The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 5 Issue 84

Thursday, 31 December 1987

Contents

o Risks of Robots
Eric Haines
o Christmas Exec AGAIN!
Eric Skinner
o Computer glitch stalls 3 million bank transactions for a day
Rodney Hoffman
o Switch malfunction disrupts phone service
Richard Nichols
o 40,000 telephones on "hold"
Bob Cunningham
o Unions denied access to commercial database services
Originally by Jeff Angus and Alice LaPlante via Michael Travers via Eric Haines via John Saponara
o 'Leg Irons' Keep Inmates Home
Randy Schulz
o Re: Logic Bomb case thrown out of court
Amos Shapir
o Missouri Court Decision on Computerized Voting
Charles Youman
o pc hard disk risks -- and a way out?
Martin Minow
o Viruses and Goedel bugs
Matthew P. Wiener
o Info on RISKS (comp.risks)

Risks of Robots (From comp.sys.apple)

hpfcrs!eye!erich@hplabs.HP.COM <Eric Haines>
Wed, 30 Dec 87 09:44:31 mst
Reach for the Sky.

The US Department of Agriculture has encountered an unanticipated difficulty in
its project to develop robot fruit pickers.  To contain costs, the robots were
designed with monochrome scanners.  Unfortunately, to the robots, an orange has
the same size, shape, and brightness as a small cloud.  Current robot pickers
are often hung up literally reaching for the clouds.  The USDA says it's back
to the drawing board - this time using color.

(From "Random Access", 21 November 1987)

    [Was this in Orange Count-y?  By the way, a cotton-picking robot might
still have trouble with white clouds.  Fruit-of-the-zoom?  PGN]


Christmas Exec AGAIN!

Eric Skinner <ERS2F%UOTTAWA.BITNET@CUNYVM.CUNY.EDU>
Wed, 30 Dec 87 11:31:51 EST
An interesting point that has not been mentioned so far is that, at least in
the version that reached BITNET sites in Canada, there was a major bug in the
code of the program.  It parsed the NAMES file in a very inflexible way causing
it to have a success rate of about 5% at coming up with valid forwarding
addresses.

If the programmer had been more careful, we might have been in an even bigger
mess.

So there are fewer risks when a program has bugs? :-)

Eric Skinner, Computing Centre, University of Ottawa


Computer glitch stalls 3 million bank transactions for a day

<Hoffman.es@Xerox.COM>
25 Dec 87 15:54:56 PST (Friday)
The Dec. 24 Los Angeles Times reports that "an unexplained computer glitch
caused a one-day delay in posting an estimated $2 billion in transactions at
First Interstate Bank of California last week."  The data processing problem
affected all checking account transactions last Thursday -- 3 to 4 million,
both deposits and checks, an estimated $2 billion total.

For unexplained reasons, the entire record of Thursday's transactions from the
bank's branches was rejected by the computer when posting was attempted at
10:30 pm Thursday.  DP employees worked on the problem all night and the
following day, and the transactions were finally posted late Friday afternoon.

The problem was corrected in time to avoid any widespread effect on customer
accounts.  A bank executive VP said, "We did not have a disaster.  We had a
systems problem that we are still diagnosing to make sure it doesn't happen
again."


Switch malfunction disrupts phone service

Richard Nichols <ihnp4!chinet!rdn@ucbvax.Berkeley.EDU>
29 Dec 87 12:03:31 CST (Tue)
Copied without permission from the Post Tribune (Gary , IN)

    MALFUNCTION DISRUPTS GARY PHONE SERVICE FOR 18,000 CUSTOMERS

  GARY -- Many people living or working here found it impossible to use the
phone early Thursday [Dec. 10, 1987].  A malfunction during routine testing of
equipment at an Indiana Bell Telephone Co. switching office at 725 Madison St.
was blamed by telephone company officials for disrupted service for abount
18,000 customers with 881, 882, 883, 885 and 886 prefixes.  Gary police and
fire department representatives said the city's 911 line was working, so
emergency vehicles were able to respond to calls.  Non-emergency business
lines were out of service, they said.

