The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 15 Issue 68

Tuesday 22 March 1994

Contents

o Gambling
Phil Agre
o I really like this guy's attitude
Alan Wexelblat
o Phone Machines Call Each Other, Part Deux
Russell S. Aminzade
o IRS Surveillance (Part II)
Zajac
o Dutch legislators trying to pull a fast one?
Ralph Moonen
o Funny Money article in THE SCIENCES
Mich Kabay
o Human Genome Project & Privacy
Mich Kabay
o SGML--archiving style + content
Mich Kabay
o Risk of bringing plastic cards through UK customs
Ross Anderson
o RISKs of safe ATMs
Sidney Markowitz
o Re: Hard-drive headache!
David M. Miller
o Re: The RISKS of whale removal, copyrights
Matthew B. Landry
Mark Stalzer
o Comment on my earlier posting on puncutation and spelling errors
Don Norman
o Re: Caught with their pants down
Sean Malloy
o Info on RISKS (comp.risks)

Gambling

Phil Agre <pagre@weber.ucsd.edu>
Sat, 19 Mar 1994 09:04:47 -0800
For those with an interest in risks, the technology supplement to Forbes
magazine, Forbes ASAP, is a regular smorgasbord.  The 10/25/93 issue, for
example, includes an article about Bally's casinos' use of customer databases
to optimize their investments in "comping", the practice of offering free
drinks, hotel rooms, plane tickets, and what-not to high rollers.  Given
enough information about an individual's bets (regardless of whether they
win), a straightforward economic calculation can decide which level of
comping is optimal.  (The full reference is: David H. Freedman, Odds man in
[Bally's Atlantic City casino], Forbes ASAP, 25 October 1993, pages 33-35.)

The problem is getting the information into the computer.  The Bally's casino
accomplishes this in two ways.  At roulette tables and the like, they simply
have someone watch the game and enter bets into a portable computer.  (This
computer can also determine how much credit to extend to a given customer.)
At the slot machines, they give each player a card with a magnetic strip that
goes into the machine for as long as the player is playing.  (They also offer
a strap to keep the card attached to your wrist, so you don't walk away from
the machine without it.)

The risks, of course, are obvious.  Rational gamblers can take advantage
of competition between casinos, choosing the best comping deal.  But many
people are addicted to gambling, and these innovations also make it easy for
an addict on a binge to gamble away the maximum possible sum.  Furthermore,
as the article points out, "the riot of blinking lights, the clacking of
spinning wheels, the absence of outside views or public phones -- all of this
encourages the otherwise solidly grounded visitor to lose track of time and
space, not to mention financial common sense".  Profit margins are high, and
investors are pleased.

The analogy to data-intensive marketing of cigarettes (see Risks 15.62) is
strong.  What's next?  How about a frequent drinker's club for premium brands
of liquor?  Or individualized advice for children, based on detailed family
demographics, about how to shame their parents into buying them expensive
toys?  It wouldn't be that hard.  You could actually get a toy to do the
explaining.  Each product from a given toy company would contain a single chip
with a small microprocessor, a simple RF receiver, some memory, and a speech
synthesis device.  When the toy goes through the checkout, an RF device built
into the cash register downloads the toy with a demographic profile of the
family derived from credit files pulled up through the purchase transaction.
Then, as the child plays with the toy, the toy explains to the child the
virtues of various other toys from the same company, along with suggestions
for persuasion tactics that consumer research has shown to work well on
parents in that particular market segment.  If the toys can send as well as
receive wireless data transmissions then newer toys can reprogram the older
ones.  Better yet, the child's videogame system, which will surely get its
software over phone lines in the near future, could also download all of the
child's other toys with new sales pitches, based on records of whether the
previous pitches worked, as well as the latest market research and television
and movie product tie-ins.

Phil Agre, UCSD


I really like this guy's attitude (Denver Baggage Handling)

"Alan (Miburi-san) Wexelblat" <wex@media.mit.edu>
Mon, 21 Mar 94 11:51:55 -0500
[From EDUPAGE...]

> Problems with an automated baggage-handling system controlled by 100
> computers is delaying the opening of Denver's new airport. It's the first
> such system to serve an entire airport, the first to be run by distributed
> desktop computers, and the first to use radio links. Despite his woes, the
> contractor says the project's worth it: "Who would turn down a $193
> million contract? You'd expect to have a little trouble for that kind of
> money." (New York Times, 18 Mar 1994, C1)

Sure, he's getting his money -- what does he care if bugs prevent the
airport from opening?  I'd like to see the comments of the people who let
the contract in the first place.  On second thought, I probably wouldn't.
It'd probably be the usual uninformed pablum about how complex systems
"always" have a few "small" problems, and no thought given to how the
problems might have been prevented in the first place.

