The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 7 Issue 14

Friday 1 July 1988


o The Eyes Have It (unique driver's license numbers)
o New UK Virus
Will Martin
o Australia Card - more details
Chris Maltby
o Re: The Challenger and visionary software architects
Jerry Hollombe
o Academic Assignment of Viruses
John Gregor
o Info on RISKS (comp.risks)

The Eyes Have It

Fri, 1 Jul 88 13:50 EDT
From _The_Star_Ledger_, Thursday, June 30, 1988 page 35, a New Jersey paper
published in Newark.


MV acts to 'separate' drivers with the same name, birth date

  At least 14,000 New Jersey motorists share the same names, birth dates,
and eye colors, the Division of Motor Vehicles has discovered in its
efforts to straighten out its licensing records.

  The DMV will be sending out letters to the motorists next week asking
them once again to reveal their true eye color.  The agency was forced to
delete the information from its computer system and use a substitute code
number in order to avoid issuing the same drivers's license number ot
different mororists, DMV Director Glenn Paulsen said yesterday.

  When issuing driver's licenses, the DMV computer system assigns a number
consisting of a letter followed by 14 digits.  The letter and first nine
digits represent the driver's name, the next four digits reflect the month
and year of birth and the final digits is a code representing eye color.

  In 14,000 cases, the DMV discovered, different motorists shared the same
names, birth dates, and eye colors and had to be issued special driver's
license numbers that substituted the number 7, 8, or 9 for the digits used
to represent eye color.

  "This effectively altered the driver license number to overcome any
possible duplication with an already existing number," Paulsen said.
"However, it also eliminated the individual's true eye color from the record."

  Paulsen said the system has been reprogrammed so that driver's license
numbers can be altered to avoid duplication, but still retain information
regarding eye color.  In addition, the DMV plans to change the format of
its driver's license documents later this year to include the eye color
information on the face of the license.

  The numbers 7, 8, or 9 will still be used on licenses in place of the eye
color code numbers in cases of potential duplication, but the eye color
information will remain on file in the DMV's records, under the new system.

  The eye color code numbers are 1 for black, 2 for brown, 3 for grey, 4
for blue, 5 for hazel, and 6 for green.

    [In light of all of the stories we have had in the past involving 
    name confusion and overzealous computer matching, this one is an
    attempt to do things a little more sanely -- at least to recognize the
    problem.  But it does not seem likely that, with 14,000 data collisions,  
    the codes 7, 8, and 9 are adequate to disambiguate on into the future,
    especially if new collisions arise.  How about using "9" as an escape
    for "other" and then tack on a unique disambiguator including color.
    What about albinos? People with non-matching eyes?  glass-eyes?  tinted
    contacts?  Lots of risks in computer matching here...  PGN]

New UK Virus

Will Martin -- AMXAL-RI <wmartin@ALMSA-1.ARPA>
Fri, 1 Jul 88 10:36:42 CDT
The following is a complete item from the FEDERAL BYTES column (p. 42) of the
June 27, 1988, issue of Federal Computer Week, which just arrived in today's
mail (July 1):

Oh, No - Not Maggy!

Sources of reasonable reliability within the British Ministry of Defense (MoD)
report that a computer virus has broken out. It seems that MoD uses a number
of Macs, largely for graphics but some of them for word processing.

Whenever anyone writes "Margaret Thatcher" or "prime minister", the screen
[image] vanishes, along with whatever was on it. In the place of the missing
document appears a picture of Maggy, with a Union Jack behind her.

MoD, say our sources, has not found a cure.

Australia Card - more details

Chris Maltby <munnari!!chris@uunet.UU.NET>
16 Jun 88 20:02:07 +1000 (Thu)
The Australia Card was not planned to be anything in particular.
The design was still in the tendering stage when the whole project
was canned due to a legislative technicality. Strictly speaking,
the government was given a mandate by means of a dissolution and
new election of both the Senate and the House of Reps which is
possible only when the Senate is viewed to be obstructing legislation.
The obstructed legislation was the Australia Card bill. For those
unclear about the Australian Parliamentary system, the government is
formed by the party which controls the House of Reps. The Senate has
been/is and is likely to remain without any absolute majorities. When
the new parliament was convened, a joint sitting of both houses was
held to pass the bill, and it may even have been gazetted into real
law, when it was discovered by a clever person that a regulation bill
was required to activate the Card. The Senate indicated it wouldn't be
passed so rather than face another election (and a certain loss) the
Australia Card was dumped. It's ready to go, just waiting...

Suggestions or requirements for the card itself were:

    A digitised image of the person possibly on the card itself or
    accessible to the counter operator when the card was scanned.

