The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 20 Issue 11

Tuesday 8 December 1998

Contents

o San Francisco power outage delays this issue
PGN
o How a FUSE caused a hospital to disconnect from the Power Grid
Joan L. Grove Brewer
o FAA investigating near-collision of passenger jets off Long Island
Richard Schroeppel
o Y2K panic could be as disruptive as computer problems
Declan McCullagh
o NRC ERDS TMI risk?
Lloyd Wood
o MS Outlook's calendar shifts with time zone
Greg Marriott
o Shanghai entrepreneur tried in China
Edupage
o Typo causes wild stock fluctuations for wrong company
Lee Somerman
o Wassenaar Arrangement signed
Seth David Schoen
o "A very interesting development": export exemptions for free software
Seth David Schoen
o Electronic Vote Rigging? Shurely shome mishtake...
Malcolm Pack
o Spamming to Spy
Dick Mills
o Re: Dulles radar fails for half-hour
Steve Peterson
o Re: the Internet has {no|perfect} memory
Mike Perry
o A risk --or at least a highly undesirable use-- of JavaScript
Joe Thompson
o Faulty failure modes
Mike Ellims
o Re: Root login on SecureID server
Jay R. Ashworth
o Author response to Slade review of Democracy & Technology
Richard Sclove
o Info on RISKS (comp.risks)

San Francisco power outage delays this issue (PGN)

Neumann@CSL.sri.com <"Peter G. Neumann">
Tue, 8 Dec 1998 11:33:12 -0800 (PST)
At 8:15 this morning, failure of a power substation in San Mateo County
south of San Francisco propagated, knocking two power plants off line, and
affecting about 372,000 customers in San Francisco and some northern
Peninsula cities, some for up to two or three hours.  The blackout took down
the SFO Airport, the Pacific Stock Exchange, rapid transit, and ATMs, as
well as homes, offices, and hospitals.  There were reports of people stuck
in elevators and problems with home medical equipment.  SFO was back up by
9:45 with emergency generators.  The surge was felt in the North Bay and
East Bay as well.  SRI experienced only a power blip, but it was enough to
wipe out a bunch of servers throughout the institute; CSL's computers were
down for more than two hours.  [Sources: patched together from various
early on-line reports...]

  [I look on this as a further reminder of how dependent we are on
  electric power, and how outages tend to propagate.  Y2K-ologists will
  undoubtedly take this as a microcosm of what might happen on 1/1/00.]


How a FUSE caused a hospital to disconnect from the Power Grid.:-)

"Joan L. Grove Brewer" <pegasus@transport.com>
Sun, 6 Dec 1998 15:29:29 -0800
In April 1998, the Valley Medical Center in Renton WA attempted to cut over
to its new power cogeneration plant, independent of the local utility's
power grid.  The staff was apparently not adequately prepared, because it
was assumed the cutover would be seamless.  Initially, the hospital indeed
ran smoothly, but then lights began to flicker, ventilation fans cut out,
alarms beeped, and computer screens blinked on and off.  [Source: How a $5.9
million power plant brought a hospital to its knees, by Byron Acohido,
Seattle Times staff reporter, *The Seattle Times*, 6 Dec 1998,
http://www.seattletimes.com/news/local/html98/vall_120698.html;
PGN Abstracting]


FAA investigating near-collision of passenger jets off Long Island

Richard Schroeppel <rcs@VISI.NET>
Tue, 8 Dec 1998 09:13:50 -0500 (EST)
A near collision between two Europe-bound passenger jets (British Caledonia
L-1011 and Delta 767) occurred on the evening of 6 Dec 1998, avoided by
onboard collision warning systems.  Controllers blamed the absence on the
expected earlier (2.5 minutes) warning from controllers on the failure of
the Boston air-traffic control center in Nashua NH; the FAA is
investigating.  Over the same weekend, the FAA blamed onboard TCAS systems
for a near collision over Albany NY.  [Sources: *San Francisco Chronicle* 8
Dec 1998, A3 unsourced, and an AP item from Boston, 8 Dec 1998,
http://www.nandotimes.com; PGN Abstracting]