Anyone want to bet they hire this same guy to do the upgrade when it's needed?

Feeling cynical on Monday morning...

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard, Media Lab -
Advanced Human Interface Group  wex@media.mit.edu Voice: 617-258-9168


Phone Machines Call Each Other, Part Deux

"Russell S. Aminzade: Trinity College of VT" <aminzade@moose.uvm.edu>
Mon, 21 Mar 1994 12:28:53 -0500 (EST)
Several years ago, I posted an amusing story in this journal about two
answering machines talking to each other.  It was a choice enough RISKS tidbit
to earn a place in Dunlop & Kling's Compterization and Controversy.  I don't
expect my 15 minutes of fame from this next one, but it seems I'm doomed to be
the innocent witness while chatty answering machines interact with each other.

Imagine my surprise when I checked my answering machine at work and
found a message which began "Hi, My name is [name].  I'm
not at my desk, but if you'll..." Whoa! This was the voice-mail message
of a friend.  This friend works for a certain large, blue computer
company which shall remain nameless :-)

I was certain this was the work of a prankster for a few reasons:

1) I don't know her direct-dial number. I've don't think I've ever
   called her at work, though I often talk with her husband who
   teaches at a nearby college.

2) We have an aging PBX.  No direct-dial to me.  Any call would
   have to be routed through our (very human) operator.

After a call to her to sic her company's phone-security cops on the
perpetrator, and one to her husband (to play the message and prove I wasn't
crazy) I had the weekend to ponder this odd event.  I realized that it's
entirely possible.

Here's how: Professor X calls my school, asks operator for my extension, gets
answering machine, hangs up. He then calls his wife, gets voicemail, and hangs
up.  His college's switchboard, though, interprets the first hangup as a
"flash," which means "forward this call to the next number I call"

The problem is a classical case of poor human-interface design -- the use of a
switchhook flash to mean "transfer this call" when a slightly-longer flash
means "hang up and give me new dialtone."

I can think of many grisly RISKs here, but for me the small but nagging one is
that my friends may have jumped to the most obvious conclusion -- that I was
the prankster.

Russell Aminzade: Academic Computing Coordinator, Trinity College of Vermont

   [If it had been Pennsylvania, it would have been a PA de Deux.  PGN]


IRS Surveillance (Part II)

<Zajac@DOCKMASTER.NCSC.MIL>
Mon, 21 Mar 94 01:22 EST
Recently, RISKS carried a posting on how the IRS was bidding for Dialed
Number Recorders (DNRs) to record phone numbers.

The author suggested the IRS might be looking for a way to get the identity of
individuals who call for information.

Readers should be aware that DNRs record the numbers that are called out on a
target line.  They are generally used only in criminal investigations.

If the IRS wanted to get caller information, they could do what large
companies do today and get the caller ID (ANI) from each call that comes in on
an 800 line.  They would not have to go out and bid DNRs, the information is
already available for free with their 800 number.

DOCKMASTER.NCSC.MIL


Dutch legislators trying to pull a fast one?

Ralph <ralph@runner.knoware.nl>
Tue, 22 Mar 94 15:07:37 GMT
Yesterday, leading Dutch newspaper 'De Volkskrant' reported that included into
a new bill that deals with telecommunication, is an article that will outlaw
cryptography in the Netherlands. One can apply for a waiver but they will want
to know why you want to use cryptography, and they want your keys.

It looks like the Dutch government is trying to slip this one behind the
backs of the voters just before the elections in may. Most stunning was that
the Green party and others considered the issue 'a matter of little
importance' and were not willing to do anything about it.

Lucklily the proposal is still in draft state, which means there is still time
to get something done about it, but only if people are made aware of the
consequences of such a law.

