The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16 Issue 37

Weds 31 August 1994

Contents

o Risks of spread-spectrum cordless phones
Don Alvarez
o St. Louis water mishap
David G. Himrich
o Satellite imaging for targeted marketing?
Denis Haskin
o Millennium goes to prison
Henry Troup
o Breakdown of police emergency number
John Colville
o Risks of client search tools (the WWWorm turns, and returns, ...)
Rob Slade
o Changeable `constants'
James Ashton
o Re: vandals Cut Cable, Slow MCI Service
C. Paul Ferroni
o Unintended document contents
Walter Smith
o Re: Bug in Microsoft Word
Steen Hansen
Pete Ferris
Anthony E. Siegman
o Re: system makes bank check forgery easy
Paul Gloger
o More on Real World/Cyberspace ID matching
Paul Green
o Re: pi = 3
Mark Brader
o New indecency rules proposed for all online services
Daniel J. Weitzner
o Info on RISKS (comp.risks)

Risks of spread-spectrum cordless phones

Don Alvarez <dla@cmbr.phys.cmu.edu>
Tue, 30 Aug 1994 09:36:01 -0400
I just purchased a 900Mhz spread spectrum phone from Escort (the radar
detector people).  They don't take P/O's, so I had to order with a credit
card.  I'm not sure I want to show the following credit card receipt to the
ladies down in purchasing...

ESCORT PHONE, WHITE $299
ADULT SIGNATURE REQUIRED

(Thank goodness they didn't name the thing after a Cobra or an English
Sheepdog or mention the "rubber-duckie" antenna... at least this way I only
look like your run-of-the-mill degenerate).


St. Louis water mishap

"David G. Himrich" <76270.1257@compuserve.com>
30 Aug 94 10:56:16 EDT
A pressure valve in the St. Louis city water system opened inadvertently and
the resulting pressure spike damaged water mains in 15 locations throughout
the City.  It also tripped 14 fire alarms by disrupting sprinkler systems.

The city water division suspects that a Southwestern Bell Telephone Company
repair crew caused an "errant electronic command" which opened the 66-inch
(168 cm) diameter valve.  The crew was working on a data transmission line at
the pressure control room at the Chain of Rocks water works in St. Louis.
Southwestern Bell is not officially aware of any link between the repair and
the mishap but will "be happy to work with the city to determine if there is
any link."  [Source: Article by Tim O'Neil and Melanie Robinson in the St.
Louis Post-Dispatch, 30 August 1994.]

 - David Himrich


Satellite imaging for targeted marketing?

Denis Haskin <DWH@epub.ziff.com>
Tue, 30 Aug 1994 13:18:31 -0500 (EST)
A 25 Aug 1994 article in the *San Jose Mercury News* discusses BADGER (Bay
Area Digital GeoResource), an "electronic library of maps, census data,
property lines and environmental features."

This is a project funded by NASA and involves Bay Area cities+towns, a company
called Smart Valley, NASA Ames, Lockheed, and other companies to "create a
shared data base of geographic information about the Bay Area and the software
to help cities use it to identify polluters, prevent power failures or plan
land-use policies."

Sounds pretty benign until you get to the discussion of use of this data by
private companies for identifying potential customers, to wit:

        Organizers say private companies might make use of the mapping service
        as well.  For example, a satellite photo that located swimming pools
        could be cross-referenced to a property-tax map to create a data base
        of pool owners.  That could be useful to pool-cleaning services.

        With high-resolution satellite images, roofers might be able to locate
        homeowners with aging wood shake roofs.

The risks to personal privacy are, I think, obvious.

Denis Haskin, Sr. Mgr., Production Engineering, Information Access Company,
10 Presidents' Landing, Medford, MA 02155   dwh@epub.ziff.com   617 393 3649


Millennium goes to prison

"henry (h.w.) troup" <hwt@bnr.ca>
Wed, 31 Aug 1994 15:07:00 -0400
KINGSTON, Ontario -- The success of a recent trial of the Northern Telecom
Millennium pay phone at Collins Bay Prison in Kingston, Ontario, may mean the
system is set to go to prison for life.