Y2K panic could be as disruptive as computer problems

Declan McCullagh <declan@well.com>
Fri, 04 Dec 1998 12:36:38 -0500
One of the more interesting -- and perhaps serious -- Y2K risks is not
computer snafus, but widespread panic. As Y2K coverage becomes increasingly
mainstream (60 Minutes and CBS News ran pieces this week), stockpiling by
individuals and businesses could lead to a recession or even bank runs. At
least that was the verdict at a Y2K summit on Thursday. --Declan

http://www.wired.com/news/news/business/story/16618.html
Bankers: Prepared for a Panic? 4:50 p.m.  3.Dec.98.PST
by Declan McCullagh (declan@well.com)

Fear of electric-power outages and bank failures could lead to widespread
panic as disruptive as the Y2K glitch itself, Senator Robert Bennett warned
Thursday at the first summit organized by President Clinton's Y2K council.
"Even if the Y2K problem is solved, the panic side of it can end up hurting
us as badly," said Bennett, the Utah Republican who heads the Senate's Year
2000 committee. [remainder snipped]


NRC ERDS TMI risk?

Lloyd Wood <L.Wood@surrey.ac.uk>
Fri, 4 Dec 1998 12:56:19 +0000 (GMT)
From: http://xent.ics.uci.edu/FoRK-archive/nov98/0071.html

[Ob-Bits] I recently discovered something interesting about the NRC's
(Nuclear Regulatory Comm.) ERDS (Emergency Response Data System).
Instituted as a response to TMI (Three Mile Island) ERDS is the computer
link that US nuclear plants are supposed to use to transmit critical release
data in the event of an accident. Well, guess what, they have ONE modem at
the NRC. A big help that will be on Jan 1, 2000. Sleep tight.  [No URL
available, this is my own observation]

<L.Wood@surrey.ac.uk>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>


MS Outlook's calendar shifts with time zone

Greg Marriott <greg@spies.com>
Sat, 5 Dec 1998 14:41:47 -0800
Martin Minow <minow@pobox.com> suggested that I send this item.

A friend told me about this a few weeks ago. I didn't believe him. I had to
see it for myself.

Just imagine... [wavy dream lines]

You live in San Francisco and go to New York for business. You enter all
your business meetings in MS Outlook's calendar on your Windows laptop
before you leave. You fly to New York and adjust your location (time zone)
so your computer will what time it is. Then you miss a crucial appointment
because the calendar claims a meeting is at 3pm even though you said it was
at noon.

All your appointments get time shifted when you change your location. They
claim this is a feature. I kid you not.

I can only guess that somebody decided appointments should be stored as GMT
and then displayed as local times depending on the time zone the computer
thinks it's in.

As to why they thought this was a good thing, I have no clue.

Greg Marriott


Shanghai entrepreneur tried in China (Edupage)

Edupage Editors <edupage@franklin.oit.unc.edu>
Sun, 06 Dec 1998 13:36:36 -0500
The Chinese government has put 30-year-old Shanghai computer software
businessman Lin Hai on trial for "inciting the overthrow of state power" by
providing 30,000 e-mail addresses to a U.S. Internet magazine called "Big
Reference" published by Chinese dissidents.  Chinese authorities closed the
four-hour trial for what it said were "national security" reasons, and
"persuaded" one member of Lin's legal team not to attend the trial.  Lin's
wife Xu Hong, who was questioned by the police for six hours, has indicated
that Lin's lawyer "said he didn't have a very good feeling -- that things
won't be good for Lin and he will probably be found guilty."  (*The Washington
Post*, 5 Dec 1998; Edupage, 6 December 1998)


Typo causes wild stock fluctuations for wrong company

"Lee Somerman" <lee@lmsconsulting.com>
Fri, 4 Dec 1998 20:29:42 -0800
That's Ticketmaster, With an 'S'
Wired News Report, 3 Dec 1998

Ticketmaster Online-CitySearch's initial public offering later today will
raise a whopping US$98 million for the online entertainment guide. It also
bolstered the fortunes of a tiny office cleaning company in Manhattan,
thanks to a misprint.  Ticketmaster's stock is slated to trade under the
symbol TMCS. But Reuters and ZDNet mistakenly printed the symbol as TMCO in
their coverage of the IPO.

