The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 49

Friday 9 April 1993


o Re: Columbia and Discovery shuttle problems
Dan Sorenson
o "Massive Tax Fraud found in Toronto" and EFILE security
Peter Yamamoto
o Video Surveillance Tapes and TV Programs
Sanford Sherizen
o Re: Using your company's E-mail for private ...
Pat Place
o Re: Sound of the Fury: Sub-liminal highway monitoring...
Rob Horn
o Lessons from the London Ambulance Service
Bill Murray
o Re: Another Mystery for the San Francisco Muni Metro
Joe Brennan
o Review of "Syslaw" by Rose/Wallace
Rob Slade
o Availability of Berne Convention
Selden E. Ball
Mike Godwin
Jerry Leichter
o Info on RISKS (comp.risks)

Re: Columbia and Discovery shuttle problems (RISKS-14.47)

Dan Sorenson <>
Thu, 8 Apr 1993 03:02:16 GMT
    Today, WHO radio in Des Moines, Iowa ran a story on STS-56 in their
newscast.  The "fix" is to bypass the sensor, fooling the computer into
thinking the valve is properly closed.  What's the risk?  I somehow doubt
totally bypassing a sensor can be any safer than fixing the problem, and the
cost of delays might be contrasted with the cost of Challenger.

    Beware that of quick kludge, particularly when there are lives
literally riding on its working correctly.

Dan Sorenson, DoD #1066

"Massive Tax Fraud found in Toronto" and EFILE security

Peter Yamamoto <>
Thu, 8 Apr 1993 14:21:43 -0400
I just found a bounced risk in an old mailbox. When it bounced expired locally
on some machine, I decided not to pursue it; but in light of the recent
"Massive Tax Fraud" claims by the Canadian government, I resubmit it with an


In an earlier unposted risk I mentioned:

> I recently went to one of these services and was appalled at the (relative)
> incompetence of the prepaper and the fact that he sends the data to
> Vancouver over an insecure line (I only found out after it was not
> done in the promised time frame and he explained the delays).

Although the risk I cited was security, the incompetence of the preparer
made him over-calculate my refund by $1600.  I wonder if the recent
"Massive Tax Fraud" (headline of the Kitchener-Waterloo Record,
Thursday, April 8) reported by the government is partly due to such
incompetent preparers.

On the CTV news last night (Wed. April 7, 11pm), they reported that a
financial analyst said that the "Massive Tax Fraud" (in the headlines
of the Kitchener-Waterloo Record, Thursday, April 8) was more likely a
scare tactic by the Canadian Government since the numbers quoted by the
government don't add up and the filing deadline April 31 is approaching.

They said most of the blame is on "fraudulent tax preparers" who are
trying to taking advantage of the electronic filing system since the
return is not accompanied by receipts.

I suppose the specific "risk" is the one the government
took by allowing anybody to become an EFILE tax preparer.


Previous risk submission (bounced):

Subject: Canadian EFILE tax return confidentiality measures (NOT!)
To: comp.risks
Date: Mon, 1 Mar 93 10:57:28 EST

Canada now has a nationwide program to facilitate the electronic
submission of tax forms, called the EFILE Electronic Filing program.

>From the Applicant's kit:

  What is EFILE — understanding the service

  The service or combination of services that you choose to provide to
  your clients determines what type of electronic filer you are.  There
  are two basic services, and therefore two types of electronic
  filers: preparers and transmitters.  ...

  Communications system  ...

  Contact, using a modem, with our EFILE receiving system will have to
  come through a "packet switch" network.  You can buy access to this
  network directly,  from either Telecom Canada (DataPac) or Unitel
  (FasPac).  In order to protect the confidentiality of income tax
  information,  minimum security requirements for data sent over one
  of these packet switch networks are that the data must be
  transmitted over secure lines (ie a dedicated line together with
  membership in RCT's closed user group).

