The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 07

Weds 17 November 1992

Contents

o Re: Recommended POLL FAULTING by RISKS folks
Rebecca Mercuri
o Cordless phone users gain some privacy rights
Jerry Leichter
o How to tell people about risks?
Xavier Xantico
o Risks of DYI Home movies
Alex Heatley
o Re: A320 descent anomalies -- reported in French press
Pete Mellor
o Redressing the record on English system maintenance
James H. Paul
o Re: Safe Conduct
Ken Tindell
o Re: Risks of cellular phones in aircraft
James Olsen
Dan Sorenson
Bob Rahe
o Re: Key registration: a naive thought about encryption
Martyn Thomas
o Re: RISKS of technical people disengaging brain, encryption, outlaws ...
Mike Dixon
Dan Swartzendruber
Ken Arromdee
John Sullivan
Robert Hartman
o Info on RISKS (comp.risks)

Re: POLL FAULTING recommended for RISKS folks (Baube, RISKS-14.07)

Rebecca Mercuri <mercuri@gradient.cis.upenn.edu>
Tue, 17 Nov 92 20:21:42 EST
I browsed some of the recent postings on RISKS regarding what appeared to be
voting "anomalies" and had been keeping my typing fingers firmly clenched in my
fists for fear of provoking another flame war (now that the Denning one seems
to have abated).  As I had published recently on the subject of electronic
voting (CACM Nov 1992 Inside Risks; Virus & Security Conference, March 1992),
have been involved in voting matters for close to a decade as an elected
official (committeeperson), and have provided expert witness testimonies, your
moderator requested that I comment on this subject.  Here then, is my advice:

1. Read the state and local election codes (they may differ).
    You may find that in your municipality it is perfectly "legal" to
    have misaligned ballots and other more egregious problems, simply
    because the law does not specifically preclude such things. Copies
    of the laws should be available at your county or city courthouse.

2. Raise a LEGITIMATE protest.
    This might include:
    a) Lobbying to get the laws changed if you think they are inadequate.
    b) Petitioning the courts to have elections thrown out, or recounts,
        if you think that there has been a breach of the law.
    c) Getting press coverage.

3. Get involved at the grass roots level.
    Although many municipalities saw a > 80% turnout of _registered_
    voters at the polls this November, the Spring primaries will likely
    see < 20% of those same voters returning. It is typically in the
    off-year races where people who will be appointing the members of your
    Boards of Elections (who oversee the process) will be getting elected.
    Vigilance is a year-round process. Although it is quite eye-opening to
    work at the polls THROUGHOUT election day (not just at the beginning or
    end of the day), what occurs during the other 363 days of the year
    often sets the stage for what happens at the polling places. If you
    have no idea how to get involved, start by perusing your telephone
    book for the numbers of local officials, and your newspapers for
    announcements of political or civic gatherings.

And while I am on the soap-box...

4. Spend considerably more time WORKING for the causes you care about than
   you do reading or writing about them (on bbs or email).
    The problems of elections and computer risks (as well as poverty,
    unemployment, hunger, discrimination, violence, ...) are not going to
    be solved if we sit here at our terminals relaying anecdotes around
    the world at NSF (and other government-funded) expense. If you are
    not ACTIVELY contributing to the solution, you are part of the problem.
    Many of the RISKS postings point to the inadequacy of software
    engineering methodologies and practices, yet few colleges and
    universities offer COMPREHENSIVE courses in SW Eng. and far fewer
    REQUIRE them as part of core curricula for the next generation of EE
    and CS professionals. Many of the problems with computerized vote-
    counting are directly related to failures in verification, validation
    and auditability (all familiar words to Software Engineers). If you are
    concerned about reducing risks, get out there and make it happen.

I regret, in advance, that I will not be able to reply to private emails
relating to the above posting, as my bandwidth is severely impacted due to
writing a dissertation.  If you feel moved to comment, please relay such to
RISKS and Neumann will filter them as appropriate. I hope that at least one
person will write (in a few months, because that is how long it will take) that
they did ALL of points 1, 2, 3, and 4 and report on their results.

