The RISKS Digest
Volume 13 Issue 38

Friday, 10th April 1992

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


New California lottery game delayed by program flaw
High Marks & Spencer — it's-pence'r-pounds
Dorothy R. Graham via PGN
London Ambulance Service computer system problems
Dorothy R. Graham via PGN
Women's lives imperiled by medical software
Dorothy R. Graham via PGN
Computer "error" blamed for murder?
U.S. Justice Dept.'s Alien Deportation Notification File Prototype Inaccurate
Sanford Sherizen
Re: Killer Asteroids, Detect/Deflect
Tom Neff
Leslie DeGroff
FBI phone taps
Mark Seecof
Data compression & American cryptographic export policy
Conrad Hughes
Re: Cryptography used by Terrorist Organisation
Dik Winter
PBS TV Show Accuracy
R.Y. Kain
Dave Marvit for WGBH-TV
The makers of the PBS series respond
Dave Marvit
Computer Users Foil Virus
Don Clark via PGN
Info on RISKS (comp.risks)

New California lottery game delayed by program flaw

"Peter G. Neumann" <>
Fri, 10 Apr 92 10:07:08 PDT
The new `Daily 3' numbers game slated to begin today in California was
postponed at the last moment by state officials concerned that the game might
have been unfair.  The problem was discovered only on Wednesday (8 Apr 1992),
and diagnosed the following day.  The final test indicated that the quick-pick
pseudorandom number generating algorithm was biased.  After a quick-fix
programming change, the game is now scheduled to start next Monday.
[Source: San Francisco Chronicle, 10 Apr 1992, p.A21]

   [I suppose this will inspire a new research area — Byzantine Pseudorandom
   Number Generators, in which 3n+1 PNGs are required to guarantee correct
   behavior in spite of n malicious or arbitrarily malfunctioning PNGs.
   I heard on 1 Apr 1992 that Les Lamport has been asked to apply to the State
   of California for a research grant on this topic.  But he was skiing (or
   Byzantining?) in Nevada.  PNG — oops, I mean PGN]

High Marks & Spencer — it's-pence'r-pounds

"Peter G. Neumann" <>
Fri, 10 Apr 92 13:35:50 PDT
Marks & Spencer is looking for the cause of an embarrassing glitch in systems
at its shop in Paris which led to customers being massively overcharged.  The
retailer's Visa credit card transaction system added two zeros to 300 customer's
bills so that a 1 pound pork pie cost 100 pounds.  Marks' barcode and receipt
printing systems were not faulty.

                                    [Source: a clipping from Computing, 21 Nov
1991, contributed by Dorothy R.  Graham of Grove Consultants, Cheshire, UK.]

London Ambulance Service computer system problems

"Peter G. Neumann" <>
Fri, 10 Apr 92 14:01:26 PDT
London Ambulance Service continues to have software problems with its emergency
dispatch system.  The new 1.1M-puond system (being developed by Datatrak and
Systems Options, with Apricot hardware) crashed on its first training session.
Last year, an earlier system failed two major tests, and was scuttled; the
Service sued the vendor (BT subsidiary IAL) and subcontractor (CGS).  That
system had costs escalate from 2.5M pounds to 7.5M pounds, and was supposed to
have been ready in the summer of 1990.  Another system for south London's
nonemergency calls crashed in its first week, in April 1991.

[Source: An article by Jason Hobby in the Computer Weekly, 5 Dec 1991]

On 7 Feb 1992, an operator inadvertently switched off a screen, losing four
emergency calls.  On one occasion, the details of a call were lost; the caller
called again half an hour later and was told that the details had been lost (by
the computer), and an ambulance was dispatched.  The patient later died,
although ``it is not proven that there was any link between the delay and the

[Source: An article by Jason Hobby in the Computer Weekly, 20 Feb 1992]

[Both articles were contributed to RISKS by Dorothy R. Graham, Cheshire, UK]

Women's lives imperiled by medical software

"Peter G. Neumann" <>
Fri, 10 Apr 92 14:08:05 PDT
The National Audit Office has issued a report blaming ``unreliable computer
data'' for failing to identify high-risk groups of women being screened for
cervical and breast cancer, which reduces the chances of successful scanning,
and so contributes to the deaths of 15,000 women in England each year.  The
software is developed by Family Practitioner Services in Exeter.  The report is
now up for review by a Parliament select committee.

