The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16 Issue 6

Thursday 12 May 1994

Contents

o Plane accidentally ejects pilot into sea
Frank E Carey
o Tax preparation programs; IRS privacy; IRS computerization
PGN and COOVER
o Digital Defamation in the UK
Brian Randell
o We spy harder!
Mich Kabay
o Killers sue over phone taps
Mich Kabay
o Journalists attack credit card account
Mich Kabay
o Fragmenting of the News
Mich Kabay
o Software piracy vexes industry
Mich Kabay
o Ultra-high dependability and the Channel Tunnel
R.J. Stroud
o Re: Future of US health care?
Amy McNulty
o Re: China Air A300 Crash
David Wittenberg
o Re: Copyright/patent owners: quick correction
Mark Seecof
o Re: Amusing computer-related anecdote about cable
Ry Jones
Paul N Hrisko
o Re: 11-digit ZIP code
Ed Ravin
o Info on RISKS (comp.risks)

Plane accidentally ejects pilot into sea

F E Carey +1 908 949 8049 <fec@arch4.ho.att.com>
Thu, 12 May 94 13:15:56 EDT
TOKYO (Reuter) - The test pilot of a trainer jet built for the Japanese air
force was accidentally ejected when the emergency bailout system mysteriously
functioned, the plane's makers said Tuesday.  Pilot Masahiko Kameishi was
later plucked from the sea by a military helicopter. He was reported to have
suffered minor injuries to his arms and knees.  Kameishi was flying the T-4
two-seater over the Pacific Ocean southwest of Tokyo on Monday when he was
suddenly ejected into the sea with a parachute, a spokesman for manufacturers
Kawasaki Heavy Industries Ltd said.  His co-pilot, seated in the rear, landed
the plane safely at a nearby military base.  The Kawasaki spokesman said the
company was looking into whether the ejection was activated by mechanical
malfunction or by something the pilot may have touched.  More than 100 T-4s
are already in service with the Air Self-Defense Force, Japan's air force.
Kameishi's plane was to have been handed over to the air force June 1.

Frank Carey at Bell Labs       f.e.carey@att.com


Tax preparation programs; IRS privacy; IRS computerization

"Peter G. Neumann" <neumann@csl.sri.com>
Wed, 11 May 94 15:47:47 PDT
1. The following item is apparently from COOVER@MITRE.ORG .  It was sent by
SnailMail to Will Tracz, the new editor of Software Engineering Notes,
presumably for the RISKS section.  Will faxed it to me.

   From Law Practice Management, April 1994, p. 16:

   Well, it's April again and time for the annual buying frenzy for All
   The Latest tax-return software.  Just so you're on notice -- last year
   at this time *PC Magazine* did a comparison of twenty different tax-
   return packages.  When they ran a test scenario through the packages
   (see -- I don't actually have to say it out loud anymore -- you people
   know what's coming), that's right, *every single package* computed a
   different total tax due.

   Sort of like calling the IRS Help Line.

2. Colin Smiley sent me a note observing that his social security number was
visible through the window of the envelope that contained his refund check,
and pointing out the evident risks.

3. The IRS is now beginning the integrated computerization of its entire tax
process.  This presents many interesting risks relevant to our newsgroup, such
as those relating to security, integrity, authenticity, insider abuse, fraud,
violations of privacy, bogus returns, and so on.

4. Your RISKS Moderator is now a member of the IRS's Commissioner's Advisory
Group (CAG), and cochairman of its Subgroup on Technology, Security, and
Privacy.  If you have problems that you believe need to be addressed, please
send them to me (neumann@csl.sri.com) if you do not want them to appear in
RISKS.  The next meeting is coming up in midJune.

