The RISKS Digest
Volume 5 Issue 42

Monday, 5th October 1987

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Credit Markets: computer interest is high!
Jerome H. Saltzer
o Telephone computers that work
Alan Wexelblat
o Computer Services as Property
Isaac K. Rabinovitch
Arthur Axelrod
o JOINing on public access data — and insider trading
Brent Laminack
o TV Detectors
Lindsay F. Marshall
Ian G. Batten
David A Honig
o Confusing Input Request in Automatic Voting Systems
Eke van Batenburg
o Directions and Implications of Advanced Computing — Call for Papers
Douglas Schuler
o Risks of receiving RISKS — BITNET users BEWARE
o Info on RISKS (comp.risks)

Credit Markets: computer interest is high!

Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Fri, 2 Oct 87 09:47:01 EDT
Buried near the bottom of the daily report of Credit Markets on page
29 of the Friday, October 1, Wall Street Journal is the following
intriguing paragraph:

  "The rate on federal funds, or reserves that banks lend each other
  overnight, averaged 7.6%, down from 8.38%, according to Fulton
  Prebond (U.S.A.) Inc.  At one point Wednesday, the rate was as high
  as 30% because of a computer problem, the Fed said."

That one somehow sounds a little scarier than usual.  Does anyone have
any facts?

Telephone computers that work

Buckaroo Banzai <wex@MCC.COM>
Fri, 2 Oct 87 09:27:08 CDT
A short blurb in today's paper reports that the Pac Bell computers logged
over 300,000 phone calls in the six minutes after the earthquake.  The
system appears to have degraded gracefully under the excessive load - the
only problems reported were delays in getting a dial tone.

Alan Wexelblat  UUCP: {harvard, gatech, pyramid, &c.}!sally!im4u!milano!wex

   [As always, it is nice to see success stories.  On the other hand,
   the call volume that resulted was enormous all day — and various LA
   exchanges were down completely for quite some time.  By late evening it 
   was still almost impossible to get some calls through to LA.  PGN]

Computer Services as Property

Sat Oct 3 10:57:35 1987
     A recent message in the RISKS Forum raises an issue that I think needs
more careful discussion.  The opinion expressed was similar to many I've
heard in the last few years, in its complaint that people regard the theft
and disruption of computer services more tolerantly than theft and vandalism
of "other forms of property."

     I think such opinions are based on the mistaken belief that society and
the law regard the property holder's rights as absolute and final.  I'm not
a lawyer or a serious student of social mores, but it's obvious to me that
both law and society recognize that a property holder has an obligation to
take reasonable measures to prevent tresspass, vandalism, and theft.

     Society in general has little sympathy for people who are careless with
their property, as many system administrators have sometimes been.  An
administrator who accidentally publishes all his user passwords (something
that I've actually seen happen!) is certainly like a person who absent
mindedly leaves his front door unlocked.

     Providers of computer services are right to be frustrated with the
slugish way judges and legislators apply existing moral and legal concepts
to the new technology.  But they should be aware that existing legal concepts 
are not entirely on their side.  Consider the laws of easment, for example.

     They should also not pay excessive attention to the arguments of
defense attorneys, whose jobs obligate them to take a very narrow view of
these problems.

     None of this excuses the Matt and Ally fans who think that fouling up a
Big Corporation's operations is just a fun prank.  And it certainly doesn't
justify more serious forms of hooliganism and brigandage. But system
administrators should not feel that society is giving them a special bum deal.

Computer Services as Property (Re: RISKS-5.41)

5 Oct 87 08:21:16 PDT (Monday)
In RISKS DIGEST 5.41, Richard.S.D' writes: 

  " . . . the defense attorney's comments on motives make me wonder when, if
  ever, the view of computer crimes will merge with society's view of other
  property crimes: we have laws against breaking and entering...

I think we all agree with the fundamental premise, i.e. that information
is a form of property and is entitled to the same protection as any
other form of property.  However, there is a difference between
information property and tangible property that complicates the issue
and may be responsible for much  of the confusion in  society's view and
the ambiguity in current law.

To extend the analogy, in real property ("real" as in "real estate") the
law makes a clear distinction between "fully private" property and
"places of public accommodation."  (I may not have the legal terms
right, but you get the idea.)  I'm allowed to walk at will through a
shopping mall, for example, even if I have no intention of buying
anything.  I can come in out of the rain, use the rest rooms, sit on a
bench and warm up, and not be subject to prosecution for breaking and
entering.  The "resources" that I use, bench space, warm air, rest
rooms, etc. are "saleable items" in the sense that the mall owner has to
pay for them, and recovers that cost in rent from merchants.

