The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 56

Thursday 29 April 1993


o 747 autopilot faults?
Stephen L Nicoud
o Human vs. computer in space [Apollo 8]
Pete Mellor
o Spanish Computer Crime Research Association
Miguel Gallardo
o Crypto-Schemes and Mobile Digital Services
Roger Clarke via Lance J. Hoffman
o How to rob a bank the cashcard way
Lord Wodehouse
o Re: Too much electricity
Mark Shanks
Jim Griffith
Jim Huggins
Dave Bakken
Randall Gray
Edwin Culver
Kevin Paul Herbert
o Can Wiretaps Remain Cost-Effective?
Robin Hanson
o EICAR'93 Call for Papers
Klaus Brunnstein
o Info on RISKS (comp.risks)

747 autopilot faults?

Stephen L Nicoud <>
Tue, 27 Apr 93 11:32:47 PDT
An item from a Boeing News Digest:

 Washington, D.C. Office Morning Report - Volume 19 Number 81  April 26, 1993

1.  WALL STREET JOURNAL - After an incident in which an Evergreen
International Airlines 747 went into a slow roll, lost lift and went into a
dive, dropping from 31,000 feet to 19,000 feet, the Federal Aviation
Administration began an investigation.  It found 30 similar incidents the FAA
believes were caused by a broad variety of autopilot faults.  The incidents,
both fast and slow rolls, showed up on 747s at several airlines over a 22-year
period.  Many occurred in daylight with a horizon visible, enabling pilots to
regain control more quickly — and postponing the day when the seriousness of
the problem would be widely recognized.  Among carriers whose 747 autopilots
went into rolls are British Airways, TWA, Air Canada and Lufthansa.  Boeing,
the airlines and aviation regulators are in a quandary.  After more than a
year of intense investigation following Evergreen's near-disaster, engineers
can't agree on whether the fault lies in the autopilot or elsewhere, or on
what the remedy should be.  Boeing says pilots should pay close attention to
their job so they can quickly right the plane should the autopilot throw it
into a roll.  Autopilots "are designed to assist and supplement the pilot's
capabilities and not replace them," a company statement says.  "This means our
airplanes are designed so pilots are the final control authority and it means
that a well trained crew is the first line of safety."

Stephen L Nicoud  <stephen@Boeing.Com>                bcstec!bcsaic!stephen
Boeing Computer Services Research and Technology, Bellevue, Washington  USA

   [Also noted by (Dan Hartung).]

Human vs. computer in space

Pete Mellor <>
Tue, 27 Apr 93 19:14:13 BST
From The Guardian, Friday April 16th 1993, tabloid supplement, p3,
article: ``Down to Earth with a bump'', by Tim Radford:-

        ------------------Begin extract----------------------

[Astronaut Mike] Collins once compared Apollo's flight to a half a million
mile daisy chain, draped round the Moon. A Nasa safety engineer on an
earlier voyage put it more graphically. ``Apollo 8 has 5,600,000 moving
parts. Even if all functioned with 99.9 per cent reliability, we could
expect 5,600 defects.'' On Apollo 11 something did go wrong, but no one
now remembers it. When Armstrong and Aldrin climbed back into the module
and began the checklist in preparation for blast-off, they discovered that
a plastic pin which acted as a circuit breaker for the launch engine had
snapped off. They decided it was because a backpack must have bumped it as
they left the tiny lunar module. For a few appalling moments it must have
seemed as though the nightmare had begun: marooned on the Moon, with only a
day's oxygen and no way home. Aldrin poked around, and found a felt-tipped
pen, and shoved it in the slot. It worked. A charge of electricity could
then start the launch engine. Man had a proper place in the scheme after all.
``Where else,'' said one test pilot in the programme, ``would you get a
non-linear computer weighing only 160lbs, having a billion binary decision
elements, that can be mass-produced by unskilled labour?''

The classic argument of the what's-the-point lobby, which includes space
administrators and big business as well as governments and scientists, and
for which Lewis Mumford spoke so eloquently, is that humans in space can't
do without computers, but computers can do without humans. This is almost
but not quite true, and Aldrin's felt-tipped pen has written one tiny answer
to that, and the same point will be made again and again: the history of
unmanned space is a history of of technical flaws as well as technical
triumphs. Man may not be going to Mars just yet, but he'll get there.
He'll be wanted on the voyage.

But that isn't quite the point either. A manned Mars mission would be an
awfully big adventure, and not just for the men who set out on it.
Does anyone now think the pyramids were really a waste of money?

