The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 15 Issue 57

Tuesday 22 February 1994


o Extra line in Chemical Bank program doubles ATM withdrawals
John Sullivan
o What else happens when the airbag in your car is detonated?
William Caloccia
o SimHealth
Mike Zehr
o Risks of "doing it right"
David Wittenberg
o The ultimate couch potato
Bruce Balden
o Telephone Card Audit Trails
o E-Mail Courtesy
Dan Yurman
Peter Cherna
Greg J B
o E-mail to Bill
Aaron Barnhart
o CompuServe Offers Credit Info
John Murray
o Electronic Food Stamps
LoQuan Seh
o Re: YAMIC [Yet Another Mistaken Identity Case]
Bryan J Dawson
o John Perry Barlow WiReD article on Clipper
Martin Minow
o Info on RISKS (comp.risks)

Extra line in Chemical Bank program doubles ATM withdrawals

John Sullivan <>
Sat, 19 Feb 94 19:55:58 PST
An extra line meant to be "dormant" for now caused Chemical Bank to deduct
twice any amount its customers withdrew from ATM machines Tuesday night and
Wednesday.  However, they received praise from the state consumer board for
their prompt and open response to the problem.

My information comes from articles in The New York Times, 18 Feb 1994, p. A1
and 19 Feb 1994, p. C1.  The new line of code was part of a year-long effort
to add functionality to ATM machines.  It sent a copy of the ATM withdrawal to
a different computer system (the one that handles paper checks), which then
deducted the money a second time.  This second system is only run overnight,
so the problem was not detected until Thursday morning.

About 430 checks were bounced incorrectly as a result, but Chemical contacted
the customers affected, and offered to pay any charges they incur, or write
letters of explanation to the recipients of the checks.  The NY state consumer
board has also asked them to refund any fees for the ATM transactions which
were completed incorrectly.

There were about 150k ATM transactions incorrectly doubled, amounting to $15M.
(Last year in the US there were 7G ATM transactions averaging $50, according
to The NYT article.)

Steven Bloom, who runs a consulting firm in NJ said: "There are similar
episodes that take place all the time, but we never hear about them because
the bank is able to get the accounts straight before it opens its doors in the
morning.  The problem in this case is the ATM system is highly visible and
runs 24 hours a day, seven days a week."


     [Also noted by
       Linn H. Stanton <>,
       Mark Bergman <>,
       Jeremy Epstein <>,
       "Greg D." <>, and PGN.
     I took John's version because his version was the
     most Digest-able, although not entirely consistent with the others.
     Further sources included the following clips:]

          In one of the biggest computer errors in banking history, Chemical
        Bank mistakenly deducted about $15 million from more than 100,000
        customers' accounts on Tuesday night, causing panic and consternation
        among its customers around the New York area.
          The mistake affected 150,000 transactions from Tuesday night
        through Wednesday afternoon. Some checks were bounced Thursday
        morning as a result, although the bank said the number was small.
            [The New York Times, Friday 18 Feb 1994]

          Millions of dollars vanished from New Yorkers' bank balances
        Wednesday, when a computer deducted $2 from accounts for every $1
        withdrawn from automated teller machines."  [...]
          Sean Kennedy, president of the Electronic Funds Transfer Association
        (a trade group) said "I'm beginning to learn that it does happen from
        time to time [and] usually it's a software error".
            [The Washington Post, 18 Feb 1994, from Jeremy Epstein]]

          Customers stormed into Chemical Banking Corp's branch offices to
        complain of empty accounts and bounced cheques after a computer glitch
        affected at least 70,000 of the bank's approximately one million
            [The Financial Post, a Canadian business paper, from Greg D.]

What (else) happens when the airbag in your car is detonated ?

William Caloccia <>
Thu, 17 Feb 94 17:25:49 -0500
[Autoweek 7 Feb. 1994]

A British Ford dealer set out to impress potential purchasers with the
burglar-proof features of the new Ford Mondeo by staging a break-in in his

As a room full of potential customers watched, the hired thief walked up to
the front of the car and gave it a swift kick in the bumper, near the airbag
sensor.  The bag inflated, AND the central locking system disengaged.  The
thief then opened the door, quickly broke the steering column lock, hot-wired
the ignition and started the car.

News spread quickly, and copycat incidents have followed.

Autoweek says "Sales of The Club should increase."