TMCO is the stock symbol of Temco Service Industries International.  Because
of the erroneous reports, the stock zoomed to an all-time high of $65 from
$23. In early afternoon trading, the stock settled back down at $31, after
investors apparently figured out their mistake.

Representatives of the company were not immediately available for comment,
nor were Ticketmaster officials.

Talk about a random walk on Wall Street.


Wassenaar Arrangement signed

Seth David Schoen <schoen@uclink4.Berkeley.EDU>
Fri, 4 Dec 1998 13:15:01 -0800
According to a press release and Reuters reporting, the Wassenaar
Arrangement, a major treaty on export controls, has been signed by 33 member
states.  The most significant provision of the Arrangement from the point of
view of most computer users is a promise by signatories to adopt US-style
export controls on cryptography.

While the Arrangement does not dictate specific policies for its member
states, they are still expected to try to bring their export rules in line
with certain standards, which analysts said were dictated by the US and
intended to promote an anti-crypto agenda.

The member countries are Argentina, Australia, Austria, Belgium, Bulgaria,
Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary,
Ireland, Italy, Japan, Republic of Korea, Luxembourg, The Netherlands, New
Zealand, Norway, Poland, Portugal, Romania, Russia, Slovakia, Spain, Sweden,
Switzerland, Turkey, Ukraine, United Kingdom, United States.

Some of these countries are presently the major sources for the international
distribution of cryptographic software.

http://biz.yahoo.com/rf/981203/3l.html
http://www.wassenaar.org/


"A very interesting development": export exemptions for free software

Seth David Schoen <schoen@uclink4.Berkeley.EDU>
Fri, 4 Dec 1998 14:15:13 -0800
According to some international developers of crypto software, some
Wassenaar countries have exemptions in the works for free or Open Source
crypto software (with various definitions of what's allowed).  There are
also supposed to be exemptions for public domain software.

The Norwegian developer Eivind Eklund wrote on slashdot.org:

   I just got information on how Norway (where I live) implement this
   (ie, how the regulations are changed). The new rules prohibit export
   of crypto-software, but with a deliberate exception for open source
   software. This is a very interesting development.

Several other countries seem to be developing similar policies (including
Sweden and Canada); these rules could protect the development of free crypto
software on the Internet.

Seth David Schoen L&S '01 (undeclared) / schoen@uclink4.berkeley.edu


Electronic Vote Rigging? Shurely shome mishtake...

Malcolm Pack <mpack@email.com>
Fri, 04 Dec 1998 06:00:45 GMT
I recently received the following e-mail from a former colleague:

> An attempt is being made to influence the result of the voting for BBC
> Sports Personality of the year. It has been decided that David Beckham
> would provide most embarrassment to the organisers if winning, so
> could you all e-mail your vote to the following address:
>
>    <sports.review@bbc.co.uk>
>
> More importantly, can you forward this mail to all your mates &
> acquaintances ASAP in the hope that they will participate.
>
> Your co-operation in this matter is greatly appreciated.

For those with no interest in English sport, David Beckham was the player
who, by deliberately fouling another player during the recent Football
(Soccer) World Cup in France, made himself responsible (the scapegoat?) for
England's departure from the competition. To have to proclaim him "Sports
Personality of the Year" would indeed be a delicious and embarrassing irony
for the BBC.

<http://www.bbc.co.uk/info/news/news132.htm>

The intent of the mail is relatively harmless, even amusing. The risks to
the BBC of opening up the voting to such an inexpensive, anarchic, insecure
and easily-spoofed medium as e-mail are, as we so often have to say, obvious.

