The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 4 Issue 51

Tuesday, 24 February 1987


o HiTech version of NixonTapes
Pete Lee
o Re: Automatic Call Tracing for Emergency Services
Lee Naish
o Air Traffic Control, Auto-Land
Matthew Machlis
o Electronic steering
Spencer W. Thomas
excerpt from William Swan
o Hurricane Iwa and the Hawaii blackout of 1984
Bob Cunningham responding to James Burke
via Matthew P Wiener
o Summary of a Talk by SANFORD (SANDY) SHERIZEN on Computer Crime
Eugene Miya
o Info on RISKS (comp.risks)

HiTech version of NixonTapes

Pete Lee <>
Tue, 24 Feb 87 15:17:19 GMT
This originated in New England, not Old England ... and is from the
Boston Sunday Globe, 22 February 1987, editorial page.

                    WHAT THE COMPUTER KNEW

    The Reagan presidency may become the first to be done in by a
computer.  While legislators, investigators and reporters go sniffing
down the money trail, trying to track the flow of funds from Tehran to
Geneva to Honduras, an electronic archive in the White House has been 
leaking the most embarrassing facts to the Tower Commission.

    It is an irony of the computer age that an administration 
obsessed with secrecy allowed many of its secrets to be saved in an 
electronic memory bank.  All the computer messages Oliver North and his 
collaborators in covert action sent each other since Nov. 8 have been 

    A nonpartisan system of software is now telling the Tower 
commission not only about the hardware sent to Ayatollah Khomeini, but
also abut frantic White House efforts to save the president from scandal.
The backup system for the White House computer reportedly shows that the
president's men tried to alter the history of what they did in order to
distance Reagan from his ill-considered policies.

    The computer messages are being compared to the tape recordings
of Richard Nixon.  If they demonstrate a White House attempt to design a 
cover-up, they may play the role of the Nixon tapes in the Watergate 

    Messages indicating that North passed military intelligence to
Tehran, for use in Khomeini's destabilizing war against Iraq, suggest
that even now the White House has not told the full story of Reagan's 
concessions to the ayatollah.

    By preserving the tamper-proof truth of what government officials 
did or did not do, the electronic archive in the White House may add an
unforeseen dimension to the system of checks and balances bequeathed by the
Founding Fathers.

    This computer was not user-friendly.

   [Several readers noted that Alan Wexelblat meant NSC and not NSA in
   his message in RISKS-4.50.  However, I recall that several key NSC 
   phone conversations had been monitored by NSA fairly early in the game.

   The NSC archives remaining even after on-line copies were deleted and 
   hard-copies shredded is of course another instance of the hidden-residue
   problem in (allegedly) secure systems, i.e., a deletion is a deletion
   is not a deletion!  By the way, the assumption that the archives are
   tamperproof is of course bogus.  PGN]

Re: Automatic Call Tracing for Emergency Services (RISKS-4.49)

Lee Naish <munnari!mulga.OZ!lee@seismo.CSS.GOV>
Tue, 24 Feb 87 16:11:09 EST
I once spoke to someone who helped set up the fire brigade database in
Melbourne.  The system they use is to specify the intersection of two
streets.  Initially there were various integrity constraints in the
database, such as street names had to be at least two characters long,
streets didnt cross each other more than once etc.  Two streets violated
both conditions: S street (shaped like an S) crossed another street in three
places and Y street (shaped like a Y) crossed another stree in two points
(numbering must be rather confusing in Y St.!).  (The real world is not
designed for computers; pity :-)

Air Traffic Control, Auto-Land

Tue, 24 Feb 87 11:37:44 EST
    Is there anyone on this list who knows whether the air traffic control
radar systems have automatic collision alert systems?  And if they do, do
they work?  It seemed to me that if everyone were required to have Mode C
transponders (which automatically report the plane's altitude to the nearest
100 feet to the ATC computer), then it would be simple to write a program
which would detect possible collisions.  Arguments against this may include
that the controller would have much too many targets on his screen to handle
-- as it is now they often screen out all traffic that they are not working
with so that the planes do not even appear on their radarscope.  However, a
program such as I suggested could work on all planes, whether actually being
displayed on the scope or not, and maybe bring to the controller's attention
two planes on a collision course and altitude which were not being displayed
and would not have been noticed.

