The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 14

Weds 2 December 1992


o Akron BBS trial update!
David Lehrer
o Holiday reading on Risks
Phil Agre
o Re: Books on Probability
Pete Mellor
o FME'93 Call For Participation and Programme
Peter Gorm Larsen
o Info on RISKS (comp.risks)

Akron BBS trial update!

David Lehrer <>
02 Dec 92 11:49:08 EST
Akron BBS trial update: Dangerous precedents in sysop prosecution

You may already know about the BBS 'sting' six months ago in Munroe Falls, OH
for "disseminating matter harmful to juveniles." Those charges were dropped
for lack of evidence. Now a trial date of 1/4/93 has been set after new felony
charges were filed, although the pretrial hearing revealed no proof that *any*
illegal content ever went out over the BBS, nor was *any* found on it.

For those unfamiliar with the case, here's a brief summary to date.  In May
1992 someone told Munroe Falls police they *thought* minors could have been
getting access to adult materials over the AKRON ANOMALY BBS. Police began a
2-month investigation. They found a small number of adult files in the
non-adult area.

The sysop says he made a clerical error, causing those files to be overlooked.
Normally adult files were moved to a limited-access area with proof of age
required (i.e. photostat of a drivers license).

Police had no proof that any minor had actually accessed those files so police
logged onto the BBS using a fictitious account, started a download, and
borrowed a 15-year old boy just long enough to press the return key. The boy
had no knowledge of what was going on.

Police then obtained a search warrant and seized Lehrer's BBS system. Eleven
days later police arrested and charged sysop Mark Lehrer with "disseminating
matter harmful to juveniles," a misdemeanor usually used on bookstore owners
who sell the wrong book to a minor. However, since the case involved a
computer, police added a *felony* charge of "possession of criminal tools"
(i.e. "one computer system").

Note that "criminal tool" statutes were originally intended for specialized
tools such as burglar's tools or hacking paraphernalia used by criminal
'specialists'. The word "tool" implies deliberate use to commit a crime,
whereas the evidence shows (at most) an oversight. This raises the
Constitutional issue of equal protection under the law (14th Amendment). Why
should a computer hobbyist be charged with a felony when anyone else would be
charged with a misdemeanor?

At the pretrial hearing, the judge warned the prosecutor that they'd need "a
lot more evidence than this" to convict. However the judge allowed the case to
be referred to a Summit County grand jury, though there was no proof the sysop
had actually "disseminated", or even intended to disseminate any adult
material "recklessly, with knowledge of its character or content", as the
statute requires. Indeed, the sysop had a long history of *removing* such
content from the non-adult area whenever he became aware of it. This came out
at the hearing.

The prosecution then went on a fishing expedition. According to the
Cleveland Plain Dealer (7/21/92)

    "[Police chief] Stahl said computer experts with the Ohio
Bureau of Criminal Identification and Investigation are reviewing
the hundreds of computer files seized from Lehrer's home. Stahl
said it's possible that some of the games and movies are being
accessed in violation of copyright laws."

Obviously the police believe they have carte blanche to search
unrelated personal files, simply by lumping all the floppies and
files in with the computer as a "criminal tool." That raises
Constitutional issues of whether the search and seizure was legal.
That's a precedent which, if not challenged, has far-reaching
implications for *every* computer owner.

Also, BBS access was *not* sold for money, as the Cleveland Plain
Dealer reports. The BBS wasn't a business, but rather a free
community service, running on Lehrer's own computer, although extra
time on the system could be had for a donation to help offset some
of the operating costs. 98% of data on the BBS consists of
shareware programs, utilities, E-mail, etc.

The police chief also stated:

    "I'm not saying it's obscene because I'm not getting into that
battle, but it's certainly not appropriate for kids, especially
without parental permission," Stahl said.

Note the police chief's admission that obscenity wasn't an issue at the time
the warrant was issued.

