The RISKS Digest
Volume 6 Issue 23

Tuesday, 9th February 1988

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Don't believe everything you read in the papers.
David Purdue
o Anti-virus software
Chuck Weinstock
o Virus paranoia
Jeffrey Mogul
o All Viruses Considered
Martin Minow
o OTA Report: The Electronic Supervisor
Jan Wolitzky
o Hub auto-theft lessons; $$$ risks of Lojack
o Re: voting
Mike Tanner
o Info on RISKS (comp.risks)

Don't believe everything you read in the papers.

David Purdue <munnari!!davidp@uunet.UU.NET>
Tue, 9 Feb 88 11:41:46 est
The Canberra Times, Wed, Feb 3, 1988, page 3.


For some considerable time, The Canberra Times has been publishing the wrong
tide times for Narooma.  The error has been in arithmetical calculation in
this office of the difference between tide times at Fort Denison as published
in standard tide tables and times at Narooma.  The error, the source of which
is lost in antiquity, was discovered last week when the editor, relying on
The Canberra Times figures, was swept out to sea.  But he managed to return
to shore - and ordered this correction.

Mr. David Purdue           Phone ISD: +61 62 68 8165    Fax: +61 62 470702
Dept. Computer Science         Telex: ADFADM AA62030
University College      ACSNET/CSNET: davidp@csadfa.oz
Aust. Defence Force Academy     ARPA:
Canberra. ACT. 2600.           JANET: davidp@oz.csadfa
AUSTRALIA             Other Gateways: see CACM 29(10) Oct. 1986
    UUCP: {uunet,hplabs,ubc-vision,nttlab,mcvax,ukc}!munnari!csadfa.oz!davidp

                 [There is no such thing as a shore thing, but 
                 that will tide him over until next time.  PGN]

Anti-virus software

Chuck Weinstock <weinstoc@SEI.CMU.EDU>
Tue, 09 Feb 88 15:41:28 EST
There was an ad for anti-virus software for IBM PC's in this past Sunday's
New York Times business section.  Although I didn't call the number in the
ad, my first thought was "what a marvelous way to spread yet another virus."
(Sort of like the cyanide tampered Tylenol, though maybe not as deadly.)

Virus paranoia [Re: RISKS 6.22/"Macintosh Virus Hits CompuServe"]

Jeffrey Mogul <>
9 Feb 1988 1629-PST (Tuesday)
I realize that viruses are becoming a serious problem, but all this virus
paranoia could make the world safe for a kind of "meta-virus."  In RISKS
6.22 we read a recommendation:

    While it is possible to, apparently, "cut" this Resource from infected
    Systems with the Resource Editor THE ONLY SURE COURSE OF ACTION IS TO

Imagine what would happen if someone sent out this message:

    WARNING! A serious virus is on the loose.  It was hidden in the
    program called 1987TAXFORM that was on this bboard last year.
    This virus does several nasty things:

    (1) Copies itself into several important system programs
        so that it will propagate to other disks
    (2) Copies itself into your own data files so that it can
        infect system programs on other systems
    (3) Keeps track of the files you encrypt and mails copies
        of the cleartext to a bboard in Iowa and a computer
        at the NSA
    (4) Randomly garbles files so that you don't necessarily
        know they are damaged

    By now, it is possible that your system is infected even if you
    didn't download this program, since you could easily have been
    infected indirectly.

    The only safe way to protect yourself against this virus is to
    print all your files onto paper, erase all the disks on your system
    with a demagnetizer, buy fresh software disks from the manufacturer,
    and type in all your data again.  But FIRST! send this message to
    everyone you know, so that they will also follow these steps to
    protect themselves.

The beauty of this "meta-virus" is that it took me about two minutes
to make it really scary and I didn't even have to write any code.

Moral: don't join witch-hunts until you trust the witch-hunter more than you
distrust the alleged witch.
                                            -Jeff Mogul

      (Martin Minow THUNDR::MINOW ML3-5/U26 223-9922)
Date: 8 Feb 88 20:54
Subject: Virus on All Things Considered

There was a report on the computer virus scare on Sunday's (Feb 7, 88)
All Things Considered (public radio news program).  I took the following
notes: don't expect them to be accurate.

