The RISKS Digest
Volume 12 Issue 70

Wednesday, 18th December 1991

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Life, Death, and Faxes — Convicted forger released by bogus fax
BT ordered to pay damages for keyboard injuries
Olivier M.J. Crepin-Leblond
Re: Privacy of Email
Eric Florack
Re: More on E911 and representation
Erling Kristiansen
Software safety, formal methods and standards
Jonathan Bowen
2nd Conf on Computers, Freedom, and Privacy
Lance J. Hoffman
Info on RISKS (comp.risks)

Life, Death, and Faxes — Convicted forger released by bogus fax

"Peter G. Neumann" <>
Wed, 18 Dec 91 12:06:13 PST
Jean Paul Barrett, a convict serving 33 years for forgery and fraud in the Pima
County jail in Tuscon, Arizona, was released on 13Dec91 after receipt of a
forged fax ordering his release.  It appears that a copy of a legitimate
release order was altered to bear HIS name.  Apparently no one noticed that the
faxed document lacked an originating phone number or that there was no "formal"
cover sheet.  The "error" was discovered when Barrett failed to show up for a
court hearing.

The jail releases about 60 people each day, and faxes have become standard
procedure.  Sheriff's Sergeant Rick Kastigar said "procedures are being changed
so the error will not occur again."  [Abstracted by PGN from "Fraudulent Fax
Gets Forger Freed", an item in the San Francisco Chronicle, 18Dec91, p.A3]

The RISKS annals contain earlier cases of people getting out of jail by
altering the prison computer system database (LA County) or nearly succeeding
in doing so (Santa Clara).  Authentication sufficient to automagically detect
bogus messages (EMail, Fax, voice mail, etc.) has been discussed here in the
past, and might have been useful here.  But probably not...  PGN

BT ordered to pay damages for keyboard injuries

"Olivier M.J. Crepin-Leblond" <>
Mon, 16 Dec 91 22:46 BST
     Oracle Teletext service (ITV, UK), 16-Dec-1991, has just reported that two
former keyboard operators have been awarded 6000 pounds Sterling damages
(approx. $10000) against British Telecom for pain caused by their work.  It
appears that the two operators suffered repetitive strain injury (RSI) because
of unsuitable chairs. Judge John Byrt, sitting at a court in London's
Guildhall, said that BT was not negligent by making them work too hard.  "
Union officials said the ruling was a breakthrough in making employers take
responsibility for serious injuries caused by high-speed work on computers. "

Olivier M.J. Crepin-Leblond, Elec. Eng. Dept., Imperial College London, UK.

Re: Privacy of Email (Lui, RISKS-12.69)

Tue, 17 Dec 1991 07:28:21 PST
<>A spokesman for Epson America, which is based in Torrance, CA, refused to
discuss Shoars's account of the monitoring episode and insisted that her
dismissal had nothing to do with her questioning of the electronic mail
practice.  He denied that Epson America, the United States marketing arm of a
Japanese company, had a policy of monitoring electronic mail.<<

Allow me to suggest that there may be some merit in this statement. I would
further suggest that there was far more to Epson v  Shoars than we have been
led to think. Some stories I've seen circulating suggest that Shoars was far
from what you would call the ideal worker, in terms of what she produced. At
this point, Epson was searching for a way to eliminate her.  Here, their
problems began. HAve any of you who happen to be supervisors, attempted to fire
a non-productive worker who was among the people supposedly trampled on by
society? I'm talking about EEO laws, of course.

(Before you get bent outta shape, I don't object to the concept of equality,
certainly... just the way the idiots in Washington have decided to provide it.)

 The Shoars case is  one  where the real issues were being masked by supposed
abuses of electronic mail, IMHO. It is perhaps this reason, that causes many to
think that it's not the landmark case that Shoars, as well as certain groups,
would have you think.

Another point... one that nobody seems to get... is her old super still working
for the company?

My old school-mate, Gene Spafford and I diagree on this one, I'm afraid. As
Mike Simmons says:

"If the corporation owns the equipment and pays for the network, that asset
belongs to the company, and it has a right to look and see if people are using
it for purposes other than running the business,"

 I would think restraint could be used on the part of the employer... and is in
most cases.... (FOr example, if my employer didn't, you'd not be reading this).