Rebecca Mercuri.

Copyright (c) 1992 by Rebecca Mercuri.  All Rights Reserved.
Permission granted to RISKS FORUM for posting, and ELECTRONIC reposting
is permitted in its ENTIRETY, with this notice intact.  Printed (hard-)
copy may only be made for personal (non-profit) use. The author retains
all rights to the material herein.


Cordless phone users gain some privacy rights

Jerry Leichter <leichter@lrw.com>
Wed, 18 Nov 92 11:26:21 EDT
Cordless telephone users, whose conversations have been easy prey for
electronic eavesdroppers, finally won a degree of privacy in a federal
appeals-court ruling.

The Fifth U.S. Circuit Court of Appeals, in a criminal case, said that when
such phone users reasonably expect their conversations to be private, the
government can't listen in.  But the court said the Fourth Amendment privacy
right must be evaluated case by case, depending on such factors as whether the
phone user had sought privacy by purchasing devices intended to foil
eavesdroppers or by using phones known to be more difficult to tap.

The ruling is apparently the first in which a federal court has allowed
cordless-phone users any privacy rights.  Previously, other appeals courts have
said the phones are so easy to eavesdrop on - with an AM/FM radio or even with
another cordless phone - that any expectation of privacy was ridiculous.

The Eight U.S. Circuit Court of Appeals ruled in the late 1980s that
eavesdropping was allowed, and the U.S. Supreme Court declined to review the
decision.

The New Orleans court noted that the previous opinions are all several years
old, and that the technology has since advanced in the $1.39 billion
cordless-phone market.  Some phones on store shelves now, for instance, come
with scrambling devices made to combat high-tech eavesdroppers.  Other phones
work within shorter ranges, so their frequencies can't be as easily intercepted
as they were in the past.  More than 18 million cordless phones are expected to
be sold this year....

"The reasonableness of expectations of privacy for a cordless phone
conversation will depend, in large part, upon the specific telephone at issue,"
the court said.  It declined to spell out the technological features it
considered most relevant.

[The actual drug conviction, based on information recorded by a neighbor, was
upheld since no evidence about the phone had been introduced.]

Privacy-rights lawyers applauded the broader ruling, which they said is a step
toward preventing eavesdropping by private citizens as well as police.  The
lawyers noted that cellular-phone conversations already are protected [though
technically they are as easy to intercept.] ...

[N]ow that cordless phones are more secure, they should be treated the same as
cellular phones, Ms. [Janlori] Goldman [of the ACLU] said.  "People who use
these different kinds of phones do not make these kinds of distinctions," she
said.  "One circuit is willing to recognize that this might be an absurd
distinction." ...

[For those interested, the case citation is U.S. vs. David Lee Smith, Fifth
U.S. Circuit Court of Appeals, New Orleans, 91-5077.

Can we expect future Willie Horton's who beat the rap to get hired by the maker
of their phone to tout it as "private - and a court agreed?"]
                                    -- Jerry


How to tell people about risks?

"Xavier Xantico QZ (=J. P a l m e QZ)" <./S=J.P.SKHB/G=S.@heron.dafa.se>
18 Nov 92 18:06:12+0100
A problem with risks is that it is difficult to communicate information about
risks to people. If, for example, a doctor says to a patient "there is a very
small risk that this pill will cause liver problems" then many patients
interpret this as if the doctor had said "there is a large risk that this pill
will cause liver problems". So doctors usually do not tell the patients such
information, because the patients so often misinterpret the information.

Any comment on how to communicate risk information so that people get a correct
understanding, especially when you are informing people about very small risks?


