one bit latch).

GRAY CODE PUZZLE BOX: In order to avoid interface problems themselves, puzzle
boxes must be extremely simple. The simplest, most efficient puzzle box I have
invented consists of a row of switches wired in serial (through which the
critical signal must pass) controlled by simple logic that requires the
microprocessor to transmit a Gray code sequence (a "Gray Code Puzzle Box").
Thus, in order to fire the rocket, the microprocessor has to solve the Towers
of Hanoi puzzle!

PROVISIONAL PATENT: I have submitted an Australian Provisional Patent
application for this invention (January 1991, June 1991) and am looking for
feedback on its originality and usefulness. I am also looking for people to
help manage this patent. A copy of the provisional patent application is
available upon request (I can email it to you or snail mail it).  The
application gives an accessible description of the idea and answers common

Although the idea is simple, I have chosen to patent as I view it as somewhat
perverse. Engineers spend a lot of their time trying to make it EASIER for
pieces of hardware to talk to each other. The puzzle box goes totally against
this principle, but in doing so increases safety.

I look forward to reader responses.

Ross Williams   Net:    Fax: +61 8 373-4911
Home phone: +61 8 379-5020 (South Australian Time)
Snail Mail: 16 Lerwick Avenue, Hazelwood Park 5066, South Australia, Australia

U.S. Electronic Data Move Challenged on Privacy Issue (NY Times)

Jeff Helgesen <>
Mon, 1 Jul 91 12:52:46 -0500
      Fears Rise on Possibility of Scrutiny by Federal Agencies
                      NY Times -- 29 June 1991

The government said Thursday that it would introduce a Federal standard for
authenticating electronic data later this summer, but the announcement prompted
an angry reaction from one of the leading private providers of software that
protects computer data.  The company, RSA Data Security Inc. of Redwood City,
Calif., said the Government had failed to address fears about the possibility
of a secret "trapdoor," which would permit intelligence and law-enforcement
agencies to look at private data.

The issue of providing special mechanisms to permit Government access to
private information has caused a growing public debate recently.  Earlier this
year an anti-terrorism bill in Congress called on the computer and
telecommunication industries to permit Federal agencies to look at private
data. But the statement was later dropped from the bill after extensive public

Government officials said that it would be possible for technical experts to
examine the standard when it is released this summer and the could decide for
themselves whether there were any shortcomings in the design of the standard.
"It will be openly published and people can inspect it to their heart's
content," said James H. Burrows, head of the computer systems laboratory at the
National Institute of Standards and Technology [NIST].

He added that the new standard was not intended to encrypt computer data, and
that the Government would continue to rely on an earlier technology known as
the Data Encryption Standard to actually hide information from potential
electronic eavesdroppers. He said there was a project underway to develop a
successor to that standard, but that it was years away from completion.

In testimony before the House Subcommittee of the Committee on Science, Space
and Technology, Raymond J. Kammer, deputy director of the NIST, said on
Thursday that the Government was working on final arrangements for a planned
"data signature" standard that would permit electronic authentication of
documents and access systems as well as protecting against computer viruses and
other forms of electronic tampering.

He added that the new standard did not include capabilities for coding messages
so that only one person or a group of people could read them.  Mr. Kammer
acknowledged that the agency's efforts to develop a standard had been, "slow,
difficult, and complex." He said his agency had worked with the National
Security Agency to develop the new standard and called the relationship
between the two "productive." Dr. Burrows said the standards institute had
relid heavily on the intelligence agency for the fundamental work that has led
to the new standard.

"A public key standard would help promote communications privacy," said Marc
Rotenberg, Washington director of Computer Professionals for Social
Responsibility. "The problem today is that there is a legitimate concern about
the role the NSA might play in the development of such a standard."

Officials at RSA, and other computer security experts, have challenged the
Government standard-setting process saying that it was difficult to have
confidence in the software being proposed by the Federal agencies because of
security agencies' roles in the process.  A number of computer security
experts have said the security agency has objected to adopting the RSA standard
because the system is too difficult for the intelligence agency to crack.

NPTN Infosphere Report

Sue Anderson <>
Mon, 24 Jun 91 15:58:16 -0400
   Below is the final version of our "Infosphere" report summary.  We have
formulated general question areas to which we will attempt to respond using,
whenever possible, existing data.  We also expect that the report will point to
many avenues for further research, particularly in areas where data is simply

   Computer networking is often heralded for its capacity to facilitate
collaboration among researchers, scholars, scientists, authors, etc.  We would
like to capitalize on this potential...  Therefore, if you have any comments on
the summary below, would like to offer assistance (by making suggestions,
locating/supplying information, or providing funding), or if you want more
information, please feel free to contact us (addresses and phone numbers can be
found at the end of the following summary).

