The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16 Issue 19

Tuesday 5 July 1994

Contents

o A330 crash: Press Release
Pete Mellor
o States crack down on "cyberfraud"
Mark Seecof
o AI to screen bad from good cops in Chicago
Christopher Maag
o Going to a Computer Conference? Don't use your real name!
Steve L. Rhoades
o Fraud on the Internet
Mich Kabay
o ACM Releases Crypto Study
US ACM
DC Office
o USACM Calls for Clipper Withdrawal
US ACM
DC Office
o Re: Physical Location via Cell Phone
Lauren Weinstein
Willis H. Ware
Robert Morrell Jr.
o Cellular Confusion
Bob Frankston
o Info on RISKS (comp.risks)

A330 crash: Press Release

Pete Mellor <pm@csr.city.ac.uk>
Fri, 1 Jul 94 16:44:40 BST
The following are the contents of a fax message sent to me today by
Dan Hawkes of the CAA (to whom my thanks).
Peter Mellor, Centre for Software Reliability, City Univ. Northampton Square,
London EC1V 0HB   +44 (71) 477-8422,  p.mellor@csr.city.ac.uk

AI/GC-I 22/94R                             30th June 1994
Issue 1
A330 FLIGHT TEST ACCIDENT, 30TH JUNE 1994

Airbus Industrie regrets to confirm that a flight test A330, powered by Pratt
& Whitney PW4168 engines, crashed at 17.50 today at Blagnac Airport, Toulouse,
within the airport boundary.  Seven people were on board the aircraft: four
members of Airbus Industrie personnel, including the Chief Test Pilot, and
three airline pilots. There were no survivors.

The aircraft involved in the accident was serial number 042, which made its
first flight on 14th October 1993 and had accumulated 362 flight hours as part
of Airbus Industrie A330 flight test programme.

The flight being undertaken aimed to test a new autopilot standard intended
for certification with Pratt & Whitney engines for all-weather Category III
operations.

The test was planned to take place with maximum aft centre of gravity, at
minimum speed and with maximum angle of climb.

Immediately after take-off, once the maximum flight attitude was reached
(between 25 and 30 degrees), the test sequence involved switching on the
aircraft's autopilot, simulating an engine failure and cutting off the
engine's associated hydraulic circuit.

For reasons which are yet to be determined, the aircraft suffered a sudden
loss of lateral control. Although it would appear that the pilot regained
control, the altitude of the aircraft was too low to avoid impact with the
ground, especially bearing in mind the extreme conditions of this particular
test flight.

For further information, please contact:
AIRBUS INDUSTRIE - PRESS DEPARTMENT
Tel.: (33) 61.93.33.87 or 61.93.34.31

  [A list of the deceased was appended to the original.  PGN]


States crack down on "cyberfraud"

Mark Seecof PSD x77605 <marks@bierce.latimes.com>
Fri, 1 Jul 1994 13:25:43 -0700
Commentary, quote choice, and paraphrasing by Mark Seecof <marks@latimes.com>.

In a story on page D-2 of the 1 July 1994 Los Angeles Times by Scot J. Paltrow,
we learn of "investigations and enforcement actions directed at individuals who
solicit money for dubious or fraudulent investments through the financial
bulletin boards of on-line services such as Prodigy, America Online, and
CompuServe."

Missouri, New Jersy, and Texas regulators are leading the charge with the
members of the "North American Securities Administrators Assn., the
organization of state regulators" behind them.

"The action also represents an effort by state regulators to assert
jurisdiction over financial solicitations on the bulletin boards, even if the
messages are posted from other states or countries.  The Securities and
Exchange Commission enforcement staff confirmed Thursday that the federal
agency is also looking into the issue."

Among other things, "regulators say penny-stock scammers have moved onto the
bulletin boards, hyping thinly traded low-priced stocks by posting notes with
wildly inflated claims about the companies' propects."

"The on-line services say they are cooperating with regulators but are not
equipped to police the thousands of messages posted daily.  They also say it
is not a proper role for service operators to limit the free flow of
communication, although on-line services often censor sexually explicit or
politically offensive messages."


