The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 15 Issue 72

Thursday 31 March 1994

Contents

o Mud Slide Cuts East Coast Phones
PGN
o Briton Survives "Monster" Attack due to computer glitch
Will Deatrick
o Risk Evasion Measures Create New Risks
Stephen A. Stough
o Rental cars and financial derivatives
Phil Agre
o White collar crime in Australia
Mich Kabay
o Hotline reassignment
Mich Kabay
o Electronic purse
Mich Kabay
o Dials!
Bob Frankston
o Re: Spelling Checkers
Geoff Cole
Mary Shafer
Scott A. Siege
Simson L. Garfinkel
o Disclaimers in software
PGN
o Junior Exec's Reverse Alchemy
Martin Howard
o Yet another SSN misuse
Brian Clapper
o EFF Summary of Public Interest NII Summit 29 Mar 1994
Stanton McCandlish
o Info on RISKS (comp.risks)

Mud Slide Cuts East Coast Phones

"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 31 Mar 94 15:05:32 PST
Telephone service to thousands of MCI Communications Corp. East-Coast customers
was disrupted early in the morning of 30 Mar 1994 when a mud slide severed a
fiber-optic cable.  Calls into and out of the Washington D.C., Maryland, and
Richmond VA areas were affected.  Custromers in Miami, Atlanta, and St.
Petersburg also reported disruptions.  [Source: San Francisco Chronicle,
31 Mar 1994]


Briton Survives "Monster" Attack due to computer glitch

"Will Deatrick" <Will_Deatrick@smtp.esl.com>
31 Mar 1994 12:20:48 -0800
The 30 March 1994 issue of the San Diego Union contained a Reuters story from
Land's End, England.  It reads in part:

   A mechanical sea monster designed to terrify tourists attacked and injured
   a set designer working on it ... the hydraulic tentacled beast went out of
   control because of a temporary fault in its computer program and held
   designer George Thain in its 3-foot toothed jaws for nearly a minute."

The man was badly bruised, but otherwise unharmed. The story does not state
what corrective action is planned, but the town chairman ``assured visitors
they would have nothing to fear from the monster, which will be kept 3 feet
away from spectators.''

Will   will_deatrick@smtp.esl.com

    [Also heard on NPR by gat@aig.jpl.nasa.gov (Erann Gat).  PGN]


Risk Evasion Measures Create New Risks

"Stephen A. Stough" <sastough@rahul.net>
Wed, 30 Mar 1994 18:25:42 -0800 (PST)
Final report blames Lucas design, Lockheed's procedures for HTTB crash

      Federal safety officials yesterday blamed an inadequate actuator
 design by Lucas Aerospace and Lockheed's failure to take account of its
 shortcomings for the crash last year of Lockheed's one-of-a-kind High
 Technology Test Bed plane.
      In its final report on the Feb. 3, 1993, crash at Dobbins AFB, Ga.,
 the National Transportation Safety Board said the plane lost all rudder
 control during a high-speed taxi test with a simulated No. 1 engine
 failure when an experimental fly-by-wire control system for the rudder
 disengaged.
      "The disengagement was a result of the inadequate design of the
 rudder's integrated actuator package by its manufacturer," NTSB said.
      A design feature in the actuator removes hydraulic pressure if the
 rudder position commanded by the pilot exceeds the actual rudder
 actuator position for a specified time, and the rudder position trails,
 according to the report.
      Lucas Aerospace designed the package, a self-contained unit
 configured to be a drop-in replacement for the existing Hercules/HTTB
 dual tandem rudder actuator.
      The HTTB had recently been modified to evaluate power-by-wire
 flight control systems developed by Lockheed, along with some 50
 suppliers.  Lucas' package was demonstrated on two flights in March
 1992, which Lockheed, claiming success, noted was the first time the
 concept had been tested on a manned flight.
      Still, NTSB said that on at least one occasion the actuator had
 previously disengaged in flight, but "the company did not conduct a
 system safety review of the rudder bypass feature and its consequences
 to all flight regimes, nor of the (ground minimum control speed) test."
      The fact that neither pilot was trained as a flight test engineer
 contributed to the accident, the report said.
      "I do want to emphasize that the seven crew members were extremely
 qualified for the jobs they were doing," a Lockheed spokesman said in a
 prepared statement. "We still feel a great sense of loss for these
 colleagues and we praise their contributions to aviation. Beyond that,
 we prefer not to comment on the NTSB report, the investigation, or the
 accident."
      The highly modified L-100-20 Hercules transport was not programmed
 to become airborne, NTSB Chairman Carl Vogt said shortly after the
 accident (DAILY, Feb. 5, 1993, page 200). But an NTSB spokesman told The
 DAILY yesterday that "it is the analysis of the board that (the pilot)
 attempted to get the plane airborne at that moment," although to this
 day nobody knows why the takeoff was attempted.
      The report noted that the flight test plan specified that engine
 power be retarded if the rudder became ineffective. The aircraft was at
 full power but had not reached takeoff speed when it briefly became
 airborne, clipped a Navy clinic and crashed about 200 yards north of the
 runway, killing all seven aboard.
      Lockheed said it was reviewing the NTSB's data, adding that "action
 will be taken as appropriate."