   [It is my understanding that the ground-based AUTOMATED collision alerts
   will be a part of the new system (currently in procurement).  But the
   expense of the on-board equipment seems to mitigate against its use in
   small private planes, which preset a very serious gap in the on-line
   information.  3-D radar might be more appropriate, especially since a
   Mode-C transponder could be faulty...  PGN]

     Another thing: what are people's opinions about autoland[ing]?  This
system, installed on many of the large passenger jets, will take over
control of eveything -- rudder, ailerons, and throttles -- from up to 20
miles out from the airplane, fly the approach, flare the plane, and actually
touch down, all automatically.  At present I believe only several thousand
complete autoland cycles have been flown at all.  I read in an aviation
magazine an article written by a 30,000 hour airline pilot about it; he said
when he went along for a demonstration of autoland it flew a flawless
approach, and he rated it well above the average human approach.  Plus it
can do this is any weather at all (in terms of visibility and cloud layers).
Certainly computers are not infallible, but neither are humans.  It may be
true that if pilots always used autoland they would not retain the flying
skills to take over in case of failure, but in some cases I can certainly
see a use.  For instance, a common time for minor incidents is when a plane
is nearing its destination after a long international flight.  After the
crew has spent maybe 4 hours acting only as "system monitors," now they must
suddenly start talking to people and actually flying the plane.  If one
would say that autoland is not good because pilots' skills would
deteriorate, is this not true of the autopilot, which does the flying for a
large part of most flights?
                                             -Matthew Machlis

     [For the AI community, I could not resist pointing out that
      whether or not this message got included might be determined
      by a variable "MachlisP".  PGN]

Electronic steering

Spencer W. Thomas <>
Tue, 24 Feb 87 17:22:34 MST
Seems to me a point that the other respondents missed here is that in a
military system, people are prepared to accept a certain number of deaths
due to failure, in order to have a higher performance system.  Look at the
number of military planes that crash while on maneuvers, and no-one thinks
much about it.  Similarly, one might put electronic steering on a race car,
if it was felt to offer a competitive advantage, and if the car crashed
during the race, "them's the breaks".

=Spencer   ({ihnp4,decvax}!utah-cs!thomas,

   [Another message on this subject was received from William Swan: ...
    Military planes undergo a lot of maintenance, logging, as I understand
    it, as much or more service time than flight time (if I am wrong, please
    provide the real numbers). ...]

Hurricane Iwa and the Hawaii blackout of 1984

Matthew P Wiener <weemba@brahms.Berkeley.EDU>
Tue, 24 Feb 87 01:48:18 PST
[With respect to the WWN computer terminal story:]
You might wish to read Stephen King's short story "Word Processor of the
Gods" in his collection _Skeleton Crew_.
ucbvax!brahms!weemba    Matthew P Wiener/UCB Math Dept/Berkeley CA 94720

  From: bob@uhmanoa.UUCP (Bob Cunningham)
  Newsgroups: sci.misc
  Subject: Re: James Burke (what a real blackout is like)
  Date: 17 Feb 87 17:57:55 GMT
  Organization: Hawaii Institute of Geophysics

  On Thanksgiving evening 1984, Hurricane Iwa---essentially without
  warning---hit the islands of Kauai and Oahu, destroying major portions of
  the electrical grids on both islands and knocking out all electrical
  generation.  It was several days before power was restored to portions of
  Honolulu (incidentally, the 11th most populous city in the United States),
  several weeks before power was completely restored.  One of the reasons it
  took so long was that all of the generators were designed to be
  "jump-started" from another running generator on the grid, and no one knew
  how to bootstrap up a generator all by itself.

  The whole story is rather too long to go into here, but here are some of the
  key points...

  There was no satellite meteorological coverage for the central Pacific,
  because the GOES East satellite had failed, and the GOES West had been moved
  over to cover the Atlantic...which the Weather Service figured was more
  important.  Weather observations from ships told of a strong hurricane
  developing west of the islands, but a military reconnaisance flight sent out
  on Thanksgiving day failed to accurately locate the storm.  There was no
  historical precedence for the path it took that led right to the population

  In the afternoon, winds started rising, and the Weather Service issued a
  Hurricane Watch, then quickly a Warning, but still didn't have a precise fix
  on Iwa, nor accurate information on speed or direction.

  Early in the evening, after dark the winds started gusting well above 60
  mph, and the electrical grid went down, surprising the electrical utilities
  who had taken no precautions to isolate any of their systems...taking down
  all their generators.

