The RISKS Digest
Volume 15 Issue 70

Monday, 28th March 1994

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

April Fools on the Senate
John Dvorak and Chris Casey via Arthur R. McGee
Risks to government
Robert Davis
IRS persistence
Dave Methvin
BT Billing computers innocent
Marcus Marr
Insurance claims ignore patients name
David Bazell
The RISKs of Canadian Poodles using 911
John Oram
Ottawa, Canada, Radio contest overloads phone system
Henry Troup
911 as wrong number - they don't seem to care anymore
Jeff Hibbard
Re: Denver Baggage Handling
Jan Vorbrueggen
Re: The RISKS of whale removal
David G. Novick
Re: Banknotes and photocopiers
Tom Standage
Padgett Peterson
Info on RISKS (comp.risks)

April Fools on the Senate (fwd)

"Arthur R. McGee" <amcgee@netcom.com>
Fri, 25 Mar 1994 19:50:47 -0800 (PST)
   [PLEASE SEE MODERATOR'S NOTE BEFORE THE INCLUDED MESSAGE BELOW.
   THIS EXPLICITLY MARKED APRIL FOOL'S PIECE IS INCLUDED NOT FOR
   ITS SURPRISE VALUE, BUT IN THE PUBLIC INTEREST.  PGN]

---------- Forwarded message ----------
Date: Fri, 25 Mar 94 12:16:58 EST
From: Chris_Casey@kennedy.senate.gov
To: ace-mg@esusda.gov
Subject: April Fools on the Senate

Hello ACE,

In the April issue of PC Computing, John Dvorak's column describes a Senate
Bill, supposedly introduced by Senator Leahy and co-sponsored by Sen. Kennedy,
to keep people from being intoxicated on the information highway.  The column
is an April Fools hoax and I'm sure plenty of people will find it amusing (see
below).

Unfortunately there are also people that are actually believing it to be true.
Our office has received several calls from outraged constituents and I
understand Leahy's staff has as well.  I originally received the article via
e-mail, and I understand that the on-line rumors are flying leading some
people to learn about it without the benefit of the actual article (which when
read closely, reveals the hoax).

Congress has taken some great forwards steps recently, particularly through
the availability of the Senate and House gophers (gopher.senate.gov,
gopher.house.gov) and it would be unfortunate if people weren't aware of them.
I share this with ACE in hopes that you can help quash any of these on-line
rumors if you see them.  Feel free to put people in touch with me if they'd
like to hear more about what's happening in the cyber-Capitol :-)

Thanks for any help.  I enjoy April Fools gags, but a lot of folks just aren't
getting this one!

Regards,

Chris

############################################################################
Chris Casey                                  chris_casey@kennedy.senate.gov
Office of Senator Kennedy                                      202/224-3570
Washington, DC  20510
############################################################################


   [RISKS MODERATOR'S NOTE:  THE FOLLOWING ITEM IS REPRODUCED IN THE
   RISKS FORUM WITH THE KIND PERMISSION OF THE AUTHOR, WHO HAS HIMSELF
   RECEIVED SEVERAL CALLS FROM PEOPLE WHO MISSED THE SPOOFINESS.  John
   is quite well known for his annual spoofs.  He noted to me that there
   are (at least) four clues herein.  (See if you can find them, but
   don't bother informing RISKS.)  As we approach the big day, I note
   that this piece is akin to the 1984 Chernenko spoof (due to Piet
   Beertema) and the "Spafford" spoof (due to Chuck von Rospach), the
   latter (see RISKS-6.52, 1 April 1988) fully laden with self-referential
   clues.  PGN]