Rental cars and financial derivatives

Phil Agre <pagre@weber.ucsd.edu>
Thu, 31 Mar 1994 15:34:26 -0800
The 3/30/94 New York Times includes two articles that illustrate the
vexatious trade-offs inherent in emerging computer-based systems.

  Matthew L. Wald, Two technologies join to assist lost drivers, New
  York Times, 30 March 1994, page A13.

This article is about a computer system that Nynex is developing, and that
Avis will be testing, in which rental cars are kept in close contact with the
rental agency through wireless communication.  The technology is sold as a way
of protecting drivers such as the tourists who were attacked in Florida; the
cars will be equipped with "panic buttons" and the like.  The article also
says that drivers will be able to call in for directions on wireless phones,
with the phone operators having access to digitally encoded GPS information
plotted against detailed maps, enough to be able to say "take the next left"
remotely.

So far so good.  But, at least the way the article describes it, the system
will also allow the company to track all drivers for all purposes, regardless
of whether they are in danger or need directions.  A natural suspicion is that
this generalized tracking capability is a major part of Avis's actual motives
for promoting the systems.  Motives aside, the privacy concerns may be serious
in any case.  How might these concerns be weighed against the advantages?  How
might the system be designed to obtain the advantages without the
disadvantages?  The article contains no hint that such questions are being
asked, and this is unfortunate.

  Barnaby J. Feder, Sophisticated software set for exotic financial
  trades, New York Times, 30 March 1993, pages C1, C5.

This article concerns "a marriage made in techno-geek heaven" between computer
people and high finance, specifically software for analyzing and administering
complex financial transactions based on so-called "derivatives" (see Risks
15.66).  One virtue of these systems is that they reduce the possibilities for
error, which are pretty serious when these kinds of transactions are done by
hand.  At the same time, such systems allow derivatives to be traded in much
larger volumes, and in much more complex ways.

Much popular imagery associates derivatives with speculation, for example
high-stakes gambling in commodity futures, but the real issue is almost the
opposite.  The usual purpose of these transactions is to engineer little
islands of stability and predictability within the swirling chaos of global
financial markets.  Indeed the metaphor of "engineering" is frequently used --
the software discussed in the article is referred to as "financial CAD
(computer-aided design)".  The potential trouble comes when massive financial
edifices are engineered badly.  When a steel-and-concrete building falls down,
the earth is there to catch it and a limited number of people get killed.  But
that's not how financial engineering works -- one collapsing structure has the
capacity to take others down with it (again, see Risks 15.66).  Obviously it's
in their interest to be careful, but let's hope they know what they're doing.

Phil Agre, UCSD


White collar crime in Australia

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
30 Mar 94 08:20:52 EST
>From the Reuter newswire via Executive News Service on CompuServe (GO ENS):

  CANBERRA, March 24 (Reuter) - White-collar crime is the most costly crime in
  Australia, totalling as much as Australian $13.7 billion ($9.8 million) a
  year, according to a report on Australia's law enforcement agencies.

