The RISKS Digest
Volume 7 Issue 34

Friday, 12th August 1988

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o "Eye focusing found to be VDT hazard."
Denis Haskin
o Privacy (Again)
Willis Ware
o "Virus" Bill
Jerome H. Saltzer
Steven C. Den Beste
Steve Kovner
o A Visit To the Clinic
Brian Ellis
o Aegis beaten by binoculars? (Trusting computers and/or people?)
Andy Coupland via Martyn Thomas
o Airbus
George Michaelson
o SDI rationalizations
Steve Summit
o Re: Misidentification of persons as criminal by computers
o Info on RISKS (comp.risks)

"Eye focusing found to be VDT hazard."

Denis Haskin <>
Wed, 10 Aug 88 18:03:29 edt
  From the Boston Globe, Wednesday, Aug 10, 1988

    BERKELEY, Calif. - Regular work in front of a VDT screen may cause a
  premature loss in the eye's ability to focus, according to preliminary
  research by a University of California optometrist.  A deterioration in eye
  focusing among people in their 20s and 30s was the No. 1 problem found in
  153 patients treated at the university's Video Display Terminal Eye Clinic,
  said researcher James Sheedy.  The study, prepared for a symposium in Ohio,
  was the first clinical report of eye-focusing problems in VDT users.

They may be right.  I've been working with display screens for about the last
five years, and lately (last three years) usually most of a working day.  Until
recently I had no need of glasses but on my last exam the doctor recommended
some; they aren't very strong, but I have noticed a difference.  My eyes are
much less tired after a full day at a terminal now.

Denis W. Haskin, Technical Analyst, Digital Review, Boston, MA

Privacy (Again) (Re: RISKS-7.32)

Wed, 10 Aug 88 15:23:36 PDT
Denny's article is a rehash of old points and old concerns but updated with a
few contemporary examples.  He fails to raise and comment on a central point.

He asks (to paraphrase the point) what right a manufacturer has to ask all
manner of personal questions on the warranty form.  He should note (but did
not) that he nor anyone else is under no obligation to answer all manner of
questions in such a situation.  The warranty in no way will be affected if he
declines to answer.

My best bottom line on personal privacy is this:

        1.  Information intrusion and its consequences is just another one
of those risks of living in this world.

        2.  Each of us better be well informed of when we are legally
obligated to answer questions and give personal information, and when we
are not.

        3.  Each of us will have to understand that like other risks of
living in our world, privacy will require us to take care of ourselves,
using whatever mechanisms society and/or governments have provided and
whatever innovations we can indvidually create.

        4.  To the extent that people behave like information-sheep and
mindlessly answer every question put before them by any inquiring agent,
then privacy will be eroded more and more and self-protection will become
all the more difficult.

Trying saying NO when asked for personal information; you'll be surprised
at how often it won't make any difference.
                                 Willis H. Ware

"Virus" Bill (RISKS-7.33)

Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Thu, 11 Aug 88 00:27:31 EDT
> (a) Whoever knowingly --
>       (1) inserts into a program for a computer information or commands,...
>       (2) provides such program to others in circumstances in which ...

Wonderfully put.  As I read that language, installing Sun NFS 3.0 in your
favorite operating system and then running it at your site would be a felony.
Perhaps this bill is not such a bad idea as it seems at first.

(Not to pick on Sun . . . there are dozens of other good examples.  Installing
your vendor's newest system release without alerting all your users would
probably become a felony, too.)

Re: "Virus" Bill

Thu, 11 Aug 88 12:06:50 -0400
It has been long known among law enforcement experts that severity of
punishment is less of a deterrent than certainty of punishment.

If a given crime has the death penalty, but only one change in a thousand of
being caught, convicted and punished, then there is no deterrence. If the
penalty is light but the chance of punishment is high, there is deterrence.
(Which is why no-one throws rocks through the windows of the Police station or
paints graffitti on its wall.)

So it is with this bill. The penalty is as stiff as the constitution allows,
but the chance of being caught is vanishingly small. The only virus-authors I
have heard have been identified were boasting about it. If they'd kept their
mouths shut, they wouldn't have been found.

But just finding them, hard as it is, is the easy part. How do you prove that
they are the author? JURY-prove, I mean.

Even without this bill, there were potential penalties. A large corporation who
was hurt by a virus could have sued the virus author, if they knew who it was
and could prove it. But the search usually would have cost more than the

What this bill DOES do is give the FBI grounds for a serious search for virus
authors. But what if the author is overseas? The current most common virus for
the Amiga was written in Switzerland.

