The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 15 Issue 78

Friday 22 April 1994


o Computerized Traffic-Light Problems
Debora Weber-Wulff
o Risks of winning
Stanley Chow
o Computer Generates False Tsunami Warning in Japan
George Pajari
o NYC subway fare cards double-deduct; UI at fault
Andrew Marc Greene
o A consumer risk from Thomson Consumer Electronics
o Re: we trust calculators over ourselves
John Powell
o Re: Risks ... to the quality of science
A. Padgett Peterson
o Re: Risks of Data Compression
John Kennedy
o Re: Math and money laundering
Erann Gat
Peter Wayner
o Re: Information resource
Edward Reid
o Re: Green Card Posting
Caveh Jalali
Ned Kittlitz
Mark Brader
o Info on RISKS (comp.risks)

Computerized Traffic-Light Problems

Prof_Weber-Wulff <>
20 Apr 1994 15:51:25 GMT
The Tagespiegel reports today (20 April 1994) on the new, computerized traffic
light management system that the city installed at the large traffic circle
Ernst-Reuter-Platz. The 1.8 million mark (1.1 million $) system went on line
on Monday, and mastered the first wave of traffic well. After that, the
traffic jams swelled to beyond normal proportions.  Irate drivers complained
by telephone and mail, but officials insisted that since it was now
computer-controlled, it was okay. Apparently someone threatened legal action,
and the city traffic board dispatched people with stopwatches to test the
system. Sure enough, it was stuck in the early morning pattern, which was fine
for handling inbound traffic, but disastrous in the afternoon rush hour. They
have to go back to hand-switching the timing until they figure out what went

Debora Weber-Wulff, Professorin fuer Softwaretechnik und Programmiersprachen
Technische Fachhochschule Berlin, Luxemburgerstr. 10, 13353 Berlin, Germany

Risks of winning

"stanley (s.t.h.) chow" <>
Wed, 20 Apr 1994 10:57:00 -0400
I just caught this on TV news last night:

  A person won two consecutive keno games in the Montreal Casino. Since
  this is considered extremely unlikely, the police have been called in
  to investigate. The two games should have paid $400K, but the winner
  has not yet been paid. He is instead doing the talk show circuit with
  how he analysed the numbers.

  Supposedly, in the history of Nevada,   the Keno jackpot has only been
  won once, which made his winning back to back somewhat unlikely. This
  happened on the electronic keno and has been shut down. The mechanic
  game is carrying on.

  A one line comment by the reporter claimed that "a bug" in the computer
  repeated the sequence of number exactly every 4,000 games. This may be
  a case of someone picking a poor random number generator; but may well
  be the basis for police action. I understood that electronic slot
  machines are free running, merrily generating random numbers all day
  long, and pulling the lever merely selects the current number. This
  seems quite robust.

Stanley Chow  InterNet: schow@BNR.CA  (613) 763-2831
Bell Northern Research Ltd., PO Box 3511 Station C, Ottawa, Ontario
Me? Represent other people? Don't make them laugh so hard.

Computer Generates False Tsunami Warning in Japan

George Pajari <>
Wed, 20 Apr 94 10:55:17 PDT
RISKS readers will find this all too familiar...

>From the April 19th, 1994 edition of NHK's "Today's Japan", broadcast on
 KCTS (Seattle's PBS affiliate) 0100h PDT April 20th (as remembered):

  Japan's weather bureau installed a new computer system for automatically
  generating tsunami warnings after earthquakes.  The story implied that the
  machine was connected to various sensors around Japan and was configured to
  generate and communicate these warnings automatically.

  During installation testing simulated data was input to verify the
  operation of the system.  Unfortunately the machine had already been
  connected to the system that communicates tsunami warnings to the
  government and media and no one disconnected this communications link
  when the tests were run.

  The predictable happened.  The machine "detected" a potential tsunami, sent
  out the appropriate warning and at least two broadcast stations interrupted
  their normal programming to announce the impending tsunami.  Obviously this
  caused some concern among the populace.