[Source: Article by David Evans, Computer Weekly, 20 Feb 1992, contributed
by Dorothy R. Graham, Cheshire, UK]

Computer "error" blamed for murder?

"Peter G. Neumann" <>
Fri, 10 Apr 92 10:02:40 PDT
     Drug Offender Faces Murder Rap

   A drug offender under house arrest killed another man after a computer error
enabled him to break his electronic anklet and leave the house, authorities
say.  Tony Palmer, a 21-year-old who had been serving a three-year sentence,
was charged with fatally shooting Vernon Major, 19, last week.
   The electronic surveillance system sets off an alarm if the prisoner moves
more than 150 feet from a transmitter or breaks the bracelet or anklet.  The
alarm sounded and a printer in Trenton placed an asterisk by Palmer's name, but
the information was not transmitted to a computer monitored by parole officers,
Corrections Department spokesman Jim Stabile said Wednesday.  The printout also
is checked, but 700 names move constantly on that line, Stabile said.

U.S. Justice Dept.'s Alien Deportation Notification File Prototype

Sanford Sherizen <>
Fri, 10 Apr 92 16:59 GMT

The Department of Justice's Central Address File, which will be used to record
and preserve the names and addresses of aliens and their representatives in
deportation proceedings, was reviewed by the General Accounting Office.  The
File is not yet fully implemented but initial reviews indicate problems.  The
General Accounting Office report (Jan. 23), covering a review of only four
field offices, estimates that 22 percent of the records of the names and
address of aliens involved in deportation proceedings were inaccurate. GAO
believes that for ALL offices, some 12 percent of aliens may not be able to be
notified about their deportation hearings due to inaccurate names and addresses
under this system.

The Justice Department indicates plans to revise its current procedures.
However, it isn't clear how they are going to achieve 100 percent accuracy in
notification, which is essential when a deportation matter is at stake.  Not
appearing at a hearing can mean that individuals will lose their rights under
the law, since it can and will be assumed that they were notified as required
by law and/or did not let the authorities know when they moved.  Recently, the
U.S.  has drastically (and often unfairly) restricted appeals and other
protections in many deportation and political asylum cases.  The result has
been shameful incidents, including the deportation of Haitians who are now
being threatened upon return to their country of origin.  Data entry problems
will simply reinforce those governmental decisions, resulting in automatic
deportation orders when persons do not show up for their hearings. Reliance
upon the computer as an essential part of this critical process *without other
forms of notification and review of agency procedures to ensure appropriate
protection of applicants* will cause great problems.

Sanford Sherizen, Data Security Systems, Inc., Natick, MASS

Re: Killer Asteroids, Detect/Deflect

Tom Neff <>
9 Apr 92 13:41:23 EDT (Thu)
For once, the New York Times had something intelligent to say on this
matter in its lead editorial the other day.  If astronomers are really
convinced that the Earth-crossing asteroid impact threat is serious,
would they be willing to take observing time away from other programs on
*existing* instruments and devote it to the search?  Oh, well maybe it's
not THAT serious! :-)  (The NYT stylebook forbids smilies, but if they
ever used one, it would have been right there.)  If the asteroid search
is less important than anything telescopes are being used for now, the
taxpayers might be forgiven for suspecting that this proposal has more
to do with creating work and facilities for folks who've chosen to build
their careers around space based interception issues than it does with a
sensible and properly prioritized approach to protecting the planet.

