The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 6 Issue 87

Thursday 19 May 1988


o Stock Market Damping
Richard A. Cowan
o Bankwire fraud
Steve Bellovin
o Metallic Balloons
Keith Anderson
John Kullmann
o IRS mismatching and other computing anomalies
John M. Sullivan
o Why technicians wait to respond to alarms
Lynn Gazis
o Illinois Bell Hinsdale fire
Ted Kekatos
Ed Nilges
David Lesher
o Risks of Ignoring Alarms
Daniel P Faigin
o Halon environmental impact citation
Anita Gould
o Info on RISKS (comp.risks)

Stock Market Damping

Richard A. Cowan <COWAN@XX.LCS.MIT.EDU>
Wed 18 May 88 20:43:44-EDT
  Regarding the recent message about the Stock Market as a feedback system:

  If you think about it, it's easy to devise a damper on the frenzied
  stock market trading system.  If there are too many trades causing
wild swings in the market, caused partly by our ability today to handle
a huge volume of trades because we have computers, all you have to do
is increase the cost of this type of trading.

  Of course, if you aren't rich you don't want to have to pay even
higher commissions.  So you could implement a progressive "tax" on
usage of the market trading system.  But this would be difficult
to enforce without changing the entire structure of the "free
market" system.  Right now, seats on the exchange are purchased
for a flat fee (the going rate is $850,000) and I don't know if
there is any type of usage fee.  In the same way that the law 
has historically treated waterways and land, ownership gives
you the right to use *and* abuse, where polluting the environment
is analogous to overloading trades in the stock market.

  A potentially more enforceable mechanism is to tax short-term
profits (capital gains) at a higher rate than long-term gains.
I'm not sure (someone correct me on this), but I think the recent
tax reform equalized the two rates, which were previously different.
This makes no sense for market stability, as the old system at
least provided some incentive to hold on to stocks for 6 months
or more, or whatever period is considered "long-term."

  An obstacle with either solution is that people who have seats
on the exchange profit greatly from the commissions and other
business activity generated by a high stock market volume.  The
economy as a whole would probably function fine with one-tenth
the stock market volume we have today.  But you have an army
of people fighting to gain that extra 0.01% return on their
investments and they are legally bound to do this (this is the
meaning of "fiduciary responsiblity").

  Any alternative solutions or comments on my solutions?

Bankwire fraud (Re: RISKS-6.86)

Thu, 19 May 88 11:40:09 EDT
An unconfirmed report claims that the embezzlement scheme employed tapes of
bank officers reading code words.  Replay attacks!
                                                      --Steve Bellovin

Metallic Balloons

Tue, 17 May 88 11:05 EST
        I understand that those metallic ballons also reflect radar, and play
havoc with airport controller's systems.  I believe that it works on the same
principle as chaff, or "window" (I think that was what it was called), the
stuff they dropped over germany during the war to ruin radar.

Keith Anderson  Kanderson@Hampvms


John Kullmann <jk@Apple.Com>
Tue, 17 May 88 14:18:17 PDT
Eugene Miya wrote of an episode with an automatic stamp machine. I would like
to relate one I had when I was in high school, about , well, a while ago.

It involved a dollar bill changer similar (at least externally) to the ones
still in use today. I was second in line for it in the 'rathskeller' of our
high school. After the girl in front of me finished I quickly stuck my bill in,
being in a rush to return to my foosball game, and it popped back out because I
had put it in backwards. Then, immediately following it, out came ANOTHER bill!
Being a quick learner I quickly stuck it in backwards again, out it came, but
no second bill followed.  I then got another bill out of my pocket, stuck one
in the right way, out came the change, stuck the second one in backwards, out
it came, and out came the previous bill!! Well, you can imagine the rest of the
story from here. Many trips up to locker with pockets BULGING with change.  Cut
classes until machine was empty of change.  The next day the machine was
restocked with change but I could never get it to happen again. I never did
learn why that happenned. I bet the person servicing the machine was surprized
when he/she opened it up!
                            --John Kullmann, Apple Computer Inc., Cupertino, CA

IRS mismatching and other computing anomalies

John M. Sullivan <jmsulliv@phoenix.Princeton.EDU>
Wed, 18 May 88 00:21:35 edt
I recently got a notice from the IRS saying I had underreported some taxes
in 1985.  They of course had mismatched items on the return with 1099's,
so I wrote back to tell them this.  Just the other day I received their
reply, which seemed to be mostly a form letter, but had one paragraph in
all caps which was obviously personalized:

EMPLOYMENT TAX OF $4220.00 TIMES .11 IS $497.00.