        ------------------End extract----------------------

Peter Mellor, Centre for Software Reliability, City University, Northampton
Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET:

Spanish Computer Crime Research Association (APEDANICA)

"(Miguel Gallardo)" <>
Tue, 27 Apr 1993 0:14:03 UTC+0200
During 1991 and 1992, many things happened in Spain related with computer
risks.  Some of them went to the Court, and many others remain in an unhealthy
silence.  Data stolen from banks, cryptology used by terrorist organizations,
hacking, piracy, personal dossiers and blackmailing have been studied by the
police, lawyers, journalists and professional technicians.

Moreover, a deep crisis in Spanish economy does not help to recover any
investment in data processing.  There are too many unpaid bills and half
performed projects in computing.  At the same time, politicians at the
Parliament approved a new Law on Data Protection, and a Data Protection
Agency, a Computer Police that is not clear enough who can control and how can
it work.

Computer victimization is very high in Spain due to knowledge lack and
technical dependency from equipment and service sellers.  In an increasingly
complex and critical environments, there is almost no local technology
industry, and multinationals are very disconcerted because lack of expertise,
expensive commercial nets, counter-productive promotional efforts, and
political corruption on almost every local big business.

Since December 1992, there is an Association, APEDANICA, that can help to
discover sensible troubles related with computers and communications, and its
markets.  Members of this non-profitable organization acts like expert
witness, cryptologist, lawyers, and even as Sherlock Holmes in computer

Advanced Communications and Computer Crime Association, is very interested in
developing relationships with any other organization with similar goals, all
over the World.

Miguel A. Gallardo Ortiz, P.O. Box 17083 - E-28080 Madrid (Spain)
Tel: (341) 474 38 09 - FAX: 473 81 97 E-mail:
President of APEDANICA-Spanish Legal Computer Crime Research Association

Crypto-Schemes and Mobile Digital Services (fwd)

"Lance J. Hoffman" <>
Wed, 28 Apr 93 6:30:36 EDT
Forwarded message:
Date: Wed, 28 Apr 93 13:03:57 EST
Subject: Crypto-Schemes and Mobile Digital Services

At CFP'93, there was considerable debate about whether cryptographic
schemes should be designed to be 'crackable' by national security and law
enforcement agencies.  The Australian situation is that the licences issued
for mobile digital telephone services all require the cryptography to be
crackable.  Now read on ...

New digital phones on line despite objections
The Sydney Morning Herald, Wednesday 28 April, 1993

CANBERRA: The Federal government has over-ridden the objections of law
enforcement agencies and allowed Telecom and Optus to start new digital
mobile phone networks which are so secure that conversations can escape
officially authorised telephone bugging.
    While law enforcement agencies can still intercept calls from mobile
phones to an ordinary phone, calls from one digital mobile phone to another
cannot be tapped.
    The Government agreed to waive the bugging requirement, originally a
condition of Telecom and Optus's mobile phone network licences, late last week
after strong pressure from both carriers to begin their services without
providing technology to allow law enforcement agencies to listen into
    The changes to the system to allow official bugging will take up to
two years to complete and will cost more than $25 million, a cost which the
Government has agreed to bear.
    The Government's waiving of the bugging requirement was made despite
strong opposition from law enforcement agencies, who wanted the start of the
new digital mobile phone networks delayed until there was technology available
to allow conversations conducted on these networks to be intercepted.
    The law enforcement agencies argued that once criminals and others who
had reason to avoid officially authorised interceptions of their telephone
conversations became aware of the loopholes in the new system, they would
exploit it.
    The exemption was given by the Minister for Communications, Mr Beddall
after talks held last week with the acting Attorney-General, Mr Kerr.
    It enabled Telecom to launch the country's first digital mobile phone
network yesterday.
    The Federal Government is reticent about the decision to let the new
network go ahead.  A spokesman would only say that the Attorney-General was
"satisfied" with the operational aspects of the new system.
    A spokesman for Minister for Communications, Mr Beddall, said that
"the matter had been resolved", and any further queries should be addressed to
Telecom and Optus.
    General manager of Telecom, MobileNet, Mr John Dearn, refused to
confirm or deny that calls made from the new GSM (General System
Mobile),mobile phones to other GSM mobile phones could not be intercepted, or
that an exemption had been sought from the Government to allow the new GSM
service to begin.
    "We have an agreement with the Department of Communications that we
will not discuss the licence conditions," he said.
    Referring to the fact that most mobile phone calls are to fixed phones
attached to the ordinary telephone network, Optus chief operating officer, Mr
Ian Boatman said that most calls carried on Optus's GSM network would be
interceptable by the security agencies.
    Optus is understood to have met with the Attorney General last
Thursday, and has been given similar exemptions to its licence conditions.
    A third licensed operator is Vodaphone. Managing director, Mr Phillip
Cornish, said: "These are Government and security matters and Vodaphone had no
comment". Vodaphone is not likely to begin its service until late this year.
    The three mobile licensees Telecom MobileNet, Optus and Vodaphone
Australia - are 'required by their licences to introduce the new digital
mobile system, or GSM, as soon as the standard is available.
    However it became clear that the formula used to encode the new
service, known as the A5 algorithm, was so secure that not even the police or
security agencies could listen in.
    The dilemma for the Government was that having insisted on the the
early introduction of GSM, it faced the prospect of substantial delays if it
did not waive the licence condition. Because the standard was so secure,
nobody anticipated the difficulty of re-coding and re-encrypting the algorithm
to give access to law enforcement agencies.
    The Telecom system, costing in excess of $10O million to establish,
covers more than 55 per cent of Australian consumers in Sydney, Melbourne,
Canberra, Brisbane, Perth, Adelaide, the Gold Coast, Newcastle, Geelong and
the Mornington Peninsula, Victoria.
    Its high security - compared to the existing 018 mobile telephone
network - together with greater clarity is being used by Telecom to attract
new customers.
    Under the 018 radio phone network, people using sophisticated scanners
could pick up private conversations. But the digital technology ensures the
telephone transmissions are scrambled and cannot be understood by people with