  In the near future, an alternative will be available whereby
  encrypted data is transferred without the need for a dedicated line
  by "dialing-in" to the network.     ...

The risk is that the government's "minimum security" policy only covers
transmission to the government computer.  Before that, there is the freedom
for the preparer to transmit the form anywhere by any means.

This in fact happens since a dedicated line represents a significant cost
(approx. $300 installation, $250/month) which means that there are
"transmitter centers" to which preparers send their data via modem or
diskette.  Since tax preparers in Ontario are connecting via modem to centers
as far away as Vancouver illustrates that such centers facilitate the task of
mass interception if one is really intent on doing so.  In any case, it should
be clear that the current policy does not adequately protect the
confidentiality of the information.

I recently went to one of these services and was appalled at the (relative)
incompetence of the prepaper and the fact that he sends the data to Vancouver
over an insecure line (I only found out after it was not done in the promised
time frame and he explained the delays).

The head office is:

Revenue Canada Taxation, EFILE Project Office, 400 Cumberland Street
Ottawa, Ontario, K1A 0L8
613-957-8113 [Canadians may call collect for serious inquiries]

Video Surveillance Tapes and TV Programs

Sanford Sherizen <>
Thu, 8 Apr 93 17:53 GMT
I was recently contacted by someone from Dick Clark Productions, asking me to
help them develop an NBC TV special called CAUGHT IN THE ACT. This will be a
one-hour special in May featuring real-life videotapes of criminals from
surveillance (security) cameras, covert camera installations, and in-car

The producers contacted me to see if I had any tapes or could help them to
locate some.  They said that they are looking for solid, dramatic footage--and
are especially interested in "dramatic incidents, unsolved crimes, and
bungling crooks".

Here is the RISK issue.  "We are looking for interesting footage, especially
that which will help educate the public about the necessity for video
surveillance, and to illustrate how effective cameras can be in preventing and
solving crimes."

Recently, there has been a flood of cheap-to-produce programs, where viewers
contribute their (sometimes staged only for tv) videos.  Many of these
programs contain shocking sequences, guaranteed to attract a wide consumer
audience.  Some social scientists and other killjoys have suggested that these
programs add to a sense of doom and danger that is found today, especially
among those who gain their newscoverage or sense of the world mainly from tv.
While at least one of these programs has led to the capture of wanted
criminals, the heightened view of continual violence and the ineffectiveness
of law enforcement adds to social tension without resolution, except for more
use of surveillance.

Thank you, Dick Clark, but I would rather not have you educate the public
about the necessity for video surveillance.  That necessity is filled with
danger for us all.  And it is not even so certain how effective cameras have
really been in preventing and solving crimes, with certain well known

I'll not be watching the program when it airs.  In the meanwhile, I hope
readers of RISKS and others interested in contributing to more quality tv and
curbing this attempt to glorify surveillance will contact Dick Clark
Productions and NBC to let them know that we are being entertained to death.

Sanford Sherizen, Data Security Systems, Natick, Mass.

Re: Using your company's E-mail for private ... (Zak, RISKS-14.47)

Pat Place <>
Wed Apr 07 13:45:14 1993
<> states that companies have the right to
control the use of their computers and can therefore limit private use for,
say, E-mail. The solution is to consider E-mail access as a fringe benefit.
But aren't benefits taxable, so how much should I declare to the IRS for the
437 bytes of this message? I have only counted the text and none of the header
information. Pat Place

Re: Sound of the Fury: Sub-liminal highway monitoring...

rob horn <>
07 Apr 1993 15:20:54 -0400 (EDT)
I have worked with traffic flow equations.  The ones I dealt with were
subject to shock waves and had some very stiff regions.  In fact they
are very similar to adiabatic supersonic fluid flow.  I suppose one
could argue that this is chaotic in the sense that I read into this
comment.  But they did not have strange attractors.

Rob Horn

Lessons from the London Ambulance Service

Thu, 8 Apr 93 19:53 EDT
The following line from the report on the London Ambulance Service
reminded me of some early experience.

