The RISKS Digest
Volume 15 Issue 14

Monday, 18th October 1993

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Cable company shows unorthodox children's TV
John Gray
Risks of Virtual Reality
John Mainwaring
Re: Wiretap Laws and Procedures
Bob Leigh
Robert Firth
Hubble mirror errata
Henry Spencer
Re: Privacy Risk for Toronto Dominion Bank customers
Dave Parnas
Digital Signatures as ID Numbers
Karl J. Smith
File on Four
Pete Mellor
Australian government to replace DES
Kevin Burfitt
The FAA and HERF
Winn Schwartau
Info on RISKS (comp.risks)

Cable company shows unorthodox children's TV

John Gray <>
Mon, 18 Oct 93 11:11:23 BST
The following events happened about January this year, at our local Cable TV
company; I worked for them over the summer vacation and I was told this story
by one of the people involved....

Our local cable company makes no local programmes; a voluntary group makes
about 40 minutes a month. This is shown every night at 7pm immediately after
the close of service of the Children's Channel. Obviously the programs
involved are quiet innocuous and suitable for family viewing.

The company also offers a channel called HVC: this shows films which are
distributed on tape to the cable operators. The tape format limits each tape
to an hour so each film is split over two tapes. HVC`s films are low-budget
romance and soft porn. Three films of progressively "stronger" content are
shown each evening.

Both local programmes and HVC are provided using a bank of tape machines and a
"Kavicom" computer system is set up to activate each machine at the right time
and send its output to a cable channel.

On this occasion, the employee(X) who normally loaded the machines set up the
computer for the evening, but didn't load the tapes because the machines were
in use. In fact, one of the machines was unavailable so the tapes were to run
in different machines from usual. X would return later and load the tapes.

Slightly later, while X was working elsewhere, employee Y arrives and loads
all the tapes (the machines are now available), notices the computer's been
set and informs X upon his return that he's set up the system.

At 7.15pm the station`s choef engineer is called at home to be told that
there's porn on the Children's Channel. About 10 minutes later, someone gets
to the [unmanned] station and stops the machines. The error in all this: Y had
assumed the setup would be the same as always; X assumed that Y checked the
details on the computer. The result: the second tape of the last film (the
steamiest) was substituted for the local programmes.

A general note: I've worked with two broadcasters and neither appears to have
any real concern about the integrity of their communications links (it is
assumed that the service providers for the links will keep them secure).  For
example, all the TV and radio service for Scotland passes through one site:
this makes an obvious weak link (either in terms of vulnerability to takeover
or to systems failure). TV and radio signals aren't encrypted (encoded using
standard hardware though) for pre-transmission distribution.

Have you ever wondered how much trust you place on what you see on television?
Not only that broadcasters will show "appropriate" programs but that the
service will provide information when you need it. With larger proportions of
the network management being computer-controlled, there seems to me to be
ample problems waiting in the wings.

Risks of Virtual Reality

"John (J.G.) Mainwaring" <>
Mon, 18 Oct 1993 18:06:00 +0000
There was a good deal of discussion on sci.virtual-worlds early in September
about potential risks of using HMDs (Head mounted Displays).  J. Hill posted a
substantial extract from a front page article by Steve Connor and Susan Watts
published in the Independent (in London) on Sept. 5.  There was lively
discussion in several subsequent postings.  There are different approaches to
HMD design, and approaches that don't use HMDs.  Just when we thought we were
learning to deal with the hazards of keyboards and displays, it seems that
there are other ways for computers to get us.

Hill's posting and disclaimer follow.

A new toy that allows children to play computer video games in
'virtual reality' could permanently damage their eyesight.

The equipment - a headset which beams stereoscopic images on to both eyes - is
already in use in such hi-tech amusement arcades as London's Trocadero. Sega,
the Japanese computer games company, intends to launch a home version in the
United States later this year, and in Europe next year.

Tests of virtual reality headsets on adults produced visual problems which
scientists believe could be far more serious in young children. One fear is
that the toys could lead to permanent squints.

