The RISKS Digest
Volume 11 Issue 24

Sunday, 10th March 1991

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Re: worse is better?
Leslie DeGroff
Mark McWiggins
Tom Brendza
Jerry Leichter
o Re: Flaws not needed for a standard to succeed
David Fetrow
Dick Karpinski
o Re: Risks of naming a node
Paul Fuqua
Stephen D Crocker
o Acronym Risks
Brian Randell
o Re: Red and green clocks
Hugh Davies
o Re: Droids
Bill J Biesty
Ken Hoover
o Re: (Missing) Parity bits
David B. Horvath
o Re: Digitized signatures
Clifford Johnson
Sanford Sherizen
o Re: Ownership of Thumb Prints
David G. Wonnacott
Bill White
o More on the American Airlines MD-11s
Steve Bellovin
o Info on RISKS (comp.risks)

re: worse is better?

Fri, 1 Mar 91 16:53:25 PST
   ?Does anyone know if its feasible to buy in America a car or truck
without a complex fuel injection and computerized pollution control?
Is there any reader who would be willing to comment on the
feasibility of a simple engine that could meet current California
emission standards?  Les DeGroff  (

Re: worse-is-better for the 1990s (Chambers, RISKS-11.19)

Mark McWiggins <mark@intek01.UUCP>
Sat, 2 Mar 91 22:55:55 GMT
Tim Chambers <> writes:

>I'd like to know if examples exist of cases where Right Thing technology *has
>been* compatible with mass markets.  I can think of plenty of counter-examples:
>VHS versus Beta ...

This isn't a good example.  I don't think there was an appreciable difference
in the cost of manufacturing Beta VCRs and VHS VCRs.  As I understand it,
Beta lost because Sony was too restrictive in licensing it, whereas VHS was
easily "clonable."

Seems more a case of "open-is-better-than-closed."

Mark McWiggins, Integration Technologies, Inc. (Intek) 1400 112th Ave
SE #202, Bellevue WA 98004 +1 206 455 9935

worse is better for the 1990's

Tom Brendza <tomb@bellhow.UUCP>
Wed, 6 Mar 91 8:34:11 EST
>Here we are in 1991.  The two primary operating systems (at least in volume)
>are representative of O/S technology of the late 1960s to early 1970s (Unix and
>MS-DOS), and the three important languages are C (vintage mid-1960s, i.e., it
>is BCPL in disguise), LISP (vintage late 1950s) and Ada (vintage early 1970s).

If "most important" equates to "largest volume of code" or "most money being
spent upon developing or maintaining in", then COBOL and FORTRAN are still the
"most important", as these two languages account for 90% of the code that
exists in the world today.  I think this would lend support to your statement:

Tom Brendza  (216) 642-9060 x288 (voice)

"Worse is Better" and Standards

Jerry Leichter <>
Thu, 7 Mar 91 08:39:09 EDT
In one of those scary coincidences, shortly after reading the "worse is better"
discussion that recently appeared in RISKS, I read an article, "Can the U.S.
Stay Ahead in Software", in Business Week (11 March issue).  It contains the
following quote: "...Japanese rivals see U.S. inattention to quality as a key
opportunity.  As they did in automobiles and electronics, they are pushing
constantly to improve their software.  Already, Japanese 'software factories'
churn out programs with half as many defects as compar- able American products,
according to a study by [MIT]."  The Europeans are working in the same

David States wonders if there is some reason why our fundamental computing
standards are flawed.  For one thing, standards that survive are usually based
on "current practice"; given the survival value of "quick and dirty" in current
practice, a similar appearance for standards is inevitable.

However, there is a more insidious factor at work.  Usually, a standard is
based on an already-existing product.  However, if the standard were to be made
IDENTICAL to the existing product's specifications, the current maker would
have a huge advantage.  Standards bodies are governed by politics and
trade-offs; because of their structure, they are unwilling to give away
advantages of this kind.  Historically, they always make changes - often, quite
minor changes - in order to try to level the playing field among all the
participants in the process.  This is well known to anyone who's watched the
standards game.

What's less well known is the flip side:  The participants in the development
of a standard themselves will have a major advantage to building products to
it.  They thus have an interest in keeping the standard obscure and difficult
for people outside of the select few to understand.

Now, most - probably the vast majority - of people involved in standards work
are NOT trying to make things hard.  However, the subtext is there, and it
asserts itself in curious ways.  For example, watch the Usenet comp.std.c
newsgroup.  The typical pattern is for someone to ask an obscure question,
which generates a lot of debate until one of a small group of cognescenti - who
were involved in drafting the standard - point out that a combination of
apparently-unrelated constraints from five widely-scattered sections makes
"clear" the "only possible" answer.  Since the answer is already implicit in
the standard as written, there was no need to state it explicitly.  In fact,
"standards culture" actively DISCOURAGES writing out things already entailed by
the standard: Any duplication within the standard might cause problems if the
two statements turned out to be slightly different.

I have heard of at least one instance of a DELIBERATELY misleading standard.
According to someone who was there at the time, some sections of the Ethernet
standard were so written as to make it very difficult for someone to start with
the written text and build a reliable multi-port repeater.  Oh, once you built
the repeater and saw some (rare) errors, you could go back and see that you had
missed something - but the process by which the standard was drafted was
essentially "Work out private spec of exactly what is to happen; translate back
to long list of constraints; remove all redundancy from list, ensuring that at
least one item on list is very obscure and of no apparent importance; publish
list - suitably interspersed with other, unrelated discussions - as spec."
                            — Jerry

Are flaws neccessary for a standard to succeed?