Needless to say, I've already registered my vote. ;-)

Malc, Southend-on-Sea, UK


Spamming to Spy

Dick Mills <dmills@albany.net>
Sat, 12 Dec 1998 20:54:32 -0500
In RISKS-20.10,  <jstok@SPAMBLOCKED.apana.org.au> (Jason Stokes) wrote
about voice mail with embedded audio playback software embedded in
e-mail.  He said:

>I don't have to remind comp.risks readers of the potential for viruses and
>Trojan horses to spread after being inserted into executable files sent
>over e-mail.  Ugh.

The post prompted me to think of the reverse kind of Trojan horse.  If users
accepted e-mail with embedded programs, and also leave their audio systems
and or video systems enabled, then someone could send a mail message that
would launch a program that would turn on the microphone and camera
and transmit the information back to a remote location.  Bugging via spam.

Hmmm, I wonder if there's an Internet enabled PC in the Oval Office or in
the corridor outside?

Dick Mills  http://www.albany.net/~dmills


Re: Dulles radar fails for half-hour (RISKS-20.10)

Steve Peterson <speterson@virtation.com>
Mon, 07 Dec 1998 22:56:45 -0600
RISKS-20.10 reports that, due to a radar failure, "controllers had no
information on the altitude, airspeed or identification of about a dozen
planes circling the airport."

While radar failures are certainly important, it's wrong to say that radar
failures deprive controllers of this information.  In this situation, pilots
report all three items (plus their position) to ATC via radio.  ATC
procedures provide for increased separation between aircraft to compensate
for the lack of radar data.

In the US (and presumably elsewhere), there are many places where reports by
the pilot are the _only_ source of information on the location of aircraft.

Steve Peterson, Principal Consultant, Virtation Technologies, Inc.
http://virtation.com  +1 612 948 9729


Re: the Internet has {no|perfect} memory (RISKS-20.09-10)

<Mike_Perry@DGE.ceo.dg.com>
Fri, 4 Dec 1998 21:39:06 est
Before the last election here in the UK, the Labour party was against
controls on encryption, and promised, on their website, to oppose them.

Now that they are in power, they are planning to introduce a law
controlling encryption - all the usual key escrow, TTP stuff.

And they've quietly removed the pages on their site which promised
opposition to such legislation.

Old fashioned paper pamphlets are impossible to retract, but I
personally find the ease with which the Internet facilitates this
Orwellian rewriting of history a bit scary.

The RISK? - not simple disappearance, but the replacement of the real
past with a false one.

Mike Perry <mike_perry@dge.ceo.dg.com>


A risk (or at least a highly undesirable use) of JavaScript

Joe Thompson <joe@orion-com.com>
Fri, 04 Dec 1998 12:44:42 -0500
Today I was browsing the Macintouch web site (http://www.macintouch.com/)
and saw a link to a Wired News article on Virginia's new proposal for
anti-spam legislation.  As a Virginia resident and anti-spam activist,
wanting to know more from having seen bits yesterday, I clicked the link and
got the article at:

http://www.wired.com/news/news/politics/story/16591.html

After reading the article I hit the Back button to go back and finish
today's Macintouch news.  What happened next surprised me: a new browser
opened up and presented me with a survey, unasked-for and certainly unwanted.

Checking through the HTML code of the Wired article, I found the following
lines:

[...]
var MBIstudyUrl = "http://mass.mbinteractive.com/mass/bedemir.dll/"; //this
line will change for final deployment of pages.
[...]

function RDABV(){
[...]
  if(MBIsampledUser && MBIvisitor)
  {
    getSetMBICookie(MBIcookName);
    if (MBIcookie == "") MBIcookie=0;
    window.open(MBIstudyUrl + MBIstudyName + "?Ntc=" + MBIcellVal +
"&Ntookcook=" + MBIcookie , "survey");
    sampledUser = 0;
  }
[...]
}

[...]
http://kensey.home.mindspring.com/


Faulty failure modes

Mike Ellims <mike.ellims@pitechnology.com>
Fri, 4 Dec 1998 17:55:02 -0000
Faulty Failure Modes or It could give you a heart attack.

