The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 89

Monday 2 November 1992

Contents

o Leaving greasy marks on monitors may be dangerous
Simon Marshall
o Risks Of Cellular Speech
Dave King
PGN
o Police and Computers
Mark Bergman
Mike
o Cash displenser fraud
E. Kristiansen
o Network is a lifesaver
Mike Cepek
o Pay-per-call-back-verify
Robert Slade
o Re: London Ambulance Service
Brian Randell
John Jones
o Alarmism and Prof. Denning
Timothy C. May
o Blockbuster announces plan to use data from video rentals
John Nagle via T. Kim Nguyen
o Info on RISKS (comp.risks)

Leaving greasy marks on monitors may be dangerous

Simon Marshall <S.Marshall@sequent.cc.hull.ac.uk>
Mon, 2 Nov 1992 11:15:58 +0000
Many people regard greasy marks on monitor screens a nuisance.  If there is any
danger, it is the donor who is at risk because s/he many get some verbal or
perhaps (tongue in cheek?) physical abuse from subsequent users.  Not so.

This weekend, I cleaned the monitor of a workstation I was using in our lab.
Heeding warnings about getting electric shocks from static build ups, I turned
the monitor off for a minute before applying the anti-static cleaner.  When I
began to wipe off the water-based cleaner with a paper towel, the screen burst
into flames.  Blue-yellow flames may look nice with a beige plastic `dimple
effect' surround, but they are not good for the skin.

Apparently, so I am told, CFCs have been replaced in these aerosols by
flammable propellants.  The risks are clear: the housekeeping maintenance of a
computer is not without its dangers.  If the lab had a lower ceiling, and I was
not able to blow the fire out, this story might have been a different one.

Simon Marshall, Dept. of Computer Science, University of Hull, Hull HU6 7RX, UK
Email: S.Marshall@Hull.ac.uk    Phone: +44 482 465181    Fax: 466666


Risks Of Cellular Speech

Dave King <71270.450@compuserve.com>
02 Nov 92 12:00:22 EST
  [The following was distributed here at work by our security folks. I was
  surprised at the degree to which cellular traffic has apparently become
  public speech.  But then, perhaps my surprise is just a reflection of my
  naivete.  I'm not sure how Canada's laws compare to ours, but given how
  difficult it must be to catch someone at this, I can't imagine things are
  much different here in the 'States.  (But then if it's so difficult, how'd
  they do the study???)  Dave]

Two Bell Canada security managers shared some startling data with us recently.
In a three-month study of the Metro Toronto area earlier this summer, Bell
found that 80 percent of all cellular telephone traffic is monitored by third
parties.  Even more eye-opening is the fact that 60 percent of monitored calls
are taped for closer scrutiny and culling of marketable information.  The
chance of being monitored and taped is even higher in rural areas, where air
traffic is lighter. Scanners cost as little as $200, and are sold in virtually
every shopping mall in Toronto.

Marketable information includes the obvious -- mergers, take-overs, market and
product plans, but the listeners are also looking for voice/phonemail access
codes and passwords.

The digitized tones are translated into numbers quite easily. "Phone phreaks",
the telecommunications equivalent of computer hackers, use these numbers to
break into voicemail systems. One misuse which is growing in frequency is the
setting up of "pirate" voicemail boxes, often by organized crime.  Pirated
boxes give them the ability to disseminate information on drug deals, as one
example, with little or no risk of detection.

We ask you to be extremely cautious when using your personal or business
cellular phone.  Do not discuss confidential business matters, and avoid
calling in for phonemail messages via your cellular phone.

David L. King, IBM SE Region Information & Telecomm Systems Services Department
CAY, Mail Drop D072, 10401 Fernwood Road, Bethesda MD 20817 301 571-4349


Cellular Snooping and Privacy Issues

"Peter G. Neumann" <neumann@csl.sri.com>
Mon, 2 Nov 92 9:49:24 PST
An article by John Flinn on the front page of the San Francisco Examiner,
Sunday, 1 November 1992, listed several cases of inadvertent or advertent
eavesdropping, in the midst of a fine story on the problems in general.

 * A supposedly private conference call among SF Mayor Jordan, real-estate
   magnate Walter Shorenstein, and several others discussing the then not
   public withdrawal of George Shinn from the effort to save the SF Giants
   was BROADCAST on a TV frequency.

