The RISKS Digest
Volume 12 Issue 68

Friday, 13th December 1991

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Hubble Trouble: Space Telescope shuts itself down
Henry Cox
Postal worker leaves automated stamper in test configuration
Palmer Davis
Joe Brownlee
2 Safeway preferred customers, to go!
Bear Giles
Hospital computer solicits the dead
Adam Gaffin
Computer records track killer
Robert Jenkins
Train crash in UK - is it human error?
Olivier M.J. Crepin-Leblond
TRW lawsuit settled with FTC, 19 states
Phil R. Karn
National Fingerprint Database specs
Clifford Johnson
Bill on computer usage about to become law in Ireland
Mark Humphrys
The description is right, only the language is wrong
Dan Franklin
Poll tax incompetence
Robin Fairbairns
Truth in Antiviral Advertising
Russell Aminzade
Re: Pentagon computers vulnerable
Steve Bellovin
Post-structuralism and Technology
Phil Agre
Chaos Congress 91 Program
Klaus Brunnstein
Info on RISKS (comp.risks)

Hubble Trouble: Space Telescope shuts itself down

Henry Cox <>
Wed, 11 Dec 91 08:26:42 EST
[A short blurb from the Boston Globe, 11 Dec. 1991]

Washington - The Hubble Space Telescope has shut itself down temporarily
because of a computer programming error that rotated its communications antenna
into a technical no-parking zone.  The Hubble went into a "soft safe mode,"
shutting down some but not all its systems and halting scientific work on
Monday.  It is programmed to take this kind of action whenever necessary to
protect itself from harm.  In this case, it was at the hands of what officials
called a "fluke" buried undiscovered in its millions of lines of computer code.

   [PGN provides the following additional excerpt from an AP item:]

   The trouble was in the system that swivels to keep the Hubble's antenna
pointed to an overhead relay satellite, as the telescope orbits the Earth.  On
Monday, the onboard computer issued a command that exceeded the software
limits on the speed of antenna movement and the system went into an emergency
"safe mode" to protect itself from harm.  "These things are going to happen
over 15 years," Weiler said, calling the incident "a non-problem." The Hubble's
planned lifetime is 15 years.

Postal worker leaves automated stamper in test configuration

Palmer Davis <davis@usenet.INS.CWRU.Edu>
Tue, 10 Dec 91 00:33:56 -0500
According to a report by WEWS-TV, a repair technician at a U.S. Postal Service
facility in Columbus, OH, when repairing a machine used to automatically stamp
messages on cancelled letters, reconfigured the machine to display a test
message that he had learned from his instructor during training, but forgot to
reset the machine to print the correct message after he completed his repairs.
So now, instead of "MERRY CHRISTMAS" or "HOLIDAY GREETINGS", thousands of
letters in circulation bear the message "YOU BITCH".

   [Also noted by Mowgli Assor <>:

      only envelopes 5 1/4-inches tall or taller were affected, but Johnson
   said postal officials estimated that more than 12,000 were printed and only
   a handful were caught before they were loaded onto trucks for delivery. The
   office handled about 5 million pieces of mail Saturday ...]

Postal worker leaves automated stamper in test configuration

Joe Brownlee <>
11 Dec 1991 8:17 EST
This rings a bell with me, because I have seen a few cases where this type of
message was used in test versions of software.  For example, a young programmer
I worked with placed a message in a program instructing the user to press a
certain key to "bomb off", which would produce a dump of the program's current
state so that he could examine it.  The message made it out the door and into a
customer's hands.  They were less than amused.  In another case, an obscene
message was displayed when the use entered an illegal value at a prompt.  That
software was almost sent out the door, but was caught at the last minute and

I suppose the moral is don't enter anything in the system you wouldn't want a
customer to see.

2 Safeway preferred customers, to go!

Bear Giles <>
Wed, 4 Dec 1991 20:16:52 -0700
>From _Westword_, an alternative Denver weekly (12/4/91):

Safeway may be turning its "preferred customer" program into a "proffered
customer" deal.  According to the _Wall Street Journal_, grocery stores in
Chicago, Dallas, Los Angeles and Denver are part of a Citicorp program that
uses checkout scanners to record shoppers' buying habits.  You may have thought
that preferred customer card was just a way to get some free Jimmy Dean sausage
and a friendly monthly letter from Safeway's Bob Green — but it also links
your name and mailing address to your shopping list.  Once you've presented
your card, your personal purchases are no longer so personal.