>Trust Congress? Not With This Unbelievable Lair of Slop
>PC Computing, April 1994, page 88.
>By John C. Dvorak
>
> When Vice President Gore began talking about the Information Highway,
> we all knew the bureaucrats would get involved more than we might
> like. In fact, it may already be too late to stop a horrible Senate
> bill from becoming law.
>
> The moniker — Information Highway — itself seems to be responsible
> for SB #040194. Introduced by Senator Patrick Leahy, it's designed to
> prohibit anyone from using a public computer network (Information
> Highway) while the computer user is intoxicated. I know how silly this
> sounds, but Congress apparently thinks that being drunk on a highway
> is bad no matter what kind of highway it is. The bill is expected to
> pass this month.
>
> There already are rampant arguments as to how this proposed law can
> possibly be enforced. The FBI hopes to use it as an excuse to do
> routing wiretaps on any computer if there is any evidence that the
> owner "uses or abuses alcohol and has access to a modem." Note how it
> slips in the word 'uses'. This means if you've been seen drinking one
> lone beer, you can have your line tapped.
>
> Because this law would be so difficult to enforce, police officials
> are drooling over the prospect of easily obtaining permits to do
> wiretaps. Ask enforcement officials in Washington and they'll tell you
> the proposed law is idiotic, but none will oppose it. Check the
> classified ads in the "Washington Post" and you'll find the FBI,
> National Security Agency, and something called the Online Enforcement
> Agency (when did they set that up?) all soliciting experts in phone
> technology, specifically wiretapping.
>
> It gets worse. The Congressional Record of February 19, 1994, has a
> report that outlines the use of computerized BBSes, Internet,
> Inter-Relay Chat, and CompuServe CB as "propagating illicit sexual
> encounters and meetings between couples — any of whom are
> underage...Even people purporting to routinely have sex with animals
> are present on these systems to foster their odd beliefs on the
> public-at-large." A rider on SB #040194 makes it a felony to discuss
> sexual matters on any public-access network, including the Internet,
> America Online, and CompuServe.
>
> I wondered how private companies such as America Online can be
> considered public-access networks, so I called Senator Barbara
> Boxer's office and talked to an aide, a woman named Felicia. She said
> the use of promotional cards that give away a free hour or two of
> service constitutes public access. You know, like the ones found in the
> back of books or in modem boxes. She also told me most BBS systems
> fall under this proposed statute. When asked how they propose to
> enforce this law, she said it's not Congress's problem.  "Enforcement
> works itself out over time," she said.
>
> The group fighting this moronic law is led by Jerome Bernstein of the
> Washington law firm of Bernstein, Bernstein and Knowles (the firm that first
> took Ollie North as a client). I couldn't get in touch with any of the
> co-sponsors of the bill (including Senator Ted Kennedy, if you can believe
> it!), but Bernstein was glad to talk. "These people have no clue about the
> Information Highway or what it does. The whole thing got started last
> Christmas during an antidrinking campaign in the Washington D.C., metro
> area," Bernstein said, "I'm convinced someone jokingly told Leahy's office
> about drunk driving on the Information High and the idea snowballed. These
> senators actually think there is a physical highway. Seriously, Senator Pat
> Moynihan asked me if you needed a driving permit to 'drive' a modem on the
> Information Highway! He has no clue what a modem is, and neither does the
> rest of Congress."
>
> According to Bernstein, the antisexual wording in the bill was
> attributed to Kennedy's office. "Kennedy thought that technology was
> leaving him behind, and he wanted to be perceived as more up-to-date
> technologically. He also though this would make amends for his alleged
> philandering."
>
> Unfortunately, the public is not much better informed than the
> Senate.  The Gallup Organization, at the behest of Congress, is
> polling the public regarding intoxication while using a computer and
> online "hot chatting." The results are chilling. More than half of the
> public thinks that using a computer while intoxicated should be
> illegal! The results of the sexuality poll are not available. But one
> question, "Should a teenage boy be encouraged to pretend he is a girl
> while chatting with another person online?" has civil rights activists
> alarmed. According to Kevin Avril of the ACLU, "This activity doesn't
> even qualify as virtual cross-dressing. Who cares about this stuff?
> What are we going to do? Legislate an anti-boys-will-be-boys law? It
> sets a bad precedent."
>
> I could go on and on with quotes and complaints from people regarding
> this bill. But most of the complaints are getting nowhere. Pressure
> groups, such as one led by Baptist ministers from De Kalb County,
> Georgia, are supporting the law with such vehemence that they've
> managed to derail an effort by modem manufacturers (the biggest being
> Georgia-based Hayes) to lobby against the law. "Who wants to come out
> and support drunkenness and computer sex?" asked a congressman who
> requested anonymity.
>
> So, except for Bernstein, Bernstein, and Knowles, and a few members of
> the ACLU, there is nothing to stop this bill from becoming law. You
> can register your protests with your congressperson or Ms. Lirpa Sloof
> in the Senate Legislative Analysts Office.  Her name spelled backward
> says it all.


