The RISKS Digest
Volume 23 Issue 53

Thursday, 16th September 2004

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Two human errors silenced Los Angeles area airports
Ben Moore
Keith Price
Kent Borg
Korean Airport subject to hackers, viruses, worms, etc.
Bob Heuman
Homeland Security Science&Technology BAA and Industry Day
Douglas Maughan
Registration 'nightmare' at UMass
Monty Solomon
Robert Heinlein Does it Again! Re: e-voting
Paul Robinson
E-Voting in Nevada
Electronic voting in Canada
Richard Akerman
Maryland rules against opponents of e-voting machines
Washington State primary and voting machines
Paul A Below
Order of names on electronic ballot
James Meade
Re: Shutting the train door before the commuter has bolted
Nick Brown
Wired: Pentagon revives memory project
Joe Shead
Re: More ID theft, via laptop
F. Barry Mulligan
Updating the Screaming Telephone
Debora Weber-Wulff
Re: German TollCollect System
Debora Weber-Wulff
Re: German unemployment system
Debora Weber-Wulff
Re: U.S. air travel without government identification
Kathy Gill
Info on RISKS (comp.risks)

Two human errors silenced Los Angeles area airports

<"Ben Moore" <>>
Thu, 16 Sep 2004 14:18:11 GMT

[Source: *LA Times* article, 16 Sept 2004, by Ricardo Alonso-Zaldivar, Eric
Malnic and Jennifer Oldham, PGN-ed],1,5928253,print.story

Two separate human errors caused a breakdown in radio communications around
4:30 pm on 14 Sep 2004 that lasted for three hours and brought Southern
California's major airports to a near-stop.  There were at least five
instances in which planes came too close during the first 15 minutes of the
communications breakdown.

The FAA's radio system in Palmdale shut itself down because a technician
failed to reset an internal clock — a routine maintenance procedure
required every 30 days by the FAA.  Then a backup system failed, also as a
result of technician error, officials said.  (The Palmdale radar system did
not shut down.)

FAA officials said they had known for more than a year that a software
glitch could shut down radio communications and were in the process of
fixing it. In the meantime, they required manual resetting of the
communications system — a process they described as similar to rebooting a
personal computer.  The problem so far has been corrected only in Seattle,
one of 21 FAA regional air-traffic control centers that have used the system
since the mid-1990s.  [This is the same problem that was discovered over a
year ago in the Atlanta ATC facility.]

About 30,000 passengers were affected, with 500 or 600 spending the night in
the terminals.  The backlog of incoming flights was not cleared until 3
a.m. Wednesday.  At LAX, 450 flights were diverted or canceled and another
150 were delayed. An additional 32 were canceled Wednesday morning because
the aircraft did not arrive Tuesday night.  Neighboring airports also
experienced significant delays.

Two human errors silenced Los Angeles area airports

<Keith Price <>>
Thu, 16 Sep 2004 09:54:55 -0700 (PDT)

I was struck by the details at the end of the *Los Angeles Times* article
[PGN-ed herewith]:,1,3729661.story

... As originally designed, the VSCS system used computers that ran on Unix.
The VSCS system was built for the FAA by Harris Corp. of Melbourne, Fla., at
a cost of more than $1.5 billion.  When the system was upgraded about a year
ago, the original computers were replaced by Dell computers using Microsoft
software. Baggett said the Microsoft software contained an internal clock
designed to shut the system down after 49.7 days to prevent it from becoming
overloaded with data.  Software analysts say a shutdown mechanism is
preferable to allowing an overloaded system to keep running and potentially
give controllers wrong information about flights.

Richard Riggs, an advisor to the technicians union, said the FAA had been
planning to fix the program for some time. "They should have done it before
they fielded the system," he said.

To prevent a reoccurrence of the problem before the software glitch is
fixed, Laura Brown, an FAA spokeswoman, said the agency plans to install
a system that would issue a warning well before shutdown.

Greg Martin, the chief FAA spokesman in Washington, said the failure was not
an indication of the reliability of the radio communications system itself,
which he described as "nearly perfect."

Two human errors silenced Los Angeles area airports

<Kent Borg <>>
Thu, 16 Sep 2004 10:01:54 -0400

According to a report I heard this morning on KCRW, the system shut itself
down on purpose because it had not received its regular 30-day preventive

At first glance this seems crazy: a nicely functioning system comes to a
halt because some calendar flipped over.  There were several close calls on
Tuesday because a 30-day timer expired.

