The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 81

Friday 18 September 1992

Contents

o Bounced cheque libel
Terry Gerritsen
o NYT reports on Smart autos; on Computer graphics at trials
John Sullivan
o A simpler risk of computerized warrant systems
Phil Karn
o Outstanding Warrants?
William D. Bauserman
o More Arrest warrant database problems
Kraig R. Meyer
o Re: Arrest Warrants
Lauren Weinstein
Randall Davis
o Airliners playing chicken
David Wittenberg
o Postal service privacy RISK
Daniel Burstein
o Re: Phone numbers in popular entertainment (Sneakers)
David Paschich
o Re: Drunk driving
Toby Gottfried
Jim Haynes
o CPSR Files Suit Against FBI Over Wiretap Proposal
David A. Banisar
o Info on RISKS (comp.risks)

Bounced cheque libel

Terry Gerritsen <terry@gtm-inc.com>
Sat Sep 19 21:02:45 1992
SPALDING, England - -In what is being hailed as a landmark decision, a bank
that mistakenly bounced a client's cheques will pay more than 50,000 pounds in
libel damages, a British court has ruled.  The July decision from the High
Court concluded a nine-year legal battle between Brian and Margaret Allen,
operators of a Lincolnshire meat firm, and Llyods Bank.
   The conflict began in 1983 when several cheques from the Allen's company
were returned by the bank unpaid and marked "Refer to drawer, please
re-present," even though there were sufficient funds in the account to cover
them.  The Allen's counsel, Micheal Tugendhat, said that the couple took the
bank to court because they wanted to "eradicate publicly any doubt about their
financial soundness and credit worthiness" created by the error.
  The libel case is believed to be the first of its kind to reach British
courts in this century. Expert Mark Stephens commented that the problem is
common but "very few people, including lawyers, are aware that it amounts to
libel.  The suggestion is that someone issued a cheque knowing he had
insufficient funds to meet it, and that can be a very serious libel.
           (The Lawyers Weekly)

Terry Gerritsen, G.T.M. Incorporated, Kingston, Ontario     (613) 384 0162
terry@gtm-inc.com              Fax: (613) 389 4594


NYT reports on Smart autos; on Computer graphics at trials

<sullivan@geom.umn.edu>
Thu, 17 Sep 92 12:01:21 CDT
The New York Times business section for Sun 6 Sep 1992 had an article on
Forensic Animation, using computer graphics reconstructions of events as trial
evidence.  Lawyers seem enthusiastic, because this will entertain the jury.
One (who lost his case) said jury members told him afterwards that they liked
the "cartoons".

There have been challenges to the use of such animations.  In one murder trial,
the defendant said he thought the victim had a raised gun in his hands.  The
prosecution's animation showed a [stick?] figure of the victim walking with
arms down, but the judge only let that segment be shown with the victim
"represented by a gray dot".

A Houston lawyer is quoted as saying that once one side has an animation, the
other side "starts scrambling" to get its own, since "they are so taken with"
the idea.  Thus they don't tend to challenge the animations.


The Sun 13 Sep business section has a short note on computer backups during
Hurricane Andrew at Grand Met's Miami computer center.  These are presented as
quite successful, though I was surprised that this involved spending 8 hours
making tape backups, hiding them while the storm came through, and then flying
them out by helicopter once it had passed.


This issue (13Sep) also has a long article on "intelligent cars", discussing
infrared vision systems for night driving, an "autonomous" cruise control, and
collision avoidance.  These are being investigated by the European Prometheus
project, and the article reports on tests made by Jaguar.

The infrared image would be displayed on a CRT or on a heads-up display on the
windshield.  The new cruise control would attempt to keep two seconds behind
another car.  Developers (at the British firm Lucas Automotive) say they chose
not to give it the ability to apply the brakes fully, so as not to scare
drivers.  But they hope that "once people trust the computers to operate the
various functions on the car for them, they will then allow the computer to do
more for them in the future".