AI to screen bad from good cops in Chicago

Christopher Maag <exe00461@char2.vnet.net>
Mon, 4 Jul 1994 15:55:12 -0400 (EDT)
[PGN excerpting]

Good cop, bad cop at fingertips: Computer could see possibilities
Peter Kendall, The Chicago Tribune, 1 July, 1994

  The Chicago Police Department has a new computer program that they say will
produce a list of officers likely to "go bad" by committing crimes using
excessive force or participating in other offenses that can get them fired.
The program, built on an $850 off-the-shelf software package, looks at
demographic data and work histories of officers who have been fired for
disciplinary reasons, then scours police personnel databases for current
officers with similar profiles.  Officers who appear on the list would be
contacted by supervisors and counseled on how to avoid committing acts that
could get them fired, sued or even arrested.

  The profile of "bad" cops was developed on the basis race, sex, age,
education, number of traffic accidents, reports of lost weapons or badges,
marital status and other factors, relating to 191 officers discharged between
1988 and 1993.  A comparison of that profile with 2,000 current officers
turned up 141 of those officers who were considered "at risk" for committing
an offense that could get them fired.

  Not surprisingly, the officers' union, the Fraternal Order of Police, is
wary.  "It's another form of Big Brother watching you," said Bill Nolan,
president of the FOP.


Going to a Computer Conference? Don't use your real name!

Steve L. Rhoades <srhoades@netcom.com>
Wed, 4 May 1994 01:54:33 GMT
[Excerpted from MicroTimes  April 18, 1994  Issue #122]

At the fourth Computers, Freedom, & Privacy conference in Chicago last month,
the spotlight was on the growing conflict between the rights of individuals
and the role of government in the digital age.  A luckless Whitehouse House
representative and a lawyer for the NSA tried to convince a varied and
skeptical crowd that government control of cryptography was somehow a Good
Thing;

Meanwhile, in their search for fugitive criminals Kevin Mitnick and
wooden-legged "Agent Steal", the FBI erroneously arrested one unfortunate
attendee whose name happened to resemble one of Mitnick's aliases and
interrogated two others, including an ex-Marine and CIA veteran Robert David
Steele of Open Sources. ...

Steve L. Rhoades, :30 Second Street, Mt. Wilson, Calif 91023
(818) 794-6004  srhoades@netcom.com

  [An article by John Markoff on Mitnick appeared on the
  front page of The New York Times, July 4, 1994.  PGN]


Fraud on the Internet

"Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
30 Jun 94 12:13:32 EDT
>From the Associated Press newswire via Executive News Service (GO ENS) on
CompuServe:

"I-Way Robbery", By DAVID GRAM, AP Writer

   MONTPELIER, Vt. (AP) -- Say you're cruising the information superhighway
from the comfort of your home computer and come across what appears to be
private, inside information on a hot new company.
   "You spend $10,000 on stock -- and lose your money.
   "You've just become a victim of what securities regulators say is the
latest trend in investment scams: frauds perpetrated over computer networks or
bulletin board services by hard-to-track hucksters.
   "Call it I-way robbery."

The author explains that there is a growing number of scams on the Internet and
local BBSs.

Some of the frauds perpetrated through Cyberspace are no different from the
usual techniques: false claims of expertise, theft of investments.  The only
specific technique involves deliberately posting what is intended to look like
private communications in a public venue, then taking advantage of
unscrupulous people's attempt to make a killing in the stock market.  The
specific case mentioned by the author involved two "Canadian companies ...
heavily hyped on computer bulletin board services. Their stock prices tripled
or more in a short period of time, then collapsed. One of the companies was
said to have won a major housing contract in the former Soviet Union; the
other was said to own a diamond mine in Zaire where a major strike had been
made."

The author identifies the nominal non-commerciality of the Internet as a reason
for its popularity among thieves.

