The RISKS Digest
Volume 16 Issue 73

Friday, 6th January 1995

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


My life as an international arms courier [longish, but good]
Matt Blaze
Work monitoring
Phil Agre
GRE by computer, the sequel
Cris Pedregal Martin
More on "Cell phones in Israeli army"
Heinz Wrobel
Re: Adopting Programming Improvements
Douglas W. Jones
Re: CompuServe-Unisys GIF Tax Protest
Kenneth Albanowski
Info on RISKS (comp.risks)

My life as an international arms courier

Matt Blaze <>
Fri, 06 Jan 95 16:58:50 -0500
  [This is admittedly a bit long, but I thought this experience might be of
  some interest to RISKS readers.  -matt]
    [Matt, Struggling as we are with export controls in the NRC crypto
    policy review, this is quite interesting.  Thanks.  PGN]

Under an obscure provision of US law, devices and computer programs
that use encryption techniques to hide information from prying eyes
and ears are considered ``munitions'' and subject to the same rules
that govern the international arms trade.  In particular, taking such
items out of this country requires the approval of the State
Department, which decides whether exporting something might endanger
national security.  In the past, these restrictions were of little
concern to the average citizen; encryption found most of its
application in military and diplomatic communications equipment.
Today, however, growing concern over electronic fraud and privacy
means that encryption techniques are starting to find their way into
more conventional commercial products like laptop computers and
portable phones.

Mostly to find out what the process was like, I recently applied for a
temporary export license for a portable telephone encryption product
that I wanted to take with me on a business trip to England and

The item in question is more properly called a ``telephone security
device.''  This is a little box that scrambles telephone conversations
to protect them against eavesdroppers; this sort of protection is
sometimes important when discussing confidential business matters from
faraway places.  The particular model I bought was already approved
for export; it employs a cipher algorithm that the government has
already decided is not a threat to national security even should it
fall into the hands of some rogue government.  This model is aimed
primarily, I presume, at international business travelers who want to
communicate in a reasonably secure manner with their home offices in
the states.  In other words, a typical user buys two of them, leaving
one at the home office and carrying the other when traveling abroad.
The options that came with my device included a James Bond-ish looking
acoustic coupler and handset to facilitate its connection to the
hardwired phones that are still common in European hotel rooms.

It turns out that there was recently some discussion in the government
about exempting products like my secure phone from the licensing
paperwork requirements.  Unfortunately, however, this exemption never
actually took effect.  So even though the device I had was already
approved for sale abroad, I still needed to get a temporary export
license before I could take it with me.  But I was assured that ``this
is an easy, routine process''.  Well, sure enough, about two weeks
before I was to leave I got back my official US State Department
``license for the temporary export of unclassified defense articles''.
So far, so good.

>From what I was able to figure out by reading the license (and having
a few conversations with an export lawyer), I'm required to leave from
an international airport with a Customs agent present (no problem
there, although Customs is geared to arriving, rather than departing,
travelers).  At the airport, I'm supposed to fill out a form called a
``shipper's export declaration'' (SED) on which I have to declare that
``these commodities are authorized by the US government for export
only to Belgium and the United Kingdom.  They may not be resold,
transshipped, or otherwise disposed of in any country, either in their
original form or incorporated into other end-items without the prior
written approval of the US Department of State''.  Then I'm to present
the SED and export license to a Customs official at the airport before
I leave.  The Customs officer is supposed to take my SED and endorse
my license to show what I'm actually taking out of the country.

On the way back in, I'm supposed to ``declare'' my item at Customs
(even though it was manufactured in the US) and show them my license,
and they're supposed to endorse the license again as proof that I
have, in fact, returned the ``defense article'' to the safety of the
United States.

The first hitch I ran into was that no one could actually tell me
where I could get an SED form.  But when I called Customs they assured
me that this was no big deal.  ``Just come by when you get to the
airport and we stamp the license.  I guess you can just fill out the
SED there,'' they said.

I made sure to get to the airport early anyway.

Although there was moderately heavy traffic near the airport, I made
it to JFK two and a half hours before my 10pm flight.  I was flying
United, which has their own terminal at JFK, so Customs has an office
right there in the same building from which I was to depart (JFK is
awful to get around, so I was glad for this).  I checked in for my
flight (and got upgraded to first class, which bolstered my
expectation that everything was going to be really easy from here on).
Then, luggage, license and phone in hand, I made my way downstairs to
Customs, expecting to fill out the SED form and ``just have my license
stamped'' as they had assured me earlier on the telephone.  I
explained my situation to the security guard who controls entry to the
Customs area, and he led me to ``the back office'' without much
argument or delay.  The head uniformed Customs guy in the back office
(which I think is same office where they take the people suspected of
being ``drug mules'' with cocaine-filled condoms in their stomaches)
looked approachable enough.  He had a sort of kindly, grandfatherly
manner, and he was playing a video game on a laptop computer.  I got
the impression that most of the people he encounters are suspected
drug smugglers, and he seemed pleased enough to be dealing with
something a little different from the norm.  When I explained what I
was doing he looked at me as if I had just announced that I was a
citizen of Mars who hadn't even bothered to obtain a visa.