Here the case *radically* changes direction. The charges above were dropped.
However, while searching the 600 floppy disks seized along with the BBS,
police found five picture files they think *could* be depictions of borderline
underage women; although poor picture quality makes it difficult to tell.

The sysop had *removed* these unsolicited files from the BBS hard drive after
a user uploaded them. However the sysop didn't think to destroy the floppy
disk backup, which was tossed into a cardboard box with hundreds of others.
This backup was made before he erased the files off the hard drive.

The prosecution, lacking any other charges that would stick, is using these
several floppy disks to charge the sysop with two new second-degree felonies,
"Pandering Obscenity Involving A Minor", and "Pandering Sexually Oriented
Matter Involving A Minor" (i.e.  kiddie porn, prison sentence of up to 25

The prosecution produced no evidence the files were ever "pandered". There's
no solid expert testimony that the pictures depict minors. All they've got is
the opinion of a local pediatrician.  All five pictures have such poor
resolution that there's no way to tell for sure to what extent makeup or
retouching was used. A digitized image doesn't have the fine shadings or dot
density of a photograph, which means there's very little detail on which to
base an expert opinion. The digitization process also modifies and distorts
the image during compression.

The prosecutor has offered to plea-bargain these charges down to "possession"
of child porn, a 4'th degree felony sex crime punishable by one year in
prison. The sysop refuses to plead guilty to a sex crime. Mark Lehrer had
discarded the images for which the City of Munroe Falls adamantly demands a
felony conviction. This means the first "pandering" case involving a BBS is
going to trial in *one* month, Jan 4th.

The child porn statutes named in the charges contain a special exemption for
libraries, as does the original "dissemination to juveniles" statute (ORC #
2907.321 & 2). The exemption presumably includes public and privately owned
libraries available to the public, and their disk collections. This protects
library owners when an adult item is misplaced or lent to a minor. (i.e. 8
year olds can rent R-rated movies from a public library).

Yet although this sysop was running a file library larger than a small public
library, he did not receive equal protection under the law, as guaranteed by
the 14'th Amendment. Neither will any other BBS, if this becomes precedent.
The 'library defense' was allowed for large systems in Cubby versus
CompuServe, based on a previous obscenity case (Smith vs. California), in
which the Supreme Court ruled it generally unconstitutional to hold bookstore
owners liable for content, because that would place an undue burden on
bookstores to review every book they carry, thereby 'chilling' the
distribution of books and infringing the First Amendment.

If the sysop beats the bogus "pandering" charge, there's still "possession",
even though he was *totally unaware* of what was on an old backup floppy,
unsolicited in the first place, found unused in a cardboard box. "Possession"
does not require knowledge that the person depicted is underage. The law
presumes anyone in possession of such files must be a pedophile. The framers
of the law never anticipated sysops,or that a sysop would routinely be
receiving over 10,000 files from over 1,000 users.

The case could set a far ranging statewide and nationwide precedent whether or
not the sysop is innocent or guilty, since he and his family might lack the
funds to fight this--after battling to get this far.

These kinds of issues are normally resolved in the higher courts-- and *need*
to be resolved, lest this becomes commonplace anytime the police or a
prosecutor want to intimidate a BBS, snoop through users' electronic mail, or
"just appropriate someone's computer for their own use."

You, the reader, probably know a sysop like Mark Lehrer. You and your family
have probably enjoyed the benefits of BBS-ing. You may even have put one over
on a busy sysop now and then.

In this case; the sysop is a sober and responsible college student, studying
computer science and working to put himself through school. He kept his board
a lot cleaner than could be reasonably expected, so much so that the
prosecution can find very little to fault him for.

    [The original message from David contained a plea for contributions
    for an independent legal defense fund, with any overflow to EFF.  RISKS
    does not include such solicitations here, so I have excised those
    paragraphs.  However, if you are interested in further info, you may
    of course contact David, or else Mark directly.   See below.  PGN]

Help get the word out. If you're not sure about all this, ask your local
sysops what this precedent could mean, who the EFF is--and ask them to keep
you informed of further developments in this case.  Please copy this file and
send it to whoever may be interested.  This case *needs* to be watchdogged.

