The RISKS Digest
Volume 6 Issue 33

Monday, 29th February 1988

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Risks of Believing in Technology
Matt Bishop
o Slippery slopes and the legitimatization of illegitimacy
David Thomasson
o Post Office Loses Its Zip Maker
Charles Youman
o File matching
Brint Cooper
o More double troubles
Peter Capek
o Government accountability rules used to justify inspection of all files
Marc Gibian
o Counterfeit products
Gordan Palameta
o Re: viruses
Marcus J. Ranum
o "The Adolescence of P-1"
Jonathan I. Kamens
o Computerized voting & punch cards
Will Martin
o Info on RISKS (comp.risks)

Risks of Believing in Technology (Re: RISKS-6.32)

Matt Bishop <>
Mon, 29 Feb 88 08:26:02 EST
   This is in regard to your article "Back-Seat Driving Goes High Tech".
There's one other risk of that computerized loud-mouth back-seat driver.
Driving with an ill-tempered co-driver makes otherwise calm people very
nervous, thereby decreasing their ability to monitor other traffic safely,
scan the road, take foul weather (e.g., ice on the road, heavy rain) into 
account, and in general do all the things that they do as well as when calm.
So these people will either have trouble ignoring the device or will become
so flustered that they will come to depend on the device to an unhealthy
extent. In either case, the risk of them getting into an accident jumps
with the installation of a device that is supposed to prevent accidents!

   A personal peeve here.  I have no objection — indeed, I welcome — the
use of technology to improve our abilities — the hand-held calculator is a
wonderful thing! But when the technology allows people to depend on that
technology to such an extent basic skills start to disappear, there is
something wrong with the use of that technology.  Anyone who's seen a
teenager struggle to multiply 314 and 512 by hand, then give up and reach
for a calculator, knows just what I mean.

Slippery slopes and the legitimatization of illegitimacy

Sat, 27 Feb 88 13:49:11 EST
   As a philosopher who is not a computer expert, I've noticed a kind of
argument in the Risks Forum that is worth commenting on. It is usually called
a slippery-slope argument. Two recent examples: A writer cautioned that the
electronic homing devices for locating stolen cars could be misused by police
to monitor the car-owner's whereabouts. Another writer warned that if the
electronic back-seat driver called "Lookout" (it shouts at the driver when
obstructions are ahead) is widely used, drunks and other impaired drivers
"will be taking to the road with alacrity."

   The slippery-slope principle is the same in any application: If we allow a
particular device (power, authority, privilege, etc.) to be used for some
legitimate end, we open the way for its being used toward illegitimate ends.

   What makes this an uninteresting kind of argument is that it applies to
*any* device, power, authority, etc. The arrest powers of police are subject
to abuse; lawyer-client privilege is subject to abuse; and so on.

   It might help if writers who employ this argument distinguished possibility
from risk. It is *possible* that a computer mishap will result in a $1000
phone bill next month. But should I regard this as a *risk* of having a phone?
I don't think so. There at least two factors that help distinguish
possibilities from risks. One is the probability that the event in question
will occur. The other is what is available to prevent or deter the event or
behavior in question. The two are obviously related. And the line between
possibility and risk is obviously blurred.

   Perhaps if writers considered these factors they might conclude either that
what appeared to be a risk really isn't one, or that the risk is smaller (or
greater) than it appeared to be. Arguments in Risks would be generally more
persuasive if writers would, when pointing out a risk, assess the *degree* of
the risk as they see it. Sometimes the alarm is sounded a bit too loudly.

    [As has been noted frequently in RISKS, (1) probabilities are irrelevant
    when it is YOUR life that is lost; (2) technology does not always work
    the way it was supposed to.  That is not a philosophical point, but a 
    reality.  If a computer mishap results in your getting a $1000 phone
    bill, the phone company will eventually recant.  But incapable drivers
    are linked with many irreversible events.  BIG DIFFERENCE.  PGN]

Post Office Loses Its Zip Maker

Charles Youman ( <>
Fri, 26 Feb 88 13:25:27 EST
For an upcoming conference I've been trying to work out the details with
the Post Office so that we can include a business reply envelope with our
preliminary program.  The Post Office normally provides the camera ready
artwork for the facing identification mark (the bars that appear at the
top of the envelope) and the Zip + 4 barcodes that appear at the bottom.
This process normally only takes a couple of days so after a couple of
weeks had gone by without receiving them, I called the Post Office to check
their status.  The explanation I received was that a piece of equipment
was down and was not expected to be back in service until March 7th.  
While it was not specifically identified as a computer that had failed,
it was mentioned in passing that (1) the outage was nationwide and (2)
it prevented the assignment of Zip + 4 addresses.  Business reply mail has
a different Zip + 4 address than other mail to the same location.  What
surprises me is that there appears to be a single point of failure in 
what is otherwise a very decentralized organization.  It may have saved
the Post Office a couple of bucks when they bought the equipment, but
it's costing them more now since it takes more labor to process mail
that doesn't have the barcodes.