However, I would point out that with so much work today being done on company
computers... so much of the work day focused on that one item... that watching
Email is one of the few tools left to the employer to monitor the employee. Sit
accross an office from someone on their terminal. Can you tell if they're doing
cost estimates, if if they're laying odds on the ponies, or perhaps playing

As someone recently said: If a train station is where a train stops, what is a
work station?

Opinions are my own, of course, and may or may not agree with official
policy... but give me time....

Re: More on E911 and representation (RISKS 12.69)

"E. Kristiansen - WMS" <EKRISTIA@estec.bitnet>
Wed, 18 Dec 91 09:04:11 CET
In the Dutch telephone numbering plan, all area codes starting with 06 were
unused until a few years ago, presumably "reserved for future use".
When this empty can was finally opened, it quickly turned into a can of worms.
Within the 06 prefix today, you find:
- toll free services
- services carrying a surcharge, such as party lines (10 callers randomly
  put in "teleconference"), sex lines, etc.
- PTT special services such as Information, Fault reporting, Time, Weather
- Private and public companies and institutions wanting a nation-wide number
And, since mid 1991, the notion-wide emergency number 06-11!

The first digit following the 06 does provide some classification, for example,
06-0 and 06-4 are toll free numbers. But this is not consistent. 06-11 is toll
free, as you might assume, but the number as such is not in the 06-0 or 06-4
number group. The significance of the third digit is not widely publicized,
so it is not obvious what the charge for a certain number will be, unless you
study the subject rather carefully.

And now the computer RISK:
Many companies have programmes their PABXs to disallow calling 06 numbers
because most of these have little or no relevance to the company, and many
carry rather heavy surcharges. In so doing, calling the 06-11 emergency
number is also blocked!

Some companies start to realize the problem, and do something about it. But,
to my opinion, the real problem is a bad numbering plan. An emergency number
should really stand out from "common" numbers, and not be grouped together
with surcharge numbers.

Finally, I totally agree with Bob Frankston that more standardization is
called for in numbering. I travel quite a lot to several countries, and
often have difficulty remembering the international prefix when calling
out from a particular country.

Erling Kristiansen - ESTEC, Noordwijk, The Netherlands

Software safety, formal methods and standards

Wed, 4 Dec 91 16:54:37 GMT
I am sending you an edited version of the messages I received back from my
request in this area.  I have posted this to the and
comp.specification newsgroups.  It is probably too long for comp.risks, but
perhaps it would be worth including a pointer to these two newsgroups.

Jonathan Bowen, PRG, Oxford.

     [Yes, it is much too long — it does not even fit in one issue.  It
     includes responses from the following:
         "Ben L. Di Vito" <bld@gov.nasa.larc.air16>
         bryan@edu.Stanford.asterix (Douglas L. Bryan)
         ramu@com.mot.corp.cadsun (Rick Kuhn)
         Steve Emmerson <steve@edu.ucar.unidata>
         Nancy Leveson <nancy@murphy.ICS.UCI.EDU>   (2)
         Al Stavely <al@edu.nmt.jupiter> (Chris Holt)
         John Rushby <RUSHBY@com.sri.csl>
         David Parnas <parnas@ca.mcmaster.eng.qusunt>
         Charles R. Martin" <martinc@edu.unc.cs>
         Debra Sparkman <Debra_Sparkman.ADD@gov.llnl.ocf.lccmail>
         Jim Pyra  <>
         heiner <heiner@uucp.b21> [unido!b21!heiner]
         JZ01 <JZ01%SWT.DECNET@net.the.relay>
     It can be FTPed from the CRVAX RISKS: DIRECTORY as RISKS-12.BOWEN.

2nd Conf on Computers, Freedom, and Privacy

Lance J. Hoffman <>
Mon, 9 Dec 91 14:28:09 EST
                                First Announcement of
              L'Enfant Plaza Hotel, Washington DC    March 18-20, 1992

(A longer, complete, electronic version of this announcement is available
by sending a request with any title and any message to

(The printed announcement (brochure) is available — see end of this notice.)

