The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 72

Wednesday 9 June 1993

Contents

o Phone lottery in Phoenix
Kriss A. Hougland
o Grassroots vs. Astroturf Movements
Shyamal Jajodia
o RISK of undefined abbr., Re: Health effects of VDTs
Mark A. Hull-Richter
o Citibank ATM risk
Steve Kass
o Re: Fake ATM Machine Steals PINs
Debora Weber-Wulff
o What's in it for the grocer?
Dave Kristol
o Re: French Fry Robots!
Dean Kling
Jerry Hollombe
o Error in DSRNS workshop announcement
Paul Robinson
Bruce Limber
o Re: White House Electronic Mail
Nick Rothwell
o Cryptography, Free Speech, and so on
Jerry Leichter
o Re: Denning on NIST/NSA Revelations
Kevin S. McCurley
o Info on RISKS (comp.risks)

Phone lottery in Phoenix

"Kriss A. Hougland" <hougland@enuxhb.eas.asu.edu>
Wed, 9 Jun 93 11:08:33 MST
Since the Suns here in Phoenix are in the NBA playoffs, one of the ticket
offices discovered that something was amiss.  Since the only way to get any of
the remaining tickets is by calling up either of the two ticket offices, this
happened for one of the games...

On one of our local channels, they reported that employees from the company
that installed the phone for the ticket office (I believe it was Dillard's)
had been discovered to have "fixed" (I don't know the proper term they used)
the phone lines so the callers (employees of the installing phone equipment)
would be the first to get through to place orders for the tickets.  The news
show went on to add that disciplined action(s) had been taken by the company
and the company would not comment on the situation.

The "modification" to the phone system was detected by the ticket office.

(I thought rigging/modifying the odds of a dial-in only event was cardinal.
(sorry for the pun) No No.)


Grassroots vs. Astroturf Movements

Shyamal Jajodia <SHYAM@mitvmc.mit.edu>
Wed, 09 Jun 93 17:31:27 EDT
This morning there was a report on National Public Radio on what it called
Astroturf letter writing campaigns. Apparently some lobbying firms have
started offering this service to clients likely to be affected by legislation
about to come up for vote.

For a fee they will generate a large number of letters which will put forward
the client's case to several selected mailing lists. These letters also
contain an exhortation to sign and mail the included PROTEST letters which are
pre-addressed to the area congressional rep.  Such campaigns were found by
several congressmen who are in favor of the Clinton Administration's proposed
BTU tax.

On the face of it it seems like the good old American democratic system.  The
risk identified by one of the Congressman was that the high levels of noise
generated by these computer aided campaigns are making it difficult for them
to identify the genuine missive from Mrs Bramley in Peoria.

SHYAM


RISK of undefined abbreviations, RE Health effects of VDTs - an update

Mark A. Hull-Richter <mhr@tdat.elsegundoca.ncr.com>
Wed, 9 Jun 93 14:31:30 PDT
Mr. Rogers' article is most certainly both welcome and informative on an
otherwise overreported and underanalyzed area of potential health risk.
Unfortunately, he uses an abbreviation in the article whose meaning is
undefined, at best, and ambiguous at worst.

In reference to the strength of the magnetic fields measured at 30cm distance
from a VDT, he lists the strength of the magnetic fields as "4-7 Mg," and
elsewhere repeats the use of this abbreviation.

By the normal standard abbreviation scheme that I am familiar with (and I
believe most people are as well), the abbreviation "Mg" should be interpreted
as "Megagauss", which is absurd in the context.  The average strength of the
Earth's magnetic radiation field at ground level ranges between 2-2.5 mg
(that's milligauss), and even the dangers supposedly related to magnetic
fields have been generally associated with fields in excess of 10mg, coupled
with continuous exposure over long periods of time.  (A good discussion of
this subject can be found in the book "Cross-Currents," the name of whose
author escapes me at the moment, and also his sequel on a similar subject, the
title of which also escapes me at the moment.)

As a side note, I had our electric company send a representative out to my
house a couple of years ago, specifically to measure the EMF radiation from
various instruments and equipment in my house.  This was largely in response
to a scare about power line proximity and the fact that my house overlooks a
freeway, on the other side of which are power transmission lines totalling 506
kilovolts of electricity.  It turned out that the EMF level outside the house
at chest height was 1.5-2.5 mg, whereas the average EMF level _inside_ the
house, mid-room at chest height, was around 5mg.  Our waterbed heater
generated over 10mg at bed surface level, and the most dangerous room in the
house was the kitchen, with a reading of 6-9mg mid-room.  Surprisingly, the
highest radiation levels were from electric alarm clocks, ranging 140-300+mg
at the face, down to somewhere between 40-50mg at a distance of 3 feet.  The
VDTs?  My wife's EGA read 15mg at the screen, down to 1.5mg at 3 feet, and my
monochrome was slightly higher

(I forgot the exact reading).

