The RISKS Digest
Volume 9 Issue 51

Tuesday, 5th December 1989

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Computer bungling of auto insurance premiums
Barry Kolb
o Computerized voting machine misbehaves
Rodney Hoffman
o Re: Vote counting problems - experience in Michigan
Jeffrey R Kell
o Privacy issues raised about automating toll collection
Stephen W Thompson
o Re: Electronic Interference in Fast Food Automation
David Chase
o Digital Cellular and the government
Tim Russell
o Info on RISKS (comp.risks)

Computer bungling of auto insurance premiums

Barry Kolb <70426.1251@CompuServe.COM>
03 Dec 89 22:41:42 EST
PGN's calling for RISKS readers to "play a stronger role in ensuring that our
R&D and our educational offerings are suitably concerned with realistic
stringent requirements" is appreciated [Letter From the Editor, ACM Software
Engineering Notes, vol. 14, no. 6, October 1989, p. 2].  I often use RISKS
examples in class (to demonstrate that the instructor is in touch with the
world).  In fact the current issue of SEN arrived in time to illustrate to a
class the need for stringent requirements and testing. As if to underline the
point, the following appeared on page A3 of the 1 December 1989 Asbury Park

         Computer Error Slashes JUA Surcharges: by Coleen Dee Berry

  "Some 18,000 people who get their JUA automobile insurance policies through
  Computer Sciences Corporation may have thought their premiums were
  surprisingly less expensive this year.

  "They were right.

  "Due to computer error, CSC did not assess bad driver surcharges against
  about 18,000 of their policyholders. CSC is one of the four new computer
  companies hired to handle New Jersey Joint Underwriting Association policies.

  "As a result, CSC has had to advance $3.6 million to the JUA to cover the
  delayed payments, and last week began notifying those customers to expect a
  bill for the surcharges.  ...

  "The delayed surcharges were due to a glitch in the CSC's computer system
  during April and May, when the company was first taking over the JUA account.

  "The move to computer companies was undertaken because it was thought to be
  cheaper and more efficient, according to state insurance officials."

I wonder if this "glitch" is any relation to the fellow who once stole
Christmas? ...

Barry Kolb, Computer Science Dept.,  Ocean County College Toms River, NJ 08753
(201) 255 - 0357

Computerized voting machine misbehaves

Rodney Hoffman <>
5 Dec 89 09:20:22 PST (Tuesday)
The 3-Dec-89 "Los Angeles Times" carried a story by Paul Houston headlined
of the story was a review of criticisms of these systems, pegged to last
month's close gubernatorial election in Virginia.  The article cited Mae
Churchill of Los Angeles-based Election Watch, Computer Professionals for
Social Responsibility, Roy Saltman (NIST) and Robert Naegele, a San Jose
computer consultant.

The final paragraphs of the article related a miserable demo:

  ... one of Fairfax County's (VA) 600 Shouptronic machines fouled up
  in a demonstration for Los Angeles Times reporter William Trombley
  last May.  "The machines have worked very well," Jane G. Vitray,
  secretary of the county board of elections, said as she prepared to
  demonstrate one of the machines to Trombley.

  But the machine that prints out the names of candidates and issues --
  the information that appears on the face of each machine — printed
  everything in Italian.  The ballot plotter also prints in French,
  German, and Spanish, as well as in English.  "We didn't know it did
  that," Vitray said with some annoyance.  "We didn't want that feature."

  While an aide was left to deal with the language problem, Vitray and the
  reporter moved on to the voting booth, where bells were chiming and red
  lights were blinking and an inviting green button at the bottom right
  corner of the machine said "vote."

  "Don't push that," Vitray warned.  "Once you push that, you can't vote
  for anything else.  You only push that button when you're finished."  In
  a previous election, a number of voters had pushed the green button too
  soon and then "called to tell us we were depriving them of their
  constitutional right," Vitray noted.

  After Trombley finished voting, another red light came on to indicate that
  the result had been printed on a tape at the back of the machine.  But
  when he and Vitray checked the tape, it was empty.

  Vitray was exasperated.  "I can't understand it," she said.  "Everything
  worked so well last week, when the Girl Scouts were here."

Re: Vote counting problems - experience in Michigan (RISKS-9.50)

Mon, 04 Dec 89 16:57:46 EST
Some 15 years ago I worked the graveyard shift as a computer operator at a
local service bureau.  On two occasions we audited the city/county punched card
tallies.  Two (or more) members of the election commission brought the cards
along with a tape containing the auditing/tallying software.  The tape was
IPL-ready for any generic IBM 360 to run standalone.  It stacker-selected any
multipunched cards as well as "spurious" punches which should be blank.  Any
cards munged by the reader were recreated and verified by the election

Of course this does not solve the issue of missing/extra cards, write-ins, and
other issues previously mentioned, but it does show that there was very little
chance of our [the service bureau] tampering with or altering the results.  The
audit was done completely without interaction of the host site's software,
operating system, or any other typical "hacking" paths.