He explained, carefully, that a) I really do need the SED form; b) not
only that, I should have already filled it out, in duplicate; c) he
doesn't have blank SED forms; d) he, like everyone else in the entire
US government that I had spoken to, has no idea where one gets them
from, but people must get them from somewhere; and e) it doesn't
really matter, because I'm in the wrong place anyway.

I asked him where the right place is.  ``The cargo building, of
course,'' he told me, patiently.  I remembered the cargo building
because I passed it in the taxi just as the traffic jam began, about
half an hour before I got to the United terminal.  The airport shuttle
bus doesn't stop there.  I'd have to call a taxi.  ``But I think
they're closed now, and even if they were open you'd never make it
before your flight'' he helpfully added, saving me the trip.  He also
complemented me for going to the trouble to get the license.

I must have looked hurt and confused.  Eventually he called in some
fellow in a suit who I presume to have been his boss.

``Are you the guy who wants to export the fancy gun?'' the fellow in
the suit asked me.

``It's not a gun, it's a telephone,'' I responded, with a straight

``Why do you have a license to export a telephone?''  Good question, I
thought.  I explained about the export law and showed him the thing.
He agreed that it looked pretty harmless.

The fellow in the suit reiterated points a through e almost verbatim
(do they rehearse for these things?) and explained that this isn't
really their department, since my license was issued by the State
Department, not Customs, and my situation doesn't come up very often
because exports usually go via the cargo building.  He'd love to help
me, but the computer in which these things get entered is over in
Cargo.  ``That's how the records get made.  But you do have a valid
license, which is nice.''  He also suggested that I would have had an
easier time had I shipped the device instead of carrying it with me.

I asked what I should do, given that my plane was scheduled to leave
in less than an hour.  Neither was sure, but the fellow in the suit
seemed willing leave it to the discretion of the uniformed guy.  ``How
does this thing work, anyway?'' he asked.  I explained as best as I
could, trying to make it sound as harmless as it is.  ``You mean like
that Clipper chip?'' he asked.

At this point, given that he has a computer and knows something about
the Clipper chip, I figured that maybe there was some hope of making
my flight.  Or maybe I was about to spend the night in jail.  In my
mind, I put it at about a 90:10 hope:jail ratio.

Then he asked, ``Do you know about this stuff?''

So we chatted about computers and cryptography for a while.  Finally,
the two of them decided that it wouldn't really hurt for them to just
sign the form as long as I promised to call my lawyer and get the SED
situation straightened out ASAP.  They assured me that I won't be
arrested or have any other trouble upon my return.

I made my flight, validated license in hand.

An aside: Throughout my trip, I discovered an interesting thing about
the phone and the various options I was carrying with it.  Under X-ray
examination, it looks just like some kind of bomb.  (I suspect it was
the coiled handset cords).  Every time I went through a security
checkpoint, I had to dig the thing out of my luggage and show it to
the guard.  I almost missed the new ``Eurostar'' chunnel train (3hrs
15mins nonstop from London to Brussels, airport-style checkin and
security) as the guards were trying to figure out whether my telephone
was likely to explode.

Coming back to the US was less eventful, though it did take me an
extra hour or so to get through Customs.  Expecting a bit of a hassle
I didn't check any luggage and made sure to be the first person from
my flight to reach the Customs line.  The inspector was ready to
wordlessly accept my declaration form and send me on my way when I
opened my mouth and explained that I needed to get an export license
stamped.  That was obviously a new one for him.  He finally decided
that this had to be handled by something called the ``Ships Office''.
I was sent to an unoccupied back room (a different back room from
before) and told to wait.  I thought about the recent Customs
experiences of Phil Zimmermann.  (Zimmermann, the author of a popular
computer encryption program, was recently detained, questioned and
searched by Customs officials investigating whether he violated the
same regulations I was trying so hard to follow.)  After about half an
hour, an officer came in and asked me what I needed.  I explained
about my export license that had to be endorsed.  She just shrugged
and told me that she had to ``process the flight'' first.  As best as
I could tell, her job was to clear the airplane itself through
Customs, that being, technically speaking, a very expensive import.
It would take a little while.  She was pleasant enough, though, and at
least didn't look at me as if she intended to send me to jail or have
me strip searched.