  [This could be a separate story in itself, but suffice it to say that the
  Civil Defense Emergency Broadcast system didn't work.  Besides all the TV
  stations, all the radio stations---except one--- went off the air that
  night.  The single radio station that had an operating emergency generator
  was running "on automatic", playing religious music.]

  By the next day, one or two other radio stations were up (and the religious
  station had hastily converted to all-news), but power was still out...
  remaining out for days.  The first thing people missed was water, the water
  distribution system being driven by electrical pumps...though some places
  that had gravity feed from tanks above in the hills were lucky for a while.

  Traffic was a shambles since no traffic lights were working... though that
  became less of a problem over the next day or so since no gas stations were
  pumping and people realized that they were stuck with just whatever gasoline
  they happened to have in the tanks of their cars, and started being very
  careful about how they used that up.

  Food in refrigerators and freezers spoiled.  Long lines developed at grocery
  stores as people tried to buy more food...and clerks had to add up by hand.
  Most resturants stayed closed; the few that opened---cooking with gas---soon
  closed again as the city gas system began losing pressure.

  Electrical generators (even small ones) were not available for love nor
  money, ice and candles (when available) went for premium prices.

  The most-listened-to person in the islands was the spokesman for the
  electrical company who spent virtually all of his waking hours on one radio
  station or another detailing the repair work underway.

  Meanwhile, the electrical utility company crews worked around the clock to
  restore portions of the electrical grid, and devise ways to start up even
  one major generator.  I don't know the full story behind the restart effort,
  except that lots of different techniques were tried, one of which finally
  worked on Oahu. The Navy dispatched a nuclear submarine to Kauai in an
  effort to "jump start" the main generator there.

  It seemed like forever, but it was only a few days until electricity
  was available to some parts of Honolulu.

  We lived with rolling blackouts for about a week more.  Outlying areas
  on the islands weren't fully restored for over two weeks.

  There were some fatalities, due mostly to "freak" accidents of various
  kinds...and a small, but statistically significant "baby boomlet"
  some 9 months later.  If this had happenedd to a major mainland city
  in winter there would have been considerably more fatalities, and
  the story would be much more widely known.  As it was, if it had
  lasted too many more days, water would have become very critical...

  Bob Cunningham

Summary of a Talk by SANFORD (SANDY) SHERIZEN on Computer Crime

Eugene Miya N. <>
24 Feb 1987 1812-PST (Tuesday)

Dr. Sandy Sherizen is a criminologist and former information security 
expert who consults with corporations, banks, and Government Agencies on 
the prevention of computer crime.  Dr. Sherizen began his discussion 
by giving an impression based on the development of safes and safe 
cracking.  He talked about the overly technological nature by which 
safes improved and safecrackers got better.

What is important about Sandy speaking is that criminology is a well-
founded science and that many of the patterns in computer security have
been studied already in criminology.  (Sandy finds this shocking.)  We
would do well to learn from it.

Let me try to reproduce the sequence.  First, safe were created, and
crackers broke the locks.  Locks got tougher.  They went to combination
locks (and lock picking, separate area).  Next, they resorted to drills, and
the countermeasure was stronger metal.  Next came simple explosives again
followed by heftier metal, and more powerful explosives.  Around this time,
they discovered nitroglycerin which as a liquid can be poured into cracks.
They then discovered the use of oxyacetylene torches to cut thru.  Safe
makers retaliated with heat-conducting materials.  During this time, people
started kidnapping bankers and their families (a totally non-technical
solution to the problem).  This problem was "solved" using time-locks on
doors.  (I enjoyed the last example.)  Crime goes on.

In Sandy's thesis, there are 4 stages that we have to deal with in terms of
computers, and the talk itself was a series of rambling discussions.  The 4
stages, by the way, which worked in the case of banks, safes, and vaults,
are detailed in a book in Criminology which we can get as a reference.

Sandy's concerns are first:
  privacy, work, monitoring of work
  computerization of crime
  information property

Sandy also made some interesting comments, for instance, on the 
development of laws -- the concept of "moral entrepeneurship", a very
different kind of thing than most computer people are used to.

The Tylenol drug poisoning case is an interesting case -- the point 
is that no new laws were created, but a technological solution of tamper 
proof packages came into use.  That corporation on the whole had no 
policy for dealing with problems of this kind to begin with, and had 
inadequate protection in understanding them.