--Ralph Moonen  --ralph@knoware.nl


Funny Money article in THE SCIENCES

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
20 Mar 94 21:05:47 EST
In "Funny Money" (_THE SCIENCES_ 34(2):6, March/April 1994), Brian Mono writes
about counterfeiting using off-the shelf hardware and software.  Nothing very
new for RISKS readers, but it's a good one-page summary of the problem for
novices.  In brief:

o   A report published in the autumn of 1993 by the National Research
Council warns that the U.S. government has not kept up with technology used by
amateurs to print counterfeit money.

o   Scanners, computers, colour printers and colour copiers [the
distinctions among all of these devices are fading fast] tempt more people
today to print small amounts of money.

o   Traditionally, counterfeiters have been few and concentrated in a few
areas such as New York City.  Casual counterfeiters are the opposite: many
people over an enormous area.

o   In 1991, there were about $6-$8 million of counterfeit money detected
by officials in the U.S. (only ~0.003% of the the Federal Reserve System's
yearly total of $265 billion in currency handled).

o   "The dollar amount of scanned and color-copied fakes has doubled in
each of the past three years...."

o   All countermeasures contemplated by the government must include
consideration of backward compatibility: money-changing machines and business
people have to be able to use both the older bills and whatever new ones
appear.

o   Some recent countermeasures have had little effect; e.g., many bills
have "so-called security threads, metallic polyester strips inscribed with USA
and the denomination of the bill."  Unfortunately, "hardly anyone outside the
Treasury Department is aware of their existence."

o   Proposed countermeasures include colour-shifting ink and aliasing (a
technique that tricks photographic reproduction machines into printing a line
along the intersections of sets of parallel lines which are offset from each
other at a particular angle).  Holograms are also a practical possibility to
deter amateurs.

o   One proposal from the NRC is that every copy machine print its serial
numbers on every copy it produces.  This technology is already in place in
Xerox Corporation's "MajestiK" colour photocopiers.  However, many observers
are concerned about privacy issues.  Norbert S. Baer, a member of the NRC
committee, asked, "Would the Pentagon Papers have been leaked if
identification numbers were implanted on them?"

[MK thinking out loud: AI pattern recognition algorithms coupled with a
library of currency images could permit a smart copier to blank out all
attempts to photocopy money.  Such a technique would drive criminal hackers
wild with the uncontrollable urge to crack the protection codes and actually
make the poor machine _print_ the currency images.  So the currency images
would have to be one-way encrypted.  But then the criminal hackers would try
to decrypt the images.  So there would have to be a cryptographically-sound
checksum that could permit identification but not reproduction.

Comments?]

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn


Human Genome Project & Privacy

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
20 Mar 94 21:05:40 EST
A quick note to RISKS readers about a peripherally related subject--genetic
counselling.  This is a technique which far antedates computers, but today's
Human Genome Project is heavily computer-dependent for data collection,
analysis and storage of enormous amounts of information.

In a recent article (* see below), Robert Cook-Degan summarizes some of the
problems we face with the growing ability to detect "bad" genes before birth
as well as afterwards.  Should everyone know about their own genetic defects?
Always?  Sometimes?  What are the principles upon which to decide?  Who should
be allowed to know about _your_ personal genetic makeup?  Do employers have a
right to know that your family carries the gene for Huntington's chorea, which
leads to uncontrollable movements and frank insanity in middle life?  Do
insurance companies have a right to reject an applicant for life insurance
because of a family history of diabetes, breast cancer and alcoholism?

There's a section of the political debate between those who argue for abortion
of severely affected embryos (extremists argue for eugenic screening) versus
those who argue for a more inclusive, accepting, less demanding society that
can live with physical differences (extremists deny the existence of handicaps
of any kind).

Interesting reading.  It will be of special interest to those concerned about
personal privacy in the computer age.

*Cook-Degan, Robert (1994).  Private parts.  _THE SCIENCES_ 34(2):18

Michel E. Kabay, Ph.D. / Director of Education, National Computer Security
Association


SGML--archiving style + content

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
20 Mar 94 21:05:51 EST
In _THE SCIENCES_ 34(2):4 (March/April 1994), Derek Coleman writes about the
problem of interpreting machine-readable formatted text in archives.
Technology changes so fast that an archive created a decade ago may be
unreadable by programs running today.

Standard Generalized Markup Language (SGML).  SGML includes standard
English-language tags (e.g., <title>, <author>, <bold> and so on) that can
easily by converted to any specific typesetting or word-processing system
using a table-driven program (input string -> output string) or macro
facility.

Using SGML, one converts today's text into standard ASCII.  As long as the
storage medium is physically readable (something that can be ensured by
appropriate conversion over the years), SGML will permit a readable copy
including enhancements to be prepared at any time on any platform.