Risks to government

Robert Davis <rdavis@nyx10.cs.du.edu>
Mon, 28 Mar 94 16:20:48 GMT
My records show this happened on 22 February 1994.
The risks we take using computers are one thing, but the risks government
officials take when talking about computers are extreme.  Here I am, at home
watching CSPAN.  The entire morning is devoted to the new regulations from the
Federal Communications Commission concerning cable television.  I find it
quite interesting.  Then the chairman of the FCC shows up in a news
conference.  He answers questions about the new rules and regulations.  The
chairman of the FCC then opines that information about and from the FCC will
appear on the "Information Superhighway".  He says to connect to ftp.fcc.gov
What follows is a near a quote as I remember his words: "G O V stands for
government.  F C C stands for [long pause] F C C.  I don't know what F T P
stands for."  Remember, this is the chairman of the Federal Communications
Commission speaking live on CSPAN.  === Being a curious person, I made the
connection to ftp.fcc.gov and as of that morning, no FCC files were available
for FTP.  However, one directory, bearing a name which may have been the
initials of a system operator at the FTP site had something in it.  One file,
a GIF picture of actress Erika Eleniak, wearing most of her clothing, was
available for FTP.  So I grabbed it.  As of today (28 March) that directory
does not appear on the system, but there are directories containing FCC stuff.

rdavis@nyx.cs.du.edu   Robert Davis  Salina, KS


IRS persistence

Dave Methvin <0003122224@mcimail.com>
Sun, 27 Mar 94 22:47 EST
Unlike [many others], I dutifully filed an IRS Form 942 for a nanny we
employed in the first quarter of 1992.  Unfortunately, my calculations were
too high by a dollar; I suspect human error.

The ever-vigilant IRS computer found my mistake and issued a $1.01 refund
check within a month, even adding that penny for interest.  Something about
having a $1.01 government check really tickled me, so I decided to just keep
it instead of cashing it.  Since the check expires after a year, I figured I
was doing my part to reduce the deficit.

This week, two years later, I get _another_ check for $1.01, with the same
notation ("F-942 REF 03/92") as the previous check. I'm not cashing this one
either; now I want to find out how badly they want to give me this money.

dwm


BT Billing computers innocent

Marcus Marr <marr@dcs.ed.ac.uk>
Mon, 28 Mar 94 13:50:39 BST
The current issue of New Scientist (26 March 1994, p. 19) includes an article
following up from the one I quoted (RISKS-15.56, 17 February 1994: Telephone
charges fail to fit the bill) regarding the overcharging on some telephone
bills in multiples of \pounds 420.

  ``Human error, not computer failure, was to blame for British Telecom's
  recent overcharging of some subscribers.  BT says that each case of
  incorrect billing was caused by ``an extremely unlikely combination of two
  human errors''.  The findings exonerate the computers, but indicate that BT
  staff sometimes ignore odd discrepancies in bills.

  The first error arose when an engineer working on a new digital exchange
  broke house rules and used a procedure borrowed from old analogue exchanges.
  He sent a handwritten note to BT's billing department, asking it to log the
  meter reading as zero on its computer.  The computer's software registers
  the last four digits of the meter reading, and on being given a reading
  ending in a string of zeros it deduced that the meter reading must have
  risen past 9,999 to 10,000.  When the time came to prepare the bill, the
  computer then took the same logic a stage further and added together two
  spurious quantities: one from the last real reading up to 10,000, and one
  from zero to the new reading.  Each unit costs 4.2p, leading to an
  overcharge of \pounds 420.

  The second error came when BT's automatic verification system correctly
  highlighted these figures as inordinately high compared with past readings
  on the same line.  But BT's staff ignored the warning and dispatched the
  bill, complete with errors.''

New Scientist made no reference to their last sentence of the original
article: ``[Insiders] believe that BT has a bug in its accounting software and
that the problem is thus much more widespread than has so far been
recognised.''

>From the article as I understand it, it seems that the computer software has
difficulty in making the distinction between freshly reset meter readings, and
normal `clocked' meter readings.  This could be explained cleanly if it was
not possible (or unnecessary or difficult) to reset the meters of old analogue
exchanges.  The move to digital exchanges would therefore either need a change
in the software or a change in the procedures.  Ignoring my suppositions,
though, the system (including personnel and computers) is designed correctly
to cope with both analogue and digital exchanges.


Insurance claims ignore patients name

David Bazell <bazell@cuba.gsfc.nasa.gov>
Mon, 28 Mar 1994 09:58:33 -0500
I just got off the phone with my prescription plan holder, trying to find out
why my son Jason's deductible had not been fulfilled.  I picked up a
prescription for him last week and had to pay the full $43.95 cost of the
medicine.  My plan has a $50 deductible per family member but I was sure that
he had had several other prescriptions since the beginning of the plan year.
I check my records and, sure enough, the prescriptions totaled more than $50.
After checking back with the pharmacy, it was determined that although the
Jason's name was on the prescription, the prescription had gone toward
fulfilling my other son Graham's deductible.  The pharmacist had entered the
wrong code (02 rather than 03).  However, I was also sure that Graham had had
several prescriptions filled, so his deductible should already have been
fulfilled.  Further checking showed that Graham's prescriptions had been
charged toward my deductible (my code is 00).

