The RISKS Digest
Volume 13 Issue 69

Monday, 3rd August 1992

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Computer scoring glitch at Olympics
John Carr
Wiretap Proposal Needs Study
Joe Abernathy
UK Inland Revenue to be privatised?
Paul Johnson
21st-Century Singapore
Bob Frankston
User interface studies: oh, what's the use?
Robert Slade
Re: More identical name confusion
Re: 911 call lands caller in jail
Ed Ravin
Derek Beatty
Software Hazard Analysis Course
Gord Symonds
CPSR Recommends NREN Privacy Principles
Dave Banisar
Info on RISKS (comp.risks)

Computer scoring glitch at Olympics

John Carr <jfc@Athena.MIT.EDU>
Sun, 02 Aug 1992 16:17:00 EDT
Excerpts from an article in the August 2, 1992 Boston _Globe_:

    "Judges Not Quick to Punch; Computer KO's Griffin"

  BADALONA, Spain — Science lied yesterday.

  Five judges watching American light flyweight Eric Griffin fight Spaniard
Rafael Lozano ... said the gold medal favorite had advanced as expected into
the quarterfinals.  Three said he did it by a wide margin. ...
  A computer said differently.
  The computer lied.
  What the computer insisted ... was that Eric Griffin was a 6-5 loser.  And
for the moment at least, that decision will stand, regardless of the opinion of
the five men who actually watched the fight.  ...
  Actually, after a review of the scorecards, it seemed more like some kind of
computer glitch, but the result was the same.  Elimination of a fighter.
Destruction of a dream.  Sorry about that.  ...
  Under the scoring system, at least two judges must hit a button that
registers a scoring point within a second after the first judge does.  If the
do not, the point is not awarded by the main frame computer, even though each
point will be recorded individually.
  The individual judges scored the match 10-9, 26-17, 18-9, 19-10, and 8-5.

The article said the system was installed after a Korean fighter won a victory
at the 1988 olympics even though general opinion was that he lost the fight.
[Later stories indicate the appeal failed.  PGN]

Wiretap Proposal Needs Study

Joe Abernathy <chron!ecopy501!edtjda@uunet.UU.NET>
Fri, 31 Jul 92 15:25:39 CDT
[AP excerpts by Joe, from an article by W. Dale Nelson, 30 Jul 1992]

Changes in wiretapping laws proposed by the FBI need further work, said Rep.
Edward J. Markey, D-Mass, Chairman of the House subcommittee on
telecommunications and finance.  (In May, the FBI called for legislative
changes to enable it to tap into new technologies such as cellular and ISDN.)
Markey said a report by GAO "shows that more work needs to be done before the
FBI's proposals can be seriously considered by the Congress.  ...  Before we
impose wholesale changes on the communications industry, we must understand the
details of what the FBI needs for each technology, and how those needs can be
met with minimal costs to consumers and minimal threat to the telephone

The GAO said it could not answer questions about the impact of the FBI
proposals on costs, benefits and alternatives until the FBI had more clearly
defined its specific needs. It also said the least intrusive alternatives could
not be determined until the telecommunications industry had received and
analyzed information on the FBI's needs.  It said the correct solutions "will
vary with the technology" but its analysis of the technological alternatives
had been classified by the FBI and could not be disclosed.

The budget submitted to Congress by the FBI in February included $26.6 million
to update eavesdropping techniques.

UK Inland Revenue to be privatised?

paj <>
24 Jul 1992 09:08:23-BST
I heard on Radio 4 today that the UK government is considering farming out the
Inland Revenue's computer operations to a private company.  Currently the IR
spend 250M pounds per year on computing and hold some 40M files.  5 possible
contractors are being approached, including IBM, DEC and ICL.

A union representative gave a long list of reasons why this was a bad idea,
starting with confidentiality.  He claimed that the IR has a good reputation on
this, and worried that a commercial company might not be as honest.  The
government either was not represented or did not comment.

Paul Johnson (       | Tel: +44 245 73331 ext 3245

21st-Century Singapore

Tue 28 Jul 1992 10:34 -0400
>From "World Press Review" quoting "China Daily", Beijing [!]:

The government of Singapore has announced a plan to link all households
through grids of fiber-optic cables that will allow high-speed exchanges of
text, sound, video and other media.  The project called the National
Information Infrastructure (NI), will also include a wireless communications
network to give mobile-computer users access to information services.  The
NII is part of Singapore's drive to become a world leader in information and
communications technology, which officials see as the backbone of
21st-century economies.  Towards this end, all citizens 18 and older have
been issued identity cards that allow government ministries and other bodies
to cross-index information about them.

