The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 8 Issue 44

Tuesday 21 March 1989


o Computer-Justified Citations
Kevin Driscoll
o Vehicle ID tags, cont'd
Steve Smaha
o Ethics question re fonts
Michael Harrison
Elliott S Frank
o Risks of shirt-pocket size floppy disks
Roy Smith
o Re: Pushbutton Banking
Robert English
o Credit card magstripe-encoded pictures
Peter Scott
o Re: Remote Smart-Cards, English and Welsh soccer
Craig Cockburn
Dick King
o Re: Risks of Registering Software
Bill Murray
o Collecting for Shareware
Bill Murray
o Info on RISKS (comp.risks)

Computer-Justified Citations (Re: RISKS-8.40)

Kevin Driscoll <>
19 Mar 89 19:45:21 GMT
Recently, in Atlanta, Georgia (GA), I was stopped and given three (!)
traffic citations, when it was obvious that I was guilty of none:

  "Offense":                            Reality:
  ---------------------------------     -------------------------------
  Turning where posted No Left Turn     Not posted
  Driving without valid license         Gave officer valid license
  Driving without insurance             Gave officer proof of insurance
  ---------------------------------     -------------------------------

I gave the officer my plastic Minnesota (MN) license, which indicated that it
had just been renewed (MN clips the corner of the plastic card when a new one
is ordered) and the temporary paper license that MN issues to cover the 45 day
period it takes to make a new plastic card.  The officer refused to accept this
documentation! He said his computer did not show that I had a valid license.
When I suggested that he retry his computer query (he may have made a mistake
in typing, the GA or the MN computer or the connection between them could be
having problems), he refused to do so!

His rationale for giving me a citation for no insurance was that I had signed
the collision damage waiver for the National car I was renting.  Apparently, he
doesn't know that most major car rental companies are fully self-insuring for
liability and he also doesn't know the difference between collision and
liability insurance.  He also refused the proof I had in hand that I also was
covered by American Express, AND Honeywell, AND my personal MN liability
insurance.  I guess that none of this paper would stand up against his
computer, which would only show GA insurance registration.  Being quadruply
insured with documents to prove it didn't help me at all.

The next day I saw an Atlanta newspaper article by Bette Harrison entitled "The
Bureaucracy Zone" (in the style of the "Twilight Zone") about foul-ups in GA's
handling of auto insurance information.  The article tells how the GA Highway
Patrol visited a man's house and confiscated his driver's license because of a
clerical error.  After explaining that GA insurance companies must inform the
Department of Public Safety (DPS) of any policy changes, the article records
the following conversation between the man's insurance agent and the DPS:

   Agent:  Look, if I send my policyholder down there with a letter from us
   indicating his policy didn't cancel, a copy of his insurance company's
   reinstatement notice, and a completed copy of your form O.C.G.A. 33-34-11
   which we completed and and returned to you on Nov. 10, 1988 and he is
   stopped, what will happen?

   DPS:  He'll be arrested and his car will be impounded.   

   Agent:  You've got to be kidding.

   DPS:  That is our procedure.

   Agent: This is a clerical error and he is coming with the proof.  Why
   should you penalize someone for a clerical error?

   DPS:  That is our procedure.

   Agent to reporter:  See, the machine that sits on their desk has become
   their God!  They believe because the computer says it's right, it is.
   . . . There are three issues here: the penalization of the American public
   due to our dependency on computers; the bureaucratic attitude that we
   experience at every level; and a system that doesn't have safeguards to
   prevent the innocent from being victimized along with the real violators.

I can confirm what the agent said.  GA gave me two options, plead guilty or go
to court.  Pleading guilty to three moving violations (yes, in GA license and
insurance are also moving violations) would mean loss of my license when GA
forward the guilty info to MN.  MN suspends licenses for 3 moving violations in
6 months.  This happened on a Thursday.  The officer said he only appeared in
court on Mondays.  But next Monday was too soon.  It seems that GA's computer
system can instantly accuse me of crimes, but it takes more than four days to
get information from the police department to the courts!