  Historical Anecdote:
  Word from friends in MoTown, was that when Ford was testing the very first
  airbags in Police cars, the fuel cut-off relay would also be triggered by
  the same impact sensing circuit.  Street-wise evaders found this out and
  they would tap the bumper to trigger the airbag if the cops were too close
  in pursuit, disabling the vehicle.  (This also may have been how Ford was
  able to guarantee the ability to inspect the vehicle after the bags were
  deployed, as it was a testing situation.)

    --Bill  caloccia@Team.Net   caloccia@Stratus.Com

    [The first item was also noted by Chip Olson.  PGN]


Mike Zehr <>
Wed, 16 Feb 94 14:12:22 EST
Maxis Business Simulations, the creators of SimCity, have a new product called
"SimHealth."  The program is a simulation of a health care system,
incorporating features from the new Clinton (US) health care proposal and
other plans dating back to Truman (US president from a number of years ago).
The other Maxis products are sold as games, and I imagine this one is sold
that way too, but the February issue of CIO describe it as "to help the public
better understand the complicated issues that underlie the nation's
health-care debate."  Furthermore, they attribute Maxis as "envision[ing]
SimHealth being used by a wide range of concerned citizens to evaluate current
policy and new proposals."

The obvious risk is a public that expects a certain policy to work because it
works in SimHealth.  (Admittedly it is juse a game.  But in addition to the
benefits simulations give, there is always the danger that too much trust will
be put in a simulation, or that the beliefs of the simulation developers will
be giving too much credence after being filter through a computer.)

michael j zehr  sr. software engineer  kenan systems corporation

Risks of "doing it right"

David Wittenberg <>
Tue, 22 Feb 1994 14:38:56 -0500 (EST)
>From "The New York Times Magazine" February 13, 1994:

"It's a thin plastic card that will completely change the way you pay fares on
New York City's subway and buses.  No more searching for tokens in pockets or
purses.  Metrocard is convenient to carry and easy to use."

So says the M.T.A. [Metropolitan Transit Authority] in its brochure on the new
Metrocard, which can be obtained in several denominations and used instead of
tokens in a number of subway stations.  But — and there's always a but --
should any problems arise, then, in the dim light in the wee hours at Grand
Army Plaza, follow these instructions:

"... Try it again and check the turnstile display to see what it says.  If the
card still doesn't work, try another turnstile.  If the second turnstile
doesn't let you enter, see what the Metrocard Reader near the turnstile says
when you swipe the card there.  If the information displayed on the Reader
doesn't explain the problem, ask the clerk at the Metrocard window in the
token booth for assistance."

[description of what conditions the clerk can fix - often the clerk
can give you a replacement immediately,  when to mail the card in for
a replacement, and addresses and phone numbers for assistance]

[The Times adds this comment:] Meanwhile, carry spare tokens.

Here the MTA has apparently done a good job of identifying likely problems,
and providing solutions.  They've explained what to do, and what they can do
if something doesn't work. (I don't know the details, so I don't know if they
have identified the right set of problems, but they've done a much better job
than most new installations of card readers.) The language is slightly
technical (In particular is "swipe" widely used?)  but the directions for
trouble shooting are quite clear.

What do they get for their care?  A cheap shot from the Times.  Had they just
said "the Metrocard will work perfectly" (as many places have), RISKS readers
would smirk, but the Times would probably not have commented.  As we've gotten
more cynical about computerized systems, we've made it harder for the
organizations which do plan for problems to get credit for their forethought.

A week later (Feb. 21), the Times had an article saying that distribution of
the first 40,000 cards went smoothly.  Perhaps the MTA really has done a good

--David Wittenberg

The ultimate couch potato

Bruce Balden <>
Sun, 20 Feb 1994 23:17:27 -0800 (PST)
Recently, I heard the Chairman of Sun Microsystems on California Commonwealth,
a Bay-area radio program, lampooning the National Information Infrastructure
(aka information superhighway), and in particular lambasting its vision of
doing everything at home.  In his view, this would lead to birth of the
ultimate couch potato.

Those interested in the risks of computing should contemplate the following
notion: is it possible to make communications too effective?

When I heard Scott McNealy give his comments, my mind went back to a story by
E.M.Forster, called The Machine Stops.  This story, written before WWI,
imagines a world where the NII is in place but the rest of the world has gone
to hell, quite literally, and everybody has degenerated into couch potatoes.
This, they imagine, is paradise until the Machine stops!