Citicorp originally planned to sell data on shoppers' purchasing patterns to
grocery marketers.  But for the last month, the _Journal_ says, that
information has been for sale to all comers.  It's handily divided into eight
categories, including "weight-conscious consumers" (511,227 names of people
caught buying lo-cal treats) and "fancy food buyers" (refrigerated pasta is
enough to brand you fair game for marketers of travel magazines).

And just where does the fried-pork-rind-and-Cheese-Whiz contingent fit in?

   [Imagine the fun a health insurance company could have with this

if (subscriber) {
   if (high-fat-foods && !fiber) {
      rates++; }
   if (cigarettes) {
      rates++; }
   if (condoms) {
      rates++; }
   if (KY-Jelly) {
      rates *= large-number }}

(Of course, they would never purchase the records from my health club for
"physically-active++; rates--").

The fact that Citicorp offers this information for Safeway customers certainly
implies the same type of information is available on your Citicorp-issued
credit cards.

Aha!  A new, high-interest category: unfaithful spouses!  (Check for flowers or
hotel rooms within 50 miles of home charged to credit cards).  Sure to be read
by divorce lawyers across America!
                                          Bear Giles ]

Hospital computer solicits the dead

Adam Gaffin <well!adamg@fernwood.UUCP>
Wed, 11 Dec 91 07:29:13 pst
Middlesex News, Framingham, Mass., 12/11/91, page 1

Framingham Union letter solicits from dead - again

By Adam Gaffin
     FRAMINGHAM - The letter expresses the hope that Matthew Jong's recent stay
in Framingham Union Hospital went well and asks him to consider making as large
a donation as possible.  The only problem is that Matthew Jong was pronounced
dead in the hospital emergency room on Oct. 5 after a car accident on Rte. 9 in
     ``This solicitation was the final straw,'' says his mother, Gail, a
Wellesley resident. She has been fighting with the hospital for two months over
the way she was told Matthew was dead - a phone call from the emergency-room
doctor, rather than a visit from a Natick or Wellesley police officer.
     At least one other deceased Framingham Union patient has received a
similar letter since September, when the hospital said it had fixed a computer
glitch that resulted in a number of dead people being sent fund- raising
letters. At the time, Ross Mauro, the hospital director of marketing, said he
had been assured this ``will not, cannot happen again,'' by the hospital's data
processing department and the firm hired to send out the letters to former
patients.  ``Your gift will be an investment in the future health of your
family and your community,'' the letter, signed by medical-staff President
Joseph Baron concludes. ``It could help save the life of someone you love.''
     ``This family has suffered enough and we wish they never had gotten the
letter,'' said hospital spokeswoman Ruth Stark.  She said the mix-up occurred
partly because of the way the emergency-room physician who attended Jong filled
out a form on his case.
     A standardized form is required for every patient who enters the hospital,
and care-givers are supposed to mark a box on the form with a one-letter code
indicating the patient's status.
     In Jong's case, the doctor wrote ``deceased - sent to morgue'' in longhand
across the form, rather than putting an ``E'' - for ``expired'' - in this box,
Stark said.  The form ultimately wound up in a data-processing office, where
workers type patient information into a hospital computer. A clerk did not
notice the box was empty on Jong's form, and did not read the doctor's
comments, and so entered his data into the computer, she said.
     The computer is supposed to delete the records of anybody who is deceased,
a prisoner or a Medicaid patient before the data is shipped to the mailing
company, Stark said.  ``It's not a foolproof system,'' despite efforts to
reduce such incidents.''...  She said hospital personnel have been reminded to
fill out the box to prevent such mishaps.  But she added that the computer
program that does the deleting is currently set up to assume that a blank
disposition box means the patient went home and that officials are looking at
ways to change that.  ``We are intending to insure that this doesn't happen in
the future,'' she said.   [...]