Just before I left GA on the following Wednesday (almost a week later), I went
to the Traffic Court to see if I could straighten things out.  The citation
information hadn't gotten there yet! I told the clerk my story, and said that I
had, with me, the proof of license and insurance.  She said, "OK, give me your
copy of the citation and the fine and we can process it."  Fine?  She thought I
was pleading guilty.  Bringing in proof of license and insurance (if you have
them) is required to plead GUILTY! Not only must a driver have both, but also
must have them in the car when driving.  Bringing them in later is no proof of
not being guilty.

I spent all of that afternoon convincing the Court to let me see a judge and to
plead not guilty.  The majority of the cases I witnessed while waiting for the
judge were license and insurance citations.  In the first concession to
reasonableness I had seen in this affair, I got the license and insurance
citations dropped.  However, the judge said I would have to come back for the
No Left Turn citation.  I had to be in California the next Monday, so I asked
if I could do it by deposition through the mail.  No, I had to appear in
person.  So one can be accused by remote information by cannot use the same
process for defense.  Not being able to be in Atlanta, I have pleaded nolo
contendere under duress.  I nolo plea HAS to be handled through the mail and
can be accepted or rejected by a judge.  I am still waiting for the outcome.

The moral:  When in GA, watch out, that caricature of southern justice may now
have silicon help.

P.S.  You would think that Atlanta, which is trying to be a major convention
city, would have special provisions to make things easier for out of state
visitors.  Because just the opposite appears to be true, I will stay clear of
Atlanta.  Also the conventions and meetings that I have influence over will
also not be in Atlanta.

Kevin R. Driscoll, Principal Research Scientist  (612) 782-7263  FAX: -7438
Honeywell M/S MN65-2500; 3660 Technology Drive; Mpls, MN 55418-1006

   [In the old days — 40s, 50s, maybe even 60s — Georgia was famous for its
   speed traps, e.g., 15 mph (poorly marked) for a few yards in the middle of a
   stretch of 45 mph, with squad cars and a judge sitting there waiting for
   unsuspecting out-of-staters.  Apparently "Poli want a Cracker" is NOT the
   operative principle — except maybe for Floridians.  PGN]

vehicle ID tags, cont'd

Steve Smaha <Smaha@DOCKMASTER.ARPA>
Tue, 14 Mar 89 21:33 EST
From the 6 March 1989 _PC Week_:

  Like every other U.S. airport, San Francisco International always charged a
monthly fee to the rental-car and hotel courtesy vans that sweep through its
terminal areas to pick up customers.
  But the flat rate became problematic.  Courtesy vehicles, free to swarm
through ground-transportation areas as often as they liked, jammed up the
limited space in passenger pick-up areas.  Airport managers even began
suspecting courtesy vans were driving into passesnger areas "more for
advertising than for carrying people," said Sheldon Fein, airport manager of
traffic control.
  Now, the airport is pioneering a PC-based system it hopes will relieve
traffic congestion and help it bill courtesy providers for every time they
cruise by.
  The airport is requiring vehicle [sic] to mount radio-frequency
identification tags on the roof of each vehicle.  Each electronic tag, made by
General Railway Signal Corp. of Rochester, N.Y., emits a unique ID code that's
logged automatically by overhead receiving boxes every time a vehicle drives
into a ground-transportation area.
  The receivers link by modem to a back-office PC AT, where custom-developed
software help bill vehicle operators accurately and report on driver activity.
  Now, instead of $50 to $100 a month, vehicle operators pay 35 cents a trip.
The fee will hit $1 next January.  Fein believes this will reduce traffic jams
and create an airport profit center.

[There are other vendors for such systems, as well.  I wonder what the reset
time is for a sensor?  If I drove my (slightly-modified) personal vehicle
slowly beneath a sensor, could I enrich the Airport with hundreds of my
competitors' dollars?  Could I trigger every sensor in the area?  Would they
receive an appropriately itemized bill?  Would anyone (except Cliff Stoll) even

Ethics question re fonts

Michael Harrison <harrison@mahogany.Berkeley.EDU>
Tue, 21 Mar 89 09:07:47 PST
Several colleagues have been kind enough to tell me about the message sent to
the Risks Forum by Randall Neff of Stanford University concerning my recent
seminar talk on the VorTeX project.

In this note, I hope to set the record straight and to clear up Mr Neff's

1. As Mr. Neff indicated, the VorTeX group implemented an interpreter to
display PostScript on our workstations.  Adobe has given us a license to use
their PostScript commands in this software.