 * "On the first day of the Soviet coup against Mikhail Gorbachev last year,
   a scanner buff overheard Vice President Dan Quayle making a call from Air
   Force Two to Sen. John Danforth about the unfolding crisis."

 * "In New Hampshire, an anti-nuclear activist picked up calls made from the
   control room at the Seabrook nuclear plant, including one real-life Homer
   Simpson saying, ``I've got a bad feeling about these valves.'' "

 * A Green Bay Packer football player was overheard calling a male escort
   service and making explicit requests.

 * A 23-minute conversation allegedly between Princess Diana and a man
   who called her ``my darling Squidge'' was taped by a retired bank
   manager in Oxford, and transcribed in The Sun.  (The woman allegedly
   referred to the Royal Family as ``this ****ing family''.)

After discussing privacy laws, legalities, and realities, Flinn notes that at
Scanners Unlimited in San Carlos, CA, "about a quarter of the customers are
interested in telephone eavesdropping."


Police and Computers

Mark Bergman <bergman@panix.com>
Mon, 2 Nov 92 12:14:35 EST
Police Officials Cited for Searching Private Computer Records

    LOS ANGELES (AP, 30 Oct 1992) -- More than 45 police officials have
been cited since 1989 for using department computers to check the backgrounds
of baby sitters, house sitters and others for personal reasons, records show.
"It's a very serious problem," Police Commissioner Ann Reiss Lane said.  The
citations came to light after a civilian Police Commission investigator was
suspended 10 days for using department computers without permission to get
confidential data on white supremacist Tom Metzger and actor Arnold
Schwarzenegger.
    The union representing Robert Bauman appealed the suspension and
submitted records showing that more than 45 department employees had been
disciplined in the last three years for illegal computer use.  Most received
suspensions of two or three days or verbal reprimands.  As an example, Lane
said Thursday, an officer might use the computer to check the background of an
individual about to marry one of the officer's relatives.
    Bauman's 10-day suspension without pay was upheld last week by the
Civil Service Commission.  Bauman, a 23-year civilian employee, said he already
has served the suspension and was back at work.  Bauman, a permit processor,
routinely uses police computers to check the criminal records, police files,
and tax records of people applying for police permits for massage parlors, gun
stores and pawn shops.  He said he gathered information on Metzger because he
is a part-time historian who does research on right- and left-wing political
groups.  Bauman said he tapped into Schwarzenegger's files because a co-worker
was curious about the actor.

Mark Bergman  718-855-9148  bergman@panix.com  {cmcl2,uunet}!panix!bergman


Re: Police misuse computer checks

<"Mike">
Sun, 01 Nov 1992 22:24:51 CST
Other than the obvious RISK, I'd like to point out that much or all of the data
in question here is likely kept by government mandate.

On a personal note, I recently recommended to a fellow employee that she report
a third employee to her supervisor for a similar thing.  #3 had offered to
access credit data on someone that #2 was having personal and legal trouble
with.  What appalled me what that neither one thought there was anything wrong
with "using the system" in this way -- until I explained it in terms of *their*
credit being revealed.  <sigh>


Cash displenser fraud

"E. Kristiansen - WMS" <EKRISTIA@estec.estec.esa.nl>
Mon, 2 Nov 92 09:10:43 CET
Several Dutch newspapers recently carried the following story:

The Dutch bank Rabobank has discovered a fraudulent use of their cash
dispensers (The term ATM is not commonly used around here. A cash dispenser
does just that - dispense cash from your bank account).  After you have
supplied your card, PIN, etc, banknotes for the desired amount will appear
between the "jaws" of the machine. The notes are held rather firmly, and the
jaws have a detection device to sense when the money has been removed.  If you
do not take your money within a given time, the machine will swallow it back,
and undo the transaction on your account.  The trick is that it appears to be
possible to remove part of the stack of notes without the machine noticing. AND
THE MACHINE DOES NOT COUNT THE MONEY IT TAKES BACK.

Erling Kristiansen - ESTEC


Network is a lifesaver

"Mike Cepek, MGI" <cepek@vixvax.mgi.com>
Sun, 01 Nov 1992 22:25:54 CST
Here is a positive story on the RISKS theme.  I have summarized from the page
1A article of the 31-Oct-92 (Mpls, MN) Star Tribune entitled:

After computer note from France, a life is saved

Chris Ginther, a student and computer sales clerk, logged into his home
computer Wednesday evening to read his email.  One message was from "Emily", a
pen-pal of his for several years in Bordeaux, France.  The message said she
felt cold, alone and empty, that her life was futile.  The message said
goodbye, and that she was going to kill herself in a few hours.