They do seem to be paying attention to the fact that (unlike fighter pilots)
drivers of these cars will not be specially trained: "the average guy must
drive the vehicle".  Thus "company secretaries" have been testing the cars at
Jaguar.

The collision avoidance system is envisioned at the moment as only providing
warnings, not actually interfering with the driver.  It might be able to warn
drivers who are dozing off.

The Europeans hope to have these systems available within 5 or 10 years;
American car companies admit they are a bit behind "because of all the
government subsidizing" in Europe.

-John Sullivan, The Geometry Center, Univ of Minnesota   sullivan@geom.umn.edu


A simpler risk of computerized warrant systems

Phil Karn <karn@servo.Qualcomm.COM>
Sat, 19 Sep 92 16:49:26 -0700
There's another risk associated with these new computerized warrant systems, at
least when they're installed in police cars where they can be used by the
drivers.

An exhibit at the San Diego Computer Fair features a police car equipped with a
new MDT (Mobile Data Terminal). They're about a year old, and are now in just
about every marked San Diego police car.  It consists of a specialized keyboard
and display mounted to the right of the driver.  It allows the user to run
license plates and drivers licenses, check for warrants, etc. The system also
allows for routine communications, such as checking in and out of service,
car-to-car chatting, etc.  It can be used for emergency communications such as
ordering ambulances, but the officer said that voice was usually quicker for
such things.  There is, however, a prominent button labeled "EMERGENCY".

The equipment was on a swivel mount so it can be used by anyone in the front
seat. When I saw it, it was turned to the left so the driver could use it.  I
asked the officer demonstrating the system whether there was any official
policy on the driver's use of the terminal while in motion. He said the only
policy so far was to "use the minimum number of keystrokes necessary" while in
motion. And, he added with a wry smile, if you have an accident while using it,
then by definition you've just exceeded the minimum number of keystrokes
necessary.  When I pressed him a little further, he admitted to having had a
few close calls already.

Because the system is so fast and easy to use, the officers run plates with it
much more often than when they had to do it by voice.  So instead of calling in
a request only when they really suspect somebody (e.g., during a stop), they
like to drive around semi-continuously punching in license plate numbers.
Car-to-car chatting also seems to be popular. Although things will probably
improve as the novelty of the system wears off, the safety risk here should be
fairly obvious.
                                           Phil


Outstanding Warrants?

<WILLIAM.D.BAUSERMAN@gte.sprint.com>
21 Sep 92 20:19:00 UT
The recent postings on outstanding warrants reminded me of a problem a friend
of mine had about a year ago.  This friend owns several wholesale outlets and
must travel quite often to procure stock.  Because of this frequent travel, he
had a tendency to become "lead-footed" and as a result he had quite a few
speeding tickets.

To make a long story short, a letter from the Roanoke (VA) Police Department
arrived at his house one day while he was out of town on business.  The letter
was addressed to both him and his wife, and since he had not told her he had
been to Roanoke in the last few years, she had to open it.

The letter basically asked them to come to Roanoke and turn themselves in for
hit and run (their van had been seen leaving the accident).  Well, since, she
had not been to Roanoke the mess hit the fan when he got home.  When he finally
calmed her down enough to believe that he had not been to Roanoke, they called
the police.

What they discovered was that, yes there had been a hit and run accident in
Roanoke, but the only information the eyewitness could give was that the
vehicle was a blue Chevy Astro with license plates AR?-???.  Since this was the
only lead they had, they pulled the DMV records for all the vans that fit this
description and mailed them all a letter.  Because he could provide a ironclad
alibi the matter was dropped at this point.

But what if he couldn't provide an alibi or what if he had really been in
Roanoke but still didn't commit hit and run.  I imagine it could have
been pretty ugly - if not with the police at least with his wife!

william.d.bauserman@gte.sprint.com


More Arrest warrant database problems (Hanlon, RISKS-13.79)

<kmeyer@aero.org>
Wed, 23 Sep 92 13:16:05 PDT
In RISKS 13.79, James Hanlon mentions the problem of people being detained by
law enforcement officials because of incorrect or outdated arrest warrants.