2. It is also the case that in order to preview output, we needed outline
fonts.  When we inquired about the use of Adobe fonts, we were told that they
were not available (at any price).  I attempted to obtain fonts from Bitstream,
but their price of $85,000 plus royalties was beyond our means for research

Mr. Neff's quotations are erroneous.  I never objected to Adobe's refusal to
let us use their fonts.  That is their right.  I did express concern that
commercial interests were forming an impediment to research in document

3.  In the US, type faces may not be copyrighted (although their names may be
trademarked).  It has always been perfectly legal to measure or photograph
characters appearing in a book, for example, and to use those measurements or
images for the type face of some other manuscript.  In our case, we wrote
Postscript code that measured the characters of various fonts, and then used
curve fitting to reconstruct approximations to the shapes of the original
characters.  As I indicated in my talk and others have discussed in this forum
our methods were legal and proper.  It is unfortunate that Mr Neff thought we
were trying to put one over on Adobe.  He alleges that we acquired Adobe's
product.  This is certainly incorrect.  In particular, we did not try to
extract the "hints" that make low-resolution rendering possible, although
others done so.

4. Once we had devised this approach, which seemed to solve our problem, I
phoned a senior staff member at Adobe to report what we had done and to find
out if Adobe had any problems with it.  After telling me that he knew a faster
way to do what we were doing (but not indicating what it is!), he said that he
would report it to management and that I should expect a call.  A day later, I
received a call from the Adobe general counsel requesting only that I obtain a
license for the use of the PostScript instruction set.  We honored that

Thus not only do I see nothing unethical about our behavior, Adobe has
registered no objection.

5. Finally, let me mention that there was a formal question/answer session at
the end of my seminar.  I stayed around afterwards talking with people.  After
that, there was a dinner to which all interested parties were invited.  Mr Neff
had ample time to raise ethical or any other issues with me had he chosen to do
                 [Messages from Mike Haertel and Kenton A. Hoover reiterated 
                 one or two of Mike's points, and are omitted here.  PGN]

Re: reverse engineering of type fonts

Elliott S Frank <>
Fri, 17 Mar 89 10:09 PST
This latest controversy [about UCB "reverse engineering" Adobe fonts] smells
suspiciously like the incident several years ago in which another UC campus
duplicated and distributed around the campus multiple copies of a CAD package.
When sued by the owners of the CAD package, the successful defense was that the
Regents of the University of California *are* the State of California, as so
far as the law is concerned; and, under the Constitution, a State may only be
sued with its consent and the Regents did not consent to be sued.

This suggests that under current case law, there is a significant commercial
risk in selling (or, far worse, allowing to be sold) intellectual property, or
anything containing significant intellectual property, to, at least, anyone
involved with the UC system. Since it appears UC is not bound by the usual
"fair use" rules of copyright, we may now start to see strange restrictions in
the "shrink wrap" agreements as companies and their lawyers attempt to protect
their products.

Elliott Frank      ...!{hplabs,ames,sun}!amdahl!esf00     (408) 746-6384
               or ....!{bnrmtv,drivax,hoptoad}!amdahl!esf00

[the above opinions are strictly mine, if anyone's.]

Risks of shirt-pocket size floppy disks

Roy Smith <>
Tue, 21 Mar 89 11:31:57 EST
    I suddenly remembered just now that 1) I don't remember taking the
3.5" floppy out of my shirt pocket last night and 2) My wife was doing
laundry this morning.  Yet another risk to data integrity.  Gives another
definition to "cleaning out your old files".  We didn't have these problems
back in the old days; when's the last time you forgot to take a reel of
tape (or a deck or cards!) out of your pocket before doing the laundry?

Re: Pushbutton Banking (Lynn Grant, RISKS-8.38)

Robert English <>
Mon, 20 Mar 89 11:14:01 pst
I found this message highly disturbing.  Not only did this obvious weakness not
occur to the bank, but after it had been pointed out, there solution was
removing the individual that noticed from the system, rather than doing
anything to fix the problem.