However, a coworker of mine made a good point on the likely reason the
system designers took the 30-day time period so seriously: Records.  These
systems record radar data and radio transmissions.  After 30-days the tapes
(or whatever they use) are probably full.  That's pretty serious.  It *is* a
safety concern, but probably not something worth halting over.

It is instead a situation to be avoided.  I suggest that several days before
the clock is up the system should complain loudly, and probably complain to
the air traffic controllers who are in a position to notice and to do
something about it.

Were this a modern system (doesn't the FAA periodically try to build a
replacement and fail?) I would suggest that there also be e-mailed warnings,
and that if the limit is reached, the system start overwriting old data
instead of shutting down.  As it is, the system might not be capable of

However, be wary of systems that degrade gracefully, for unless they
inflict some pain in an attempt to right their hurt, they will tend to
always operate in a degraded state.

Korean Airport subject to hackers, viruses, worms, etc.

<"R.S. (Bob) Heuman" <>>
Sun, 05 Sep 2004 02:01:56 -0400

Nothing new, of course. If one is going to share a network with the world,
and have no meaningful controls or security, the result is almost always
going to result in the following type of news item.

Only 7,345 viruses in a day or two? Not all that bad, is it, if they were
all stopped and did no damage, and we do NOT know what was defined as a
virus, nor whether the code was viral, or simply backdoors and other junk.

  South Korea's Incheon International Airport was reported to be highly
  vulnerable to online attacks from hackers and viruses.  Incheon's computer
  network is vulnerable because it's shared by private airlines and tourist
  agencies located in the airport.  The National Intelligence Service said
  in a report that 7,345 computer viruses were detected May 3-4 in 116
  businesses operating within the airport, and that electronic glitches
  could lead to flight crashes or other accidents.  "There is a high
  possibility that Incheon International Airport will be exposed to online
  attacks like computer viruses and direct hacking."  [Source: UPI via
  *Korea Times*, 4 Sep 2004, PGN-ed]

Homeland Security Science&Technology BAA and Industry Day

<"Douglas Maughan" <>>
Wed, 15 Sep 2004 22:17:54 -0400

Cyber attacks are increasing in frequency and impact. These attacks continue
to demonstrate that there are extensive vulnerabilities in information
systems and networks, many with the potential for serious damage.

In an effort to reduce these vulnerabilities, the Department of Homeland
Security's Science and Technology Directorate (DHS S&T) has issued a Broad
Area Announcement (BAA 04-17) [see] for the
research, development, and deployment of technologies to protect our
nation's cyber infrastructure.  DHS S&T intends to evaluate cyber security
technologies for use in operational units within DHS, as well as federal,
state, and local sectors — for the purpose of increased homeland security.
Many of these technologies will address security needs in the larger public
Internet as well.

HSARPA anticipates that up to $4.5M in funding in FY 2004 will be available
for multiple awards via the solicitation, with a total anticipated amount of
$12-15M over the next 36 months. Copies of the BAA may be downloaded from
the FedBizOpps web site at or at The
HSARPA CSRD BAA 04-17 solicits proposals that address at least one of the
seven technical topic areas:

 TTA 1 - Vulnerability Prevention
 TTA 2 - Vulnerability Discovery and Remediation
 TTA 3 - Cyber Security Assessment
 TTA 4 - Security and Trustworthiness for Critical Infrastructure Protection
 TTA 5 - Wireless Security
 TTA 6 - Network Attack Forensics
 TTA 7 - Technologies to Defend against Identity Theft

In addition, HSARPA will hold an Industry Day and Bidders Conference for the
CSRD BAA on September 23rd at the Hilton Crystal City in Arlington,
Virginia.  All interested attendees must register online at or linking

Douglas Maughan, Ph.D., Program Manager, Cyber Security R&D
Department of Homeland Security, Science and Technology Directorate
Homeland Security Advanced Research Projects Agency
1120 Vermont Avenue, NW, 8th Floor, Washington, DC  20528
Phone: 202-254-6145  Fax: 202-254-6170  Cell: 202-360-3170

  [I thought this item would be of interest to many RISKS readers — not
  just those of you who might write proposals, but to the rest of you who
  have a keen sense of the vulnerabilities and threats that desperately need
  to be addressed more systematically.  PGN]

Registration 'nightmare' at UMass

<Monty Solomon <>>
Wed, 15 Sep 2004 00:16:45 -0400

Computer woes keep many students from class sign-up
By Hiawatha Bray, *The Boston Globe*, 14 Sep 2004

For 25,000 students and faculty on the Amherst campus of the University of
Massachusetts, last week's start of the new term was even more hectic than
usual, thanks to a computer malfunction that prevented many students from
signing up for classes.  ...  The university uses software from PeopleSoft
Inc. to manage student registration. During the summer, campus computer
administrators installed the latest version of the software but apparently
something went wrong.

