The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 44

Monday 27 April 1992


o An "Own Goal" by the RAF
Brian Randell
o Risks of a modern weatherman
Bear Giles
o Standard deviation in LOTUS 1-2-3?!
Lord Wodehouse
o Ralph Nader/Cable TV/Information Networks
Ralph Nader and Jim Donahue
o Re: Tax on computer media
Mark Seecof
o Tracking by Cellular Phone
Brian Kush
o Re: Admissibility of video tapes
Craig R. Smilovitz
o Voice mail security
Richard Dickson
o Re: Bugging Phone Calls
Jay Denebeim
o Re: Tapping Bill
Allen Smith
o Re: FBI and telephones
Bob Frankston
o Puzzle-box patent abandoned
Ross Williams
o Info on RISKS (comp.risks)

An "Own Goal" by the RAF

Thu, 23 Apr 1992 09:28:16 +0000
The following is quoted in its entirety, from the 23 Apr 1992 issue of The
Independent, a "quality" UK National Newspaper. Its discussion of how an Royal
Air Force Sea Harrier managed to bomb a Royal Navy aircraft carrier is entirely
speculative, offering either a computer malfunction, or failure by the pilot to
press a button as likely causes. However I find the statement that "offset"
bombing practice relies on a simple button press to ensure that the ship towing
the target does not itself become the target both interesting and worrying, if
true.   Brian Randell

  By Christopher Bellamy, Defence Correspondent

The Royal Navy launched an inquiry yesterday into how a Royal Air Force pilot
bombed its most modern carrier, Ark Royal, on Monday, missing the intended
target by 500 yards.  Navy sources said that one of the two RAF pilots flying
with the Royal Navy during the exercise had applied to transfer to the senior
service.  It is not clear if the incident will affect that move.

The Ministry of Defence said such an accident had never happened before but
refused to speculate how the Sea Harrier 1 from Ark Royal missed the target
towed behind the ship and, according to the MoD, put the bomb through the
flight deck. Six sailors were hurt, one seriously, and five were still in the
Royal Naval Hospital Haslar, Portsmouth, yesterday.  However, it is almost
certain that the plane was practising an attack using the "offset" procedure.
It is possible that the RAF pilot of the Navy plane failed to press the button
to switch from a reference point - the carrier - to the target. "Offset" is
used where the target may be difficult to see, but its position relative to a
clear reference point is known.

The practice bomb has the same flight characteristics as a real one but carries
only a small explosive charge to mark where it lands. The charge exploded
inside the carrier, starting a small fire.  Under the offset procedure, the
plane's computers make the calculations needed to adjust the bomb's trajectory
from the "false" target to the real one.

The Sea Harrier pilot lines up on the ship from about five miles and 250
feet above the water. Flying towards the ship he then tells the computer to
attack the "splash target", towed 500 to 1,000 yards behind, while still
flying at the ship. The attack must be carried out from the beam, or the
computer software will automatically prevent bomb release. At the optimum
height, speed and distance the computer tells the pilot to pull up and
release the bomb.

Paul Beaver, publisher of Jane's Defence Weekly, said: "It does rely on the
pilot to press the button to switch from the mock target to the real one."  On
Monday, the button may not have been pressed or the computer may have
malfunctioned, and the bomb went into the reference point - Ark Royal - instead
of into the target.  The practice bomb hit the carrier about one third of the
way aft of the ski-jump and slightly to port, reportedly penetrating the flight
deck and exploding in the mess deck below.  But Mr. Beaver said he was "very
surprised" to hear the bomb had penetrated the flight deck. At that trajectory,
he said, it was more likely to have bounced off - unless it went into the
ship's side.

  [Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK  +44 91 222 7923   FAX = +44 91 222 8232]

Risks of a modern weatherman

Bear Giles <>
Wed, 22 Apr 1992 12:54:15 -0600
(From the bulletin board down the hall...)

Network Wind Profiler Severely Damaged

A wind profiler in OAR's Wind Profiler Demonstration Network (WPDN) was
severely damaged by several shot-gun blasts late last week.  On March 28, just
before sunrise, two men and one woman were pheasant hunting in southern
Nebraska [and] came across the McCook wind profiler and mistook it for an alien
spacecraft.  Frightened, they fired a number of shots damaging the profiler
antenna and the electronics shed.  Furthermore, a Forecast Systems Lab (FSL)
technician who was in the shed conducting routine system checks was taken
hostage by the hunters.  After being held captive for nearly two hours, the
technician's partner arrived and explained to the hunters what the profiler
really was.  The hunters then fled and so far, they have not been apprehended
by law enforcement officials.  Profiler damage is estimated at $150,000.

     - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = -

A profiler (developed in the building where I work) is a phase-array radar
which "looks" nearly straight up.  The basic model can determine wind direction
and speed from the ground to about 50 mb (around 20km, at a guess); a recently
developed enhancement can also determine air temperature up to the tropopause.
They are used in a manner similar to weather balloons, but provided hourly
summaries instead of 12-hour reports.  (They operate continuously, but the data
is rather noisy).

I've never seen an actual profiler on the ground, but the models and artist's
conceptions show a flat rectangular grid.  Coworkers describe it as a
"construction junkyard", or "flat pipes" held about 4 ft above the ground.

Of course, those of us in the mountains have a very low opinion of
plains-dwellers.  Several meteorologists on a "storm chase" last year reported
on Kansan walking up to them (on the side of the road) and asking "Is that a
tornado?"  What he thought the large funnel cloud a few miles away was, if not
a tornado, nobody has every figured out...

Bear Giles  [Yes — the "fsl" is for Forecast Systems Lab]
National Oceanic & Atmospheric Adminstration / Boulder Labs

Standard deviation in LOTUS 1-2-3 ?!

Lord Wodehouse <>
23 Apr 92 15:51:00 BST
My company has just sent out in an internal magazine a comment about the @std
function in LOTUS 1-2-3.  From this I gather that the @std function in both
version 2.2 and 3.1 uses the number in the sample (n) and not the number in the
sample - 1 (n-1).  Version 3.1 has a second macro to use the correct value.
Version 2.2 manual comments that the @std should only be used on large samples.
The comment in our magazine defines small samples as less than 30.

Two things arise from this. 1) Just how much work has been done by people using
1-2-3, who have not realized the "error", and 2) why have two versions of the
macro, when the correct one works for all samples.  (my guess is that if the
original incorrect version was changed, users would worry about the different
answers obtained after the change, even though the answers would now be

Moral: You should never trust blindly answers from any statistical package on a
computer, unless you know the formula used by the package.

Lord John - The Programming Peer

Ralph Nader/Cable TV/Information Networks

"Essential Information, Inc." <>
Mon, 27 Apr 92 07:08 GMT
  From: Ralph Nader, Washington, DC
  Date: April 16, 1992

  Summary: Your help is needed to secure an amendment to pending cable
television legislation.  The amendment would create a mechanism to organize
local Cable Consumer Action Groups (CCAGs) to represent the interests of
consumers directly before regulatory and legislative bodies.  This proposal is
an innovative way to create countervailing power to some of the large corporate
interests that control our information infrastructure, and it is a model that
is highly relevant for users of voice and data network services.  Readers are
asked to sign a letter to Congress supporting this amendment.  Action is needed
very soon.  Respond to Jim Donahue, Teledemocracy Project (Internet:

Dear citizen:

As you may know, congress is currently considering cable television
legislation.  Every television consumer should be concerned about the outcome
of this legislation, and particularly citizens who are concerned about the
future of information technologies.  The current fiasco with the cable industry
is an important example of the management of information technologies for the
benefit of a few corporate monopolists at the expense of the many.  Today
nearly all americans are confronted with a monopoly provider of cable video
signals, who not only has total control over what you can receive, but also
what you pay.

Over the next 15 years we will see a rapid convergence of information
technologies.  Soon it will be possible to transmit voice, data, and video
signals over the same fiber optic telecommunications infrastructure.  The fight
over who will control the content of information that flows over that
infrastructure, and how it will be priced, will define who can send and who can
receive information in digital form.  As the use of modern technologies
increasingly makes it easier to meter the consumption of information products
and services, the gaps between the information rich and information poor will
continue to grow.

The current battle over the regulation of the cable television industry is an
important step in a more general battle over the control of our information
infrastructure.  This is a battle over power and wealth, and also over
democratic values, competition, and enlightenment.  Will we harness our great
new information technologies to promote a diversity of sources of information,
or will these technologies be used primarily as vehicles for narrowly focused
commercial interests, exercising monopoly power?


