The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 7 Issue 82

Wednesday 23 November 1988

Contents

o Troubles with automatic vote counting in Toronto
Mark Brader
o Risks of remote registration
anonymous
o The risks of using CACM inserts
Eric Hughes
o Computer Breakin article [San Antonio]
Maj. Doug Hardie
o Ethics and Software
Brian Kahin via Ezra Zubrow and Bruce O'Neel
o Teaching Children Ethics
Homer W. Smith
o Re: toll road speed checking
Brent Laminack
o Privacy vs UK vehicle-identification systems
Andrew Klossner
o RightTouch service
Scott C. Crumpton
o Cordless Telephones
Walker
o Info on RISKS (comp.risks)

Troubles with automatic vote counting in Toronto

Mark Brader <msb@sq.sq.com>
Tue, 22 Nov 88 15:00:59 EST
[Background:  In Canada, voting in all levels of election has been done by the
voter pencilling an X on a paper ballot, which is then counted by hand.
Municipal elections are normally the only ones where multiple offices are voted
on at once, with several X's on the ballot.

In Ontario, all municipal elections are synchronized and they were held last
week.  For the first time, the elections in Toronto used an auto- matic
technique.  The voter had to blacken a circle to vote for a candidate;
obviously optical mark recognition.]

Toronto Star, November 22, 1983:
Toronto is going to make doubly sure that a recount of last Monday's
municipal election ballots is correct.  At an emergency meeting of the
outgoing city council yesterday, politicians ordered staff to recount all
142,107 ballots by hand as well as by automatic voting machine -- an
arduous task that could take several days.

Although provincial law only recognizes the machine count, councillors said
the unofficial manual recount will [!] help to restore confidence in the
city's new $1.6 million automated system.

The recount was recommended by City Clerk Roy Henderson last week after his
staff discovered that a record 1,408 ballots were rejected by the city's
new automated voting machines.  The machines are programmed to reject
spoiled ballots, but Henderson says he finds "it hard to believe that
there were 1,408 spoiled ballots".

Because the rejected ballots were not singled out when they were initially
fed through the machines [sigh!] on Monday, a recount is needed to find
the rejected ballots and examine them, he told council.

Henderson said he believes that the high number of rejected or "unread"
ballots was not the fault of the machines, but due to a cutting error on
the ballots.  Staff ran some ballots through the machine as a test last
week and found that some ballots were not cut properly, but correctly
filled out, were rejected, he told council.

"Any variance of 25 thousandths of an inch would cause the machine to reject a
ballot", he said, quoting information from the Business Records Corporation,
the American company that supplies the city's voting machines and ballots.

The only race in Toronto that could be affected and which wasn't already
so close that recounts had already been called is the contest for public
school board trustee in Wards 9 and 10.  Sandra Bussin beat Anne Ferguson
by 217 votes, but the number of "unread" ballots in those wards was 238.

... Some alderman questioned why the city should do a full recount of all
the wards if the outcome of the election won't be changed and staff already
know what caused the error.

"The electorate has to be confident that the vote tabulation machines do the
job they are supposed to do", city solicitor Dennis Perlin replied.

[There were no such reports of problems from other municipalities in
Metropolitan Toronto which also used the voting machines.]

Mark Brader, Toronto        utzoo!sq!msb, msb@sq.com


Risks of remote registration

Mon, 21 Nov 88 21:44:24 PST
"Touchtone registration" is what many universities are going to, including the
one I work for.  This allows students to register, drop, and add classes from
the comfort of any available touchtone phone.  (There are some on campus for
students that don't have access to one normally.)  Unlike the previous early
registration system, it allows students to choose their own alternatives when
classes are filled or are not allowed.  (class full, conflicting times, not
authorized, etc.)

What worries me is the choice of 9 digit student ID (one will be assigned in
the 900 range for students not supplying their SSN) and 6 digit access code
(the student's birthday).  With this information about any student, it is
possible to rearange their schedule.  (Confirmation of the change is sent in
the mail, assuming that your address is up to date.) Pranks (register someone
for "human sexuality") and dropping someone from a full class so you can get in
are possible abuses, as is changing your mind about a schedule rearrangement
then complaining that you didn't do it.