Two groups of researchers, one at Edinburgh University and one in the Ministry
of Defense, have detected side-effects in adult volunteers who wear the
'head-mounted displays', which produce an illusion of reality by giving
all-round, three-dimensional vision of moving objects. Such equipment is
already used by the military and by commercial designers who want to see their
work in three dimensions.

The Health and Safety Executive has set up an investigation of the headsets
because of fears raised by a research team led by John Wann, a lecturer in
human perception at Edinburgh.  `Our results suggests it seems particularly
unwise to introduce them as a toy for children,' Dr Wann said. 'If they are
spending more than a few minutes with these headsets, there are serious
considerations for their eyesight.'

Mark Mon-Williams, an optometrist, said that people who used the headsets for
10 minutes showed similar visual disturbances to those who spend eight hours
at a computer screen. 'It's amazing what you are asking your eyes to do inside
the headset,' he said.

Of 20 young adults who took part in a 10-minutes test, 12 experienced
side-effects such as headaches, nausea and blurred vision. Mr Mon-Williams
said that a particular concern is that the headset puts a lot of strain on
binocular vision, which is fully developed in adults but is more liable to
break down under stress in children under 12 years, causing squints.

The Edinburgh findings are supported by researchers at the Army Personnel
Research Establishment at Farnborough, Hampshire. In a test, 61 per cent of
150 volunteers reported symptoms such as dizziness, headaches, eyestrain,
light-headedness and severe nausea.

Mr Mon-Williams said the main problem stems from the headsets severely
straining the eye muscles, leading to slightly cross-eyed vision. A slight
misalignment of the two images in each eye produces a visual disparity that
the muscles try to correct.

Andrew Wright, software product manager for Sega in Britain, said that the new
product would be tested extensively before coming on the market.

Other health problems associated with virtual reality are beginning to emerge:
a form of travel sickness is affecting people who spend too long in virtual
environments. Symptoms such as nausea and disorientation are brought on by the
slight time-lag between people moving their head and the scene they are
immersed in 'catching up'."

  [I would say that Sega and the rest of the VR games manufacturers
  have some PR work to do. I will watch the Independent for any
  responses to this article.  J. Hill, unrelated to University of
  Edinburgh research team cited in the article.]

Wiretap Laws and Procedures (Denning, RISKS-15.10)

Bob Leigh <>
Fri, 15 Oct 1993 16:32:26 -0400
>Typically, a court order is requested after a lengthy investigation and the
>use of a "Dialed Number Recorder" (DNR).  The DNR is used to track the
>outgoing calls from the suspect's phone in order to demonstrate that the
>suspect is communicating with known criminals.  [...]

>Electronic surveillance is a tool of last resort and cannot be used if other
>methods of investigation could reasonably be used instead.  Such normal
>investigative methods usually include visual surveillance, interviewing
>subjects, the use of informers, telephone record analysis, and DNRs.

This implies that applying a DNR to a suspect's line does _not_ require a
court order and is not considered wiretapping.  In other words, the list of
numbers called by a suspect is not protected as rigorously as the content of
those calls.  I'd like to hear more about how this data is protected or made
available to investigators and others.

I think it would be possible to deduce a great deal about a person's lifestyle
and associated from the list of numbers he or she calls.  This is the
inversion, in a pseudo-mathematical sense, of the database that could be
created by a Caller ID subscriber.  Surely possession of this information
should ordinarily be limited to the caller and the telephone carrier?

Re: Wiretapping (Denning, RISKs-15.10)

Fri, 15 Oct 93 11:55:10 -0400
Dr. Denning's long article on wiretapping was most informative.
This section in particular caught my attention:

   (4) major offenses involved (634 narcotics, 90 racketeering, 66
       gambling, 35 homicide/ assault, 16 larceny/theft, 9 kidnapping,
       8 bribery, 7 loansharking/usury/extortion, 54 other)

If we exclude "other", and also "racketeering", which is a catch-all term like
"offensive to Allah and corrupt of the earth", then, of the 775 major offenses
involved, no less than 700, or 90%, involve victimless crimes, ie actions
involving only consenting adults in free-market transactions.