Key points:

o   Committee included "representatives from the Australian Federal
Police, the National Crime Authority, the Attorney-General's Department, the
Finance Ministry and the Prime Minister's office."

o   Most white-collar crime is fraud.

o   Fraud "imposes the greatest economic cost on the Australian community
of all forms of major and organised crime."

o   Annual cost of fraud A$6.9-A$13.7 billion (U$4.9-$9.8 billion) (about
2/3 of cost of all crime in Australia, estimated at A$11-20 billion)

Michel E. Kabay, Director of Education, National Computer Security Assn


Hotline reassignment

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
30 Mar 94 08:20:47 EST
>From the Associated Press newswire via Executive News Service on CompuServe
(GO ENS):

  Telephone Sex
  ST. JOSEPH, Mich. (AP, 25 March 1994) -- People calling a hot line for
  victims of domestic violence got a phone sex line instead when authorities
  didn't notice that the agency operating the hot line had closed.

Police habitually distribute cards with numbers of support services to
victims.  Seems that the hot line was reassigned to a number advertising
various aural sex <g> services.  No one bothered to check the accuracy of the
card for two years.

[Consequence of poor quality assurance.]

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn


Electronic purse

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
30 Mar 94 08:20:56 EST
>From the Associated Press newswire via Executive News Service on CompuServe
(GO ENS):  [presumably 30 Mar 1994]

MARY BETH SHERIDAN, AP Business Writer, reports on new developments in
electronic money.

  NEW YORK (AP) -- Visa International is developing a do-it-all credit card
  that could pay for highway tolls, telephone calls or chocolate bars from
  vending machines.
    The company said Tuesday it is joining with an international group of nine
  other financial companies to develop the product, called the Electronic
  Purse."

Key points:

o   Consortium working on standards for interoperability.

o   Plastic smartcard with embedded processor.

o   Transfer money from their accounts to the smartcard.
        perhaps at automated teller machines.

o   Trials planned for late 1995.

o   Must equip phones, vending machines, stores with I/O devices.

o   Current costs $3-$8/card; expect drop to $1 in high volume.

Michel E. Kabay, Director of Education, National Computer Security Assn


Dials!

<Bob_Frankston@frankston.com>
Thu, 31 Mar 1994 09:47 -0400
My son (11) confronted a dial phone this past weekend and couldn't figure out
how to use it. He tried pressing the "buttons" but nothing happened. We
finally had to show him the concept of turning the dial. It took a little
practice to get it smooth.

I guess we've reached a milestone. What if he were confronted by the
"anti-drug" pay phones with dials and had to dial 911? He'd be stuck.

In designing UI's we make assumptions about cultural norms or icons. Most
people see the phone dial as a very obvious interface. It isn't, it's just
something most of us learned at an early enough age to assume it is a part of
the natural world.


re: Spelling Checkers

Geoff Cole <ln1gec@entoil.co.uk>
Wed, 30 Mar 94 10:15:05 BST
It is the bane of my life that spell-checkers offer the following
suggestions for my name:
    goof, gaffe and guff

Geoff Cole  geoff@entoil.co.uk


Risks of spelling checkers (Girard, RISKS-15.71)

Mary Shafer <shafer@ferhino.dfrf.nasa.gov>
Tue, 29 Mar 94 18:36:16 PST
The DECMate II spell checker offered NAUSEA for NASA.  Singularly appropriate
some days.

Mary Shafer, SR-71 Chief Engineer, NASA Dryden Flight Research Center,
Edwards, CA    shafer@ferhino.dfrf.nasa.gov


Risk of Spelling Checkers

Scott A. Siege <sie6@midway.uchicago.edu>
Wed, 30 Mar 94 13:12:45 CST
I have read with interest the RISKs associated with spelling checkers and
especially one in which a UNIX machine failed to recognize the word UNIX. A
similar thing happened with a spelling checker for the Apple Macintosh which
refused to recognize "Laserwriter" (Apple's printer) and instead suggested
"Laserjet" (HPs printer).

