The RISKS Digest
Volume 8 Issue 06

Thursday, 12th January 1989

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Computers and Civil Liberties, article by Gary Marx
Ronni Rosenberg
o Losing systems
Vince Manis
o Our blinders [with respect to RISKS]
Don Alvarez
o Totally secure MAIL & infallible aeroplane warning systems
Nigel Roberts
o "Disaster Becomes a Matter of Routine"
Steve Philipson
o Re: Biased coverage of hacker's convention by CBS
Richard Thomsen
Udo Voges
o Name this book — for a box of cookies!
Cliff Stoll
o Info on RISKS (comp.risks)

Computers and Civil Liberties, article by Gary Marx

Ronni Rosenberg <>
Thu, 12 Jan 89 13:07:11 EST
    "This is the year of spying kits for kids," by Gary Marx

In a popular song Paul Simon tells us that `these are the days of miracle and
wonder.'  Surely this is so for the lucky child faced with a cornucopia of
computer and other electronic toys this holiday season.  But among the games
and educational tools is one category that should give us pause: spy toys.

In one catalogue, under the heading `Toys to Grow On,' for $19.95 you can
have Super Ears, which `help you detect even the slightest sounds!  Slip on
the headset and aim the disk; even if your target is far away, you'll hear
every rustle, every footstep, every breath, and every word!'  Another
stethoscope-like device permits you to hear `quiet breathing, through a
concrete wall a foot thick' and with `fidelity good enough to record.'  And
for only a few dollars, stockings can be stuffed with a Dyna-Mike Transmitter;
smaller than a quarter, it `will transmit every sound in a room to an FM radio
tuned to the proper frequency' up to two miles away.  Consider, too, the
possibilities of voice-activated miniature tape recorders that can be slipped
into a pocket, a drawer or under the bed.

In the wonderful world of advertising, eavesdropping is defined as a game and
spying on others is portrayed as fun and exciting.  Sellers argue that such
toys are also educational in introducing children to the mysteries of sound,
hearing and electricity, not to mention toe practical skills being developed.

In addition to listening to sounds in the woods and to playmates, older
brothers and sisters and even mommy and daddy can be secretly spied on.
Imagine the fun!  Think of the implications for the family power structure.
Children are now offered technical means of watching their parents, as well
as the reverse.  Children's rights take on new meaning.  As an added benefit,
adults may behave better at home, both because they want to set a good example
for curious children and because they fear being turned in by them.

And it is fun to spy on people.  Such `toys' directly feed childhood fantasies
of omnipotence.,  While not the same as being Superman and able to fly, it is
magical to be able to overhear conversations through a wall or from several
hundred yards away, or to secretly capture sound and play it back.

But it can also be wrong.  To encourage children to play at such activities
without at the same time instructing them in the immorality of invasive
information technology is irresponsible.

Defenders of toy guns argue that their products are just make-believe and are
harmless because they don't really work.  Children can indulge their violent
or protective fantasies without doing any immediate harm or confusing their
game with reality.  But this is not the case with many of the surveillance
devices.  They are attractive because they really do work.  Children are no
longer required even to pretend or to fantasize.

In becoming accustomed to such toys and the pleasures they bring, the seeds of
an amoral and suspicious adulthood are unwittingly being cultivated.

There are parallels to computer hackers.  How many of the growing number of
young computer criminals have simply carried over into their adult life a
juvenile game view of computer hacking, in which morality is irrelevant and
all that matters is the technical challenge?  Will private bugging,
wiretapping and video surveillance expand as a generation matures having had
these devices as childhood toys?

Children are also learning about the world of surveillance from the many
child-monitoring devices marketed for parents: transmitters clipped to a
child's clothing or put into a shoe that trigger an alarm on a parental
monitor if the child strays out of the signal-range area; wide-area
room-scanning by remote video; audio devices in children's bedrooms; at-home
urine tests for drugs.  What must the world look like to the child subjected
to these devices and simultaneously also given spy toys to play with.

At holiday time in a free-market economy, it is probably subversive or worse
to suggest that toys be banned on the basis of the bad moral message that they
send, rather than on the basis of the physical damage that they can do.  Yet
in the long run the latter may even be more costly because it is insidious and
its effects subtle and long-lasting.