Please send any questions, ideas or comments directly to the sysop:

    Mark Lehrer
    CompuServe: 71756,2116   InterNet:
    Modem: (216) 688-6383    USPO: P.O. Box 275, Munroe Falls, OH  44262

holiday reading on Risks

Phil Agre <>
Mon, 30 Nov 92 21:36:53 -0800
Here are two books that subscribers to RISKS may consider reading over the
holiday vacation.  Neither one is directly concerned with computers, but both
are deeply concerned with the social management of risk, technological and
otherwise.  I think it would be well worthwhile exploring their consequences
for our emerging understanding of computer risks.

Brian Wynne, Risk Management and Hazardous Waste: Implementation and the
Dialectics of Credibility, Berlin: Springer-Verlag, 1987.  This book is the
report of a project at the IIASA in Vienna on the politics of regulation of
hazardous wastes.  This is a fascinating enough topic on its own, but what's
particularly relevant about this particular study is its attention to the
administrative dimensions of regulation and risk.  Wynne et al spell out in
a sophisticated and sustained way an argument already made by Charles Perrow
and others, that "risks" are located not exactly in technologies but in the
institutions (and by extension the larger cultures and social arrangements)
that contain them.  This view has many consequences (at least, several more
than I had thought about myself), which Wynne explains with some force.

Lorraine Daston, Classical Probability in the Enlightenment, Princeton:
Princeton University Press, 1988.  This is a detailed and scholarly history
of early modern mathematical ideas of probability.  Though not really a social
history, it focuses on the developing practices of life insurance, lotteries,
and gambling, tracing the shifting ideas about the morality and rationality
of these things.  It was not until the early 19th century, for example,
that insurance ceased to be understood as a variety of gambling.  And Daston
explores at length various explanations for the great slowness with which
insurance companies came to use probabilistic models rather than individual
interviews and judgements.

Her central argument, though, concerns the rise of the idea of large-scale
statistical regularities.  She says: "Whereas De Moivre took the order
revealed in stable statistical frequencies as incontrovertible evidence that
an intelligent agent was at work in the world, Poisson argued that such order
was only to be expected; we should suspect divine tinkering only when it was
absent.  For the mathematicians, the clock no longer implied a clockmaker.
The ascent of statistical regularities ultimately marked the decline of the
reasonable man, as probability theory shifted its sights from the psychology
of the rational individual to the sociology of the irrational masses (page
187)."  "Consequently, the targets of persuasion also differed: Quetelet
wanted governments to change their ways on the basis of his figures, not
individuals.  But both sorts of probabilistic rationality presupposed the
stable, orderly phenomena that made calculation possible, even if they singled
out different *kinds* of phenomena as quantifiable.  Classical probabilists
believed that judicial decisions, but not traffic accidents, were regular;
their successors believed just the reverse (page 385)."

Phil Agre, UCSD

Re: Books on Probability (Mellor, RISKS-14.08)

Pete Mellor <>
Tue, 1 Dec 92 11:02:29 GMT
Phil Earnhardt has pointed out that the two books I recommended in RISKS
DIGEST 14.08:

"How to take a chance" by Darrel Huff, and

"Making Decisions", D.V. Lindley, John Wiley & Sons, 2nd Ed., 1985

are not listed in _Books in Print_ in the US.

Thanks for the information, Phil.  Both books are fairly old, so may well be
out of print.

The ISBN of Lindley's book is: 0 471 90803 7, in case that helps you to find
it. I bought it through our local university bookshop about 2 years ago, so
I'm surprised that it's out of print, but it's possible.

I don't have a copy of Huff's book to hand, so I can't quote you the ISBN.