Finally, she finished with the plane and asked me for my form.  She
studied it carefully, obviously never having seen one before, and
eventually asked me what, exactly, she was supposed to do.  I
explained that I had never actually gone through this process before
but I understood that she's supposed to record the fact that I was
re-importing the device and stamp my license somewhere.  She told me
that she didn't know of any place for her to record this.  After some
discussion, we agreed that the best thing to do was to make a Xerox
copy of my license and arrange for it to go wherever it had to go
later.  She stamped the back of the license and sent me on my way.  It
was a little over an hour after I first reached the Customs desk.

My conclusion from all this is that it just isn't possible for an
individual traveler to follow all the rules.  Even having gone through
the process now, I still have no idea how to obtain, let alone file,
the proper forms, even for a device that's already been determined to
be exportable.  The export of export-controlled items is ordinarily
handled by cargo shipment, not by hand carrying by travelers, and the
system is simply not geared to deal with exceptions.  Technically
speaking, everyone with a laptop disk encryption program who travels
abroad is in violation of the law, but since no one actually knows or
checks, no mechanism exists to deal with those who want to follow the
rules.  While (fortunately) everyone I dealt with was sympathetic, no
one in the government who I spoke with was able to actually help me
follow the rules.  I was permitted to leave and come back only because
everyone involved eventually recognized that my telephone was pretty
harmless, that my intentions were good, and that the best thing to do
was be flexible.  If anyone had taken a hard line and tried to enforce
the letter of the law, I simply wouldn't have been able to take the
thing with me, even with my license.  Had I just put my telephone in
my suitcase without telling anyone instead of calling attention to
myself by trying to follow the rules, chances are no one would have
noticed or cared.

Unfortunately, however, these absurd rules carry the full force of
law, and one ignores them only at the risk of being prosecuted for
international arms trafficking.  While it may seem far-fetched to
imagine US citizens prosecuted as arms smugglers simply for carrying
ordinary business products in their luggage, the law as written allows
the government to do just that.  At the same time, anyone who is aware
of and who tries to follow the regulations is made to jump through
pointless hoops that are so obscure that even the people charged with
enforcing them don't know quite what to make of them.

Copyright 1995 by Matt Blaze. All rights reserved.

Electronic redistribution permitted provided this article is reproduced
in its entirety.

Work monitoring

Phil Agre <>
Fri, 6 Jan 1995 16:36:05 -0800
The *Wall Street Journal* has a couple of articles about work monitoring:

  Amy Stevens, Clients second-guess legal fees on-line, The Wall Street
  Journal, 6 January 1995, page B1.

This article discusses several law firms whose clients get daily updates on
their bills, including explanations for each billed bit of time.  Not all
lawyers are happy about this, as one might imagine.  They probably won't get
a lot of sympathy, but imagine a world in which everyone billed by the minute
in real time and had to explain any given minute to the customer on demand.

This trend may be relevant to another article on the same page:

  Barbara Carton, What's up doc?: Stress and counseling, The Wall Street
  Journal, 6 January 1995, page B1.

It's about the growth of stress management programs for doctors who can't
handle being made to see a new patient every fifteen minutes regardless of
the nature of the cases.

Phil Agre, UCSD

GRE by computer, the sequel (RISKS-15.30, Dec 1993)

Cris Pedregal Martin <>
Fri, 6 Jan 1995 15:17:07 -0500 (EST)
GREetings!  Just over a year ago *The New York Times* reported that the GRE
would be (partially) administered with the use of computers. The system was
to be "adaptive" (i.e., questions were selected by the computer based on
previous answers by the person tested).  I pointed out some RISKS in the use
of computers for this in general, and the "adaptive" strategy in particular.

I overlooked a simpler RISK.  According to a story by Alice Demnner in
today's *Boston Globe* (1995 Jan 6, p.4), the computerized GRE has problems
because of *recycled questions*.

Apparently questions repeated so frequently that they could be memorized
and given to other test takers.

The Educational Testing Service (ETS, the private entity that administers
GRE) is "eliminating about three-quarters [!] of the test dates scheduled in
the next five months;" ETS is also "adding questions to the exam."  [Which I
interpret to mean that they won't change the length but will add more
questions to the pool from which the program draws its questions--CPM]
[Well, I interpreted an earlier article to suggest merely that they would
cut down on the opportunities for people to reuse the same answers!  PGN]

The problem was identified by Kaplan Educational Centers, which expressed
doubts that the ETS would be able to cope with the demand for testing with
their reduced schedule.