>The resilience of the hardware under a full load had not been tested.

In the late sixties I worked on IBM's "Advanced Administrative System."  This
was a very large system for its day.  It was expected to have 5000 users and,
at its peak, 300 developers.  The system was very successful and we learned a
great deal.

The success of the system was due in large part to the experience of its
management.  Some of the management team had worked on the American Airlines
Sabre System.  Their experience was reflected in part by a collection of
system lore, stories that were told and retold.

One of the stories was about the behavior of systems under load.  It recounted
the conversion of the New York Reservation Center of AA to Sabre.  The
conversion had gone very well.  The NY center was the last of many to be
converted and no problems were expected.

However, the NY center was also the biggest and represented the largest load.
After it was converted, response time, which had been relatively short, flat,
and stable, suddenly went up dramatically until the system essentially
stopped.  There was no plan to back off the load, i.e., de-convert from Sabre
back to the manual system.  It took three weeks to get the system back on

While response time had not appeared to be sensitive to load, at some critical
point the system began to spend so much time managing its queues that it did
not have time to take anything off of them.  The queues grew until the system
fell over.

The story may well be apocryphal but the lesson was valid and important and
our management was very sensitive to it.

William Hugh Murray, Information System Security, 49 Locust Avenue, Suite 104
New Canaan, CT  06840 1-0-ATT-0-700-WMURRAY   WHMurray at DOCKMASTER.NCSC.MIL

Re: Another Mystery for the San Francisco Muni Metro

Joe Brennan <>
Thu, 8 Apr 93 12:24:47 EDT
>  * An `automatic' speed-control system has three speeds, 10, 27, and 50 mph.
>   [Apparently ZERO is not considered a speed.]

These three speeds are recognizable to railfans as the typical of a
DC-motor system.  The speeds are approximate.  The speed is determined
simply by the current running through the motors, which is controlled
by passing the current through resistors and by feeding the current
through pairs of motors in series or parallel.  50 would be full
parallel, 27 (about half speed) full series.  Those are the only two
running speeds, and intermediate speeds are accomplished mainly by
coasting, as powered running at intermediate speeds would heat up the
resistors, which are meant to be used just to reach a running speed.

The 10 mph speed calls for further explanation.  Apparently the system
uses "permissive" signalling, meaning the driver does not have to stop
at red.  Bear in mind that the Muni cars run in streets "by sight"
where the drivers have to be trusted to run at a speed appropriate to
conditions and not other hit Muni cars or automobiles on the tracks.
Because of the limited sight distance in the subway, they're not given
free rein as they are in the street, but are held to 10 mph or less.
Running at 10 would of course require using the resistors, so what is
really done is to apply power briefly and then coast.  This should
work if the drivers can be trusted.  If the drivers cannot be trusted,
they shouldn't be allowed in the street either.

> The controls were thought to be `foolproof', because the car
> automatically slows or stops if the operator exceeds the maximum
> indicated speed.  There are also impedance bonds in the tracks that
> are supposed to determine whether the track ahead is clear.

The signal system must include timers to detect speed, and some kind
of feedback device that controls the car.  The simplest, old-fashioned
device is a trip, a little arm that rises from track level and hits
a "trip cock" hanging from the train, and applies the emergency brake.
Since this says "slows or stops" I take it something a little more
electronic must be used.

Likewise the signal system detects presence of a car in a section of
track, that is, what's known as block signals.  I believe this is also
is a permissive system, where cars are allowed to approach right up to
each other as long as they run dead slow, the 10 mph limit.  ("Heavy"
subways and mainline railroads would typically have absolute block,
where a second train is not allowed at all in the same block.)

>  ``... was the result  of the operator deliberately disabling the
> safety system so that he could speed up his train, sources close to the
> investigation said''.