Computer records track killer

Robert Jenkins <>
Sun, 8 Dec 91 20:05 GMT
According to a report in the Guardian newspaper (London), of 6 Dec 91, a recent
murder case was solved by police partly through a computer disproving a
suspect's alibi.

John Tanner murdered his student girlfriend and hid her body underneath the
floorboards of her house. Initially, the police treated him as a witness rather
than a suspect, but his story began to fall apart. He told the police that he
and the girl had taken a bus ride together to the train station at a time when
she was already dead. The Guardian reports:

"The company that runs the local bus service keeps computerised records of its
tickets. Only one person got on the bus and bought a ticket to the station at
the time Mr Tanner claimed."

A RISK, I suppose, of trying to get away with murder. But also another example
of low-level, invisible, surveillance that computers introduce into our lives.

Jolyon Jenkins  (

Train crash in UK - is it human error?

"Olivier M.J. Crepin-Leblond" <>
Sun, 8 Dec 91 19:55 BST
    From Oracle Teletext Service (ITV, UK), 8 Dec 1991:

"Urgent checks are going-on following the Severn Tunnel rail crash on backup
equipment installed after earlier technical problems with the signals.  Sixteen
people are still in hospital after the crash between an Intercity and a
two-carriage Sprinter on Saturday.  BR [British Rail] is looking at whether
there was `further failure of equipment' or whether human error was involved.
The express had slowed to 20mph after a proceed-with-caution signal and was hit
by the Sprinter from behind - so what signal, if any, did the Sprinter get?"

  [`Intercity' and `Sprinter' are two types of train. The crash which happened
  on Saturday morning injured close to 100 people.]

Olivier M.J. Crepin-Leblond, Imperial College London, UK.

TRW lawsuit settled with FTC, 19 states [see RISKS-12.05]

Phil R. Karn <>
Tue, 10 Dec 91 14:04:11 EST
Excerpted from an article by EVAN RAMSTAD, AP Business Writer, 10Dec91:

   DALLAS (AP) _ TRW Inc. has settled a lawsuit with 19 states and the
Federal Trade Commission, which accused the company's credit reporting unit of
violating consumer privacy and making reporting errors that harmed the credit
ratings of thousands of consumers.  The settlement requires Cleveland-based TRW
to make sweeping changes in its credit reporting business, including providing
reports to consumers who ask within four days.  [...]
   The settlement comes against a background of growing consumer anger over the
enormous power of credit reporting companies, which keep financial dossiers on
tens of millions of Americans.  [...]
   The lawsuit cited cases where different consumers' reports were mixed
together and said such inaccuracies are hard to correct. The states and FTC
charged old information reappeared in consumers' files and that consumer
disputes were not adequately investigated.  [...]
   The settlement requires TRW to improve its procedures so that files of
consumers are not mixed up and to prevent old information from reappearing in
consumers' files.
   TRW also agreed to establish a toll-free number for consumer inquiries,
investigate information disputed by consumers and check public records if
necessary to verify information.
   The company also agreed to notify consumers of their rights to dispute
information and to tell them, upon request, about other companies to whom the
credit reports have been sold.
   TRW also agreed to disclose to consumers their individual credit scores,
starting Dec. 31, 1992.
   The company will have to keep records of its compliance and pay the states
$300,000 to cover legal costs, according to the settlement.

   [PGN saw a Washington Post article on 11Dec91, page F1, by Albert B.
   Crenshaw, who noted that as part of the settlement TRW said it would

     * Adopt procedures to prevent data mixups
     * Review within 30 days any disputed information, and delete any that
       cannot be confirmed within 30 days
     * Delete any disputed information when the consumer presents relevant
     * Implement procedures to prevent reappareance of seriously derogatory
       information that has been deleted following a complaint.            ]

National Fingerprint Database specs

"Clifford Johnson" <GA.CJJ@Forsythe.Stanford.EDU>
Thu, 12 Dec 91 11:34:38 PST
>From Gov't Computer News, Dec. 9, 1991:


... The FBI wants IAFIS [Integrated Automated Fingerprint Identification
System] to complete urgent fingerprint matches in under 15 minutes. It expects
a three second response to searches for name and description against its
Criminal Master Database.  Now the fingerprint and information searches can
take two weeks...  The system is slated to start running in Clarksburg, W.Va.,
in late 1994 ...