Professor Fred Cohen was interviewed.  He claims that the virus will
spread in 1/2 hour through a computer timesharing system and that it
"is a mathematical fact" that you cannot protect against the virus
if you allow sharing, transmission, and general access.

Eric Hanson (Hansen?), a programmer from Minneapolis, blames the problem on
people who lack significance in their lives and gain self-esteem by
manufacturing viruses: a revenge of the nerds.  He [somehow] draws a
parallel with Aids.  (Eric sells a program to test for viruses.  He claims
the government is interested.)

OTA Report: The Electronic Supervisor

Tue, 9 Feb 88 15:45 EST
The U.S. Congress, Office of Technology Assessment recently released a
report on computer-based monitoring in the workplace entitled, "The
Electronic Supervisor: New Technology, New Tensions," OTA-CIT-333
(Washington, DC: U.S. Government Printing Office, September, 1987).

The following is from the Foreword:

    "The Electronic Supervisor: New Technology, New Tensions"
    deals with the use of computer-based technologies to measure
    how fast or how accurately employees work.  New computer-based
    office systems are giving employers new ways to supervise job
    performance and control employees' use of telephones, but such
    systems are also controversial because they generate such
    detailed information about the employees they monitor. 
    This assessment explores a broad range of questions related to
    the use of new technology in the workplace and its effects on
    privacy, civil liberties, and quality of working life.

The assessment reports six findings:

    1.  Computer technology makes possible the continuous
        collection and analysis of management information
        about work performance and equipment use.  This
        information is useful to managers in managing
        resources, planning workloads, and reducing costs.
        When it is applied to individual employees, however,
        the intensity and continuousness of computer-based
        monitoring raises questions about privacy, fairness,
        and quality of work life.

    2.  Computer-based systems offer opportunities for
        organizing work in new ways, as well as means of
        monitoring it more intensively.  Electronic monitoring
        is most likely to raise opposition among workers when
        it is imposed without worker participation, when
        standards are perceived as unfair, or when performance
        records are used punitively.  Worker involvement in
        design and implementation of monitoring programs can
        result in greater acceptance by workers, but despite
        activities of labor unions in some industries and
        recent progress in labor-management cooperation in
        others, most firms do not have mechanisms to do this.

    3.  There is reason to believe that electronically
        monitoring the quantity or speed of work contributes
        to stress and stress-related illness, although there
        is still little research separating the effects of
        monitoring from job design, equipment design,
        lighting, machine pacing, and other potentially
        stressful aspects of computer-based office work.

    4.  Monitoring the content of messages raises a different
        set of issues.  Some employers say that service
        observation (listening to or recording the content of
        employees' telephone conversations with customers)
        helps assure quality and correctness of information
        and by protecting all parties in case of dispute.
        However, service observation also impacts the privacy
        of the customer, and workers and labor organizations
        have argued that it contributes to the stress of the
        employee, and creates an atmosphere of distrust.
        Monitoring the content of electronic mail messages or
        personal computer (PC) diskettes also raises privacy

    5.  Telephone call accounting (computer-generated records
        of the time, duration, destination, and cost of calls)
        gives employers a powerful tool for managing the costs
        of telephone systems.  However, it raises privacy
        questions when accounting records are used to track
        calling habits of individuals.  Other cost control
        technologies can be used to limit nonbusiness uses of
        telephones, either instead of or in addition to call
        accounting.  Establishing a policy for use of these
        technologies will be especially important for the
        Government as it builds a new Federal Telephone

    6.  Electronic monitoring is only one of a range of
        technologies used in today's workplace to gather
        information about the work process or to predict work
        quality based on personal characteristics of the
        workers.  Many applications of technology, including
        polygraph testing, drug testing, genetic screening,
        and, possibly, brain wave testing, illustrate the
        tension between employers' rights to manage their
        enterprise, reduce costs, and reduce liability, and
        the employees' rights to preserve individual privacy
        and autonomy.  Recent concerns of employers, labor
        unions, civil liberties groups, the courts, and
        individual workers suggest that a range of workplace
        privacy issues are in need of resolution.