-Scott  s-siege@uchicago.edu


NeXT

Simson L. Garfinkel <simsong@next.cambridge.ma.us>
Wed, 30 Mar 94 19:17:59 EST
NeXT is in the NeXT spell checker, but NeXTSTEP is not.


Disclaimers in software

"Peter G. Neumann" <neumann@csl.sri.com>
Wed, 30 Mar 94 16:29:46 PST
We have had various past discussions on creative disclaimers.  Someone very
well known to me received the following, but I have anonymized everything to
protect whomever.

  You have our permission to use [...] as an NTP server.
  Please do not configure more than two of your systems to communicate
  with [...].

  Please understand that [...] makes absolutely no guarantees about the
  reliability, availability, accuracy, or security of this service.

  Also, please note that this service is likely to disappear fairly soon,
  as it is based on a satellite that is about to fall out of the sky.


Junior Exec's Reverse Alchemy

MARTIN <MARTIN@411.uptown.com>
31 Mar 1994 16:35:09 +0800
Next time you get called into the bosses office, spare a thought for Juan
Pablo Davila, who WON'T be winning "Employee of the Month" at Codelco.

An extract from an article in THE ECONOMIST (p.66.Feb 12, 1994):

  SANTIAGO: Juan Pablo Davila claims that last September he made a mistake. He
  punched several 'sell' figures into his computer as 'buy', and vice-versa.
  Mr Davila was a fairly junior executive at Codelco, Chile's mammoth
  state-owned copper company. But he handled all Codelco's minerals futures
  contracts. By the time he noticed his slip he had already lost $40m. So he
  kept on dealing; when his credit lines finally ran out in January, his
  losses had reached $207m.

  Mr Davila's mistakes pose troubling questions for Codelco. Why did nobody
  notice the losses? Did his superiors fraudulently extend Mr Davila's credit
  lines? Can any money be recovered? On February 5th Codelco's president
  resigned, admitting that the losses exposed a failure of internal
  controls...

MARTIN HOWARD, HONG KONG 31/3/93 MARTIN@411.uptown.com Tel: (852) 527 2123
Unit E, 9 Floor, China Overseas Building 139 Hennessy Road, Wanchai, Hong Kong


Yet another SSN misuse

Brian Clapper <bmc@tbsi.com>
Thu, 31 Mar 1994 13:48:19 -0500 (EST)
A colleague informs me that, in conjunction with graduate courses he's
taking at a local university, he was assigned an account on one of the
University's computer systems.  He was appalled to find out that his
assigned computer ID was his social security number.  When he asked whether
he could change the computer account ID, he was told, "No.  That's your
account number."  The system in question is on the Internet and apparently
has a Usenet newsgroup feed, as well.

I won't bother to list the risks.

Brian Clapper       Telebase Systems Inc., Wayne, PA


EFF Summary of Public Interest NII Summit 29 Mar 1994 [To many groups]

Stanton McCandlish <mech@eff.org>
Thu, 31 Mar 1994 17:57:54 -0500 (EST)
EFF SUMMARY

PUBLIC INTEREST SUMMIT: SHAPING THE NATIONAL INFORMATION INFRASTRUCTURE

Hyatt Regency Hotel in Washington, DC, MARCH 29, 1994

OPENING REMARKS

Welcoming remarks were delivered by Andrew Blau from the Benton Foundation,
who expressed gratitude to the program sponsors and planning committee.
Secretary of Commerce Ron Brown delivered pre-taped opening remarks on
video, because he was in Russia at the time of the conference.  Secretary
Brown, who chairs the Information Infrastructure Task Force (IITF),
restated the Administration's commitment to universal service, emphasizing
that no one should be left standing on the side of the road.


PUBLIC INTEREST SUMMIT PANELS

DELIVERING THE GOODS: MEETING PUBLIC NEEDS?