Robert Heinlein Does it Again! (Re: e-voting)

<Paul Robinson <>>
Sat, 28 Aug 2004 21:43:49 GMT

In the 1980s, when it was discovered that the wife of the leader of the free
world was using an astrologer to chart her husband's political career, it
was noted that the exact same practice was predicted by Robert A. Heinlein
in his book, "Stranger in a Strange Land" which was published more than a
generation before the revelations about Nancy Reagan.

Robert Heinlein also showed how you can steal an election without anyone
being the wiser: you use a computer system to count votes, where the
computer system's integrity is trusted and there is no means to provide a
reliable audit trail outside of the computer system.

He wrote about that in "The Moon is a Harsh Mistress" which was first
published in 1966.  And nearly 40 years later, (almost) nobody seems to have
remembered yet another of the late, great Bob Heinlein's prophetic views.

  "The lessons of history teach us — if the lessons of history teach us
  anything — that nobody learns the lessons that history teaches us."

E-Voting in Nevada

<"NewsScan" <>>
Mon, 13 Sep 2004 08:34:11 -0700

Nevada $9.3 million voting system worked well in last week's primary.
California official Marc Carrel, who observed the election, says, "They were
incredibly organized. I think California could pull off a similar election
if we had adequate training and education programs for poll workers and
voters." Printers attached to the systems offer assurances that elections
can be fully audited, and a spokesman for Sen. Dianne Feinstein says, "The
Nevada election demonstrates that you can have efficient electronic voting
machines yet at the same time have a paper trail so voters can be assured
they've voted accurately and their vote is being recorded accurately." But
Georgia elections director Kathy Rogers warns that the printers could have
unintended consequences, allowing unethical poll workers to determine how
individuals voted: "We seem to have traded a secret ballot for this piece of
paper."  [AP/*USA Today*, 13 Sep 2004; NewsScan Daily, 13 Sep 2004]

Electronic voting in Canada

<Richard Akerman <>>
Sun, 12 Sep 2004 15:47:00 -0300 (ADT)

The Chief Election Officer ("CEO") of Ontario has produced a report "Access,
Integrity and Participation: Towards Responsive Electoral Processes for
in which he calls for the examination of "21st century automation" such as
electronic and Internet voting.

I'm not sure what problem they're trying to fix.  Cringely has said "My
model for smart voting is Canada" because of our simple paper-based,
hand-counted system.

Unfortunately, many Canadian elections officials seem determined to bring in
electronic voting technologies anyway.

There has already been Internet voting in Markham Ontario.

New Brunswick's chief electoral officer also is interested in electronic
voting, which has already been tried in Saint John NB.

There doesn't seem to be any organized opposition to electronic voting in

I have written a summary of the current situation in my blog about the
issue, Paper Vote Canada.

(This story has also been submitted to Slashdot.)

Richard Akerman <>

Maryland rules against opponents of e-voting machines

<"NewsScan" <>>
Wed, 15 Sep 2004 07:39:22 -0700

Maryland's highest court has rejected demands to allow citizens who distrust
TouchScreen voting machines to use paper ballots to ensure the paperless
devices are accurate and secure. Ryan Phair, attorney for the defeated
plaintiff group called TrueVoteMD, complains: "We're basically playing
Russian roulette. We know there is vulnerability. It is just a matter of
time until it happens." TrueVoteMD vows to continue its legal battle to
force the state to use printers on electronic machines in future elections.
[AP/*San Jose Mercury News*, 14 Sep 2004; NewsScan Daily, 15 Sep 2004]

Washington State primary and voting machines

<"Below, Paul A" <>>
Wed, 15 Sep 2004 13:24:09 -0400

Washington State was forced to implement a primary that required the voter
to declare a party preference before voting for that party's candidates.  In
addition, the ballot contained a nonpartisan section that all voters were
supposed to be able to use, whether or not they declared a party preference.