Merchant and Ivory have had such a great time and made a lot of money turning
other Forster stories into movies (Passage to India, Howard's End, A Room With
a View).  I think they should look this one over too. Should make quite a

Bruce Balden  Wimsey Information Services

Telephone Card Audit Trails

F.Baube[tm] <>
Sat, 19 Feb 94 0:50:16 EET
Here in Turku Finland one can make calls from pay phones using prepaid cards
issued by the city phone company, Turun Telelaitos.  These cards are on sale
throughout the city, and are bought anonymously for cash.

On two different occasions I have had cards malfunction.  When the card is
placed in a phone it is read and seen as valid, and I can dial, but when the
other party answers, and the card is locked in for debiting, an error is
generated and the call is (frustratingly!) terminated.

On both occasions I have taken the offending card to the phone company's
office.  The card is passed thru a reader which displays the card's unique
identifying number.  The service person then calls this number in to another
bureau, where they can dump a complete calling history of the particular card,
no doubt to verify malfunction and protect themselves against fraud.

Having verified the card malfunction, the service person asks for a name and
address before issuing a refund (in the form of another card) for the
malfunctioning card's unused portion.  I do not know whether the name and
address are ever verified; in this country I would imagine not.

It is all well and good that they can extensively track an individual card,
and where it has malfunctioned, and that this card can be bought anonymously,
but naturally my privacy breaks down when they take my name and address, which
they can (in principle) match it to the card's audit trail to get a partial
track of my calling activities.

But given that such card malfunctions are an unusual occurrence, related
perhaps to the recent spate of subzero (fahrenheit) weather, it does not seem
to me to be an undue threat to my privacy.

Nonetheless, can anyone suggest some ideas that I might take to the phone
company to permit them to make the same checks but with a higher level of
privacy?  Or should I just give them a bogus name and see if it ever causes a
problem (in the form of, for example, more intrusive checks before issuing

* Fred Baube(tm), GU/MSFS/88

Email Courtesy

Dan Yurman <>
Fri, 18 Feb 1994 07:29:28 -0800
Bill Fitler ( asks about email courtesy issues in RISK

Perhaps one disturbing trend as more people use Internet is the practice by
college students of using subject matter listservs as sources of first resort
for information they should be looking up in their university library.  Every
year BIOSPH-L@UBVM.BITNET, a list dealing with environmental issues, is
flooded with ill-expressed questions that should not be addressed to the list.
These include questions such as "what is hazardous waste," etc.  Another which
came up today was a question which could be answered by using the Statistical
Abstract of the US or any World Almanac, etc.

Last year a hot debate erupted when a graduate teaching assistant at a major,
dare I say, top 10, Eastern university, assigned a class of undergraduates to
use Internet to seek information on research paper topics.  The TA did not
instruct the students to use the library first and then pose well formulated
questions to the net.  BIOSPH-L was flooded with questions on basic
environmental science.

Both the TA and the students were outraged by the complaints they received
from list readers who objected to being asked fundamental questions that ought
to be dealt with by the students themselves.  The root cause appears to be
neither the TA nor the students had any idea who was at the other end of the
line.  All they saw was a computer that should be giving them answers.

What was said to them repeatedly is this.  The courtesy issue is that traffic
on BIOSPH-L is voluntary. If you want people to take the time to answer your
questions, indicate you have done some legwork on your own and have a genuine
problem looking for additional information.  Otherwise, you are soaking up
volunteer resources which could be better used to meet needs not answered

Also, neither the students nor the TA took kindly to suggestions that if they
absolutely insisted on using computer terminals instead of (gasp) books, that
there are online services which for a fee will gladly give them the
information they want.

Dan Yurman  Idaho Falls, ID 43N112W -7 GMT

Re: E-mail risks: appalling grammar/notoriety (mathew, RISKS-15.55)

Tue, 22 Feb 1994 09:19:13 -0500 (EST)
Another RISK of the high prevalence of poor grammar and spelling in e-mail is
the risk to one's own style.  If immersion in a foreign language is an
established way to improve one's fluency in that language, then surely
immersion in a medium where capitalization, spelling, punctuation and grammar
are weak might harm one's own ability to compose correctly.  I've found that I
sometimes question my own use of "it's" vs. "its", which I never had trouble
with before I used e-mail, for example.

