The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 15 Issue 49

Thursday 10 February 1994


o FireFly in the ointment?
Don Watts
o Aging software ages suddenly!
Don Watts
o Clinical diagnosticians and diagnostic clinicians
David Honig
o UK bank preparing for electronic money trial
John Gray
o What goes around, comes around
Paul Robinson
o Electronic rumours
Mich Kabay
o Medicare Transaction System & the Electronic Superhighway
Mich Kabay
o Re: Risks of cliche collisions on the information superhighway
Mark Jackson
o Re: White House documents
Bill Casti via David Crawford
o Re: Cantwell and Spoofed Representatives?
Jon Leech
o Re: Sounding the Alarm
Robert J Horn
o Re: Verify your backups
Timothy Miller
Dan Lanciani
Martin Minow
o EMI article in IEEE Spectrum
Robert J Horn
o Information on RISKS
o Info on RISKS (comp.risks)

FireFly in the ointment?

"Peter G. Neumann" <>
Thu, 10 Feb 1994 10:57:13 PST
Don Watts of Tustin CA checked in by SnailMail with a note that the StarWars
decoy/laser-radar program (FireFly) worked completely backwards (for example,
with respect to incoming maneuvers) because the accelerometer was wired in
opposition to the directional assumption in the software.  (The shaker tests
of the decoy were omitted in an effort to save money.)

Aging software ages suddenly!

"Peter G. Neumann" <>
Thu, 10 Feb 1994 10:57:13 PST
Don Watts also offered the following memo from Steven Ray of the Ball Efratom
Division, dated 20 Jan 1994, and lightly edited by PGN.

  Aging Analysis Software malfunction

  On Monday, 17 January 1994, a `bug' developed in the IBM-based ``Ball
  Aging Analysis'' software program.  This bug prevents us from plotting
  any aging data after 16 Jan 1994 even though the data actually exists
  in the database.  This bug effectively shut down all shipments of units
  because no graphs could be generated.  After some initial investigation,
  this bug was linked to the modified Julian date of 2148 and that any
  date before that was OK, but any data after that would not plot.  So,
  as a temporary fix while the software code is being corrected and to
  continue to be able to ship units, I have set the dates on all of the
  Aging computers back one year, to 1993, so that the aging data can be
  plotted on all Aging plots until a permanent fix can be done.

Clinical diagnosticians and diagnostic clinicians

David Honig <honig@ruffles.ICS.UCI.EDU>
Tue, 08 Feb 1994 14:03:07 -0800
Which of the following is *not* a reason for the clinician to remain an
essential part of the diagnostic process?

A Computers are unable to collect and evaluate nonverbal data.
B Patients have poor acceptance of computer-assisted assessment.
C Computers are poor at temporal reasoning.
D Computers cannot assess the clinical significance of a behavior.

The answer was given as B, though of course AI researchers are working on the

Anyway, the _Psychiatric Annals_ Jan 1994 Vol 24, No 1 issue is about "Using
Computers in Psychiatry".  Shrinks can get continuing education credit for
reading this mag and mailing in a quiz included.

Titles of articles range from using computers to teach ugrads (including
showing video clips of psychopaths from popular hollywood productions..)  to
expert systems making drug recommendations, to computational models of the
mind and Psychiatry.  Most articles are written by MDs with a few real

UK bank preparing for electronic money trial

John Gray <>
Tue, 8 Feb 94 13:42:41 GMT
I was hoping that someone else might have seen more about this and posted
information here, but it appears not; in that case I'll mention what I know,
in the hope that someone will be able to fill in the details.

One of the big UK banks is apparently planning to introduce a trial in
Swindon, UK of an electronic money system, where money is held on plastic
cards (I'm not sure whether magnetic or smart). Money is transferred through
the system using either a handheld reader or an EFTPOS system in a shop. The
cards are not personal, but can be locked with a 4-digit PIN code. A card that
isn't locked can be used by anyone, while a locked card requires the code in
order to view the balance or deduct money from the card. The nature of the
system allows individuals to transfer money from card to card using the
appropriate palmtop-sized system.