A couple of nights ago I was talking on the phone to my father (who lives in
Lower Hutt, New Zealand) from here in Cambridge, England when the line went
dead.  When I tried to ring back all I could get was a ringing tone.  Now as
my father had a quad heart bypass operation about four months ago and as far
I could tell (even after ringing British Telecom) that the phone was
working, I rang the police in Lower Hutt and asked to send a car around to
check.  They also attempted to phone and on getting no answer decided to
upgrade the call to 111 (i.e. 911 in the US) and dispatched both a police
car and an ambulance.  My rather amused (and healthy) father was greeted by
two emergency vehicles arriving on his doorstep as was an abused telephone
"engineer" who had the cut the wire carrying our conversation.  The failure
mode is of course that cutting a connection completely make it look as if
someone won't or more importantly can't answer the phone.  All was well
though, as one of the police officers and one of the ambulance crew had been
coached by father at football (soccer in US)...  It's a very small world.

Mike Ellims  Pi Technology <mike.ellims@pitechnology.com>
www.pitechnology.com   +44 (0)1223 441 434


Re: Root login on SecureID server (Dean, RISKS-20.10)

"Jay R. Ashworth" <jra@baylink.com>
Sat, 05 Dec 1998 14:26:40 -0500
No, this one's not Security Dynamics' fault, as you've no doubt found out by
now.  This is a common, and well documented, failure of the NIS client code
for most versions of Unix.  The format of the "send other inquiries to the
NIS server" line in your password file is such that, if NIS isn't running,
you're likely to find yourself logged in as root, unless the administrator
was careful.

I don't remember exactly, it may not be possible to avoid the hole at
all and still have NIS run correctly when it _is_ running; this is in
the Red book, but I haven't read it lately, and it's not handy.


Author response to Slade review of Democracy & Technology

Richard Sclove <resclove@amherst.edu>
Wed, 18 Nov 1998 10:27:57 -0500 (EST)
Response by Richard Sclove to Rob Slade review of _Democracy and
Technology_ in RISKS FORUM (6 November 1998  Volume 20 : Issue 05)

Several fans of my book, _Democracy and Technology_ (New York and London:
Guilford Press, 1995), urged me to reply to Rob Slade's recent review (RISKS
FORUM 6 Nov. 1998).  I thank Rob for taking the trouble to read my book.
It's difficult to respond point by point to his criticisms, because in some
instances these are matters of judgement, and who would be surprised if an
author disagrees with a negative review?  But I'll do what I can within a
limited amount of space.

Rob's principal, repeated complaint is that my empirical examples are
uncompelling and too few in number, and that I provide no convincing
evidence that a democratic politics of technology can actually come about.
I'm surprised, because numerous previous reviewers have found my book's rich
array of empirical cases, and its careful balance of idealism tempered by
realism, precisely its greatest virtue.  One example: Professor Bart Schultz
(University of Chicago), reviewing _Democracy and Technology_ in the journal
_Ethics_ (Jan. 1997), judges that:

     "The great strength of [Sclove's] book is surely in just this
     effort to bring together materials from the United States and
     across the globe, demonstrating how technology can and should be
     democratized.  ... The Amish, the Berger Inquiry over the
     MacKenzie Valley Pipeline (in Canada), different policy
     strategies toward AIDS, the Dutch science shops and Denmark's
     consensus conferences, the Boimondau watchcase factory, the
     Mondragon system, the movement by people with physical
     disabilities for barrier-free design, the mobilization against
     toxic waste by the residents of Woburn, Massachusetts, the
     Chicago Center for Neighborhood Technology, Lucien Kroll's 'Zone
     Sociale' for the Catholic University of Louvain Medical School --
     these are but a few of the cases marshalled to show how realistic
     it is to go beyond conventional economic analysis and unregulated
     markets to make technological development subject to democratic
     design and assessment."