Across a network he contacted her -- she answered.  He got her phone number and
called her.  Her weak, quiet voice said she wanted to die; that she had taken
half a bottle of sleeping pills; that she was alone.

Ginther and an AT&T operator were eventually able to explain the situation to
French authorities.  An ambulance soon arrived at her house, they smashed the
door down, and found her barely breathing.  "If we came one minute later," a
paramedic said, "she would have been dead."

Ginther has since received messages from Emily as well as her family for his
heroic role.  Emily regrets her foolish act, and is feeling better about her
life now.  Fortunately, Ginther doesn't wait until morning to read his email.


Pay-per-call-back-verify

<rslade@sfu.ca>
Mon, 2 Nov 92 11:07:31 PST
Padgett Peterson was telling me about his recent success in getting a BBS set
up with one of the new modems with a "caller-id" feature.  I think this is
going to be a feature that a lot of sysops are going to want.

It happened that just last week I had a request to look into a security problem
for a local sysop.  He is concerned with security and misuse of his board, and
so he has installed a call-back-verify system to check out callers.  If he
can't call back and get a confirmed phone number, they don't get an account.
Many sysops use this to avoid having to "voice verify" each and every caller.

Most call back verify systems have an option that will prevent the system from
returning long distance calls.  Obviously, this will also apply to "900"
pay-per-call numbers.  Padgett reminds me that recently there was a scam in New
York wherein pager wearers were "paged" by "576" pay-per-minute calls.

The problem in Vancouver is that BC Tel has recently started up pay-per-call
numbers, but they do not yet have identifiable prefixes.  Therefore, ankies
have been calling various BBSes that have call-back-verify, and leaving these
pay-per-call numbers.  The sysop who talked to me had lost about $50 in the
last month, and this has only just started.

Vancouver Inst. for Research into User Security, Canada V7K 2G6 604-526-3676
Robert_Slade@sfu.ca ROBERTS@decus.ca rslade@cue.bc.ca p1@CyberStore.ca


Re: London Ambulance Service

<Brian.Randell@newcastle.ac.uk>
Fri, 30 Oct 1992 10:54:22 GMT
Despite all the other news, this story is still getting extensive coverage here
in the UK. The Independent's follow-up today (30 Oct.) to yesterday's front
page story appears as the main story on page 2. It identifies - for the first
time as far as I am concerned - the software company involved (Systems
Operations - a company I have not heard of before) and adds quite a bit of
detail and commentary to the original story, so again I thought it appropriate
to submit the complete item (without permission) to RISKS.
                                                              Brian Randell
Dept. of Computing Science, The University, Newcastle upon Tyne, NE1 7RU, UK
Brian.Randell@newcastle.ac.uk   +44 91 222 7923  FAX = +44 91 222 8232


           SOFTWARE FAILURE "MAY BE BEHIND AMBULANCE CRISIS"
                   By Susan Watts and Ian McKinnon

Computer specialists yesterday said that the system blamed for this week's
crisis at the London Ambulance Service appeared to ignore basic tenets for
software where breakdown would put lives at risk.  The failure of the computer
system over 36 hours on Monday and Tuesday, which was said to have cost between
10 and 20 lives, raised serious questions about the way it was designed and
tested, experts said.  Yesterday, the software company involved, Systems
Options, refused to comment.

Leaders of London's ambulance staff last night revealed they had given the
services's new chief executive three days to review the efficiency of the
computer system.  Organisers of the public employees' union, Nupe, said they
would have preferred the Computer Aided Dispatch system to have been shut down
because it was a danger to the lives of patients.

But Chris Humphreys, the union's London regional organiser, said they had
chosen to allow a short period of grace to Mark Gorham, the acting chief
executive who replaced John Wilby after his resignation in the wake of an
outcry over delays of up to 11 hours in the arrival of emergency vehicles.
However, Mr. Hunphreys refused to disclose what action the union planned to
take if the management refused to meet its demands or arrive at a satisfactory
compromise.  He emphasised that by reverting to the system in use prior to full
computerisation on Monday and Tuesday, patients' lives were still at risk.
Ambulance staff argue that the system of partial computerisation, used in
conjunction with radio and telephone to send ambulances to emergency calls, had
already led to 45 deaths in the capital because of delays.