The reasons for commiting crime are interesting Criminological and
Sociological areas.  Basically, the common threat is a "trusted embezzler"
with an "unsharable resource" or "unsharable problem", and there are what is
called the 3 B's starting with Booze as the reason why people do regular
crimes.  The reason why people commit computer crimes is what is called the
3 C's:

Sandy also mentioned the fact that the media basically regards 
computer crimes as hi-tech soap opera.  We make criminals folk heroes, 
but at the same time we have to be able to protect whistle blowers.

The 4 stages in EDP growth have similar trends or patterns in the 
nature of computer crime.  This is called the Gibson-Noland Law on EDP 
growth.  The 4 stages:
as generalized to computer crime initiation begins with 
 first hit or miss crime 
such as in Steven Levy's book, "Hackers" which is popular and we are
transitioning out of this phase into a phase of
which includes lots of people and undetectable crime with many rewards.  [We
are] beginning "specialization," which is a formalization stage of crime
where the law gets into the act and the criminals themselves specialize in
criminal things like financial systems, or UNIX Systems, and so forth, but
in the formalization stages law gets interested and finally the fourth stage
of maturity there are a relatively predictable sequence of crimes.  Such as,
there is measure and countermeasure on part of the law enforcement as well
as the criminals themselves.

Sandy's basis for this talk is that were going to see new types of 
crime with a new series of targets: a new sense of how-to-do crime and 
how-to prevent crime.  Basically, they are categorized by the 414's
(the Milwaukee WI area code), teenagers who broke into computers.
When asked by a Congressional committee when he realized that he had
done something wrong, Neil Patrick pointed out "When the FBI was 
knocking on my door" -- there basically was hunt and peck computer crime.  

So Sandy's predictions for future directions of computer crimes are 

  First of all there will be fewer crimes on computers, but they
  will be of a much more serious nature, because there is 
  survival of the fittest -- and organized crime will get into it.  We see 
  some people who won't quit but who have to learn about criminal 
  elements such as, laundering money, not leaving fingerprints, and so 
  forth which would basically defeat the older generation criminals. 

  The second thing will be more technological opportunities to 
  commit crime, such as photocopying with copying machines and money.

  The third prediction is more internationalization of crime.  (There was a 
  brief aside after the internationalization regarding viruses, and the 
  typical example of this was given in the piece of software known as 
  eggbeater and also by the book Soft War -- eggbeater was a program 
  that literally ate up data and dropped away ...)

Another area of concern was the area of modes of learning about crime.
Sandy was concerned with the suicide epidemic noted by the Center for
Disease Control, and uses the name "copy-cat crime".  (Example of copycat
crimes are in the movie "War Games" and in use of Automatic Teller Machines

The professionalization of crimes involves such things as raids and
reverse-engineering files and records not just in a sense of building
things.  But changing records -- we're going to see more.  Again, the
evolution of specialization -- more collusion perhaps between individuals
who commit crimes.  A good example of this is the Walker spy trial; this is
a serious crime but the public will not see it as a serious crime, just as
it does not see white collar as a serious crime.

Part of the problem is that we look upon things such as pens and pencils as
free, which come with the territory as far as working.  Because of offices,
nobody thinks of it as a crime unless you come literally and haul the pens
and pads away using a truck; that's just like taking a disk for a computer
home, its not really regarded as a serious thing unless the entire payroll
is located on it.  So a large part of this is public awareness and education
in terms of how to deal with crime.

Privacy is the issue that we really probably need to work on the most, Sandy
said -- the needs and problems of technology invading privacy and that what
we should do (in particular) is worry about that as opposed to trying to
solve all computer crime problems.

Sandy is a friend of Dr. Lucy Suchman at the Xerox, Palo Alto Research
Center (PARC) and if we want to get in any further contact with him
the best thing to do is contact him through Lucy. I believe he's
teaching at MIT.  Also in attendance was Donn Parker (SRI International)
who is also well known.  

There was considerably more discussion than was involved on this 
tape.  Correspondents should send electronic mail to me, for further 

    [Lightly edited.  Garbles could be mine or Eugene's ...  
    This is included primarily for our newer readers, in that RISKS
    has gone over much of this ground on various occasions in the past.  PGN]

Please report problems with the web pages to the maintainer