This is extremely bad, not only that the operator did it, but that he
-could- do it.  I doubt he has the same car every day, so he had to be
able to prepare this fairly quickly.  I wonder whether disabling it
is meant to be done en route under some conditions? --probably not.
If even one signal failed, for example, it would be safer to make
everyone pass it at 10 than at any higher speed.

Joe Brennan             Columbia University in the City of New York    ("affiliation shown for identification only")

Review of "Syslaw" by Rose/Wallace

"Rob Slade, DECrypt Editor, 604-984-4067" <>
7 Apr 93 17:35 -0600

PC Information Group, Inc.,. 1126 East Broadway, Winona, MN   55987
Syslaw, 2nd ed., Lance Rose and Jonathan Wallace, 1992

The introduction to "Syslaw" states that although the title implies the
existence of a new kind of law relating to electronic bulletin board systems,
in reality it is simply and extension of existing laws, mores and practices.
In the same way, although the book states itself to be aimed at the BBS
community, and particularly sysops, there is much here of interest and moment
to anyone involved with sharing information through computer systems.

The book also starts with a "disclaimer": the authors suggest that any
significant concerns with legal affairs be taken to a lawyer.  Parts of the
book may give concern to experts in the specific fields: I was disappointed by
the coverage of viral programs (and rather intrigued by a somewhat
idiosyncratic definition of "worm").  That aside, the book is an excellent
overview of the legal situation and considerations with regard to computer
communications systems.

Chapter one is entitled "Your rights as a sysop", although "First Amendment"
(the first amendment to the American constitution deals with "free speech")
arguments seem to comprise the bulk of it.  Chapter two discusses contracts,
and the advisability to have a formal contract so that there is an express
understanding between caller and sysop.  Chapter three deals with copyright
and other "intellectual property" issues.  Chapter four deals with "injurious
materials": it is somewhat surprising that it is not more closely related with
chapters eight ("Viruses and other dangerous code") and nine ("Sexually
explicit material).  chapters five, six and seven deal with privacy, crime
directly related to BBS operation and search and seizure, respectively.  All
of them rely quite heavily on examination of the existing American statutes.

A number of appendices are included.  B through H are copies of various
related American legislation: I is a list of various state computer crime laws
(although the table of contents makes reference to "Sexual Exploitation of
Children").  Appendix J is an annotated bibliography of sources for further
study.  Interestingly, for a book supposedly targeted at BBS sysops, none of
the materials are cited in "online" form.

Appendix A, however, is probably of greatest interest: it is a sample "caller
contract"; an agreement between the "users" and "owners" of computer systems.
Written in a "folksy" style, and intended as a understanding between sysops and
their "members", it is still a valuable template for any organization with
online information systems and general "communications" functions such as email
(and, these days, voice mail).

A recommendation that I would make to the authors for the third edition is to
make the book less "American".  On the face of it, this might seem like a
strange request.  Laws vary from country to country, and it is impossible to
write a book covering all possible laws.  However, there are many legal
precepts which are common to almost all legal systems.  Chapter two of
"Syslaw", for example, deals with contracts.  It does so in a very general
way, applicable to almost all situations.  Chapter one, on the other hand,
deals with the "First Amendment" to the American Constitution, and is
therefore of little use to anyone in any other country.  Chapter three falls
into the range between: it deals with copyright and other related concepts,
but from an American perspective and with specific and extensive reference to
American laws.  Most of the book falls somewhere into the middle ranges.

Most systems managers and computer operators tend to see "systems law"
primarily in relation to "pirate software".  Syslaw is a valuable guide in
opening discussions of many related topics which are all too often either
neglected, or pass over as being of little importance.

copyright Robert M. Slade, 1993   BKSYSLAW.RVW   930402

Availability of Berne Convention (was Re: Personal letters)

"Selden E. Ball, Jr." <SEB@LNS62.TN.CORNELL.EDU>
Wed, 7 Apr 1993 13:54 EST
I don't know why they don't have a copy of the U.S. treaty agreeing
to abide by the Berne Convention. The Convention itself is a bit
more than 4 years old, though :-). Perhaps you've been looking in
the wrong place?