Northern Telecom partnered with the Canadian Federal Correctional Services,
telephone consortium Stentor, and Bell Canada, to customize the flexible
Millennium system architecture to fit the unique demands of a prison setting.
The resulting "Millennium Inmate Solution" includes real-time management of
inmate phone traffic to allow or restrict numbers, and enhance fraud control.

Production on the Millennium Inmate Solution is slated to begin in Calgary by
year-end, after final reviews by Stentor and the federal government. Roll out
to federal prisons coast to coast is planned for the first quarter of 1995.
The new prison phone system was also very well received by the American
Correctional Association when it was shown at their conference this month in
St. Louis, Missouri.


Breakdown of police emergency number

John Colville <colville@socs.uts.edu.au>
Wed, 31 Aug 1994 13:49:15 +1000 (EST)
[Based on radio reports]

Last night (Tue Aug 30), callers to the NSW Police's emergency 000
phone number in Sydney could not get through for a period of about
five hours from 7.30 pm.  Emergency calls to fire and ambulance,
which are also reached by 000, were not affected. One caller, who
was reporting a robbery in progress, was asked to call the local
police station.  000 calls in other areas e.g. Newcastle and
Wollongong were not affected.

The State Commander [Officer in charge of day to day operations for NSW]
said that nothing like this had ever happen before, to his knowledge.

Police are investigating the failure.

John Colville, School of Computing Sciences, University of Technology, Sydney
Broadway, NSW, Australia, 2007  colville@socs.uts.edu.au    +61-2-330-1854


Risks of client search tools (the WWWorm turns, and returns, ...)

"Rob Slade, the famous sleep deprivation experiment" <ROBERTS@decus.ca>
Tue, 30 Aug 1994 12:45:46 -0600 (MDT)
I noticed the following on net-happenings as an explanation of why a promised
World Wide Web search tool was not released.  It doesn't give full details,
but, for those who can read between the lines, you can see that such a local
client search tool would consume enormous amounts of bandwidth.  I'm glad that
the developer had the good sense not to pursue it.  "Some searches were not
meant to be meddled with, Dr. Lemieux!"  :-)

(btw, for those without W3 who want to access the document cited, send mail
to listproc@www0.cern.ch with the command:
        www http://web.nexor.co.uk/mak/doc/robots/robots.html
in the body of the message.)

---------- Forwarded message ----------
Date: Sun, 28 Aug 1994 19:03:53 -0400 (EDT)
SENDER: Mac WWW Worm <lemieuse@ere.umontreal.ca>
Subject: [announce] Mac WWW Worm

     First, sorry for my french colleagues for this english answer.  I
     just didn't want to write it twice...

                  ----------

Here are my presents thoughts about that:

1- Due to the net traffic that would be produce by such an easy-to-use
   'bot, I first decided that it should _never_ be widely released.

2- My Mac WWW worm was an engine designed to search for specific
   topics.  He was downloading lots of pages, but kept informations
   only about a little portion of them.  This way there's a lot of
   wasting in net resource.

   So, if you were striving to get such a tool, you should consider
   using one of the publicly accessible WWW Database.

3- Everyone running a bot without letting other people acces the data
   is _wasting_ resources, and should not be permitted to do that...

Anyone interested in the subject of WWW Robot should consider reading
the following document:

  http://web.nexor.co.uk/mak/doc/robots/robots.html

Before flaming me for not releasing the 'bot, read every thing you can
find under that URL.

                  ----------

Beside that, the MacWWW worm program still contains lots of neat HyperCard
script that can be easily recycled for any internet based material...  I would
accept to share all this material with any other HC-minded people.

Be aware that building net program is not a little thing.  Even if HC
permit it to be really easy, you should always keep in mind that the
internet is a _public_ network.  Don't waste other's resources...