The RISK here is our old favorite: institutional and career imperatives
are capable of improperly driving public policy unless we keep a
watchful eye out.  Most people trust "astronomers" and "scientists" to
tell us what is really important in that mysterious realm out there.
When they trot out diagrams and photos, we naturally tend to accept
their conclusions.  But it ain't necessarily so.  (I am not saying
anything is fundamentally wrong with the process, though, since public
inquiry like this very discussion tends to weed out errors.)

Astroidal risks, minor core

Fri, 10 Apr 92 13:53:24 PDT
A minor correction might be in order on the posting about the problems and
risks of "monitoring for astroidal risks".
  The (widely believed) event of 65 million years ago was probably the last
"stream clean most of the planet" size event, actual estimates of large
(nuclear explosive level) collisions are for much smaller time scales such as a
few thousand years apart for megaton size to once per million years for objects
capable of devestating medium sized countries.  Still hypothetical but with
some evidence is that a medium sized sea strike triggered or contributed to ice
age.  There are a couple of examples of visible "smallish hits" in last few
thousand years such as "Arizona's Meteor" crater.  Of significance (and I am
sure done a disservic by the media) it that one of the Nasa's proposals is
simply to find and track these smaller but not harmless objects which are also
of a scale that would be currenly feasible to deflect.
   I don't recall the exact numbers but the explosive power of a meteorite
(because of velocities range) range through equivalence in mass to power of
high explosives.... as such a small objects of nickle iron are equivalent to
lower nuclear range.  A 20 meter chunk could be Hiroshima scale, a 100 meter
chunk, megaton scale!!!!
                              Les DeGroff     (

FBI phone taps (Kantor, RISKS-13.32)

Mark Seecof <>
Fri, 10 Apr 92 11:31:36 -0700
Like Brian Kantor (yo, dude) I'd be surprised to hear that there are many
phones which can't be tapped at the end office switch.  From reading the
Sessions piece and other accounts I think what the FBI really wants is to place
taps from their office in Washington (or perhaps from say, Colorado, to save on
toll charges) so that they won't have to spend the staff effort to actually
visit a CO.  Instead, they'll just type a few keys and have the datastreams
associated with calls from or to certain numbers duplicated and copied to their
equipment.  This capability will save them money and effort, reduce the chance
that targets will learn about taps by suborning telco personnel, enable them to
place many more taps, and just maybe increase the incidence of unlawful
(warrantless) tapping.  Of course, I am surprised that Sessions thinks the
American people will want to pay higher phone bills in order to help the FBI
tap their phones.
                                Mark Seecof <>

Data compression & American cryptographic export policy

Conrad Hughes <>
Fri, 10 Apr 92 11:42:30 +0100
Could use of "non-standard" or uncommon compression techniques to facilitate
high-speed data transmission also be undesireable for the NSA/FBI?  Use of
experimental/modified "coding" of data for purposes of compression could make
data just as inaccessible as if it were encrypted for purposes of security..
Should we expect laws against use of non-standard data compression to succeed
laws against data encryption?

On top of the patent problems related to data compression techniques, could
this provide a killing blow for non-corporate research into coding/modelling?

(I may have used "compression" & "coding" in a slightly more interchangeable
way than experts in the field would like - do not hesitate to correct me, but
please accept my apologies in advance..)

Smail: Conrad Hughes, 42 Temple Road, Dublin 6, Ireland
Email:        Voice: +353-1-976143

Re: Cryptography used by Terrorist Organisation

Dik T. Winter <>
9 Apr 92 22:46:35 GMT
 > the Guardian reported that all the leaders of the Basque separatist
 > organisation ETA had been captured in a police raid in France. (ETA is a
 > terrorist organisation in Basque, Spain which want independence from Spain.