A discussion of this report and this topic in general might be
appropriate for this newsgroup.

Jan Wolitzky, AT&T Bell Labs, Murray Hill, NJ; 201 582-2998; mhuxd!wolit
(Affiliation given for identification purposes only)

Hub auto-theft lessons; $$$ risks of Lojack

Tue, 09 Feb 88 18:36:13 -0500
Just thought folks might be interested in a more real, tangible = $$$ risks of
a system such as lojack. In actuality, depending upon how our insurance policy
is written, you may not want the authorities to find your vehicle very soon
after it's stolen.

One reason is that some policies have a clause that requires the car to be
missing for a certain period of time (days) before it can be covered under
"theft" insurance. [Think of how many people would be reporting stolen cars
without such limits.] Another more compelling reason is that depending upon
the type of thief, unless they do all the damage to your car very quickly
(within 15 mins !!), finding your car soon frequently means the consumer will
pay for most any damage, and not the insurance company.  (This of course
depends upon your level of deductible, and how much damage must be done before
your car is "totalled".)  The insurance companies like lojack for these
perhaps not so obvious reasons.

In Massachussetts (where I live), car theft is a simple misdemeanor.  If
someone take your car for the thrill of joyridding (as oppossed to a pro who
might strip it for parts), it's probable that some but not utterly devastating
damage could be done. Such cosmetic damage can be far more costly settlement
wise, then having your car totalled.

Anyway, apart from the skewed economics, I believe the transmitters are not
terribly difficult to find on some automobiles, especially if your car is
going directly to a junk yard to be stripped. Where the transmitter get's
located is often a function of the intelligence of the mechanic who is
installing it - there is obviously no one standard place to put it on each
make of car! Imagine some archetypical mechanic ("Gee boss, never hid a
transmitter on a Ferrari before...can I try ?")

Note the Lojack system is not an anti-theft device, in that it doesen't
physically do anything to make the car harder to steal; it can however save
the insurance companies money). I would still rather have my "Z-lok" (or
"Chapman" lock).

Of course, anyone who really wants your car will examine it very carefully
before attempting to steal it.  Even a careful flashlight examination cannot
distinguish the exact mechanism attached to the key/collar fitting beneath
most dashes.  Unless of course you take the risk of placing a label on your
car saying you have an alarm system; a label displaying "what kind" of alarm
system is the worst thing you can do.  "This car equipped with `brand X'
electronic protection" provides the truly professional thief with some very
specific information. The best compromise is to find a generic "protected by
alarm system" label, if you feel your car must have one at all.

In summary, "Lojack" may only prove beneficial to the consumer's wallet in the
instance of a highly professional theft, where your car risks being dismantled
within the hour. In this case it really is a race against time, since they
will probably find the transmitter (and be looking for it if you have that

However, if you own THAT KIND of ($$,$$$) car, such caliber of thieves are
usually quite persistent, once they know who you are (or rather where you
live). One of my bosses had his brand new, fully alarmed, 1986 Toyota Celica
removed from his driveway in Beacon Hill by a wench equipped truck in the wee
hours of the morning. He made it out the door only to hear the periodic beep
of his pendulum alarm muffled from inside a large van as it went down the
street. One week later he still got the bill for the excise tax. Lojack might
of helped here. Very clean, very fast - no broken glass - picking up the car
set off the pendulum.  The Boston police could not offer him much consolation
except, "Yup, they wanted your car real bad." Last statistics I saw still rate
Mass.  as the auto-theft capital, with the most stolen cars as (1) Toyota
Celica [GT/turbos] (2) Saab 900 series (3) Porsche's.

Re: voting

Mike Tanner <>
8 Feb 88 16:41:02 GMT
The Missouri voting issue brought this up in my mind, but I don't know how
relevant it is to the discussion.

