The RISKS Digest
Volume 4 Issue 22

Tuesday, 2nd December 1986

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


More Air Traffic Control Near-Collisions
Re: satellite interference
Jerome H. Saltzer
"Welcome to the .......... system": An invitation?
Bruce N. Baker
Replicability; econometrics
Charles Hedrick
Re: Risks of computer modeling
John Gilmore
Computerized weather models
Amos Shapir
Active control of skyscrapers
Warwick Bolam
Privacy in the office
Paul Czarnecki
Kremlin is purging dimwitted scientists
Matthew P Wiener; also in ARMS-D
Info on RISKS (comp.risks)

More Air Traffic Control Near-Collisions

Peter G. Neumann <Neumann@CSL.SRI.COM>
Tue 2 Dec 86 10:08:05-PST
  Chicago (UPI) 2 Dec 1986

  Two passenger jetliners on their landing approaches nearly collided with
  small planes in separate incidents here yesterday, the Federal Aviation
  Administration said.  The near-collisions, which occurred within 29 minutes
  of each other, involved a Midway Airlines DC-9 with 90 people aboard,
  arriving from Philadelphia, and a United Airlines Boeing 727 with 128 people,
  en route from Baltimore.  FAA spokesman Mort Edelstein said that the United
  pilot reported passing within 500 feet laterally of a twin-engine Beechcraft
  90 about 28 miles southeast of O'Hare International Airport at 7:41 a.m.
  The pilot made a sharp left turn to avoid the smaller aircraft, he said.
  According to Edelstein, a preliminary inquiry found that the smaller plane
  had a defective transponder that was transmitting inaccurate data on the
  plane's altitude to air traffic controllers in Aurora, west of Chicago.
           [The second incident was less close, and no explanation was given.] 

The problem of an accidentally malfunctioning transponder is in many ways
equivalent to that of an intentionally malfunctioning transponder — either
one that has been purposely sabotaged in an attempt to jeopardize the plane
or one that has been altered "constructively" in an attempt to hide the true
altitude of the plane.  In all of these cases, the ATC system implicitly
trusts the authenticity and accuracy of the transponders with which it
communicates — if such a transponder exists at all in a private plane.

Re: satellite interference

Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Mon, 1 Dec 86 23:37:50 EST
About a month ago, Richard Wexelblat reported to RISKS that satellite
delivery of the Headline News Network to his location was disrupted for a
short time by an interfering signal whose picture wasn't intelligible but
whose sound seemed to be advertising satellite decoders.  In contrast with
the Captain Midnight attack on HBO, no big follow-up story appeared in
Newsweek and Time magazines.

My contact at the F.C.C. tells me that there are typically a couple of
incidents like this every day.  The primary problem is not malicious attacks
by a Captain Midnight.  It is simple screwups by uplink operators who forget
to throw switches, who set wrong channel numbers in their transmitters, who
aim their dishes at the wrong satellite, or who run automatically programmed
switching sequences that were intended for yesterday or tomorrow rather than

The reported audio content sounds suspicious, but it turns out that a
scrambled video service usually has an unscrambled audio channel
accompanying it that explains how to obtain a decoder and subscribe to the
service.  The audio that goes with the picture is buried somewhere else in
the channel.

F.C.C. technicians have proposed to tackle the operator screwup problem by
requiring that uplink transmitters place encoded call letters in the
vertical retrace interval of their transmitted waveforms.  Then at least
someone who is being interfered with can quickly figure out which of the
1200 licensed uplink transmitters is muddled up and get the operator there
on the phone quickly.  That solution doesn't eliminate intentional attacks
by someone who knows how to forge the unique id, but from the F.C.C.'s point
of view it will solve 99.9% of the problem they face.  As for malicious
cases, detective work and $10,000 fines may help keep things under control.

Although the technology is different, don't the problem and the proposed
solution both sound quite familiar to the regular reader of RISKS?


"Welcome to the .......... system": An invitation?

Bruce N. Baker <BNBaker@SRI-STRIPE.ARPA>
Tue 2 Dec 86 10:35:05-PST
At a local chapter meeting of the Information Systems Security Association,
a representative of VM Software Inc. told a story about a Massachusetts 
financial institution that had attempted to prosecute a hacker who had
penetrated their system.  The defense lawyer argued that the system had a 
greeting that welcomed people to the system and that was tantamount to
welcoming someone into your home (Goodbye, Welcome mats?).

The judge threw out the case accepting the arguments of the defense.

I have attempted to track down the authenticity of the story through the
VM Software rep but he will not divulge the name of the company.

