The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 66

Saturday 18 July 1992


o Qantas airliner challenged by US Pacific fleet
Anthony Naggs
o Residual Gulf war battle plans provide evidence of stolen computers
o U.S. encryption export control policy softens somewhat
o 911 call lands caller in jail
Mel Beckman
o Re: Nuclear reactor control
Bill Park
o Info on RISKS (comp.risks)

Qantas airliner challenged by US Pacific fleet

Anthony Naggs <>
Thu, 16 Jul 92 0:35 BST
  [I'm not sure about the degree of computer influence here, but I thought it
  would fit with the discussion here about the Vincennes attack on the Iranian
  airliner.  The following item appeared on page 11 (International News) of the
  British national newspaper The Guardian, on Wednesday July 15 1992,
  attributed to Reuters in Canberra.]


A US warship threatened yesterday to shoot down an Australian airliner with
more than 300 passengers over the Pacific.  The pilot of Qantas flight QF12, an
hour out of Los Angeles on its way to Sydney, was jolted by a call from the
warship saying he faced "hostile action" if the aircraft did not leave the
area, a Qantas spokesman said.

The US Navy's Pacific Fleet in Pearl Harbour later identified the ship as the
USS Cowpens, the same class of Aegis missile cruiser as the USS Vincennes which
shot down an Iranian civilian airliner in the Gulf in July 1988, killing 290

The Qantas pilot radioed the Federal Aviation Authority in Los Angeles which
put him on a frequency to the warship.  [Why was this necessary?]  The FAA
resolved the crisis by putting the Qantas flight on a path bypassing the
Cowpens which was taking part in a military exercise.

Elly Brekke, a spokeswoman for the FAA in Los Angeles, confirmed that the
airliner, following its predetermined flight path, was told it risked risked
facing hostile action.  Ms Brekke said the Qantas flight was "where it should
have been", and the FAA had not been told that the US Navy was conducting
manoeuvres that would require any restriction of airspace.

The Pacific Fleet spokesman said the Cowpens had inadvertently [!]  used "an
international distress frequency" in trying to contact planes taking part in
the exercise.

"We're looking into how it happened", Commander Jim Kudla said.  He also said
the exercise commander had taken measures to ensure the incident would not
happen again.  [How do you prevent something from recurring if you don't know
how it happened before?]

Anthony Naggs, PO Box 1080, Peacehaven BN10 8PZ, Great Britain
      E-mail:      +44 273 589701 (vox)

Residual Gulf war battle plans provide evidence of stolen computers

"Peter G. Neumann" <>
Sat, 18 Jul 92 15:52:23 PDT
About $70,000 worth of computers used in the Persian Gulf operations turned up
for sale in Ventura County, CA.  An unidentified computer hobbyist reported
observing `Welcome to Saudi Arabia' on the screen of one computer, along with a
map and locations of unit deployments.  He reported it to the Crime Stoppers
hotline.  Subsequent Army investigators have now led to the conviction of a
serviceman for multiple counts of larceny and wrongful disposition of
government property.  [There was some residual military information in some of
the computers, although no indication was given as to whether any of it was
sensitive.]  [Los Angeles Daily News item, in San Francisco Chronicle, 17 July
1992, p.E6]

U.S. encryption export control policy softens somewhat

"Peter G. Neumann" <>
Sat, 18 Jul 92 16:05:01 PDT
The Bush administration has agreed to ease export controls on encryption-based
software somewhat.  In the battle between NSA's desires to be able to intercept
international communications and software vendors' desires to be able to
compete in international markets, this decision transfers control of encryption
software to the Commerce Department (from the State Department).  Evidently,
systems that work with up to 40-digit RSA keys will now be eligible for export,
although one can already buy much better stuff on the streets of in Europe --
for example, Cryptos, which uses both DES and RSA, is available in Moscow!  In
addition, the administration will now meet with industry representatives up to
twice a year.  [Source: Don Clark, San Francisco Chronicle, 18 July 1992, p.B1]

911 call lands caller in jail

Mel Beckman <>
Sat, 18 Jul 92 11:47:06 PST
In this morning's Ventura County Star/Free Press newspaper (Sat 92jul17)
appears an article headlined "Woman calls for help, lands in jail." Here
is my own summary of their story (cross-posted to comp.society.privacy):

Oxnard, CA resident Helene Golemon called 911 to report (twice) a loud teenage
street party in the wee hours.  Later, at 6:00am, an officer arrived and
arrested her on a (subsequently learned-to-be) erroneous misdemeanor traffic

Golemon expressed outrage at the 911 records check, and that the warrant even
existed at all.  "Those kids were out there drinking and driving drunk.
Nothing happened to them and I got arrested." After booking, including
fingerprints and mug shots, she was detained in a holding cell until her
husband posted $188 bond later that morning.