This apparently is a big problem in California, at least in Southern
California.  In my two years at college in Los Angeles, I knew two people who
were erroneously taken in by the LAPD after being pulled over for routine
traffic violations (speeding, etc).

A fairly common cause for this may be the traffic school system.  In
California, if you get a traffic ticket you can usually go to traffic school
rather than just pleading guilty and paying your fine.  However, if you don't
either go to traffic school or pay your fine, eventually the ticket triggers an
arrest warrant.  My traffic school instructor specifically told us to keep our
traffic school completion certificates in our glove compartments for 7 years or
there was a reasonably good chance that we'd get hauled down to the station
next time we were pulled over for a routine traffic violation.
                                                                Kraig R. Meyer


Re: Arrest Warrants (Hall, RISKS-13.80)

Lauren Weinstein <lauren@cv.vortex.com>
Wed, 16 Sep 92 20:19 PDT
Greetings.  The phenomenon of "surprise" arrests for "minor" offenses is by no
means a new one, but the masses of computerized records have probably
exacerbated the problem.

A friend of mine tells how about ten years ago when she was staying at her
parent's home, Culver City police showed up unexpectedly at the front door
with an arrest warrant.  (Culver City is small city completely surrounded by
the City of L.A.  Its main claim to fame is the number of film studios,
including MGM, within its borders).  Anyway, they handcuffed this teenager
and led her away.  Great fun for the neighbors watching.

Why?  Turned out she had what they claimed were some unpaid *parking* tickets,
which shouldn't have been charged against her in any case since she was a
resident of the area who was supposed to be "immune" from that ticketing.
The judge they brought her before immediately dismissed them all, but it was
still a very embarrassing episode for her.  There's just no telling what
will pop out of the machines to "roll on" if it's a "slow" day.

The classic treatment of the "computer-induced" nightmare through "minor"
errors must be the humorous (fictional) piece done by "Datamation" in the early
70's.  It shows a trail of correspondence between an unfortunate book club
member and a wide variety of computerized systems, and tells, with tongue held
firmly in cheek, of his unfortunate demise.  (A clue: at the end of the piece,
the governor's order to stop the execution is accidentally misrouted...)
                                                                         Lauren


Re: Arrest Warrants (Hall, RISKS-13.80)

Randall Davis <davis@ai.mit.edu>
Thu, 17 Sep 92 11:30:18 edt
  ...  (I wonder whether there was any human intervention up
  to the point where the judge issued the warrant.)

How can you imagine there wasn't any?  How did the information get from the
bank to the police?  Did the bank computer take the initiative to dial up the
police computer?  How did the police decide to accept the information as valid
and initiate the warrant process?

  Disclaimer: This story was related to me a few years ago by a former employer.
  I believe that the facts as I have stated them are essentially correct, though
  the details are no longer clear in my memory.

The story has a strong tone of urban legend.  Many crimes involving money have
categories of severity depending on amount.  Given the alleged facts here the
amount in question must have been on the order of $3; perhaps someone with
knowledge of criminal law can indicate if there is in fact any state in which a
crime involving $3 is a felony.  Given that ``looking for him for a while'' had
to involve some human action (even to put him on the ``wanted'' list), there
was some opportunity for sanity checking; no guarantee of course but unlikely
to be missed.

If this happened at all, it's far more likely that some serious sized bad
checks were written (perhaps ordinary oversight) just before leaving the
state, and the combination of events triggered serious action (as it should).
The service charges may also have accumulated, but not caused the problem.