I assume that the money is "cryptographic", but I've forgotten the details (I
read all this in a paper some months agp). Does anyone know any more about this
system? It raises a whole host of issues, both social and technical.

John Gray

What goes around, comes around

Paul Robinson <PAUL@TDR.COM>
Sun, 6 Feb 1994 01:17:49 -0500 (EST)
The following was posted on a local BBS about the recent incident on the


Staff member suspended for network abuse, by Wendy Wein

     Clarence Thomas, systems administrator for "Redwood," the administrative
computer, will be temporarily suspended from his job because he sent a 5,500
character religious message to between 1,200 to 1,500 news groups across the
world through the Internet.  This act violated the system's purpose, giving
Andrews University a bad reputation among the Internet users. Over 1,200
complaints came over the Internet to the Andrews computer science department
demanding justice.
     According to Mailen Kootsey, chair of the academic computing committee
and dean of the College of Arts and Sciences, Thomas will be suspended from
his position for a week. His status will be reviewed at the end of the time
period. During this week Thomas will not have available access to the network
     Sometime between five and eight o'clock Monday evening, January 17,
Thomas sent his three-page message titled "Global Alert for All: Jesus is
Coming Soon," from the Andrews computing center to the news groups which are
accessible through the Internet, a computer system which connects computers
throughout the world.
     These news groups deal with different individual topics. For example, if
a news group is about cars, then only information about cars should be sent to
that news group. Some people subscribe to more than one group and some
universities and organizations are subscribed to almost all of them. Thomas
sent his religious message to all of these groups.
     People who were not interested received this message, some more than
once. Some organizations received 1,200 to 1,500 copies.  For many of the
subscribers religious input was not accepted very well. This message took up
their time and money.  The message accumulated 5.5 kilobytes of disk space.
Within an hour after the message was sent, Daniel Bidwell, administrative
contact for the network at Andrews, received Internet messages from the East
     In two hours they came from the West coast and within four hours,
complaint letters came in from other countries. The letters made statements
such as "This is not what I am paying for" and "Will this guy be stopped?"
     In addition to the news groups, Thomas also sent his message through a
mailing list, filling others' electronic mail. This could have been changed by
sending it to only a few news groups so fewer copies could have been
distributed.  "If he sent his message through a news group which dealt with
religious issues then everything would be fine," said Bidwell, "No one would
have known."
     There are no laws against Thomas' actions, yet he violated and broke some
of the unwritten rules of society. That is why many people are unhappy.
     This act created poor reactions towards the university.  Thomas' intent
was to spread the good news of Jesus' return to all those he could reach.
Thomas was trying to witness to others, yet instead of creating joy in
peoples' heart, he only created anger and resentment. "He was doing the right
thing in the wrong way," said Bidwell.
     Some of those who wrote to complain said that they agreed with the
message, but that Thomas delivered it wrongly. This message has created bad
public relations for the church at another's expense.
     The letters that were received included threats. They wanted Thomas
fired, or else the Internet connections from the Andrews campus could be
"taken." People are now writing and finding ways to contact President Lesher.
Not only have strangers called, but also a large amount of Adventists claiming
that something must be done to save the church's sacred reputation.
     On Monday morning, January 24, Rob Barnhurst, Thomas's supervisor and
director of the computing center, Ed Wines, vice president for finance, and
Kootsey, met to discuss the incident.  They decided to send out an apology
through the Internet, explaining that they did not condone Thomas's act and
will try to keep this from happening again.
     Thomas graduated from Andrews with a computer science degree.  Those at
the computer science department feel that he knew better then to send out that
many copies. "It was clearly, very definitely abuse," said Ray Paden, chair of
the computer science department.  "He broke the guidelines for the Internet
and violated the net etiquette. The trust was violated."

Electronic rumours

"Mich Kabay / JINBU Corp." <75300.3232@CompuServe.COM>
05 Feb 94 22:30:12 EST
>From the Associated Press newswire via Executive News Service (GO ENS) on

Glitch Reveals The Power Of Internet; New Group's Offer Unleashes Users' Tirade
By John Burgess and John Schwartz, Washington Post Staff Writers, 31 Jan 1994

  A small organization promising free access to a global computer network
  found itself recently the focus of a deluge of electronic hate mail. To its
  chagrin, the messages were carried all over the world by the very network
  the group promotes, the Internet.