Now, Mr. Rogers, what did _you_ mean by "Mg?"

Mark A. Hull-Richter, NCR Teradata, 100 N. Sepulveda Blvd., # 11-257
El Segundo, CA 90245     (310) 524-5782    mhr@ElSegundoCA.NCR.com


Citibank ATM risk

No gas will be sold to anyone in a glass container <SKASS@DREW.DREW.EDU>
Tue, 08 Jun 1993 23:44:13 -0400 (EDT)
Yesterday, I walked up to a Citibank ATM (a relatively new one at 2nd Ave. and
4th St. in Manhattan) and the screen displayed the question "What language
would you like to use for your transaction," a question I usually get only
after inserting my card and entering my PIN.  I was a bit puzzled, but think I
have an answer.  Two "features" of this particular ATM in combination may
present quite a risk.

Feature 1:  Citibank ATMs don't swallow cards.  You insert, then
            immediately withdraw them to start a transaction.  I
            appreciate this feature, having left my card in an ATM before.

Feature 2:  After selecting your transaction, but before receiving cash
            or a balance or making a deposit, you must answer the question
            "After this transaction, can we help you with anything else?"
            This question is very oddly placed.  I don't want to think about
            my next transaction until this one is finished.

What may have happened:

The previous customer (call her Maria), inserted and withdrew her card,
entered her PIN, chose a language, selected a transaction, and was then
perhaps confused by the question about an additional transaction (Feature 2),
or just slipped on the touch screen.  Between having to answer questions like
"Is this correct?" and "Would you like a receipt?" it would be easy to keep
hitting the Yes button.  When Maria finished her first transaction, she took
her receipt, and having already retrieved her card, turned and walked out, not
realizing she had pre-ordered another transaction.  Presumably I could have
effected a second transaction on her account, withdrawing some large sum of
money.  I've never made two transactions in a row on a Citibank ATM, so I
can't be sure that the language question is routinely presented again, but
nothing else seems to make sense, especially since when I pressed the Cancel
button right off, I got the message "Your transaction has been cancelled,"
then the usual "Insert your card, then withdraw it quickly" opening message.

Any Citibank programmers out there who care to comment?  Even if I've misread
the situation, this scenario is all too plausible.  Feature 1 and Dubious
Feature 2 (a programming hack, I'd almost have to guess) just don't work
together.

Steve Kass (skass@drew.drew.edu), Department of Mathematics and Computer
Science Drew University, Madison, NJ 07940


Re: Fake ATM Machine Steals PINs

Debora Weber-Wulff <dww@math.fu-berlin.de>
Sun, 6 Jun 1993 12:42:13 GMT
>Another method that might allow you to "authenticate" an ATM machine:
>  Enter an incorrect PIN as your first attempt.
>  Try a balance query if the ATM seems to accept the bad PIN.

Won't work in Germany. You don't get 3 tries per card insert, you get 3 tries
on the *lifetime of the card*! If you goof up 3 times, the card is marked
invalid and has to be sent in to a special office for resetting. Takes about
2-3 weeks. And balance queries are usually not done with ATM machines, but
with extra boxes that give a list of transactions since the last query - this
has shifted the costs and work of preparing statements to the user. You have
to stand there and wait while the silly thing grinds out 3-4 pages, usually
with a page of advertising (Grrrrrrrr....). This also saves postage for the
banks.

Debora Weber-Wulff, Professorin fuer Softwaretechnik, Technische
Fachhochschule Berlin, FB Informatik, Luxemburgerstr. 10, 1000 Berlin 65

   [Thanks, Debora.  One of the joys of RISKS is that our international
   contributors keep the U.S. folks on their toes.  For example, John Oliver
   <j.oliver@uow.edu.au> in Wollongong, Australia, chided me for my item in
   RISKS-14.71 about RISKS "Summer Slowdown Time".  He said
      "Shame on you.  This is WINTER!  John Oliver"         PGN]


What's in it for the grocer?

Dave Kristol <dmk@allegra.att.com>
Tue, 8 Jun 93 22:02:23 EDT
Margins on sales in supermarkets are reputed to be very low.  Credit card
companies usually charge a couple of percent on transactions with their cards.
So, credit card sales in supermarkets would wipe out the retailers' profits.
Yet, payment by credit cards in supermarkets is expanding.