  The problem was detected five minutes after the warning was first
  communicated but this was still sufficient time for the the warning to
  be broadcast.
George Pajari / Faximum Software / Tel: +1 (604) 925-3600 / Fax: ... 926-8182
     1497 Marine Drive, Suite 300 / West Vancouver, BC / Canada  V7T 1B8

NYC subway fare cards double-deduct; UI at fault

Fri, 22 Apr 1994 09:10 -0400
[Source: The New York Times, 22 Apr 1994, p. B2]

The NYC subway has been introducing swipe cards which can be bought in
five-ride increments.  According to today's _Times_, citing an article in
Thursday's _Newsday_, many riders are swiping improperly, causing a fare to be
deducted from their card but not opening the turnstile.  There's a display
which instructs the rider to swipe again, but these are New Yorkers and have
already decided to try another turnstile.

Apparently, the designers anticipated this problem and put in a solution -- if
you swipe again at the same stile it doesn't deduct a second fare -- but
didn't anticipate that harried/hurried Nyawkas wouldn't stop to read the

- Andrew Greene

A consumer risk from TCE

<[a source within TCE]>
Thu, 21 Apr 94 17:05:33 XXT
Thomson Consumer Electronics (TCE) is about to release a home entertainment
product called the Digital Satellite Service (DSS) under the RCA brand.  In
short, this product is a small satellite dish (18" in diameter) that will
allow customers to order video/audio programs from service providers.  At this
time the service providers are DirecTV (Hughes) and Hubbard (USSB).  The
system works as follows.

Upon purchase of a DSS system, the customer will receive a "smart-card" and
then subscribe to one or more service providers.  The customer can then view
programs and order pay-per-view programs.  The smart-card controls and tracks
all purchases made with the DSS system.  Information stored includes programs
purchased, whether or not the programs were viewed, and the time the programs
were viewed.  This information is then transmitted (via telephone) to the
service provider for billing purposes.  The RISK?  The service providers have
the ability to build large databases of information on household viewing
habits (e.g., John Smith views adult movies every Wednesday night between
10:00pm and 11:00pm).  This information could then be sold to direct marketing
firms, etc.  There are laws that prevent cable companies from selling or
releasing an individual's subscription information, but, to the best of my
knowledge, the service providers for DSS are under no such obligation.

Re: we trust calculators over ourselves (Crawford, RISKS-15.76)

"John Powell" <>
Fri, 22 Apr 94 09:54:55 PDT
I had a similar situation last year when leaving a super expensive garage in
downtown Chicago.  The rates were 22.00 for 7-9 hours, and 40.00 for 9-24
hours.  I had been there 8 hours and 50 minutes (I obviously was watching the
clock closely with these stakes).  When the attendant ran my timecard through
the computer, it came up with $40.00 as the rate.

The next 10 minutes I caused a significant backup as I refused to pay $40 when
the sign clearly stated the rate as 22. I got him to agree that the sign was
right, and that I was there for less than 9 hours, but he still insisted that
I owed him 40 ('cause the computer said so).  I asked him to call a manager,
he responded "I am the manager!!!!!".  I spent the next several minutes
describing to him the concept of rounding, and that the software obviously
stunk and was written by thieves (or idiots or both). With these rates, the
"thief" part was a given!

After a while he got the message that I was not going to pay more than 22, and
decided to let his office figure it out later.  After I paid him the $22, I
asked for a receipt.  "I am sorry sir, but that is printed by the
computer!!!". Another 2 minutes were spent figuring out how to write a manual
receipt (which he had, but had never used!!).

John Powell <>

Re: Risks ... to the quality of science (Tobis, RISKS-15.77)

A. Padgett Peterson, Information Security <>
Wed, 20 Apr 94 08:14:59 -0400
>This issue was addressed in a remarkable essay by the eccentric and
>curmudgeonly fluid dynamicist Clifford Truesdell. The essay is called "The
>Computer: Ruin of Science and Threat to Mankind"

Something I have been noticing for some time is the loss of capabilities
along certain lines of thought due to the dominance of others.

Actually the first evidence to me was when the hordes of Radio Shacks came
out and all of the small shops disappeared. Suddenly it was difficult to find
the "low volume" pieces amid the cheap plastic sound reproduction devices.