                -- -- -- -- -- -- -- -- -- -- -- --

             The National Public Telecomputing Network
                         Infosphere Report

   In 1955 an important transition occurred in American society.  In that year,
for the first time, more than half of our work force became "information
workers" -- people whose main activity was producing, processing, or
distributing information, and producing information technology.

   In the 1980's, with the development of low-cost personal computers and
high-powered computerized communications networks, the pace of that transition
both quickened and deepened.  For the first time rapid exchange of information
could occur, over globe-spanning distances, within seconds, at extremely low
cost.  For the first time also, the average citizen had on their desktops the
means to tap into those resources from their homes, schools, and workplaces.

   Unfortunately, as with many preceding technologies, access to these
resources developed unequally.  Some individuals and segments of society were
able to take immediate advantage of it; others were not (and still are not).
The result is a society which appears to be entering the Information Age the
way a child enters an ocean for the first time--partly in, partly out, partly
fearful, partly intrigued, and not really quite sure what to do next.

   This summer and fall, the National Public Telecomputing Network (NPTN), a
nonprofit public computer network headquartered in Cleveland, Ohio, will be
working on its first annual "Infosphere Report"--a research project similar to
those conducted in areas such as economics, population growth, and the
environment--which will attempt to assess the nation's capacity to effectively
and equitably utilize telecomputing as a medium for meeting its information and
communication needs.  We are defining the "infosphere" as:

     the technical and organizational environment in which the
     general public can remotely access computer-mediated
     communication and information resources.

   We expect that over-time a portrait will emerge which will describe this
nation's progress, with regard to telecomputing, as it encounters the
information age.  The report will be cumulative, comparative, and prescriptive.
It will show where we have been, where we are now, what we are doing well, and
where more emphasis is needed.

   In general, we see the infosphere as being composed of three interactive

     People:  The individuals who are (or could be) using the
     technology and resources.

     Technology:  The hardware, software and network connections
     needed to access the resources (e.g., computers, modems,
     phone lines, network connections, etc.).

     Resources:  The communication and information facilities
     that can (or could be) remotely accessed via computer (e.g.,
     databases, archives, electronic mail, computer conferencing).

   The Infosphere Report will attempt to gauge our progress with regard to each
of these areas.  The first chapter will be an introduction describing the scope
and limitations of the study.  Chapters two through four will address each
infosphere component: people, technology, and resources.  Questions that will
be addressed in these chapters include:

     Who uses the currently available communication and
       information resources?
     What are the general public's communication/information
       needs and desires?
     Do they know what's available?
     How can they find out about it?
     Do they have the knowledge and skills to use it?
     Do they have access to the necessary resources to use it?

     What technology exists for accessing communication and
       information resources?
     What is its availability and cost to the general public?
     What are its strengths and weaknesses? (e.g., ease of use,

     What remotely accessible communication and information
       resources exist?
     What are their availability and cost to the general public?
     What are their strengths and weaknesses? (e.g., quantity,
       quality, appropriateness)

   The final chapter of the report will summarize the findings, draw
conclusions, discuss implications, and make recommendations for improving our
nation's ability to make use of telecomputing to effectively and equitably
utilize computer-mediated communication and information resources.

   The principal investigator on the project will be T.M.  Grundner, Ed.D.  As
an assistant professor at Case Western Reserve University, Dr. Grundner was an
early pioneer in the development of community-based computerized information
services.  His "St.  Silicon Project" in 1984 provided the first data on the
effectiveness of using modem equipped microcomputers to deliver community
health information.  His Cleveland Free-Net Project in 1986 developed the
nation's first free, open-access, community computer system.  As a result of
the success of the Free-Net, in 1989 he founded the National Public
Telecomputing Network to foster the growth of community computer systems and to
link them together into a common nationwide communications and information
network similar to National Public Radio or PBS on television.

   The research coordinator is Sue Anderson, Ed.D. (Cand.).  Ms. Anderson is a
doctoral candidate at the University of Virginia with extensive background in
electronic networking and computer conferencing.  She will be supervising a
staff of volunteer research associates from around the country in the
development and analysis of the data for the report.