PGN


Digital Defamation in the UK

Brian Randell <Brian.Randell@newcastle.ac.uk>
Thu, 12 May 1994 17:48:26 +0100
The following article is quoted in its entirety from the (UK) Computer
Weekly, issue dated 12 May 1994.
  [Brian Randell, Dept. of Computing Science, University of Newcastle,
  Newcastle upon Tyne, NE1 7RU, UK   +44 91 222 7923  ]FAX = +44 91 222 8232]

              Why bulletin boards are a libel minefield

    Nick Braithwaite warns of the dangers of digital defamation
    and how network and bulletin board operators must guard against
    being unwitting participants in user's libellous missive

Libel doesn't figure prominently in most network operators' list of
priorities. Many assume that transient screen messages are private and
unlikely to damage anyone's reputation. Electronic mail and bulletin boards
foster informal communication, so users may be resistant to the idea that
defamation risks are attached to electronic "conversations" .

But beware if you run network or database. You could be in the firing line
for a libel claim.

In the first case of its kind in the UK, Canadian academic Dr Laurence Godfrey
issued a libel writ in London against another academic based in Geneva
claiming he was defamed by a bulletin board message posted on the Usenet
system. If the claim succeeds, hosts and users could soon be contemplating
sizeble pay-outs.

In fact, there's nothing novel about the Godfrey case. Libel suits have
been an occupational hazard for information providers and electronic
database operators for many years, but now network hosts too have begun to
experience defamation problems. Only recently, Compuserve was sued for
libel in the US, while individuals in both the US and Australia have faced
claims over uncomplimentary bulletin board messages.

Are electronic messages "published" for libel purposes? The first requirement
is a degree of permanence in the communication. Most experts now agree that,
if defamatory, even transitory computer messages flashed on screen are
sufficiently permanent, once stored in memory, to be libellous.  Slurs posted
on bulletin boards are even more likely to be held libellous.

The "publication" requirement is minimal, satisfied if just one person
other than the plaintiff sees the material.

Despite the international aspects of the Godfrey case, one solitary viewing of
a bulletin board in England allows a case to be litigated in London, where
libel actions are hard to defend.

The author of a defamatory statement is an obvious libel target, but
corporations with deep pockets usually make more enticing defendants.  Happily
for US-based computer networks, the court in the Compuserve case ruled
Compuserve could not, without editorial control, be liable for defamatory
statements by users.

In England, it is likely that operators will have to prove they were not
negligent or reckless in allowing the statement onto the system. So if you
follow the US standard, you should not exercise any editorial control at all.
If you follow the English standard you should exercise maximum control.

In fact there ought to be no real conflict, because it is difficult to imagine
a court insisting that an operator should vet all messages on the system.

Whichever standard of care prevails, database and public access network
operators will have every incentive to minimise editorial control over what
they carry.

Plainly, for some databases and networks that will not be practical. But for
libel purposes, the ideal is probably to emulate a telecoms carrier,
disclaiming all responsibility for the content of messages.  Some practical
steps to keep the lawyers at bay are:

Check you have a warranty from the subscriber that they will not input
defamatory material. Or, if you are worried about staff messages, put a
warning in their contract of employment. Consider a statement in your user
contract that the operator has no editorial control over traffic on the
system. Display a warning on-screen that the host does not endorse any
defamatory statements. These may not solve every problem, but will help reduce
risk.

  [Nick Braithwaite is a lawyer in the London-based media group of solicitors
  Clifford Chance]


We spy harder!

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
11 May 94 21:51:19 EDT
>From the Reuter newswire via Executive News Service (GO ENS) on CompuServe:

"FORT LAUDERDALE, Fla, May 9 (Reuter) - Three former owners of Value Rent A
Car Inc pleaded guilty Monday to racketeering charges and face prison
sentences of two to five years and fines totalling $2 million."

They are also accused of having wiretapped the offices of Mitsubishi Motors
executives.  Mitsubishi Motors owned 80% of the firm at that time.

[MK:  This is known as taking an interest in management.]


Killers sue over phone taps

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
12 May 94 12:25:19 EDT
United Press newswire (94.05.11 @ 09:59 EDST) via Executive News Service on
CompuServe:

  CAMBRIDGE, Mass., May 11 (UPI) -- A Massachusetts judge continued a hearing
  on a suit by eight convicted murderers who seek to end the state's new
  practice of monitoring inmate phone calls to the outside.
    The eight lifers, saying they are representing all 10,000 state prisoners,
  filed suit against Nynex and Massachusetts corrections officials for tapping
  their phone calls."