Risks of DYI Home movies

Alex Heatley <Alex.Heatley@vuw.ac.nz>
Thu, 19 Nov 92 11:03:03 +1300
    Recently in Auckland, Aotearoa (New Zealand) the police were involved
in an unusual case.  It seems that several people burgled a house and among the
items taken was a set of videotapes. The tapes contained home-made pornographic
movies involving the inhabitants of the burgled house.  The burglars then
attempted to use their possession of the tapes to blackmail the "actors" into
paying for the return of the tapes.  Unfortunately when the burglars arrived at
the payment drop off point they were met by the NZ Police, who seized them and
the tapes.
    Any sighs of relief that the "actors" might have had were short-lived.
The burglars counter-charged that the tapes contained scenes of child
pornography and bestiality which made them indecent under NZ Law.  The result
was that several police "had" to view 40 hours of video recordings to verify
whether these claims were or were not correct (it turned out that the
recordings did not contain any child pornography or bestiality).
    The tapes were returned to the, by now, extremely embarrassed "actors".
With the increase in home computers capable of using frame grabbing software to
create digitised pictures and the almost insatiable desire of the networks to
spread any and all such pictures, the "actors" involved in this case were very
lucky that their images didn't end up adding to the network traffic statistics
for alt.sex.pictures.erotic.
    Of course, if the original tapes had been encrypted, this embarrassment
would never have occurred... or would it?

Alex Heatley Computing Services Centre, Victoria University of Wellington, P.O
Box 600, New Zealand.  Alex.Heatley@vuw.ac.nz
                                              [The proof is done.  KiWiD.  PGN]


A320 descent anomalies reported in French press

Pete Mellor <pm@cs.city.ac.uk>
Tue, 17 Nov 92 17:33:30 GMT
      ---------------------------Le Monde------------------------

Translated from Le Monde, 10-30-92 from the "Faits Divers" column.
Translation by John Lupien (jrl@world.stdl.com)

      Incident during the descent of an Airbus A-320 of Air Inter
      -----------------------------------------------------------

The crew of an Airbus A320 who were making in September a flight between
Clermont-Ferrand and Paris-Orly were surprised to witness an aberration in the
vertical speed of descent of the equipment. Having chosen a mode of descent of
550 meters per minute, they noticed that the plane was losing 750 meters per
minute, and that when they tried to correct that value to 450 meters per
minute, the rate worsened to 850 meters per minute.  The pilots at that point
changed their procedure and chose an angle (rather than a rate) of descent and
everything went back to normal.

The cause of the incident can be imputed to defective design in the interface
between the flight controller and the auto-pilot, both developed by the French
Sextant-Avionique and by the German BGT and with which other types of planes
such as the Airbus A-300 and A-310 are equipped with. This kind of fault is not
frequent, but it is one of the anomalies that the crew is trained to correct.

This incident would have passed unnoticed if certain pilots had not made it
public to point out a relationship to the aerial catastrophe of Mount
Saint-Odile which happened in January, when 87 persons were killed in the crash
of an Airbus A-320 of Air Inter. The first findings of the commission of
inquiry had perhaps made it appear that the crew was mistaken in the choice of
descent mode towards the airport of Strasbourg and that they had not monitored
their trajectory.

Translator's comment - The translation is as literal as I could manage...
Certain bits such as "esquisser un rapprochement" perhaps translate not
so well...

      ---------------------------End Le Monde-------------------------

      -----------------------------Figaro-----------------------------

Translated from Le Figaro, 10-30-92 from the "En Bref" ("In Brief") column.
Translation by John Lupien (jrl@world.std.com)

                              AIRBUS

                     Electronics in question
                     -----------------------

Judge Francois Guichard, in charge of the investigation of the accident of
Mount Saint-Odile, which killed 87 last January 20, indicated on Thursday
evening in Toulouse that the recent incident in the descent mode of an A320 of
Air Inter "Could a priori appear to be one of the reasons that caused the
accident". The magistrate referred to the failure of the electronic control
systems for the mode of descent of an A320 of Air Inter which, in September,
took a much steeper descent than that chosen [by the pilots].