Posted by: Roger Clarke, Reader in Information Systems, Dept. of Commerce,
Australian National University +61 6 249 3666/3664

How to rob a bank the cashcard way

Lord Wodehouse <>
28 Apr 93 12:11:00 BST
An article in the UK Sunday Telegrapph on 25 Apr 1993, p. 5, by Barbara Lewis,
deals with the current argument that banks in the UK deny that "phantom"
withdrawals happen, and all such things from ATMs are because the cashcard
owner has let the PIN be revealed.  The card used was a free gift from a Total
garage (Total - a French petrol company), for use in a money saving offer.
The PIN belonged to someone's account.  By bringing the two together, and
programming the card with a genuine account number taken from a discarded till
receipt, Mr Clough was able to fool the machine into paying out.

The requirements included specialised computer knowledge and basic technology.
A magnetic card reader and programmer costing as little as 500 pounds (750
dollars) which is capable of turning worthless blanks into cashcards.  By
using the details of the discard receipt, which contained the full account
number, plus the details off a valid card, they were able to "break" the
system.  They used a machine which could not check the validity of the card
with the banks central computer, and so forced validation by the information
of the card itself.

From the article, the area of danger is the number of printouts with numbers
of cards on them and the ability to find ATMs which are not on-line to the
banks computer.  They also demonstrated that a careful watcher of users of
ATMs can "see" what PIN is used, pick up a receipt discarded by the same
person who they watched, and then can make a usable card.  The particular ATM
still prints all the account number, and not all UK ATMs may work the way this
banks one did, but they believe that it is a major loophole.

The banks deny that they are finding lots of "white" cards, and a spokesman
for the Association for Payment Clearing Services (APCS) insisted that hat was
done was impossible.  It seems as usual that the banks are hiding their
collective heads in the sand.

Lord John - The Programming Peer fax - +44 81 423 4070

Re: Too much electricity (Miller, RISKS-14.55)

Mark Shanks <>
Tue, 27 Apr 93 14:58:40 MST
I will substantiate the article by J. Phillip Miller.  The same circumstances
occurred in Holt, Michigan, last year (1992) in the house next to my parents'
(address and date available upon request): a search warrant was issued because
of higher-than-neighborhood-average electric bills, a sweep by helicopter with
infrared camera confirmed thermal hot spots, search of the house turned up
marijuana cultivation. Evidently this is a known routine for the electric
utilities, but I don't know if there is a chi-square or similar statistic they
use to determine what is "substantially" higher usage.

Mark S. Shanks

Re: Risk of using too much electricity

Jim Griffith <>
Tue, 27 Apr 93 14:09:16 PDT
A similar situation occurred locally a few months back.  From memory, the
local police (don't remember which city) had reason to believe that an
individual was cultivating marijuana in his basement, but they had
insufficient grounds for a search warrant.  I believe what happened is that
they got a PG&E guy to read the suspect's meter, which told them that he was
using a *lot* of energy.  And that got them a search warrant.  The issue that
arises, of course, was the legality of the procedure, because the PG&E guy was
technically acting as a law enforcement agent, and therefore he violated
"unlawful search and seizure" laws.