Moderator: V. Lane Rawlins, President, Memphis State University
C. Everett Koop, Senior Scholar, Koop Institute
David Lytel, White House Office of Science and Technology
Jean Armour Polly, NY State Research and Education Network
Anthony Riddle, Chair, Alliance for Community Media
Connie Stout, Director, Texas Education Network
Patricia Waak, National Audubon Society

This panel discussed the ways in which the National Information
Infrastructure (NII) can improve education, health care, and the
environment by enhancing communication and decisionmaking within
communities, as well as within state, national, and international
boundaries.  There was strong consensus on the panel and from the floor
that teaching people to use the tools is as important as building the
tools.  Choosing the right regulatory model is a difficult issue, but David
Lytel said that the Clinton Administration is committed to making sure that
citizens can be information producers, as well as information consumers.
He stated that the challenge is to make sure that the NII becomes more than
just a large pipe for television reruns and movies, home shopping,
electronic games, and gambling.  The architecture of the NII must guarantee
that needs outside the commercial marketplace, including cultural and other
public benefits, are met.


A LINK INTO EVERY HOME: HOW, WHAT, AND WHEN?

Moderator: Allen Hammond, Director, Communications Media Center, NY Law School
Ron Binz, Director, Colorado Office of Consumer Counsel
Mark Cooper, Director of Research, Consumer Federation of America
Deborah Kaplan, Vice President, World Institute on Disability
Robert Larson, President/General Manager, WTVS-Detroit
Michael Nelson, White House Office of Science and Technology
Andrew J. Schwartzman, Executive Director, Media Access Project

The panel explored the challenges in applying the concept of universal
service to the NII to ensure access for everyone.  The panelists discussed
universal service funding mechanisms, the role of government in supporting
a diversity of voices, and the need for public interest advocacy before the
Federal Communications Commission.  Mike Nelson said that the
Administration's model for the NII is the Internet, and its goals for
universal service are to provide subsidies to enable open access for as
many people as possible, to adopt pro-competitive policies, to require
nondiscriminatory prices, to prohibit network providers from controlling
information, and to enhance interoperability and interconnection
requirements.

Addressing the difference between the common carriage regime for telephone
companies and the market/consumer model for the cable industry, Andrew
Schwartzman argued for the common carriage model instead of the cable
model, because the cable model is passive and connotes people receiving
only limited services such as video-on-demand and home shopping.  Common
carriage would help NII users to be speakers as well as listeners, and
producers as well as consumers.  Ron Binz offered the phrase "Information
Superhypeway" and cautioned that a fully competitive telecommunications
industry is not right around the corner.  The key decision, according to
Binz, is whether to rely on taxing voice communications service to fund the
NII.  Binz also characterized as "industry propaganda" the view that
subsidies should be provided to enable access for as many people as
possible.  Mark Cooper challenged the widely cited statistic that 93% of
the population enjoys telephone service.  Instead, he stated that the 7%
"unsolution" is really closer to 30%, which includes individuals with
disabilities and low incomes.  He argued that those who cannot afford
access to the NII will be assured access if everyone who can afford to use
the NII is required to pay for it.

Deborah Kaplan took the discussion beyond the issue of funding to the issue
of access.  She argued that the 7% of the population that is underserved is
a product of the market model.  There is no one-size-fits-all solution, and
policy input from low-income people is essential.  She raised the concern
that access to the NII for disabled individuals may be uniquely difficult,
especially if the NII architecture is modeled on voice-based telephone
service.  Schwartzman emphasized the First Amendment dimension of universal
service, including artistic speech, and the need to protect against any
form of censorship.  Bob Larson explained how public broadcasting's role in
promoting local service responsibilities and public service duties is a
model for what the NII can do to marshall local resources.  The NII could
augment public broadcasting's efforts aimed at reducing violence and
improving the well-being of young people.


SPEECH BY VICE PRESIDENT AL GORE

The Vice President was introduced by Peter Goldmark, President of The
Rockefeller Foundation, who emphasized the historical role of the NII in
charting the future of democracy.  Vice President Gore stated the
Administration's commitment to wiring every classroom, clinic, and library in
the United States to the NII within the next five years.  Every person will
benefit from the NII.  However, while we already have the technology, we do
not yet have the infrastructure.  The National Telecommunication and
Information Administration in the Department of Commerce recently announced
the availability of funding for some of the aspects of the NII and already
have received 3,500 inquiries.