         ----------------------end Figaro--------------------------

My thanks to John for these two translations.

Peter Mellor, Centre for Software Reliability, City University, Northampton
Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET: p.mellor@city.ac.uk


Redressing the record on English system maintenance (RISKS-14.06)

James H. Paul <PAUL@NOVA.HOUSE.GOV>
Wed, 18 Nov 1992 12:25:16 -0500 (EST)
> From: Scott Dorsey <kludge@agcb.larc.nasa.gov>
> To: paul@nova.house.gov
> Subject: DC-3
>
>    In a recent Risks digest, you mention that if more than three production
> aircraft are still flying, it's a requirement that avionics become available,
> and use the Honeywell equipment for the DC-3 as an example.  This is not a
> good example at all, since there are almost two thousand DC-3 aircraft flying
> in the US alone, as well as many more abroad.  The DC-3 remains a reliable
> workhorse of an aircraft; easy to fly and inexpensive to maintain.  A large
> amount of current cargo lines still have DC-3s for use to smaller airports
> where larger jets cannot land, and in fact there are still turboprop retrofit
> kits available for the DC-3.
>
>   Nonetheless, this is not as much of a problem as you might expect, both
> because most avionics are fairly standardized, and because the low production
> volume means that most of them are handmade on a one-off basis.
> --scott

After receiving the message above, I went back to my posting in RISKS-14.06.
Those who aren't able to find the article could very well misinterpret the
comment about avionics support requirements.  My summary improperly tied actual
system problems in various applications to a different concern about long-term
support for aircraft avionics.  The author cited the DC-3 (Dakota to
Englishmen) as the example of how long the a company might find itself in
harness to produce vintage equipment.  Dorsey is, of course, correct about the
treasured status of the venerable DC-3, and the profit to be made from the
large number of planes left.  The article's discussion focused more on the
close fit between autopilot and aircraft necessary for certification and the
likely difficulties this would pose as the more computer-literate aircraft of
the jet age continue to carry us around the world and the avionics firms try to
keep the control systems up-to-date.  I did a poor job of setting the context.


Re: Safe Conduct (RISKS-14.05)

<ken@minster.york.ac.uk>
Wed, 18 Nov 92 12:26:20
This will have very important consequences for UK industry. For example, none
of the UK motor industry considers computing in cars as safety critical, and
hence do not use appropriate techniques for developing software ("a bunch of
cowboy hackers" was one description of the software developers in one company).
Of course, with this new law (which is EC wide) it won't be up to the industry
to deign if something is safety critical or not, it will be up to the law
courts. If I were an executive in the car industry I would be quaking in my
shoes at the moment..

Ken Tindell Internet : ken@minster.york.ac.uk Computer Science Dept., York
University, YO1 5DD, UK : +44-904-433244  Local FTP site: minster.york.ac.uk


Re: Risks Of Cellular Speech

James Olsen <olsen@hing.LCS.MIT.EDU>
Tue, 17 Nov 92 10:27:44 -0500
In RISKS-14.04, Robert Gezelter writes:

>While I believe that it is true that the use of Cellular phones is
>prohibited in aircraft ... I seem to remember that the rationale is
>aviation related, not Cellular Phone related.

There are, in fact, two separate risks involved here, and two separate
regulations to control them.  In-flight users can impose an excessive load on a
a cellular phone system by accessing many cells at once; therefore the FCC has
recently prohibited airborne use of cellular phones (see 57 FR 830).

There is also a more general risk of any portable electronic equipment
used in aircraft, since it has not been tested for interference with
the electronic systems in the aircraft.  FAA regulation 91.21
therefore prohibits the use of portable electronic equipment (with
minor exceptions) in an airliner unless the airline has determined
that it will not cause interference.  Many airlines have issued
blanket permission for items such as tape players and laptop
computers, but I am unaware of any that yet allow the use of cellular
phones, even on the ground, where they would otherwise be legal.