Peter Mellor, Centre for Software Reliability, City University, Northampton
Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET:

FME'93 Call For Participation and Programme

Peter Gorm Larsen <>
Wed, 2 Dec 1992 14:53:53 GMT
                         The FME'93 Symposium
                   Industrial-Strength Formal Methods
                  Call for Participation and Programme
                          19 - 23 April 1993

                      Supported by the Commission
                   of the European Communities (CEC)
                   Organized by Formal Methods Europe

1.  Symposium Programme

The first FME Symposium will be held at Odense Technical College in Denmark,
during the week of 19. to 23. April, 1993. It is being organised by Formal
Methods Europe, as the successor to the last four VDM symposia, to promote the
interests of users, researchers and developers of precise mathematical methods
in program development. This symposium will focus on The Application of
Industrial-Strength Formal Methods.

The symposium is divided into two parts for which registration, symposium fees
and proceedings are separate. The first two symposium days consists of two
parallel tracks with tutorials on formal methods.  The last three symposium
days offer presentations of refereed papers, in parallel with presentations of
project experience reports, short presentations of tools and presentations of
European projects dealing with formal methods.

The FME'93 symposium programme features 8 half-day tutorials, 32 papers, 3
invited talks, 6 project reports, 20 tool presentations and exhibitions.

The papers to be presented cover a broad range of interests: among the formal
methods represented are VDM, Z, LOTOS, RAISE, and B.  They also come from
different backgrounds, both industry and academia, and from 15 different

FME'93 will be an intense and important event, and you are advised to submit
your registration as soon as possible.

2.  Symposium Sponsors

The symposium would not have been possible without the very kind support and
financial assistance of the associations and corporations listed below:

   Scandinavian Airlines System (SAS)
   Odense Steel Shipyard Ltd.
   Deutsche System Technik
   Fyns Telefon
   Lloyd's Register
   DDC International
   Space Software Italia
   Computer Resources International (CRI)
   ICL Data A/S (SUN Division)

3.  General Information

  Odense is Denmark's third largest city in the center of Denmark's
  second largest island, the Isle of Funen. Odense celebrated its 1000th
  anniversary in 1988, and Danmark's famous fairy-tale writer, Hans Christian
  Andersen was born in Odense.
  The symposium will be held at Odense Technical College (Odense Teknikum)
  which is located 4 kilometers from the center of town.

Special Events:
  Tuesday evening there will be a reception at the City Hall where the Mayor
  will give a short speech. Wednesday evening there will be a reception at
  IFAD. On Thursday evening the symposium banquet is to be held in the
  Knights' Hall of Nyborg Castle.

  We offer you three packages for this symposium:

     Tutorial package: 2000 DKK (late registration 2500 DKK)
        incl. tutorial material and reception at Odense City Hall.
     Conference package: 2800 DKK (late registration 3300 DKK)
        incl. conference proceedings, reception at Odense City Hall, reception
        at IFAD and the symposium banquet.
     Symposium package: 4300 DKK (late registration 4800 DKK)
        incl. both tutorial material and conference proceedings, reception at
        Odense City Hall, reception at IFAD and the symposium banquet.

  All packages in addition contain coffee and cookies at breaks and lunch at
  Odense Technical College, local transport to/from hotels and a free
  telephone card worth 50 DKK.

  If it becomes necessary to cancel a reservation, this must be done in
  writing to KongresBureau Fyn before April 1th 1993 to obtain a refund (less
  100 DKK). Cancellation after April 1st will incur a 500 DKK administration

  For further information please contact:

    KongresBureau Fyn
    DK-5000 Odense C
    tel: +45 66 12 75 30, fax: +45 66 12 75 86

4.  Tutorial Programme (April 19 and 20, 1993)

The two first days of the symposium are dedicated to 8 half-day tutorials on
formal development. The programme is organised into two parallel tracks.  The
first track contains 2 tutorials about program development and 2 tutorials
about proving such developments to be correct, and track 2 contains 4 tutorials
about different ways to model parallelism.