Rob Slade judges the provisional democratic design criteria that I propose
without merit.  His test case is that he finds that military technologies
come up looking democratic using these criteria.  His finding is perplexing.
The first criterion I propose recommends avoiding technologies that support
authoritarian social relations, and other criteria prescribe avoiding
technologies that hinder democratic deliberation or that promote unduly
centralized political power relations.  Now, as my book also observes (on
pp. 22, 232-233), nuclear weapons are associated domestically with highly
centralized, secretive power relations that even circumvent the basic
U.S. constitutional balance of powers (i.e., by allowing the President to
put hundreds of millions of lives at stake without consulting Congress).  On
these grounds, I would judge, contrary to Rob, that nuclear weapons fail
spectacularly to pass muster against the democratic criteria I propose.

A major motivation of my book is to establish the mildly audacious claim
that democratic evaluation should supersede conventional economic analysis
as the principal basis for technological decisions.  (E.g., when fundamental
democratic principles are at stake -- as I show they often are in
technological decisions -- we shouldn't rely in the first instance on a
narrow economic cost-benefit analysis.)  Rob's review complains, however,
that, "Economic theory is not actually challenged in chapter ten [of
Sclove's book].  Instead it is turned into a straw-philosophy. ..."  Gosh,
Rob, isn't it peculiar that trained economists don't seem to read my book
that way at all?  For instance, economics professor Steve Cohn writes in the
_Ecological Economics Bulletin_ (4th Quarter 1997):

     "For economists, the meat of Sclove's theoretical argument is
     contained in Chapter 10, where he challenges the optimality
     conclusions conferred on market outcomes by neoclassical
     economics. ... The book is well worth reading and could easily
     contribute to courses in economics, political science, science
     and technology, and public policy."

Thus here and elsewhere, I find Rob's somewhat ranting style cute and
engaging to read, but also judgementally sloppy, cavalier, and misleading.

On the other hand, I think a weakness in my book (albeit one that neither
Rob nor other reviewers have noted) is that I didn't suggest a specific
institutional means for debating and applying my provisional democratic
design criteria within participatory settings.  I'm currently working on
that task under a grant awarded by the U.S. National Science Foundation and
in collaboration with the Danish Parliament's Board of Technology.  Indeed,
my book is not at all a work in idle scholarship.  The nonprofit Loka
Institute, which I founded over a decade ago, works full-time on trying to
promote a democratic politics of technology in practice, and we've had some
notable successes (e.g., in promoting a worldwide network of centers for
conducting community-based research, and in our introduction into the
U.S. of European-style deliberative citizens' panels on science and
technology policy).  Anyone interested can learn more from Loka's Web page
<www.loka.org> or by subscribing to Loka Alerts, our free, occasional (and
quite popular -- 15,000+ subscribers worldwide) newsletter; just E-mail a
subscription request to <Loka@amherst.edu>.

Stylistically and in the complexity of its argument, my book is pitched
midway between a scholarly work and a popular one.  The result has been that
academic reviewers tend to find it accessible and engaging, while reviewers
in more popular venues often agree with Rob that my book makes considerable
demands upon the reader.

So, is Slade wrong in all his judgments?  Nope, he is entitled to his
opinions--and I agree that a couple of them are on target.  But since
numerous other readers and reviewers have reached rather different
conclusions overall, I hope those curious will read my book and judge for
themselves.  My own view is that while my book is certainly imperfect, it
addresses vitally important questions, and it remains the most comprehensive
and incisive work written on its topic to date.  (I guess I'm not entirely
alone in that opinion; Rob's review neglected to inform RISKS subscribers
that _Democracy and Technology_ received the 1996 Don K.  Price Award of the
American Political Science Association as the "year's best book on science,
technology and politics.")  Thus, my suspicion is that whether one agrees
with it or not, it's hard to read _Democracy and Technology_ and not find
oneself challenged to think about the social and political significance of
technologies in a new, more illuminating way.

Thanks again to Rob Slade and to this forum.

Richard Sclove, Founder & Research Director, The Loka Institute, P.O. Box 355,
Amherst, MA 01004 USA +1-413-559-5860  http://www.loka.org  Loka@amherst.edu

Please report problems with the web pages to the maintainer

Top