Again, I'm fuzzy on the details, so take this with a grain of salt.  Jim

Jim Griffith

Risk of using too much electricity [Miller, RISKS-14.55]

Jim Huggins <>
Wed, 28 Apr 1993 15:42:17 -0400
This is purely speculative, but I would imagine that many utilities now may
have routines which flag any unusually high billing amounts and request human
confirmation of the accuracy of the figures.  We've all heard the stories of
Mr. & Mrs. John Q. Public who received an electrical/gas/etc. bill for a
couple hundred thousand dollars for their two-bedroom home and had to fight
tooth-and-nail with the utility company to get them to realize that they had
made a mistake.  Such publicity is probably embarrassing enough for is
probably embarrassing enough for the company to make a simple double-check
routine worth the effort.

Jim Huggins (

Re: Risk of using too much electricity (RISKS DIGEST 14.55)

"Dave Bakken" <>
Wed, 28 Apr 1993 13:24:28 MST
I knew someone who this happened to in the late 70s.  He seemed to think that
such monitoring of electricity was not uncommon; he was, however, not taken to
court, since the police or prosecutor apparently was worried that their search
was not legal.  They made a verbal agreement with him that he would just stop
growing pot in his house and they wouldn't press the matter.

He did mention another interesting variation on this theme.  He said that in
winter if the police notice that part of your roof (e.g., the attic) has no
snow on it then they can (and will) legally search your house, presumably
after getting a warrant.  I would think that this would hold up in court.

I'm not sure how RISKy this whole subject is, however, unless the electricity
monitoring was done by computer...

Dave Bakken

Risk of using too much electricity

Randall Gray <>
Fri, 30 Apr 93 08:27:08 EST
The *important* risk here is to the "old-timers" ... I suspect one PDP-8 is
worth a fair number of grow-lamps ;-) I can't imagine *what* the newspapers
would make of it.

Randall Gray, CSIRO Division of Fisheries, Pelagic Fisheries CSIRO Marine
Laboratories, Castray Esplanade, GPO Box 1538, Hobart, Tasmania 7001 AUSTRALIA

Utility monitoring of "Unusual use"

Edwin Culver <>
Wed, 28 Apr 93 11:20:53 EDT
In RISKS-14.55, J. Philip Miller ( wondered if utilities
detect "unusual" customers.  I know the water company for New Haven,
Connecticut asked my mother-in-law why her water usage trebled from one
billing period to the next.  I think that utility companies are generally
expected to monitor "average" or "normal" use for when somebody protests that
$1000.00 dollar gas/electric/phone/water bill.

I would be surprised if the St. Louis police could get a warrant just on the
basis of high electricity use and an "unusually warm" attic.  These may have
been used to support statements made by an informant--say a neighbor wondering
why this guy had so many visitors at 3:00am.  Or the warrant may have been
instigated by concerns for violations of local building codes or zoning
ordinances.  If the fire marshall saw marijuana plants growing in the attic
while executing a warrant searching for potential fire code violations would
another warrant be needed to arrest the occupant for drug violations?

Edwin M. Culver    (203) 468-1803

Re: Risk of using too much electricity (Miller, RISKS-14.55)

Kevin Paul Herbert <>
Tue, 27 Apr 1993 11:58:00 -0700
In California, PG&E (the electric utility in many parts of Northern California)
issues press releases which indicate that they do this.

Your power company may be quite willing to tell you if they do this, if
you call a public affairs office.


Can Wiretaps Remain Cost-Effective?

Robin Hanson <>
Thu, 29 Apr 93 15:32:40 PDT
U.S. Phone companies spend more than 4000 times as much running the phone
system ($126b) as police spend on legal domestic phone wiretaps ($31m), to
listen to phone conversations without the consent of either party.  So if
wiretaps are worth at most a few times what police spend on them, we can
justify only the slightest modification of our phone system to accommodate
wiretaps.  Yet the new wiretap chip, and last year's FBI digital telephony
bill, both threaten to raise our phone bills by far more than they reduce our
taxes for police.

Dorothy Denning claims that wiretaps are worth "billions of dollars per year",
based on amounts fined, recovered, etc.  But this is just the wrong way to
estimate the value of police services, according to standard texts on law
enforcement economics.  Instead, the value of each wiretap should be not far
from how much police would be willing to pay extra for that wiretap.  Given
alternatives to use hidden microphones, informants, offer immunity,
investigate someone else, or to raise the punishment for some crimes, it seems
hard to imagine that most wiretaps would still be done if they cost police
four times as much as they do now.  And even if wiretaps were on average worth
four times what police now pay, the option to wiretap the average phone line
would be worth only six cents a month.