     The rush of computers into our workplaces, homes, and institutions is
drastically altering how we work and live, how we buy and sell, and with whom
we communicate.  Computers are obliterating traditional political and
organizational boundaries, making time zones irrelevant, and bridging diverse
cultures.  They are fundamentally changing our culture, values, laws,
traditions, and identities.

     The turmoil of the changes calls into question many old assumptions about
privacy, freedom of speech, search and seizure, access to personal and
governmental information, professional responsibilities, ethics,
criminality, law enforcement, and more.  The only way to sort out these
issues and arrive at a consensus for action is to acknowledge that we don't
know the answers — and then, with reason and good will, to find the
answers through discussion and education.  That's why the Conference on
Computers, Freedom, and Privacy was founded in 1991.

     The Computers, Freedom, and Privacy Conference is unique.  It has no
"agenda for change".  It seeks only to bring together people from all the major
communities and interest groups that have a stake in the new world being shaped
by information technology, so that they may share their ideas, ideals, concerns
and experiences.

     At the first conference, hundreds of people from the fields of law,
computer science, law enforcement, business, public policy, government,
education, research, marketing, information providing, advocacy and a host of
others met for several days.  It was the first time such a diverse group had
ever assembled, and the exchange of ideas and points of view was electric.

     The conference is "single-track" — all participants attend all the
sessions.  A morning of tutorials at the beginning of the conference will help
participants get up to speed in specific "hot" areas.  The conference sessions
themselves take up timely and, at times, thorny issues.  Each session aims for
a balance of perspectives in order to assist diverse groups appreciate the
views of others.  A brief examination of the long list of sponsoring and
supporting organizations will reveal that this respect for diverse outlooks is
built into the conference from the ground up.

     The question is no longer whether information technologies will change our
world.  They are, now.  The real question is how we, as citizens and
professionals, will respond to and manage that change.  Those at the Second
Conference on Computers, Freedom, and Privacy will lead the way.

Sponsors: Association for Computing Machinery, Special Interest Groups on
Computers and Society, Communications, Security, Audit, and Control

Host: Department of Electrical Engineering and Computer Science
      The George Washington University

Patrons: Bell Atlantic                    Computer Security Institute
         Department of Energy*            Dun & Bradstreet
         Equifax                          Hayes Microcomputer Products, Inc.
         John Gilmore                     Mitchell Kapor
         National Institutes of Health*   National Science Foundation*
                                      *applied for

Co-sponsors and cooperating organizations:
     American Civil Liberties Union
     Association for Computing Machinery
          Special Interest Group on Software Engineering
     Association of Research Libraries
     Computer Professionals for Social Responsibility
     Electronic Frontier Foundation
     Federal Library and Information Center Committee
     First Amendment Congress
     Institute for Electrical and Electronics Engineers-USA
          Committee on Communications and Information Policy
     Library and Information Technology Association
     Privacy International
     U. S. Privacy Council
     The WELL (Whole Earth 'Lectronic Link)


Lance J. Hoffman (General Chair), The George Washington University
Michael F. Brewer, Dun and Bradstreet
Paul Clark (chair, Operations Committee), Trusted Information Systems
Dorothy Denning (chair, Tutorials Committee), Georgetown University
Peter Denning (chair, Program Committee), George Mason University
David Farber, University of Pennsylvania
Craig Feied, The George Washington University Medical Center
Mike Gibbons, FBI
Mitchell Kapor, Electronic Frontier Foundation
Jane Kirtley, Reporters Committee for Freedom of the Press
Lu Kleppinger (chair, Finance Committee), The George Washington University
C. Dianne Martin, The George Washington University
John McMullen (chair, Scholarship Committee), McMullen &  McMullen, Inc.
Lynn McNulty, NIST
Ronald Plesser, Piper and Marbury
Molly Raphael, D.C. Public Library
Mark Rotenberg, CPSR Washington Office
James Sylvester, Bell Atlantic
Jim Warren, Autodesk and MicroTimes
Fred Weingarten, Computing Research Association



Group A: 9:00 a.m.