Reforming telecommunications law is essential.  Universal service means
lower prices for everyone.  Open access means receiving and sending
information across the NII.  The future will look like the Internet if we
make sure the NII is open and accessible like the personal computer.

Networked communities are consistent with our democratic form of government
and distinguish it from  communism and fascism.  We need to increase access
to government information to enhance community decisionmaking.  We are
increasing the availability of government information.  SeniorNet is
providing services to senior citizens.  The Environmental Protection
Agency's toxics release inventory is empowering citizens to ameliorate
environmental hazards in their communities.  HUD has begun to put
information about fair housing and fair lending on the net.  We can empower
our representative democracy.  People closest to the problems are the
smartest about the solutions.


BUILDING COMMUNITIES AND THE ECONOMY

Moderator: Linda Tarr-Whelan, President and Exec. Dir., Center for Policy
Alternatives
Morton Bahr, President, Communications Workers of America
Cushing Dolbeare, President, Low-Income Housing Coalition
Thomas Kalil, National Economic Council for Science and Technology
Anthony Pharr, Counsel, Office of Communication, United Church of Christ
Diana Roose, Research Director, National Association of Working Women
Randy Ross, Vice President, American Indian Telecommunications

After brief introductory statements, the panelists discussed what the NII
means for generating jobs and economic benefits.  The goal is to use the
NII to create better, high wage jobs.  Development of information policy
must make sure that the NII is a tool for community planning.
Telecommuting will have an impact on the national economy by enabling
people to live and work anywhere, including in other countries.  We should
use the technology that exists now in order to do the kind of planning
needed to make sure the new technologies produce advances in our national
economy.


MAKING DEMOCRACY WORK

Moderator:  Sonia Jarvis, Exec. Dir., National Coalition for Black Voter
Participation
Brian Banks, Policy Research Action Group
Jim Butler, Director, AARP/VOTE, American Association of Retired Persons
Mitchell Kapor, Chair, Electronic Frontier Foundation
Sally Katzen, Chair, Information Policy Committee, IITF
Ralph Nader, Center for the Study of Responsive Law
Nadine Strossen, ACLU

This panel addressed whether the NII can support increased civic
participation, free speech and assembly, and privacy.  Brian Banks stressed
the NII's ability to bring about a reconfiguration of hierarchies; enhanced
citizen participation in the decision making process would be the most
fundamental change.  Jim Butler revisited the NII's potential for community
development, educational opportunity, and access to government databases.
Mitchell Kapor focused on the potential for achieving the Jeffersonian
principles of individual liberty and decentralization.  The Internet has
enormous democratic potential, but it is not easy to use.  The emphasis
should be on the Internet and interactivity, not on the Information
Superhighway and Hollywood reruns. Everyone should become hands-on, start
learning and interacting, and ask for help when needed.  The networks
should be easy to use, but we cannot wait for a national handout.

Sally Katzen stressed the goal of economic sustainable development.  The
government should not be solely responsible for the nation's information
systems.  The toxics release inventory is a model that has worked well.  Ralph
Nader, who still uses a manual Underwood typewriter, questioned what all this
new technology will do about such problems as violence in the schools.  Will
it just put more people into the Office of Management and Budget and lead to
mega-billion dollar overselling of unused software?  While there needs to be a
window on government databases, there is not reason for them to be
overprivatized or overmonopolized.  Educational efforts, like liberal
arts-type courses, could motivate people to participate.  Nadine Strossen
argued that the common carriage model is important to ensure universal
access--but security and privacy are equally important.  We have to make
certain that there are no censorial controls over content.  All of us must
lobby for privacy protection -- and we must fight the clipper chip.

Stanton McCandlish * mech@eff.org * Electronic Frontier Found. OnlineActivist
"In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich
Partners, two-thirds said it was more important to protect the privacy of
phone calls than to preserve the ability of police to conduct wiretaps.
When informed about the Clipper Chip, 80% said they opposed it."
- Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994

Please report problems with the web pages to the maintainer

Top