Jeffrey R Kell, Dir Tech Services, Admin Computing, 117 Hunter Hall
Univ of Tennessee at Chattanooga, Chattanooga, TN  37403

Privacy issues raised about automating toll collection

"Stephen W Thompson" <>
Tue, 05 Dec 89 09:59:49 -0500
Last night on "Market Place", a nightly half-hour program which is broadcast on
one of the National Public Radio stations here, I heard a story reported by
Joyce Miller about an Electronic Toll Collection (ETC) trial program in San
Diego, California.  ETC is intended to speed cars along crowded highways and
still continue to collect tolls.  The idea apparently involves placing a small
(credit-card sized?) device on the car, which is then electronically sensed by
ETC equipment that then automatically bills the owner's account.  As I
understood the explanation, the driver doesn't need to stop (and maybe doesn't
even have to slow down(?)).  Drivers would pay a fee in exchange for the
convenience, and traditional systems would never be phased out entirely.

Someone spoke saying that the system saves 15 seconds per car over traditional
toll collection systems, which adds up when the roadways are crowded.  There
are 1000 cars in the trial program, which has been ongoing for several months
(?).  One participant was very pleased with the system.

The story included views by critics, who oppose the system because it is
collecting information about drivers' driving habits, which they say could
infringe drivers' privacy.  One speaker said that ETC is particularly dangerous
because the system is a government-controlled one.

I may have misunderstood that part, but it seemed that the critic wouldn't be
as worried if the database of drivers' tolls were in the hands of a private
company.  I assume he was concerned with a greater opportunity for merging
unrelated databases.  (But a private company could misuse such data too,
couldn't it?)

The reporter did not mention what authentication efforts are made.  I don't
know the method of sensing the ETC device (radio? optical? mag stripe?), but I
wonder if there's any method of checking if device belongs to a particular car.
If there is not, the devices might be very tempting to theives.

Anybody know anything more on this?

Stephen W. Thompson, 215-898-4585
Institute for Research on Higher Education, University of Pennsylvania
4200 Pine Street 5A, Philadelphia, PA  19104-4090

Re: Electronic Interference in Fast Food Automation (RISKS 9.50)

David Chase <>
Sun, 03 Dec 89 17:08:27 -0800
  [McDonald's toaster voltage controls introduced zero-crossing
  transients, which fouled up clocks that count zero-crossings]

I'm surprised that this hasn't occurred somewhere else.  The same technology
that causes spikes in the toaster power regulator (triac or SCR switching) is
also used in dimmers and other AC power regulators — some of these available
for home use.  We used triacs in a home-made theater lighting controller some
years ago, and it put some hellacious transients on the line.

For the circuit-phobic, an SCR is a three-terminal semiconductor device that
has two states — (1) don't conduct and (2) conduct (from positive terminal to
negative terminal) until the current stops flowing on its own.  The SCR is made
to conduct by placing a small voltage on its trigger terminal while there is a
forward voltage across its two main terminals.  (A triac conducts in either
direction, and is what we used, because it cuts the number of parts).  These
devices regulate power very efficiently — the triacs we used were rated to
conduct up to 40 amps (RMS) with a maximum power dissipation of 40 watts
(regulating "house current", that comes to 4600 watts).

In triac-based AC power controllers, the power is regulated by varying that
amount of time that current flows.  The triac will stop conducting each time
the current passes through zero (120 times a second in this country), so what
is actually controlled is how long to wait after a zero-crossing to turn on the
power.  For full power, you wait not at all; for little power, you wait almost
1/120 second; for 1/2 power you wait 1/240 second.  When the power switches on
(120 times per second), it tends to put a voltage spike on the line — for
large loads, and/or appropriate amounts of power, we found that it was pretty
easy for the transient spike to cross all the way through zero (which, it
happens, screwed up *our* zero-crossing detectors and made the lights flicker).


Digital Cellular and the government

fritz <>
29 Nov 89 18:14:07 GMT
An excerpt from an article entitled "Cellular Goes Digital" in the January
1990 issue of Popular Science, which discusses Digital Cellular, a new scheme
using digital encoding and TDMA to allow three calls on one frequency:

    Digital phones could also be used for what Sodha calls locational services.
    "With the time-division multiple-access system, you have the ability to
    measure the time it takes for a signal to go to a vehicle and back.  That
    enables you to measure how far you are from the antenna tower," he says.
    What for?  "You could pinpoint fairly accurately the location of a
    vehicle."  The information could be used for navigation, or even to catch
    car thieves.  "Your insurance might be cheaper if you subscribed to the
    service," Sodha suggests.

While I have no doubt that the information gained by such a system would be
put to good use in combating crime, I do have my doubts as to how responsibly
the government would use such information.

The article also mentions the fact that eavesdropping will be much more
difficult since the transmissions will be digitally encoded and separated into
discrete time slices.  Although transmissions wouldn't be encrypted, special
hardware would be required to listen in.

Is the trade-off worth it?  Not to me.  I'll trade the possibility of someone
listening in on my boring phone conversations over the government possibly
having ongoing information of my whereabouts any day.

Tim Russell   Univ. Of Nebr. at Omaha   russell@{ | unoma1.bitnet}

Please report problems with the web pages to the maintainer