A number of consumer groups have asked Congress to adopt an innovative proposal
to help cable television subscribers organize to represent their interests.
Notices describing local Cable Consumer Action Groups (CCAGs), which would be
independent and democratically controlled local organizations, would be placed
in the cable companies billings.  The notices describe the purposes and goals
of the group and solicit funds for membership. The CCAG would be required to
reimburse the cable company for the incremental costs of inserting the notice
in the bill, so the cost would not be a burden to the cable company or its
subscribers.  These local subscriber consumer groups would then monitor the
policies and practices of the cable company, and represent consumer interests
in regulatory and legislative proceedings and with the cable companies

The cable industry is extremely active politically, contributing millions of
dollars to candidates for political office and spending millions more in
lobbying activities before legislative and regulatory bodies.  In the absence
of something like the CCAG, important public policy issues are debated in an
extremely unbalanced way.  The CCAG is a modest but important step in
addressing a very corrupt system that regularly tramples on the rights and
interests of consumers.

Among the groups that have endorsed this proposal are:

     Center for Media Education
     Consumer Federation of America
     New York City Commissioner of Consumer Affairs
     Public Citizen
     Teledemocracy Project
     U.S. Public Interest Research Group


This proposal is based on the highly successful Citizen Utility Board (CUB)
model, which has represented ratepayers in several states.  The most successful
CUB, in Illinois, has 170,000 members; its advocacy has saved consumers some $2
billion over the past several years.  Other CUBs exist in Wisconsin, Oregon and
San Diego.  We want to see this innovation used nation wide in the cable
television industry.  (Of course, it may well be a model that has applications
to other telecommunications issues.)


The CCAG proposal was included in H.R. 4850, but was deleted by a voice vote
(in contrast to a recorded vote) in the House Subcommittee on
Telecommunications and Finance.  The bill is now in the full Energy and
Commerce Committee, where committee supporters will seek to restore the
provision through an amendment.  We are asking you to send us an email message
giving permission to use your name in a letter to Congress supporting this
amendment. If you are willing to do so send the following information to the
Teledemocracy Project (internet:, or fax 202-234-5176).

     Title: (optional)
     Affiliation:  (optional)
     City and State:  (important, for obvious reasons)
     telephone:  (for verification)
     email address:  optional

Thank you very much for your help on this.

Sincerely,    Ralph Nader

  [A copy of the letter follows:]

Chairman Edward Markey
Subcommittee on Telecommunications and Finance
Committee on Energy and Commerce
Washington, D.C. 20515

Dear Chairman Markey:

We are writing to support your "consumer representation" amendment to H.R.
4850, the cable re-regulation bill. It is imperative that new cable legislation
provide a mechanism that gives consumers a stronger voice in regulatory and
legislative debates.  This amendment is ideal because it brings citizens into
the regulatory process at no cost to the government or the cable industry.

Who in Congress can deny the unfairness of a system where the owners of cable
monopolies can use subscriber revenues for lobbying purposes while consumers
are left powerless and unrepresented?  This is only a small step toward curbing
the monopolistic power of the cable television industry. We urge the House
Energy and Commerce Committee to include your consumer representation amendment
in the cable bill.

Sincerely, ...

  [For more information, contact: Jim Donahue, Teledemocracy Project,
  voice: 202/387-8030, fax: 202/234-5176, Internet:]

  [For a an email copy of the amendment contact Jim Donahue

Re: Tax on computer media (RISKS-13.43)

Mark Seecof <>
Wed, 22 Apr 92 10:22:42 -0700
A tax on clarinet reeds would hit only musicians and reed makers (and
indirectly music fans); a tax on gasoline hits just about everyone.  A tax on
computer media, ostensibly aimed at music consumers, would come to hit everyone
because of the simple fact that computers are spreading through society faster
than a nasty joke through a frat house.  A tax on computer media will soon be
as general a tax as one on gasoline.  I don't think there's any RISK to
computer users in such a tax, except at the same level as the risk to
automobile users in a fuel tax.  The tax is objectionable because it's a
general tax for the specific benefit of an unworthy few; and because the
legislators responsible for it perhaps do not understand the full effect of the
proposed law.  The only REAL problem is that uneducated people are yet unaware
of the fact that while 1/4" audio tape and IBM 5081 punch cards were distinctly
different, in the modern digitally-recorded computer-processed "information
age" it is impossible to distinguish between musical and textual and graphical
storage media.  At worst, tax avoidance schemes based upon artificially
differentiating music media and computer media would add some cost, a little
less than the tax itself would, to computer media, and generally reduce the
economic efficiency of all digital technology industries.