In other words, these wiretapping capabilities are not being used against real
crimes, but against actions that are defined as criminal for no better reason
than that Leviathan has a boot with which to stamp, and we have faces to be
stamped on.

The risk, I guess, is rather an old one: too many of us are in danger of
forgetting that liberty is indivisible.

Hubble mirror errata :-)

Fri, 15 Oct 93 12:41:38 EDT
>I remember a glowing _Discover_ magazine article describing how perfect the
>Hubble mirror was...

The Hubble mirror actually was quite strikingly precise; it matched the
(incorrect) test rig — the specification, so to speak — with unprecedented

>The Hubble mirror was tested, but as I recall it was
>*management* which balked at the necessity of building a second test jig
>because of a few anomalous measurements...

Not quite correct.  There were three test rigs built for that mirror, and
two of them reported the error.  It happened that the third was considered
the most accurate, so management — under considerable pressure — ignored
the results from the other two.

There was never any serious consideration of building the sort of test
setup that would have been needed for an "end-to-end" test.  Quite apart
from the cost, and the perceived unlikelihood of finding anything — this
really was a one-in-a-million mistake — it would have added substantial
risks of contaminating the mirror surface.

Incidentally, something to think about, with the repair mission imminent...
Obviously, one crucial input to the manufacturing of the corrective mirrors
was the exact error in the primary mirror.  This could be measured in two
ways: by examining the test rigs and results used to make the mirror, and by
examining the images from the telescope (with its focussing adjustment in
various positions).  The two methods do not quite agree.  The discrepancy is
quite small, but it is larger than the known errors of the two methods (that
is, the error bars don't overlap).  By itself, it's probably not a problem --
the positions of the corrective mirrors can be adjusted from the ground to
deal with minor errors — but it does suggest that the situation may not be
completely understood.

Henry Spencer at U of Toronto Zoology  utzoo!henry

Re: Privacy Risk for Toronto Dominion Bank customers

Dave Parnas <>
Sun, 17 Oct 93 17:27:36 EDT
This months "Bulletin" for Toronto Dominion Visa customers announced the
availability of an automated Voice Response System.  It makes lots of
information, including balance, and the last five payments, available to
anyone who knows the card number and 3 digits from the customer's postal code.
The card number is given out with every purchase, the postal code is easily
obtained from the address available in every telephone book.  In other words,
anyone can get information about your purchases.

I first became aware of this before I saw any announcement becaused I phoned
to make an inquiry.  Shocked at this exposure I asked if I could pick a PIN
number different from my postal code.  I was told that this was not possible
with their computers!  I then demanded that I be taken off the system and,
after talking to 3 levels of employees, this was done.

However, until today's announcement, most customers were not available of the

Offering the user the choice of a PIN seems the least that they can do, but
they won't do it.

Prof. David Lorge Parnas, Dept. of Electrical and Computer Engineering,
McMaster Univ., Hamilton, Ontario  Canada L8S 4K1   905 525 9140 Ext. 7353

Digital Signatures as ID Numbers

Karl J. Smith <sparcom!>
Sat, 16 Oct 1993 12:58:59 -0800
 It looks as though the concept of signing things with digital signatures is
beginning to take off, and will surely become more commonplace. This is good,
because we don't have to worry quite so much about forged email, etc. A few
years from now, when we start using electronic means to order things from
businesses, whether it's via email, or through our amazing new "Mall in a Box"
piped to us through fiber lines to our TV, we'll also use digital signatures.
Nobody will be able to order something posing as us, and credit card fraud
should be greatly reduced, since all orders will be digitally signed. This is
good, right?

 Well, now the businesses have our number. Our public key identifies us,
uniquely. Nobody else will have the same public key. This means that
businesses no longer have to try to track us down via our SSN or Driver's
license number - they've got a much better number to use to refer to us in
their database - our signature. We've given it to them voluntarily. That's not
so good. Cross-referencing a few of these databases will divulge buying habits
and other personaly information that's been mentioned in RISKS before.