Airliners playing chicken

"David Wittenberg" <dkw@chaos.cs.brandeis.edu>
Tue, 22 Sep 92 14:22:52 EDT
In November (presumably 1991), a Fokker 100, flight 1163 landed on runway 22L
at O'Hare.  Winds were from 240 at 25 kts.  Shortly after landing, they
discovered that the thrust reversers weren't working, but the multi-function
display unit showed no problems.  They then found out that the brakes weren't
working either.  The stick shaker was on.  (A stick shaker literally shakes the
yoke to warn that a stall may be imminent.)  They took the high speed turnoff
onto a taxiway, and then turned back onto runway 22L (going in the other
direction, so it could also be called 4 R), just as a United 737 landed on the
far end of 22L.

Denny Cunningham described it:

"The UAL 737 had already touched down on 22L and was rolling head on toward the
Fokker.  [The Controller] immediately issued a go-around to the next arrival,
then started a persuasive campaign to convince the pilot of the 737 on rollout
that it would be in the best interest of aviation safety to make the highspeed
taxiway without delay.  With the radome of the Fokker starting to fill his
windshield, the 737 pilot concurred in a tone of amazement not usually heard on
ATC frequencies.  He managed to clear the runway a few seconds before the
Fokker flashed by going in the opposite direction.

The Fokker pilot kept one engine running to provide hydraulic power to the
steering.  At the end of 22L, he turned onto runway 27L, which was being used
for take-offs.  The planes which were waiting to takeoff were unable to make
any room for the Fokker on the taxiway.  At this point there were 3 jets
rolling on runway 27L.  The tower said that it looked like Oshkosh for
airliners.  The plane just starting its takeoff roll rushed his takeoff to get
out of the way.  The Fokker finally stopped in the middle of runway 27L, and
was towed off safely.  Noone was hurt, and there was no damage to any of the
airplanes.

It turns out that the "squat" switch which determines if the plane is in the
air had jammed, so the plane "thought" it was in the air, and safety switches
prevented the brakes or thrust reversers from working while the plane was in
the air.

Shortly after this incident, a captain attended school on Fokker 100s and asked
what the appropriate procedure was in the event of malfunctioning ground/flight
switches.  He was told that there wer no such procedures, because it couldn't
happen.

This is excerpted from two articles in "IFR: The Magazine for the Accomplished
Pilot", Vol. 8, number 9 (sept. 92). They were published under the title "EEK!
No Brakes!  Ho Hum, just another day at O'Hare; Two airliners playing chicken
on runway 22L" "Cockpit View" by Joseph J Poset taken from the May issue of
"Airline Pilot", and "From the Tower" by Denny Cunningham.

This incident was not directly caused by a computer.  Switches are used in all
sorts of safety devices, both with and without computers.  The danger from
computers is that they tempt us to add many more such switches, which will
eventually fail.

In case anyone is tempted to say that safety features such as the one which
prevented the brakes from working should be removed, remember that they are
often crucial.  The opposite kind of accident happened on 5 July, 1970 near
Malton Airport in Toronto, where a DC-8 crew accidentally deployed the
aircraft's spoilers in flight, killing all aboard.  The (US) FAA then required
a placard reading "DEPLOYMENT IN FLIGHT PROHIBITED" over the spoiler lever.  A
Canadian official called this ridiculous, and instead proposed a placard
reading "DO NOT CRASH THIS PLANE".  In fact the placard did not prevent a
similar (but non-fatal) accident on 23 June, 1973 at JFK.

So, placards don't work, and we install safety devices to prevent people from
doing stupid things.  Then the safety devices fail and cause crashes.  All one
can do is to try to only add safety devices which help more often than they do
damage, and not panic when a safety device does cause damage.  We know that
will happen, despite all attempts to reduce the frequency.


postal service privacy RISK

Daniel Burstein <0001964967@mcimail.com>
Fri, 18 Sep 92 05:49 GMT
There have been quite a few articles discussing the privacy aspects (or lack
thereof), based on the US Postal Service's databases - especially the
"forwarding" system.

The following article, from "Labor Notes" (7435 Michigan Avenue, Detroit, Mich.
48210, (313) 842-6262) #160, July 1992, is targeted towards labor issues, but
people reading this Digest will quickly grasp the RISKS involved with
videotaping all postal envelopes.  (see additional comments added at end).