Making Information Law and Policy
     Jane Bortnick, Congressional Research Service, Library of Congress

Information policy is made (or not made) by a bewildering array of
government officials and agencies.  This tutorial gives a road map through
this maze of laws, regulations, practices, etc.

Getting on the Net
     Mitchell Kapor, Electronic Frontier Foundation

Practical issues of access to the Internet for the nontechnical end-user,
including basic services (email, USENET, ftp), PC and Mac-based network
applications, and net-speak.

Communications and Network Evolution
     Sergio Heker, JVNCNet

The underlying technical infrastructure for the Internet, for persons not
deeply immersed in the technology.  Possible future technologies and
projects, and what privacy and freedom problems they may bring.

Private Sector Privacy
     Jeff Smith, Georgetown University

An introduction to laws, rules, and practices regarding personal
information gathered and stored by private organizations such as direct
marketers, hospitals, etc.

Group B: 10:30 a.m.

Constitutional Law for Nonlawyers
     Harvey Silverglate, Silverglate & Good

An overview of Constitutional law with special emphasis on the First,
Fourth, and Fifth Amendments and the application of their principles in the
information age.

Computer Crime
     Don G. Ingraham, Alameda County District Attorney's Office

Investigation, search, seizure, and evidence requirements for pursuing
computer crime.  For computer users, owners, sysops, and investigators and
attorneys unfamiliar with computer crime practices.

Modern Telecommunications: Life after Humpty Dumpty
     Richard S. Wolff, Bellcore

Roles and relationships of the key players in telecommunications,
developments in communications technology, and new services. Signaling
System 7, ISDN, and advanced intelligent network features.

International Privacy Developments
     David Flaherty, University of Western Ontario

Privacy-related developments within the European community, OECD, and the
United Nations, and how they affect the United States. Comparison of
privacy regulations here and abroad.


1:00-2:00 p.m.  KEYNOTE ADDRESS:
 Al Neuharth, Chairman, The Freedom Forum and Founder, USA Today
     "Freedom in Cyberspace: New Wine in Old Flasks?"

     The differing legal and regulatory constraints on publishers of
newspapers, owners of television stations, and the telephone service
providers imply that some dogfights will occur and some tough decisions
will have to be made to balance privacy and freedom in the coming decade,
since the old wine of 1970's-era regulation will not fit into the new
flasks of 21st Century.  Mr. Neuharth, a self-proclaimed S.O.B., will give
us a peek at his vision of what the future holds.

2:30 pm - 4 pm   Who logs on?
* Chair: Robert Lucky, AT&T Bell Laboratories
* Panel: Linda Garcia, Office of Technology Assessment
*        Alfred Koeppe, New Jersey Bell
*        Brian Kahin, Harvard University

 4:30 pm - 6 pm   Ethics, Morality, and Criminality
*  Chair: J. Michael Gibbons, Federal Bureau of Investigation
*  Panel: Scott Charney, U. S. Dept. of Justice
*         James Settle, Federal Bureau of Investigation
*         Mike Godwin, Electronic Frontier Foundation
*         Emory Hackman, Esq. (former president, Capital Area Sysops
*         Don Delaney, New York State Police

6:00 pm - 7:30 pm   RECEPTION


9:00 am - 10:30 am   For Sale: Government Information
*  Chair:      George Trubow, John Marshall Law School
*  Panel:      Dwight Morris, Los Angeles Times Washington Bureau
*              Ken Allen, Information Industry Association
*              Patricia Glass Schuman, American Library Association
*              Evan Hendricks, Privacy Times
*              Fred Weingarten, Computing Research Association
*              Franklin S. Reeder, Office of Management and Budget
*              Costas Torreagas, Public Technology, Inc.
*              Robert R. Belair, Kirkpatrick and Lockhart

10:45 am - 12:15 pm   Free Speech and the Public Telephone Network
*  Chair:      Jerry Berman, ACLU Information Technology Project
*  Panel:      Henry Geller, The Markle Foundation
*              Eli Noam, Columbia University
*              John Podesta, Podesta Associates

12:15 pm - 1:45 pm Luncheon with Address: Bruce Sterling
     "Speaking for the Unspeakable"

     Mr. Sterling will gamely attempt to publicly present the points of view of
certain elements of the "computer community" who are not represented at
CFP-2.  He will speak up for those who, in his words, are too "venal,
violent, treacherous, power-mad, suspicious or meanspirited to receive (or
accept) an invitation to attend.