Jim Olsen     olsen@cag.lcs.mit.edu     "Tache d'etre heureux."


Re: Risks Of Cellular Speech (Gezelter, RISKS-14.04)

Dan Sorenson <viking@iastate.edu>
Thu, 12 Nov 1992 05:11:25 GMT
> ... To be exact, my recollection is that the frequencies used by
>Cellular are fairly close to some of the frequencies used by the avionics.

    This is my understanding too, but note that this was extended on some
airlines to laptop computers and even some hand-held video games.  Midwest
Express, a rather expensive but high-quality business-oriented airline, has
cellular phones in each seat.  I suspect it's not the frequency of the cellular
phone transmission that worries the airlines, but rather the electro-magnetic
or RF interference it might play with the IFR systems or possibly the
electronic controls on the aircraft.

    The risk here would be allowing non-certified phones on board, whereas
airline-supplied phones can be easily tested by the airline.

Dan Sorenson, DoD #1066 z1dan@exnet.iastate.edu viking@iastate.edu


Re: Cellular phones in aircraft

Bob Rahe <bob@hobbes.dtcc.edu>
Tue, 17 Nov 1992 13:13:27 -0500
 In RISKS-14.05, berry@athos.pei.com (Berry Kercheval) writes:

|>The blanket ban *is* due to cell overlap, then, and my guess is the reason
|>there is not an altitude restriction is that it's too hard to figure out; the
|>number of cells reached is a complex function of altitude, position of the
|>aircraft and cells, and the topography of the surrounding landscape.  I can
|>just picture the FCC bureaucrat saying ``Hell, that's too hard.  Let's just ban
|>'em all.''.

  Now I'm all for blasting bureaucrats but this shot seems a bit gratuitous.
Just how might a regulation be written that would allow cellular use from
aircraft given the complexity of deciding?  Would I have to carry my (possibly
banned) portable computer with a CD-ROM geographical database of cells in
the US (or wherever I was travelling) along in order to calculate whether I
could make a call?  Actually, it sounds as tho the bureaucrat is correct.  It
is too hard to be reasonably done.

Bob Rahe, Delaware Tech&Comm College  Internet: bob@hobbes.dtcc.edu
CompuServe: 72406,525 Genie:BOB.RAHE


a naive thought about encryption

Martyn Thomas <mct@praxis.co.uk>
Mon, 16 Nov 92 11:03:33 GMT
The security services are using a lot of very expensive resources to decrypt
intercepted messages (Spycatcher revealed that all telephone traffic and all
radio traffic was routinely monitored and recorded in the 1950s to 1970s -
so this is probably still true, or close to true).

If you don't *need* your messages to be secure from the Government, why not
give them a break and agree to a key registration scheme? Arguments that
this will always be defeated by the criminals seem to ignore the help that
the law-abiding can give by making the unco-operative easier to identify,
and thereby freeing decryption effort.

Isn't there a balance between distrust of Government,(however justified) and
a need to help the law-enforcers to enforce the laws that keep society
civilised?

We are the experts in this technology. What can we propose that gives a
proper balance between privacy and law-enforcement?

Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel:    +44-225-444700.   Email:   mct@praxis.co.uk


Re: RISKS of technical people disengaging brain

Mike Dixon <mdixon@parc.xerox.com>
Tue, 17 Nov 1992 13:26:16 PST
>Most of us are in professions where logic is of some importance.  It hurts
>credibility to declare in public, "I *don't* believe" a tautology.

in a very aptly-titled Risks submissions, Dan Herrick purports to make a
contribution to a serious social discussion (the effectiveness of gun control)
with a trivial "logic" analysis. this is the kind of argument that gives
technical people a bad name.

the statement "When guns are outlawed, only outlaws will have guns" isn't a
tautology on anything but the shallowest reading (hint: people usually don't
bother to assert tautologies).  it's an assertion that dangerous, threatening,
bad people will have guns and good, honest citizens won't be able to defend
themselves.  some people believe it, some don't; only extreme technical
blindness would allow someone to think the question could be dismissed with a
puff of logic.  *that's* what hurts credibility (and that's perhaps the least
of its risks).
                                     .mike.


