The RISKS Digest
Volume 5 Issue 16

Saturday, 25th July 1987

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o $23 million computer banking snafu
Rodney Hoffman
o Computer crime, etc.
Matthew Kruk
o Reactor control-room design and public awareness
Robert Cohen
o Computerized Tollbooths Debut in PA
Chris Koenigsberg
o Re: ATC Responsibilities
Alan M. Marcum
o Air traffic control and collision avoidance
Willis Ware
o Risks of computerizing data bases
Tom Benson
o Re: electronic cash registers and wrong prices
Brian R. Lair
Will Martin
Mark Fulk
o Taxes and who pays them
Rick Busdiecker
Andrew Klossner
o Info on RISKS (comp.risks)

$23 million computer banking snafu

24 Jul 87 08:11:36 PDT (Friday)
Edited and excerpted from the Los Angeles Times, Friday, July 24:


Bank of America quietly acknowledged a $23-million computer snafu that is
alienating key customers and will likely take months to fix.  The
one-sentence disclosure in the company's second-quarter financial report
said, "the corporation established a reserve for estimated costs, arising
from problems in Bank of America's conversion to a new trust accounting and
reporting system, which reduced net income by $23 million."

The problems arose when a new system, MasterNet, was brought on line in
March before being fully debugged to replace an aging system.  "They
committed two cardinal sins," a trust dept. official said.  "They took down
the old system before the new system was up and running.  And they were the
first big bank to install the system.  A key rule in computer software is:
Never go first."

As a result, sources say, the system has crashed for days at a time, the
bank is months behind in providing customers with their monthly statements
and there have been potentially costly delays in trading securities.
Sources called it a major embarrassment.  "Heads are going to roll."

The institutional trust services department administers more than $38
billion in pension fund and other assets for more than 800 corporations,
unions, and government agencies.

MasterNet was designed by Premier Systems Inc., a Wayne, Pa., software
services company.  "It is not our practice to discuss successes or
failures," said Arthur A. Kock Jr., vice president and chief financial
officer.  [I guess potential customers just like their name?! — RH]

The system is designed around four Prime Computer models known as Leopards,
costing about $750,000 each.  "Prime has had at least five people here full
time trying to staighten things out," a bank official said.  "This is going
to be a really slick system, when it works," he added.

     [Chickenfeed?  BofA just declared a $1.14 Billion loss for the quarter
     on anticipated writeoffs for bad loans...  PGN]

Computer crime, etc.

Fri, 24 Jul 87 09:23:26 PDT
Speaking of computer crime, etc., it is timely that I noted the
following article from Associated Press "buried" in our local paper:

                     Computer crime ring broken

Pittsburgh - Nine high school students in Pennsylvania have been arrested as
part of a countrywide computer crime ring that illegally bought millions of
dollars worth of goods and services, authorities say.
   Juveniles and adults from New York City to California were involved,
police said. The ring illegally obtained thousands of credit card numbers by
using telephone hookups to tap the lines on which cards are checked
eletronically in many stores.
   Illegal purchases of goods and services were made "in the millions," police 
officer John Michalec said Wednesday. More arrests are expected, he said.
   Michalec said the ring also gained access to various government
computers but he declined to elaborate "because of very delicate
national security concerns that we don't want to talk about."

Computer crime, etc. — and etc.

Peter G. Neumann <>
Sat 25 Jul 87 15:05:07-PDT
In the same week, two youngsters involved in the P.Floyd breakins at
Stanford an Berkeley were apprehended on the west coast.  Apparently the FBI
and Secret Service have been trying to crack down on crackers.  (See three
articles by John Markoff in the SF Examiner, 23 and 24 July for background.)

Disclaimer: RISKS does not condone unsavory cracking, and certainly does not
wish to glorify it.  The systems that were broken into were not considered
to be highly secure systems.  However, we have noted here that even systems
that are considered highly secure can be vulnerable to attack.  On the other
hand, we strongly urge emphasis on teaching that pervasively stresses social
values and ethics as an integral part of education and life experience, not
just on encouraging our youths to learn how to manipulate computers.  PGN]

Reactor control-room design and public awareness (RISKS-5.15)

Fri, 24 Jul 87 23:17:48 PDT
  This is regarded in several sectors as an increasingly sensitive subject,
  and I am of the growing opinion that it not appropriate to discuss
  this subject in an open forum.   Readers should also note that several
  of the FORMER readers have included `experts' in this field.
  --eugene miya, NASA Ames Research Center

Eugene, Because it is an increasingly sensitive subject is exactly the
reason it SHOULD be discussed.  This is an open society, North, Poindexter,
and the 'gipper' notwithstanding.  If you don't want to express your
opinions and share your knowledge about how to safely deal with the nuclear
plants, then fine.  I think this should be discussed so that we can know
more about what may go wrong and how it happens.  How else do you expect one
to have an informed opinion?  Osmosis??