Attempts to track it down through the law firm of Gaston Snow & Ely Bartlett 
in Boston revealed no records of such a case.

Obviously, if there was such a case it has implications to the wording of the
Welcome banner on any system.

Can anyone provide a better lead or lend credence to the story?

Replicability; econometrics (Re: RISKS-4.21)

Charles Hedrick <>
Mon, 1 Dec 86 12:13:24 est
I have had a long-term concern with replicability of scientific experiments.
It does not appear that this concern is shared outside of certain physical
sciences.  When I was a grad student, I published an article in the American
Economic Review (the economic equivalent of CACM).  In order to allow
replicability, I included the actual data, together with the details on how
I had adjusted the raw data series (something which has to be done because
the agencies change definitions every few years).  The data was small
compared to the size of the article.  It was cut for space reasons.  My
article itself was a replication of an empirical study done some years ago.
It covered a period when the economy had behaved very differently.  It came
to the same conclusions.  The original study had been very careful about
econometric validity.  It is possible to do valid work in econometrics.  It
is also possible to duplicate carefully done work.  [I think these comments
are important because they show that econometrics is not necessarily voodoo.
What we need are professional standards to help us separate the good work
from the bad.]

Similar problems occur in computer science.  Several years ago, one of our
grad students attempted to duplicate the results of researchers in one area
of AI.  He was trying to do research into what actually causes success in
rule-based systems.  He ran into serious problems with another research
group, which went beyond simply refusing to give data.  I think our department 
would prefer for me not to give any more details.  But he concluded that
such work was impossible in the particular area with which he was involved.

In my opinion, anyone who publishes empirical claims in a scientific
journal should be required to give people access to the data needed to
replicate it or do further analysis of its model.  I have been unable
figure out what to do to try to make that happen.

By the way, I have a related Risk to describe.  As I mentioned above, in
econometrics one normally has to twiddle with the basic data series in order
to get useful numbers.  I am now a computing manager.  I find that our users
expect to have access to various commercially-prepared econometric data series.
As far as I can see, all that is there is a bunch of numbers and a one-line
description of what it is.  When I was doing work in the area, I would have
wanted to know a lot more about how the numbers had been prepared.  I'm
hoping there is some sort of hardcopy document available to users of the
databases, but I'd bet even if there is, a lot of our users never see it.

Re: Risks of computer modeling

John Gilmore <hoptoad!gnu@lll-crg.ARPA>
Tue, 2 Dec 86 05:39:29 PST
> Is the problem restricted to econometrics, or is the abuse of computer
> modeling widespread?

It is widespread.

One friend of mine has done extensive work in "decision analysis" systems,
with clients in the military, Bell System, etc.  I did some programming on
such a system for him while he was at SRI.  When looked at from the inside,
it is obvious that such a system will give you back exactly the answers that
you fed it as input, since most of the input data is "How important is this?
How important is that?".  But people will believe it because a computer
model said so, while if *you* told them that the widget acceptance ratio was
33% if priced at this level, they would ask you why.  They didn't get to ask
when you typed it in.

Another friend works for the World Bank in Washington, DC.  She has done a
lot of proposals and evaluations around funding of transportation projects
in third world countries.  I remember helping her get some of her modeling
programs right.  Her approach was always to figure out what the data
"means", in other words, what result she wanted, and then juggle the numbers
and equations until she could "prove" it.

I don't think that abuse of modeling is restricted to computer models, or
even that it is more prevalent with computer models.  In all disciplines,
experienced people with a feel for things figure out what is going on and
proceed from there.  If somebody wants better justification, they have to
cook one up, but don't mistake the source of the estimate:  the human mind,
not the later model.

Cf. ``How to Lie with Figures''.  Don't have the citation but it's a standard
work.  Maybe it needs an update to deal with new techniques.

Computerized weather models

Amos Shapir <nsc!nsta!instable.ether!amos@decwrl.DEC.COM>
1 Dec 86 10:02:31 GMT
About weather models: they are one of the few accurate forecasting models
possible; the only trouble is that the required answers, e.g. 'will it rain
on the game tomorrow?' are much more detailed than the base data (typically
a 3-6 hourly surface report from stations 50 miles apart). Besides, until
Crays came along, it was almost impossible to do it in real time.