Mark Seecof <>

Tracking by Cellular Phone

"Brian Kush" <>
Fri, 24 Apr 92 08:00:45 PDT
Yesterday while driving through GA, my Cellular Phone rang.  Since I was
roaming I was not expecting a call.  When I answered it, it was a recording
welcoming me to Bell South Mobility and offered instructions on using there
service.  I have had this happen before and did not think anything about it.
Though today I started to think.  If the cellular phone company could sense
that I had come into there area, they could track my movements all over the
country on a carrier by carrier basis.  They might even be able to track me
with in a city/area by which antenna was picking up my signal.

Right now the risk is rather low, but its something to think about.

Brian Kush, Sales Consultant, Oracle Express, Eastern Region, 412.262.5200
                vmail: 412.269.3518       pager: 800-SKY-PAGE PIN# 5773865

Re: Admissibility of video tapes

Craig R. Smilovitz <>
Thu, 23 Apr 92 14:53:23 EDT
    There seems to be a strange idea that has been floating around in some
of the recent postings on comp.risks: namely, that video tape records of your
actions necessarily belong to you and their use in a trial as evidence is an
invasion of your privacy.

    Events that happen in public places are public knowledge and not
private.  While recordings (video or otherwise) can not necessarily be used for
profit by a third party, they are public and may be distributed and used as
evidence.  Anyone is allowed to see and to tell about what they see in a public
place (such as the street corner on which Rodney King was assaulted).  That
retelling may include using aids such as a video tape.

    Things get somewhat more interesting when talking about a camera
mounted somewhere and run without an operator.  Then the viewing analogy does
not hold as well.  In those cases, judging by common practice, there may be
some principle in the law dealing with the likelihood of knowing that you are
witnessed.  When there are people standing nearby, you know that likelihood is
great.  Locations that have video-tape surveillance tend to have signs advising
patrons of that fact.

    Hope this is of some help when talking about privacy and videotape.  Of
course, the definition of a public place can get muddy but in the case of the
Rodney King beating video this is not an issue.
                                               Craig Smilovitz

Voice-mail security

Fri, 24 Apr 1992 08:43 EST
I request you assistance with collecting some information regarding the problem
of voice-mail security.  I have noticed some previous comms in the risks board
re this subject and I would like to collect further info regarding risks of
these systems.

Are call loggers a problem when you give your password to a mail retreival
system form a hotel or an office.  Is there a hacker market for this info?
Finally how prevelant is this problem in various parts of the world?

How can we protect ourselves from these problems?

Thank you in anticipation.  Responses please to the following address:


N.B. this is a server address and not the address of the phone system in
question.  So if there are any abusers out there, you'll get no hints from me !

Re: Bugging Phone Calls (RISKS-13.43)

Jay Denebeim <>
Sun, 26 Apr 92 12:21:44 EDT
The main thing that bothers me about this bill is, why is it needed?
I work for a major vendor of central office switching equipment, and
I see absolutely no reason to enact such a law.

At the CO/PBX hosting the line it will always be possible to 'listen' to any of
the terminals off that line.  This is required for ensuring the equipment is
working.  I cannot concieve a system where this would not be a requirement.

Looking at the proposed law that was reproduced in a previous issue of RISKS,
it appears that what they are asking for is the ability to capture the bit
stream from any terminal.  No more, no less, it specifically excluded the any
responsibility for the telco to unencrypt anything fed to the terminal.

The bit stream from any terminal is available at the CO.  It has to be,
otherwise it would not be possible to identify which terminal to route the
return bit stream to.

Jay Denebeim    UUCP: duke!wolves!deepthot!jay
                BBS:(919)-460-7430      VOICE:(919)-460-6934

Re: Tapping Bill

Fri, 24 Apr 1992 10:23 EST
>8        "(2) 'communication' means any wire or electronic
>9     communication, as defined in subsection 2510(1) and
>10    2510 (12), of Title 18, United States Code;

        This definition means, unless the other laws cited are such as to
modify this interpretation, that they could technically demand that all BBSes,
etc. set themselves up so that they could be tapped without their knowledge or
consent, and can be fined for not complying with this regulation. I suspect how
this might be used would be for the BBS to be informed of this "responsibility"
after the FBI/Secret Service/whatever thinks they're doing something they
shouldn't (which they might extend to legitimate political activity such as
pro-drug-legalization), thus causing them to have massive amounts of fines to
pay off.