At any rate, as a member of the information elite, the text of the Berne
Convention is readily available to you.

The following was clipped from a file available from the gopher server
run by Cornell's Law School ( It is one of the
historical documents provided to them by the Fletcher School of Law
and Diplomacy, Tufts University.

I assume that the first line refers to a UN publication series. You might
want to check to see if the Copyright Office carries that. Presumably
the Library of Congress does.

For further information, contact:

  Peter H. Stott,   Fletcher School of Law and Diplomacy/
  Urban and Environmental Policy,   Tufts University
  97 Talbot Avenue     Medford MA 02155

I hope this helps.

Selden Ball

   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

U.N.T.S. No. 11850, vol. 828, pp. 221-293

                          BERNE CONVENTION
                        OF SEPTEMBER 9, 1886,

                REVISED AT BRUSSELS ON JUNE 26, 1948,
             AND REVISED AT STOCKHOLM ON JULY 14, 1967; and


[remainder of document omitted ;-) ]

Re: Berne Convention (Robinson, RISKS-14.47)

Mike Godwin <>
Wed, 7 Apr 1993 19:41:35 GMT
Paul Robinson writes:

>On < Mon, 29 Mar 1993 13:24:37 (PST) > In Comp Privacy 2-11,
>Steven Hodas <>
<> If I send a personal letter to someone do they have the right to
<> disclose it to others without my consent?
>No.  The Copyright act of 1978 and later amendments gave statutory
>protection at the federal level for the first time to unpublished works.

To a lawyer like me, this doesn't sound right. True, copyright protection
extends to unpublished works, and, since the U.S. became signatory to the
Berne Convention, to unregistered unpublished works.

But this has not yet been interpreted to mean that the recipient of a
letter cannot *disclose* it without the author's permission--only that the
recipient cannot *publish* it. Now, in this medium the distinction between
between disclosure and publication is a lot muddier than it is elsewhere,
but it seems likely to me that the mere disclosure of e-mail by a
recipient is not going to lead to copyright-infringement case unless the
recipient takes money for disclosing it. The normal measure of damages in
a copyright action is based on the amount of lost profits to the author
and/or the amount of profits earned by the publisher. Statutory damages
require that the author register the letter with the Copyright Office.

If someone sent me flaming e-mail, and I felt like reposting it to the
Net, I certainly wouldn't hesitate for fear of an infringement lawsuit.

(I'd hesitate because I think it's bad manners, but that's about it.)

<> If it is permitted doesn't that suggest that we have greater privacy
<> protection for electronic communication because the ECPA would prohibit
<> that kind of disclosure?
>I think you are confusing things.  The ECPA gives to Electronic mail the
>same protections which are available for telephone conversations - the
>protection against interception by third parties or the use of intercepted
>E-Mail by law enforcement personnel without a warrant, i.e. what the laws
>against wiretapping and recording of telephone calls, the ECPA provides to
>the same extent to E-Mail.

ECPA explicitly does not prohibit recipients from disclosing the contents
of their communications.

Sadly, ECPA also does not provide any protection against "the use of
intercepted E-Mail by law enforcement personnel without a warrant."
An attempt to exclude illegally seized e-mail would have to be based
solely on the Fourth Amendment (a slim reed, IMHO).

>... there are no formalities or requirements of notification in order for
>a work to obtain copyright protection.

Not quite true. As I understand the current Copyright Act, statutory damages,
for example, still require registration of copyright.

Mike Godwin, EFF, Cambridge  (617) 576-4510

Berne convention (Robinson, RISKS-14.47)

Jerry Leichter <>
Wed, 7 Apr 93 16:26:08 EDT
[Paul's message] is a mix of truth and irrelevancies.  I checked with a friend
who is an intellectual properly lawyer, and he looked in one of the standard
books on copyright protection (Zimmer).  However, the following is MY GLOSS on
rather complex (and not completely settled) area of law.