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Title: Fighting Privatization.  Postal workers urge campaign to organize the
new, private sector, mailing industry, by Sarah Ryan

Text: If top US Postal Service officials have their way, private corporations
will sort most of the mail by the mid 1990s.  And the jobs will pay little
better than minimum wage.

But some members of the American Postal Workers Union are hoping to block
management's plan with an organizing drive in the private sector mailing
industry.  A resolution will be presented to the August APWU national
convention would, if passed, require the union, which has until now included
only governmentemployees, to begin to organize workers in privately-held
automated mail processing plants.

Over 40,000 postal union jobs have been eliminated in the last two and a half
years, and at least 55,000 more are slated to go by 1995.  While many postal
workers and union officials believe they are losing jobs to "automation,"
postal work is being pushed into the hands of an alternate, privately-owned,
mailing industry.

Management calls the process "worksharing."  Contractors are eager to jump
into mail processing and take advantage of the extremely low wages, absence of
unions, new high-speed mail processing equipment, and public subsidies.

subtitle: Worksharing

A year ago USPS announced that the new Remote Video Encoding operation would be
contracted out.  Remote encoding was developed as a way to sort mail which
cannot be "read" by optical character readers and bar code sorting machines.
RVE also allows mail to be sorted without highly trained workers.

Some mail, such as handwritten letters, cannot now be read by machines.  The
new process will transmit the image of these letters through telephone lines to
a data entry operator at a video terminal.  The worker enters an extract code,
and a bar code is chosen by computer and applied to the letter.  The operator
can be thousands of miles away from the mail.

According to former Postmaster General Anthony Frank, the remote video
operation will eventually replace most to the nation's 49,000 mechanical letter
sorting machine jobs.  Over 200 remote keying sites are planned; the first ones
are already on line.

[the article then goes on to discuss the various financial incentives being
proposed by the USPS -and- local governments for the companies setting up these
remote operations.  It also compares the salaries for the workers.  Other
tidbits in the piece describe some specific labor issues, use of convicts by
the USPS, and the like)

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Added comments: No doubt the first few machines will only be used for sorting
and bar-code spraying handwritten addresses.  HOWEVER, given OCR technology, it
would be quite trivial to have EVERY piece of correspondence going through the
USPS scanned, and a data list of who sent what to whom could be generated.

I can't cite the reference this moment, but I'm pretty sure the courts have
ruled that "mail covers" are legal WITHOUT a search warrant.  In other words,
"they" can look at the return addresses on the letters in your mailbox (or the
addresses you send "to") without legal hassles.  (Contents, though, are
protected, a little...)

Seems it may be time to change some laws...
                                                  <dburstein@mcimail.com>


Phone numbers in popular entertainment (was Re: Sneakers, the movie)

<dpassage@postgres.berkeley.edu>
Wed, 16 Sep 92 22:38:14 PDT
In RISKS-13.80, James Zuchelli points out that the movie _Sneakers_ used a real
phone number, that of the East Bay IRS office, instead of the normal 555-xxxx
used in movies an on TV.  PGN then points out that the phone number will be
more or less useless for the rest of time because people will be watching the
movie on videotape.

On a similar vein, I'm sure lots of the RISKS readers are familiar with Douglas
Adams' _The Hitchhikers Guide to the Galaxy_, in which a phone number appears
and is identified as such early on in the book.  The number is the real phone
number of the flat in London in which Adams lived while writing the radio
series which the book is based on.  An introduction to a later collection of
Adams' books contained an exhortation not to call the number, as the people
currently living there have nothing to do with the book and really wish people
would quit calling them up.

I think this brings up an interesting issue as we move into an era in which
people are identified on the net by their account names and site.  We've all
heard of incidents where one person's credit record gets confused with that
belonging to another person with the same name.  The main student system here
has recycled several account names as older students graduate and new students
with the same name show up, request an account with the now freed name, and
inherit that person's net reputation and hate mail.