The authors explain that the International Internet Association (IIA) issued
ads last year offering free access to the Internet.  However, to get access,
eager users had to submit a credit card number.  Then, potential customers
were told, the free-access ports were generally busy.  If they wished, such
customers could subscribe to the service at $0.20/minute, charged to the
credit card.

Scott Ward, an official with CapAccess of Washington, DC, another service
providing free Internet access, investigated IIA and couldn't locate any
evidence of its computer.  He then sent out an electronic warning that was
widely circulated. He wrote, "I am not convinced this organization exists and
highly discourage any Internet user from sending information until you make
certain that the IIA is real."

Unfortunately for everyone involved, the IIA was real.  The Executive Director
of the IIA, Max Robbins, promised to repair the damage to its credibility
caused by the incorrect electronic rumour.  He announced changes in the
organization's financing: all access would be free, but the IIA would solicit
corporate donations.

This story once again illustrates the need for the same (or greater) level
of care in verifying what we post on the Internet.  Because information in
electronic form doesn't fade, get wrinkled, or impossible to read after
multiple use, electronic rumours can circulate forever.  RISKS readers will
recall the case of Craig Shergold's unstoppable avalanche of post cards.

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn

Medicare Transaction System & the Electronic Superhighway

"Mich Kabay / JINBU Corp." <75300.3232@CompuServe.COM>
30 Jan 94 14:53:24 EST
>From the Washington Post newswire via Executive News Service (GO ENS) on

Medicare Billing to Join Electronic Superhighway; One National System to
Handle All Payments, By Spencer Rich, Washington Post, 20 Jan 1994

    By the end of the decade, one giant nationwide computer system will
  electronically pay nearly all of the 1 billion bills Medicare handles each
  year. Beneficiaries will only have to hand their Medicare cards to their
  doctors, hospitals, laboratories or nursing homes to make sure their bills
  get paid.
    Once a patient's identification number is punched into a terminal at a
  hospital or doctor's office, the computer will compute how much Medicare
  owes, electronically transfer that amount to the doctor's or hospital's bank
  account, calculate how much an individual's Medigap (supplemental insurance)
  policy owes and automatically bill for that. If the Medicare beneficiary has
  no Medigap policy, the government computer will bill the patient for
  whatever is owed."

The article continues with the following key points:

o    $19 million six-year contract to GTE Government Systems Corp. of
     Chantilly, Va., for design and implementation;
o    implementation '96-'98;
o    Medicare Transaction System (MTS) will eliminate many manual procedures;
o    may save $200 million a year.

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn

   [Maybe it is time for the MediBempsters to write a song about
   healthcare along the superhighway.  PGN]

Re: Risks of cliche collisions on the information superhighway

Mark Jackson <>
Mon, 7 Feb 1994 13:09:12 PST
As an addendum to Phil Agre's note in Risks 15.44, PGN begins:

>    [We are going to see all sorts of metaphors springing up on the
>    InfoSuperhighway, such as. . .

Perhaps most evocative, from the "Editor's Note" on the state and future of
jounalism in the January/February issue of the /Columbia Journalism Review/:

  Only now, thanks to the new technology, the public doesn't have to take
  it anymore; with every passing day people have more alternatives to the
  traditional news media to choose from, a situation that has prompted
  commentator Jeff Greenfield to warn that journalists may become
  "roadkill on the information highway."

Mark Jackson

Re: White House documents (from

Wed, 9 Feb 94 16:15 PST
Article 13945 of
From: (Bill Casti)
Subject: Re: Altered White House documents
Date: 9 Feb 1994 21:53:21 GMT
Organization: The Gnomes of Zurich (shhh!)

Chris Fulmer ( wrote:
: At the risk of extending this to the point that it should go elsewhere...