Steven C. Den Beste,   Bolt Beranek & Newman, Cambridge MA    harvard!!denbeste(UUCP)

RE: "Virus" bill

Fri, 12 Aug 88 10:27:52 PDT
    While I doubt the entire anti-virus bill was published in Risks Digest
    7.33, the following excerpt seems to have problems:

> (a) Whoever knowingly --
>           (1) inserts into a program for a computer information or commands,
> knowing or having reason to believe that such information or commands will
> cause loss to users of a computer on which such program is run or to those who
> rely on information processed on such computer; and

    This sounds like it makes the DELETE ( or rm ) commands illegal! Even
    more, what would it mean for operations people who have (and supply)
    command files to clean up disk areas? (e.g. PURGE on VMS or deleting
    *.tmp) UNIX(r) systems should have NOCLOBBER always set, and remove
    the >! construct. Gear up disk drive production if this takes effect.

    I hope there is something in the bill which excludes commands
    necessary to the normal functioning of the system, and those which
    allow the user to lose things himself. This should be written to cover
    only those "information of commands" which are surreptitiously
    inserted, or exist in programs which are not expected to erase data.

    Steve Kovner,     Digital Equipment Corporation

    (The opinions expressed above do not necessarily represent the
    opinions of my employer.)

A Visit To the Clinic

Wed, 10 Aug 88 09:45:24 pdt
I went to a local medical clinic yesterday for the first time. After a few
minutes I wondered if I had come to the right place. The first clue that 
something was wrong was the complaint of the couple in front of me in line at
the front desk. They had received a bill in the mail for over 1,000 which was
surprising to them since they had prepaid provider insurance. (Prepaid
provider insurance allows the doctors office to bill the insurance company 
without the patient having to submit insurance claims). Furthermore
their account number for insurance was also scrambled and didn't match the 
credit card that is usually provided with prepaid insurance. The receptionist
explained that the computer had been broken and that they should ignore
the bill since they should not have gotten it in the first place.

When I went up to the desk upstairs someone was having to pay cash because
"the computer is messed up and cannot bill your insurance directly".  Of course
I was depending on *my* prepaid provider plan to pay and had maybe 5 dollars
to my name so I was a little concerned.  I had also noticed that there were
several assistants stashed in corners hand sorting what appeared to be

After the doctor found out I worked with computers he told me what had
happened.  The clinic had recently replaced their computer system with a
new one and disposed of the old one.  The new computer took the current
balance * number of patients in family and produced bills for all the
patients that had been in the clinic including people with prepaid provider 
type of insurance.  A nurse who had worked at the clinic received a bill for
over 4,000 dollars.  Apparently it had taken her bill of approximately 80
dollars and multiplied it by both her immediate family, and her grandchildren. 
I hope they keep their medical information on a separate computer! Take
3000 aspirins and call me in the morning :-)

It seems to me that using the new system that the clinic or the installer 
should have performed some kind of check before they converted over to the
new system or at least run the two systems in parallel until they verified
the operation of the new system. At least I would attempt to verify the new
system before I mailed out bills to hundreds of angry customers. I guess I
will have to wait till the end of the month and see how my bill comes back
but since there is only one of me at least they should be able to calculate 
it correctly. At least my back is feeling better. It does make me a little
angry that "the computer is always to blame" when it appears that the real fault
lies with the humans that install, program, and feed the computer. 

I think I understand now why we test software and look at the results.
I have seen more than one instance where the end user of a computer product
trusted the computer so much that they stopped checking the results even when
the were obviously wrong. Maybe we need to educate end users to not put
blind faith in the computer and as software producers to test our software
and make it as idiot proof as possible. Even a simple spot check of some of the
bills at the clinic could have prevented an expensive and embarrassing mistake.

Brian Ellis, Boeing Aerospace,Seattle, WA 98124-2499   (206) 773-2599
My boss has both opinions and humor but the views expressed here are mine.

Aegis beaten by binoculars? (Trusting computers and/or people?)

Martyn Thomas <mcvax!praxis!mct@uunet.UU.NET>
Thu, 11 Aug 88 10:11:55 BST
The following letter appears in Flight International, 6 August 1988.  Copied
without consent.

"When I was a kid I was intrigued by an advertisement for a pair of
binoculars with which I would be able to see 'the craters of the moon' and
'France as if it was only a mile away'.  I saved up and bought them, and
when they arrived they were, in fact, a rather nice pair of wide-angle
10*50s.  I never saw France, but I certainly saw the craters on the moon.

The other day, from a vantage point on the South Downs, I thought I'd put
the old 10*50s to the test again.  Visibility was okay, but there was a lot
of wind and fairly low cloud around.  I looked in the general direction of
Gatwick Airport and after only a minute I saw the unmistakable profile of a
One-Eleven climbing out, smoking visibly.  Then a slightly larger aircraft -
almost certainly a 737, a -200 I'd say, the engines were not big enough to
be a -300. These are some binoculars, I thought: even if France doesn't look
a mile away, at least Reigate Hill does.