Obviously the credit card companies are offering the grocers lower than usual
rates.  What do they get in return?  Are they accumulating buying profiles on
people who use credit?  If so, how do they use the information they gather?

Can I expect a letter from Proctor and Gamble: "We see you bought Crest in
March and May of 1992, but you haven't bought it since.  How come?  (And
here's a 50 cent coupon to encourage you to buy it again.)"

In a similar vein, supermarkets around here offer various forms of "price
clubs", whereby you get an extra discount on selected items if you present
your card at check-out.  Are THEY accumulating buying profiles?  How are THEY
using the information?

[Have I become excessively paranoid about invasions of privacy?]

Dave Kristol


Re: French Fry Robots! (McKay, RISKS-14.71)

Dean Kling <dkling@ornews.intel.com>
8 Jun 1993 16:28:40 -0700
>The risks?  When the drink robot fails to work some soft drink gets spilt, but
>what happens if there's a problem with a machine that is working around hot
>oil?

  Such technology is being used successfully in the semiconductor industry.
Similar robots handle automated wet stations, wherein silicon wafers are
dunked into a variety of etchants, including hydrofluoric and sulfuric acids.
It takes a competent design and reasonable control limits, but is capable of
being done successfully.

Dean F. Kling
dkling@ptd.intel.com       (503) 642-6829   No, I don't speak for Intel


Re: French Fry Robots! (McKay, RISKS-14.71)

The Polymath <hollombe@polymath.tti.com>
Tue, 8 Jun 93 17:39:43 PDT
Most likely the robot's work cell is protected by light beam barriers,
floor mat switches or both.  Tripping either system should cause the robot
to immediately stop moving until the system is reset.  This sort of setup
is required by ANSI/OSHA regulations for robot work cells.

}The risks?  ...

Some hot oil gets splashed (the robot isn't pouring oil, just dipping things
in it).  Not a good thing, to be sure, but not likely a tragedy, either.  I
note the (required) manual cutoff button is located away from the hot oil
tanks.

The Polymath (aka: Jerry Hollombe, M.A., CDP, Head Robot Wrangler at Citicorp
3100 Ocean Park Blvd., Santa Monica, CA  90405   (310) 450-9111, x2483


And yet, a Risks report contains more errors! (Camp, RISKS-14.71)

Paul Robinson <TDARCOS@MCIMAIL.COM>
Tue, 8 Jun 1993 22:44:57 -0400 (EDT)
John Camp Writes in Risks 14.71:

Subject: Workshop on Digital Systems Reliability and Nuclear Safety

> >From Washington National Airport
> The Washington Metro has subway service to Rockville from National
> Airport. Take a Yellow Line train marked ~Gallery Place~ to Metro
> Center and transfer to a Red Line train marked ~Shady Grove~ to
> ~Twinbrook~.

This worries me when even minor details can't be gotten right.

In Washington DC, the Yellow Line train at National Airport goes in two
directions.  The one going toward Washington is labeled "U Street/Cardoza" and
goes THROUGH Gallery Place!  This isn't a new event; the extension to the
Yellow line has been running for more than a year.

Also, one transfers from the Yellow to the Red Line AT GALLERY PLACE.  The
Yellow Line does not and never has run to Metro Center!

There is, however, a Blue Line that DOES go to Metro Center from National
Airport, at which point one can also transfer to the Red Line.  But THAT train
- the Blue Line - would be labelled "New Carrolton" and doesn't go anywhere
near Gallery Place!

This worries me that if small details like this are wrong, what other things
could also be wrong?  Maybe they'll run an ad for this symposium in the
{Washington Star}! :)

(The :) is because The Star Folded many years ago.)

Paul Robinson - TDARCOS@MCIMAIL.COM


Re: RISKS-14.71 error

Bruce Limber <blimber@cap.gwu.edu>
Wed, 9 Jun 1993 12:35:01 -0400 (EDT)
The conference announcement in RISKS-14.71 contains incorrect directions for
taking the Metro from National Airport to the Holiday Inn Crowne Plaza.  I'm
sending a correction to lammerin@cs.utwente.nl and, should you wish to publish
it separately, the correct directions are these:

There is a free shuttle bus between the terminal and the National Airport
Metro station.  At the station, purchase a farecard to Twinbrook.  (Fare
varies according to the day of week and the time you enter, and will be
either $2.00 or $3.15 one way.)

Take the yellow train marked "Mt. Vernon Sq." to the Gallery Place station;
there, transfer to a train marked "Shady Grove" and ride to the
Twinbrook station; the hotel is beside the station.  (Be sure to take a
"Shady Grove" train; trains at the same platform marked "Grosvenor" do
not go all the way to Twinbrook.)