Contact for more info:

International SGML users' group (U.K.)
c/o Ms Gaynor West
voice tel +44-793-512-515; fax +44-793-512-516

North America (Toronto):
Mr Yuri Rubinsky
voice tel 1-416-239-4801; fax 1-416-239-7105


Risk of bringing plastic cards through UK customs

Ross Anderson <Ross.Anderson@cl.cam.ac.uk>
Sat, 19 Mar 94 14:01:09 +0000
UK customs officers have just been issued by the banking industry with magnetic
card readers. The idea is that they will check suspects' plastic cards to make
sure that the magnetic strip details tie up with those embossed on the card
face. This is reported in a recent issue of `Banking Technology'.

Not only are faults in magnetic strips fairly common, but poor maintenance of
card readers has caused problems in the past. I have advised one man in the USA
who is suing his bank after being arrested for altering the magnetic strip on
his credit card. It turned out that he had not done this; the read head in the
merchant terminal was probably misaligned, but in any case there was an alarm
from the bank which the police took at face value. In the event, it took him
about a year to slog through the banks' denials, get access to the card and
have it tested by VISA to prove his innocence.

The risk to travellers is that some defect, whether in your card or in the
customs man's reader, could get you arrested for fraud. If you are not resident
in the UK, the courts might well refuse bail and keep you in jail for a year or
more awaiting trial. If you are lucky, the Home Office might just deport you;
but even this might be serious if you have relatives or other interests here.

Ross Anderson   Cambridge University Computer Lab   rja14@cl.cam.ac.uk


RISKs of safe ATMs

Sidney Markowitz <sidney@apple.com>
Tue, 22 Mar 1994 16:51:48 -0800
I just saw a report of a press release from Dassault Automatismes Et
Telecommunications, a French company that makes automated teller machines,
about their new secure indoor lobby ATMs. The spokesperson is quoted:

"What a lot of people don't realize is that, if a thief tries to use
 a card which has been stolen, our ATMs are programmed to lock
 the doors and call the police. Not only is the customer secure
 from muggers, but the lobby ATM prevents card fraud,"

So if you use one of their cards, you had better hope that there are no
data entry errors when a card with an account number similar to yours is
reported stolen. And will a bank be careful to verify that it is really you
calling to report your card as stolen and not someone who has decided to
make trouble for you?

 -- sidney markowitz <sidney@apple.com>


Re: Hard-drive headache!

David M. Miller <dmiller@hk.net>
Wed, 23 Mar 94 00:42:12 HKT
I enjoyed the story told by Robert Telka (RISKS-15.65) but think there is more
to be learned from this almost comical series of events than "you are never
prepared enough".  The RISKS are procedural rather than technical, but still
related to IT.

The disk crashes caused Company P to be without IT services for several weeks.
This surely cost them a tidy sum.  Yet, recourse against the Plant Manager,
who was the senior staff member on the scene, is limited as the "rule" he
broke is unwritten.  Should the manager be sacked, any lawyer worth their salt
would make a good case for unfair dismissal.  "Unwritten rules" can be broken
as long as one doesn't do it in writing :-) . The RISK is that staff members
may not comply with the spirit.  (They obviously can't comply with the text.)

Furthermore, the fact that both the primary and backup disks were in the same
cabinet raises serious concerns about the contingency plans of the company.
Contingency plans are often written for specific scenarios, when in practice
nasty events such as these are never so neatly packaged.  The RISK is that IT
people are optimistic, causing them to underestimate threats, while Murphy is
an absolute S.O.B.  I would speculate that company IT management did not
consider all aspects of a head crash -- obviously cabinet movement would be a
likely cause....

IMO, the computer site should have been treated with more care and
respect, since it was used by the sales force and other plants.
RISK:  You lose your sales computer, maybe you lose your business.

David M Miller, GPO Box 4761, Central, Hong Kong  dmiller@hk.net
CompuServe:  100032,341            Fax:         +852 987 1185


Copyright violations in RISKS Digest

Matthew B. Landry <mbl@ml7694a.leonard.american.edu>
Fri, 18 Mar 94 20:28:24 EST
>I am absolutely not making this incident up; in fact I have it all on
>videotape.  The tape is from a local TV news show in Oregon, ...

    The beginning of the quote saying "I am not making this up" tipped me
off to begin with, but I read almost the whole thing before being positively
sure that this message was in fact plagiarized from a humor column by Dave
Barry. They even reprinted this column in one of his books.
    Just thought people might like to know that this column is copyrighted
by the Miami Herald and the author.