On the other hand I can't simply walk into your house at will.  Not even
if you leave the door wide open.  Furthermore, your house doesn't have
to have a sign saying "private property" on it.  If I did that, I would
be subject to charges of trespassing, illegal entry, and burglary, or at
least attempted burglary.  You wouldn't be required to show that you had
taken any special measures of protection, let alone had "perfect
security."  It is assumed that everyone knows that a house is private
property and furthermore it  is assumed that everyone is capable of
recognizing a house. 

That's the point.  Through long custom and usage, we have all come to be
aware of the distinction between private places and places of public
accommodation.  The key phrase here is "long custom and usage."  The
problem that we face with computer security is that society has not yet
had a chance to form a conceptual model of the distinction of what is or
is not a private information resource.  The era of the widely accessible
computer is hardly ten years old.

Education is one part of the process.  One of the functions of the
security measures that we computer operations people take must be in a
sense educational.  People who literally don't know any better, because
they've never been taught, must be told, in one way or another, "Look
here, this is private.  Keep out."  Schools, government, etc., have a
responsibility, too, of course, but ultimately, computer professionals
have the greatest stake and must accept the fact that we must take the
lead.  Some day, the view of computer crimes will indeed merge with
society's view of other property crimes, but we better face the fact
that it may not be soon.

Art Axelrod, Xerox Webster Research Center

JOINing on public access data — and insider trading (Re: RISKS-5.41)

Brent <itm!>
1 Oct 87 19:53:39 GMT
    The recent talk in this group about cross-correlating public
databases for questionable purposes reminds me of the method used to
catch insider trading on the NYSE.

    Above "the floor" is a computer room that constantly monitors the
movements of stocks.  If a stock moves up or down more that a certain
percentage of its selling price in a given day, or if more shares
trade hands than normal, an alarm sounds.  The analysts then
cross-correlate that stock with all available press releases, wire
service reports, and stock offerings to try to determine if there is a
valid reason for this movement.  If no reason can be determined, the
incident gets investigated further.  The buying and selling
stockholders get cross-correlated with the members of the board and
all employees of the company in question.  They also cross-correlate
all known data about the parties in question: club memberships,
professional societies, civic organizations, to try to determine if
any contact was likely.  If these joins come up positive, the case
gets investigated by old-fashioned "legwork."  The above information
was related in an NPR story as the insider trading scandal was
breaking a while back.

    I have long suspected that if "big brother" were to come into
being, it wouldn't be created by the government.  The government is
far to big, slow, and open to public inspection.  If "big brother" is
to be created, it will probably be done by private enterprise, as
above.  But it's not just the "big-wigs" of the NYSE.  It's you and me
being cross-correlated as below:

    There are companies known as "list brokers."  These companies buy
and sell names and addresses.  Everyone notices that once you get on
one "junk mail" list, you soon get mail from a plethora of other
organizations.  Your name has been brokered.  All types of
organizations from credit-card companies to non-profit fund raisers
buy and sell lists.  The price depends on the quality of the name,
from a cent or so for inactive names to upwards of a dollar a name for
high quality lists.  The average is about 10 to 15 cents.  How do the
most profitable companies make money?  By cross-correlating.  One of
the largest list brokers has taken the census information and run
cluster analysis on a wide range of socio-economic scales.  The result
is a clustering of the nation into 17 groups.  These have colorful
names like the "pickups and shotguns" cluster, and the "money and
brains" cluster.  Now suppose a shotgun shell maker wants to drop a
direct-mail piece to new prospects.  What kind of list should he buy?
The list broker pulls up the "pickups and shotguns" profile and
determines that a greater than average number of people in that
segment also own electric freezers, so they sell the shell maker a
list of names of people who returned warranty cards for freezers.
Viola!  Everyone makes money: the freezer manufacturer who sold the
freezers, then sold the names to the broker, the broker who re-sold
the names at a mark-up (the value added being the cross- correlation
he ran) and the shell maker who stands to sell more shells than to an
unqualified list.