   Track 1    Functional Programming           - Phil Wadler
              Data Refinement                  - Tim Clement
              Proof in Z with Tool Support     - Roger Jones
              Prototype Verification System    - John Rushby

   Track 2    Coloured Petri Nets              - Kurt Jensen
              CCS with Tool Support            - Kim G. Larsen
              LOTOS with Tool Support          - Jeroen Schot
              Provably Correct Systems         - Anders P. Ravn

5.  Tools Presentation (Wednesday, April 21, 1993)

During the symposium, exhibitions of tools for the support of formal methods
will be organised. On April 21, in parallel with the conference, a short
introduction to each of the following exhibited tools will be given. ICL Data
are sponsoring the tools exhibition by providing most of the SUN hardware.

  DST-fuzz                           - DST
  CADiZ                              - York Software Engineering Ltd
  ProofPower                         - ICL
  The Centaur-VDM environment        - CEDRIC-IIE
  SpecBox                            - Adelard
  Mural                              - Manchester University
  The IFAD VDM-SL Toolbox            - IFAD
  The IPTES Tool                     - IFAD
  LOTOS Tools                        - ITA
  Centaur                            - INRIA
  Pet Dingo                          - NIST
  ExSpect                            - Eindhoven University
  Design/CPN                         - Elektronikcentralen
  DisCo-tool                         - Tampere University
  The Boyer-Moore Theorem Prover     - CLI
  B-Toolkit                          - B-Technologies SALR
  The RAISE Tools                    - CRI
  PVS                                - SRI
  TAV                                - Aalborg University
  FDR                                - Formal Systems Ltd

6.  Invited Speakers (April 21, 22 and 23, 1993)

Each morning during the conference an invited talk will be given by one of the
3 specially invited speakers. These are:

  Cliff B. Jones, Manchester University (UK),
     Reasoning about Interference in an Object-Based Design Method

  Willem-Paul de Roever, Kiel University (D),
     Correctness of a Fault Tolerant Algorithm: an application of
     Starke's dense time temporal logic for refinement

  Peter Lupton, IBM Hursley (UK),
     The CICS Experience with Z: Successes and Problems

7.  Project Reports (Thursday, April 22, 1993)

In parallel with the April 22 conference sessions, the following project
reports will be presented. Project reports will focus on experiences and
problems encountered in the use of formal methods in real projects.

  Specification and Validation of a Security Policy Model (T. Boswell)
  Role of VDM(++) in the Development of a Real-Time Tracking and Tracing
    System (E. Durr
  Experiences from Applications of RAISE (B. Dandanell
  The Integration of LOTOS with an Object-Oriented Development
    Method (M. Hedlund)
  Towards an Implementation-Oriented Specification of TP Protocol in
    LOTOS (I. Widya
  LOTOS Introduction in a conventional Software Development Life Cycle:
    An Industrial Experience (G. Leon

8.  ESPRIT Project Presentation (Friday, April 23, 1993)

In parallel with the April 23 conference sessions, the following European
projects on formal specification and design will be presented.


9.  Conference Programme (April 21, 22 and 23, 1993)

 * Wednesday, April 21: Cliff B. Jones (invited talk)

     Applications of Modal Logic for the Specification of Real-Time
       Systems (L. Chen
     Generalizing Abadi & Lamport's Method to Solve a Problem posed
       by A. Pnueli (K. Engelhardt
     Adding Specification Constructors to the Refinement Calculus (N. Ward)
     Real-Time Refinement (C. Fidge)
     A Concurrency Case Study using RAISE (C. George
     A Metalanguage for the Formal Requirement Specification of Dynamic
       Systems (E. Astesiano
     A VDM  study of Fault-Tolerant Stable storage towards a Computer
       Engineering Mathematics (A. Butterfield)
     Automating the Generation and Sequencing of Test Cases from
       Model-Based Specifications (J. Dick
     Maintaining Consistency under Changes to Formal Specifications
       (K. Ross
     The Parallel Abstract Machine: A Common Execution Model for
       FDTs (G. Doumenc
     Putting Advanced Reachability Analysis Techniques Together:
       the `ARA' Tool (A. Valmari
     Process Instances in LOTOS Simulation (S. Pickin