(all standard disclaimers apply - your actual baud rate may vary,
               depending upon atmospheric and cosmic disturbances)

Robert Cohen, San Ramon, California {ihnp4,lll-crg,qantel,pyramid}!ptsfa!rhc

    [This is of course a very old debate in RISKS.  In general, the awareness
    that there are serious problems is clearly a RISKS-related topic.  
    Considering the potentials for sabotage, misguided experiments, and so on
    there is a little justification for hiding the specific problems.  However,
    if the existence of such problems is hidden, the public can be grossly
    misled.  This debate thus echoes some of the Contragate hearings on what
    the public should know...  RISKS always tries to opt for openness, while
    recognizing the sensitivity of certain details.  PGN]

Computerized Tollbooths Debut in PA

Chris Koenigsberg <>
Fri, 24 Jul 87 10:49:02 edt
The morning paper reported that new a computerized tollbooth system made its
debut yesterday on the Pennsylvania Turnpike, at the King of Prussia/Valley
Forge interchange (the exit for Philadelphia). It resulted in huge snarled
traffic jams and delays.

Apparently they replaced the old toll cards, which you used to hand to the
attendant who then asked for your fare, with new ones that you insert
directly into a slot to be read by a computerized system which displays your
fare on an LED readout. The new cards are so small, though, that no one can
read them. So people didn't know what the fare was going to be until they saw
it on the readout, whereas people used to read their card ahead of time and
have their money ready.

Re: ATC Responsibilities (RISKS-5.15)

Alan M. Marcum <sun!marcum%nescorna@seismo.CSS.GOV>
24 Jul 87 18:35:17 GMT
In RISKS 5.15, Andy Freeman queried:
> What are the pilot's responsibilities and liabilities?  What about the
> controller's?

The Federal Aviation Regulations are the laws governing aviation in
the US.  Subchapter F of the FARs is entitled "Air Traffic and
General Operating Rules"; Part 91 of the FARs (part of Subchapter F)
is entitled "General Operating and Flight Rules."  FAR 91.3 states:

    91.3 Responsibility and authority of the pilot in command

      (a) The pilot in command of an aircraft is directly
    responsible for, and is the final authority as to, the
    operation of that aircraft.

So, the PIC has total responsibility.  91.3 continues:

      (b) In an emergency requiring immediate action, the pilot
    in command may deviate from any rule of this subpart [91-A:
    General] or of Subpart B [91-B: Flight Rules] to the extent
    required to meet that emergency.

Yes, there is accountability for emergency deviations, under 91.3(c).  (In
fact, it's interesting to note that a large number of pilots have delayed
declaring an emergency, or failed to declare an emergency altogether,
because of this potential accountability.  The FAA's official word — and
practice, from history — is to declare the emergency, make the necessary
deviations, and not to worry about "enforcement.")  Regardless, this gives
an idea of the authority of the PIC.  Note that these regulations apply
equally to all non-military flying in the US, air carrier, air taxi, and
general aviation alike.  As a (private) pilot, I take the accountability
portions of FAR 91.3 very, very seriously.

Alan M. Marcum, Sun Microsystems, Technical Consulting, Mountain View, CA

     [Also noted by John Allred <jallred@LABS-B.BBN.COM> and]

Air traffic control and collision avoidance

Fri, 24 Jul 87 15:39:06 PDT
Andy Freeman's comment in RISKS-5.15 and the ongoing discussion of ATC and
related affairs prompts me to offer some historical perspective on the
contemporary air traffic control system and anti-collision devices.  Its
history but it also has relevance to us as professionals in a computer world.