Anyway, thanks for your interest.

Sebastien Lemieux, dept. biol.  lemieuse@alize.ERE.UMontreal.CA
http://alize.ere.umontreal.ca:8001/~lemieuse/

        Ce message a ete reposte par le reposteur TCL
         Pour info: lemieuse@ere.umontreal.ca

    [Very lemieusing!  PGN]


Changeable `constants'

"James Ashton" <jaa@deakin.anu.edu.au>
Wed, 31 Aug 1994 13:41:00 +1000 (EST)
In RISKS-16.36 it was noted that `On some old versions of Basic for PDP-11s,
you could assign any value to the "constant" pi.'  I believe that on some
versions of FORTRAN you could do even better.  You could assign any value to
numerical constants.  While I never tried it, our FORTRAN lecturer told us
that (at least in the local implementation of the time) numerical constants
were collected by the compiler and stored in writable memory.  Statements like
`3=4' could then cause the chaos that you might expect.

James Ashton, Department of Systems Engineering, Australian National Univ.
Canberra ACT 0200 Australia  +61 6 249 0681  James.Ashton@anu.edu.au


Re: vandals Cut Cable, Slow MCI Service (Kabay, RISKS-16.36)

"C. Paul Ferroni" <cpferron@cle.ab.com>
Tue, 30 Aug 1994 08:15:46 -0400
I would suggest that another plausible explanation is that the cut was
designed to allow for insertion of <something> into the line at another point,
while the first cut was being fixed.  While the line was down for repairs,
such an insertion wouldn't be noticed...  I hope someone at MCI is thinking.

-cpf  Paul.Ferroni@ab.com


Unintended document contents

Walter Smith <wrs@newton.apple.com>
Mon, 29 Aug 1994 21:37:36 -0700
> If all you use is printed copies, you're okay.  However, if you give somebody
> the file on disk or send it by E-mail, then there may be unintended info...

This problem is not at all limited to Microsoft Word--there is another way in
which a file can end up containing unintentional disclosures visible to a raw
data editor.  Checking my own disk, I have found several instances of this.

There are many applications that don't write to every byte of their files.  On
the Macintosh (and presumably some other systems), when file space is
allocated, the system doesn't zero the allocated blocks.  Whatever data was
written there previously remains.  Thus, documents can end up with bits of
other--completely unrelated, perhaps sensitive--documents trapped inside them.

It's a particularly insidious problem, because once the old bits are trapped
in the new document, they remain with the document forever.  Even if you
prepare your CD-ROM (or whatever) on a pristine, newly formatted hard disk,
you may be copying little excerpts from the disks of all the machines the
documents originated from.

- Walter Smith / Newton Software / Apple Computer, Inc.


Re: Bug in Microsoft Word

Steen Hansen <steen@kiwi.swhs.ohio-state.edu>
Tue, 30 Aug 94 08:03:27 -0400
In the August issue of Byte Magazine, columnist Pournelle (Chaos Manor)
recommends turning Fast-Save off - he reported losing hours of work because
of it.

Steen Hansen, Computer Specialist, Ohio State University  hansen+@osu.edu


Re: Bug in Microsoft Word (Moore, RISKS-16.36)

<pferris%mohawk.uucp@drd.com>
Tue, 30 Aug 94 00:04:35 -0600
Gadzooks!  You (and the fellow that originally reported it!) are correct.  The
problem also exists on the Mac - though I don't see the "Summary" problem as
he stated for Windows.  Norton revealed the truth of the matter on the Mac.
Still, I don't consider this _fatal_ by any means.  I just won't send out any
Word (Fast Saved - which I keep don't use / disable, BTW!) discs. Thanks to
both of you for the warning(s).

I thought MS fixed the Fast Save bugs in 5.1a (note the "a"!).  Evidently not
this one!  Hullo Mr. Gates, are you there?