    A digitised signature (or thumbprint) and a digitising pad
    which could validate the user on presentation.

    The card was supposed to be made from secure materials and
    with secure printing etc etc.

No-one had really resolved how forgery was to be prevented. An
accomplice behind the registration desk would have laid the whole
system open. How many forged cards would you like sir...

Now we are to have an "upgraded tax-file-number" (unspecified)
if the Government can get it through the Senate. Of course, the
next election will be in early 1990 so they'll have to hurry...

Meanwhile, the tax commissioner and the courts have started to
interpret tax law much more strictly, and cuts in the rates have
probably done as much as the card would to prevent avoidance.
Social Security fraud seems to have retreated as an issue;
it's the cutbacks to it which are capturing the public mind.

Chris Maltby - Softway Pty Ltd  (chris@softway.oz)

PHONE:  +61-2-698-2322      UUCP:       uunet!softway.oz!chris
FAX:    +61-2-699-9174      INTERNET:

Re: The Challenger and visionary software architects (RISKS-7.7)

The Polymath <hollombe@ttidca.TTI.COM>
13 Jun 88 21:13:42 GMT
}Date: Thu, 09 Jun 88 16:16:29 PDT
}From: Eugene Miya <>
}Subject: Re: The Challenger and visionary software architects 
}>From: (Kent Stork)
}>The May issue of Defense Science validates something that many computer
}>scientists have probably suspected: ultimately, the failure of the Challenger
}>and the death of the astronauts was due to a control loop software design
}>oversight - just another bug.
}The closest comment to "control loop software design" is:
}   "It was not the leak that killed the astronauts.  It was the
}   attempt to correct the sidethrust, which sent the Challenger
}   into violent oscillations.

This smacks of semantic quibbling.  Had there been no leak there would
have been no need to correct for it.  In any case, the boost phase of the
shuttle's flight is extremely critical with respect to forces on the
assembled shuttle, tank and boosters.  The shuttle's control surfaces are
put through a very precise series of moves at this time to minimize stress
all around.  Any drastic deviation from expected conditions would be bound
to have severe consequences.

}   "If the Challenger had been permited to go off course,
}   without attempting the major correction, the side booster would
}   not have broken out, the booster would have burnt out with the
}   Challenger still intact, and the crew could have ejected, off
}   course but alive."   [spelling corrected]

Not true.  There were no facilities for crew ejection on board the
Challenger. (A more feasible scenario would have been an attempt to fly
the Shuttle to a landing after the boost phase had burned out).  If the
off-course shuttle had headed for a populated area the Range Safety
Officer would have been in the unenviable position of having to destroy
it _and its crew_ anyway.  Fortunately for his peace of mind, he only had
to destroy the boosters.

There are many RISKS associated with flying the Shuttle.  While much effort is
devoted to minimizing them, some of them simply have to be lived with.

The Polymath (aka: Jerry Hollombe, hollombe@TTI.COM)   
Citicorp(+)TTI, 3100 Ocean Park Blvd.   (213) 452-9191, x2483
Santa Monica, CA  90405 {csun|philabs|psivax|trwrb}!ttidca!hollombe

Academic Assignment of Viruses (RISKS-7.4)

John Gregor <unido!ecrcvax!johng@uunet.UU.NET>
13 Jun 88 21:09:43 GMT
-> Date:  Sun, 5 Jun 88 10:25 EDT 
-> Subject: Academic Assignment of Viruses

-> A society that depends upon any mechanism for its own proper
-> functioning, cannot tolerate, much less encourage, any tampering with
-> the intended operation of that mechanism.

Do you really believe that?  Are you saying that any possible activity
that could cause a deviation from the status quo is a danger and should
be 'discouraged' (a euphamism for destroyed)?  Unless you claim that
the system is perfect (completely without flaw), how can you claim that
an attempt to make change cannot be tolerated.  Even if you feel
perfection has been reached, who appointed you to be the conscience for
the rest of the race?  There no difference between your statement and
worst actions attributed to "The Red Menace," in that they destroy the
individual to maintain the purity of the state.  Such closed mindedness
never leads to an orderly society.  It leads to the mindless
destruction of all (both valid and fringe) criticism and methods of
checks and balances.  It leads to an ever tightening spiral of
repressions that is only broken by revolution and chaos (not something
I consider beneficial).  Your statement is the antithesis of the ideals
of personal liberty and social change that this (I'm a temporarily
relocated US citizen, so I mean the US) country is founded upon.