In World Wide II, an electronic radio-based technique called Identification
Friend or Foe (IFF) was invented by the British.  The problem at the time
was to tell whether a radar-detected aircraft belonged to our side or to the
other side.  Successive generations of the system were designed and by the
time it got to the one called Mark III, the various equipments in the system
were brought to this country where everything was re-engineered and put into
production for the Allied forces.  The Hazeltine Electronics Corp, then of
Little Neck, (Long Island) NY, was the focal point in the country for IFF
work under USN contracts.  Today we would call Hazeltine the systems
engineering and support contractor.

The transponder gave a very simple reply to each interrogation pulse: a
narrowly spaced pair indicating a normal response and a widely spaced pair
indicating an emergency situation — no identification of individual
aircraft.  In fact, there's a famous incident concerning the capture of
several IFF equipments by the Germans from downed Allied aircraft; the
foes flew in looking like friends and clobbered (I think it was) Bari,
Italy almost into oblivion.

Toward the end of WW-II, the USN sponsored the design and development of a
successor system called Mark V.  Among other improvements, it transmitted
a 10-bit response which could be coded to identify individual aircraft and
operated at a higher frequency (L band) so the antennas could be smaller.

The war ended before Mark V got widely deployed and Hazeltine found itself
with all the great technology and ideas looking for a problem in the
civilian world.  Some internal studies were done and Hazeltine proposed a
national air traffic control system which layered the airspace into 1000'
increments (even altitudes going one way and odd altitudes, the other), put
altitude-reporting transponders on all aircraft, assigned a unique identifier 
to each aircraft, and used ground interrogators to challenge the transponders. 
The responses were to be displayed on PPI scopes which also would contain
correlated radar responses simply by synching the radar and interrogator
transmiters.  It was a very primitive digital system and naturally was to be
done in vacuum tubes — which is all there was at the time!

Then (1945-47) only the ENIAC had been built; the UNIVACs and the
Princeton family of machines had yet to be developed.  The digital
computer had yet to really emerge so that the ground environment was not
proposed to be highly automated.

Now to the point of this history.  At the time, one of the important
arguments, if not principle, was the question of responsibility.  There
were discussions about whether the pilots would accept a traffic control
system that was ground based and would only give him directions.  In fact,
there were proposals to put the air picture together on the ground and
transmit it back to the cockpits for decision making aloft.

All of the basic ideas in today's ATC were conceived, proposed, and
implemented in the hardware-of-the-day some 40 years ago including the
frequency assignments.  The only conceptually new thing that has come
along has been the computer-based automation that supports the
controllers, although there has been of course a multitude of technology
and engineering advances and the evolution of efficient operating
procedures and overall system administration and some elaboration of
the original basics.  At the same time, the altitude-reporting transponder
is a relatively recent addition; it roughly parallels the introduction
of jet aircraft.

We all recall the slow progress of a ground-based ATC.  Quite aside from
the usual problems of introducing a new technology and persuading airline
companies to put more equipment on aircraft (that, at the time, were
generally weight, not volume, limited in carrying capacity), the pilots
argued for having ultimate responsibility and decisions.  For quite a
while, we ran a national airspace with ground-based rotating light
beacons, and various radio navaids.  We didn't have radars, much less a
transponder system.

Anti-collision proposals have followed the similar path; and for the
same reason, we still don't have them in place except experimentally.  One
of the long running arguments has been the self-same "place of
responsibility." The pilot, supported by his union and legal forces, has
argued that the ultimate decisions had to be in the cockpit because of the
legal responsibility mentioned by Andy Freeman.  The electronikers of
course argued that the job could be done much more effectively,
efficiently, comprehensively, and cheaply on the ground.

Honoring the established wisdom of learning from history, there is
something for our business.  Namely, in the solutions and conceptual
frameworks that we propose for this, that, or the other application, we'd
better be mindful of the legal environment in which the users of our
systems will be; we'd better be especially sensitive to the legal
obligations of the system users vs. where we put the automated support,
how we funnel its output to the legally obligated users, and what
legal responsibility it incurs.

It also relates to an aspect of compusec that has been little talked
about; in fact I never recall it coming up in the defense environment
although "2-man control" is a long established principle in stategic
weapons control.  It has come up only a little in the commercial compusec
world although it's an implicit principle in traditional conduct of
business in a paper world.  It's "role separation" or division of

Appropos of the insider threat and the overall integrity of system
operation, there is a growing awareness that separation of role is an
unaddressed but important latent issue in the compusec world.  One
shouldn't have the same individual both writing checks and signing them,
nor should the implementation of a system allow an otherwise authorized
user to have unauthorized access to both functions.