Ignoring the strange punctuation, I quickly noticed the strange math.
I tried my head, pencil and paper, a calculator, and 'bc', and 4220*.11
always came out as 464.20, not the higher figure they gave.

I called the IRS and it turns out that the SE tax rate for 1985 is 11.8%.  So
the $497 is correct, and in fact has been truncated down from $497.96.
Evidently, dollar amounts are truncated (not rounded) to the nearest dollar,
then printed with 2 decimal digits.  Other figures are truncated at 2 decimal
digits for printing (but I bet they won't let you figure your tax that way).

John Sullivan

Why technicians wait to respond to alarms

Mon, 16 May 88 20:02:23 PDT
I have a few words in defense of the nameless technician who waited ten minutes
to report the fire in Hinsdale.  Ten minutes is not a long time to miss an
alarm.  I work as a computer operator.  Ten minutes is a coffee break.  I could
easily go out, grab a cup of coffee, look at the latest cartoons on someone's
door, come in and see a slew of alarms on my console.  (Two ten minute breaks
are required by law.)  Or I could be off backing up someone's PC.  I doubt that
that technician had nothing to do but monitor a site miles away which hadn't
bothered to hire its own weekend shift.  Often more than one thing breaks down
at once.  Many times I have come in to find three independent problems.  That
technician could easily have been off dealing with some minor emergency while a
major one was going unreported.

I don't think you can even necessarily blame the technician for not calling the
fire department; probably he or she called the supervisor, was told "I'll take
care of it," and hung up assuming everything is in hand.  The supervisor, and
not the technician, should be in trouble for not calling the fire department
immediately.  Any company should have emergency procedures, and those should
involve calling the fire department, not running over to look at it yourself.

If your alarm is a message on a console, and your technician is watching
several things at once, then ten minute is a prompt response.  If you want
better response to your alarms, make the most serious ones noisy.  I doubt that
this alarm was noisy, because if it were, even the least attentive technician
would respond right away, if only to get the thing turned off.  Probably they
had a loud alarm in the empty building, and a message on a terminal in
Springfield as a backup.

Lynn Gazis

questions about Illinois Bell Hinsdale fire

Kekatos <ihuxv!>
13 May 88 20:30:01 GMT
The Great Fire.... continued

Most people have heard about the Illinois Bell "Hinsdale" fire by now. It
has been mentioned on network TV news. Alot of people are asking questions.
These are some of the questions that I have heard.

How can one office have such an affect on the phone network?
What ever happen to redundancy in the network?

How come the local news service still thinks only  35,000  people are
affected?  What about the thousands of businesses that are affected. What
about the hundreds of DATA-COMM links?  All over the western suburbs,
hundreds of Automatic Teller Machines are down.  Hundreds of stores can not
perform credit card approvals.

How come it is taking them many days to do some work arounds on the long
distance network?  Why can't they re-route the long distance calls to other

How come the fire was not detected before it had so seriously damaged the
switching office?  Is the phone company to cheap to install fire detectors?
I would think that there would at least a sprinkler system.

Hundreds of payphones are affected.

One person related their experience.  "Direct dial calls still
seem to be impossible,   but operator-assisted calls
sometimes work.  I was able to make three long distance calls
with my calling card this afternoon.  I got the "all carrier
circuits are busy.." announcement several times, but did  finally
get the bong tone and completed the calls that I needed to

Another person relates their experience:  "There is no  operator,
no 411, no 911, no long distance, though I was able to make one
call at 2:00 a.m. "

There is a sign at my bank that states: "Due to the 
fire at the Illinois Bell Hinsdale Central office, our computers are
not functioning. Please visit our main office at [bank address]." 

----  Ted G. Kekatos

Illinois Bell Fire

Ed Nilges <EGNILGES@PUCC.Princeton.EDU>
Wed, 18 May 88 16:07:55 EDT
...might be compared to the King's Cross subway fire in London last year;
too few maintenance people in both the Hinsdale office and at King's
Cross owing to a false notion of "economy"...