    Add another wrinkle: the intelligent set-top cable converter.
This is an individually addressed converter used for "pay per view"
cable.  You see a good movie will be on HBO tonight.  You call your
cable company.  They turn on HBO for you house tonight so you can
see RAMBO or whatever.  Thus they collect information on you as to
who wants to see what movie.  Another new feature is the "people-meter."
At 8:07 p.m. tonight, the central cable computer sends out a "poll"
message.  The set-top captures what channel it's currently tuned to
and over the next 24 hours, all the little set-tops report back to
the home office.  This can go into the database as well.  It's only
a matter of time until this information is merged with the list-brokers
profile.  Now we have a complete demographic profile of your household:
Area of town, cost of house, number of incomes, favorite TV shows, 
most recent major purchases, etc., etc.

    I claim if "big brother" is to be, it will come from the private
sector for marketing reasons, motivated by profit.  There is legislation
in the works to prevent the cable companies from selling information.
But will the set-tops encrypt the data they send?  If not, a simple
passive tap could generate reams of data.  The potential for invasion
of privacy is large here, simply because of the scale of the mailing
list and cable systems.  Also by the nature of the beast, the
correlations are done on a huge scale, hence only approximate in many
cases, so the potential for mismatches is large.
                                                     Brent Laminack

TV Detectors

"Lindsay F. Marshall" <>
Thu, 1 Oct 87 16:39:55 BST
Detecting a TV inside a house is easy, and is a process that has been refined
over the years to cope with such things as multiple occupancy and high-rise
flats etc. I have also heard of people being sent letters about TV licences
when they had no TV, but I don't think they were any more threatening than
your average government letter. I would doubt very much that the search for
licence evasion is as simplistic as has been suggested - the impression I get
is that the letters sent by mistake tend to be caused by people with no TV
moving into a new house where the previous occupant did have one. I would
suspect that the address is a more important part of the check than the
occupant, rather like some credit validation schemes, where information
concerning previous occupants can blight you for up to 6 years - I got caught
by this recently, and to add insult to injury, the information was not even
correct! The previous occupant had been summonsed AFTER he had vacated out
house, but for some reason was still listed as being at our address...however
the companies involved sorted this out very fast and very politely.


TV Detectors

"Ian G. Batten" <BattenIG@CS.BHAM.AC.UK>
Thu, 01 Oct 87 12:16:56 BST
My parents (who do not have a TV) get  a letter every year  stating that
they do not hold a license and then giving  a list of reasons as  to why
this may be so (just bought the TV, forgotten it expired, etc).  Nowhere
on this note does it suggest the possibility that they  don't have a TV!
This letter can only be being generated by cross-matching  some "list of
everyone" with a "TV license-holders list", as they  have  had the house
from new in  1961 and have  never  had  a  TV  in that  time.   [I can't
remember when  radio licenses were  subsumed into TV licenses and waived
for the non-TV 1% of the population; I'm too young :-)]

detecting TV's

David A Honig <honig@BONNIE.UCI.EDU>
Thu, 01 Oct 87 15:50:22 -0700
I don't know how easy it is to detect TV's from a distance (though I suspect
anything using heterodyning is detectable from the emissions from the IF
oscillator), but I recall a story about detecting satellite-TV thieves:

The satellite TV company drove down a street with a RF signal analyzer
and detected the emissions from rooftop dishes.  Each house with a dish
tuned to the (im)proper frequencies was sent a harsh letter describing the
(fairly accurate, in this case) evidence against them.  Apparently this
was effective (partially it was a publicity-motivated crackdown, the satellite
company wanting to show that they could catch "signal-stealers").

Confusing Input Request in Automatic Voting Systems

Mon, 5 Oct 87 16:11 N
Last election in 1986 several cities in Holland used voting machines in
order to keep a count of the votes for the candidates of the various

It appeared that several voters were confused by the lay-out of the buttons
and inadvertently choose the wrong candidate by pushing the button at the
wrong side of the candidate's name.  This was discovered in the little
village of Katwijk because suddenly a conspicuous great amount of people
voted for a very left-wing party (whereas in other years the vast majority
votes for the very right-wing "Gereformeerde Partij").

Eke van Batenburg, Instituut v.Theoretische Biologie, Groenhovenstraat 5
2321BT Leiden (tel.071-132298) Holland   

                              [They could tell left from right among the
                              parties, but not among the buttons.  PGN]


Douglas Schuler <douglas@BOEING.COM>
Fri, 2 Oct 87 14:49:20 pdt
                               Call for Papers

               DIAC-88   St. Paul, Minnesota   August 21, 1988

The adoption of current computing technology, and of  technologies  that  seem
likely  to  emerge  in  the near future, will have a significant impact on the
military, on financial affairs, on privacy and civil liberty, on  the  medical
and educational professions, and on commerce and business.