[Comment from MK: perhaps these frauds will eventually lead to requirements for
effective identification and authentication of users.  Ultimately, it would be
helpful to see non-repudiation as a feature of all electronic communications.
For the time being, caveat lector.]

Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn


ACM Releases Crypto Study

"US ACM, DC Office" <usacm_dc@acm.org>
Thu, 30 Jun 1994 16:34:47 +0000
                Association for Computing Machinery
                           PRESS RELEASE

Thursday, June 30, 1994

Contact:
Joseph DeBlasi, ACM Executive Director (212) 869-7440
Dr. Stephen Kent, Panel Chair (617) 873-3988
Dr. Susan Landau, Panel Staff (413) 545-0263

    COMPUTING SOCIETY RELEASES REPORT ON ENCRYPTION POLICY;
      "CLIPPER CHIP" CONTROVERSY EXPLORED BY EXPERT PANEL

     WASHINGTON, DC - A panel of experts convened by the nation's foremost
computing society today released a comprehensive report on U.S. cryptography
policy.  The report, "Codes, Keys and Conflicts: Issues in U.S Crypto Policy,"
is the culmination of a ten-month review conducted by the panel of
representatives of the computer industry and academia, government officials,
and attorneys.  The 50-page document explores the complex technical and social
issues underlying the current debate over the Clipper Chip and the export
control of information security technology.

     "With the development of the information superhighway, cryptography has
become a hotly debated policy issue," according to Joseph DeBlasi, Executive
Director of the Association for Computing Machinery (ACM), which convened the
expert panel.  "The ACM believes that this report is a significant
contribution to the ongoing debate on the Clipper Chip and encryption policy.
It cuts through the rhetoric and lays out the facts."

     Dr. Stephen Kent, Chief Scientist for Security Technology with the firm
of Bolt Beranek and Newman, said that he was pleased with the final report.
"It provides a very balanced discussion of many of the issues that surround
the debate on crypto policy, and we hope that it will serve as a foundation
for further public debate on this topic."

     The ACM report addresses the competing interests of the various
stakeholders in the encryption debate -- law enforcement agencies, the
intelligence community, industry and users of communications services.  It
reviews the recent history of U.S. cryptography policy and identifies key
questions that policymakers must resolve as they grapple with this
controversial issue.

     The ACM cryptography panel was chaired by Dr. Stephen Kent.  Dr. Susan
Landau, Research Associate Professor in Computer Science at the University of
Massachusetts, co-ordinated the work of the panel and did most of the writing.
Other panel members were Dr.  Clinton Brooks, Advisor to the Director,
National Security Agency; Scott Charney, Chief of the Computer Crime Unit,
Criminal Division, U.S. Department of Justice; Dr. Dorothy Denning, Computer
Science Chair, Georgetown University; Dr. Whitfield Diffie, Distinguished
Engineer, Sun Microsystems; Dr. Anthony Lauck, Corporate Consulting Engineer,
Digital Equipment Corporation; Douglas Miller, Government Affairs Manager,
Software Publishers Association; Dr. Peter Neumann, Principal Scientist, SRI
International; and David Sobel, Legal Counsel, Electronic Privacy Information
Center.  Funding for the cryptography study was provided in part by the
National Science Foundation.

     The ACM, founded in 1947, is a 85,000 member non-profit educational and
scientific society dedicated to the development and use of information
technology, and to addressing the impact of that technology on the world's
major social challenges.  For general information, contact ACM, 1515 Broadway,
New York, NY 10036. (212) 869-7440 (tel), (212) 869-0481 (fax).

     Information on accessing the report electronically will be
posted soon in this newsgroup.