Chicago Telephone fire (RISKS-6.84)

David Lesher <ames!wb8foz@cucstud>
Thu, 19 May 88 0:02:08 EDT
Regarding sprinklers and computers, I don't think it is realistic to
rationalize away the lack of sprinklers by saying "We don't want to flood
the computer room".  Many computer rooms are sprinkler equipped.  First,
despite the image the public gets from TV and movies, each (sprinkler) head
trips ITSELF ONLY.  The standard heads are fuse style, but most computer
rooms use thermostatic ones that turn off again when the area cools.  If
your CPU is burning, will a little water do any more damage?  Second, the
switch itself is only part of the space in the building. I recall from the
NY switch fire (1970 +/- 3 db) that one reason for the severe delays in
restoration was the fire consumed the cable vault burnt up to the exit of
the building.  As I recall, MA bought the building next door BEFORE the fire
was out (no small trick in the NYC real estate market) in order to install
the new CO and toll switch.  By the way, even 8 years ago, many CO's were
unmanned even during working hours. Only those with test boards were
staffed.  I think the real message of Hinsdale is failure to learn from the
mistakes of the past.

   [I have quoted Henry Petroski here before — we never learn from our
   successes, but we have an opportunity to learn from our failures.
   (On the other hand, we probably tend to learn less from other people's 
   failures than from our own...)  PGN]

Risks of Ignoring Alarms

Daniel P Faigin <>
Wed, 18 May 88 08:52:32 PDT
In the latest RISKS-FORUM article on the Hinsdale Illinois Bell fire, I read
the following:

>At 3:50 PM, a technician in a Bell central office in Springfield, IL got a
>fire alarm trip signal from Hinsdale. *HE CHOSE TO IGNORE THE ALARM TRIP*.
>Within a period of 10 minutes, several more alarms from Hinsdale tripped,
>including one for a loss of power.

This made me think back to the First Interstate fire that just happened in
L.A., where one person died because *they didn't believe the alarm, and went
to investigate*.

As more and more of these incidents occur, we get more and more warning
devices.  We now have *electronic* smoke detectors in our homes and at work.
We have humidity sensors for our computers, temperature alarms, pressure and
motion sensors. All of them electronic, all of them driven by our transistor

As with any alarm system, a certain percentage of alarms are false. With more
alarms, the actual number of false alarms grows. Our society begins to view
the alarms in a manner similar to how the people treated the boy who called
"wolf". We don't believe them. We wait for human confirmation that there
actually is a problem. When there isn't a problem, we are relieved. When
there is, it often turns out (as in Hinsdale and LA), that we are actually
worse off.

In certain industries, such as nuclear and chemical manufacturing/research,
all alarms are treated as real emergencies until proved otherwise. This
includes notifying the authorities.  We too often ignore the alarm and wait
until security tells us there is a real problem. In doing this, we lose
valuable evacuation and containment time.

How many of you have had a smoke detector go off in your building?  What did
*you* do about it?

Halon environmental impact citation

Thu, 19 May 1988 02:59 EDT
In RISKS 6.79, Dave Cornutt asks about the ozone-depletion risks of the
halon used in fire-fighting.  Science News (9 April 1988, Vol. 133, No. 15)
recently ran a cover story on current usage of halocarbons and the search
for ways to reduce it.  Here are some answers taken from there.

The Montreal Protocol, the international agreement currently under
consideration, would freeze production of halon at 1986 levels.

Yes, halon is unfortunately *very* bad for the ozone layer.  Halon
1301 (CF3Br), used primarily in room-flooding systems, is ten times as
destructive as the more common CFCs used in other applications, while
halon 1211 (CF2BrCl), used in hand-held fire extinguishers, is three
times as destructive as the common ones.

However, halons are used in much smaller quantities.  Of the total 1.1
billion kilograms of halocarbons produced worldwide annually, 14.1 million
(just over 1%) are the halons mentioned above, split evenly between the two
types.  (I'm mixing 1985 and 1986 EPA figures.)  I have no idea to what
extent the amount produced reflects the amount released; particularly in the
case of halons, one may hope that new installations, rather than
steady-state use, are responsible for a significant fraction of the total.

There are currently no good substitutes for halon, but according to SN, they
"are released far more frequently during tests than during fires."  Of
course, failure to conduct tests has risks of its own! I'm sure they can be
minimized by designing equipment to be tested under dry run conditions.
Does anyone know if this is actually being done?  This is a solution I
hesitate to propose, since every point where test conditions deviate from
actual ones is a chance for something to go wrong.  RISKS readers are all to
familiar with the canonical horror story in which the system (be it
hardware, software, human, or what-have-you) works fine during tests, but
the tests fail to simulate actual conditions in some unforseen way.  (Any
guesses on what percentage of incidents reported herein fit this paradigm?)
However, weighing the choices, I believe that this is the best solution
currently available, provided that both designers and users of fire-control
systems go into it with their eyes open.
                                                  -Anita Gould

Please report problems with the web pages to the maintainer