2:00 pm - 3:30 pm   Who's in Your Genes?
*  Chair:      Phil Reilly, Shriver Center for Mental Retardation
*  Panel:      John Hicks, FBI Laboratory
*              Tom Marr, Cold Spring Harbor Laboratory
*              Paul Mendelsohn, Neurofibromatosis, Inc.
*              Peter Neufeld, Esq.
*              Madison Powers, Kennedy Center for Ethics,
                   Georgetown University

3:45 pm - 5:15 pm  Private Collection of Personal Information
* Chair:  Ron Plesser, Piper and Marbury
* Panel:  Janlori Goldman, Privacy and Technology Project, ACLU
*         John Baker, Equifax
*         James D. McQuaid, Metromail
*         James Rule, SUNY-Stony Brook
*         Mary Culnan, Georgetown University
*         P. Michael Neugent, Citicorp

5:15 pm - 6:45 pm   EFF Awards Reception
9:00 pm   Birds of a Feather Sessions

FRIDAY, MARCH 20, 1992

9:00 am - 10:30 am  Privacy and intellectual freedom in the digital library
*  Chair: Marc Rotenberg, Computer Professionals for Social Responsibility
*  Panel: Robert A. Walton, CLSI, Inc.
*         Gordon M. Conable, Monroe (MI) County Library System
*         Jean Armour Polly, Liverpool (NY) Public Library

10:45 am - 12:15 pm Computers in the Workplace: Elysium or Panopticon?
*  Chair:      Alan F. Westin, Columbia University
*  Panel:      Gary Marx, MIT
*              Mark DiBernardo, National Association of Manufacturers
*              Kristina Zahorik, Subcommittee on Employment and
                  Productivity, U. S. Senate Labor Committee

12:15 pm - 1:30 pm   Lunch (on your own)

1:30 pm - 3:00 pm   Who Holds the Keys?
*  Chair:      Dorothy Denning
*  Panel:      Jim Bidzos, RSA Data Security
*              David Bellin, Pratt Institute
*              John Gilmore, Cygnus Support
*              Whitfield Diffie, SunSoft, Inc.

3:00 pm - 4:15 pm   Public Policy for the 21st Century
Co-chairs:     Peter J. Denning, George Mason University
               Lance J. Hoffman, George Washington University



     Please register for the conference by returning the Conference
Registration Form (below) along with the appropriate payment — check,
Visa, or Mastercard.  Registration fee includes conference materials,
Thursday luncheon, and receptions.  The registration is $295 for ACM
members and $350 for nonmembers, $65 for full-time students.  Tutorials,
$95 ($35 students).

Premium for Early Registration

     While they last, a limited number of premiums are available to early
registrants on a first-come, first-served basis.  Early registrants will
receive by mail a voucher which they can exchange at the conference for one
of a number of premiums.  These include:

Videotapes of CFP-1 sessions
Audiotapes of CFP-1 sessions
Proceedings of CFP-1
Computers Under Attack: Intruders, Worms, and Viruses
   by Peter Denning, editor
Rogue Programs: Viruses, Worms, and Trojan Horses
   by Lance Hoffman, editor
"Citizen Rights and Access to Electronic Information"
   by Dennis Reynolds, editor
The Cuckoo's Egg by Cliff Stoll
The Difference Engine by Bruce Sterling and William Gibson
Confessions of an S.O.B. by Al Neuharth
Cyberpunk by Katie Hafner and John Markoff


Registration Scholarships

     Full-time students and others wishing to apply for one of a limited number
of registration scholarships should send a request to the address listed in the
complete announcement, copies of which are available as described elsewhere in
this shorter electronic notice.