The equipment failure occured at 5:45 a.m. with some phone customers regaining
partial service by 7 a.m., said Estel Gibson, media relations manager for
Indiana Bell in Indianapolis.  Service was restored by afternoon, he said.
Gibson said that during the testing, equipment was switched to battery power.
The battery power was low and there was no warning, so when equipment was
switched back to commercial power, the computer memory system was knocked out,
requiring reprogramming of the computer, he added.

Besides five Gary phone prefixes, the system malfunction also affected access
to long distance lines in north Lake County, said Gibson.  Local calls were
not affected outside Gary, he added.  Gibson said the malfunction in switching
equipment affected 18,400 lines in Gary.  "Our first priority was to restore
service," said Gibson.  The second priority was to check the backup system to
make sure it is working properly, he added.

At Methodist Hospital Northlake Campus in Gary, the nursing coordinator had to
use a two-way radio for communications inside the building, a hospital
representative said.  At St. Mary Medical Center in Gary, calls were routed
through the switchboard at the Gary hospital, a hospital representative said.


40,000 telephones on "hold"

Bob Cunningham <bob@loihi.hig.hawaii.edu>
Tue, 29 Dec 87 10:08:59-1000
Almost 40,000 Honolulu telephones were in and out of service yesterday
(the first working day after Christmas), including the police/fire
emergency number 911, and non-emergency Fire and Police numbers, due to
a possibly faulty computerized switch, and an unusually heavy volume of
calls.

The 40,000 customers were in 8 Honolulu exchanges, covering a large
section of the downtown area.  Unlike the 5,000 or so phones that were
down during last the heavy rainstorm last week, this problem was not
weather-related.

John Harper, Hawaiian Telephone's Director of Public Affairs explained
that when the volume of calls rises to a high level, rather than falter
completely the switching equipment goes into a "half load" status,
handling only some incoming calls and often not delivering a dial tone
to customers within the affected exchanges.  The unusal aspect of
yesterday's problem was that the volume of calls was nowhere near its
rated load capacity.  However, the switch was also busy doing extensive
automatic self-diagnostics in order to locate an internal malfunction
that it had detected within itself.

Hideto Kono, the chairman of the state Public Utilities
Commission---whose phone was one of those affected---was very upset,
saying that the recent outages caused by flooded cables were
"understandable and excusable," but yesterday's problems were not.
"Equipment is available that works well almost all the time, and we're
going to be asking Hawaiian Telephone why its present equipment can't
operate that way."

Bob Cunningham, Hawaii Institute of Geophysics, University of Hawaii


Unions denied access to commercial database services

John Saponara <saponara@tcgould.TN.CORNELL.EDU>
Thu, 31 Dec 87 10:41:15 EST
Eric Haines 

>From: mt@MEDIA-LAB.MEDIA.MIT.EDU (Michael Travers)
Subject: Unions denied access to commercial database services

I came across this in InfoWorld (Nov 23, 1987).  It has some scary
implications about the desire and ability of corporations to control access
to information.  This points up the need for alternative power structure
databases such as those that were discussed on prog-d a few months ago.

 -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  - 

Restricted Access Riles Dialog Users
by Jeff Angus and Alice LaPlante

Subscribers to on-line databases may increasingly see the words
"unauthorized file" when they try to use certain services, if a recent
trend continues unchecked.

Last week, Dialog Information Services, a carrier of Dun & Bradstreet
financial databases--including the now-restricted Dun's Financial
Records--told labor union librarians that they would no longer be able
to access certain files.

"If it's allowed to go on, this could set a precedent for a wide range
of discrimination in online services, which are essentially public
utilities," said Randy Barber, a financial consultant with the Center
for Economic Organizing, in Washington.

This time the discrimination is aimed specifically at labor unions and
possibly the IRS, according to Barber.  But if online services such as
Dialog can cut off certain subscribers simply because of fears about how the
data will be used, the next step could be routinely forbidding customers to
access certain files at the slightest hint of an adversarial motive,
according to Barber.

"It could get to the point where you'd have to have a demonstrably
benign reason to access certain data," said Barber.  "This precedent
could have severe repercussions on the free market for ideas."

