The RISKS Digest
Volume 16 Issue 51

Friday, 28th October 1994

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Stolen account used to send hate mail at Texas A&M
Bruce Sterling via Prentiss Riddle
Orwell was off by 499 channels, and what to do about it
Phil Agre
GRE Computer-Based-Testing scores reconsidered
Carlos I McEvilly
America Online Offlines America
More on backspace problems
John Vilkaitis
CAPS-LOCK Considered Harmful
Barton C. Massey
Microsoft Natural Keyboard
Don Alvarez
Re: Mailing lists risk critical-mass spamming
Paul Wallich
Re: CNID and screening
Robert Ellis Smith
Drivers license as universal ID?
John Sullivan
Info on RISKS (comp.risks)

Stolen account used to send hate mail at Texas A&M

Prentiss Riddle <>
27 Oct 1994 12:25:39 GMT
Bruce Sterling ( cited the following in the
austin.eff newsgroup:

: *The Australian* on Tuesday October 25, 1994:
:         Hacker uses Internet e-mail account to send racist material
: CHARLESTON, West Virginia: A college professor in Texas says someone broke
: into his electronic mail account and fired off racist messages to about
: 20,000 computer users in four States.
: The message brought death threats and other harsh responses from nearly 500
: users who thought it came from Professor Grady Blount, a white professor of
: environmental science at Texas A and M University.
: "My door is locked. We cancelled a class last night and one today will be
: moved to another location," Professor Blount said. He also changed his
: computer password.
: His password was used to send electronic mail messages to 20,000 Internet
: users in Mississippi, Wisconsin, Colorado and Texas.
: The Internet computer network links colleges research facilities and
: individuals worldwide.
: The racist message echoes a flier printed by a white supremacist group
: called the National Alliance.
: It urges readers to send "minority parasites packing to fend for
: themselves" and condemns community development funding as support for black
: "breeding colonies".
: A Texas A and M spokesman, Mr Greg Orwig, said the e-mail address
: apparently was picked at random by someone who tapped into the university's
: computer system on Sunday.

-- Prentiss Riddle  Moderator of austin.eff

Orwell was off by 499 channels, and what to do about it

Phil Agre <>
Thu, 27 Oct 1994 12:48:17 -0700
The NYT has an article about Bell Atlantic's video plans:

  Edmund L. Andrews, A launching pad for a video revolution, New York Times,
  27 October 1994, pages C1, C6 [business section].

The point of the article is that BA wants to deliver video to customers, and
is teaming up with Hollywood types to obtain the content.  The main focus for
Risks, though, is probably the privacy aspects of the scheme.  A few quotes
will probably give the idea:

  "Company executives, convinced that they must distinguish themselves from
  today's established cable programmers [and so they plan to] offer more
  customized entertainment and shopping.

  "Thus, the company has tied together a computer system that could, almost
  like Orwell's Big Brother, monitor the movies that a person orders and then
  suggest others with the same actors or themes.

  "Going a step further, the system would enable advertisers to send
  commercials directly to customers known to have bought particular kinds
  of merchandise.  Thus, people who bought camping equipment from a video
  catalogue might start seeing commercials for outdoor clothing."

  ... "The scale of the new center ... makes clear how serious Bell Atlantic
  is about this venture."

If this sort of thing is really what people want, of course, then that's
their perfect right.  But advocates for other visions of technology can do
plenty to ensure that people make informed choices.  One is to inform people
(in honest but vivid terms) that their program selections and purchases are
being recorded, kept, and used for secondary purposes.  Another is to keep on
building things like the Internet and community networks, and redouble efforts
to publicize them by telling clear, powerful stories about them.  The point is
to show that privacy-enhancing and *genuinely* interactive technologies exist,
and that they are useful, accessible, democratic, entertaining and convenient.

