The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 57

Wednesday 23 October 2013


Wall Street software failure & relationship to voting
Jeremy Epstein
SecureDrop Project Will Pay To Install Media Outlets' WikiLeaks-Style Submission Systems
Andy Greenberg via Gabe Goldberg
Authors Accept Censors' Rules to Sell in China
Andrew Jacobs via Lauren Weinstein
MIT Tech Review: The Decline of Wikipedia
Tom Simonite via Lauren Weinstein
`Hacker' --> `criminality' ???
Robert Schaefer
Re: France summons US ambassador to answer allegations of widespread NSA surveillance
Richard A. O'Keefe
Re: Americans Are Way Behind in Math, Vocabulary, and Technology
Richard S. Russell
Re: GPS map leads to border crossing and shooting
Scott Nicol
Unauthorized Access: The Crisis in Online Privacy and Security, by Sloan and Warner
Info on RISKS (comp.risks)

Wall Street software failure & relationship to voting

Jeremy Epstein <>
Wed, 23 Oct 2013 21:51:42 -0400
  [Also posted to Freedom to Tinker, slightly PGN-ed for RISKS.]

An article in *The Register* explains what happened in the 1 Aug 2012 Wall
Street glitch that cost Knight Capital $440M, resulted in a $12M fine, and
nearly bankrupted Knight Capital (forcing them to merge with someone
else).  In short, there were 8 servers that handled trades; 7 of them were
correctly upgraded with new software, but the 8th was not.  A particular
type of transaction triggered the updated code, which worked properly on the
upgraded servers.  On the non-upgraded server, the transaction triggered an
obsolete piece of software, which behaved altogether differently.  The
result was large numbers of incorrect "buy" transactions.

The bottom line is that the cause of the failure was lack of careful
procedures in how the software was deployed, coupled with a poor design
choice that allowed a new feature to reuse a previously used obsolete
option, which meant that the trigger caused an unanticipated result (instead
of being ignored of causing an error).

So, what does this have to do voting?  It's not hard to imagine an Internet
voting scheme using 8 servers, and even if the software doesn't have
security flaws per se, a botched upgrade like this might work just fine for
7/8 of the voters, and silently fail for the 1/8.  If the procedures aren't
in place to check all of the systems (and such procedures apparently didn't
exist at Knight Capital), a functional check might not detect a mismatch.

This experience emphasizes that proper operation isn't *just* having the
software itself being built correctly—it's also having it fielded
properly.  In a way, this is similar to the DC Internet voting experiment --
in that case, there was a bug in the software, but that particular bug
wouldn't have been exploitable if it hadn't been for a mistake in how the
software was fielded, replacing one version of a software library with a
different version that had an exploitable bug.  [This is not to suggest that
this was the only bug in the DC voting software, or that Internet voting is
safe, just tying to the particular exploit that happened.]


SecureDrop Project Will Pay To Install Media Outlets' WikiLeaks-Style Submission Systems (Andy Greenberg)

Gabe Goldberg <>
Wed, 23 Oct 2013 12:01:20 -0400
Andy Greenberg, *Forbes*, 15 Oct 2013

The non-profit Freedom of the Press Foundation (FPF) announced the launch of
SecureDrop, a piece of open-source software designed to serve as an
anonymous submission systems for media organizations. And to encourage news
outlets to install it, the Foundation has offered to send one of
SecureDrop's creators, security consultant James Dolan, to willing news
outlets to help install it, in some cases even paying for the necessary

SecureDrop, which like WikiLeaks depends on the anonymity software Tor to
hide leakers' identities, was developed from the open-source software
DeadDrop, initially created by the late coder and activist Aaron Swartz
along with Dolan and Wired editor Kevin Poulsen.

Authors Accept Censors' Rules to Sell in China (Andrew Jacobs)

Lauren Weinstein <>
Tue, 22 Oct 2013 21:58:40 -0700
  "Foreign writers who agree to submit their books to China's fickle
  censorship regime say the experience can be frustrating. Qiu Xiaolong, a
  St. Louis-based novelist whose mystery thrillers are set in Shanghai, said
  Chinese publishers who bought the first three books in his Inspector Chen
  series altered the identity of pivotal characters and rewrote plot lines
  they deemed unflattering to the Communist Party. Most egregiously, he
  said, publishers insisted on removing any references to Shanghai,
  replacing it with an imaginary Chinese metropolis called H city because
  they thought an association with violent crime, albeit fictional, might
  tarnish the city's image."  (New York Times via NNSquad)

    [The article also notes the extensive redaction of a biography of
    reformist leader Deng Xiaoping written by Ezra F. Vogel.  I presume
    this issue of RISKS will also be censored or redacted in China. PGN]