Only a few minutes passed before a relatively huge shape climbed into the
air - an ex-BCal DC-10, the overall design of the livery clearly to be seen.
Not only was this a DC-10, and not a TriStar, but it was an ex-BCal '10.  It
turned north soon after take-off, and flew away from home a while, and even
from this aspect it was definitely a '10.  I watched it climb and turn,
disappearing into cloud and then reappearing again.  Good sport this, I
thought, give me a clear day and I could follow a widebody all the way from,
er ... well ... Bandar Abbas?

Just a moment! What's going on? Am I really distiguishing between
near-identical wide-body aircraft from all aspects at almost *three times*
the slant range at which the captain of the USS Vincennes launched two
Standard missiles and destroyed an A300?

In disbelief I double-checked the scale of the map in the AA Book of the
Road.  No doubt about it, these aircraft are well over 20 miles away, and
that '10 must have been 30 miles out when I lost sight of him.  The Airbus
was only nine miles out, at 7500 feet on a clear day when the missiles were
fired. Okay, the A300 was motoring, but tell me which direction he was
coming from and with my 10*50s I reckon I'd have narrowed the field to a
757, 767 or an A300 before you could say 'F-14' - and certainly before he
got within nine miles.

I've never seen an RCA Aegis system advertised in Exchange and Mart but,
even if I do, I don't think I'll buy one.

ANDY COUPLAND, 20 Holmcroft, Crawley, Surrey, RH10, 6TW     "


George Michaelson <munnari!!G.Michaelson@uunet.UU.NET>
Fri, 12 Aug 88 11:25:31 +1000
Old news is no news but reflective journalism improves with age.

The developments in the airbus crash mirror the situation of the late 19th C
when warning devices began to be installed in Railway Engine cabs & signal
boxes.  Getting highly trained "elites" to accept a machine warning is hard.
If they can switch it off, many of them will, until they crash themselves into
extinction. Does history ALWAYS repeats itself?

For me, the key point is NOT to let this stand as a reason to take a human
out of the system. The system worked, the pilot failed, but PLEASE leave
them in there.

Aegis, is almost but not quite an opposite situation. Both the System AND
its users failed. Some [me?] would argue aegis 'failed by design' since
attempting to 'predict' with <100% accuracy something you cannot really 'see'
is not the same thing as 'identifying' with <high-enough> accuracy something
you might need to destroy. The failure was inevitable.

Congressman Smith seems to show that the process of procurement for the DoD
is sufficiently flawed as to make ANY complex system inherently doubtful.

        George Michaelson, CSIRO Division of Information Technology

ACSnet: G.Michaelson@ditmela.oz                      Phone: +61 3 347 8644
Postal: CSIRO, 55 Barry St, Carlton, Vic 3053 Oz       Fax: +61 3 347 8987

SDI rationalizations

Steve Summit <>
Tue, 2 Aug 88 22:23:47 EDT
There's an article in the August Issue of Reader's Digest by Tom
Clancy (author of The Hunt for Red October), entitled "Common Sense
About Strategic Defense."  Given RD's editorial stance, I was
surprised to see this title until reading the article revealed that
"Common Sense" entails that SDI is an appropriate, nay, desirable
response to Mutual Assured Destruction (MAD).  Most of the article is
fairly predictable, relying on things like blind acceptance of the SDI
"research" "results" reported so far, but the paragraph on software
really made me laugh (or cry):

    Some opponents have questioned whether we could program
    computers with the millions of calculations necessary to
    fight a battle against ICBMs.  I don't doubt we can.
    In the 12 years since supercomputers were introduced,
    these devices have moved from doing millions of
    calculations per second to billions, and are now about
    to exceed ten billion calculations per second.  Those
    who believe our computing capabilities are not up to the
    challenge ignore the fact that a computer that once
    filled a building would now fit on their wrists.  These
    people just haven't been paying attention.

Steve Summit,

Re: Misidentification of persons as criminal by computers

99700000 <haynes@ucscc.UCSC.EDU>
Wed, 10 Aug 88 22:03:04 PDT
We have had discussions of cases in which computer data bases wrongly
identified innocent people as criminals.  I just read an interesting counter-
case, in a Bob Greene column in an Esquire magazine from a few months ago.

Briefly, a man killed his live-in fiance, disposed of her body, and then
reported her as missing and mounted an effort to find her so as to establish an
alibi for himself.  A police officer on the case suspected the man, for some
reason, and tried to look him up in a computer database, presumably NCIC.  He
got nothing, so he tried variant spellings of the man's name and turned up the
identity of a fugitive from justice with almost the same social security number
and birth date as his suspect.  Confronted with this, the man confessed to
being the fugitive and waived extradition to be tried for the earlier crime.
With further grilling he confessed to the murder.

Greene also noted that while the Chicago police were looking for the missing
woman, her unidentifiable body was found in Indiana where the murderer had
taken it.  But there was no communication between the two police agencies in
this matter instance.

Please report problems with the web pages to the maintainer