It is true that under the Berne convention copyright notices are optional.
This is not a big a change as you might think: Under common-law copyright,
they were always optional *until publication*.  If someone stole an
unpublished work - say, a program sitting in someone's account - and posted it
on a bulletin board, copyright protection would still apply, and the original
author could come after, not just the person who stole the work, but any party
who made a copy from the bulletin board.

There would be a difference in what the copyright owner could come after the
various parties *for*, however.  He could go for major damages against the
thief, but someone who copied the program off the bulletin board could claim
that they were an innocent infringer who had no way of knowing the material
was protected by copyright.  If successful in that claim, about all that could
happen would be that the innocent infringer would be required to return or
destroy all copies of the material.

Berne changed nothing in this scenario, EXCEPT that the same rights now apply
even if the ORIGINAL AUTHOR published the material without a copyright notice.
The "innocent infringer" defense is still available.  Under Berne, the main
effect of INCLUDING a copyright notice - and the authorities on the subject
strong recommend that you do - is that it absolutely blocks any attempt at an
"innocent infringer" defense.  (Of course, if a thief removed the copyright
notice and passed the material on to someone who had no reason to suspect that
the copyright was claimed on the material, that's another story - just as
someone who buys a car from a used car dealer cannot be charged with theft (or
even, generally, made to return the car) if it turns out to have been stolen.
Buy the same car from some guy in the street who claims to have "lost" the
paperwork and you will be treated very differently.)

Mr. Robinson's mention of "licensing" is irrelevant.  There is no such thing
as licensing in copyright law, which has to do with copying.  It is pretty
well established that RUNNING a program does not constitute copying it, any
more than reading a book constitutes copying it into your brain cells.  (There
were attempts early on to claim that running a program was like performing a
piece of music, but that theory didn't make much sense and went nowhere.  If
it had, you would have had to receive a "right to copy" of some bizarre
limited sort every time you bought a program.  The closest analogy now made is
that running a program is like playing a recording - permission of the
copyright owner is needed to MAKE the recording, but anyone can PLAY the
recording as many times as they like, at least for themselves.)

As for the damages, if you are an innocent infringer, you are not liable for
any.  Of course, you'd better be damn sure of your "innocent infringer"
status.  If you got the program off a pirate bulletin board that specializes
in stolen software, you could be in trouble, copyright notice or no.

Stepping back a bit to look at the ethical issues, I find Mr. Robinson's whole
approach most disturbing.  I was brought up under the injunction that one
should not use someone else's property without permission.  If I don't have
good reason to believe something is in the public domain, I won't use it
without permission.  It doesn't matter if the author has gone to the trouble
of attaching a legal copyright notice:  *The stuff isn't mine.*

The law generally takes as its basis this same moral stand.  I don't need to
put a sign a my car to tell others that I claim it as mine.  Even if I leave
it running, with the keys in it, you have no right to use it.  If you want to
use it, ask me.

For whatever historical reasons in the United States, copyright law has
required notice.  Trespassing requires notice, too, but that's because in
unmarked countryside it's difficult for anyone to know where the boundaries
are:  If you want to keep people off your land, you have to make it clear
where your land starts.  You don't need to put a "No trespassing" sign on
your front door to tell people to stay out of your house.  The Berne
convention simply recognizes that it's simple to tell when you are using
someone else's words, music - or computer program.  There's no ambiguity
about it.  So why should advance notice be required?

If you want to use the fruit of someone else's work, simple morality says you
should get permission - whether blanket permission in the form of a release to
the public domain on the work itself, or specific, personal permission.  If
that inconveniences you, well, just what makes YOUR time and effort so damned
important when SOMEONE ELSE did the work?
                            — Jerry

Please report problems with the web pages to the maintainer