-> Therefore, one is tempted to rise up in indignation at the idea of a
-> qualified academic assigning a virus to his students.  

It's one thing to assign a project that specifically violates US or
State laws.  It is quite another to use an exercise to demonstrate the
fallacies of system security, system design flaws, and the ingenuity
and persistence of the dedicated.  The assumed goal of the exercise was
to give the students an insight into the problems of system security
and design.  A lesson they will take with them into industry to
integrate into the next generation of computing systems.  Then you and
those like you will be praising the same people for their ability to
seal up the leaks that plagued today's systems.

-> The next thing you know, they will be assigning plagiarism.  How about
-> the forgery of academic credentials?  Perhaps we should offer a course
-> in how to falsify research results.  Or, perhaps, on how to trash
-> another's experiments, notes or reports.

This is in no way implied by the original project.  It is only an
emotional appeal to create some sort of "mob-scene" reaction.  It is in
bad style.  The sad part is that mob psycology works (mobs aren't very
bright).  This means that some external entity must apply force to the
majority to protect the rights of the stampeding minority.  From your
posting and your ARPA location, I assume you are a part of some such
entity.  Unfortunately, the types that wind up ensuring the rights of
the minority are also the most likely to mindlessly follow the state
dogma and use their ability to use force to destroy the balances they
were there to protect.  It's a positive feedback situation.  It's an
auto-immune reation gone crazy.  It's fatal.  It's the biggest RISK of

-> Perhaps it is a sign of immaturity that we are unable to recognize the
-> moral equivalency.  I will leave open the question of whether the
-> immaturity is in the technology, the society, or academia.

I sugest it is in those who fear any and all challenges to their dogma
and supersticion.  Especially those who fear ideas and use force to
destroy them.  Actually, I guess I'm no better.  The basic philosophy
your posting supports and what history has shown to be the results of
that philosophy are the only cause I can imagine risking my life to
help destroy.  Our only difference is that I am able to live my life
knowing that there are those who don't believe as I.  While many of
them won't rest until all of the heretics, perverts, and risks to their
social order have been neutralized.  Yes, this is a war.  It's not one
I would have.  It's one that is caused by those who feel they MUST
destroy all dissent and won't let the rest alone.  I only hope I and the
ones I love never have to fight.

-> I thought that we put this issue to bed several years ago when we
-> stopped assigning the breaking of security.  It seems that we did not.

It's still common practice to stress test a system (computer, program,
physics theory, etc.) by trying to break it.  It's the only way to be
sure.  Why should a political theory or social order be sacrosanct?
If you fail to test, unless you are perfect, the system will fail in
a way that could have prevented if only the attitude of the powers-that-be 
didn't equate questioning as heresy.  Our shuttle is a good example of where
that attitude goes.

-> For an academic to be unable to recognize that assignments, and the
-> recognition that goes with their successful completion, encourages the
-> behavior assigned, demonstrates a lack of understanding of the activity
-> in which he is engaged.  If he understands it, and still makes such an
-> assignment, he demonstrates a lack of understanding of where his real
-> interest rests.

-> Such irresponsible behavior may account, in part, for the anti-academic
-> bias in our society and for the manifest distrust of the scientific
-> establishment.  

I believe that your perceptions of an anti-academic bias and distrust
of academia stem from that fact that they can't be controlled.  They
can come up with facts independently from your personal belief system.
Your views are no better than the worst of the Soviet and Nazi system,
where only state-backed results were released and non-conforming
results were destroyed and the people involved "reeducated."  Academia
should have to bow to your (or anyone's) fears, superstitions, or idea
of what the answers should be.  Reality is not going to change, no
matter how much you or anyone (creationists, flat earthers, etc) want.

-> It is of little wonder that the citizens of Cambridge, Massachusetts
-> are reluctant to trust the likes of these with genetic engineering.

An analogous project might be to create viruses and other biological
agents that target "flaws" in the human system.  I don't think you need
to worry about the universities.  The US military is quite advanced in
this madness.  The difference between the two projects is that 

  1. The computers are the property of the university and theirs to do with as
they wish.  Humans aren't.  

  2. An electrically and logically separate computer environment is easier
to create/maintain and guarantees isolation.  Biological systems aren't so
simple or as easy to play with.  

  3. The worst case scenario for the computer project is: Brand X computers
fall over until booted from a clean tape and some data is lost.  For a
biological scenario:  Extinction of the human species or of all life on
Earth.  So why does the DoD continue Biowarfare?  Or is is it ok because
it's done by the state?

If I ever try to get a security clearance and this doesn't come back to
me, I'll be disappointed.

Please report problems with the web pages to the maintainer