Re: White House Electronic Mail

Nick Rothwell <cassiel@cassiel.demon.co.uk>
Wed, 9 Jun 1993 07:33:18 +0000
<>  ... The White House will be connected to the Internet as well as
<>  several on-line commercial vendors, thus making us more
<>  accessible and more in touch with people across this country.

Only a minor item of risk-interest, perhaps, but: which people and which
country? I have an email address ending in ".uk", but the more generic ".com"
is available to people outside the US for a small sum (I'll have access to one
soon). I don't see anything to stop (for example) groups from outside the US
lobbying this email service by pretending to be "the people" from "this
country." The Internet is international.

Nothing to lose sleep over, I don't think, but I did sense a wee bit of
parochialism in this announcement and thought I'd point out something that's
probably obvious.
                        Nick Rothwell   |   cassiel@cassiel.demon.co.uk
     CASSIEL Contemporary Music/Dance   |   cassiel@cix.compulink.co.uk

     [By the way, jim@mpl.UCSD.EDU (Jim Easton) reported that mail to
     vice.president@whitehouse.gov was rejected.  Let him know
     if you have a good address.  And thanks to all of you who
     reported on Gedanken Experiments with the the White House
     Internet connections.  They are vastly too numerous (and some
     to off-color) to be included here.  PGN]


Cryptography, Free Speech, and so on

Jerry Leichter <leichter@lrw.com>
Fri, 4 Jun 93 17:32:38 EDT
In RISKS-14.69, Peter Junger responds to comments I'd made earlier.  I'd like
to look a bit at the broader issues.

The Constitution may protect speech, but espionage, a crime which may involve
"nothing more" than speech, has been illegal since before the Constitution was
written, and you wouldn't have much success challenging it on First Amendment
grounds.

There are two interesting things about cryptography:

    - It's one of only two examples of cases where things can be
        treated as secret even if you invent them yourself.  (The
        other is information about nuclear technology.)  If you
        were to become aware of classified information about
        existing cryptosystems, the espionage statutes would apply
        to you just as they would were you to come into possession
        of plans for a fighter plane.  If you can be forbidden from
        discussing one, you can be forbidden from discussing the
        other.  (Actually, "discussing" for espionage purposes doesn't
        even have to be with foreign nationals, but it does have to
        be with the intent of making the information available to
        foreign nationals, or something like that.)

        So what we come down to is the claim that the fact that you
        invented something yourself automatically gives it First
        Amendment protection, even though had you gotten it by other
        means it might not be so protected.  Well, maybe.  It's an
        argument worth making, but personally I think more on social
        policy grounds than Constitutional ones - I see nothing in the
        Constitution that makes a distinction based on authorship, and
        in fact such distinctions can be very hazardous:  If I have a
        right to say something, but my publisher does not have the
        right to publish it for me, my rights are being honored more
        in the breach than in reality.

    -   Cryptographic systems can easily be embodied as software.  As
        Mr. Junger point out, software is inherently both speech and
        object.  One gets the feeling on the net that people wish to
        see it purely as speech because that gets them to final re-
        sults they like, right now.  Along the way, they make various
        questionable assumptions, such as identifying the description
        of an algorithm with efficient (or just WORKABLE!) code for
        it.  That was the point of my 500-man-year example.  The code
        for such a monstrosity would clearly be a manufactured object,
        difficult to duplicate from scratch.  A broad description of
        that object might help someone duplicate it to a very limited
        extent.  A detailed design specification would help a lot
        more.  But the code itself remains much more usable than
        any description.

        Building a fighter jet is difficult for many reasons.  Even
        with the proper equipment and materials, detailed drawings and
        specifications remain necessary.  Code is like those detailed
        drawings and specifications.  It just happens that for pro-
        grams, once you have the code, you don't need to do much more
        (while for a fighter you've still got a great deal of work).
        Plans for fighters have always been considered very sensitive.
        I see no reason why code, or specifications for code, should
        not be.

        Our ideas about free speech were developed at a time when
        "information" and "objects" were separate universes.  Speech
        might affect PEOPLE, but it could not directly affect the
        physical world.  It's exactly because of its effect on people
        that dictatorships wish to control it; and it's exactly
        because our system of government is based on the idea that
        people, in effect, have the right to be affected, that we so
        strongly protect speech rights.