Talking to the prescription plan representative on the phone, I declared that
this was a stupid way to do things.  The system ignored the name that was
entered and keyed only on the family member's number.  I was assured that this
was the best way to reduce the RISK of a mistake (he used that word).  I guess
the person who set up the system must have had several siblings with the same
name.

Fortunately, my wife keeps all our medical records in good order so we were
able to find documentation and figure out what had happened.  The monitary
cost to us would have been small if we had not sorted it out, but I can easily
see this happening where the costs could be much higher.

Dave Bazell, General Sciences Corporation.


The RISKs of Canadian Poodles using 911

John Oram <oramy92@halcyon.com>
Thu, 24 Mar 1994 22:44:12 -0800
   VANCOUVER (Reuter) - A pesky pet played havoc with Canadian police who
   responded to an emergency call only to find they were barking up the
   wrong tree.  A team of officers burst into a Vancouver home after
   receiving a 911 emergency phone call but found nothing more threatening
   than a poodle inside, police said Wednesday.  The dog had knocked the
   phone off the hook and hit an automatic dial button that called police.
   Police feared the worst when all they heard on the line was the dog
   barking.  ``We came screeching over. It was a bit silly,'' confessed
   police spokesman Joe Arduini.

They had 911 on speed dial?  Come on - that's inexcusable, given how easy it
is to accidentally hit the wrong button on a phone.  Do that many people die
because they never finish dialing all three numbers?  "Poor guy.  Would have
made it, but he was only able to hit 9-1."

I suppose the moral of this story is that the RISK isn't necessarily in the
technology but rather in the people (mis)using it.

John Oram   oramy92@halcyon.com


Ottawa, Canada, Radio contest overloads phone system

"henry (h.w.) troup" <hwt@bnr.ca>
Mon, 28 Mar 1994 11:11:00 -0500
Friday, March 25th, the Ottawa radio station CHEZ-FM offered 53 pairs of Pink
Floyd concert tickets free to callers.  The offer was open from 6 pm.  The
station is on a specially equipped exchange, but an estimated 300,000+ call
attempts in an hour caused delayed dial tone and other problems from Cornwall,
Ontario to Pembroke, Ontario (about 100+ miles).  Ottawa is Canada's capital.

One story noted that some people (100 or so) called 911 to report telephone
trouble, instead of 611.  There were reports of actual outages, but it is not
clear that people were waiting for dial tone and not hanging up and trying
again.

Personal observation - I certainly had delayed dial tone, but only delayed 10
seconds or so.

One person I spoke to said that he had had seven phone lines active trying to
get the free tickets.

Very little is new here.  I leave the obvious pun for the moderator.


911 as wrong number - they don't seem to care anymore

Jeff Hibbard <jeff@bradley.bradley.edu>
Mon, 28 Mar 1994 12:27:33 -0600
When 911 was first implemented (many years ago) here in Peoria IL, everyone
with a phone number of the form x91-1xxx was forced to change their numbers.

After a few years, though, the phone company started reassigning numbers of
this form.

Jeff Hibbard  jeff@bradley.bradley.edu

   [In various old small-town switching centers, one could dial just the
   last four digits, or in some cases five digits, for local calls.  That
   led to similar problems when 911 was introduced, and has now disappeared
   almost everywhere in the U.S.A. (although for other reasons as well.) PGN]


Re: Denver Baggage Handling (Wexelblat, RISKS-15.68)

Jan Vorbrueggen <jan@neuroinformatik.ruhr-uni-bochum.de>
25 Mar 94 12:41:34 GMT
1. I would think Frankfurt/Main airport (FRA) was the first to have an
integrated, computer-controlled baggage distribution system. For years I heard
they were the only international airport able to guarantee 45 minute
connections because of it.

2. When the system was installed (ca. '72), the contractor, AEG, required
something like six months past the deadline to get it running. In that time,
they reputably paid a penalty (or whatever you call "Konventionalstrafe" in
English) of DM 200K _per_day_. I don't think they made much profit on the
contract...