   Persons who are interested in assisting on this project, those seeking more
information in general, and (especially) potential funding sources wishing to
participate in continuing support, should contact the project at:

   The Infosphere Report
   National Public Telecomputing Network
   Box 1987
   Cleveland, Ohio 44106

   Voice: 216-368-2733
   FAX: 216-368-5436

   Internet: (Sue Anderson)
    (Tom Grundner)

   BITNET: (Sue Anderson)
  (Tom Grundner)

   CompuServe: 71550,2602 (Sue Anderson)
               72135,1536 (Tom Grundner)

Re: Risks of Posting to RISKS

Thu, 4 Jul 91 11:33:00 EDT
In RISKS 12.02, Jerry Hollombe describes our publication of his 1989 RISKS
posting about the "censorship" of rec.humor.funny at Stanford University.  Mr.
Hollombe's piece was reprinted (with his permission) in Charles Dunlop and Rob
Kling (eds), _Computerization and Controversy: Value Conflicts and Social
Choices_ (Boston, Academic Press, 1991, ISBN: 0-12-224356-0). (See pp.376-379).

   In one section of our book, we published 3 excerpts from RISKS in order to
document an important debate about a university's cutting off access to a BBS
when some people found postings to be personally offensive (a continuing
issue!).  Les Earnest and John McCarthy criticized Stanford's censorship while
Jerry Hollombe argued that the term "censorship" was inappropriate and that
Stanford had a right to cut off access to any BBS.  We included this debate as
one short selection in an 80 page section that examines controversies about
"Social Relationships in Electronic Communities".

   Our anthology examines many debates about computerization pertinent to
quality of worklife, productivity, system design, privacy, social control,
gender bias, system security and risks, ethical codes, and social relationships
on networks.  However, we did not effectively anticipate this new controversy
about computerization: one's ability to fairly reprint RISKS (or any BBS)
postings after posters have given explicit permission!

   Although Mr. Hollombe now regards his February 1989 RISKS posting as "a bit
embarrassing", he acknowledges that he gave us explicit permission to reprint
it in _Computerization and Controversy_, with the stipulation that a footnote
be added detailing his current position on the subject.  We appreciated Mr.
Hollombe's willingness to allow us to reprint his Feb.  1989 posting since it
was a counterpoint to McCarthy and Ernest.  Without his posting, we would only
have been able to portray one side of the debate and might have dropped these
particular RISKS excerpts entirely.

   Unfortunately, Mr. Hollombe attributes his problem with the reprinting of
his RISKS posting solely to publishers and editors, and he conveniently ignores
his control over the publication.  In RISKS 12.02 he writes:

 >The risk?  The words we exchange here aren't as ephemeral as they may
 >appear on a VDT screen, so be careful what you say and how you say it.
 >You  never know  who might decide to package and ship it to a customer.

   This complaint strikes us as unfair.  It incorrectly suggests that Mr.
Hollombe had no control over the reprinting of his RISKS postings.  He knew
that we wanted to "package and ship" his Feb 1989 RISKS posting to readers of
_Computerization & Controversy_.  And he consented to our doing so.

   We can understand that Mr. Hollombe might now regret having given us
permission; people sometimes regret all sorts of things they have agreed to
under "fair" conditions.  But that is very different from having his comments
published WITHOUT his permission (a kind of theft or coercion).  Furthermore,
we printed the additional footnote that he requested (and also sent him a
complimentary copy of the book).  We believe that in following those procedures
we were VERY FAIR to Mr. Hollombe.

   At the time when we assembled the articles for _Computerization and
Controversy_ (mostly previously published articles), we discussed the copyright
status of RISKS postings with Peter Neumann.  It seemed then that there was no
clear legal ruling regarding rights and ownership of BBS postings.  We took a
very conservative and respectful position in seeking permission from authors
wherever possible.  For example, if Mr.  Hollombe had denied us permission, we
would not have published his RISKS posting.

   We also note that our position that editors should seek a poster's
permission can have significant practical difficulties.  The longer the time
that elapses between BBS posting dates and the time when editors assemble
materials for publication, the harder it it may be to locate posters.  If
someone writes a book about the changing nature and debates of computer risks
between 1980-2000 in the year 2005, it may be hard to locate most posters at
the mail addresses in their message headers from 1985-1995 (grin).

   This issue may be important to RISKS posters, as well as posters on other
boards (e.g., political boards, technical and scientific boards, sex boards,
personal discussion boards).  In all these venues, many people may post with
the expectation that their keystrokes are ephemeral, whereas some readers may
see them as contributions to the public domain unless they explicitly say
otherwise (e.g., through a copyright notice appended to their messages).
Significantly, the heading of each RISKS volume now addresses this issue, at
least in a limited context (i.e., the reprinting of postings in ACM SIGSOFT's

   Does anyone know the state of the law on these matters?  Or the status
of the controversies?

        Chuck Dunlop                          Rob Kling
        U of Michigan - Flint                 UC-Irvine

Please report problems with the web pages to the maintainer