: I believe that the original post said that the on-line version of the
: remarks differed from the remarks that were actually stated.  While the
: President's position may have changed, the remarks that he made certainly
: didn't.

re: "revised documents on ftp server".....

            ---------- Forwarded message ----------

Date: Mon, 07 Feb 1994 16:29:29 -0700 (MST)
From: (David W. Crawford)
Subject: Revised Documents on FTP server without version number

>From Mon Feb  7 09:47:09 1994
>Subject: Altered White House documents
>Date: 5 Feb 1994 09:38:23 -0800
>I assume everyone knows about the ftp site I just
>discovered that the Clinton rebuttal to Elizabeth McCaughey's
>critique of his health care plan has been altered on
> - with no mention in the current version that it
>has been changed.

    I assume that neither of you know the difference between a
    speech-as-written and a speech-as-delivered.

>According to Associated Press writer Tom Raum, the original White
>House rebuttal to McCaughey's New Republic magazine article used
>the word "lie" four times. The copy of the White House rebuttal I
>just downloaded (Feb 5, morning, pacific time) does not contain
>the word lie nor does it contain any indication that it is a
>"revised" version.

    Then, it's the speech-as-written and not the

>White House spokesman Dee Dee Myers defended the rebuttal on
>Thursday although she conceded that "perhaps the language was a
>little strong." Clinton, asked by reporters earlier this week
>about calling McCaughey's comments lies, responded, "Well, I hate
>to use that word, but the New Republic article was way off base
>and the New Republic didn't make total disclosure about the source
>of the article." So Clinton admitted to the use of "lie" but it
>has since been removed from the version available for anonymous
>ftp at Makes you wonder just how self- serving and
>accurate the rest of the information there might be...

    That's a knee-jerk reaction and totally inaccurate. The
    speeches-as-written are usually delivered a few hours in
    advance of the speech, with an embargo on publication until the
    speech has been delivered (the same embargo the rest of the
    news media observes, by the way). If you look in the White
    House Papers gopher hole (accessible for anonymous ftp by
    telnetting to, which mirrors the gopher
    SUNsite at Syracuse University), there are several examples of
    speeches-as-written (indicated by "as prepared") being followed
    by clearly indicated "CORRECTED--as delivered" speeches.

>UWSA'ers note: the directory /pub/political-
>science/speeches/perot contains the text of Perot's book "United
>We Stand," and various Perot speeches. But no, I have not double-
>checked them for unauthorized "revisions."

    These are no longer contained in directories which are mirrored
    by, as they are not White House documents. Talk
    to Mr. Perot and get the address of *his* ftp site (I doubt if
    he has one).

In the future, make sure you get the FACTS before you spout off
about stuff you--apparently--know nothing about. I know that doing
a bit of investigative research would greatly hobble your
arguments, but it would be the courteous thing to do.

If you have questions about what is or isn't contained in the
documents available through, ask first.

The address for comments/questions/suggestions about the document
site is:

Bill Casti

Re: Cantwell and Spoofed Representatives?

Jon Leech <>
9 Feb 1994 19:23:16 -0500
    In RISKS-15.47, (Stanton McCandlish) asks us to "*Please take
a moment to send e-mail to U.S. Rep. Maria Cantwell ( to show
your support of H.R. 3627, her bill to liberalize export controls on
encryption software.*" Later, he writes "EFF will deliver printouts of all
letters to Rep. Cantwell."

    It's unclear if Rep. Cantwell

    (a) asked for the account to be established,
    (b) was aware of the account's existence, or
    (c) had no idea of the existence of the account (though I'm sure she
        does by now :-)

    If EFF is acting on its own initiative as a mail to print reflector for
Rep. Cantwell, perhaps this should be stated and some other, non-confusing
name used for the mail drop? I would think EFF needs to be particularly
careful to avoid confusion on details like this...

    Jon Leech (       UNC Pixel-Flow Project

Re: Sounding the Alarm

Robert J Horn <>
Wed, 9 Feb 1994 20:37:42 -0500 (EST)
> "driving doctors and nurses to distraction" who agree that "alarm noise
> pollution is a significant problem that threatens patient health"
> presumably because "doctors order that all alarms be disconnected except
> those deemed absolutely necessary for patient safety."