Later I became involved in a study of magnetic amplifiers and discovered that
research in this country had essentially died out around 1957. I suspect that
the rise of the transistor and integrated circuit which made no provision for
the "L" in a "RLC" circuit. Young electronic engineers look at me strangely
when I ask if they have heard of "Eli the ice man."

Think I'll hold onto my collection of steam engineering books 8*).

>  5. Mathematics is the Science of Infinities. Computation is Essentially
>     Finite.

I suspect this is the real threat. In all of the cases mentioned above,
dominance of the field has resulted in a reduction of the field as promising
technologies are shunted aside for reasons other than technological. In the
mid 1800s Samuel Colt might not have achieved prominence if it were not for
the Czar's purchase of the entire output of Smith & Wesson for several years.

What if Motorola had not been inundated by orders for CPUs by General Motors
in 1980 and the IBM-PC had been 68000 based with a 32 bit flat memory model ?
What if CPM/86 had been available (PC-DOS was actually choice four of three)?
Should we "Think of it as Evolution in action" or "blind chance" ?


Re: Risks of Data Compression (Decker, RISKS-15.77)

John Kennedy <>
Thu, 21 Apr 1994 23:26:29 -0700
  In a previous incarnation, I designed the graphical output of a weather
radar system.  As you can imagine, it was filled with concessions for the
viewer's pleasure (mostly researchers, but some airports too).

  At best, the output was lossy.  Take a float, run it through an algorithm,
convert it to a signed byte (+/- 127), and scrunch that down until you had
about 16 possible different colors, many of which were set to the same value
(usually about 8 different colors total).  Why?  Storms were easy to spot,
useful data crunching really couldn't be done with the eye because it was a
slice through a cloud formation (particular in real-time PPI displays), etc.
The expectations of researchers hadn't caught up with the physical & economic
reality involved with the displays.

  The end result was easy to use picture that could tell you where the wind
was moving, usually involving about 8 different colors, often with lots of
empty space (clear days were very boring).  This data would compress quite
well without data loss.  I wouldn't have expected anyone to match high
(towards) and low (away) velocity colors since they could mean a great deal to
a pilot, especially in a small plane, but you certainly wouldn't like being in
either situation.

  The algorithms and noise present in the uncompressed data should warn anyone
away from using the data too literally.  You'd be surprised at the number of
sites that planted a radar-blinding pole right by the dish, resulting in a
large pie-shaped wedge taken out of every piece of data they ever generated.

 John Kennedy <>;   Communications Services;   USENET admin

Math and money laundering (Wayner, RISKS-15.75)

Erann Gat <>
Thu, 14 Apr 94 11:26:21 PDT
The following two articles appeared immediately following one another in
RISKS 15.75:
>From: (Peter Wayner)
>Subject: God Grants Granite Gift to RISKS Punsters
>Subject: The Soft Pork Underbelly of Efficient Markets

The first article was about the inability of mathematical models to deal
with the hairy edges of reality in the financial markets.  The second article
was about a way to use the futures markets to launder money in a way that
was (the author claimed) essentially untraceable.

The irony of this juxtaposition is striking (so striking, in fact, that I
am wondering if this is a coincidence or a masterful display of editorial
subtlety) because the money-laundering scheme proposed by Peter Wayner
won't work, despite the seemingly rock-solid mathematics that underlies it.

Wayner proposes to use the zero-sum property of the futures market to transfer
money from A to B through the use of balanced trades.  A and B respectively
buy and sell an identical futures contract and then wait until market
volatility has caused A to lose (and B to gain) the amount of money to be
transferred, at which point A and B simultaneously get out of the market.

Some subtle clues leading to a reductio ad absurdum proof that this scheme is
flawed can be found in the original text.  For example, Wayner suggests that A
and B use different brokers so that the coincidental trades will not be on the
same set of books.  So the scenario he proposes goes something like this: A
and B agree to a symmetric trade to be liquidated when the market reaches some
predetermined price point, at which point money will have effectively
transferred from A to B.  After the initial agreement, there is no further
communication between A and B.  In fact, neither has any way of knowing
whether or not the other party has in fact executed their side of the bargain,
and it doesn't really matter.  B's financial position depends only on the
state of the market, which is not affected by whether or not A is playing
(assuming the amounts of money involved are not extremely large).