Peter Cherna  —

Re: E-mail Etiquette

Thu, 17 Feb 1994 17:45:32 -0500
In the U.S., the CBS television network airs an "Olympic Late Night" show
every night at 11:30 p.m. or 12:30 a.m. The show is a sort of hip, MTV-style
rundown of the day's events in Lillehammer. The show also does a nightly
"Information Highway" segment, and maintains a forum and e-mail address on
Prodigy. Wednesday night, for instance, host Pat O'Brien sat down at a PC and
personally answered e-mail from a doting user.  On the air, O'Brien tells
viewers to send Prodigy e-mail to "Ask Pat O'Brien". (And he doesn't mention
whether there are spaces, hyphens, or anything else in his address.)

Some readers of the newsgroup are upset with the CBS
coverage, so someone suggested mailing "". The poor Prodigy
user with the username "obrien" was understandably upset when his mailbox
flooded with harsh criticism of the CBS Olympic coverage. I don't know if
other Prodigy users joined Internet users in sending their CBS-bashing to the
wrong address, but poor Mr. O'Brien had to have his e-mail address changed.


E-mail to Bill

Aaron Barnhart <>
Thu, 17 Feb 94 16:19 CST
According to the 21 Feb 1994a _Business Week_, Microsoft chairman Bill Gates
has never had anyone screen his electronic mail.  With the recent publication
of his e-mail address in _The New Yorker,_ however, he's reconsidering.

While in the short run that would be a good idea, I don't know why Gates
hadn't installed aliases and mail filters long before.  Now I suspect that
Microsoft Mail doesn't even have these capabilities.

Aliases would allow re-routing of mail to billg, but with a different "To:"
header.  In combination with mail filters, Bill could give out a separate VIP
address and send all non-VIP mail to a reserve mailbox for a staffer to read.

CompuServe Offers Credit Info (From AP News Service)

John Murray <>
Tue, 22 Feb 1994 19:52:55 -0500
CompuServe Inc. and National Information Bureau Ltd. (NIB) have agreed to give
CompuServe users access to NIB's credit information, as well as motor vehicle,
workers' compensation, real-estate, tax, crime, and employment databases ---
subject to "several levels of security" (which may seem like a bad joke to
some RISKS readers).  [PGN Abstracting Service]

Electronic Food Stamps

LoQuan Seh <>
18 Feb 1994 01:45:27 GMT
Electronic food stamps might be a good way to prevent fraud, but they also may
make it easier to steal from the government.  It will stop thieves from
robbing the food stamp from people's mail, but thieves may be able to use
computers to steal from the accounts on the card.  The criminals use of
technology to commit food-stamp fraud may be more educated than the criminals
who were robbing mail boxes.

Re: YAMIC [Yet Another Mistaken Identity Case] (Cook, RISKS-15.56)

Bryan J Dawson <>
17 Feb 1994 16:43:14 -0800
>... I would think that while his assets could be seized, they
>couldn't be sold except after conviction or a motion for a court order at
>which time the defendant would allowed to object.

Sorry, but no.  His property was no doubt subject to 'Civil Seizure' (probably
the single MOST SERIOUS threat to the foundation of the US constitution).
Under 'Civil Seizure' a strange legal circumlocution allows the PROPERTY to be
arrested because it 'participated in a crime' and since property cannot defend
itself there is no due process.  The only recourse for the prior owner is for
him to sue for its return and HE MUST PROVE THE PROPERTY IS 'INNOCENT' (note
no assumption of 'innocent until proven guilty'). Furthermore, there is a
fairly short period of time during which the prior owner must take action or
his property is considered 'abandoned' and he has no further recourse.

I'm not a lawyer, a legal expert, or even an expert on Civil Seizure but the
above comments are substantially correct...

  (C) 1994

Wired article on Clipper

Martin Minow <>
Fri, 18 Feb 94 11:43:09 -0800
The April 94 issue on Wired will have an article on Clipper that is probably
relevant to Risks readers.

WIRED 2.04  Electrosphere: Jackboots on the Infobahn

Clipper is a last ditch attempt by the United States, the last great power
from the old Industrial Era, to establish imperial control over cyberspace.

By John Perry Barlow

[Note: The ... article will appear in the April 1994 issue of WIRED.  We, the
editors of WIRED, are net-casting it now in its pre-published form as a public
service. Because of the vital and urgent nature of its message, we believe
readers on the Net should hear and take action now. You are free to pass this
article on electronically; in fact we urge you to replicate it throughout the
net with our blessings. If you do, please keep the copyright statements and
this note intact. For a complete listing of Clipper-related resources
available through WIRED Online, send email to <> with the
following message: "send clipper.index". - The Editors of WIRED]

Please report problems with the web pages to the maintainer