One would hope that parents would favor toys that build trust and cooperation,
or that are at least neutral in the moral lessons that they bring, rather than
those that encourage spying and deception.  Children's and consumer advocacy
groups might add surveillance toys to their opposition to toys of violence.
At minimum there should be warning labels on such listening devices indicating
that their use in certain ways is illegal.  The toys should also come with
guidelines for appropriate use and instructional materials to help parents
discuss with children the moral issues around surreptitious listening and

In his novel `It Can't Happen Here,' Sinclair Lewis warned that if liberty
ever were undermined in the United States, it would be from within and would
occur gradually, even benignly.  He didn't have such toys in mind, but they
nicely illustrate his point."

[Dr. Marx is on the faculty of MIT's Dept. of Urban Studies and Planning and
author of *Undercover: Police Surveillance in America* (University of CA Press,
1988).  This op-ed article appeared on Christmas Day in The Los Angeles Times
and was reprinted with the author's permission in MIT's Tech Talk on 1/11/89.]

Losing systems

Vince Manis <>
Thu, 12 Jan 89 04:43:19 PST
I don't get it. An issue of Risks arrives with not one but two accounts of
megabuck systems which essentially go into the trashcan.  Yet there are all
sorts of things, ranging from better procurement practices through structured
systems analysis which are supposed to have made these white elephants a thing
of the past.

I can think, offhand, of a number of hypotheses to explain the
continuing inability to deliver reliable, useful, on-budget software:

1) the technical people are all incompetent (I'm in the process of marking data
structures exams at the moment, so maybe I'm giving this one more credence than
I should!)

2) management people are all incompetent (perhaps in hiring incompetent
technical people, perhaps in interfering with technical aspects of the
procurement process)

3) large bureaucratic structures of the sort found in government and industry
inherently interfere with the development of usable systems

4) the `structured programming revolution', and structured systems analysis,
really don't count for much

5) structured systems analysis is a good idea, but practitioners don't know how
to apply it effectively

Undoubtedly, the true answer is a mixture of these, along with others that I
just can't think of at 4:45 am. The issue is not finding a specific cause (if
#3 is to blame, there's not too much we can do about that!); rather, we as
professionals should try to identify the factors which bring about system
demise, and loudly describe them to all and sundry.

It seems clear that all the methodologies in the world won't rescue a system
which is designed by an administrator in conjunction with a marketing person
from a vendor; nor would one expect anything worthwhile from a system effort in
which no user/management input was ever solicited. We have to do more of a job
of explaining the limits and the imperatives of the technology to non-technical
people than we've been doing so far.

   [By the way, today's San Francisco Chronicle has an article on the new
   computer system for the Bay Area Rapid Transit (BART) that is finally being
   readied for operation, many years late and many millions of dollars over
   budget.  PGN]

Our blinders [with respect to RISKS]