I guess the lesson is to never underestimate the simplest risks. The
other lesson, not to base a lot on the GRE scores, was always there.

Cris Pedregal Martin            
Computer Science Department            UMass / Amherst, MA 01003-4610

More on "Cell phones in Israeli army"

Heinz Wrobel <>
Thu, 5 Jan 1995 21:20:27 +0100
>From the german newspaper "Starnberger Merkur", January 4th, 1995:

[Sorry, my translation and spelling may be inadequate. I try to get the
meaning across.]

    Pizza in the fields

    Cellular phones make it possible: Israeli soldier's like to order pizza
    delivered even on delicate duty at the lebanon border. [...]
    Almost every night they order food at pizza places and restaurants in
    the neighbourhood. [...] Some pizza joints can already find out about
    troop movement by analyzing the orders.

Even if this currently an exaggeration, it might definitely be a risk for

Heinz Wrobel

   [Ah, yes, the old pizza inference strikes again.  We have had
   various reports in the past relating to increased late-night
   activities in the White House, the Pentagon, etc.  The intelligence
   term for preventing this kind of inference is OPSEC.  I guess in the
   old days it was the apple vendors rather than the pizza parlors that
   were being watched.  This of course led to OPSECing the apple cart.  PGN]

Re: Adopting Programming Improvements (Ballard, RISKS-16.71)

Douglas W. Jones <>
6 Jan 1995 16:35:44 GMT
In RISKS-16.71 Fred Ballard <> discussed the
problems with getting programmers to use new features of programming
languages in their code.  He commented that the example of surgeons learning
to wash their hands before surgery suggested that we should expect long
delays between the introduction of a feature in a language, for example, the
ANSI COBOL solution to the date problem, and the utilization of that feature
by "front line" programmers.

I believe that there's a sound engineering reason for many programmer's
failure to adopt new features of programming languages.  It's more than just
ignorance and cussed stubbornness that keeps some of us writing in, for
example, Kernighan and Ritchie C instead of newer versions of the language!

If I am writing software for a specific system, I have no reason not to
use the full language that happens to be supported on that system.  On
the other hand, if I am writing software intended to be portable, I have
every reason to avoid new features and language extensions.  Each such
feature I use will add to the complexity of the instructions I must give
for porting the program, and each such feature may prevent some potential
user from running my code.

For example, if I want to write code using a sophisticated GUI on UNIX,
you'd probably advise me to use C++ and Motif, or some similar combination
of tools.  On the other hand, not all UNIX systems have C++, and not all
have Motif.  If I want to minimize the work needed to port my code to
new systems, I'd better stick to the older, more universally available
standards, the Xt widget set and K&R C.  Anyone with a UNIX system
supporting X will have those!

Not all system administrators are technophilic, in the sense that they rush
out to get the newest implementation of every language or toolkit as soon as
it's released, and as system administration is decentralized, with each
workstation user responsible for upgrading their software, more and more
people will be running ancient compilers and toolkits simply because it's
too much of a hassle to keep installing the newest versions of every
language on their system.

Doug Jones

Re: CompuServe-Unisys GIF Tax Protest (Bishop, RISKS-16.71)

Kenneth Albanowski <>
Fri, 6 Jan 1995 16:38:12 -0500 (EST)
> This standard needs to:
> 1) Be compact
> 2) Decode fast
> 3) Be free from patent/copyright restrictions
> 4) Be rapidly available
> JPEG is certainly a candidate as it is a public standard. The only
> drawback is the slow decoding time.

I'm not saying that replacing GIF is the best solution, but I should point
out some additional factors that would be useful in a generalized image

* The image format should allow for commentary text.

* The image format should be able to contain arbitrary binary data.

* The image format should support "partial retrieval" where the image data
can be used to construct a low-res version before the entire image is
received. Currently I am only aware of one application, Netscape, that can
make use of this feature, but it is invaluable on low-bandwidth connections.

GIF supports all of these features, although they aren't heavily used.
Various applications make use of the comment field. Fractint uses custom
"tagged" data to store fractal generation parameters in the image, and
Netscape can use interlaced GIFs to support low-to-high resolution retrieval
of an image.

GIF has turned out to be an extremely important and useful graphics format,
with some of it's features (like interlacing) only beginning to be used.
Before replacement of something is considered, we must fully understand what
it is we already have.

Kenneth Albanowski (, CIS: 70705,126)

Please report problems with the web pages to the maintainer