The article continues with the following key points:

o   William "Lefty" Gilday, convicted of murdering a policeman, claims that
the phone monitoring system is unconstitutional.

o   Corrections officials argue that "the taps are necessary to curb fraud,
harassment and drug dealing by inmates."

o   Gilday was convicted in 1984 of running a credit-card fraud operation
from prison and defrauding American Express of $4,000.

    [MK:
set flame = on

Interesting perspective on rights and responsibilities, eh?  These folks
remind me of the self-righteous anger of some criminal hackers when legal
processes interfere with their self-proclaimed rights to attack other people's
computer systems.  "Rights for me, not for you; duties for you, not for me."
Could we maybe apply the Key-Escrow Proposal to criminals?  How about "Lock
'em Up and _Throw Away_ the Keys"?

set flame = off

Why is my neck turning red?]

Mich Kabay / not representing anyone else this time.


Journalists attack credit card account

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
11 May 94 21:51:29 EDT
>From the Reuter newswire via CompuServe's Executive News Service (GO ENS):

"FRANKFURT, May 10 (Reuter) - A journalist from a well-known German satirical
magazine has cut off fugitive real-estate tycoon Juergen Schneider from one
source of cash -- by ringing up Schneider's credit card company and cancelling
his account.
     The magazine Titanic said journalist Bernd Fritz had telephoned the
Eurocard company and blocked the account by giving Schneider's name and date
of birth."

The article explains that Schneider has been on the run for over a month and
has filed for bankruptcy.  He is under investigation for credit fraud.

Asked for identifying information, including Schneider's bank, the journalist
picked a bank at random--and was right.

The magazine writers now claim that they will try to block credit cards for
other fugitives.

[Comment by MK: I have been saying for a long time we need PINs for credit
cards!  I hold no brief for the accused man, but it does seem odd that someone
else be able to cancel a person's account.  How would you like it if some
prankster cancelled _your_ credit/bank/phone/... account with a simple phone
call?]

Michel E. Kabay, Ph.D. / Dir Education / Natl Computer Security Assn


Fragmenting of the News

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
12 May 94 12:25:13 EDT
The Washington Post newswire (94.05.11) includes an interesting essay by
Michael McKeon entitled, "Fragmenting of the News."  The author discusses the
declining importance of the mass media for distributing news and the rising
importance of electronic communities where opinions are more uniform.

<

Software piracy vexes industry

"Mich Kabay [NCSA]" <75300.3232@CompuServe.COM>
12 May 94 12:25:02 EDT
United Press International newswire (94.05.11 @ 01:46 EDST) reports on an
interview with Business Software Alliance President Robert Holleyman during
his visit to Microsoft offices in Redmond, WA.

<

Ultra-high dependability and the Channel Tunnel

Robert Stroud <R.J.Stroud@newcastle.ac.uk>
Thu, 12 May 1994 11:49:04 +0000
  [Sent to RISKS courtesy of John Rushby <RUSHBY@csl.sri.com>.  PGN]

From an article by William Hartston, *Independent on Sunday*, 8th May 1994,
p.21 (numbers column)

A major accident in the Channel Tunnel resulting in 70 or more deaths will
happen once in 100,000 years, according to a report by Eurotunnel.
Impressive, but how was it calculated?

Give or take a few millenia, 100,000 years is the time homo sapiens has been
around; 10,000 years ago, you could walk from England to France without
getting your feet wet. So how did Eurotunnel look 100,000 years into the
future? It began with statistics from 1984-90, which showed a total of 313
people killed in railway accidents in Britain, including 99 at stations. With
268 billion passenger kilometres traveled, simple arithmetic yields figures
of 0.08 fatalities per 100 million passenger kilometres plus 0.95 fatalities
per 100 million passenger journeys (for those killed at stations). These
figures, and their French equivalents, were then combined and applied to the
tunnel, as though it were a randomly selected 50km stretch of track, with a
station at each end.