A correction here.  Basque country consists of three Spanish provinces and two
French prefectures.  The ETA wants to get all five in a independent country,
but they are currently only active in Spain, although they take refuge in

dik t. winter, cwi, kruislaan 413, 1098 sj  amsterdam, nederland

PBS TV Show Accuracy

faculty R. Y. Kain <>
Fri, 10 Apr 92 13:22:06 -0500
Seeing the praises for the TV series in RISKS, I must add that while what was
shown was well done, I did notice that the one BIG OMISSION in the
"conventional" histories of the business was also omitted from the show. That
is the pioneering work in Iowa in the 1930s (about 1937) by Atanasoff, a
physicist, who built a working machine that did perform calculations using
vacuum tubes. I recall that he actually won a patent suit against Univac, which
had been claiming patents on the basic idea of programmable (?) electronic
computers. So why doesn't he get the credit that is his due? Perhaps he needed
a better public relations department!

Dick Kain                ( - EE Dept., University of Minnesota

Re: TV Show Accuracy]

WGBH-TV (Information Age) <wgbh@MEDIA-LAB.MEDIA.MIT.EDU>
Fri, 10 Apr 92 18:17:28 EDT
Out of respect for John V. Atanasoff's efforts with the ABC Computer, "The
Machine That Changed the World" has been very careful to avoid the term "first"
in speaking of the ENIAC computer.  Generally, we refer to it as the first
"working" electronic computer.

However, the decision NOT to include Atanasoff's computer in the series was
made only after a great deal of consideration.  There is much debate about
Atanasoff's machine — did it ever really work?; could it be considered a
"programmable, digital, computer" as we defined the computer for the purposes
of our series?; how does one weigh the pronouncement of a judge against the
opinion of the majority of the computer community (including historians)
regarding Eckert and Mauchly's place in computer history versus Atanasoff's?

Ultimately, we came to the conclusion that the series (with its inevitable time
constrictions) can only focus of those machines that influenced further
development in the field.  With that criteria, we could not justify spending
the large amount of time that would have been necessary to tell the Atanasoff
story.  In addition, some authors claim that Mauchly "stole" the idea from
Atanasoff is unproven and without Mauchly to tell his side, we felt that
exploration of this part of computer history would only lead to the dead end of

We understand and appreciate the controversy regarding Atanasoff, but feel that
our decision was correct.  In the words of Sir Francis Darwin (in 1914): "In
science, the credit goes to the man who convinces the world, not to whom the
idea first occurs.

Producers, "The Machine That Changed the World"

   [From dave marvit,]

The makers of the PBS series respond (Tompsett, RISKS-13.37)

WGBH-TV (Information Age) <wgbh@MEDIA-LAB.MEDIA.MIT.EDU>
Thu, 9 Apr 92 18:38:05 EDT
We saw the posting by Brian Tompsett <> who asks ...

> Are we being manipulated by global telecasting
> on an Orwellian scale? Who can tell? Not easy is it.

I can assure readers of RISKS that there is nothing Orwellian in the
multi-versioning of the series.  Jon Palfreman (executive producer) responds:

  BBC programs are about 7 minutes shorter and that is the main difference.
  There are small differences of emphasis to reflect the interests and
  knowledge of the different audiences. For example, where there is a British
  figure who is well known he is mentioned (i.e.  Sir Clive Sinclair 

Computer Users Foil Virus [Augments Slade, RISKS-13.27, for archives]

"Peter G. Neumann" <>
Fri, 10 Apr 92 10:07:37 PDT
By Don Clark, c.1992, San Francisco Chronicle, 7 March 1992