This principle also serves the reliability-of-performance issue.  For some
applications, notably ones involving high risk and/or public safety, one may
be wise to separate the automated functions of monitoring and reporting from
the (possibly automated or possibly manual) actual control of the process.
But even then, we better watch the legal assignment of responsibility vs.
the source of data on which to make decisions under that responsibility.

                    Willis H. Ware, Rand Corp., Santa Monica, CA

Risks of computerizing data bases

< "Tom Benson 814-238-5277">
Fri, 24 Jul 87 11:14:36 PDT
The following issue is a relatively one technically, I suspect, but may be
fairly common.  I am the co-author of a small book on nonverbal
communication (Benson & Frandsen, NONVERBAL COMMUNICATION, Science Research
Associates).  For some time the book had a fairly large market as a
textbook.  Suddenly the sales fell off.  Then my own university bookstore
reported to me, when I tried to order it as a text, that it was out of
print.  I was pretty sure this wasn't so, and in a series of calls tracked
down the answering/ordering service from which all college bookstores order
the book.  It turns out that the book was listed on the computer database
under the name of the series of which it is a part (Modules in Speech
Communication) and that occupied the title field; an attempt to request the
title NONVERBAL COMMUNICATION returned a message that there was no such
title, which the operator naturally interpreted by telling the bookstore
there was no such title, so it must be out of print.  So bookstores told
this to professors, who ordered a different book.  This first happened
almost two years ago, and was followed by promises to correct it.  It
happened again last week.  It would seem that this is probably a fairly
common situation, and that it is one that is very unlikely to reveal itself,
since most people would not argue with the computer on such an issue.  I'd
be interested to hear whether such simple but mostly undetected errors (with
real consequences in this case for the availability of this book) are
common--and commonly corrected.

Re: electronic cash registers and wrong prices

Fri, 24 Jul 87 14:06:23 edt
    Here in Atlanta, the Kroger stores advertise their "scan-rite" policy.
That is, if any item gets rung up via UPC with a different price than that
listed on the shelf, (and you catch them at it) you get that item free.
This seems a reasonable policy in that "the punishment fits the crime."

            brent laminack (gatech!itm!brent)

Re: Electronic Cash Registers

Fri, 24 Jul 87 09:30:19 -0400 (at ncrlnk.Dayton.NCR.COM)
Michael Scott mentions an incident in which he was overcharged at a
supermarket due to a discrepancy between the shelf price and the
store computer's UPC database.  The customer service desk expressed
no sympathy, either.

Here in the Midwest we have a popular supermarket chain called
Dillons whose president states (on the grocery sacks!) that he is
so confident in his stores' computer/scanners (NCR) that he guarantees
that if an incident similar to Mr. Scott's occurs, the customer
receives the disputed item for free.  Not a bad idea!

Brian R. Lair  NCR Corporation, E&M Wichita, Product Technology Development

Re: Electronic cash registers

Will Martin — AMXAL-RI <wmartin@ALMSA-1.ARPA>
Fri, 24 Jul 87 10:21:49 CDT
The RISK to the public of incorrect computer-controlled grocery-store
pricing may be the most common form of computerized fraud perpetrated
on the general populace. At least, I think it is the most likely to
happen to the ordinary individual.

The inconsistency between shelf-posted prices and what the stores'
computers have as the on-line price is still fairly common around
here (St. Louis); more likely at National stores, which is one of the
two chains I normally shop at. When scanning came in and individual-item
price-marking was dropped, there was much publicity about how the stores
would give you your money back if you were charged more than the shelf
price. These policies are still in effect, but are not publicized
any more. Also, I think the staff have gotten so used to the system
that they have become sloppy and careless. 

I often get several dollars' worth of free groceries by remembering
what the shelf price is and watching the display during checkout. You
just pay what the register shows, and then take the ticket and items to
the manager's cubicle and point out the discrepancy. The way the refunds
are implemented now is that, if you bought more than one each of an item
where the price was wrong, you get one free and a refund for the
difference on the others. If you bought one each of several items where
the prices were wrong, you get all the cost refunded (plus you get your
sales tax back, too, of course). One interesting aspect of this is that
the local stores have been doing "double coupons" for the past year or
two — if you had redeemed a coupon on the item, they are paying you
twice the coupon value to take the thing! (Only once did the manager
check on coupons and give me back the coupon and cancel out its
redemption and adjust the refund accordingly.)