 * Thursday, April 22: W-P. de Roever (invited talk)

     A Proof Environment for Concurrent Programs (N. Brown
     Encoding W: A Logic for Z in 2OBJ (A. Martin)
     On the Derivation of Executable Database Programs from Formal
       Specifications (T. Gunther
     Application of Composition Development Method for Definition of
       SYNTHESIS Information Resource Query Language
       Semantics (L. Kalinchenko
     Different FDTs Confronted with Different ODP-viewpoints of
       the Trader (J. Fischer
     Invariants, Frames and Postconditions: a Comparison of the VDM
       and B Notations (J. Bicarregui
     Formal Verification for Fault-Tolerant Architectures: Some
       Lessons Learned (S. Owre
     Verification Tools in the Development of Provably Correct
       Compilers (M. Krishna Rao
     Formal Methods Reality Check: Industrial Usage (D. Craigen
     The Industrial Take-up of Formal Methods in Safety-Critical
       and Other Areas: A Perspective (J. Bowen
     Selling Formal Methods to Industry (D. Weber-Wulff)

 * Friday, April 23: Peter Lupton (invited talk)

     Integrating SA/RT with LOTOS (A. van der Vloedt
     The SAZ Project: Integrating SSADM and Z (F. Pollack
     Symbolic Model Checking for Distributed Real-Time Systems (F. Wang
     Model Checking in Practice: the T9000 Virtual Channel
       Processor (G. Barrett)
     The Frame Problem in Object-Oriented Specifications: An Exhibition
       of Problems and Approaches (A. Borgida)
     Algorithm Refinement with Read and Write Frames (J. Bicarregui)
     Specifying a Safety-Critical Control System in Z (J. Jacky)
     An Overview of the SPRINT Method (H. Jonkers)
     Conformity Clause for VDM-SL (G. Parkin

10.  Registration form

Complete and send this registration form before March 1, 1993 to:

  KongresBureau Fyn,
  DK-5000 Odense C,


  Prof [ ]    Dr [ ]    Mr [ ]    Mrs [ ]    Miss [ ]

  Name:       _______________________________________________________
  First name: _______________________________________________________
  Company:    _______________________________________________________
  Address:    _______________________________________________________
  Country:    _______________________________________________________
  Telephone:  _____________________  Telefax: _______________________

                  Presenter of                            regular
  tool [ ]   paper [ ]   tutorial [ ]   ESPRIT [ ]      delegate [ ]

  Registration Fee                 Before March 1     After March 1
  Tutorial package                 DKK 2000           DKK 2500
  Conference package               DKK 2800           DKK 3300
  Symposium package                DKK 4300           DKK 4800
  Chosen package                   DKK                DKK

  [ ]   I enclose a banker's cheque in DKK, drawn on a Danish bank, made
        payable to FME'93, KongresBureau Fyn.

  [ ]   Please charge my credit card:
        [ ] MasterCard  [ ] Eurocard   [ ] Visa  [ ] JCB  [ ] Access
        card no. ___________________________________________________
        exp. date __________________________________________________

        card holders signature _____________________________________

  Att. Registration only possible when accompanied by payment of fee.


  I would like to reserve:

    Cat.     single room          double room
     A     [ ]  DKK 720         [ ] DKK 890
     B     [ ]  DKK 590-645     [ ] DKK 705-795
     C     [ ]  DKK 300-395     [ ] DKK 430-525

  I want to share a double room with: ________________________________

  Date of arrival: _________________  Departure: _____________________

  Att. Hotel bills are to be handled directly with the hotel.  The prices
       include breakfast, taxes and service. Reservations will be made in
       the order received.

  Date: __________________   Signature: ______________________________

Please report problems with the web pages to the maintainer