According to the AFL-CIO's librarian, Ruby Tyson, when she first got the
"unauthorized file" message while trying to access the Dun database, she was
referred by Dialog to the New Jersey office of Dun & Bradstreet On-line
Services, where a spokesman told her a list of 240 "entities" had been
compiled and sent to Dialog with the instructions to deny access to any
person or organization on that list.

"We were told it wasn't just unions but other groups, including the
IRS," Tyson said, adding that Dun & Bradstreet hinted the ban might be
extended to other databases as well.

Both Dialog Information Services and Dun & Bradstreet refused to comment,
but Marvin Hrubes, an attorney representing the United Food and Commercial
Workers International Union (UFCW), sent a letter to both organizations
charging that Dun & Bradstreet's actions constitute tortuous interference
with the UFCW's contract with Dialog and are violations of the National
Labor Relations Act and the civil rights laws of both California and the
District of Columbia.

Tyson as well as Ellen Newton, librarina of the United Food & Commercial
Workers International, say Dun's on-line information can be gathered through
hard copies of the data.  But this defeats the purpose of subscribing to an
on-line service since researching and tabulating data manually using hard
copy is complex and time-consuming, they said.

Tyson and Newton find the Dun move and Dialog's assent to it not only an
inconvenience, because the service is so productive, but also an offense to
their librarians' sense of the appropriate access to information, they added.

"We think it's a serious matter and something that causes concern for
libraries in their role of providing access to the broadest possible
diversity of ideas," said Patrice McDermott, the assistant director of the
Office for Intellectual Freedom of the American Library Association.

Newton added that he has seen the information spreading.  "Dun & Bradstreet
has also knocked us off of Data Times," he said.  "We just got a message
saying that Dun's database service is unavailable under our agreement, which
can't be true because we haven't signed any new agreement since Data Times
added the Dun Service."

Newton spoke to a Data Times spokesoman who said that Dun & Bradstreet had
also sent his company a list of names of entities to be denied access.


'Leg Irons' Keep Inmates Home

Randy Schulz <bilbo.randy@SEAS.UCLA.EDU>
Sun, 27 Dec 87 14:05:34 PST
The following article, whose headline is the Subject: line of this message,
is from the "Fourth District Report" (a newsletter sent to all constituents)
issued by Los Angeles County Supervisor Deane Dana's office, dated Winter
1987-88.  Carefully quoted verbatim (mistakes and all) and in its entirety
w/o permission.  No copyright notice appears on the newsletter:

  A modern-day version of "leg irons" is now being used to monitor the
  location of selected Los Angeles County inmates who as a term of their
  sentences are generally restricted to their homes.

  It is part of a pilot program that extends through September, 1988, using
  Comptom area probationers selected by the courts.  The electronic devices
  are attached to the probationers' legs.  Their movements are monitored by
  Trax Monitoring, Inc., which provided the devices.

  When we are faced with a jail overcrowding problem of tremendous
  proportions, elecronic surveillance of those probationers deemed suitable
  for the program offers at least a partial answer."

  At present, county jails have some 20,000 prisioners detained in
  facilities designed for 12,000 inmaates.

Paragraph three is apparently a quote, probably from supervisor Dana, though
it is missing an open quote mark and an attribution, as you can see.

Although no real information on how the system manufactured by Trax Monitoring,
Inc. operates, it is probably reasonable to assume that computers are a part of
it.  That there may be risks to the public in its use seems a fair bet.

While it's clear that this system is being used experimentally only on
low-risk "inmates", there is presumably an interest in expanding its
use as a "cost-effective" alternative to prison/jail construction.

In the same newsletter there is an article entitled "DRUGS.  Experts
map 32-point plan".  Here are some excerpts from that article:

  Education, automation and methods to improve interagency communcation are the
  focal points of a 32-point list of recommendations by the Los Angesles County
  Task Force on Drug Abuse to stregthen the public's war on drugs.

  ...Other recommendations include:

  Increased automation on probation conditions; establishing a centralized
  repository of data on drug arrests, seizures and trends to be available
  countywide; standardized certification for drug diversion programs for
  length, content, defendant participation and random drug testing; and,
  regular meetings among representatives of drug enforcement, abuse services
  and prevention-education agencies to discuss and resolve problems.