    Michelangelo claimed relatively few victims Friday, leaving experts to
debate whether news media over-hyped the computer virus or performed a useful
service by warning the public to take precautions.  The virus apparently
destroyed data in a few thousand personal computers around the world, far short
of expectations. Researchers had estimated that the destructive software
program had spread to anywhere from 100,000 to 5 million computers out of about
80 million IBM-compatible machines worldwide.
   Most large businesses and institutions heeded the headlines and used special
software to inspect and clean their personal computers before Michelangelo's
birthday March 6, when the virus was set to go off. But some individuals and
small businesses did not and came to regret it.
   One of them was Bill Permar, a Sausalito accountant who turned on his
computer to find that Michelangelo had destroyed the contents of two large disk
drives containing his clients' tax data and other records. Although he had
backup copies of that data, he was still struggling with his computer late
Friday.  ``I thought it was a lot of media hype,'' Permar lamented.
   Michelangelo, written by an unknown prankster last year, caught the public
imagination for several reasons. The program is among the most destructive of
the more than 1,000 viruses in existence; when activated, the virus writes
random characters over data on a personal computer's hard disk, making recovery
almost impossible without backup copies of files. The program spreads through
the exchange of floppy disks.
   The widespread publicity over the March 6 deadline led to a drawn-out
countdown on television, radio and in newspapers.
   Some computer professionals think Michelangelo did a good deed by making
millions of people aware of the danger of viruses. The state of California, for
example, spent most of this week checking its thousands of personal computers
for Michelangelo. Only one infection of that virus was found, but the check
turned up other viruses on numerous machines.
   On the other hand, some said the coverage may have unduly caused public
hysteria and could inspire other pranksters to develop destructive programs.
``I'm sure there are a dozen kids right now saying, `I bet I can top that,'''
said Joseph Pujals, the state's information security manager.
   Michelangelo's typical victims include New Salem Baptist Church in Kennesaw,
Ga.; Vigil Printing, a small firm in Chicago; and Save the Whales, the Venice
(Los Angeles County) nonprofit group. Save the Whales lost its membership list,
correspondence and a newsletter that was about to be printed.
   Patricia Hoffman, a Santa Clara virus expert, said she had confirmed reports
of 125 small U.S. businesses affected. American Telephone & Telegraph Co.
confirmed that Michelangelo hit four of its 250,000 computers nationwide.
   Other countries were hit harder. Some 750 to 1,130 personal computers in
South Africa reportedly were plagued by Michelangelo because of the widespread
use of a bootleg version of the operating system used on IBM and compatible
machines. Forty-eight companies or institutions were hit in Australia, 25 in
Hungary, 10 in China and eight in Japan, Hoffman said.
   Many victims were loath to admit that they did not take action, a possible
factor in the low number of Michelangelo victims reported.  ``They were
warned,'' said Martin Tibor, a San Rafael data-recovery expert. ``If they got
hit, it will be arrogance or stupidity.''
   One Bay Area public school with up to 20 stricken computers called Tibor but
would not let its name be used, he said.
   Some experts hope that Michelangelo will hasten the development of modified
operating software that make it harder for viruses to be created and
transmitted. ``Some folks are working on it,'' said Peter Neumann, principal
scientist in the computer-security group at SRI International in Menlo Park.
``We need something on the order of a Chernobyl before people will wake up.''
   There is little doubt that the virus hype was great advertising for
companies that specialize in selling virus-detection software.  Symantec Corp.,
based in Cupertino, said it gave away 250,000 copies of a free program tailored
to get rid of Michelangelo.
   Friday, Symantec was logging about 33 Michelangelo-related calls per hour,
with about 5 percent of those people claiming that their data was destroyed.
   Another controversial topic is the effectiveness of anti-virus software.
Some people claimed such programs did not work. ``There are a lot of really
ticked off people,'' said John McAfee, a noted virus expert who runs a Santa
Clara firm that sells anti-virus software. ``I think we're going to see some
massive fallout in the anti-virus community.'' Manufacturers of anti-virus
programs blamed the problem on the fact that customers failed to buy updated
versions of the software that included protection against Michelangelo.
   McAfee was criticized by some observers for suggesting that millions of
computers had been infected. Friday, he estimated that 10,000 computers lost
data worldwide.

Please report problems with the web pages to the maintainer