Tell me, do you know if this is a problem in Word 5.1a for Macintosh?  I
haven't encountered it yet, but I seldom rip into Word files with anything but
Word. I'm curious, if this might not be used for a (future?) "restore to
previously saved version" type thing... but again, why just on "Fast Save"?!
Hmmmm.... I'd like to hear MS explain/correct this one (making a note to call
tomorrow!).

Bullwinkle sez: "Watch this Rocky! Now I'll use CPS Tools to do a Word file
recover operation and see which variation of the file it prefers... "  I
suspect I know... :-<

Pete Ferris, N5KBD  pferris%mohawk.uucp@drd.com

P.S.: To other readers: I stand corrected here... also: FYI: I use a Mac
so not all Windows stuff is applicable here...

   [Another response from Pete, to Norloff, is omitted here.  PGN]


Re: Bug in Microsoft Word (something similar in WriteNow?)

"Anthony E. Siegman" <siegman@Sierra.Stanford.EDU>
Tue, 30 Aug 94 10:14:37 PDT
>Word summary info area for each document that cannot be turned off.

   I was using On Location (an excellent Mac utility which builds indices and
enables you to find every document on your hard disk containing a given text
string) to look for a letter to "Richard Jones" I had written 2 years ago.  OL
found such a document -- a WriteNow template letterhead I employ -- but when I
opened this document the contents appeared to be a later letter to someone
else.

   On a hunch I tried the WriteNow "Revert to Saved" menu command, and the
original letter to Richard Jones appeared.

   Whether this could be a security hole if I sent the later letter by file
transfer or over a net to someone else who also had WriteNow, I can't say.
Maybe I had only printed the later letter and not Saved it; maybe I typed it
in and did a "Save As", leaving the Jones letter still hidden in the
template's hidden backup area.

   --AES   siegman@sierra.stanford.edu


Re: system makes bank check forgery easy

<Paul_Gloger.es_xfc@xerox.com>
Tue, 30 Aug 1994 02:53:02 PDT
I believe I can explain the reported 6-month auto. purge on check stops, in a
way which precludes the obvious risk in the usual check-stop case, although
not in the actual case reported by Christopher Klaus.

There is a U.S. federal banking regulation which says that a check dated more
than 6 months ago is deemed "stale," relieving the maker of the check of
obligation to honor it.  (The banks don't however themselves generally monitor
the currency of this date, any more than they generally verify that the
signature is valid.  Instead, they generally accept the check only with
recourse to the payee, and subject to collection from the maker; and they send
the maker, their account holder, a periodic checking account statement saying
that he has 10 days [or whatever] to protest, after which he is deemed to have
accepted the checks for payment.  Thus the banks mostly leave it to you to
know and claim your rights, while making very sure that they don't get caught
in the middle.  Thus the only time the bank will actually fully vet a check is
when they're cashing it without recourse back to the payee.)

Anyway, the 6-month-stale rule was presumably established in
pre-current-computer-technology days, to bound the records and balances which
must be maintained for outstanding checks, by the maker for all such checks,
by the maker and the bank for stopped checks.

In conjunction with this rule, a 6-month check stop works fine for checks
which have been made and dated and issued and then stopped for some reason.

In contrast, a check stop doesn't hold up beyond 6 months for blank checks
which have been lost or stolen.  However, you've got the right to simply
refuse a forged check on your account, per the discussion above, so
technically you're still protected; but the bank may make you sweat to
exercise that right.  In this case, I believe the only response that's secure
against even attempted forgery is to close the account, which is what most
banks would push for here.

Paul Gloger <Paul_Gloger.es_xfc@xerox.com>


More on Real World/Cyberspace ID matching (Kabay, RISKS-16.35)

<Paul_Green@vos.stratus.com>
Tue, 30 Aug 94 11:35 EDT
Regarding Mich Kabay's article that reports the welfare benefits fraud case in
the UK and then goes on to make some interesting speculations regarding the
larger issues raised...