    Jan


Re: The RISKS of whale removal (Stalzer, RISKS-15.67)

David G. Novick <novick@cse.ogi.edu>
Mon, 28 Mar 94 10:02 PST
I cannot explain why the Highway Dept. chose to blow up the deceased whale.  I
can, however, explain why this problem fell to the Highway Dept.  Unlike most
states, which allow private ownership of beaches, Oregon has kept all its
beaches owned by the state.  The mechanism for this, curiously, is that the
beach is technically part of the of state highway system--although you
generally aren't allowed to drive on it.  So the whale shows up on a state
highway, and it's the Highway Dept.'s problem

   David G. Novick   | Department of Computer Science and Engineering
                     | Oregon Graduate Institute of Science & Technology
  novick@cse.ogi.edu | 20000 N.W. Walker Road
  tel (503) 690-1156 | P.O. Box 91000
  fax (503) 690-1548 | Portland, OR 97291-1000


Are there really pictures of banknotes inside photocopiers?

Tom Standage <thomas@primrose.demon.co.uk>
Mon, 28 Mar 94 13:49:47 -0800
Following the resent posting about how photocopiers prevent banknote forgery,
I wonder how many other readers' jaws dropped open at the suggestion that
there is a ROM inside a colour photocopier (such as the Canon CLC350/550) with
images of common banknotes in it. This just wouldn't make sense, aside from
the fact that it would rapidly go out of date - it would simply be too
computationally expensive to compare every image placed on the copier with the
images in ROM. The Canon machines in question can also be used as colour laser
printers in conjunction with special interfaces, so presumably any
anti-forgery computer inside the copier would also have to check that
banknotes weren't being scanned into a personal computer and then printed out
via the colour copier. This is absurd.

We have a CLC300 at work, and when an engineer came to fix it one day, he said
that the problems we were having (with jammed paper) were a design fault that
had been fixed on the CLC350. I asked what other features the 350 had, and he
said it had anti-forgery features - and proceeded to tell me the same story
about a chip with pictures of banknotes in it. I found this so hard to believe
that I asked around, and eventually someone gave me a more believable
explanation. Apparently the security measures depend on special inks used when
the banknotes are printed. These inks change colour when illuminated by the
scanner in the copier, and produce copies of the banknote with an obvious
colour shift. I don't know whether the 350 and 550 have a different kind of
bulb in the scanner or are able detect the special inks, but I have also heard
of other documents that won't copy properly because the copier thinks they're
banknotes. Rumour has it you can get round this by photocopying through very
thin tracing paper - which presumably works with banknotes as well.

Anyhow, perhaps someone at Canon can give us a definitive answer. On the other
hand, I wouldn't be surprised if they wished the status quo to continue, where
we all believe that copiers have chips with pictures of banknotes in them.
What makes me laugh is the message on the front panel of the CLC300, which
warns you not to copy money or certain other documents: "you *may* be
committing a criminal offense for which you *may* be prosecuted." Pretty
strong language, huh?


"Funny Money" and Smart Copiers

A. Padgett Peterson <padgett@tccslr.dnet.mmc.com>
Fri, 25 Mar 94 19:58:12 -0500
Once upon a time, long long ago in a galaxy far far away, an automobile
manufacturer known to all of its employees as "Generous Mother" began using
computers to control such things as mixture and spark advance and a host
of other variables. The maps for these variables were carried in 1k x 8 PROMS.

Certain individuals who shall remain nameless acquired the maps of these
programs for certain "performance" cars and designed their own maps.

Unfortunately, these new maps, though amazing in improving performance
and efficiency were not what the manufacturer had certified.

So the aspiring young engineers replaced the 1k x 8 PROM with a 2k x 8 EEPROM
and a switch concealed under the dashboard. The lower 1k contained the stock
settings and the upper 1k, settings of a more "interesting" variety. For
roadside tests the switch was turned "off" and for normal driving "on".

I suspect that copiers that rely on "firmware" to block copying of bills
might soon acquire such switches.
                        Padgett

   [RISKS received lots of mail on this topic, most of which is NOT
   included, including
      bob@demosthenes.ilt.tc.columbia.edu (Bob Matsuoka),
      dgursky@nextsrv1.andi.org (David Gursky),
      jml4@cus.cam.ac.uk (John Line),
      hoover@cs.ualberta.ca (Jim Hoover).

      dylan@mundil.cs.mu.OZ.AU (Dylan John SHUTTLEWORTH) noted that
      Australian $5 and $10 notes are plastic with a transparent "hole"
      around a hologram.  PGN]

Please report problems with the web pages to the maintainer

x
Top