Yet phone companies must even now perceive substantial costs to supporting
wiretaps, even relative to wanting to stay on the good side of police; why
else would police be complaining about lack of support?  Government policies
attempting to preserve wiretaps in the face of technological change would
discourage a full global market for phone systems, while government decree
would displace marketplace evolution of standards for representing,
encrypting, and exchanging voice.  Do you think these factors would raise the
average $76 monthly phone bill by more than six cents?  Even the wiretap chip
itself, sold for $30 each while private chips without wiretap support sell for
$10, would cost people who buy a new phone every five years an extra 30 cents
per month.

The central question is this: would police agencies still be willing to pay
for each wiretap, if each wiretapping agency were charged its share of the
full cost, to phone users, of forcing phones to support wiretaps?  And why not
let the market decide the answer?  Currently, police must pay phone company
"expenses" to support wiretaps.  Let us interpret this to mean that phone
companies may sell to police the option to perform legal wiretaps on given
sets of phone lines, at whatever price the two parties can negotiate.  Phone
companies could then offer discounts to customers who use phones with wiretap
chips, and each person could decide if the extra cost and risk of privacy
invasion was worth the price to make life easier for the police.

If it turns out wiretaps aren't worth their cost, so be it; no big deal.  Less
than one part in a thousand of police budgets is spent on wiretaps, and
wiretaps weren't even legal before 1968.

[For references and a more detailed discussion of these issues, ask me
for my longer paper with the same title.]

Robin Hanson, MS-269-2, NASA Ames Research Center, Moffett Field, CA 94035


RISKS Forum <>
Thu, 29 Apr 93 19:28:22 PDT
There is an enormous amount of pending mail on the Clipper Chip.  However,
much of it is now third- or fourth-order incrementalism.  Please excuse me if
I arbitrarily cut off the discussion rather than try to cull through
everything looking for a few gems.  I am delighted that this issue raised such
a response, and hope that the discussion in RISKS has been helpful.  The last
words have obviously not yet been said, but it seems silly to continue a
discussion that includes considerable misinterpretations of already misleading
comments.  If you have something really important to add, please make it
incremental to the previous discussion, and make it salient.  Thanks.  PGN

EICAR'93 Call for Papers

Thu, 29 Apr 1993 18:24:36 +0200
                       eicar CONFERENCE '93

When?                 December, 1st - 3rd 1993
Where?                St. Albans, Hertfordshire, England
The Occasion:         4th Annual Eicar Conference
Submission Deadline:  31st May 1993

Following a successful event in Munich last year, the European Institute for
Computer Anti-Virus Research (eicar), is holding its 1993 Conference on 1st -
3rd December.

Eicar is an independent organisation supporting and co-ordinating European
activities in the areas of research, control and prevention of computer
viruses and related security compromising sabotage software.

The conference will bring together users of computers and the world's leading
experts and authorities in the anti-virus field along with the writers of
anti-virus products that you are using such as Fridrik Skulason of Frisk -
F-Prot, Joe Wells of Symantec - Norton Anti-Virus and Alan Solomon of S&S
International - Dr Solomon's Anti-Virus Toolkit.

The conference covers all aspects of computer viruses and other malicious
software including the following:-

- virus trends                  - anti-virus technology
- infection recovery tools      - anti-virus product selection
- network security              - system security
- backup measures               - risk assessment
- corporate strategies          - disaster recovery plans
- case studies                  - educational tasks
- impact on technology          - epidemiology
- forensic procedures           - legal aspects
- social implications           - ethics

Tutorial Day - an optional tutorial on computer viruses and similar SW threats
Day One      - will carry two tracks covering state-of-the-art information
Day Two      - continues the two tracks and concludes with a panel discussion

Call for Exhibitors

Whether or not you are considering speaking at the conference, you should at
least be investigating the sales and marketing opportunities available at the
exhibition.  For further information on exhibiting at the conference, please
contact Rebecca Pitt at the address below.

Submissions of draft papers and panel proposals should be received by Friday,
31st May 1993.

Please send your conference papers in ascii or Word for Windows, to the
following address:-

Miss Alison Sweeney, Conference Manager, S&S International Limited
Berkley Court, Mill Street, Berkhamsted, Herts, HP2 4HW, England
Tel: +44 442 877877  Fax: +44 442 877882

Please report problems with the web pages to the maintainer


There has been a system error