If it is indeed true that we can take approximate measurements of multiple
body characteristics and combine them to get a reliable indicator of
identify (passes the common sense test; has any authority written on this
subject?), then why not measure attributes of the face?

>From what I have read of genetics and inheritance, and of course from my
own observations, the human face is highly variable.  We can speculate why
random variation and natural selection has given our species this
characteristic (reliably bonding parents and children?), but given that it
is there, we can also take advantage of it.  For example, we already
measure head size (for hats) and inter-eye distance (for glasses).  Other
advantages are that it is noninvasive, fairly permanent, always at hand,
difficult to forge, and well-established as an acceptable, nontechnical
means of identification.  Some difficulties would be separating identical
twins (and someday, perhaps, clones), and accounting for the effects of
injury, disease, and aging.

As a footnote, I read recently that people whose faces are considered
beautiful have facial measurements that are close to the average.
Measuring faces could be fairly compute-intensive.  If so, in the future,
Helen of Troy could be the face that launched a thousand chips.

(Gotcha!)

Paul Green, Sr. Technical Consultant, Stratus Computer, Inc., Marlboro, MA
01752     (508) 460-2557    Paul_Green@vos.stratus.com; PaulGreen@aol.com


Re: pi = 3 (Dudley, Bible, RISKS-16.35)

<msb@sq.com>
Fri, 26 Aug 1994 19:04:12 -0400
> Actually, my home state of Indiana did try to legislate that the value of pi
> should be 3. Here is some information from the alt.folklore.urban archives
> from an article written by Mark Bader (msb@sq.com)

There are three important corrections to be made here.  First, the act did
not assign pi the value 3; this is quite clear if you actually read my
article.  Taking the term "pi" to mean the ratio of circumference to
diameter, the bill assigned the reciprocal of this ratio the value (5/4)/4,
or in other words, pi = 3.2.

Second, my name is not Bader.

Third, "try to legislate ... the value of pi" is not really accurate.
A closer description of the legislation was that it attempted to
*recognize* a better value for pi.  However, because of the wording
used, if passed it would, as a side-effect, have assigned that value.
The intent is fairly clear from the description in...

> (Further information can be found in "Mathematical Cranks", Underwood
> Dudley, The Mathematical Association of America, Washington D.C.).

Two additional references are:

* Edington, Will E.: "House Bill No.  246, Indiana State Legislature, 1897",
    Proceedings of the Indiana Academy of Science (PIAS), 1935.

* Singmaster, David: "The Legal Values of Pi",
    Mathematical Intelligencer, vol. 7 (1985) #2, p.69-72.

As to the Kings-1 and Chronicles-2 items, one need only murmur the phrase "to
one significant digit".

  [Incidentally several folks noted that the structure need not be circular
  to satisfy the stated conditions; an oval would do just fine.  PGN]

Mark Brader, msb@sq.com             "But I want credit for all the words
SoftQuad Inc., Toronto               I spelled *right*!" -- BEETLE BAILEY


New indecency rules proposed for all online services

Daniel J. Weitzner <djw@eff.org>
Thu, 25 Aug 1994 14:32:40 -0600
(900#s in cyberspace)

I.      Overview

        During the final hours before the Senate telecommunications bill
(S.1822) was marked-up by the Senate Commerce Committee, a provision was added
which would expand the current FCC regulation on obscene and indecent
audiotext (900 number) services to virtually all electronic information
services, including commercial online service providers, the Internet, and BBS
operators.  This proposal, introduced by Senator Exon, would require all
information service providers and all other electronic communication service
providers, to take steps to assure that minors do not have access to obscene
or indecent material through the services offered by the service provider.

       Placing the onus, and criminal liability, on the carrier, as opposed to
the originator of the content, threatens to limit the free flow of all kinds
of information in the online world.  If carriers are operating under the
threat of criminal liability for all of the content on their services, they
will be forced to pre-screen all messages and limit both the privacy and free
expression of the users of these services.  Senator Exon's amendment raises
fundamental questions about the locus on liability for harm done from content
in new digital communications media.  These questions must be discussed in a
way that assures the free flow of information and holds content originators
responsible for their actions.