However, Mr. Gorham yesterday held out an olive branch when he met union
leaders by promising to conduct a full investigation into the 20 deaths
ambulance staff said were the result of delays and breakdown earlier in the
week.

Robin Bloomfield, a consultant who advised the Government on a programme to
promote the safety of computer-controlled systems, said it was a fundamental
requirement for this kind of system to have several layers of defence against
fialure.  He said the ambulance service was asking a lot of its computer
system.  "With about a million calls a year the system has to be more reliable
than a nuclear reactor protection system.  I would expect to see a detailed
safety case for justifying its operation, and several different back-up
systems".  He said that as the system originally went into operation, the only
back-up it appeared to have was the expectation that people would make their
own arrangements if the system failed.

"Safety critical" software should always be passed to an independent assessor
to make sure it does what it is supposed to, and passes safety checks.  This is
standard practice as part of the "safety culture" of companies in the nuclear
and transport industries which often use software on which people's lives
depend.  Such software should have at least one back-up system which could be
manual, electronic or even an administrative procedure, ready to switch into
operation should something go wrong.  Mr. Bloomfield said. "You would very
rarely rely on a single system."

Extra calls on Monday exacerbated the situation, but the computer system
should have been designed to cope with this.  Tom Anderson, a director of
the Centre for Software Reliability in Newcastle upon Tyne, said: "If you
are getting overload the system should go into a fall-back mode".   [...]

More than a quarter of accident and emergency ambulances from the London
Ambulance Service are failing to meet performance standards in the Patient's
Charter, Tom Sackville, Under-Secretary of State at the Department of Health,
said in a written Commons answer yesterday.

The Charter sets a 14-minute response time as the standard for London.  Latest
statistics, for 1990-91, show 26.3 per cent falling below it, even though in 11
per cent of cases ambulances were able to respond in just seven minutes.


Failure of London Ambulance despatch system

John Jones <jgj@cs.hull.ac.uk>
Sun, 1 Nov 92 18:05:59 GMT
Today's `Independent on Sunday' (1st November, 1992) has further details
relating to the failure of the automatic despatch system introduced by the
London Ambulance Service last Monday.  While it is difficult to get hard detail
from a newspaper article, some of the points made include:

    - the despatch system could not distinguish between duplicate
      calls relating to the same incident.  In some cases several
      ambulances turned up to respond to the same incident.

    - logged calls were lost.  One particular case is related in
      detail, in which a disabled woman was trapped in her chair
      by the body of her collapsed husband.  She called the LAS
      every 30 minutes, on each subsequent call being told that
      there was no trace of the earlier call.  An ambulance
      eventually arrived 2.75 hours  after the initial call, by
      which time the husband had died.

The article also relates details of the pathetic attempt by the LAS and
government to `manage' the publicity over the failure.  When the LAS management
eventually pulled the system out, on Tuesday, they initially tried to ``deflect
blame onto the staff''.  On wednesday, a government minister announced that the
`computer had broken down'.

John Jones, Department of Computer Science, University of Hull, UK.


Alarmism and Prof. Denning

Timothy C. May <tcmay@netcom.com>
Mon, 2 Nov 92 09:43:48 -0800
As you know, there has been a huge response to the "key registration" idea. I
posted a synopsis of the Dorothy Denning proposal in sci.crypt as "A Trial
Balloon to Ban Encryption?" So far, over 200 responses to this "risk."  The
following piece was posted a few days ago (Friday) to sci.crypt.

--Tim May, 408-688-5409, tcmay@netcom.com

Date: Thu, 29 Oct 1992 23:29:53 GMT
Newsgroups: sci.crypt
From: tcmay@netcom.com (Timothy C. May)
Subject: Alarmism and Prof. Denning
Organization: Netcom - Online Communication Services  (408 241-9760 guest)

Several people have complained, either in this group or in e-mail to me, that
some of my recent comments have been alarmist and detract from what they
consider to be my otherwise well-taken points. Fair enough.

In one posting I said "Be afraid. Be _very_ afraid." I assumed most folks would
recognize this as the tag line from the movie "The Fly." I thought it
euphonius, so I borrowed it. In any case, having some fear of what governments
may do to us seems to me to be a healthy thing.