As my colleague Francois Bar emphasizes, this sort of end-user experimentation
is crucial for defining the architectures of the future.  Bell Atlantic and
its brethren are creating top-down, privacy-invasive, 500-channel visions
of the future — even though they haven't worked very well in pilot tests
in carefully selected communities — because that's the business model
they know.  We can try to suppress the Risks associated with this model, but
that's like shoveling the tide back into the ocean — a lot of work.  Another
approach to pursue in parallel is to create alternatives that offer *both*
democratic values *and* a lucrative business model for the people who can
supply the necessary infrastructure.

This process starts with experimentation and continues with public relations.
Here's a plan.  If you're doing something terrific with networks, volunteer
to demonstrate it in your local school.  Have great stories ready to tell
about it.  Ask the kids to tell their parents.  Then write a press release.
Send it to all the newspapers and TV stations in your area — especially the
small ones.  And make it available on the net as a model for others to follow.

Phil Agre, UCSD

GRE Computer-Based-Testing scores reconsidered

Carlos I McEvilly <>
Tue, 25 Oct 1994 23:58:40 -0600
A friend of mine who is from outside of the US, and who is now in
the US for graduate school, took the computer-administered version
of the GRE (Graduate Record Examination) General test last year.

The school where this individual was enrolled had a policy that allowed
accepted students in some departments to begin graduate studies prior to
having taken the GRE, so long as the GRE was then taken and passed with a
minimum aggregate score by the beginning of the second semester.  The
aggregate score was to be the total score in the verbal and quantitative
testing categories — the other category, analytical, was not considered.

With analytical out of the picture and with this person being a non-
native speaker of Enlish, the math (quantitative) section offered
the best hope for scoring badly needed points.

With preparation, things would go fine.  The Computer-Based-Testing
option seemed perfect, because it was scheduled late in December
which allowed some vacation days for pre-test cramming, and it also
promised quick scoring, which would ensure that the results would
arrive at the school before the start of the spring semester.

When the day of the test arrived, my friend felt well prepared
and was especially confident for the math section.

For the five-section test, the software makes a random assignment of
sections drawn from the three categories: verbal, quantatative, and
analytical.  Therefore some categories are repeated (with different
questions, of course).  With my friend's fortunes resting so heavily on the
quantitative category, naturally the computer's random algorithm chose to
assign not two, but THREE analytical sections — the one category not
regarded by the school.  This left one verbal and one quantatative section.
(It seems strange that the computer was not programmed to choose
combinations of 2,2,1 and avoid those of 3,1,1 — but there's more to this

The Computer-Based-Testing administration of the GRE is also known as the
"Computer Adaptive Test (CAT)," because it uses a new technique that
presents different questions of varying difficulty based on this examinee's
previous answers.  Since my friend had done a good job boning up on math,
the software, detecting a run of correct answers, began selecting more
advanced questions.  This was no problem, but it did mean that it took more
time to answer each question.  And the test had both a time limit, and a
minimum number of questions that had to be answered.

Now you see where this story is going — when my friend had ALREADY clicked
the answer of the last required question, and was just about to click
"Confirm" with the mouse, the time expired and the screen went blank.  So
instead of a good score for answering difficult questions, or a low score
for leaving one question blank, my friend received a "No Score," or "NS."
Added to a low verbal score, this was enough to ensure that there would be
no more graduate studies for this student, at least not at the original

The rest of the story:

In September 1994 a carefully hedged letter arrived from the ETS (the
Educational Testing Service, which administers the GRE).  "...We have
recently determined that it is possible that a small number of examinees who
took the [CAT] received a NS (No Score) because they were unable to confirm
an answer selection before time expired...."

The ETS offered to replace the NS with a newly calculated score based on the
completed questions.  The new aggregate score turned out to be 130 points
HIGHER than the minimum that would have been required for the student to
maintain graduate status at the school.

The offer of score adjustment is welcome, but seems to trivialize the
(already incurred) very heavy costs to the student, who had to sacrifice a
full semester of a graduate career while still being responsible for
maintaining cost of living abroad--many visitors to the US on student visas
are not allowed to work, so this was a great drain financially, in addition
to being very stressful for the student.

Compared to some of the stories we read about x-ray machines and airplanes,
this may not seem like much, but it is another reminder that as designers of
information systems we need to remember that our work affects people's
lives, and we should try to anticipate this in our designs.