-- Karl J. Smith     : SW JOAT — Sparcom Corporation — Corvallis, OR     : Phone (503) 757-8416 — FAX (503) 753-7821

File on Four

Pete Mellor <>
Mon, 18 Oct 93 08:20:05 BST
Readers of the list who are able to receive BBC Radio 4 may like to know
that this week's "File on Four" is devoted to the subject of risks of complex
systems and particularly safety-critical software.

The programme goes out on Tuesday 19th Oct. at 19.20 (just after the
Archers! :-) and again on Wednesday 20th at 15.00.

Peter Mellor, Centre for Software Reliability, City University, Northampton
Sq., London EC1V 0HB, Tel: +44(0)71-477-8422, JANET:

Australian government to replace DES

Kevin Burfitt <>
Mon, 18 Oct 1993 17:14:08 +1000
Here is something I found in an Australian computer magazine, which
sounded like something for the Risks Forum...

Quoted from "PCWEEK October 20, 1993"

  The Australian Government has secretly developed its own data
  encryption firmware and algorithm, killing its dependence on the
  US DES (Data Encryption Standard) Algorithm.

  Called Seneca, the firmware element was developed as a joint project
  of the Defence Science and Technology Organisation (DSTO) in Adelaide
  and the Defense Signals Directorate (DSD) in Canberra.


  "It is a symmetric encryption technology like DES, but can operate
  at very high speeds" said the source. Seneca's original specifications
  included a throughput of 2Mbps, but testing had achieved rates of

Isn't part of the security with DES its slowness, which implies that this
new encryption method will be inherently risky because of its speed ?

Kevin Burfitt  (Kevin Burfitt) Compuserve:  100240,2002
Torps Productions:    BBS +61-3-818-0986  FidoNet: 3:635/574

The FAA and HERF

"Winn Schwartau" <>
Thu, 14 Oct 93 21:32:17 -0500
The FAA Discovers HERF
Is John Q. Flyer In Danger?

On  a  recent series of US Scare plane flights, I noticed  a  new
flight attendant spiel.

"We're descending below 10,000 feet for our approach into (safe major
metropolitan airport).  Please turn off all laptop computers, CD and cassette
players.  Thank you for flying US Scare."

In the July 26, 1993 issue of Newsweek, the following appeared.

"On an uneventful flight over the Southern Pacific last February, the 747-400
pilot stared wide-eyed as his navigational displays suddenly flared and
crackled.  The data made no sense.  But a flight attendant was already
whisking a passenger's laptop computer up to the flight deck.  When the crew
turned it on, the navigation displays went crazy.  They returned to normal
when the crew switched off the laptop.  The plane reached its destination
safely.  Investigating the incident, Boeing engineers bought the same model
laptop and tried to replicate the glitch in another 747.  They couldn't."

And then, "In a holding pattern 13,000 feet somewhere above the southeastern
United States, the pilot saw the guidance computers and controls that maintain
the craft's lateral stability shut down. A passenger in Row 1 - directly above
the flight computers and near the navigation antennas - was using a radio
transmitter and receiver, a flight attendant said.  The first officer hurried
back and the told the man to shut it off; the systems blinked back on.  Five
years later, no one can explain how, or even if, the radio zapped the

Welcome to the world of HERF.

HERF is an acronym for High Energy Radio Frequency, and holds potential
disaster within its enigmatic description.

Over the last couple of years, Security Insider Report has discussed HERF and
its potential for disrupting electronics (June, 1992, October, 1992, November,
1992, January, 1993).  Word is getting out.

A fundamental axiom of electronics is at the heart of the phenomena, and needs
to be understood to appreciate the potential severity of the problem.  An
electric current creates a magnetic field, which travels at the speed of light
in all directions.  This is the principle of radio and TV and cell phones.