In fact, B doesn't have to talk to A at all.  There doesn't even have to be an
A.  B can just *pretend* that there is an A out there somewhere who has agreed
to transfer money to B using Wayner's scheme, play the market, and make money.
Or can he?  The critical flaw in this scheme is in the following paragraph
where Wayner describes (fleetingly) what happens when the market doesn't do
what A and B expected it to:

>Person B sells the contract so that if the market goes down, i.e., the wrong
>way, then A and B together have lost no money. It's a zero sum. Now they just
>have to play the game a bit longer or for stakes that are twice as high. You
>can think of the process as flipping a coin until you have encounter a heads.

This little detail reveals this to be just another incarnation of a well known
gambling system where bets are successively doubled on an even bet until you
win.  The problem with the scheme is that even a short run of losses requires
a TREMENDOUS amount of capital to finance the exponentially increasing stakes
required to stay in the game.  In fact, you *can* make money using this scheme
for a little while.  The problem is that when you make money you don't make
very much.  When you eventually (and inevitably) encounter a long run of
losses or unexpected market moves, you lose really big.

Laundering money through electronic markets works only if you can reliably
predict the direction of the market.  If you can do that, you don't have to
launder money.  On this particular RISK I think we can all rest easy.

Erann Gat

Re: [ (Erann Gat): Math and money laundering]

Peter Wayner <>
Tue, 19 Apr 1994 22:59:28 -0400
Double or Doublecross? Your choice.

First, forget about thinking like a mathematician, a gambler or an upstanding
citizen of Wall Street. You are some guy A who wants to move money to some guy
B and you want to do it in as untraceable a way as possible. You're willing to
pay extra for something that looks respectable and guys on Wall Street look
real respectable in their braces and bespoke suits.

The old standbys, gold and gems, are fine, but they are hard to move safely.
Plus you need an "explanation" for how you got them.  Strange business
contracts are okay, but they demand some sort of front operation which takes
time and money to run effectively.

So you turn to the futures market for the first try. Lets say you want to move
n dollars. Luckily, both A and B have enough cash and borrowed funds on hand
to sustain a loss of up to (2^i)n dollars. Let i=4 for the rest of this
example, i.e. 16n dollars of loss reserves.

In 15 out 16 times, the progressive doubling system will work.  The
transaction will be close to untraceable. The only way that anyone would be
able to prove that the transaction occurred would be if they could assemble
both trading records and then match the trades. This can be shielded very
effectively by trading in different countries with different exchanges and
relying on arbitrageurs to keep the markets in line, but it tends to cost much
more in transaction noise.

In 1 out of the 16 tries, things will go wrong. You might say they would go
terribly wrong if you're a nervous criminal B who is afraid that A is going to
doublecross him. Now A needs to get 16 n dollars fast.  This is the big reason
why A doesn't want to play the game alone or try and trick B into playing
without A. If A mirrored the trades, the 16n dollars aren't in the pockets of
a casino or the state lottery. They're just in A's pockets not B's.  In
reality, A and B are back where they were before futures markets were
invented.  They just need to move 16 times more money.

Your reaction to this depends upon the marginal cost of going back to the old
fashioned money laundering tricks.  I think at this point you just take a
bigger truck to haul the gold.  You do some trades with Van Goghs and
Rembrandts instead of Cassats or Sisleys.  In general, many of the transaction
costs for security and other stuff are pretty fixed. Just remember that
auction houses like Southeby's try to take 10% commissions, but they can be
negotiated to be much lower for expensive works. Exciting record breaking
prices attract attention and news.

The futures game is not perfect by any means. There _are_ transaction costs
and problems in logistics. It works best if A+B can lock in exactly the same
price on their trades. But when it is done, you can look at the world and say,
"Gosh, I was completely at RISK!  Thank God my Martingale scheme worked after
all!" All the really smart mathematicians and sober IRS guys who never gamble
because they know the odds will just accept it and think you're crazy to be
doing this with your money. It comes with a built in insanity plea.