II.     Summary of Exon Amendment

       The Exon amendment which is now part of S.1822, expands section of the
Communications Act to cover anyone who "makes, transmits, or otherwise makes
available" obscene or indecent communication.  It makes no distinction between
those entities which transmit the communications from those which create,
process, or use the communication.  This section of the Communications Act was
originally intended to criminalize harassment accomplished over interstate
telephone lines, and to require telephone companies that offer indecent 900
number services to prevent minors from having access to such services.  The
900 number portions are known as the Helms Amendments, having been championed
by Senator Jesse Helms.  These sections have been the subject of extension
constitutional litigation.

       If enacted into law, these amendments would require that anyone who
"makes, transmits, or otherwise makes available" indecent communication take
prescribed steps to assure that minors are prevented from having access to
these communications.  In the case of 900 numbers, acceptable procedures
include written verification of a subscriber's age, payment by credit card, or
use of a scrambling device given to the subscriber after having verified his
or her age.  Failure to do so would result in up to a $100,000 fine or up to
two years imprisonment.

III.    Carrier Liability and Threats to the Free Flow of Information

       These provisions raise serious First Amendment concerns.  (Note that we
use the term 'carrier' here to refer to a wide range of information and
communication service providers.  This does not suggest that these entities
are, or should be, common carriers in the traditional sense of the term.)

       Overbroad carrier liability forces carriers to stifle the free flow of
information on their systems and to act as private censors

       If carriers are responsible for the content of all information and
communication on their systems, then they will be forced to attempt to screen
all content before it is allowed to enter the system.  In many cases, this
would be simply impossible.  But even where it is possible, such pre-screening
can severely limit the diversity and free flow of information in the online
world.  To be sure, some system operators will want to offer services that
pre-screen content.  However, if all systems were forced to do so, the
usefulness of digital media as communication and information dissemination
systems would be drastically limited.  Where possible, we must avoid legal
structures which force those who merely carry messages to screen their
content.

       Carriers are often legally prohibited from screening messages

       In fact, under the Electronic Communications Privacy Act of 1986,
electronic communication service providers are generally prohibited from
examining the contents of messages or information carrier from one subscriber
to another.

       Extension of the 900 number rules to all electronic information
services may be unconstitutional

       The regulation of indecent 900 number programming was only accomplished
after nearly a decade of constitutional litigation, with rules being
overturned by the Supreme Court.  The regulations were finally found
constitutional only after being substantially narrowed to meet First Amendment
scrutiny.  Since the access methods offered by online service providers are
significantly different than simple telephone access to 900 services, we doubt
that the same constitutional justifications would support the newly expanded
rules.  This issue requires considerable study and analysis.

       Content creators, or those who represent the content as
their own,
should be responsible for liability arising out of the content

       In sum, it should be content originators, not carriers, who are
responsible for their content.  Any other approach will stifle the free flow
of information in the new digital media.

IV.     Next Steps

       Having only just received the language offered by Senator Exon, EFF
still needs to do further analysis, and consult with others in the online
community.  We also hope to speak with Senator Exon's staff to understand
their intent.  Another important hearing will be held on S.1822 in
mid-September by the Senate Judiciary Committee.  By that time, we hope to
have this issue resolved.  While we agree that these carrier liability
problems are in need of Congressional consideration, we do not believe that
the time is ripe to act.  Before any action is taken, hearings must be held
and careful evaluation of all the issues, not just indecency, must be
undertaken.

Daniel J. Weitzner, Deputy Policy Director, Electronic Frontier Foundation,
1001 G St. NW Suite 950 East, Washington, DC 20001 +1 202-347-5400(v)

Please report problems with the web pages to the maintainer

Top