USACM Calls for Clipper Withdrawal

"US ACM, DC Office" <usacm_dc@acm.org>
Thu, 30 Jun 1994 16:35:37 +0000
                              U S A C M
 Association for Computing Machinery, U.S. Public Policy Committee

                          * PRESS  RELEASE *

Thursday, June 30, 1994

Contact:
Barbara Simons (408) 463-5661, simons@acm.org (e-mail)
Jim Horning  (415) 853-2216, horning@src.dec.com (e-mail)
Rob Kling (714) 856-5955, kling@ics.uci.edu (e-mail)


     COMPUTER POLICY COMMITTEE CALLS FOR WITHDRAWAL OF CLIPPER
            COMMUNICATIONS PRIVACY "TOO IMPORTANT" FOR
                     SECRET DECISION-MAKING

     WASHINGTON, DC - The public policy arm of the oldest and largest
international computing society today urged the White House to withdraw the
controversial "Clipper Chip" encryption proposal.  Noting that the "security
and privacy of electronic communications are vital to the development of
national and international information infrastructures," the Association for
Computing Machinery's U.S. Public Policy Committee (USACM) added its voice to
the growing debate over encryption and privacy policy.

     In a position statement released at a press conference on Capitol Hill,
the USACM said that "communications security is too important to be left to
secret processes and classified algorithms."  The Clipper technology was
developed by the National Security Agency, which classified the cryptographic
algorithm that underlies the encryption device.  The USACM believes that
Clipper "will put U.S. manufacturers at a disadvantage in the global market
and will adversely affect technological development within the United States."
The technology has been championed by the Federal Bureau of Investigation and
the NSA, which claim that "non-escrowed" encryption technology threatens law
enforcement and national security.

     "As a body concerned with the development of government technology
policy, USACM is troubled by the process that gave rise to the Clipper
initiative," said Dr. Barbara Simons, a computer scientist with IBM who chairs
the USACM.  "It is vitally important that privacy protections for our
communications networks be developed openly and with full public
participation."

     The USACM position statement was issued after completion of a
comprehensive study of cryptography policy sponsored by the ACM (see companion
release).  The study, "Codes, Keys and Conflicts: Issues in U.S Crypto
Policy," was prepared by a panel of experts representing various
constituencies involved in the debate over encryption.

     The ACM, founded in 1947, is a 85,000 member non-profit educational and
scientific society dedicated to the development and use of information
technology, and to addressing the impact of that technology on the world's
major social challenges.  USACM was created by ACM to provide a means for
presenting and discussing technological issues to and with U.S. policymakers
and the general public.  For further information on USACM, please call (202)
298- 0842.

   =============================================================

       USACM Position on the Escrowed Encryption Standard

The ACM study "Codes, Keys and Conflicts: Issues in U.S Crypto Policy" sets
forth the complex technical and social issues underlying the current debate
over widespread use of encryption.  The importance of encryption, and the need
for appropriate policies, will increase as networked communication grows.
Security and privacy of electronic communications are vital to the development
of national and international information infrastructures.

The Clipper Chip, or "Escrowed Encryption Standard" (EES) Initiative, raises
fundamental policy issues that must be fully addressed and publicly debated.
After reviewing the ACM study, which provides a balanced discussion of the
issues, the U.S.  Public Policy Committee of ACM (USACM) makes the following
recommendations.

  1.  The USACM supports the development of public policies and technical
standards for communications security in open forums in which all stakeholders
-- government, industry, and the public -- participate.  Because we are moving
rapidly to open networks, a prerequisite for the success of those networks
must be standards for which there is widespread consensus, including
international acceptance.  The USACM believes that communications security is
too important to be left to secret processes and classified algorithms.  We
support the principles underlying the Computer Security Act of 1987, in which
Congress expressed its preference for the development of open and unclassified
security standards.

  2.  The USACM recommends that any encryption standard adopted by the U.S.
government not place U.S. manufacturers at a disadvantage in the global market
or adversely affect technological development within the United States.  Few
other nations are likely to adopt a standard that includes a classified
algorithm and keys escrowed with the U.S. government.

  3.  The USACM supports changes in the process of developing Federal
Information Processing Standards (FIPS) employed by the National Institute of
Standards and Technology.  This process is currently predicated on the use of
such standards solely to support Federal procurement.  Increasingly, the
standards set through the FIPS process directly affect non-federal
organizations and the public at large.  In the case of the EES, the vast
majority of comments solicited by NIST opposed the standard, but were openly
ignored.  The USACM recommends that the standards process be placed under the
Administrative Procedures Act so that citizens may have the same opportunity
to challenge government actions in the area of information processing
standards as they do in other important aspects of Federal agency policy
making.