Re: RISKS DIGEST 14.05

Dan Swartzendruber <dswartz@lectroid.sw.stratus.com>
17 Nov 1992 16:12:12 GMT
On the subject of "RISKS of technical people disengaging brains", I'm afraid
Mr. Herrick has fallen victim to over-literalism.  I've used this expression
more than once, and I'm perfectly aware of the tautology.  The point he is
missing is that many natural languages contain grammatical constructs which if
analyzed grammatically, are either tautologies or self-contradictory.  This
doesn't automatically make them nonsense or their users fuzzy-thinking fools.
I think most native English speakers understand intuitively the implied clause
which follows statements of the form "If/when they outlaw X, only outlaws will
have X".  If he doesn't, I'm sure he can find any number of people (possibly
even without advanced degrees) who would be more than happy to explain it to
him.
                                   Dan S.


Re: RISKS DIGEST 14.05

Ken Arromdee <arromdee@jyusenkyou.cs.jhu.edu>
Tue, 17 Nov 1992 03:59:02 GMT
It's not a tautology.  One reasonable interpretation of the statement is that
"if X is outlawed, only people who are already outlaws of other types will use
X".

I suppose this indicates a RISK of some sort, though I don't really feel like
phrasing it fully.

Ken Arromdee (UUCP: ....!jhunix!arromdee; BITNET: arromdee@jhuvm;
     INTERNET: arromdee@jyusenkyou.cs.jhu.edu)


Re: RISKS of technical people disengaging brain

<sullivan@geom.umn.edu>
Tue, 17 Nov 92 17:46:13 -0600
Dan Herrick, dlh%dlhpfm@NCoast.org, misses the deeper meanings of the statement
"if X is outlawed, only outlaws will use X".  Of course, there is a tautologous
interpretation, explained by Herrick.  But when X is refers to guns, this
statement has been used to imply many things that are not tautologies.
Far-right lobbying groups have used this slogan to imply that any waiting
period, or other reasonable restriction on the purchase of deadly weapons,
would lead merely to difficulties for "law-abiding citizens" while having no
effect on criminals.

I'm sure the original author (Phil Karn, karn@qualcomm.com) was merely trying
to disassociate himself from such "fuzzy thinking", by pointing out that what
might be true for cryptography might not be true for guns.

Statements in a language like English are very rarely tautologies: they
always carry around extra baggage.

-John Sullivan, sullivan@geom.umn.edu


Re: RISKS-14.05: Logic vs. Clever Slogans

Robert Hartman <infmx!hartman@uunet.UU.NET>
Tue, 17 Nov 92 20:02:00 GMT
Actually, this statement is not, strictly speaking, a tautology.  It isn't
even, strictly speaking, a statement of logic.  Why?  Because its truth value
depends not on its logical form, but on the meaning of its terms.

In particular, the meaning of the term "outlaw" is telling.  It is one thing to
break the law.  It is quite another to "be an outlaw."  Ordinary citizens break
laws.  Some even scoff at certain laws, and other still skirt the letter of the
law while seeing its value and holding to its intent.  But "being an outlaw"
implies a habitual disdain or disregard for the law--which is why the clever
originators of that slogan use that word in order to frighten ordinary citizens
into opposing restrictions on their ability to purchase guns.  It's funny how
much less impact the slogan has when you replace "guns" with "encryption."

While it's true that if you make codes or guns more difficult to obtain, only
those with stronger motivation will obtain them.  Nevertheless, one need not be
an outlaw to vehemently desire both protection and privacy.
                                                                  -r

Please report problems with the web pages to the maintainer

Top