MIT Tech Review: The Decline of Wikipedia (Tom Simonite)

Lauren Weinstein <>
Tue, 22 Oct 2013 22:22:59 -0700
  "Yet Wikipedia and its stated ambition to "compile the sum of all human
  knowledge" are in trouble. The volunteer workforce that built the
  project's flagship, the English-language Wikipedia-and must defend it
  against vandalism, hoaxes, and manipulation-has shrunk by more than a
  third since 2007 and is still shrinking. Those participants left seem
  incapable of fixing the flaws that keep Wikipedia from becoming a
  high-quality encyclopedia by any standard, including the project's
  own. Among the significant problems that aren't getting resolved is the
  site's skewed coverage: its entries on Pokemon and female porn stars are
  comprehensive, but its pages on female novelists or places in sub-Saharan
  Africa are sketchy. Authoritative entries remain elusive. Of the 1,000
  articles that the project's own volunteers have tagged as forming the core
  of a good encyclopedia, most don't earn even Wikipedia's own
  middle-ranking quality scores.  The main source of those problems is not
  mysterious. The loose collective running the site today, estimated to be
  90 percent male, operates a crushing bureaucracy with an often abrasive
  atmosphere that deters newcomers who might increase participation in
  Wikipedia and broaden its coverage."  (MIT via NNSquad)

`Hacker' --> `criminality' ???

Robert Schaefer <>
Tue, 22 Oct 2013 13:32:54 -0400
In the eyes of the court, calling yourself a hacker is equivalent to
admitting criminality:

robert schaefer, Atmospheric Sciences Group, MIT Haystack Observatory
Westford, MA 01886 781-981-5767

Re: France summons US ambassador to answer allegations of widespread NSA surveillance

"Richard A. O'Keefe" <>
Wed, 23 Oct 2013 18:18:14 +1300 tells us that the French
government are unhappy about the NSA.  Let's see where the logic takes us.

1. Blowing up a vehicle in a foreign city and killing an unarmed civilian is
   a terrorist act.

2. An organisation that trains, equips, and commands such an act is a
   terrorist organisation.

3. Anyone who contributes to the funding of such an organisation is
   supporting a terrorist organisation.

4. Anyone who supports a terrorist organisation is a legitimate target of
   surveillance in the war against terror.

5. In 1985, the French government carried out such a terrorist act in the
   largest city of my country.

6. Therefore every French taxpayer is a legitimate target of surveillance
   and the French government have no grounds for complaint.

Of *course* there are flaws in this (except for 5, which is a legally
established fact).  But it's frighteningly plausible if you don't stop
to think.  And it's exactly the kind of "reasoning" that is easy to
embody in computer software.  (Maybe I should have written these claims
using OWL...)  Is there anyone, other perhaps than the inhabitants of a
few villages in PNG and Vanuatu, that we _can't_ cover this way?

Re: Americans Are Way Behind in Math, Vocabulary, and Technology (Davidson, RISKS-27.56)

"Richard S. Russell" <>
Mon, 21 Oct 2013 22:08:47 -0500
If American kids had to take their reading and writing tests in Spanish
rather than English, we wouldn't expect them to do very well, since Spanish
isn't the first language for most of them.

Yet we expect them to take science and math tests which are written using
metric units—the international "language" of technology. And we SHOULD
expect this! The sad part is that, while metric units are the first language
of measurement for 95% of the world's population, they remain a foreign
tongue to almost every American, with commensurate results.

Ben Franklin advocated the metric system. Congress adopted the Metric
Conversion Act of 1975, and it looked as if we were finally on our way.  But
then Ronald Reagan was elected president, took the solar panels off the
White House roof, and declared that there was no way any government
reporting to him was going to dictate measurement rules to business.  "Let
the free market decide", he insisted. And metrication came to a dead halt.

We continue to pay the price today, not only in substandard education but
also in failure to manufacture to the kind of international standards that
might earn us foreign markets. Plus which, ACHU* makes us dumber, almost as
if we had to do all our math using Roman numerals.

  * Accidental Collection of Heterogeneous Units—don't mislabel it the
  "English system". First off, it's not a system (no design), it's an
  accident.  2nd, the English have come to their senses and metricated
  decades ago. And for gosh sake don't call it the "American system",
  because then all the super-patriots will insist that it's a matter of
  national honor to stick to it.

Richard S. Russell, 2642 Kendall Av. #2, Madison WI 53705-3736 608+233-5640  If God had wanted us to use the
metric system, he would have given us 10 fingers.  Ashleigh Brilliant

Re: GPS map leads to border crossing and shooting (DeRobertis, RISKS-27.56)

Scott Nicol <>
Tue, 22 Oct 2013 10:53:33 -0400
In RISKS-27.56, Anthony DeRobertis writes:

> This is the most misleading Subject: line I can remember having appeared in

Hyperbole in RISKS subject lines? Inconceivable!