News story:

After the machine returned his ballot, a poll supervisor at Hobart Community
Church asked whether he had chosen a political party (he had not) and
whether he had deliberately not chosen a party. His ballot was accepted only
after the supervisor opened the machine and pressed a button overriding its
programming.  "So much for secret ballots," said Sterling, who claims that
yesterday's voting procedures violate the state constitution's guarantee of
"absolute secrecy" in preparing and depositing ballots.  At some King County
polling places, the override button either didn't function properly or
workers didn't know how to use it. Stephen McCloskey watched a frustrated
nonpartisan voter declare a party preference at St.  Anne Church in Seattle
because a poll worker couldn't find any other way to get a machine to accept
the woman's ballot.  When a voting machine wouldn't accept David Miller's
nonpartisan ballot at Crown Lutheran Church in Seattle, a poll worker put
his ballot on the side of the machine to be counted later.  "This leaves my
ballot unprotected for marking at a later time," Miller said.

Order of names on electronic ballot

<"James Meade" <>>
Tue, 14 Sep 2004 12:47:13 -0700

As an IEEE member, I recently received my ballot to vote for various
offices. The paper ballot very carefully says that "The order of candidate
names indicates no preference. Ballots have been prepared so that the order
randomly varies." You then have the option of voting on the paper ballot by
traditional mail or voting electronically. Feeling adventurous, I went the
electronic route and surprise, the electronic ballot has the candidates'
names for each office in alphabetic order.  The risk? The two voting methods
(paper vs electronic) may provide different results, based on the spelling
on the candidates' name. It's well-known that candidates listed at the top
have an advantage over those listed further down. If my name were John
Adams, I'd be pushing for people to vote electronically.  Jim Meade /
Systems Engineer

Re: Shutting the train door before the commuter has bolted (R-23.52)

<Nick Brown <>>
Fri, 10 Sep 2004 18:16:00 +0200

Standard GPS is nowhere near accurate enough for this sort of application.

It's possible that the designers assumed that they would be able to use
EGNOS-enhanced GPS signals, which will give 1-2 metre accuracy, but at the
time of writing, I don't think that the UK falls within the footprint of any
EGNOS-transmitting satellite, due to a combination of EGNOS system
implementation delays and a satellite launch problem (both well-known RISKs,
of course).

The discussion as to whether or not a system with even this degree of
accuracy, and the complexity of manual override described, is a good idea,
is of course still equally valid.

Wired: Pentagon revives memory project

<"Joe Shead" <>>
Mon, 13 Sep 2004 13:08:50 -0500

The Department of Defense is handing out contracts for a project to record
what soldiers see and do in battle zones. The new initiative closely
resembles another, called LifeLog, that the Pentagon scrapped months ago. article by Noah Shachtman:,1848,64911,00.html?tw=wn_story_mailer

Re: More ID theft, via laptop (Lesher, RISKS-23.52)

<"F. Barry Mulligan" <>>
Fri, 10 Sep 2004 23:35:59 -0400

When the Red Cross started asking for SSN, long before identity theft and
data mining hit the popular lexicon, I refused and they just assigned an
in-house number. What I remember is the nurse's immediate response: "Do you
work for IBM?". When queried, she said that at blood drives at the IBM
division headquarters none of the engineers and programmers would give their
SSNs. When I suggested that perhaps they knew something she didn't, she
acquired a rather thoughtful expression that lasted through the rest of the

Updating the Screaming Telephone (DWW, RISKS-23.51)

<Debora Weber-Wulff <>>
Fri, 10 Sep 2004 16:29:13 +0200

I reported in RISKS-23.51 on the Siemens 65 family of mobile phones that
suffer from, if you will, terminal screaming (a painfully loud sound when
the battery is empty).

Siemens rushed to put an update on its site, bringing down the wrath of many
mobile phone providers who had had to pull the phones off their shelves and
had not yet tested the update. They forced Siemens to remove not just the
link but also the files until they were happy with the fix.

On 9 Sep 2004, Siemens blanketed the print media with a very unconventional
ad [2] - "Oops, that was our moose test" (DaimlerBenz had some problems 1997
with tests they performed on their A-class cars [1] - when doing the 'moose
test', i. e. swerving to miss a big thing in the middle of the road, the
cars had an annoying tendency to flip over).