Matthew B. Landry, President of Project SAVE  mbl@ml7694a.leonard.american.edu

     [Similar comments also came from Ted Lemon <mellon@ncd.com>,
       straz@cambridge.apple.com (Steve Strassmann),
       danny burstein <dannyb@panix.com>,
       hoaglund@tecnet1.jcte.jcs.mil,
       Alan Bawden <Alan@lcs.mit.edu>,
       hartley@AIC.NRL.Navy.Mil,
       "Jonathan I. Kamens" <jik@cam.ov.com>.
       Marc Horowitz <marc@MIT.EDU>,
       "MARCHANT-SHAPIRO, ANDREW" <MARCHANA@gar.union.edu>,
       mbraun@hydra.urbana.mcd.mot.com,
       ROBINSON_PAUL@tandem.com, and
     I also got another posting of the Mahoney message from
       youngman@signal.dra.hmg.gb (neil youngman)!
     It is of course inevitable that some not-too-careful folks will pluck
     stuff off the net without including any source info.  The problem
     compounds itself as the information moves along the net food chain.
     Stalzer's explanation follows.  PGN]


Re: The RISKS of whale removal

<stalzer@macaw.hrl.hac.com>
Mon, 21 Mar 1994 08:55:34 +0800
  I have been informed that most of the text of my posting was a Dave
Berry column. The text was forwarded to me by a friend and, after
laughing many minutes, I removed the headers to protect my friend's
privacy and sent it off to risks in the hopes that everyone would get
a good laugh. I apologize for any inconvenience. -- Mark


Comment on my earlier posting on puncutation and spelling errors

Don Norman <dnorman@apple.com>
Mon, 14 Mar 1994 09:46:48 -0800
Commentary on my earlier note on punctuation and the resulting errors in
spelling.

I have now received sufficient private and public messages to indicate that my
knowledge of the history of punctuation and English orthography is seriously
deficient: a clear example of the RISK that a little knowledge is a dangerous
thing. So, please disregard my explanation of the origin of the confusion
between the spelling of words of possession or that are contractions.

In my defense, however (the never-give-up defense), I still wish to argue
that spelling errors are a result of what would amount to "poor design"
were language and spelling actually designed.

the average speaker of English doesn't know the historical development of
punctuation symbols or spelling and so is forced either to memorize
apparently arbitrary and conflicting rules and examples or to construct a
mental model that makes sense of the underlying structure. In my case, I
constructed a mental model that has served me well in avoiding the common
confusions among "its" and "it's." Alas, when I shared that model with you,
the more scholarly among you were able to demolish its validity. This
doesn't change the main thrust of the argument: were English punctuation
and spelling designed with usability in mind rather than reflecting the
complex evolutionary factors of its historical and technological
development, we would have had less spelling confusions, especially of the
its-it's variety. I'll back down and apologize about my scholarship, but
not about the main point.

Don Norman, Apple Computer, dnorman@apple.com  +1 408 862-5515
Apple Computer, Inc MS 301-3UE  1 Infinite Loop  Cupertino, CA 95014 USA


Re: Caught with their pants down (Kabay, in RISKS-15.66)

Sean Malloy <malloy@nprdc.navy.mil>
Sun, 20 Mar 94 14:52:09 PST
Animators have been putting 'easter eggs' like this into films almost since
"Steamboat Willie"; it's an industry in-joke. In addition to the scene with
Jessica Rabbit, there are also claims that a couple frames of the scene with
Betty Boop were retouched, and that in the scene in the rest room, the phone
number in the graffiti "For a good time, call Allisyn Wonderland XXX-XXXX" is
the real phone number for one of the head animators.

In fact, I think that it may be that slipping a few frames like this into an
animated production may have been easier when the shooting was all done by
hand -- you just swapped a couple of reworked character cels for the regular
ones while you're shooting a stack of cels onto film; when the tweening and
coloring and 'cel' combination is all done electronically, there's more work
involved in getting everything into the computer so you can tell it 'use
_this_ set of character cels in frames X through Y instead of the pregenerated
character cel sequence' without it being noticed.

In my opinion, anybody who takes this seriously deserves to.

Sean Malloy, Navy Personnel Research & Development Center,
San Diego, CA 92152-7250             malloy@nprdc.navy.mil

Please report problems with the web pages to the maintainer