Assistant police chief William Cady claimed that dispatchers often check
available records, even on a reporting person, to know as much as possible
about the people involved when responding to 911 calls.  "Procedurally, our
people did nothing wrong" he said.

The arrest warrant, dated from an illegal left turn from May, 1988.  Golemon
fought the ticket and lost, then attended state-sponsored driver's education (a
CA alternative to fines available for first-time offenders) in August 1988.
The court has a copy of Golemon's driver education certificate on file, and
Linda Finn, deputy executive officer for Ventura County Superior and Municipal
Courts, couldn't explain why a warrant was later issued in 1989.  Golemon was
never notified of the warrant.

Goleman felt the incident was vindictive, because the dispatcher was annoyed
with her.  "When I tried to explain the continuing problems we're having, she
was very short with me," she said.  Golemon then asked for the dispatchers
name, and the dispatcher in turn demanded Golemon's full name.  After Golemon
complied, the dispatcher only told Golemon her badge number.  The dispatcher
remains unidentified in the news report, and an Oxnard police sergeant who
reviewed the tape said the dispatcher was "absolutely professional."

The privacy and computer risk concerns here seems to me three fold.

First, the police often act with inappropriate gravity on erroneous, and
apparently unverifiable, data.  Under what circumstances does a misdemeanor
warrant demand a 6:00am public arrest?  Certainly more time could have been
expended verifying the data, as an at-large illegal left-turner hardly
threatens public safety.

Second, apparently innocuous — even beneficial — contacts with government can
result in record searches for unrelated information.  Not only may this result
in egregious seizures, as in this case, but such an atmosphere can only
stultify public/government relations.  Crime and corruption thrive in such an

Third, although individuals have the right to know most information the
government retains on them (FOIA), that right becomes meaningless if the
government can, at any time, decided to integrate facts from disjoint data
bases and then act without notice on resulting conclusions.  One cannot submit
an FOI request on the union of multiple far-flung data sets!

Mel Beckman, Beckman Software Engineering, 1201 Nilgai Place, Ventura,
CA 93003   Compuserve: 75226,2257  805/647-1641

Re: Nuclear reactor control (Re: RISKS-13.65)

Bill Park <>
Fri, 17 Jul 92 18:33:40 PDT
 > "Magnetic core systems, supplied by GEC, have been used for years in UK ...

I think rather that "magnetic core systems" probably refers to a early type of
electrical signal amplification device — the magnetic core amplifier or MCA.
They have been used since at least the 1950s in the highly-critical control
systems of U.S. nuclear submarines, and, I suppose, in nuclear power plants as
well.  They are little-known and somewhat "old-fashioned" devices now, much
like fluidic devices — remember them?  Much faster, smaller, lighter, more
efficient and less expensive semiconductor devices are widely available these
days that are reliable enough for many critical uses.

An MCA is super-reliable because it is simple: just two coils of wire on an
iron core, like a transformer.  The ancient Romans could have made one.  It has
no moving parts, no connections that open and close sputtering arcs of metal
vapor as do relays, and no semiconductors to fail when their part per billion
impurities finally migrate far enough to cause a short or reduce gain.  As long
as the insulation on its wires holds up, an MCA can't do anything *but* work
correctly.  Don't make smoke come out of it and it'll literally last forever.

Simplified Theory of MCA Operation:

One of the coils in an MCA has many turns, is driven with direct current (DC),
and is the input, or controlling coil.  The other, output coil has relatively
few turns, and is placed in series with an alternating-current (AC) load to be
controlled, such as an AC motor.  With no current through the controlling coil,
a rapidly-varying magnetic field produced by the iron core induces a "bucking"
voltage in the output coil that that opposes any current that tries to flow
through the load, turning it "off."

To turn on the load, put a relatively weak DC current through the controlling
coil.  This drives the magnetization of the iron so far in one direction that
it "saturates" (all magnetic domains are aligned in the same direction and the
iron is fully magnetized).  Although the magnetic field in the iron is still
very strong, it is now constant instead of varying, so it no longer induces any
bucking voltage, and current can flow almost unimpeded through the load,
turning it "on."  The larger number of turns in the input coil allows a small
current through it to overcome any demagnetizing forces produced by the load
current flowing through the output coil.

By combining MCAs with solid-state rectifiers (though not necessarily
semiconductor ones — the Romans could have made them, too), and by wiring them
in cascade, large amplifications are possible.  MCAs can also exert
proportional control over the power to a load.  Bridge circuits enable
bidirectional control.

Individual MCAs in a control system may be very reliable, but that does not
mean the system will fail safe if one of the MCAs fails.  A classic dilemma
from robotics is, "Should the robot freeze or go limp if something fails?"  If
it freezes while it is reaching inside a car body going by on a conveyor belt,
the car body will collide with the arm.  But if the arm goes limp, it can fall
(or sag down) onto something breakable, or drop something heavy.

Moral: Look at the whole system.  Murphy will.

Please report problems with the web pages to the maintainer