The figure may then be modified by the decreased likelihood of anyone throwing
himself in front of a moving train under the Channel. Fires and derailments,
however, (estimated at 4.4 per cent and 18.5 per cent respectively of the
"total system risk") are likely to have more serious consequences, which are,
in turn, balanced by more stringent safety procedures.

Eurotunnel concludes: 'The Channel Tunnel represents a significant advance in
railway safety' which may be true. But for all the precision, it is little
more than informed guesswork: 100,000 years is a long time on a train line.
The Titanic was unsinkable. Has Eurotunnel overlooked an iceberg too?"

  [I believe Eurotunnel is planning for 10 trains/hour. I think that makes
  one accident every 100,000 years a 10 ^ -10 claim..

  I also heard something about an independent report that had been suppressed
  that argued that the 10 trains/hour figure was unsustainable taking into
  account factors such as gradients, length and weight of trains, time to
  accelerate from stations, etc.   Robert Stroud]


Re: Future of US health care?

<Amy_McNulty@vos.stratus.com>
Wed, 11 May 94 14:18 EDT
In RISKS-16.04, Mark Stalzer (stalzer@macaw.hrl.hac.com) wrote about his HMO
doctor's deliberate "misdiagnosis" of his baby daughter's rash as lupus, in
order to get past the HMO restrictions for referring her to a specialist.  He
was understandably quite upset at having received notification of this
diagnosis in the mail, without any previous phone call or explanation from the
doctor or other HMO personnel.

In addition to the ridiculousness of the HMO doctor having to play games like
this just to refer a patient to a specialist that the doctor feels the patient
needs to see, there's another big risk in this story.  In this age of
nation-wide computer databases like the Medical Information Bureau, this
little girl (and other people like her who were similarly "misdiagnosed" by
the HMO doctors) may now be listed somewhere in some database as having a
serious, pre-existing disease -- which could cause her to be unjustly rejected
sometime next century when she applies for life insurance, medical insurance,
a physically demanding job, college, or who knows what else.  I won't try to
address whether this kind of database is fair or just even when the
information it contains is *accurate*, but it should be obvious to RISKS
readers that in this case (and many others) it could also contain inaccurate,
very damaging information.

     -- Amy McNulty (amy_mcnulty@vos.stratus.com)


Re: China Air A300 Crash

David Wittenberg <dkw@cs.brandeis.edu>
Wed, 11 May 1994 16:46:53 -0500 (EDT)
> The root cause of this crash seems to be a confused co-pilot.

I think you're being much too harsh on the copilot.  He was trying to fly the
plane in a standard way, and the plane's auto-pilot did something
inexplicable.  While perhaps the copilot could have responded better (but note
several other odd auto-pilot actions later), I would have to say the root
cause was the "go-around mode for unknown reasons".

Since people don't always diagnose unexpected behaviour correctly, it is
important to decrease the chances of their being confronted with some
unexpected behaviour in a time or place with little margin for error.  The
question one has to ask about the rather sophisticated auto-pilots now in use
is not "are they perfect?"  We know that they aren't.  But, "How often do they
fail, and can pilots reasonably be expected to recover from the failures?"  By
comparing the dangers of the new technology with the dangers of the old
technology, we can make an intelligent choice.  Unfortunately, the vendors try
to convince us that their technology is perfect, which is clearly false.

--David Wittenberg      dkw@cs.brandeis.edu


Re: Copyright/patent owners: quick correction

Mark Seecof PSD x77605 <marks@latimes.com>
Wed, 11 May 1994 13:37:23 -0700
I won't name names, but another RISKS contributor suggested that copyright
owners or patent holders "MUST" license to all on reasonable terms.  That is
not true.  In general patents or copyrights may be licensed on any terms the
owner can get and the owner may pick and choose licensees at will.  The
exceptions are few, and are related to antitrust issues that do not apply to
99.99% of situations.  Some (other than the U.S.) countries have mandatory
licensing of various kinds of patents and copyrights (e.g., mandatory
licensing of educational textbook copyrights in India), but again, with a few
exceptions, the U.S. doesn't work that way.  And for other pedants like me:
I'm not gonna launch into a discussion of "fair use," music-performance
situations, copyright collectives, weapon patents, and other stuff which would
explain some of the "exceptions" to the general rule I've alluded to.