So, if your going to do this, choose i to suit your cash/RISKS profile.  If
you have more cash available, then you have a better chance of success.  But
hey, that's life.

Re: Information resource (RISKS-15.76)

Edward Reid <>
Wed, 20 Apr 94 11:08:33 EDT(-0400)
The message from Michael Enlow announcing an "information resource" is
junk mail which apparently has been broadcast widely on the Internet.
My wife and I both received copies of this message. Neither of us has
expressed any public interest in the topics Enlow mentions. Melynda
attempted to reply to the email, asking why it had been sent to her
unsolicited; in reply she received a listing of information from a
mailer daemon. I wrote the "From:" address in the header asking the
same question and have received no reply. I suspect that it was sent to
RISKS by accident, simply by picking up the submission address in some
dragnet for email addresses.

Enlow claims to be retired, but the listing sent by the "info" daemon lists
two apparently active businesses. The info listing does not contain any
advertising or solicitation. I have not retrieved any of the files listed, so
I cannot comment on their value or on whether they contain advertising, except
for one file which is clearly labeled as a catalog. The other files, from
their titles, would appear to promote private investigation in general but not
a specific business.

Enlow's information resource may valuable, but I object to his use of junk
email to publicize that resource. That fact that he did not reply to my
individual request makes me suspect his motives.

Edward Reid, PO Box 378, Greensboro FL (normal)

Re: Green Card Posting

Caveh Jalali <>
Tue, 19 Apr 1994 21:31:55 +0800
  [The 19 Apr 1994 New York Times Business Day section has a lengthy story
  entitled An Ad (Gasp!) in Cyberspace, by Peter H. Lewis, about the Green
  Card ad as its lead story.  Here are some relevant details, via PGNed
  abstracting... For earlier details, see RISKS-15.76 and 77.  PGN]

Laurence A. Canter was quoted as saying, "We will definitely advertise on the
Internet again.  It appears to be a very profitable venture and a very viable
vehicle for advertising a variety of things. I'm sure other businesses will be
advertising on the network in the very near future."

Jeff Wheelhouse, system administrator for Internet Direct, Inc., was quoted as
saying.  "They will not be back on our system," He also said he would not be
deterred by Mr. Canter's threat to sue Internet Direct for $250,000 unless he
is reconnected.  "They crashed our computer about 15 times -- that's when we
stopped counting -- because of the volume of incoming complaints," Mr.
Wheelhouse said. "I lost an entire week dealing with this."

Wheelhouse said Internet Direct would remain firm, despite Canter's threat to
sue Internet Direct for $250,000 and restoration of their electronic mail
privileges.  That amount was what prompted Canter to say, "Conservatively,
that's the amount of business we feel we will get out of this from the ad."

"The Internet is changing," Mr. Canter said. "People don't like the invasion
of what has been their private world.  But as long as it's set up the way it
is, where anyone has access to it, it's a public forum, and they have to
accept anything that comes into it.  "In fact," Mr. Canter added, "I've
received a lot of calls from people who want to know how to do it."  So
pleased is he with the response, in fact, that he said he planned to write a
book on how to advertise on the Internet.

   [However, this suggests a grand strategy.  Run an offensive ad, get chopped
   off, and then sue for the profits you did not make.  PGN]

immigration posting overload and lawsuit

Ned Kittlitz <>
Wed, 20 Apr 1994 12:28:47 -0400 (EDT)
[...] Rather than being wronged parties, it seems that C&S is flirting with a
federal rap in the tradition of the Morris internet worm.  An estimate of
international expenditures of sysadmin time due to the C&S posting might be

E. N. Kittlitz  (,

Speaking of green cards

Wed, 20 Apr 1994 05:55:32 -0400
The most fun response to the Green Card Flap that I saw was in, where someone said "I don't understand why this was posted
here; in this newsgroup we're only concerned with red and black cards"!

(There were followups, but you'd have to be into duplicate bridge to
appreciate them.)

Please report problems with the web pages to the maintainer