The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 7 Issue 55

Saturday 17 September 1988


o The Ethics of Conflict Simulation
Mike Trout
o Re: Social content of video games
Tim Wood
o Re: Credit Doctors
Dave Robbins
o Virus in ROM on commodore 64
Jurjen N.E. Bos
o Re: Destructive remote controls
Henry Spencer
Jurjen N.E. Bos
o Another one-key mishap
Russ Nelson
o Call for Papers, Invitational Workshop on Data Integrity
Zella Ruthberg
o Info on RISKS (comp.risks)

The Ethics of Conflict Simulation (Re: RISKS-7.49)

Mike Trout <>
16 Sep 88 16:23:05 GMT
In RISKS-FORUM 7.49, Eric Postpischil and Henry Spencer disagree with Ed
Nilges' assertion (in RISKS-FORUM 7.45) that increasing technical abilities of
computer games has corresponded with a decline in social and moral content.
They point out the subtle yet insidious context of chess and _Monopoly_, the
large number of computer games that encourage moral behavior, and the overt
content of standard wargames.

Although many of their points are valid, I must disagree with the basic
contentions of Eric and Henry.  I, too, have noticed the same disturbing trend
aptly noted by Ed.

I have been involved with the design, use, and history of wargames (perhaps
more correctly called "conflict simulations") for nearly 20 years.  Over that
time, I have witnessed a definite change in attitude among those in the field.
In the mid 70s, a major debate erupted over whether the industry leader
should or should not do a proposed project for the Pentagon.  The consensus was
that dealing with the Pentagon would poison the intellectual atmosphere that
had so far kept conflict simulations a model of integrity.  The project was
never done.

Shortly thereafter, the industry leader was destroyed in a hostile takeover
attempt, and surviving companies began the first Pentagon projects.  Today,
most wargaming companies fight for those precious Pentagon dollars, and gaming
has suffered for it.  Many simulations are today designed for the purpose of
developing better ways to slaughter people, rather than as intellectual history
lessons.  Worse, there is a disturbing tendency to design simulations as
vehicles for displaying aggression.  Certainly 20 years of progress has given
us conflict simulations that are technically far more accurate than anything
done in the "Golden Years" of the 60s and 70s, and the use of computers in
simulations has revolutionized the industry.  But with the improvement in
technical accuracy and mechanics has come a change in the purpose of wargames.
Instead of serving primarily as learning tools, they are now approached as
pure profit-making ventures, military aids, or macho exercises.  The "learning
tool" aspect is still there, but it has been subverted by baser instincts.

Of course, there is the "fun" aspect of conflict simulations.  Even the most
intellectual simulations invariably contain certain amounts of "fun," and most
of us get a great deal of satisfaction that way.  I would not deny that I
myself have enjoyed watching my Soviet infantry turn a Nazi pillbox into a 
fireball.  Yet when that enjoyment becomes the PRIMARY purpose of the
simulation, something is wrong.  This is one of the more disturbing aspects of
many arcade-type computer games.  It doesn't matter whether you are pushing a
button on a joystick, typing in a line of commands, or moving a cardboard
counter across a map.  What are the functions of the simulation?  I submit that
greed and aggression have no place in the study of a human activity which is
itself intrinsically rooted in greed and aggression.

Michael Trout (miket@brspyr1) =-=-=-=-=-=-= UUCP:brspyr1!miket
BRS Information Technologies, 1200 Rt. 7, Latham, N.Y. 12110  (518) 783-1161

Re: Social content of video games (RISKS-7.49 etc.)

Tim Wood <mtxinu!sybase!linus!tim@ucbvax.Berkeley.EDU>
Wed, 14 Sep 88 19:28:23 PDT
The conditioning effect of violent video games should be at least as much of a
concern as the effect of similar content on viewers of ordinary TV.  Video
games do not present the spare, tokenized arena of chess or Monopoly; they
present a (speculative) graphical scene of the player's struggle toward the
goal.  When the player and the obstacles are cast in demeaning human
stereotypes, the game is degrading to play.  The key aspect of video games is
the explicit graphical interface that requires the player to focus on the
images of the game's creators rather than create his/her (possibly less hostile
in some cases) own mental images.


Voluntary disclaimer: This posting is solely my personal opinion.
              It is not a representation of Sybase, Inc.

re: Credit Doctors

Dave Robbins <>
Fri, 16 Sep 88 14:40:04 EDT (Donn Seeley) quotes in Risks 7.50 portions of the
Newsweek article about credit doctors.  The concluding question is:

   Are credit bureaus' security measures really this lax?  It's not hard
   to believe, just appalling.