I worked for several years in local politics here in Ohio, primarily doing
polling analysis and election analysis.  In Ohio people normally vote by
pulling levers in a mechanical voting booth then indicate that they are
finished by throwing a huge, red-handled lever which causes the machine to
mechanically tally their votes.  (I don't suppose this is unusual.  You can
also use a paper, punch-type, ballot by getting an "absentee" ballot and
swearing that you will be unable to vote at a normal polling place on election
day.)  The numbers in the machine are copied down by the election workers at
the end of the day, all the numbers from the various precincts in a county are
taken to the county board of elections, where they are typically entered into
a computer which totals them.  There are a number of sources of error, of
course.  But I don't know what the estimated error rate is.  If the race is
closer than 2% or so of the total vote, the candidates are entitled to a free
recount, otherwise they can pay for one, so that might be taken as an error
rate (but that assumes the 2% figure was arrived at rationally).  A recount
consists in manually retracing all the steps of tallying the votes (except
actually revoting), arguing endlessly over discrepancies, and ultimatelly
throwing out results from questionable precincts.

The relevant phenomenon (to the Missouri issue) is that the total number of
votes cast in a given race is strongly correlated with the position of that
race on the ballot in the machine.  (I'm sure this also happens in places
where paper ballots are used.)  Races listed toward the left get more votes
than those toward the right.  This is very predictable and nearly independent
of the visibility factor, i.e., the factor that accounts for the fact that
more people will vote in a Presidential race than in the race for Judge of the
Court of Domestic Relations.  Pick any two races and the one listed to the
left will get more votes.  E.g., County Recorder gets more votes than County
Coroner and Recorder appears just to the left of Coroner.  Not more than one
person in a thousand has the slightest idea what either official does, who the
canditates are, or what the qualifications are for the office.  This hold
across all 88 counties, election after election.

The candidates within each race are in random order across all the machines.
E.g., for each race, 50% of the machines will have the Republican candidate on
the left and the Democrat on the right, 50% will have them reversed.  Many
Ohio pols would like to see a return to straight ballot days, when a person
could simply vote democrat (or republian) by making one mark and vote for all
democrats (or republicans) on the ballot.

Where's the interest for RISKS readers?  I don't know if they're RISKS
exactly but:

    - It indicates that most people don't vote on everything.  So
      not counting a vote because not all the levers are pulled
      (or holes punched) probably undercounts a lot of otherwise
      correct ballots.
    - I have an image of the average voter pulling levers from
      left to right until he finds himself voting on things he
      doesn't recognize, begins to lose energy, and finally stops
      pulling levers and quits.  Maybe we make it too easy to
      vote.  Many of those tail-end votes a likely to be spurious.
      But should we scramble the order of races as well as
      candidates within races?  What difference would that make?
    - Is scrambling the candidate order really a good idea?  What
      if a lot of democrat-first ballots in a close race found
      their way (accidentally or on purpose) to a precinct with a
      large population of independent voters?  Or wherever they
      could make a difference.  (I wonder if this has ever
      happened, or even been looked for during recounts.)
    - How much affect does the randomizing algorithm have on the
      outcomes of elections?  Even with a good algorithm it's
      possible in any particular election to get lots more
      republican-first ballots than democrat-first (or vice
      versa).  Do they keep re-doing it until they get a 50-50
      split?  If not, would it be grounds for challenging the
      election, forcing a special election?
    - The randomizing, assigning of ballots to machines, machines
      to precincts, and the final totalling of votes are all done
      by various computers.  Some of it is done by the Secretary
      of State, some in the county Boards of Elections.  But there
      are many steps done manually, figures copied by hand,
      ballots hand-carried to voting machines, etc.  But the fact
      that computers are involved tends to obscure the human
      factor and the possibilities of human error (or mischief)
      for causing problems.

-- mike tanner

Dept. of Computer and Info. Science
Ohio State University                          ...cbosgd!osu-cis!tut!tanner
2036 Neil Ave Mall, Columbus, OH 43210

Please report problems with the web pages to the maintainer