Carlos McEvilly,

America Online Offlines America

"Peter G. Neumann" <>
Fri, 28 Oct 94 14:42:32 PDT
AOL, now boasting 1.25M subscribers, up by a factor of more than three in
the past year, apparently cannot boast about its E-mail performance.  Yes,
it is handling something like 15 million E-mail messages a month, about 7
times any of its competitors.  But, No, it is not delivering 15 million
E-mail messages a month.  MANY MESSAGES sent to AOL are bounced back to the
senders.  Steve Outing, with 150 AOL subscribers on his discussion group,
complained of getting a few hundred bounces a day.  Message volume seems to
be overburdening AOL's Internet gateway.  AOL admits that a ``bug'' between
21 Sep and 5 Oct 1994 caused outgoing mail to ``go awry'' --- but that has
been fixed.  More recently, five-day delays have been reported for receipt
of mail on AOL.  [Source: An article by John Eckhouse in the San Francisco
Chronicle, entitled "AOL Users Find E-mail Going Undelivered", 28 Oct 1994,
p. D1.]

  [From my vantage point of sending out RISKS, AOL FINALLY provides RISKS
  (comp.risks) as a newsgroup, although most of my direct subscribers have
  not caught on yet and are still getting private subscriptions.  AOL
  apparently splits RISKS issues (normally just under 32K) into max-22K
  chunks, so perhaps one half of an issue gets through and the other half
  doesn't, which at least enables someone to realize that something is
  missing.  A reminder to AOL subscribers: Your mailbox is limited to 550
  messages, after which new incoming mail is simply rejected.
  More-than-week-old messages just vanish.  Presumably that means you should
  not use AOL if you are going to be away for more than a week, or if you
  get a lot of mail.  I presume the newsgroup stuff ages just as rapidly. PGN]

More on backspace problems

Javilk <>
Wed, 26 Oct 1994 18:39:42 -0700 (PDT)
A follow-up to the backspace/delete problem I've been having with my
cut-rate internet service provider, NETCOM.

PROBLEM: Dialing the standard local NETCOM number will occasionaly give me
one server which displays ^? when I hit backspace; and in a later session,
_without_ reloading or restarting my telecom package, give me another server
with a backspace key that properly ERASEs.  I thank the avalanche(!) who
provided me with suggestions on STTY and UNIX arcania. I apologize for
resorting to form replies.  Particular thanks for info on "The UNIX Hater's

1.) Others e-mailed me with the _same_ NETCOM problem!
2.) the duration of the blink of the SD light on my modem
    clearly differentiates the Backspace key from the DEL key, and
    indicates I am always sending BACKSPACE.
3.) The only thing which changes between these sessions is:
    a.) the telephone path,
    b.) Equipment and software on THEIR end.
    c.) The modem's compressions session???

NETCOM's latest official response:
  "Sir, with all due respect, other UNIX personnel do not have the ability
to diagnose concerns about Netcom's system.  They may have experience with
differently configured Sparcs, but it's good to keep in mind that our
configuration may not necessarily be what you are used to."
  "You have repeatedly described a problem that is characteristic of
terminal software problems.  Our technical support staff has diagnosed this
kind of problem innumerable times.... it is in our opinion clear [?] that
any remaining problem is the fault of your terminal software. ... We have
concluded to our satisfaction that this is not an error on our end." [With
original a-gramatica.]  They then repeatedly tell me to put STTY ^H in my
.login, file, which they have already done WITHOUT my permission!  It does
NOT, and CAN NOT work as both my modem, and the command line clearly show
they receive the ^? code, hex 7F, "DEL"; Not ^H, 08, "Backspace"."

Something on NETCOM's end occasionally decides (at log-in) to map both
BACKSPACE and DEL together to the DEL code.
  The ONLY way I can fix the problem, is by typing STTY ERASE, and then
tapping the key which is, at the moment, producing the ^?  code at their
command level — the backspace (^H) key; usually after I commit a blunder I
can not backspace out of!  I often hang up.
  The RISK of not fixing intermittent problems is having to increase your
marketing budget.  Same for not understanding English.