Think about it.  What competitive advantage would a patent confer if you had
to license it to anyone?  Ditto copyrights.  The whole point of such rights is
to limit the people who can exploit a certain work.

Mark Seecof <marks@latimes.com>  Publishing Systems Dept.  Los Angeles Times


Amusing computer-related anecdote about local cable service

Ry Jones <rjones@poseidon.usin.com>
Wed, 11 May 94 14:22:21 PDT
TCI Cablevison of Washington often has a similar display with a Guru Error
(Amiga) for days on end on the Public Info channels. Also, Cablevision of
Terre Haute, IN used to have a Apple ][+ that would bomb out and draw random
lines on the PI channel. Terre Haute First National Bank built a new building
complete with 6 huge automated computer displays (light-bulb type) and they
often got out of sync, triggering an alarm that would display a very distinct
Commodore Basic prompt on all six signs all night.


Amusing anecdote about local cable svc. (Long, RISKS-16.05)

PAUL N HRISKO <WJCS75A@prodigy.com>
Thu, 12 May 1994 16:54:23 EDT
long-morrow@cs.yale.edu (H Morrow Long)
writes about the error he noticed on his local cable channel recently.

Our local cable system and a couple of the surrounding ones use Commodore
Amigas for such things as the on-line cable guide (The Preview Guide), local
programming information screens, etc... My guess is that there is specialized
software available to the cable operator from whatever company broadcasts The
Preview Guide which is customizable by region, content or whatever (ad
packages come to mind).

A few years ago you could usually look forward to seeing the dreaded Amiga
'Guru Meditation Error' plastered on your cable guide screen whenever there
was a big storm or over a long holiday weekend.  It was amusing at first, but
it soon became tiresome.  Since it hasn't happened in the past couple of years
I'm assuming they've invested in a battery backup or better equipment.  One
risk for them: Since Commodore has gone belly-up, what's going to happen to
their equipment when it dies.  Will they be relegated to searching the
orphaned-computer parts bin at their local used computer store?

Paul


Re: 11-digit ZIP code

Ed Ravin <elr@wp.prodigy.com>
Wed, 11 May 1994 12:14:25 +22321159 (EDT)
The existing 9 digit ZIP code already provides a path to your door -- in most
cases, it maps out to either an individual house, four or five houses,
apartment building, or cluster of floors in an apartment building.

So there's no new RISK with the 11 digit code -- as a matter of fact, it's
already in use on some barcoded mail (but the 11 digit ZIP is only used in the
barcode, so you haven't noticed it yet).  The RISK is that zipcode bloat makes
addressing mail more and more complicated and error-prone for humans, or that
adding extra digits to the ZIP code is being touted instead of making better
use of the existing digits to make things easier for the bureaucrats in the
Post Office.

Ed Ravin, Prodigy Services Company, 445 Hamilton Avenue
White Plains, NY 10601  +1 914 448 4737  elr@wp.prodigy.com

   [Similar comments were received from
     PMDebenham@email.meto.govt.uk, who noted Britain's system is
       often unique to 10 or 20 households,
     grayjw <grayjw@helios.aston.ac.uk>, who noted the use of the
       first few digits to determine insurance rates,
     Chuck Weinstock <weinstoc@SEI.CMU.EDU>,
     Frederick Wheeler <wheeler@ipl.rpi.edu>,
     marty@beta.lanl.gov (Martin G. Halvorson),
     msb@sq.sq.com (Mark Brader), who wondered about the (non)difference
       between giving out a unique address and a unique ZIP,  and
     brown@wi.extrel.com (Vidiot), who noted that the U.S. Postal Service
       is already using the 11 digits.  PGN]

Please report problems with the web pages to the maintainer

Top