If you stick a wire in the air, and connect it a completed circuit, a magnetic
field will induce a current flow.  Again, radio and TV.  If you modulate the
signal with information, then the information can be sent from one place to
another almost instantaneously.

On the other hand, we have all heard interference on the radio or a cell phone
when passing through a tunnel or on a bridge.

HERF is the magnetic field, intentional or not, that when detected by an
electric circuit can disrupt its operation to varying degrees of intensity.

A HERF signal, if properly aimed at an electronic target can so disrupt its
operation as to render it useless.

This may well be what's happening to the 747-400's that experience anomalies
such as those Newsweek described.  You see, the latest generation of planes
are known as "fly-by-wire", meaning that the planes functions, from nose to
tail are controlled by a maze of computers and 145 miles of wires and cables.
Many of these signals are so-called low-level signals, high impedance low
voltage signals that are the most susceptible to interference.

Now, a laptop computer or CD player will emit unintentionally, a quantity of
radiation by its very nature.  Despite the regulations made by the FCC to
minimize electromagnetic emissions on consumer equipment, the shielding is far
from complete.  While the home computer may no longer screw up a TV picture as
it did in the days of the TRS-80 and VIC-20, enough signal leakage occurs as
to be of concern to the DoD and NSA.  That's why they have the Tempest program
- to stop all leakage at all costs.  That's an intelligence concern, but the
principle is the same.

While the FAA and most airlines deny that there are any safety concerns to
worry about, malfunctions of avionics systems do bring up serious public
safety issues. Since 1990 the FAA has complied almost 100 reports of such
occurrences with a six-fold increase this year alone.  Why?  We suspect, as
many do, that fly-by-wire planes are indeed affected by computers and digital
music systems.

The number of potential paths that a radiated signal can take include flowing
down the metal skin of the airplane, down the conduits of the wiring, directly
into low level paths, or bouncing off of metal surfaces directly into
antennas.  Another possibility is one of resonance; where the radiated signal
and the affected circuitry operate at the same frequency, thus increasing the
apparent effects.  A 10 MHz signal tends to attract and apparently "multiply"
the energy of a nearby induced 10MHz signal.  It's the nature of the beast.

Another culprit is the FCC testing method for emissions certification of
consumer products, especially computers.  The tests as run by the manufacturer
are idealized, under nearly perfect conditions.  But, if you add RAM or a
bigger hard disk, or one from another manufacturer, or use a higher speed CPU
or add a modem, the rules change, and the emissions characteristics change.
The power supply is drained faster, the clock cycles differently, and the
location of the added RAM creates new magnetic patterns that might not still
meet the barely adequate FCC emissions standards.

Back in the mid 1980's, I worked for computer companies who spared no effort
in minimizing compliance with the FCC.  The bare minimum configurations were
tested, and often we had to run back and forth to the factory to find the one
single, unique computer system that would comply.  Manufacturing tolerances
and the bottom line took precedence over compliance.

In many cases, the mere addition of 256RAM, bringing the machine up to a fully
loaded 640K, would literally increase the emissions by a factor of 10!  The
FCC be damned.  And then the addition of peripherals were even worse.  Only
those peripherals which actually had a port or a cable were required to have
their own FCC compliance, but there's no provision for the synergistic effects
of different manufacturer's products working together and still meeting the
specifications. It was a total scam by every company I worked for.  The edict
was clear: Do whatever it takes to pass the test, for every day we're not
selling, we're losing money.

Also, some of the approved FCC testing laboratories were less than on the up
and up.  A typical suite of tests can run from $2500 to $25,000 and take 6
weeks or so; a costly death knoll for the competitive computer biz.  But a
double payment, in cash, often insured that the product was guaranteed to pass
in less than a week.  Get the point?

Then there's the mice.  A mouse - in distinction to a built in track ball
within the unit itself - is attached by a wire.  Another word for a wire is an
antenna, and antennas are meant to amplify signals.  In the case of the mouse,
the wire is merely meant to carry stepped signals to the CPU; however, the
shield or ground signal, especially in a battery driven laptop, is what we
call floating; that is, it never really reaches ground to sink into the power
company's and Mother Earth's natural ground point.