  [Supposedly, ethically minded students would not entertain such pranks?  
  But, historically, pranks abound among college kids.  On the other hand,
  designing a system to prevent such malicious misuse is not easy.  Note
  that audit trails would not help much, because the record will say that
  the victim was the person who authorized the change!  A written notification
  might help, with some period allowed for appeals that it was not legitimate,
  but that too could be abused intentionally -- e.g., to give you a deferred
  option...  PGN]


Computer Breakin article

"Maj. Doug Hardie" <Hardie@DOCKMASTER.ARPA>
Wed, 23 Nov 88 13:56 EST
The following is taken from Intercom, Vol 28, No 24, Nov, 11, 1988, an
Air Force Communications Command newsletter:

Computer break-in

By Special Agent Mike Forche, AFOSI computer crime investigator

  A computer hacker penetrated an Air Force Sperry 1160 computer
system in the San Antonio, Texas, area.  The hacker was discovered by
alert Air Force Communications Command computer operators who notified
the data base administrator than an un-authorized user was in the
system.  The data base administrator was able to identify the
terminal, password, and USERID (system level) used by the hacker.

  The data base administrator quickly disabled the USERID/password
(which belonged to a computer system monitor).  The data base
administrator then observed the hacker trying to get into the system
using the old USERID/password.  He watched as the hacker successfully
gained entry into the system using another unauthorized
USERID/password (which was also a system administrator level password).

  The hacker was an authorized common user in the computer system;
however, he obtained system administrator access level to the
government computer on both occasions.

  Review of the audit trail showed that the hacker had successfully
gained unauthorized access to the computer every day during the two
weeks the audit was run.  In addition, the hacker got unauthorized
access to a pay file and instructed the computer floor operator to
load a specific magnetic tape (pay tape).

  The hacker was investigated by Air Force Office of Special
Investigation computer crime investigators for violation of federal
crimes (Title 18 US Codes 1030 computer fraud, and 641 wrongful
conversion of government property), Texas state crimes (Title 7,
Section 33.02 Texas computer crime wrongful access) and military
crimes (obtaining services under false pretense, Uniform Code of
Military Justice, Article 134).

  The computer crime investigators made the following observations:

  - USERIDs used by the hacker were the same ones he used at his last
base when he had authorized system access in his job.  The use of
acronyms and abbreviations of job titles will hardly fool anyone; plus
the use of standard USERID base to base is dangerous.

  - The passwords the hacker used were the first names of the monitors
who owned the USERIDs.  The use of names, phone numbers, and other
common easily-guessed items have time and time again been beaten by
even the unsophisticated hackers.


The risks of using CACM inserts

<hughes%math.Berkeley.EDU@cartan.berkeley.edu>
Tue, 22 Nov 88 22:05:29 PST
In the November 1988 issue of CACM, at page A-17 there is a tear-out
postcard for ordering ACM Press book.  On the back of the postcard
there is a blank for one's credit card number and expiration date.

Yes, on a postcard.

Eric Hughes      hughes@math.berkeley.edu     ucbvax!math!hughes


ETHICS AND SOFTWARE

Ezra Zubrow <APYEZRA@UBVMS>
Mon, 21 Nov 88 16:46:00 EST
From: IN%"KAHIN@hulaw1.HARVARD.EDU"  "Brian Kahin 617-864-6606" 18-NOV-1988 
17 : 5 3

Return-path: info-law-request@sem.brl.MIL
Date: Tue, 15 Nov 88 16:36 EST
From: Brian Kahin 617-864-6606 <KAHIN@hulaw1.HARVARD.EDU>
Subject: EDUCOM white paper

Readers of this list may be interested in the white paper, "Property and
Propriety in the Digital Environment: Towards an Examination Copy License,"
just published by the EDUCOM Software Initiative.  The paper, which I prepared
for ESI, proposes to two model licenses to encourage faculty evaluation of
software programs while maintaining respect for the rights of copyright owners.