David Paschich


Re: Drunk driving (Haynes, RISKS-13.80)

Toby Gottfried <toby@felix.filenet.com>
Fri, 18 Sep 92 09:51:08 PDT
    [The following message, although drifting in RISKS-relevance,
    is brought to you as a public service.  Good advice.  PGN]

Advice to (responsible) drivers is: don't drink.  If you are arrested for DUI,
you'll have full confidence in passing any test by a wide enough margin to
avoid worrying about the minor inaccuracies of any machine.

If you know you are guilty, then be thankful that you were stopped before
something serious happened.  The RISKS are to life, limb, and property, not the
passing or failing of a breathalyzer test.

Drivers are tasked with safe driving, not seeing how close they can come to
getting away with anything.

I apologize if this is off the subject of computer risks, but I tried and was
unable to let Jim Haynes' last paragraph go unanswered.


Re: Drunk driving (Gottfried, RISKS-13.81)

Jim Haynes <haynes@cats.UCSC.EDU>
Fri, 18 Sep 92 11:35:09 -0700
Well, I agree - I druther people didn't drink at all when they drive, and when
I gave that advice it was with misgivings that it might be construed as "how to
beat the test" rather than scientific advice.  I was being a little
tongue-in-cheek when I said take the test and fight the results in court --
meaning only to say the machine isn't infallible.  I was trying to say with a
little bit of humor that you shouldn't risk your future on a breath test when
there are better tests available.


CPSR Files Suit Against FBI Over Wiretap Proposal

David A. Banisar <Banisar@.cpsr.org>
Thu, 17 Sep 1992 16:43:51 -0400
WASHINGTON, DC, September 17, 1992

Contact:
Marc Rotenberg, CPSR Director (202/544-9240)
rotenberg@washofc.cpsr.org
David Sobel, CPSR Legal Counsel (202/544-9240) sobel@washofc.cpsr.org


CPSR Sues FBI For Information About Wiretap Proposal:
Seeks Reasons for New Plan

    Washington, DC - Computer Professional for Social Responsibility filed
suit today against the FBI for information about a new wiretap proposal.  The
proposal would expand FBI wiretap power and give the Bureau authority to set
technical standards for the computer and communications industry.

    The suit was filed after the FBI failed to make the information public.
In April, CPSR requested documents from the Bureau about the reasons for the
proposal. The FBI denied that any information existed.  But when CPSR pursued
the matter with the Department of Justice, the Bureau conceded that it had
the information.  Now CPSR is trying to force the Bureau to disclose the
records.

    The proposal expands the FBI's ability to intercept communications.  It
would mandate that every communication system in the United States have a
built-in "remote monitoring" capability to make wiretap easier. The proposal
covers all communication equipment from office phone systems to advanced
computer networks.  Companies that do not comply face fines of $10,000 per day.

    The proposal is opposed by leading phone companies and computer
manufacturers, including AT&T, IBM, and Digital Equipment Corporation.  Many
charge that the FBI has not been adequately forthcoming about the need for the
legislation.

    According to CPSR Washington Office director Marc Rotenberg, "A full
disclosure of the reasons for this proposal is necessary.  The FBI simply
cannot put forward such a sweeping recommendation, keep important documents
secret, and expect the public to sign off."

    In a related effort, a 1989 CPSR FOIA suit uncovered evidence that the
FBI established procedures to monitor computer bulletin boards in 1982.

    CPSR is a national membership organization of computer professionals
with over 2,500 members based in Palo Alto, California with offices in
Washington, DC and Cambridge, Massachusetts and chapters in over a dozen
metropolitan areas across the nation.  For membership information, please
contact CPSR, P.O. Box 717, Palo Alto, CA 94303, (415) 322-3778,
cpsr@csli.stanford.edu.

Please report problems with the web pages to the maintainer

Top