Charles Youman (

File matching (Barry Nelson) [RISKS-6.32]

Brint Cooper <abc@BRL.ARPA>
Sat, 27 Feb 88 22:40:34 EST
    Folks, I'm afraid that the battle over use of SSN for other than
taxpaying functions is lost.  The practice is simply too pervasive in our
society (the ultimate distributed system!) ever to be discontinued.

    So, let's concentrate on specifics.  Here, we have an application
where technology is being used to enforce the law requiring people who have
borrowed money from the taxpayers to pay it back.  I have heard people brag
that they'll recommend that their kids take out Federally-financed loans to
pay for their educations and not bother to pay back the loans.  I, for one,
would LOVE to see such people caught by their own Social Security Numbers.

    As always, we have to consider the risks of NOT using computers;
here, such risk is that we would allow our system to become bankrupt
rather than catch those who have cheated all of us.

More double troubles

<Peter G. Neumann <> [Really from CAPEK@IBM.COM]>
Mon 29 Feb 88 11:00:12-PST
Peter Capek me by SnailMail copies of two clippings out of his files, each
relating to two people with the same Social Security Number.

  Ann Marie O'Connor, 21, Queens NY and Anne Marie O'Connor, 22, of 
  Larchmont NY, both with the same SSN.  Both are 5' 5", with brown hair and
  brown eyes, birthdays in September, and a father and a brother named
  Daniel.  It took the government 9 months to straighten out a request
  for a name change when the first AMO'C got married, during which time 
  she was being dunned for back taxes based on their COMBINED incomes.
  [From page 12 of an unspecified issue of MONEY]   [That's running AMO'C!] 

  James Edward Taylor, (Manhattan) NY, NY, Health Department inspector, 
  and James Edward Taylor, (Brooklyn) NY, NY, Postal Service employee,
  share the same names, birthdates (23 July 1919), and states of birth
  (Virginia).  They also share the same SSN.  The error was detected
  in 1965, but still had not been corrected eight years later, by which
  time all sorts of interference problems had arisen.  [NY Times, 18
  March 1973]

Government accountability rules used to justify inspection of all files

Marc Gibian <harvard!apollo!>
25 Feb 88 18:49 GMT
Raytheon Company subjects all its multi-user machines to a policy of random
verification of file contents.  Their justification is that government policy
requires that they insure that file space is used only for chargeable work and
that violation of this policy constitutes fraud.  Raytheon takes this policy
that extra step and interprete it as meaning that they -MUST- actively inspect
the contents of their file systems to insure that only proper files are stored
there.  This inspection is done with no regard to the security attributes
assigned to files.  They also state that they can demand that encrypted files
be decrypted for inspection.

Files explicitly classified illicit are:

Resumes     (Of course, at least once a year your are asked to supply your
             management a resume so they can show the customers the staff's

Phone lists (I guess the paper you write these down on are not subject to the
             same rules)

Personal correspondence (Do email letters count?)

Counterfeit products

Thu, 25 Feb 88 19:46:04 EST
The Sat 20 Feb 1988 issue of the Toronto Globe and Mail has an interesting
article on counterfeit products.  The gist of the story is that when you
mention counterfeit products, most people think of fake Lee jeans or Rolex
watches; however, many other less well known items are involved as well,
with important safety implications.  The article is by Carey French — here
are a few excerpts (reprinted without permission):

  "Engineers working on a vast new U.S. Postal Service complex in
  earthquake-prone Los Angeles were aghast when they discovered that as many
  as one third of the 140,000 metal fasteners used to hold the steel-framed
  structure together were phony."

  "In Augusta, Ga. a woman gave birth after her contraceptive pills,
  labeled Ovulin 21, a product of U.S.-based G. D. Searle and Co., turned
  out to be fakes made in Panama."

  "On the computer files of the National Transportation Safety Board in
  Washington, the words "bogus part" feature in at least 15 aircraft
  accidents between 1975 and 1986."

  "Bolts that do not meet the specifications promised by their markings have
  been implicated in the deaths of a window washer who fell from a high-rise
  platform in Houston and of an artilleryman serving with NATO forces."

The article states that the "dent left by counterfeiting in world trade
was estimated at $60-billion in 1984 and ... appears to be increasing."
A retired veteran of the City of London Police is quoted as saying, "I
don't think we are aware of the enormity of all this" and "It's highly
sophisticated and there's evidence that organized crime is involved."