  4.  The USACM urges the Administration at this point to withdraw the Clipper
Chip proposal and to begin an open and public review of encryption policy.
The escrowed encryption initiative raises vital issues of privacy, law
enforcement, competitiveness and scientific innovation that must be openly
discussed.

  5.  The USACM reaffirms its support for privacy protection and urges the
administration to encourage the development of technologies and institutional
practices that will provide real privacy for future users of the National
Information Infrastructure.


Re: Physical Location via Cell Phone

Lauren Weinstein <lauren@vortex.com>
Tue, 21 Jun 94 10:39 PDT
A particularly disturbing aspect of the cell phone story as it relates to the
Simpson case is that one of the local L.A. television stations had obtained,
by the night of the chase, the printout of all calls made from Simpson's
phone, and was showing the printout, in detail with all numbers exposed, on
the air.  They were also busily calling the numbers and questioning whoever
answered.  By Monday evening, the station was demonstrating how Simpson's
original voicemail announce message had been changed (I would presume by a
hacker) to something I'll categorize as being in very bad taste.

--Lauren--


Re: Physical Location via Cell Phone (Atkins, RISKS-16.17)

"Willis H. Ware" <Willis_Ware@rand.org>
Tue, 21 Jun 94 11:43:54 PDT
There is some apparent confusion in what was reported by Atkins re locating
the Cawlings-Simpson Bronco.  The following is from local media reporting.

The local TV news interviewed a young couple who were on the way to the
beach, pulled alongside the Bronco, recognized Cawlings, fell back and got
the license number, stopped at the first roadside emergency fone [which
are spaced every mile along Southern California freeways], and reported
the event/location.  Parts of the phone conversation with the emergency
dispatcher were played over TV, and the young couple were both present on
TV to tell their story.

Shortly thereafter, a police [Santa Ana ??] patrol car spotted the Bronco
and the Great Freeway Chase was underway.  The same car was said to be the
lead vehicle throughout the chase right up into the driveway at the home.

The Sunday LATimes did have an article concerning the role of the cell
phone in the event.  It is correct that the car received and originated
many calls during the chase.  Some of the calls were from people trying to
persuade Simpson to surrender [e.g., McCabe his former coach], others were
from the police in a negotiating mode, others were with the chase cars
alerting them intended turnoffs onto other freeways and reporting the
status of the occupants.  Parts of some of these calls have been played on
TV, and the content of others described verbally.

The Sunday article reported that "local law enforcement" subpoenaed the
cellular carrier [AirTouch] to cooperate, and the company reported that it
did monitor calls to/from the cellular number.  The article also reports
that law enforcement had obtained a court warrant authorizing tapping of
the cell phone, but it is not completely clear whether this was a separate
action or related to the subpoena action.

The legal facts are that actual tapping does require a court-authorized
warrant [the Wiretap Act of 1968] but access to "transaction records"
requires only a subpoena.  It is possible that law enforcement did both
things just to be safely legal.

The Times interviewed a security consultant from Houston who seemingly
speculated that triangulation had been used to locate the Bronco.  I put it
that way because there has been no statement by law enforcement that it did
more than have AirTouch monitor the calls. Moreover triangulation equipment
for a fast moving nearby target is not likely something that the local law
enforcement authorities would have.  There has been no mention of the
FBI but it is conceivable that it played a support shadow role; it probably
does have triangulation equipment.

The local reporting has been quite explicit that visible sighting of the
car was the basis of locating it, and that the cellphone became involved
only in attempting to resolve the situation.  There have been no official
statements that the cellphone was involved in location; there were the
comments by the consultant that triangulation was - or could have been -
used.