Hotel Accomodations

     The 1992 Computers, Freedom, and Privacy Conference will be held at the
Loew's L'Enfant Plaza Hotel, Washington, DC.  One of the finest hotels in
the city, it is just ten minutes from Washington National Airport, five
minutes from Capitol Hill.  The world-renowned Smithsonian Institution
Museums are located within a few blocks.

     To qualify for the conference rate of $105 single or $110 double, call the
hotel reservation line (below) and identify yourself as a CFP-2
participant.  To ensure a room at the L'Enfant Plaza, reservations should
be made by February 10, 1992.  After this date, rooms will be released to
the public.  Hotel reservations: (800) 243-1166; (202) 484-1000 (local).


     As a participant in CFP-2, you are eligible for discounted rates as
follows: 40% off unrestricted coach fares and 5% off the lowest available
fares on specified carriers (all rules and restrictions apply).  To receive
the best rate available call GW Travel (below) and make your reservations
early.  Seats may be limited.  Please mention that you are attending the
CFP-2 Conference. (Code C-6)   GW Travel: (800) 222-1223; (301) 897-8001


     The Second Conference on Computers, Freedom, and Privacy has been approved
by The George Washington University Medical Center for Category One
Continuing Medical Education Units.

Refund Policy

     Refund requests received in writing by February 28, 1992 will be honored.
A $50 cancellation fee will apply.  No refunds will be made after this
date; however, you may send a substitute in your place.



         * * * * *     REGISTRATION   FORM    * * * * *

By mail: Conferences & Institutes, The George Washington University,
     2003 G St. N.W., Washington, D. C. 20052
By fax (24 hrs., with credit card): Send registration form to (202)
By phone (with credit card): (202) 994-7238 (9 a.m. to 5 p.m., EST)
Affiliation: ______________________________________________
Mailing address: __________________________________________
City ____________________________ State _____ Zip _________
Country (if not USA): _____________________________________
Telephone: ________________________________________________
FAX number: _______________________________________________
E-Mail address: ___________________________________________

PRIVACY NOTE: This information will not be sold, rented, loaned, exchanged,
or used for any purpose other than official CFP-2 activities.  A roster
will be distributed to attendees.  Please indicate your preference:
____ Print all information above          ______ Print name only
____ Print only name, affiliation,        ______ Omit all above information
     city, state, zip

  Conference fee (check one)   ___ ACM member ($295)  ___ Non-member ($350)
   [includes conference materials, Thursday luncheon, and receptions]

  ____ Student (full-time/valid ID):___ $65 (no lunch)  ___ $30 (lunch)

  Tutorial fee            _____ Tutorial (half-day, 1 or 2 sessions, $95)
  (Pick 2, 75 min. each)  _____ Student  (half-day, 1 or 2 sessions, $35)

      Group A  9:00 a.m.
     ____ T(1) Making Information Law and Policy
     ____ T(2) Getting on the Net
     ____ T(3) Communications and Network Evolution
     ____ T(4) Private Sector Privacy

      Group B  10:30 a.m.
     ____ T(5) Constitutional Law for Non-lawyers
     ____ T(6) Computer Crime
     ____ T(7) Modern Telecommunications
     ____ T(8) International Privacy Developments

Please check method of payment:              Amount enclosed: $________
      ____ Visa     _____ MasterCard     ____ Check (payable to
                                         The George Washington University)
      Credit card number: ______________________________________
      Expiration date: _________________________________________
      Name on card: ____________________________________________
      Signature: _______________________________________________
For Continuing Medical Education accreditation, give state and medical #:
   * * * * END OF FORM * * * * *

 The complete announcement will be mailed to you in printed form via the
postal service if you request one by telephone, fax, electronic mail, or
regular mail from

CFP - 2
Office of Conferences and Institutes
The George Washington University
2003 G St. NW
Washington DC 20052

phone (202) 994-7238
fax   (202) 994-7048

* * * * * * * * * END OF ANNOUNCEMENT * * * * * * * * * *

Professor Lance J. Hoffman, Department of Electrical Engineering and
Computer Science, The George Washington University, Washington, D. C. 20052
(202) 994-4955   fax: (202) 994-0227

Please report problems with the web pages to the maintainer