IAFIS will give law enforcement agencies throughout the country a way to check
fingerprints electronically, through the FBI's National Crime Information
Center (NCIC) network... AFIS will perform a search of the agency's national
fingerprint database.  The system will provide a list of the most likely
candidates, or a message reporting that none were found...  The FBI wants a
system that has a 95% accuracy rate for 10-print searches.  For crime scene
prints, "the correct candidate shall be listed in the top-ranked position 50%
of the time, and in the top 20 positions 65% of the time"...  To keep the
system secure, the FBI will not make technical details public.

Bill on computer usage about to become law in Ireland

Mark Humphrys <C133-012@IRLEARN.UCD.IE>
Wed, 11 Dec 91 01:46:11 GMT
The Criminal Damage Bill, 1990, is about to be passed into law in Ireland,
containing what appears to be an extremely broad definition of 'unauthorised'
use of computers. Section 5 reads as follows:

(1) A person who without lawful excuse operates a computer ...
within the State with intent to access any data kept either within or
outside the State ... shall, whether or not he accesses any data, be guilty
of an offence ...

(2) Subsection (1) applies whether or not the person intended to access any
particular data or any particular category of data or data kept by any
particular person.

Section 6 states that "lawful excuse" applies: "...if at the time ...he
believed that the person... whom he believed to be entitled to consent to or
authorise the ... accessing of the [data] in question had consented, or would
have consented to or authorised it if he or they had known of .. the accessing
and its circumstances, [or] if he is himself the person entitled to consent to
or authorise accessing of the data concerned"

 This Bill has been passed by the Dail (roughly equivalent to the House of
Representatives) and is on its 2nd stage in the Senate (roughly equivalent to
the US Senate) on Thur 12th Dec.
 I would appreciate any comments on what this Bill implies, and examples of
legislation in other jurisdictions. The wording would appear to me to be
extremely dangerous and ill-conceived.
 This is NOT a hypothetical case. I have contacts in the Labour Party ( the 3rd
largest party here ) who want to propose amendments to this Bill, and they have
asked me for advice. There is every chance that they will succeed, if they can
propose an intelligent alternative.
 The last chance to amend it will be late Dec / early Jan.  Then it will become

Mark Humphrys, Dublin, Republic of Ireland

The description is right, only the language is wrong

Mon, 09 Dec 91 11:53:18 -0500
The Boston Globe "TV Week" movie listings had an unusual description for
one movie this past week:

    _New York, New York_ (1977) Robert De Niro, Liza Minelli.
    Apres la deuxieme guerre mondiale, une chanteuse aide un
    saxophoniste a joindre un orchestre fameux de jazz.  (120m.)

The rest of the listings were in English, as they normally are.  The
Globe had this to say (Saturday, December 7, 1991):

    A spokeswoman for Tribune Media Services, which supplies the
    movie listings to newspapers in the United States, Canada, and
    the Caribbean, tells us someone selected the wrong description
    of the film from the company's data base and included it in the
    listings sent to the Globe.  Some television stations carry
    English-language films dubbed in French, she notes.  The English
    description reads: "A singer and a saxophonist team up and break
    up in the postwar big-band era.  Directed by Martin Scorsese."

It is hard to believe that this error would have occurred, and not been caught,
before the age of computers.  The RISK here is that as the chain of events
handled purely by computers lengthens, it becomes possible for relatively major
errors to occur unnoticed, because no one is looking closely at the output at
any stage.
                                Dan Franklin

P.S. A non-RISK is that those of us who can understand a little French
can be amused at how different the two descriptions are...

Poll tax incompetence

Robin Fairbairns <>
Thu, 05 Dec 1991 09:14:47 +0100
I've now simmered down, but I was in a state of seething fury yesterday
from the behaviour of our local Poll Tax office.