This is actually cheaper for the stores than trying to do it right in
the first place, I think. They are paying me by giving me free groceries
to do their job for them; since probably only a tiny fraction of the
great unwashed consuming public pays close enough attention to what they
are doing to catch these price discrepancies, it doesn't really cost
the stores that much — undoubtedly cheaper than it would cost to pay their
staff high enough wages to expect them to be more accurate all the time!
Plus, of course, they get the extra income from overcharging the majority
of customers until they are caught. 

The stores also have an interesting method of correcting the discrepancy:
they never change the computer price — they just change or remove the
shelf tag! (At least I have never seen any evidence that the computer-
stored price gets changed.) When you report the discrepancy to the
manager, they send a stockboy to pull off the shelf tag.

This sort of thing can be consistent and repeatable, too — for example,
there is a local brand of taco chips I only buy when they are on sale
for 99 cents a bag istead of the usual $1.29, and EVERY time I buy these
I get a free bag! The store seems to never change the computer price when
they put up the "sale" sign on the chip display! (Usually I buy these on
Monday, the first day the new price would be in effect, but I have run
into this as late in the week as Wednesday evening. That means that three
days' worth of shoppers have not yet noticed the price difference, in a
huge busy store, or the computer price has not been updated despite reports.)

Anyway, if you are alert enough to pay attention, this is one RISK that
you can turn to your advantage.

Regards, Will Martin

supermarket scanner errors

Fri, 24 Jul 87 14:29:55 EDT
[Note to risks readers: Michael Scott and I are colleagues in Rochester.
Topps and Wegmans are the largest of the local grocery chains, and the
main representatives of the hypermodern gigantic school.  Topps goes for
the blue-collar clientele; Wegmans is ritzier.]

Topps or Wegmans?  We always have this problem at Topps, and average
about 25 cents a trip or so in scanner errors.  We check the receipt
very thoroughly every time; I'll go back in the store and recheck shelves
to be sure.  They are always very nice about giving us our money.

At Wegmans, on the other hand, you get the item free, or a dollar back,
whichever is less.  One used to get the entire order free at Wegmans
for catching a scanner error; from the fact they stopped,  I gather that
other people than I noticed the following obvious strategy: buy one copy
(at least) of every item in the store; one item is sure to scan wrong,
so you will get the entire order free.  Out of some undoubtably foolish
sense of rightness, I never tried this; however, I did get several free
normal orders for noticing scanner errors.  The change in policy has
caused me to switch to Topps, which has generally lower prices.  I just
have to be more watchful.

Please to note that the number of scanner errors is substantially smaller
than the number of errors committed by clerks at manual cash registers;
furthermore, the scanner errors are much more easily checked, since
each line of the receipt shows the item scanned.  I have only caught
one error in interpreting the bar code.
       [I have omitted a slew of additional messages on this subject,
       some of which are worthy but others of which are rather chatty.
       It is hard for me to accept just a novel portion of a long message.
       RISKS usually gets deluged on issues that affect us personally,
       particularly in the wallet.  PGN]

Taxes and who pays them

24 Jul 1987 05:54-EDT
Unfortunately the clarification is not entirely correct, although it is
fairly widely held misbelief.  While the application of a new tax to a
product or service will often result in an increase in cost to the end
user, it is very often NOT the case that this end user cost increase is
equal to the tax increase; in many cases the company absorbs some of
the cost.  A government decree will not necessarily affect the price
that a market will bear in as predictable a manner as is suggested by
this ``clarification.''
                            Rick Busdiecker

Non-taxes and who pays them [For the record]

Andrew Klossner <>
Sat, 25 Jul 87 11:22:20 PDT
Two recent comments in RISKS have suggested that the FCC is levying a
new tax on data transmission.  This is not the case.  In fact, the FCC
has proposed to discontinue a telephone service discount that
information service providers now enjoy.  The effect on those service
providers is the same, but the government motivation is a bit more
noble than just grubbing for new revenue.

  -=- Andrew Klossner   (decvax!tektronix!tekecs!andrew)       [UUCP]
                        (   [ARPA]

      [Thanks for the clarification on this.  As we have drifted from
      RISKS relevance, let's blow the whistle on this subject.  PGN]

Please report problems with the web pages to the maintainer