I have a couple of comments to add:

1) This type of activity is not uniquely a computer risk. I can imagine
   a computerless credit bureau, where records are kept on paper, and
   further imagine a 'credit doctor' fraudulently obtaining the
   credentials necessary to gain access to the credit bureau. The 'doctor'
   then calls up the credit bureau and obtains the desired information.
   The difference, of course, is that in this case the 'doctor' is
   probably dealing with a human at the credit bureau, and this human
   might by some chance figure out that the 'doctor' is up to no good.

2) The computer-related risk is, of course, that this sort of activity is
   much more likely to happen with computerized credit bureaus. The volume
   of information involved, and the anonymity of the individual making the
   request for credit information (via a terminal) make it much more
   difficult for requests to be validated and for fraudulent usage to be
   detected. This is just one more example of a well-known risk that is
   all too often not accounted for in the design of a system.

3) Surely there must be a reasonable way to provide legitimate access to
   credit information without making it so easy to obtain illegitimate
   access! As the credit bureaus operate today, any individual who knows
   how to access the credit bureau's computer can apparently locate
   anyone's credit information. It has been demonstrated that we cannot
   place much trust in those individuals at the banks, etc. who have
   access to the credit bureaus. I can imagine an individual whose credit
   information is on file at the credit bureau providing a unique
   'password' to the bank for the purpose of a credit check, but how then
   is that password protected from abuse? (I seem to remember a proposal
   for a relatively secure version of this sort of thing in CACM 3-4
   years ago.) Or is this an inevitable and unavoidable risk of having
   computerized records? I should hate to think so -- it might lead me
   to advocate keeping computers away from such sensitive records.

These issues are not really new, so I think I'll stop at this point,
and wait for the next creative abuse of computerized personal records
to pop up in the news.

Virus in ROM on commodore 64

Jurjen N.E. Bos <>
Sat, 17 Sep 88 12:06:45 +0200
The commodore homecomputer has an EPROM containing the boot and basic software.
This ROM is in principle programmable only if the programming voltage is
applied.  In practice it is possible to modify the ROM by writing to it many
times.  This already caused a severe problems because a crashing program
destroyed the ROM in a computer of a friend of mine.  I do not know if there
already is a ROM virus on the 64, but I'm sure it is possible.  This makes
those computers more vulnerable to viruses than any other homecomputer.

Re: Destructive remote controls

Sat, 17 Sep 88 00:26:17 EDT
>    REMOTE WILL DAMAGE your home TV sets."

I'd say they're just trying to scare you.  I find it hard to imagine a remote
control that puts out enough infrared to even be competitive with direct
sunlight -- and any consumer product must be designed for the possibility of
lengthy periods of direct sunlight.
                                       Henry Spencer at U of Toronto Zoology

Damage by remote controllers

Jurjen N.E. Bos, CWI, Amsterdam <>
Thu, 15 Sep 88 10:49:16 +0200
Talking about TV sets that are claimed to be damaged by remote controllers...
I happened to go to Disneyland lately where I saw the 3D movie "captain EO".
As you might know, this 3D effect is done using a special kind op polaroid
glasses.  They said after the movie was over:
    "Please do not take these glasses as a souvenir.  
    They will impair your vision outside this theatre."
There they go again! What's the difference between this theatre and the outside
world?  Those glasses will either impair your vision on the long run (which I
doubt) or they won't.  The only difference between the inside of the theatre
and the outside world is the 3D illusion they make.  
                                                       -- Jurjen N.E. Bos 

          [Irrelevant to computers, but nevertheless interesting
          as another example of the same approach!  PGN]

Another one-key mishap

Russ Nelson <>
Fri, 16 Sep 88 11:12:20 EDT
When I worked at HP, we acquired a new HP-IB hard disk drive with integral
tape backup.  To perform a backup or restore, you simply pull off the faceplate
and press disk-to-tape or tape-to-disk.  Both switches were identical, and
you can guess what eventually happened...

   [As you might guess, there are about 12 messages pending on variants
   of "rm" pitfalls and other single-keystroke fiascos.  We'll slow down
   on these for a while.  PGN]

Re: ISDN/ANI - What one switch vendor told me

Edwin Wiles <ewiles%netxcom@uunet.UU.NET>
Fri, 16 Sep 88 17:19:43 EDT
In RISKS 7.53 <Allen L. Chesley> Writes:
>      Another point we had questions about, and they could not answer, is what
> happens to all of those companies (like banks) who now do some business using
> the touch-tone key pad.  Under ISDN, signalling uses the "D" channel, not one
> of the voice carrying "B" channels.  Therefore you cannot listen and capture
> touch-tones off of the conversation. 