The first model license is for "circulating evaluation copies" -- i.e. copies
which can be circulated by libraries or other campus facilities.  It is
targeted to commercial publishers of tools and courseware.

The second model license is for "distributable evaluation copies" -- copies
which may be downloaded or duplicated subject to certain conditions.  In
effect, it proposes a standard for "academic shareware" that is more rigorous
than conventional shareware licenses.  It addresses the differences among
shareware licenses by offering a kind of lowest common denominator.  It is
hoped that the model license -- and the kind of user environment that the
EDUCOM Software Initiative is trying to foster -- will encourage academic
authors to disseminate evaluation versions of their software over the academic
networks.

The white paper will appear in the next issue of the EDUCOM Bulletin.  A
specially published version is available on request from the EDUCOM Software
Initiative:

EDUCOM Software Initiative, PO Box 364, Princeton, NJ  08540  609-520-3340
BITNET: esi@educom


Teaching Children Ethics

"Homer W. Smith" <CTM@CORNELLC.ccs.cornell.edu>
Mon, 21 Nov 88 23:05:40 EST
     There is much apathy about teaching ethics to our children.
Some have suggested this is because the ethics that is being taught
is really only in the self interest of the teacher at the
expense of the child.  'It is your DUTY to die for your country
whenever the government calls', etc.

     Others have suggested it is because religions of various sort
have given it a bad name by making ethics some sort of absolute code
of behavior independant of any external circumstances.  If you are married
and there is an atomic war and you and someone else who is NOT your wife
are the only two people left alive, is it immoral to have sex with them
to restart the human race even if there is no preacher to marry you?

     Maybe there is something to be said for these ideas that years
of misuse of teaching ethics for ulterior motives has given it a bad
taste in everyones mouth, but it seems to me that there is still away
to revitalize the subject as long as we leave the religious fanactics and
the parents telling their kids its unethical to talk back out of the
picture.
     One of the most effective ways of teaching new drivers to slow
down and drive carefully is to show them movies of mangled corpses
from accidents.  Sometimes movies are not enough.  After having seen
a few real cars that had been wrapped around a telephone pole, I got
a message through to my brain about something or other that I will
never forget.  Cars are fragile and should be driven with care.

     Maybe by indoctrinating kids with the RESULTS of unethical
behavior in its goriest details and letting THEM decide and vote on
how it came about and what was unethical and how to avoid it, we will
form young adults who are capable of determining ethics for themselves
from the data of the consequences.  Show them the consequences and let
them figure it out, rather than tell them the answer (what is and is not
ethical) and hope they never have to see the consequences.
     How many kids develope sexual tragedies (pregnancy, disease etc.)
because their well meaning (?!) parents never talked to them about sex
for fear they would HAVE sex if they knew about it.  Are we not ALL
suffering from this kind of mentality in America today?
     Christ, kids don't WANT to hurt.  Don't you think we can solve the
teaching problem just as we have solved so many others?   Some would
tell you that people are bascially bad, certainly seems this way sometimes.
Maybe people look into their own hearts and they see THEY are basically bad
so they teach that others are also.  But maybe this is all wrong.
Maybe people are basically GOOD.  Even bad people.  Maybe something
went wrong.  Maybe it is up to us to figure it out and do it right.

     The solution to apathy is to realize that there IS a problem,
and there IS an answer, and WE WILL find it.  You just keep going
until you do.  The only other answer is to lock everyone up at birth.

Homer W. Smith
Senior Programmer
Hubbard Fractal Research Facility
Cornell National Supercomputer Facility


Re: toll road speed checking

Brent <brent@itm.UUCP>
22 Nov 88 14:05:48 GMT
    Pennsylvania has been using entry-exit tolls on the Penn
Turnpike for a good many years now.  One of the main problems
they ran into when they first cut over about a decade ago hasn't
been mentioned here yet:  Unsynchronized clocks.  That's right.
There was no "master clock" for all the toll booths.  The problems
are obvious.  On short trips you found yourself exiting *before*
you got on (does this mean they pay YOU a toll?) or on medium-length
trips, it was common to average somewhere over 400 miles per hour 
between two certain booths.  This was during the era of mechanical
clocks, but such problems could easily carry over to the electronic age.