User interface studies: oh, what's the use?

Robert Slade <>
31 Jul 92 16:04 -0700
To bank to make deposits and withdrawal for lunch money.  Chat with neighbour
while Sweet Old Thing (i.e., my age) dithers with machine.  Murmur from SOT:
"Oh, dear.  I have to make a deposit."  Neighbour points out "deposit" key.
More chat with neighbour.  Murmur from SOT: "Does the stripe go up?"  Neighbour
points out picture of card (showing orientation) above slot.  More chat with
neighbour.  Murmur from SOT: "It's still not going it."  (ATM has by this time,
shut down.)

(Still need to deposit and withdraw.  Look at lineup for tellers.  Recall last
time I used "manual" cashier: no lineup at cashier, five people in line for
ATM.  Thought I was really smart until realized that all five people at ATM
have completed transactions before I got my money.  Decide to eat at "golden

Go to Skytrain station.  Couple (of SOTs) at next ticket machine looking very
worried.  Take bill from wallet.  Accidentally tear bill.  Replace bill in
wallet, take other.  Complete transaction with ticket machine.  Couple at
next machine: "How do you work this?"  Point out large legend at top.  A:
look at map, check how many zones to cross; B: push button for number of
zones (machine displays price); C: put money in (pictures of acceptable coins
over coin slot, acceptable bills over bill slot); D: take ticket.  Point
out large A by map, B by buttons, etc.  Couple goes back to worrying in
front of next ticket machine.

Recall study on data base interface.  Experimental systems: two commercial
systems, three diverse experimental interfaces, one super-deluxe-easy-to-
processing-power-to-run inteface.  Super-deluxe is natural language interface.
Results show no benefit from any system.  Further (frantic) investigation
reveals subjects, normal data base users, cannot consistently make query in own
native language.

Become very depressed.

Vancouver Institute for Research into User Security, Vancouver, Canada V7K 2G6

Re: More identical name confusion (Bergman, RISKS-13.67)

Thu, 23 Jul 10:05:19 1992
> The HRS' balky new $104.2 million computer thinks she is the St.Petersburg
> Samantha, eligible for the same benefits and listed with the same Social
> Security number, the Pensacola mother said.  ..

It looks to me like there is another risk here. HRS paid $104.2 million dollars
for that system! There is simply no excuse for spending this much money on such
a system. This is the risk of letting government agencies buy computer
systems... not only do they not work.... they also cost too much!

Re: 911 call lands caller in jail

Unix Guru-in-Training <elr%trintex@uunet.UU.NET>
Sat, 25 Jul 1992 03:46:32 GMT
In RISKS-13.68, <> implies that the "risk of tying up 911
with a non-life threatening call" is much more serious than the jailing of a
woman who called 911 to complain about a loud street party.  Alas, in many big
cities, if you want a police officer to appear at the scene, you MUST dial 911.
Let's take New York City as an example --

Here's what happens if I call 911 about an incident: the 911 operator types in
the address where I am reporting an emergency, then types in my description of
the problem.  The report is then sent onward ( as a computer message) to the
dispatcher for the police precinct in question.  The report appears on the
dispatcher's screen, who finds an available police car and reads the report
over the radio to the police officers who will handle the "job".

If any person in this chain of events screws up — if the police officer never
shows up, if the dispatcher never calls a police car, etc., the responsible
party can usually be determined by following the computer audit trail.  The
computer system also tracks the status of the report and I've often heard
dispatchers radioing police officers asking them about the status of "jobs"
that were resolved hours ago but were not cleared in the computer.  When there
are too many reports that have not had officers sent to them, the dispatcher
announces an "alert" in the precinct and the officers race to finish up their
current "jobs" and get to the new ones.

The result is that there is a fair amount of machinery keeping track of a call
to the police.  But if I call my local precinct directly with a non-life
threatening situation, a bedraggled desk officer will answer the phone, take my
complaint, and then, if he or she feels like it, call 911 in order to get a car
dispatched.  If the desk officer doesn't feel like sending a car right away,
they might type the complaint into the dispatch system as a "past complaint"
job, and someone MAY get around to acting upon it much later that evening.
Worst of all, the desk officer has the option of simply ignoring my complaint,
and there is no mechanism (apart from me calling back again when I see no one
has acted upon my call) to detect that he has done so.  I've found that if I
want the police to respond to nuisances like car alarms or street disputes, I
have to call 911.