I'm not absolutely certain that we are talking about the same thing, but
"Feature Group D" services do indeed allow you to capture touch tones off of
the conversation.  (I have worked with this, so I know something about it.)

The ANI signalling *is* done on different lines from the ones that carry the
conversation, and uses something other than DTMF.  However, once the ANI
signalling is done, the receiver of the call performs an "Acknowledgement Wink"
on the special line.  This opens the 'voice path', which is what carries both
the conversation, and any additional touch tones the caller sends.  (Such as a
command code to tell the bank what to do with your account.)

The RISKY thing about this setup, is that it takes an additional "Wink" to
'accept' the call.  Theoretically, you could complete your entire conversation
without sending that wink, and never be billed for the call since the telco
doesn't start billing until the call is 'accepted'.  Practically, if you did it
much, the telco would notice, and you would be "up the evil smelling tributary,
with no visible means of locomotion, and no knowledge of aquatics."

The reason for this setup is so a service can extract further addressing
information before the caller is billed.  This prevents a caller from being
billed for a call which cannot be completed.

DISCLAIMER: I do not work for any telephone company.
        Neither I, nor my company, condone any illegal actions.

Edwin Wiles, NetExpress Comm., Inc., 1953 Gallows Rd. Suite 300 Vienna, VA 22180

Call for Papers, Invitational Workshop on Data Integrity

16 Sep 88 17:39:00 EDT
                         CALL FOR PAPERS
             Invitational Workshop on Data Integrity
                       January 25-27, 1989

                    Sponsored by and Held at
         National Institute of Standards and Technology
             (formerly National Bureau of Standards)
                     Gaithersburg, Maryland

The National Institute of Standards and Technology is sponsoring an
Invitational Workshop on Data Integrity to be held at NIST in Gaithersburg,
Maryland on January 25-27, 1989.  The Workshop will focus on the concepts of
data integrity and data quality, and the characteristics, metrics, and
principles needed to define and provide a suitable framework for data integrity
and data quality.

This invitational workshop is a follow-on to the October 27-29, 1987
invitational Workshop on Integrity and Privacy in Computer Information Systems
(WIPCIS).  The latter originated as a response to a paper by Clark and Wilson
presented at the IEEE Security and Privacy Conference in April, 1987.  That
paper compared commercial and military computer security policies.  The 1987
Workshop focused on commercial sector interpretations of the issues of
Assurance, Granularity and Function, Identity Verification, Auditing, and
System Correspondence to Reality and related these to a data integrity model.

A subsequently-formed data integrity working group of the NIST Computer and
Telecommunications Security (CTS) Council has proposed definitions for data
integrity and data quality.  These have been incorporated, along with other
conclusions, in a paper written by the working group chair Robert H. Courtney,
Jr.  It is intended that this paper serve as a strawman to stimulate responses
in the form of papers to be given at the January Workshop.  The Clark & Wilson
paper would form an example within this framework.  Although computer and
telecommunications system integrity is broader than data integrity, consensus
findings about data integrity would contribute significantly to our
understanding and handling of the broader concerns of integrity.

Papers are being sought from the computer security community for presentation
at the Workshop.  Papers could address but need not be limited to the following
  o  Key principles for achieving data integrity.
  o  Key principles for achieving data quality.
  o  The application of principles to achieve integrity and quality of data.
  o  The attributes of data quality (other than accuracy, timeliness and
  o  Is confidentiality an attribute of data quality?
  o  Connection between Quality Assurance and data integrity.
  o  Connection between Quality Control and data quality.
  o  Relation between data quality and the value of data.
  o  Organization-specific data integrity/data quality policies derived from
     a body of principles.
  o  Cost-Benefit Relationships between security controls and data quality
     and integrity.
  o  Organizational structures for assigning data integrity, quality 
     assurance, and data quality functions.
  o  A realistic internal audit role relative to data integrity and quality.
  o  A reasonable external auditor role relative to data security and its
     subset data integrity.
  o  The relation of people roles (ADP staff, user, internal auditor, 
     quality assurance, quality control) to data integrity and quality.

Papers should be submitted by November 17, 1988 to:
  National Institute of Standards and Technology, Computer Security Division,
  Attn: Zella Ruthberg, A-216 Technology, Gaithersburg, Maryland 20899

Approximately six papers will be selected for presentation and
discussion.  Selections will be made by December 7, 1988.

The strawman paper will be sent on request.  For further background, people may
also request a copy of the report of the 1987 WIPCIS workshop.  The paper and
report are available from Robin Bickel at the above address or 301-975-3359.
For further information on the Workshop contact Zella Ruthberg at 301-975-3361.

Please report problems with the web pages to the maintainer