   brent laminack (gatech!itm!brent), In Touch Ministries, Atlanta, GA


Privacy vs UK vehicle-identification systems

Andrew Klossner <andrew@frip.gwd.tek.com>
22 Nov 88 16:46:36 GMT
    "Why not make use of such a system voluntary? ... The principle
    seems to me to be that if you are potentially diminishing
    someone's privacy, they should have a choice about it, and the
    costs and benefits should be made clear."

In the proposed scheme, people who desire privacy must single
themselves out by entering the queue of those who want privacy.  This
alone diminishes their privacy.

It's similar to a (fanciful) scheme in which voters can choose the
"express, no privacy" line, where others can see their choices, or can
select a standard voting booth.  Those who choose to vote in privacy
may be stigmatized as those who have "something to hide."

Andrew Klossner, Tektronix, Wilsonville, Oregon 
(uunet!tektronix!hammer!frip!andrew)    [UUCP]


RightTouch service

Scott C. Crumpton <NESCC@NERVM.NERDC.UFL.EDU>
Wed, 23 Nov 1988 09:12:05 LCL
The following blurb along with a flyer appeared in my phone bill
yesterday (Upper/lower case added by me):

       Suspend, restore and disconnect with RightTouch(SM) service

   You can suspend, restore or disconnect your Florida home telephone
   service at your convenience with Southern Bell's RightTouch
   service.  You can use RightTouch service 24 hours a day, seven days
   a week by dialing 1 800 826-6290 from a touch-tone telephone.
   There is no additional charge for using the service, although the
   normal charge for restoring your phone service still applies.

   To access RightTouch service, you will need the personal access
   code (PAC) shown below.  This code has been assigned to your
   telephone number and should be protected as you would a credit
   card.

                   ***Personal access code xxxx***

   Once you dial the RightTouch service number, easy-to-follow verbal
   instructions will guide you through the ordering processing to
   suspend, restore or disconnect your phone service.


Yet another 'service' I can do without, but there's a positive
side to this one.  It's currently possible to initiate some types
phone company service orders via a simple verbal phone call.  No
significant attempt is made to identify that the caller is who they
claim to be.  If RightTouch eventually *replaces* that process then it
may actually be an improvement.  It depends on how well it handles
repeated invalid password attempts.   ---Scott.


Cordless Telephones

<walker@ficc.UUCP>
Mon Nov 21 14:28:06 1988
Last week I purchased and installed a cordless telephone.  It is
marketed as the "Freedom Phone" by Southwestern Bell (the local AT&T
spinoff).  After one phone conversation, I noticed that, for a very 
brief interval, I could hear what sounded like another conversation.
I've experienced cross-talk on long-distance calls, but this was a
local call.  Anyway, I suspected that I was hearing another cordless
telephone.

To verify this, I unplugged the base unit (to kill its carrier signal),
and, by golly, I could hear *both ends* of on of my neighbor's phone
conversations (I recognized my neighbor's voice!)  I checked the
manual to see what to do about this - after all, if I can hear my
neighbor, couldn't he hear me?  The "Freedom Phone" transceiver uses
any one of 10 channels in the 46-49 MHz range, selectable by an
internal rotary switch.  Well, I switched the handset to each of the 10
possible channels, and could hear conversations on EVERY CHANNEL!

The unit has a 9-bit "security" DIP-switch, but this seems to only
prevent another handset on the same frequency from accessing my base
unit.

The unit advertises a range of 1000 ft., and I'm sure that range is for
usable access of the base unit.  Actual audible signal range appears to
be MUCH farther.

When actually using the phone properly, with the handset in close
proximity to the base unit, the relative signal strength of the units
is much stronger than a neighbor's more distant unit, so you are
normally unaware of a neighbor on the same channel.  However, when
using the cordless phone, I now always consider that others may be
listening!

Please report problems with the web pages to the maintainer

Top