For more information and detail on one aspect of this see the December 1993
issue of IEEE Engineering in Medicine and Biology.  This magazine is probably
of interest to many Risks readers, since the subject is an intersection of a
significant risk area with a significant computer content.

The discussion of ethics in the December issue is probably the most important.
It should act as a strong reminder that the risk of computer malfunction is
merely one aspect of system ethical analysis.  Just as most people now
understand that risk analysis must include the whole operational environment,
not just the literal instructions, we will eventually learn to consider risks
in the larger ethical context.  The initial step is to begin to understand the
ethical issues.

Rob Horn

Re: Verify your backups (Heberlein, RISKS-15.39)

Timothy Miller <>
Sun, 23 Jan 94 14:56:02 -0500
Isn't wuarchive one of the more widely mirrored archive sites? Couldn't they
get most of their files back by copying from the mirrors? I know this misses
the original point about failed backups as far as other sites are concerned,
but it seems to me there are benefits of as well as risks from computers and
technology here.   Tim

Re: Bad backups (really NEC CD-ROM problem) (Hamlet, RISKS-15.43)

Dan Lanciani <>
Sun, 30 Jan 94 19:17:59 EST
> ... the FORTRAN library disk i-o routine did retry for read failure,

This reminds me of something I had meant to send in long ago, but which
may still be relevant.  The NEC CDR-72 CD-ROM seems to have used a similar,
highly successful error recovery technique.  I don't remember the exact
details, but the drive would substitute either the previous or the next
block for the one it had meant to retry.  There was absolutely no indication
of error to the host machine, just _silent_ data corruption.  Given what we
expect from CD-ROMs, the risks of this kind of failure mode are obvious.
(Oh, and note that this problem showed up with the first soft errors after
but a few months of dust accumulation.)

I think NEC's treatment of the problem shows a worse risk, though.  They
knew the flaw existed and they took no action to contact registered owners
(let alone unregistered ones).  Moreover, their first-level technical support
was either uninformed or else was instructed to avoid the issue.  When I
explained the problem to them in great detail, they kept insisting that I
send them the specific CD that was showing the problem and/or try a different
CD in the drive.  They could not (or would not) grasp the concept that an
unreported error was unacceptable in this context.  And they felt that if
any CD could be found to read without corruption at least once then the
drive must be fine.  I asked that they have somebody with a more technical
background get back to me, and indeed somebody did get back to me.

The technical person was so technical, of course, that he would not listen
to my detailed description of which blocks ended up where.  Instead he
required me to bring the phone to the computer to perform a ``special test.''
The test turned out to be to copy a file from the CD to the hard disk and
then run the ``special'' DOS program COMP on the two copies.  I was to
report the number of mismatches shown.  The number of mismatches was
the maximum that COMP will display before giving up, and reciting that
number won me a replacement drive for what he admitted was a known
problem.  I hate to think what would have happened if the drive failed
the same way during the COMP as during the copy.  Or worse, if I didn't
have a DOS machine on which to run the ``special test'' to his satisfaction.

I'm no expert on the uses of CD-ROMs, but I'll bet someone can come up
with a pretty bad scenario caused by these kinds of errors.

Dan Lanciani   ddl@harvard.*

re: backups (Hamlet, RISKS-15.43)

Martin Minow <>
Mon, 7 Feb 94 13:45:37 -0800
In Risks 15.43, Dick Hamlet wrote:

> How many dump systems today read back what has been written for backup
> (much less check it or do a file compare!) unless there is a restore request?

This is a normal option to Retrospect, a backup package for Macintosh. It
seems to work very well.

Martin Minow

EMI article in IEEE Spectrum

rob horn <>
07 Feb 1994 15:23:36 -0500 (EST)
There is a good summary article on EMI/EMC in aircraft in the current issue of
IEEE Spectrum.  Not much new to RISKs readers, but a good overview of the
present situation.

Rob Horn

Please report problems with the web pages to the maintainer