Credit card magstripe-encoded pictures

Peter Scott <PJS@grouch.JPL.NASA.GOV>
Sat, 18 Mar 89 11:17:19 PST
   [A comment on Henry Spencer's comment in RISKS-8.40 on Ruaridh Macdonald's 
   "A Touching Faith in Technology", RISKS-8.35]

An item that could be encoded on the magstripes in credit cards that would pose
little privacy risk while enhancing protection for the consumer would be a
digital image of the credit card holder.  When they apply for their card they
send in a picture, and their card's stripe is encoded with a compressed image,
say 100 * 100 * 8 bits.  A display terminal would be small and reasonably cheap
in mass production, and would end a great deal of credit-card fraud.  I see no
disadvantage to the consumer.  Of course, if they just laminated the photograph
on the credit card in the first place...  but perhaps using the stripe would be
easier since it requires no time-consuming human intervention in the card
fabrication process, and the company could store your digitized image along
with your account information.  (Which provides new possibilities for verifying
your identity over the telephone: "So, sir, do you still have that wart on the
left side of your nose?" "What wart?" "That's what I wanted to hear.  How may I
help you?") 

Peter Scott (

Re: Remote Smart-Cards (for English and Welsh soccer) (RISKS-8.41)

Craig, PhaseV & FCNS <>
21 Mar 89 11:08
The bill I believe only requires ENGLISH and WELSH football clubs to enforce
the card ID scheme. Scotland is EXEMPT from this scheme, probably for much
the same reasons as ENGLISH and WELSH teams were banned from playing on the
continent (and still are), whereas Scottish teams ARE NOT.

Please use the term `English and Welsh' instead of UK, when the bill does
not apply to Scotland (I don't know the exact situation in NI). Scotland has
it's own laws, and is proud to remain separate from its southern companions.


                 [Hmm.  Amusing that this message follows contributions
                 from English and Scott?  But no one is Welshing.  PGN]

Remote Smart-Cards (RISKS-8.41)

Dick King <>
Tue, 21 Mar 89 09:01:28 PDT
Why is writability necessary for anti-passback?  Seems to me that remembering
what cards have been used is more than sufficient.

Putting writable cards in the hands of the public and trusting what they say
would be just "asking for trouble" in this country, and likely so in other
countries.  The one thing you probably want to be able to say to a card is
"please, card #1234, don't squawk for ten seconds", so the electronic turnstile
could make sense out of a crowd.  But even this is probably unnecessary with
careful design.

Re: Risks of Registering Shareware

Tue, 21 Mar 89 08:13 EST
There seems to be an implicit assumption here, and in other discussions on
RISKS, that simple possession on my credit card number is all of the
authorization that one needs to charge me.  It should be noted that all of the
ethical people with whom I do business by credit card do have my number.  They
do not re-use it for the simple reasons that they are ethical AND that I can
disown the transaction.  You see, not only must you have my number, you must
also have my consent.  While it is true that possession of the number transfers
the burden of action to me, the burden is still on you to prove that you have
my consent.  In the absence of some other evidence on your part (such as a
receipt for the delivery of goods), a simple assertion on my part that you do
not have my consent is sufficient.

Note that in the credit card system, my right to disown the        
transaction  persists even after you have received your money.     
This is a much better remedy than is available to me if you have   
gotten your money by currency or check.                            

William Hugh Murray, Fellow, Information System Security, Ernst & Whinney
2000 National City Center Cleveland, Ohio 44114                          
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840                

Collecting for Software

Tue, 21 Mar 89 08:32 EST
Many of the control problems that are suggested here will be dealt with through
the application of digital envelopes (to prevent the disclosure of the credit
card number) and digital envelopes (to demonstrate your intent to pay for the
software and to enable you to disown any transactions not so signed.)

However, two other innovative methods for distributing and collecting for
software are being used by companies engaged in selling crypto products.  For
example, EnigmaLogic, who sells one-time password software, has a license fee
that is based upon the number of users that you employ it for.  If you want to
change the number, you call them.  They give you a one-time password that can
be used to adjust the software and they adjust your bill accordingly.

RSA Security Inc. market public/private key software.  They will freely
distribute the software, but charge you a license fee for it only when you wish
to register your key.

William Hugh Murray, Fellow, Information System Security, Ernst & Whinney
2000 National City Center Cleveland, Ohio 44114                          
21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840                

Please report problems with the web pages to the maintainer