Instead it floats at some undetermined level above ground, and guess what it
does?  It radiates! At some undetermined level, depending upon what is stuck
inside the machine and by whom.

It's no wonder that the engineers at Boeing and NASA and Apple are having such
a time trying to figure out what's happening.  The rules are wrong in the
first place.

We live in an electromagnetic sewer, and God knows we shouldn't be playing
"let's not worry about it" with computers flying planes at 37,000 feet.

The FAA knows better, and I would hazard to guess, wants to do everything
within its power to avoid a panic or loss of public faith in the airline
industry.  That's perhaps why, they have kept it pretty quiet that they are
protecting their own airport based facilities against HERF and radiated
emission interference.

In a low-profile massive endeavor, the FAA is replacing the glass in its
control towers and offices in and around airports.

We have received information from sources close to the FAA that their very
concerned about HERF interference problems in air traffic control systems from
the high power radar that keeps the airways safe.  According to these sources,
they are replacing control tower and office glass with shielded glass which
attenuates electromagnetic signals by anywhere from 60-100db depending upon
the severity of the problem.

The replacement program is supposed to last for several years, which coincides
with the upgrading of the nations control systems - which will obviously be
more automated and computer driven than ever.

If the FAA is as aware of the problem and the possibilities as it appears they
are, one would hope they would take some stronger proactive measures to
protect passengers - even if they're is only a glimmer of a chance that a
laptop or a CD player could cause a plane to crash.

It seems entirely reasonable to suggest that the FAA should just go ahead and
ban such electronic devices on planes altogether.  What's the big deal?  Would
the traveling Road Warrior care that he would lose 5 hours of productivity on
the Red Eye?  Probably, but if all airlines stick to a policy (there's that
word again . . . funny how it keeps cropping up) especially is mandated by the
FAA, everyone would still be playing on a level playing field, and no one
would lose business.

On the other hand, if planes are in fact susceptible to low level emissions
from computers, is that such a good thing to openly admit?  Because, what if
you just turn up the volume a few db?

There are plenty of crazies out there; and with terrorist concerns on the
rise, who knows what they might pull.  Well, here are a couple of

Suppose I'm a real crazy bad guy, and I bring a specially modified laptop onto
an airplane.  The airport security is dismal and you can get just about any
electronic device through with no trouble.  But this laptop is modified to
emit very high levels of radiation; either automatically or upon command.  If
I'm real nuts, and am totally committed to my cause celebre, I might be
willing to bring the plane down with me on board.  More than a few people meet
that criteria.  It might take a little tinkering and get on the right
fly-by-wire plane to do it, but with the number of events already on the
books, it's doable.

Or, if my survival is important, I might check my luggage through with a HERF
device, timed to 'go-off' at some point during the flight.  Without me on
board, of course.  Luggage scanning can't tell the difference between a 'good'
electronic device and a 'bad' one.  If the FAA has something to worry about in
this realm, this certainly qualifies.

Or, let's replace the rocket launcher at the end of the O'Hare runway scenario
which was disclosed by the FBI during a CPSR meeting in Washington, D.C. on
June 7, 1993, with a powerful HERF Gun.  A HERF Gun is an electromagnetic
generator which is focused and aimable and frequency specific.  Situated in a
van, powered by a V-8 and an alternator, the HERF energy, several orders of
magnitude louder than that emitted from a laptop, could have a devastating
effect on planes taking off and landing.

And acquiring such devices is pretty simple.  You can go out and build one -
it's an exercise in Electronics 101 - or I can buy one.  Where? From the US
government of course.  A military surplus high power radar antenna is easily
modified for higher signal strength and focussed targeting by someone familiar
with electronics.

Cyberspace has indeed come of age, and modern airplanes are as much a part of
it as computer networks.

It's just that the FAA doesn't know what to do about it yet.

Let's hope they get up to speed quickly.  Very quickly.

Please report problems with the web pages to the maintainer