Amos Shapir, National Semiconductor (Israel)
6 Maskit st. P.O.B. 3007, Herzlia 46104, Israel 
(011-972) 52-522261  amos%nsta@nsc 34.48'E 32.10'N

Active control of skyscrapers

Warwick Bolam <munnari!goanna.oz!wjb@seismo.CSS.GOV>
Mon, 1 Dec 86 14:05:28 EST
> Date: Wed, 26 Nov 86 13:32:05 EST
> From: "Kim P. Collins" <kpc%duke.csnet@RELAY.CS.NET>
> Subject: Very Brief Comments on the Current Issues
> New subject
>   Any comments on active vs. passive control structures?  For instance,
>   having a skyscraper that has flexible material so that in high winds
>   it bends and does not fail, VS having a skyscraper that has guy wires
>   connected to winches that are controlled by a computer that tests wind
>   velocities, etc.

There already exist active control systems for skyscrapers that
use a huge mass, that is "pushed around" by computer controlled
equipment to stabilise the building.  I'm afraid I have no
reference to this.  I saw it on TV.

Warwick Bolam

UUCP:  seismo!munnari!goanna.oz!wjb     ARPA: munnari!goanna.oz!wjb@SEISMO.ARPA

Privacy in the office

Paul Czarnecki <harvard!munsell!pac@seismo.CSS.GOV>
2 Dec 86 16:19:49 GMT
There is an interesting article in the November/December 1986 issue of
Technology Review that I though may be of interest to RISKS readers.
The title is "Monitoring on the Job: How to Protect Privacy as Well as
Property." The authors are Gary T. Marx and Sanford Sherizen.

The article discusses how surveillance technology is used in the modern
office environment.  Everything from video cameras in the parking lot to
private data on corporate machines is discussed.  Although much of the
technology is not computer related, some of it is.

I thought the article was interesting overview of some of the issues
involved with technology and privacy.  It was not as in-depth as I
would have liked, but good anyhow.

                Paul Czarnecki — Eikonix, Corp. — Bedford, MA

!!! Kremlin is purging dimwitted scientists !!!

M P Wiener <>
Mon, 1 Dec 86 01:31:38 PST
The following is shamelessly stolen from the 2 Dec 1986 edition of the
WEEKLY WORLD NEWS.  (You couldn't have missed that issue while shopping:
it had the banner headlines about the five-week long pregnancy [Bulgarian
natch] and a recipe for cooking Thanksgiving turkeys in the dishwasher.)
 -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
    << Lame-brained Russians try to fix computer — with a hammer <>

    !!!  Kremlin is purging dimwitted scientists      !!!

    Soviet official launched a massive investigation into the training
  of technical personnel after a repairman tried to fix a sophisticated
  missile guidance system with a hammer, a screwdriver and an oil can.
    A recent East German defector, Dr. Hermann Franz, blew the lid off
  the shameful state of Soviet technical know-how in a scathing letter
  to top science journals upon his arrival in the West.
    The computer scientist, who is now living in France, claims there
  is a very real danger that a poorly-trained Russian technician might
  accidently start World War 3.
    ``The repairman with the oil can is a glaring example of their in-
  eptitude,'' said the expert.  ``He was assigned to one of the most
  sensitive missile bases in the U.S.S.R.
    ``And yet, when he was called on to repair a circuit problem in a
  computer console, he showed up with carpenter's tools.
    ``First he walked over and kicked it.  Then he said, `Something is
  stuck.'  I thought he was joking until he started squirting oil and
  blew every circuit in the control center.
    ``It took six weeks to repair the damage — six weeks to do a job
  that qualified technicians could have done in a matter of days.''
    Horrifyingly, the missile base near the foot of Ural Mountains is
  armed with some of the Soviet Union's most powerful intercontinental
  missiles and nuclear warheads, Dr. Franz said.
    A Soviet Air Force spokesman angrily denied the allegations, call-
  ing Soviet technicians ``the finest in the world.''
    One highly-placed military source conceded that Soviet training
  programs are being investigated.  But he insisted that the investi-
  gation was routine.
    Meanwhile, Dr. Franz has called on Western politicians and scien-
  tists to pressure the Soviets into monitoring the work of their tech-
  nicians more closely.
    ``The specter of nuclear holocaust is frightening enough,'' he
  said, ``without having to worry about some dimwit starting the war
  that would kill us all.''
                                  — Derek Clontz
 -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
I don't quite follow the logic of that last quotation.  Personally I'm
more worried about some of the "dimwits" at the other end of the nuclear
chain of command.

I have two questions:

Q1) Can anyone identify a quote top science journal unquote that is pub-
lishing Dr Franz' letter?  (Heck, while we're on a roll, can anyone con-
firm the "Clark Gable's our god, says lost island tribe" story?)

Q2) What is known/believed about Soviet failsafe mechanisms?

ucbvax!brahms!weemba    Matthew P Wiener/UCB Math Dept/Berkeley CA 94720

Please report problems with the web pages to the maintainer