The computer-human interface that is at the core of so many emergency dispatch
systems has other quirks, too.  In New York City, one sad side-effect of the
"alert" mechanism described above is that the dispatcher will start assigning
multiple jobs to the same patrol car in order to convince the computer that the
precinct is no longer in "alert" status.  Never mind that officers in the same
car cannot be in two places at once, or that they might be diverted before they
can handle the second "job" — it keeps the computer happy.

Ed Ravin, Prodigy Services Company, 445 Hamilton Avenue, White Plains, NY 10601
elr@trintex.UUCP philabs!trintex!elr +1-914-993-4737

Derek Beatty <>
Sat, 25 Jul 1992 11:53:03 -0400 (EDT)
RGB Technology/703-556-0667 <> (...) asks about the "much
more serious risk of tying up 911 with a non-life threatening call."  This
points out another risk: that of using systems in ways not originally intended.
9-1-1 service was originally for emergencies only (or so I believe).  But it
turns out that the *only* way to have a police car dispatched in Pittsburgh is
to call 911.  Calling the neighborhood police station (5 blocks away!) doesn't
work---they direct you to call 911.  I suppose there's also a risk here that a
distributed system (local police stations) has been replaced by one with a
single point of failure.  I also wonder whether if I called the local station
about an imminent threat whether they'd respond, or just say "call 911." (No NeXTmail! MIME Ok.)  PhD student  412 268-7898
Computer Science, Carnegie Mellon Univ., 5000 Forbes Ave, Pgh PA 15213 USA

Software Hazard Analysis Course

Fri, 24 Jul 1992 07:38:31 -0400 (EDT)
DLSF Systems Inc. will be presenting a Software Hazard Analysis Course which
will include practical insight, procedures and guidelines, 24-26 August 1992,
in Ottawa, Ontario.  For further information, please contact DLSF Systems Inc.,
Susan Fraser, (613) 592-8188 (voice), (613) 592-2167 (FAX).  Must register by
14 August.

CPSR Recommends NREN Privacy Principles

Dave Banisar <>
Fri, 24 Jul 1992 17:28:43 EDT
CPSR Recommends NREN Privacy Principles (24 Jul 1992)

   WASHINGTON, DC — Computer Professionals for Social Responsibility (CPSR), a
national public interest organization, has recommended privacy guidelines for
the nation's computer network.  At a hearing this week before the National
Commission on Library and Information Science, CPSR recommended a privacy
policy for the National Research and Education Network or "NREN."  Marc
Rotenberg, Washington Director of CPSR, said "We hope this proposal will get
the ball rolling.  The failure to develop a good policy for the computer
network could be very costly in the long term."

   The National Commission is currently reviewing comments for a report to the
Office of Science and Technology Policy on the future of the NREN.  Mr.
Rotenberg said there are several reasons that the Commission should address the
privacy issue.  "First, the move toward commercialization of the network is
certain to exacerbate privacy concerns.  Second, current law does not do a very
good job of protecting computer messages.  Third, technology won't solve all
the problems."

   The CPSR principles are (1) protect confidentiality, (2) identify privacy
implications in new services, (3) limit collection of personal data, (4)
restrict transfer of personal information,(5) do not charge for routine privacy
protection, (6) incorporate technical safeguards, (7) develop appropriate
security policies, and (8) create an enforcement mechanism.

   Professor David Flaherty, an expert in telecommunications privacy law, said
"The CPSR principles fit squarely in the middle of similar efforts in other
countries to promote network services.  This looks like a good approach."

   Evan Hendricks, the chair of the United States Privacy Council and editor of
Privacy Times, said that the United States is "behind the curve" on privacy and
needs to catch up with other countries who are already developing privacy
guidelines.  "The Europeans are racing forward, and we've been left with dust
on our face."

   The CPSR privacy guidelines are similar to a set of principles developed
almost 20 years ago called The Code of Fair Information practices.  The Code
was developed by a government task force that included policy makers, privacy
experts, and computer scientists.  The Code later became the basis of the
United States Privacy Act.

   Dr. Ronni Rosenberg, who has studied the role of computer scientists in
public policy, said that "Computer professionals have an important role to play
in privacy policy. The CPSR privacy guidelines are another example of how
scientists can contribute to public policy."

   CPSR is a membership organization of 2500 professionals in the technology
field. For more information about the Privacy Policies and how to join CPSR,
contact CPSR, P.O. Box 717, Palo Alto CA 94302.  415/322-3778 (tel) and
415/322-3798 (fax).  Email at

Please report problems with the web pages to the maintainer