General comment.  A cellular system must know which cell an active call is
in because the system control must monitor adjacent cells and be prepared
to pass the call to one of them when the signal level falls below some
threshold.  So the Bronco's location within some cell could have been
known but it would not be very precise.  If cells get smaller in the
future, then the precision of location will increase - as Derek Atkins
properly points out.  In the case of the Cawlings-Simpson chase, however,
the evidence is that visible sightings were the basis for initiating and
conducting the chase.  Seemingly the facts got garbled as they wandered
around the country and were rewritten for various media occasions.

A cellphone in standby mode also is in contact with cell stations so that
its location will be known for incoming calls.  Again, the location will be
known by the system but only to within the extent of a cell-size.  A
cellphone that is turned off does not transmit and is invisible to the
system.  Whether system designs are such that "sustaining background
monitoring data" is available to the operators is beyond my knowledge --
the same LATimes article did make reference to AirTouch conducting
monitoring for the purpose of detecting fraud.

                Willis H. Ware

  [Some of this was also noted by Mark Stalzer, stalzer@macaw.hrl.hac.com .]


Re: Physical Location via Cell Phone (Atkins, RISKS-16.17)

"Robert Morrell Jr." <bmorrell@isnet.is.wfu.edu>
Tue, 21 Jun 1994 14:26:50 -0400 (EDT)
Derek Atkins wrote of the risk of cellular phones as exemplified by the OJ
Simpson case. I say, what risk? The risk that an accused double murderer will
be arrested? That is a RISK?  Often I have heard of politicians, criminals (my
redundancy checker is broken) caught unawares by the lack of privacy of
cellular phones. There is no insidious plot to this, only the fortunate
stupidity of the cell phone user, who has forgotten how the technology works.
Just because a previous form of communication afforded a degree of privacy,
one cannot assume, or logically legislate that all succeeding forms have the
same. If you use a form of communication it is incumbent upon you to match
your expectations of privacy with the technology, not the other way around.
Bob Morrell


Cellular confusion

<Bob_Frankston@frankston.com>
Sun, 3 Jul 1994 17:27 -0400
Just ran across confusion about cellular service in two disparate sources.
Ann Landers and CNN.

The AL column mentioned Cellular in the headline. The centerpiece was a claim
by Ameritech about how hard it is to listen in and that it was possible to
get secure phones (from whom?). This is, of course, disinformation. The risks
of listening in are not that someone will carefully follow both sides of a
conversation, but that listeners will glean key information from portions of
random conversations. One can argue about how big the threat is, but we know
it is real. The key to the confusion is that the risk is viewed in terms of
tapping a land phone line rather than recognizing that the nature of the risk
has changed because cellular phones are not simply phones with long wires but
a very different base technology.

This same confusion is the basis for the CNN story. As with Ann Landers, CNN
itself is confused. First it reported the story as if this is a new problem
that occurs only far away in the Philippines. The issue is a simple one --
assigning duplicate ESN numbers to phone. The "legitimate" excuse is that
multiple ESN's are simply a way to allow a relative to use your number
without an additional monthly charge and the theft of service is viewed as
the real threat. The loss was quoted as $1,000,000 a year -- obviously a
serious underestimate. I would guess that the provider is attempting to
minimize the fears. What was interesting was the terminology used mimicked
landlines. In fact, they talked about using some one else's "line". The use
of duplicate ESN's is also based on the model of adding an extension not
recognizing the complexities of call routing.

Whatever the risks are of new technologies, viewing them in terms of the old
technology adds a new level of risk and confusion.

As an aside, I'll give the local Cellular One provider (SW Bell) credit for
having a companion phone charge of just $10/month. But, in general, I'm
frustrated by getting a separate bill for each number as opposed to having an
account.  This is a different aspect of the inability of the Telcos to move
beyond a model of single line phone service to the home. (OK, Sprint and some
others supposedly do have smarter ways of handling this).

Of course, there are those that would view this difficulty in changing models
as what keeps technology from changing too fast and is thus a way to reduce
risk.

Please report problems with the web pages to the maintainer