John V. Vilkaitis, Senior Consultant, Software General Corp. 408-983-0518

     [John asks whether anyone knows of a more competent internet server
     for less money serving both Northern California and Connecticut.
     Unfortunately, each one has some partially overlapping set of problems.
     RISKS does not wish to get into a war among the Internet service
     providers, more or less all of whom have been dinged here at one time
     or another, and all of whom seem to be eagerly creating their images
     as fly-by-nighters.  RISKS most equanimiously hopes that a little public
     exposure will goad them into doing something reasonable.  Our very best
     wishes to all of them for getting well soon.  PGN]

CAPS-LOCK Considered Harmful

Barton C. Massey <>
25 Oct 1994 22:49:40 -0700
IMHO, the worst button-placement crime is one almost every
computer manufacturer for the last 20 years has perpetrated:
the CAPS-LOCK key on the keyboard.

Consider: this is a key which has a completely different
interface than every other key on a standard keyboard (toggle
instead of momentary contact), which performs a function almost
completely obsoleted 15 years ago (by decent text-editing and
word-processing software), and which is a factor in a number of
fiendish user-interface traps.

As an example of the latter point, consider the most common
solution around our shop to "I can't log into my account
anymore", namely, "Did you bump the CAPS-LOCK key on?"  Since
the characters of the password are (IMHO quite rightly) not
echoed, and since the password is (IMHO quite rightly)
case-sensitive, there is no obvious indication given to the user
of this error.

Another example, which has bitten me several times, is what
happens under many versions of UNIX when I inadvertently type my
login name (a single smooth motion) before realizing I have the
CAPS-LOCK key on.  The getty program (IMHO quite cleverly)
decides that I must be on an uppercase-only terminal (when was
the last time you used one of those babies?) and configures the
TTY driver accordingly.  The only ways I know of to cure this
condition are (1) type a control-D at the login process to
restart getty, or (2) get logged on (assuming that my current
password contains no uppercase characters, or that I remember to
backslash them) and type "stty -lcase" (I understand why the
parameter is called "lcase" instead of "ucase", but I'm still
amazed at the choice of name):  suffice it to say that I
consider neither method intuitive, or obvious to a novice.

Manufacturers, please: let's make this particular dinosaur extinct.

Bart Massey

Microsoft Natural Keyboard

Don Alvarez <>
Wed, 26 Oct 1994 16:38:53 -0400 (EDT)
This is more of an anti-risk than a risk, but I thought a mention of the
Microsoft Natural Keyboard might be appropriate.  In case you haven't seen a
picture of it, it's an ergonomic keyboard with the left and right hand key
areas tilted in two planes for more natural hand positioning.

It was the best looking design I'd ever seen in a $99 keyboard, so I bought
one.  At the risk of being incredibly subjective, I love it.  This is one of
the nicest keyboards I have ever used.  (50th percentile hand dimensions
make me a keyboard-designers dream)

*BUT* it p***es me off that it is still a secretary's keyboard.  I
understand that it has to be as close as possible to an 1890's QWERTY
keyboard for backwards compatibility reasons, but:

The caps-lock key is where the control key *should* be, requiring an
impossible stretch of the left pinky every time a right-handed control
character is required.

A similar stretch of the right pinky past the '/" key is required to get to
the enter key.  That stretch of the pinky was fine when you only hit the
enter key every 60 characters or so, but it is (IMHO) unadvisable for
programmers, spreadsheet users, etc., who are likely to need to hit the
enter key every ten or fifteen characters.