[ Please pardon the poor grammar of the staff of my County's elected
  officials... ]

Randall Schulz, Locus Computing Corporation, 213/452-2435   
          {trwspp,ucivax}!ucla-va!ucla-cs!lcc!randy
      {ihnp4,randvax,sdcrdcf,ucbvax,trwspp}!ucla-cs!lcc!randy


Re: Logic Bomb case thrown out of court (RISKS DIGEST 5.80)

Amos Shapir <nsc!taux01!taux01.UUCP!amos@Sun.COM>
25 Dec 87 14:20:53 GMT
In article <12360370542.28.NEUMANN@KL.SRI.COM> Geoff Lane writes:
>There used to be a problem in British law (and it may still exist) in that
>evidence could only be given by humans.  Information generated by a computer
>without the explicit involvement of a human could not be used in court.

They do have a case here - anyone who has supervisor permissions on almost any
computer system (and these might be obtained illegally) may generate any
information, including hiding the traces of what s/he had done. After all, it's
all just bits! So almost nothing can be proven without a reasonable doubt.

The problem is, this also applies to digital recording - both audio and
video. A person with the right (wrong?) equipment can generate a video clip
showing anyone committing any crime!

    Amos Shapir         (My other cpu is a NS32532)
National Semiconductor (Israel)
6 Maskit st. P.O.B. 3007, Herzlia 46104, Israel  Tel. +972 52 522261
amos%taux01@nsc.com (used to be amos%nsta@nsc.com) 34 48 E / 32 10 N


Missouri Court Decision on Computerized Voting

Charles Youman (youman@mitre.arpa) <m14817@mitre.arpa>
Tue, 29 Dec 87 09:17:53 EST
While I was in St. Louis visiting my inlaws over the holidays, I read an
article in the local paper about a court decision that found the computerized
voting process used in Missouri was discriminatory.  The loser of a close
election had filed the suit in question.  I didn't save the article and I don't
think the article explained what was discriminatory about the voting procedure.
The article did say that similar procedures were used in other states.

Charles Youman (youman@mitre.arpa)


<minow%thundr.DEC@decwrl.dec.com>
      (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922)
Date: 25 Dec 87 12:15
To: risks@kl.sri.com
Subject: pc hard disk risks

The discussion about virus programs reminds me that one thing I wish my PC's
hard disk had was a "write-enable" switch, so I could test new programs with
less worry about system corruption.  (Also, the disk manufacturers and/or pc
vendors don't seem to distribute anything resembling test software).

Martin Minow  minow%thundr.dec@decwrl.dec.com


Viruses and Goedel bugs

<weemba%garnet.Berkeley.EDU@violet.berkeley.edu>
Sat, 26 Dec 87 02:43:06 pst
Last spring or summer the journal _Computer Security_ (?) carried a paper about
the author's (company approved) experimentation with viruses. Alas, his
research was closed down by his company, who got extremely nervous.  Sorry I
can't be more definitive; I'm surprised no one has mentioned this paper before.

The self-referential photocopier duplexor error that prevented the user from
finding out what a duplexor was forms the key point of the plot of the fabulous
science fiction story "Ms Fnd in a Lbry" by Hal Draper.  (It's in Groff
Conklin's _17 x Infinity_, beyond that I don't know.)  (TOTAL SPOILER
FOLLOWS...)  Information is compactified into "nudged quanta", so the total
primary knowledge of the galaxy fits in a single drawer.  However, the
secondary and higher order knowledge to >find< the primary knowledge grew
exponentially.  At some point, a certain nth-order quanta got stuck; checking
for repair information got routed through that very quanta; emergency checking
for the location of that original drawer of primary knowledge ....  And so
civilization collapsed instanter.

(Also, the bug reminds me of the true Cray story I submitted anonymously
long ago, where an array bounds overflow corrupted the Fortran formats
that attempted to trace the array.)
                                                  -Matthew
ucbvax!garnet!weemba    Matthew P Wiener/Brahms Gang/Berkeley CA 94720

Please report problems with the web pages to the maintainer