Gordan Palameta      mnetor!lsuc!maccs!gordan

Re: viruses (RISKS-6.31)

Marcus J. Ranum <osiris!mjr@PRC.Unisys.COM>
Sat, 27 Feb 88 12:51:35 EST
    I can see a wonderful business niche for unscrupulous hackers: computer
assassination. How much would DBMS Inc. 'A' pay to know that I would insert a
lethal virus in the development code of DBMS Inc. 'B' that would cause erratic
behaviour and delay the release of the competition's product by a few months ?

    Maybe that's what's happening to OS/2   :-)

"The Adolescence of P-1"

Fri, 26 Feb 88 02:30:53 EST
In RISKS-6.31, Kian-Tat Lim ( mentions the
book, "The Adolescence of P-1" as an example of an intelligent,
information-hunting virus.

The book is by Thomas J. Ryan, and it was published by Collier Books,
ISBN 0-02-024880-6.

The back cover reads:

  This is the story of an American youth.  And we don't mean Huck Finn.

  P-1 is the brainiest computer program ever hatched.  And the first with real
  built-in human feelings.  As a happy infant, P-1 makes some people very rich.
  Later, like adolescents everywhere, our sensitive hero becomes the victim of
  an uncomprehending adult world.  With its first identity crisis, P-1 escapes
  its home computer, infiltrates the far-flung world-s electronic network, and
  hides out while it grows up.  But soon it finds itself at war with the entire
  U.S. military establishment and, in a bizarre family drama, is forced to seek
  help from its brilliant, spaced-out human father and his sexy wife.

  The final "readout" is astonishing, catastrophic, and chilling in the most
  original science thriller of the year — the revolt of the machine brought to
  its ultimate conclusion.

I enjoyed the book quite a bit, although it is necessary to suspend
disbelief a bit, mostly because the only mainframes discussed are
those made by IBM and Control Data [ugh!].

 -=> Jonathan I. Kamens      MIT '91           

Computerized voting & punch cards

Will Martin — AMXAL-RI <wmartin@ALMSA-1.ARPA>
Mon, 29 Feb 88 9:28:40 CST
Since there seems to be interest amongst RISKS readers about the recent
court rulings on punch-card voting here in St. Louis, I append below an
article from the St. Louis Post-Dispatch of Saturday, 27 Feb 88:

  (by Mark Schlinkmann, Regional Political Correspondent)

  Election officials in St. Louis say a federal court ruling Friday will allow
  business as usual — computer tabulation of unofficial returns — on the
  night of the state's presidential primary, March 8.  Friday's order, by US
  District Court Judge William L. Hungate, modifies his earlier decision
  against the Election Board in a case on voting rights filed by Michael V.
  Roberts, a city candidate who was defeated.  In his new order, Hungate
  limited the number of ballots that would have to be counted manually.

  The original order, made Dec. 22, touched off protests from Jerry B. Wamser,
  Election Board chairman. He had said that the order would require a manual
  count of all ballots — a process that would take a week or longer.  Wamser
  also had said that the board would not run a computer tabulation on election
  night because it might lack legal authority to do so under Hungate's original
  ruling.  But board attorney Leo V. Garvin Jr. said Friday night that there no
  longer was any such concern as a result of Hungate's latest ruling.  Garvin
  declined further comment.

  In his suit, Roberts, who is black, said he lost the Democatic nomination for
  aldermanic president last year because the city's punch-card voting system
  discriminated against blacks.

  In his decision, Hungate did not overturn the results. But he found that the
  election board's failure to review ballots for which votes were not counted
  violated the federal Voting Rights Act.  Initially, Hungate ordered the board
  to count by hand all ballots validly cast by voters but not counted by
  computer tabulating equipment. In effect, that meant that all ballots would
  have to be counted by hand, election officials said.  [See note below -WM]
  But on Friday, Hungate ruled that a manual review would be necessary only if
  the total of "overvotes" and "undervotes" could conceivably make the
  difference between a candidate's winning or losing an election.

  An overvote is a ballot rejected because votes are punched for more than
  one candidate for a given office. An undervote is not counted because of
  improper punching or no punch at all.

  Hungate said his modified order applied to the primary on March 8 and to
  Tuesday's special election to pick a new 17th Ward alderman. Hungate
  added that the Election Board's plan for educating voters about the
  punch-card system was satisfactory for those two elections.

  Voters will be asked to check boxes on signature cards certifying that
  they have been offered instructions in the use of the punch cards.

NOTE: Personally, I don't see how having to manually review ballots which
were machine-rejected means that "all ballots have to be counted by hand".
The equipment could be programmed to count every ballot where there were
no problems, and just kick out any odd ones. Only those odd ones would
have to be manually processed. You could have done this decades ago with
EAM card-handling equipment, so I can't see why it should be difficult now!

Regards, Will Martin

Please report problems with the web pages to the maintainer