Speaking from personal experience with a Dec keyboard I suffered
considerable hand pains from those pinky-stretching motions until I
rebound the control key on top of the physical caps-lock key and swapped
the enter and '/" keys.  The change in my hand problems was immediate and
dramatic.  [If anybody knows of a Dos/Windows way to do that rebinding
please let me know (email to me, not risks... I'll summarize if people
want).  I've tried doing it with the DOS ANSI driver but the '/" and enter
keys only seem to accept incompatible combinations of shift, control, alt,
etc. modifiers]

Anyway, on the whole I'd say Microsoft did a real nice job on the hardware
(installing the new keyboard driver software on my laptop was another
story, but we all know hardware companies rarely write good software :-)


(Just my opinions, of course... your handage may vary)

Re: Mailing lists risk critical-mass spamming (Sylvar)

Paul Wallich <>
Wed, 26 Oct 1994 11:05:53 EDT
    Many lists accept posts from non-subscribers.  One need only know
  that the list exists and where to send contributions.  It would be a simple
  task to poll ten thousand LISTSERVs for a list of lists.  Having compiled
  such a listing, one could then send one's advertisement into several
  hundreds of thousands of mailboxes.

It's been done. In mid-September I (and the readers of all the other
publicly-known mailing lists beginning with A or B) got a pitch for a
remote-backup service that started, "Dear Friend, since you read email..."

Paul Wallich

   [It can happen to RISKS BITNET subscribers and USENET comp.risks readers,
   but not to the mainstream direct subscriptions.  This was a problem only
   in the early days of RISKS, where my distribution macro on the Foonly
   made the live broadcast address accessible while it was being run.  PGN]

CNID and screening

Robert Ellis Smith <>
Wed, 26 Oct 94 12:56 EST
A. Padgett Peterson wrote in RISKS that everybody should have Caller ID, to
screen unwanted calls to a computer system or a personal telephone.  There's
a difference between Caller ID - which transmits and displays the number of
the calling party, often without that person's full awareness - and
programming one's telephone or modem to screen out unfamiliar incoming
telephone numbers.  Devices for screening out unfamiliar numbers are on the
market and may be used without subscribing to Caller ID.  These devices - or
software that does the same thing - present no privacy problems that I can
identify.  It's the display of the number and the ability to capture it for
later commercial exploitation that create the privacy problems.  Robert
Ellis Smith, Privacy Journal, Providence, RI

Drivers license as universal ID?

Thu, 27 Oct 1994 15:05:53 -0500
Minnesota is just introducing a new drivers license, with new security
features, as well as a bar code and a magnetic stip (with full name, date of
birth, and license number).  The photo and signature are digitized, and
presumably stored by the state as well as being printed on the card.  I
learned about the new licenses from an article in City Pages, a free weekly
here in the Twin Cities.

The new licenses are produced (for $1.29 apiece) by Deluxe (the check
printers).  About 4000 drivers had to go back to have their pictures retaken
because they were transmitted at night from one computer to another over
"incompatible phone lines" [whatever that means] and billions of bits went
"screaming into the ether".  Deluxe blames a subcontractor.

Since the magstripe can hold about 256bytes, there have been discussions
about what else might be stored there.  Things like a list of cars and guns
registered in your name, perhaps.  Or, people receiving food stamps or
welfare might use their license to obtain their benefits, either at a
food-store cashier or from an ATM.

Don Gemberling, director of MN's Public Information Policy Analysis Divison,
evidently did raise the privacy issues during the planning process, noting
that a "universal personal identifier ... has been consistently resisted in
this country".  Alice Gonzalo (assistant director of DVS, the state Driver
and Vehicle Services Division) notes that DVS already sells driver's license
information, sorted by different fields.  (One could buy a list of
Minnesotans over 6'3", for instance.)

There is already a national database of drivers with commercial licenses,
called AAMVANET, and there are plans to expand this to all drivers.
In Wisconsin, a driver's license can be suspended for failure to pay
fines unrelated to driving (like library fines).

MN dept of Administration's Bob Schroeder says
    In my opinion, the driver's license has nothing to do with driving.
    How many times have you pulled it out because an officer asked you
    for it?  You pull it out much more because someone at a store of a
    check-cashing place wants to know who you are.  It has less to do
    with driving and more to do with being a universal identifier, a
    way for you to be identified over the long term.  Business really
    relies on the state to establish this sort of identifier for them.

-John Sullivan

Please report problems with the web pages to the maintainer