Re: FBI and telephones (RISKS-13.41)

Wed 22 Apr 1992 14:52 -0500
I'm surprised that there has been little mention of traffic analysis.  Even if
the conversations are encrypted, information about who is calling whom can be
very valuable.

Puzzle-box patent abandoned

Ross Williams <>
23 Apr 92 15:50:55 GMT
Readers of risks may remember that in mid 1991 I posted a message describing a
"puzzle-box" idea, for which I had lodged an Australian provisional patent.
[See RISKS-12.06 and .07.  PGN]

The idea was to place some kind of hardware "puzzle" between computers and the
safety-critical/trusted devices they control so as to reduce the likelihood of
accidental activation in the case of a failure of the computer or the
interface. To activate the critical device, the computer would have to send out
a complicated sequence to "solve" the puzzle.

The posting created quite a fuss for the following reasons:

   * People thought that it was covered by prior art.
   * People thought that it was too simple to be worthy of a patent.
   * People were concerned that it could be applied to software.
   * People thought that the idea would never work because of
     single point software vulnerabilities.

Except for the last criticism, which was provably (by construction) incorrect,
all of these criticisms were valid, although perhaps not as valid as many
thought. I was mailed quite a lot of claimed examples of prior art, most of
which held some similarity, but none of which hit the mark until I heard about
a satellite that had been sent up in the 1980s which had exactly what I would
call a puzzle box in the form of a linear shift register puzzle that was
protecting a rocket motor (or something equally as important). I never managed
to formally obtain the details of this example, but if it was true, it was bang
on. As it happened, it didn't matter, as all the hate mail put me off the
patenting idea anyway.

Later on in the year I happened across a friend who said that he had been
involved in a missile project some years ago that had used some sort of "puzzle
box" in between a controller of some kind and a firing mechanism. Apparently,
on occasions during lab tests, the computer was not able to fire the puzzle
box, and so they would call in a technician who had a box with a bouncy switch
that just happened to reliably generate the firing sequence... So much for

Anyway, there are three main points that I want to make. The first is
that I have completely abandoned the puzzle box patent. My reasons:

   * I don't want to own a patent that most people seem to hate.
   * Although I have not formally checked it out, I have heard of
     at least one convincing prior art example (the satellite).

The second point is that because my patent has been formally registered in
Australia, and publicised, there can be no chance of anyone else successfully
sustaining a similar patent. Even if the idea had never actually been written
down previously, it is now definitely prior art. (Those who are paranoid about
my intentions will be pleased to hear that the provisional patent application
has now actually expired so I now can't resurrect the patent, even if I changed
my mind).

The third and by far the most important point, and the one likely to be of most
interest to risks readers, is this. Despite the huge barrage of mail that I
received claiming prior art, almost none of it was in safety critical
applications. People claimed particular forms of protected memory, clock chips,
even Unix passwords, as prior art, but very few people provided examples from
trusted systems.

One of the reasons why I lodged the patent in the first place was because I
wanted to use the patent to draw attention to the puzzle box idea. I was
involved in safety-critical systems for a year and a half, and during that time
I didn't hear of any explicit puzzle box mechanism being used in any
safety-critical system. Most of the systems that I saw attacked the interface
problem using a battery of non-puzzle-box techniques such as output delay and
sampling, multiple processors, and analog voting schemes.

So my question is this: Are puzzle boxes a widely known and used technique in
safety-critical applications, or are they not? If they ARE in use, then I am
surprised because I haven't heard much of them, and in particular, they didn't
turn up in the prior art barrage, even though the patent, and my presentation
of it in comp.risks, was entirely directed towards safety-critical
applications. If they are NOT in use then I think that it is important that the
safety critical community become more aware of them, as they can provide a much
needed extra layer of protection. My experience working in the field was that
there was too much emphasis placed on the software, and not enough on simple
physical checking systems or human procedures that could reduce the criticality
of the software. It would seem a shame if my patent, defeated by hate mail and
clock chips :-), does not impact on its intended safety-critical audience who
are in a position to use puzzle boxes to save lives. If you agree, please join
me in disseminating the idea in the safety-critical software community. The
defunct patent, which describes the idea, is a 38K ASCII text file that can be
retrieved by anonymous FTP from:

   Machine   :  []
   File      : pub/compression/puzzlebox_provpatent

My thanks go to all those who were involved last year,

Ross Williams,

Please report problems with the web pages to the maintainer