The aim of the  symposium  is  to  consider  these  influences  in  a  social,
economic,  and  political  context as well as a technical one.  The directions
and  implications  of  current  computing  technology,  including   artificial
intelligence  and  other  areas,  make attempts to separate science and policy
unrealistic.  We therefore solicit papers that directly address the wide range
of  ethical  and  moral  questions that lie at the intersection of science and

Within this broad context,  we  request  papers  that  address  the  following
suggested  topics.   The  scope of the topics includes, but is not limited to,
the sub-topics listed.


  Ethical Issues in Computing Research     AI and the Conduct of War
  Sources and Effects of Research Funding  Limits to the Automation of War
  Responsible Software Development         Automated Defense Systems


  Community Access                         Computing for the Handicapped
  Computerized Voting                      Resource Modeling
  Civil Liberties                          Arbitration and Conflict Resolution
  Risks of the New Technology              Software and the Professions
  Computing and the Future of Work         Software Safety

Submissions will be read  by  members  of  the  program  committee,  with  the
assistance  of  outside referees.  The program committee includes Steve Berlin
(MIT), Jonathan Jacky (U. WA), Richard Ladner (U. WA),  Bev  Littlewood  (City
U., London) Nancy Leveson (UCI), Peter Neumann (SRI), Luca Simoncini (U.Reggio
Calabria, Italy), Lucy Suchman (Xerox PARC), Terry  Winograd  (Stanford),  and
Elaine Weyuker (NYU).

Complete papers, not exceeding 6000 words, should include an abstract,  and  a
heading  indicating  to  which  topic  it  relates.  Reports on in-progress or
suggested directions for future work will be given  equal  consideration  with
completed work.  Submissions will be judged on clarity, insight, significance,
and originality.  Papers (4 copies) are due by  April  1,  1988.   Notices  of
acceptance  or rejection will be mailed by June 1, 1988.  Camera ready copy is
due by July 1, 1988.  Send papers to Professor Nancy Leveson, ICS  Department,
University of California, Irvine, Irvine, CA 92717.

Proceedings will be distributed at the symposium, and will be available during
the  1988  AAAI  conference.   The  DIAC-87 proceedings are being published by
Ablex.  Publishing the DIAC-88 proceedings is planned.  The program  committee
will  select a set of submitted papers to be considered for publication in the
Communications of the ACM.

For further information contact Nancy Leveson (714-856-5517) or  Doug  Schuler

Sponsored by Computer Professionals for Social Responsibility, P.O. Box 717,
Palo Alto, CA 94301.


30 September 87 20:45 EDT
    [For those of you on BITNET, you should be aware of the instructions for 
    the automatic self-maintaining mailing list indirection (which apparently 
    is going to change in the near future).  PLEASE DO NOT send any mail to 
    the designated RISKS address except the properly formatted SUBSCRIBE and 
    UNSUBSCRIBE messages.   All other messages get rebroadcast to the BITNET 
    RISKS community, and then I get complaints...  Instructions upon request,
    if you have lost them.  BUT, I am suddenly getting notices from LISTSERV
    that I (not YOU?) can add YOU using ADD (not SUBSCRIBE?)...   Grumble...
    Update on the new forwarding when available.  PGN]

It seems that computers indeed aren't flawless - especially as regards
automated redistribution of the RISKS Digest on BitNet.  For several weeks
(ever since I subscribed, in fact) I have been getting various messages,
none of which has to do with RISKS (mostly subscription requests &c).
Wondering if something was amiss, I sent a message to the address used for
BITNET subscription.  Much to my surprise, when I logged in several days
later, I found 12 messages waiting for me.  They were typically from people
experiencing the same difficulties, but two held the key to the problem.

It seems that the address for BITNET subscription/distibution has a very
limited intellect.  If it receives mail of the proper for (ADD ...  or
DELETE ...), it is processed.  Any other mail is assumed to be a RISKS
issue, and is distributed to the subscribers.  Needless to say, my query was
treated as a RISKS Issue, and was subsequently distributed.

Please report problems with the web pages to the maintainer