Earlier this year, I split up from my wife, and moved house.  Still within the
city, but they gave me a new tax account number: I thought it pretty daft then.
Three months ago I changed the method of payment; in October, they recognised
this and sent me a letter saying that the first payment would be requested from
my bank on 26th November.  On the 2nd December I received a tax demand; when I
finally got through to the payments office, they agreed that it was silly, and
should be dealt with by the direct debit.  Almost immediately, they rang me
back and said there was no direct debit mandate on my account.  If I'd really
given them one, would I please call my bank and ask them to send a copy of
their half of the mandate?  Yesterday, I called them again: I had with me a
copy of their letter about the mandate.  They were adamant; finally we came to
the joint realisation that there were _3_ accounts involved - the one at my old
address, my present one, and the one that had the mandate.  The payment people
had no record on any account they could look at of my mandate.  Through to the
registration people: ah yes, they said, we had a problem with the accounts of
the previous occupants of your house, so we deleted all accounts with that
address.  Sorry, we seem not to have transferred your mandate when we created a
new account for you.

The risk?  Incompetent use of computers causes raised blood pressure!

Robin Fairbairns, Senior Consultant, postmaster and general dogsbody
Laser-Scan Ltd., Science Park, Milton Rd., Cambridge CB4 4FY, UK

Truth in Antiviral Advertising

"Russell Aminzade: Trinity College of VT" <AMINZADE@uvmvax.bitnet>
Mon, 9 Dec 1991 07:17 EST
An advertisement has been running in major computer professional
magazines that I find both obnoxious and dangerous.  I've seen it in several
places, but I'm looking at the inside back cover of the December 2, 1991
PC WEEK (Vol 8. #48).  It's an ad for Central Point Software's "Central
Point Anti-Virus."

The ad has an illustration of nine computer screens.  Eight of them appear
to show illustrations of the results of these virii, but to anyone familiar
with one or more of them they are obviously "artists interpretations."

Though I haven't encountered every virus "shown," it appears that all of
these screens embellish the actual results of the virus, not only making
the results of infection look scarier, but giving some expensive publicity
to the authors of the Stoned Virus, Friday the 13th Virus, Datacrime
Virus, Aircop, Ping Pong, and Falling Letters.

The RISK here, of course, is that giving free publicity to virus authors will
encourage them (and others) to new heights of "creativity". I'm angry in
part because I have been victimized by computer virii.  I think I've got  at
least some understanding of the mind of a computer vandal, and the only
motivation I could see for releasing a virus would be a desire to see your
program widely publicized and your programming "skill" demonstrated.
This ad takes it one step further, prominently identifying and enhancing
(in garish color) the on-screen look of the virus.

I would feel the same way if I was a park system manager, and a company
that sold cleaning agents highlighted the work of a graffiti artist who
was well-known in my town.  If they  also hired professional artists to
improve the quality of this punk's graffiti, and ran photographs showing
statues and benches  allegedly painted by him or her, I'd be raging mad.

Central Point makes some pretty good software.  I've purchased some of it
(not this product, though).  I angered that they seem willing to stoop this
low to sell their product.  I also wonder how long it will be before some
company is willing to stoop low enough to unleash some nasty code from
which their product can protect users.

Re: Pentagon computers vulnerable

Mon, 02 Dec 91 19:55:12 EST
I certainly can't speak about all of the break-ins.  But I was part of a team
that monitored many such attempts — and these were very definitely traced back
to the Netherlands.  For more details, see Bill Cheswick's paper at the
forthcoming Usenix conference.