Don Alvarez <>
Thu, 12 Jan 89 11:59:11 EST
     RISKS is a forum dedicated to computer related risks, so it is natural
that the articles presented should focus primarily on risks and computers.
This reader, however, often feels that the conclusions reached here miss
important points because the authors have consciously or unconsciously wrapped
themselves in RISKS blinders.
     Since they arrived this morning, I will use the two articles in RISKS 8.5
as examples: "Digital Photos and the Authenticity of Information" (Dave
Robbins) and "Medical software" (Ivars Peterson via Robert Morris).
     The first article begins with a discussion of computer editing of
photographs, and the ease with which such previously incontrovertible evidence
can now be forged.  The author then goes on to make three main points, which I
will restate briefly:
     1)  Electronically stored records can be altered or forged without
         leaving any visible traces.
     2)  Computer technology makes it easier to forge or alter records
         because more people posses the neccesary skills.
     3)  Computer technology makes it possible to store such large amounts
         of data that we are unable to check the validity of any
         single record.
     I certainly agree with Mr. Robbins that there are important issues raised
by computer based record keeping, but I don't believe these three are among
them.  The first and third points are related, so I will discuss them together.
While the sheer mass of information makes it more difficult to authenticate
records by "conventional" means, these records are not unauditable.  This same
mass of records enables far more sophisticated consistancy checking than was
ever before possible.  Welfare fraud is possible in a non-computer based
environment, but sorting the ranks of welfare recipients against the owners of
40 foot yachts and mercedes-benz automobiles is not.  With regards to the ease
of forging provided by computers, I do not agree with mr. Robbins in any way.
Yes, there are some individuals who are now able to forge records far more
effectively than they ever could in the past, but this is ignoring the tens or
even hundreds of thousands of people who could forge records in the past but
are unable to now.  In high school, I could forge the birthdate on my drivers
license with a pencil and a piece of chalk.  I'd like to see the typical high
school kid do the same level of forgery to a microprocessor controlled smart
card.  It is true that forgery of photographs is coming into the hands of the
common "criminal," but the very ease of forgery will be what is responsible for
removing such records from the ranks of acceptible evidence.  Video tapes will
probably continue to be acceptible until such time as they can be economically
     In RISKS, we tend to have our blinders on to the dangers alone.  There are
unquestionably very real risks in our information based society, but if you
look at the risks in a vacuum devoid of gains and benefits, you will deprive
yourself of enourmous advantages.  I may have arguements with the enormous
corporations which maintain my credit records, but at the same time I am very
thankful to them for providing the service which enables me to walk into any
store anywhere in the world and pay for goods in any currency with a small
piece of plastic which is linked to my bank account.
     The second article, on "Medical Software" is an example of a different
kind of blinder which we wear.  The problem of testing and validating advanced
hardware is not in any way unique to computers.  Within my lifetime we have had
advances across the board which raise these questions.  Electric motors have
become so powerful, lightweight, and common place that manufacturers of lawn
tools have to explicitly state that the lawn mower should not be carried at
waist height to trim shrubs.  Hair driers and portable radios have become so
ubiquitous that manufacturers have to worry about consumers placing them in or
near the sink or shower.  The only thing which makes the computer industry
unique is that it is young enough to have been granted special priviledges to
sell incomplete or unfinished products.  General Motors issues a recall.
Microsoft SELLS you version 4.0.
     Product liability is extremely important in the computer field, as it is
in any other field, but we should not place our selves on so high a pedastle
that we can not see the connections between what we are doing and what other
fields are doing, because that is precisely what got us into this problem in
the first place.

Totally secure MAIL & infallible aeroplane warning systems

Nigel Roberts <>
Thu, 12 Jan 89 06:20:36 PST
Following as it did the intelligent & informed _Guardian_ leader article 
on the risks on technology (RISKS 8-4), there was an item today's paper, 
in the COMPUTER GUARDIAN section which makes me really shudder. 

In an article comparing the changing roles of FAX, telex and electronic 
mail, Warren Newman writes:

   "There are disadvantages to FAX and telex. The main one being lack 
   of confidentiality. An electronic mailbox is secure. You have the 
   key in the form of a password and only you can look at the contents.

   Most fax machines and telex machines are kept in common service areas
   where a secretary or clerk will collect the message and deliver it"

            — from "Fax becomes a favourite",
               Computer Guardian, Thursday January 12 1989

What nonsense! This sort of thing perpetuates the conspiracy of silence 
concerning risks of electronic mail systems.

Going back to the subject of the 737 crash at East Midlands Airport,
I noticed another item of possible interest to RISKS readers in today's

    "Mr Freddie Yetman, technical secretary of the British Airline
    Pilots' Association [the pilots's union --NR] said that the 
    investigators 'must have some suspicion of these circuits'.

    'It points to a possible spurious warning being given to the
    flight deck. But how the devil do you get a spurious warning
    from an infallible system?' "

            — from "Suspect jets are grounded",
               The Guardian, Thursday January 12 1989

Nigel Roberts, Munich, W. Germany

"Disaster Becomes a Matter of Routine" (M1 Plane Crash, RISKS-8.4)

Steve Philipson <>
Thu, 12 Jan 89 12:19:17 PST
   The underlying implication of the excerpted article is that high technology
should bring perfect safety.  This is not a premise that most of us would
consider valid.  It is also not necessarily the goal of all high-tech systems.

   Improved technology is supposed to bring some kind of improvement.  It might
be improved safety, performace, economy or something else.  Our modern
airliners have clearly shown themselves to be superior in many ways to our old
models.  The latest airline technology has not yet had a chance to prove itself
in service, but the new features are intended to yield all-around "better"

   Fighter aircraft on the other hand, are not designed to be the safest
vehicles we can make, but rather are intended to be able to survive hostile
threats while successfully attacking a target.  Their hi-tech is primarily
directed at military goals.  Indeed they do crash, and they are dangerous.  It
is not higher technology that is the problem though, but rather the nature of
fighter aircraft tactics and training.  Training in populated areas will
involve costs in lives on the ground.  That is not an issue of technology but
rather one of policy.