I took great care to be as reasonable and as calm as possible a few days ago
when I posted the first message in this thread ("A Trial Balloon to Ban
Encryption?"). Clearly the key registration idea is controversial.

Now let me be even _more_ reasonable. I think Professor Denning has done us a
great service, as it has gotten some healthy debate going about these very
important issues. The more than 130 messages, most of them making excellent
points, in this group (and a few others, peripherally) indicate the intense
interest and scrutiny this subject has attracted.

Dorothy Denning has long been involved in crypto (she wrote the book, so to
speak) and more recently in hacker matters, as detailed in Bruce Sterling's new
book "The Hacker Crackdown." To assume she is somehow pushing this idea, in the
legislative sense, seems unfounded.  It seems to me that she thought about some
of the serious implications of widespread crypto use, developed some ideas (as
Ron Rivest did last summer in an article in "IEEE Spectrum"), and talked about
them at the recent Computer Security Conference. Now we may think her
particular idea is wrong, for political and technological reasons, but we
should not villify her for floating the idea.

I used the term "trial balloon" in perhaps a way I should not have. It may have
suggested to some that Prof. Denning, who recently relocated to the Washington,
D.C. area, is part of a cabal of crypto advisors who are plotting the next
stage of our enslavement. (A smiley) So far as I know--and I hope we'll find
out soon enough--there is no proposed legislation along the lines Prof. Denning
suggested. I doubt she was acting as an agent for the Feds in floating this
idea. Just academic freedom at work.

Furthermore, I favor the open discussion of ideas. I am not one to fear
discussing some new idea, or technology, or whatever, for fear it will "give
Them ideas" or catalyze a crackdown. In an open society like ours, debate is
healthy.

I am happy this issue, which is one of several important crypto policy issues
that have been simmering for a long time, has come to prominence. I look
forward to seeing the debate here.

(The only thing that worries me is that folks may get so clever,
cryptographically speaking, that they patch the flaws in the key registration
proposal and thus make it more likely to become law.  Let's not lose cite of
the fundamental issues surrounding liberty, surveillance, and privacy. But
since nearly everyone who has posted so far seems strongly committed to civil
liberties, these worries are minimal.)

On with the debate.

Timothy C. May  tcmay@netcom.com  408-688-5409    W.A.S.T.E.: Aptos, CA


Blockbuster announces plan to use data from video rentals

T. Kim Nguyen, kim@watnow.uwaterloo.ca <kim%phaedrus@uunet.UU.NET>
Mon, 2 Nov 1992 11:50:30 -0500
  [Forwarded to RISKS by T. Kim Nguyen, Systems Design Engineer,
  Document Imaging Systems, JTS Computer Systems Ltd., Toronto
  kim@watnow.uwaterloo.ca k.nguyen@ieee.org, kim@jts.com uunet.ca!jts.com!kim]

Newsgroups: comp.privacy,alt.privacy
Date: Wed, 28 Oct 1992 17:05:34 GMT
From: nagle@netcom.com (John Nagle)
Keywords: Blockbuster video data privacy dossier database
Organization: Netcom - Online Communication Services  (408 241-9760 guest)

Blockbuster Entertainment Corp. announced plans to used its database of 30
million Blockbuster video club members as part of its marketing push into the
music business.  Blockbuster is acquiring the 7th largest and 12th largest
record chains from Shamrock Holdings, Inc, which will make Blockbuster the 7th
largest record retailer by the end of November.

Blockbuster sees many opportunities to cross-market home videos and music.  Mr.
Steven R. Berrard, vice-chairman of Blockbuster, said that Blockbuster could
offer free video rentals to customers who buy music from Blockbuster record
stores.  This works both ways; he was quoted as saying "If you rent a Disney
animated film for your children, I know there might be music that appeals to
them.  This is a significant plus."  He, and Mr. Joseph R. Baczso, speaking to
reporters and financial analysts in New York, said one of the company's
strengths in music retailing will be its base of 30 million Blockbuster video
club members and the data it has on those customers.

Whether or not such use of personal data would be a violation of the Video
Rental Privacy Act remains to be seen.
                            John Nagle
   (ref: Wall Street Journal, 10/28, p. B6).

Please report problems with the web pages to the maintainer