        These days, the borderline between "information" and "object"
        is getting fuzzy.  A computer virus is "information", but it
        can pretty directly affect the real, physical world.  Should
        it be given the same protection as speech that is aimed at
        people?  People are moral actors, and are assumed to be res-
        ponsible for the outcomes of their acting on speech they hear.
        A computer that "hears" a virus is NOT a moral actor; the
        responsibility for any damage it does lies entirely on the
        creator of the virus.

        Actions certainly have consequences.  We like to say that
        ideas have consequences, too, but those consequences are
        always filtered through other people, other moral actors.
        This is very different from the growing potential for certain
        ideas, expressed in software rather than words, to have
        DIRECT consequences.  I believe it's foolish to claim that
        just because we use the word "information" to describe both
        traditional speech and this new class of thing that we should
        automatically apply the same standards to each.

I have no love for the existing cryptographic export regulations.  However, I
refuse to close my eyes to the problems they are trying to solve.  Rather than
tossing our hands up and saying "there's no perfect solution, so let's not try
to find ANY solution," we should try to come up with better approaches.
Perhaps in the long run we are destined to fail; even so, we have to survive
in the short run.
                            -- Jerry


Re: Denning on NIST/NSA Revelations

Kevin S. McCurley <mccurley@cs.sandia.gov>
Wed, 19 May 93 22:46:52 MDT
Let's review a RISKS discussion that's gotten out of hand:

David Sobel, originally wrote in RISKS DIGEST 14.59:
<>      The proposed DSS was widely criticized within the computer
<>      industry for its perceived weak security and inferiority to an
<>      existing authentication technology known as the RSA algorithm.
<>      Many observers have speculated that the RSA technique was
<>      disfavored by NSA because it was, in fact, more secure than the
<>      NSA-proposed algorithm and because the RSA technique could also
<>      be used to encrypt data very securely.

Dorothy Denning responded in RISKS 14.60:
> This is terribly misleading. NIST issued the DSS proposal along with a
> public call for comments as part of their normal practice with proposed
> standards.  The community responded, and NIST promptly addressed the
> security concerns.  Among other things, the DSS now accommodates longer
> keys (up to 1024 bits).  As a result of the revisions, the DSS is now
> considered to be just as strong as RSA.

Marc Rotenberg commented in RISKS 14.62:
> Denning has to be kidding.  The comments on the proposed DSS were uniformly
> critical.  Both Marty Hellman and Ron Rivest questioned the desirability of
> the proposed standard.

Most recently, Eric Raymond wrote in RISKS 14.64:
> As a long-time RISKS reader and contributor, I observe that that this is not
> the first time that Ms. Denning has apparently operated as a mouthpiece for
> the NSA's anti-privacy party line on DES and related issues.
>
>I believe Ms. Denning's remarks must be understood as part of a continuing
>propaganda campaign to marginalize and demonize advocates of electronic
>privacy rights.

I have no link to the FBI, NSA, or NIST, and I agree with this particular
statement of Dorothy's, that DSS is regarded to be as strong as RSA.  Mobs
often believe the words that are shouted the loudest, and this may have warped
the public perception of DSS.  Some people will refuse to accept DSS because
of where it came from, but let's be clear on this specific issue:

NOBODY HAS PRESENTED A CREDIBLE SCIENTIFIC ARGUMENT THAT DSS CAN BE BROKEN!

I spent a couple of years using some of the most powerful machines in the
world to compute discrete logarithms, and I published a survey paper in 1990
on the discrete logarithm problem.  I am quite sure that there is no publicly
known technique that will compromise DSS with 1024 bit keys, and I think both
Rivest and Hellman will agree on this point.  There are technical issues of
some dispute, but this issue is not among them.  If anything, factoring is
regarded as easier than computing discrete logarithms because of the linear
algebra involved.

People are apparently getting so steamed over Clipper and the notion of key
escrowing that their glasses are getting fogged.  It's gotten so no matter
what Dorothy says, she is demonized as a stooge of the Feds.  It appears that
there are legitimate issues to be debated here, but let's try to clean up the
discussion surrounding Clipper, Skipjack, Capstone, DSS, SHA, NSA, NIST, and
RSA, to distinguish between the different scientific, business, and
governmental policy issues.

If you disagree with Dorothy's statements regarding key escrow policy, then
say so explicitly.  If you believe that DSS is cryptographically weak, then
let's see somebody break it.  I maintain that unless somebody pulls a new
algorithmic trick out of their sleeve, we won't see a 1024-bit DSS signature
forged until long after we are all pushing up daisies.

Kevin S. McCurley
Massively Parallel Computing Research Laboratory
Sandia National Laboratories

Please report problems with the web pages to the maintainer

Top