   High technology, including computer technology, is not going to solve
all of our problems at once.  The author of the article observes this in 
the last line of the quoted paragraph.  On the other hand, high-technology
is not necessarily creating worse problems.  In this case, new airliners 
are not necessarily less safe.  What we as technologists must do is make 
the public aware of the limitations of our work, so that backlash against 
the failures that will occur will not prevent us as a society from making 
progress, improvements, and bettering the lot of mankind.

Re: Biased coverage of hacker's convention by CBS

Richard Thomsen <rgt%beta@LANL.GOV>
Thu, 12 Jan 89 08:38:31 MST
In the March 1989 issue of ANALOG Science Fiction/Science Fact, there is a
quote from George Gerbner as follows:

    If you can write a nation's stories, you needn't worry
    about who makes its laws.  Today, television tells most
    of the stories to most of the people most of the time.

Welcome to the ranks of those who get bad and biased press [...].
                                                    Richard Thomsen


01/12/89 12:45:13 CET
Call for Papers and First Announcement
IFAC/IFIP-Workshop "Safety of Control Computer Systems"
December 5-7, 1989, Vienna, Austria

SAFECOMP'89 will deal with safety related applications of industrial
computer systems. Such systems are used in transportation, production
industry, power plants, medical and emergency systems. New aspects have
to be considered by the extension of electronic data interchange for
trade (EDI) and computer integrated manufacturing. The objective is to
reduce the potential to injure, kill, lose property or cause hazard
to environment. It should be noted that for systems with safety and
environmental protection the problems of guarantee and product
liability are closely related.

+ Planning, Specification, Design and Architecture of safe computer systems
+ Verification and Licensing of safety related computer systems
+ Operation and Maintenance of safety related computer systems
+ Safety related Documentation and Project Management Techniques
+ Identification, metrics and recognizing weak signals for improving safety
+ Applications, case studies and experiences
+ Data on safety related systems and data collection
+ Measurement of Quality for safety
+ Standardisation questions
+ Aspects concerning human and living environment
+ Artificial Intelligence for safety related applications
+ Tools and systems approach for achieving safe computer systems

+ Four copies of the abstract (in English) should be received not
  later than 15 january 1989.
+ Notification of preliminary acceptance: 28 Febr. 1989
+ Submission of full paper: 30 June 1989

Austrian Center for Productivity and Efficiency, OEPWZ, 
Dkfm. Mag. W. Steiskal, Rockhgasse 6, A-1014 Vienna  AUSTRIA
Tel.: +43 222 638636  Telex: 115718 oepwz  Telefax: +43 222 63863636

This Workshop is the next in series to Safecomp'88 (see RISKS 7.78)

Udo Voges, KFK Karlsruhe, IDT766@DKAKFK3.EARN

Name this book — for a box of cookies!

Cliff Stoll <cliff@LBL.Gov>
Tue, 10 Jan 89 02:10:18 PST
Fellow Riskees:

I'm writing a book, and I need a title.

It's about computer risks:  counter-espionage, networks, computer security, 
and a hacker/cracker that broke into military computers.  It's a true 
story about how we caught a spy secretly prowling through the Milnet.

Although it explains technical stuff, the book is aimed at the lay reader.
In addition to describing how this person stole military information,
it tells of the challenges of nailing this guy, and gives a slice of 
life from Berkeley, California.

You can read a technical description of this incident in the 
Communications of the ACM, May, 1988;  or Risks Vol 6, Num 68.

Better yet, read what my editor calls "A riveting, true-life adventure of
electronic espionage" ... available in September from Doubleday, publishers of
the finest in computer counter-espionage nonfiction books.

So what?

Well, I'm stuck on a title.  Here's your chance to name a book.  

Suggest a title (or sub-title).  If my editor chooses your title, 
I'll give you a free copy of the book, credit you in the acknowledgements, 
and send you a box of homemade chocolate chip cookies.

Send your suggestions to   or   CPStoll@lbl (bitnet) 
             Many thanx!    Cliff Stoll

  [Weihnachts STOLLen (German Christmas cookies) might be appropriate for
  the cookies.  With a different publisher, Cliff could have called the book
  "Stalking the Wiley Hacker".  But since Abner Doubleday is widely credited
  with having invented baseball, you could call it "Who's on Wurst?".  PGN]

Please report problems with the web pages to the maintainer