In a very friendly, humorous but rueful tone the ad describes the "little
technical problem" that is "extremely seldom", but we owe it to our
customers etc.  who expect quality products etc. etc. It then goes on: "We
have learned that nobody is perfect. But one can learn from errors, and
react honestly, openly, and fairly." [translations dww]

This is an amazingly open ad from a company that prefers rather cool, calm,
and collected, buttoned-up ads. So even with the technical problems the
company has had, they seem to have hired some good spin doctors.

The software update is at [3] - there are *10* different versions, one for
each type of mobile phone. Wouldn't it make business sense to have just one
sort of basic kind of program that was modular and would work on all of the
different kinds of phone?


Prof. Dr. Debora Weber-Wulff, FHTW Berlin, FB 4, Treskowallee 8, 10313 Berlin

Re: German TollCollect System (DWW, RISKS-23.51)

<Debora Weber-Wulff <>>
Fri, 10 Sep 2004 17:04:13 +0200

The woes of the German TollCollect (RISKS-23.51) continue as the German
government sues the consortium of Telekom and DaimlerChrysler to the tune of
4.5 billion Euros for damages arising because the toll system, which was
supposed to start in August 2003, has now slipped to January 2005. The
consortium vigorously denies needing to pay anything.

The *Berliner Zeitung* from 10 Sep 2004 quotes an internal report by
DaimlerChrysler that states "The possibility of a late deployment was clear
from the very beginning."  These are normal, well-known "risks for the
project development and project implementation". So we don't know how to do
it any better?

The article goes on to report that both the German transport ministry and
TollCollect now no longer doubt the technical feasibility of the system. (If
they did have doubts, why were they building such a complicated and
expensive system with tax dollars in the first place?!).

The reliability testing is now said to be at 99% (up from 97% 2 weeks ago,
if this is indeed based on a test and not on a reporter's
exaggeration). There need to be about 500 000 OBU (On Board Units) installed
on trucks by the beginning of next year. Two weeks ago we had 37000 reported
installed, now we have 45000 units reported installed. There are 15 more
weeks in the year, so if they continue at this rate they will only have to
put in about 280 000 units between Christmas and New Year's to have a
functioning system....

Prof. Dr. Debora Weber-Wulff, FHTW Berlin, FB 4, Treskowallee 8, 10313 Berlin

Re: German unemployment system

<Debora Weber-Wulff <>>
Tue, 14 Sep 2004 08:51:42 +0200

Germany seems to be a hotbed of stuff like this at the moment.  There is a
monstrous disaster brewing over the new unemployment system. At the rate at
which the politicians are assuring people that everything will work just
fine on 1 Jan 2005, I am sure that it will be in the class of the toll
collect woes. This one might just bring down the government, though, because
the mob is angry.  And if they don't get their unemployment checks cut on
time, there will be hell to pay....

Re: U.S. air travel without government identification

<kathy gill <>>
Tue, 14 Sep 2004 16:45:34 -0700

In response to Dan's story about air travel without an ID - here is a
similar one originating in Seattle.

Last September (2003), my SO and I were flying from SEA to Charlotte NC
where we planned to pick up a car and drive down to Georgia. When we were
about 15 minutes from SeaTac — and 20 minutes from home with a little more
than an hour before our flight — Mike realized he had left his wallet at
home. We ride motorcycles, and he had put his wallet in his gear because he
needed to buy gas. He forgot to put it back in his pants.

I phoned the airline, even though we knew we'd never make it if we drove
home, got the wallet, and returned — unless the plane was running late (an
unusual occurrence for a red-eye flight). The person on the other end
(United) said that the decision to let him fly or ground him would be made
by both the check-in desk and security: in other words, two gauntlets.

He did have his Microsoft photoID, because he wears it on a retractable clip
and it lives on his pants. Unlike Dan, Mike had NO ID other than his MSFT
badge — no credit cards, no SS card, not even a business card.
Fortunately, I'd made the flight arrangements (and had ID and CC) and we had
our boarding passes, which were printed at home.

Like Dan, Mike was shuttled through a more invasive security check in.
"No ID?" was the question that greeted him as well. No other questions,
even though he sports a ponytail.

We had a friend overnight mail the wallet (yeah FedX) the next day, because
we were to be gone for a week, and we didn't want to chance his not being
able to fly out of Charlotte. And yes, there were risks, there, too, but at
the time, we thought they were the lesser of the two sets.

Kathy E. Gill, Department of Communication, University of Washington

Please report problems with the web pages to the maintainer