As for the notion that it's up to the U.S. military to take precautions --
nonsense!  What ever happened to ethics?  Is it not sufficient that it's their
computer — for almost any value of ``their'' — and they don't want you there?
I note that Herschberg's students have prior permission to conduct their
break-ins.  That's fine — I not only have no problem with that, I conduct such
authorized break-ins myself as part of my job.  Again, though, note that I'm
acting with prior permission.
                                    --Steve Bellovin

Post-structuralism and Technology

Phil Agre <>
Mon, 2 Dec 91 17:20:07 pst
John Bowers (University of Manchester) and I were talking a couple months ago
about various interesting people who have been studying technological issues
using new-fangled methods from philosophy, literary criticism, and sociology.
One recurring theme is the influence of "post-structuralists" like Derrida,
Foucault, Lacan, and Deleuze [*].  We realized, though, that these folks are
all scattered among disciplines and countries, so that a lot of them don't yet
know each other.  So we've started up a network discussion group for such
people and their sympathizers.  Its main purpose is to get everyone introduced
and exchanging papers, though perhaps some interesting discussion will start up
as well.  Its address is  Anyone who wants to be
included can send a note to  (Make sure to
include a network address that's accessible from the Internet: me@here.bitnet,
uucpnode!,,, or
whatever.)  We'll collect addresses for a month or so; then we'll invite
everyone to describe their work and see what happens.
                                                           Phil Agre, UCSD

[*] The relevance to Risks is that a number of these people tend to take a dim
view of technology as a system of social practices, and have novel things to
say about why we should care.  Foucault in particular has defined an
interesting broad sense of "technology" that includes both the physical
machinery and the kinds of cultivated selves that together, he argues, make up
the deep workings of power.  These ideas have led to some challenging new work,
such as Valerie Walkerdine's book "The Mastery of Reason" (Routledge, 1988),
which uses ideas from Foucault and Lacan in a genuinely deep way to explain how
children learn to use mathematical language.

Chaos Congress 91 Program

Klaus Brunnstein <>
12 Dec 91 16:08 +0100
I just receiving the program of Chaos Congress 1991 (over 300 lines, in
German), the following is a condensed survey/translation:

                  8th Chaos Communication Congress:
    "Hitchhiking through the Networks - The European Hacker Party"
    Friday, Dec.27 (12:00) to Sunday, Dec.29 (16:00), 1991
    Eidelstedter Buergerhaus, Hamburg-Eidelstedt (54), Elbgaustr.12

    Fee: CCC members 20 DM; non-members: 30 DM; press: 50 DM;
         commercial participants: 150 DM.

    Fri 27   11:00  press conference
             12:00  Opening session, welcome
             12:30  Informatics and Ethics
             12:30  Corn Flake Whistles and new methods (workshop)
             12:30  Journalists and new media

             14:30  Liability in cases of program faults and viruses
                    (Freiherr von Gravenreuth, lawyer)

             16:30  Data protection - theory and practice
             16:30  DTP
             16:30  Btx DocuSystem (Btx=minitel)

             17:30  Feminin computer handling (only female participants!)

             19:00  Questions of nomenclature and definitions

    Sat 28   10:00  ComLink and APC (regional networks for social
                    communication and environment protection)
             10:00  Waffle (UUCP on MS-DOS)
             10:00  Mercury/Hermes (UUCP on Atari ST)
             10:00  AmigaUUCP (UUCP on Amiga)

             12:00  Individual Network (IN) for private communication)
             12:00  Zerberos
             12:00  Unix

             14:00  Mailboxes and telecommunication as seen from German PTT
                    Dr. Ruetter, German Telecom
             14:00  TeX
             14:00  MUD - Cyberspace (Multi User Dungeons)

             16:00  Net services (email, news, IRC, FTP, Telnet, remote login,
                    Talk ...)
             16:00  Workshop Mailboxes and legal status
             16:00  Voice Mail and PID

             18:30  Citizen Networks, example Gay-Net
             18:30  Stupidity in Networks (#3)
             18:30  Workshop Net services

    Sun 29   11:00  Computer Viruses - State of the Art: Morton Swimmer (VTC)
             11:00  Citizen Packet Radio
             11:00  Hack center: net demonstrations (INTERNET)

             13:00  10 years CCC
             13:00  Workshop on Viruses - questions and discussion (M.Swimmer)
             13:00  RISC - CISC comparison

             15:00  Closing session
             16:00  Party

If you wish to receive the full German program, including details on location
(telephone/fax number..), how to arrive and get rooms etc, please contact me.
Klaus Brunnstein, University of Hamburg (Dec.12,1991 at 4:00 pm German time)

Please report problems with the web pages to the maintainer