I cross borders often and it is never routine. I've been "delayed" 6 times
(that I recall) at the US/Canada border, even though I had my papers in
order. Some of those were probably due to fitting a profile, other times
because I won the let's-randomly-check-somebody lottery. If you come
without papers, you've won the lottery by default. Anything can happen once
they pull you aside and start digging.

The border crossing guard won't likely take your story at face value. Even
between friendly nations like Canada and the US, there are plenty of things
that could result in something much more serious than a delay when crossing
the border.

You look Mexican. Your last name is Mohammed. You look like a terrorist.
You don't sound or look like a Canadian. You are not a Canadian citizen,
where's your US visitor visa?

Or you have kids in your car. Where is the other parent? Why does that kid
not look like you? Is that baby really yours?

Perhaps you're carrying contraband? Cuban cigars? Kinder Eggs?

Drugs? Some medications with codeine are available over the counter in
Canada, but only legal with a prescription in the US. You are carrying
marijuana, or your buddy in the passenger seat is, or a friend stuffed some
under a seat cushion last week. The US will seize your car on the spot, but
you don't have to worry about transportation because you'll get a free ride
in the back seat of a government car.

You have a prior criminal record. You have been barred from entering the
US. You have a warrant in the US. You have too much beer in the trunk of
your car.

Regardless if they let you through or turn you around, you'll have to go
through customs on return to Canada and you can run into the same set of
problems, and even more because there are legal reasons why you may not be
allowed to leave (you are out on bail, probation, parole) or return
(single-entry visa) to Canada.

And yes turning around means going through Canadian customs, because the US
customs house is on US soil. What could possibly go wrong? What if you
aren't admissible to Canada or the US? How do you think people get stuck in
limbo in airport terminals?

Unauthorized Access: The Crisis in Online Privacy and Security (Sloan and Warner)

"Peter G. Neumann" <>
Tue, 22 Oct 2013 16:42:07 PDT
Robert H. Sloan and Richard Warner
Unauthorized Access: The Crisis in Online Privacy and Security
CRC Press, 2014

Robert Sloan is a professor of computer science, and Richard Warner is a law
professor, which would seem to make a nice collaboration.  However, this
book is explicitly aimed primarily at legal and policy folks, rather than
techies.  The back jacket says that this book “proposes specific solutions
to public policy issues pertaining to online privacy and security.''  It is
highly readable, and could be very helpful for those who are not yet aware
of the serious issues it raises and the remedies it proposes.

On the other hand, it seems much less specific in discussing the
implications of many of the security problems (such as pervasive
vulnerabilities and exploits) whose existence might make some of the legal
and policy issues less effective, or whose remediation might possibly make
the recommended fixes less necessary.  Also, there seem to be many inherent
weaknesses in best practices (not just in those proposed), as well as likely
limitations in legal remedies that might still exist despite the authors'
recommendations.  A second edition might dig further into some of these
additional considerations.  However, their recommendations certainly deserve
serious consideration—especially given the poor state of the technology
for security, integrity, reliability, and so on.  Overall, policy and law
are important—if properly enforced.  At the same time, they are not
enough by themselves—especially in the absence of meaningful
trustworthiness of systems, networks, and people.

I have a few quibbles with the title of the book that may be familiar to
long-time RISKS readers, first with `Unauthorized Access', and second with
`Online Privacy and Security'.  As we should learn from studying exploits
such as the Internet Worm and the Snowden affair, many of our problems in
this area involve Authorized Access rather than Unauthorized Access,
especially relating to policies, ethics, and the law.  For example, as I
noted in RISKS-12.15 relating to the Internet Worm, no authorization was
required to exploit the sendmail debug option, the finger daemon buffer
overflow, freely open-to-the-world .rhosts files, and explicitly readable
encrypted password files.  This fact seriously muddied the waters in a
prosecution that was based on Exceeding Authority when no authority was
actually required.  Similarly, denial-of-service attacks frequently require
no authority, even when they manage to exploit fundamental flaws in
security.  Worse yet, privacy violations often exist outside the purview of
computer system authentication and access controls, in which case it is not
at all clear what is actually `unauthorized' once the information involved
has become extrinsic to the systems in which it originated.  Thus, offline
privacy is perhaps just at least as problematic as online privacy, while
offline security seems to be more of a fantasy.  Besides, as I noted in my
Inside Risks column, The Foresight Saga, Redux (Comm.ACM 55, 10, Oct 2012,, although the best may be the
enemy of the good, the good may not be good enough.

Please report problems with the web pages to the maintainer