David Fetrow <>
Wed, 6 Mar 91 19:29:17 -0800
In RISKS 11.21, David States ( uses as an example
of a clearly and seriously flawed standard:

> 8088   - We who poke fun now would have been millionaires if we had
>      had a better design back when it counted.

 but there were contemporanious chips that were argueably "better" in every
respect save one. They were dislike the previous standard: The 8080 (and Z-80).
MS-DOS 1.0 and CP/M-80 were very similar and one could (almost) automate
converting software from CP/M-80 on an 8080 system to MS-DOS on an 8088
system. I recall that as an arguement given at the time (before the PC
IBM had sold a 68000 based lab computer).

 In fact this is a stronger arguement for his subject ("Are flaws necessary
for a standard to succeed"?) than implying the 8088 was the best of its time.

 -dave fetrow-           

Flaws not needed for a standard to succeed

Dick Karpinski <>
Fri, 8 Mar 91 20:08:36 PST
Most official standards are derived from defacto standards.  Indeed, the 8088,
MS-DOS, and Unix are only defacto standards.  The others mentioned (RS-232, C,
FORTRAN (not Fortran), and QUERTY) are all dejure standards derived from prior
defacto standards.  While I cannot claim that proactive standards like IEEE 754
and 854 are without flaw, I suspect you would have to look harder to find their
flaws.  This does make them pretty clean, elegant, and free of inconsistencies,
but it does not make them easy to implement or even to use.  Perhaps there are
not many with an emotional committment to using them, but anyone who proposes
to build a non-IEEE arithmetic is now required to defend that decision.  Few of
those defenses succeed.

David States remarks that a better design than the 8088, back then, would have
made one a millionaire, but I disagree.  The story I now believe is that it was
chosen primarily because they could be bought in quantity, not because anyone
thought they were better than other contemporary designs.  Even MS-DOS was a
second choice, allegedly selected because the CP/M crew were unwilling to sign
IBM's (probably heavy-handed) non-disclosure agreement.  Such are the butterfly
wings that so often determine the course of history.

Now, some of these flaws in standards have known roots.  In particular, the
QUERTY standard succeeded because it slowed down the typist in order to avoid
the problem of key jamming.  That was so successful that it made typewriters
usable, and hence profitable.  It is a little hard to object to such success,
albeit the standard is decades obsolete and quite deserving of retirement.
Present concerns would tend to dictate quite different keyboard layouts to
avoid such problems as carpal tunnel syndrome and repetitive stress syndrome
caused by the unnatural way ones hands must be held to use the old standard
arrangements, even for Dvorack (sp?) key assignments.  One new keyboard with
palm rests and sockets with four way switches comprising each socket was
recently shown on television.

When a standard is derived from a defacto standard, usually several or even
many of the deficiencies are cleaned up, but a thorough revision is out of the
question.  The process doesn't start until the defacto standard is sufficiently
widespread to generate enough interest to go through the arduous process of
creating a standard.  This ensures that many of the participants have already
formed emotional committments to specific aspects.  Given the concensus rules
for standards making organizations, this guarantees that inconsistent aspects
will remain in the finished standard.

Dick Karpinski

Re: Risks of naming a node [RISKS DIGEST 11.20]

Paul Fuqua <>
Tue, 5 Mar 91 17:26:57 CST
Around 1983, the research group I worked in had a machine whose full name was
MIT-FLAME-OF-THE-FOREST.  Several FINGER programs around the Internet are said
to have broken when they encountered it, unprepared for such a long name.

My present machine has prompted some problems — "islington-terrace" is too
long for its own disk label, so it must boot under an alias and find out its
full name later.  It used to have the alias "it," until a broken local mailer
started sending me all the mail destined for Italy.

Paul Fuqua, Texas Instruments Computer Science Center, Dallas, Texas
           , ti-csl!pf

Re: Risks of naming a node (Akella, RISKS-11.20)

Stephen D Crocker <crocker@TIS.COM>
Sat, 02 Mar 91 20:37:06 -0500
It's not just student hackers who notice an unusual name; routing software can
also notice unusual names and favor a node with unwanted attention.

When Aerospace became a node on the MILNET, we needed to register its name
along with any acronyms.  Unlike many universities and other FCRCs, The
Aerospace Corproation has no widely used acronym.  In some internal files, the
name is abbreviated to TAC, but we thought that would be a particularly poor
choice for a hostname.  Aerospace's logo is a slanted capital A inside of a
circle, and the company is sometimes referred to informally as the Circle-A
Ranch, however, "circle-a" seemed both frivolous and esoteric.  Lacking any
better ideas, we chose the single letter "A" as the abbreviation and duly
registered this with the NIC.

Unbeknownst to us, CMU had been using single letter names as abbreviations for
its several internal machines.  Within CMU, one could refer to a particular
machine with its single letter.  CMU's "A" machine was particularly important
because it was the mail host.  When the Aerospace abbreviation propagated
throughout the network, connections intended for CMUA were made to Aerospace.
I don't think there was much pain at Aerospace, but CMU's internal connectivity
came apart.  After a short period of confusion and diagnosis, the abbreviation
for Aerospace was deleted, and a new rule was passed requiring at least two
letters in an abbreviation.

Acronym Risks

Fri, 8 Mar 91 10:40:14 +0100
Re: Computer insecurity in UK government (Paul Leyland), in RISKS 11.32

>[1] Quango — acronym for quasi-autonomous national governmental organisations

My understanding is that Quango is a quasi-official acronym within the UK for
"Quasi Non-Governmental Organization". Such organizations are one of the means
by which the UK government achieves what in American is termed "deniability", a
concept which the UK government prefers not to have a name for!

Brian Randell, LAAS, 7 Ave du Colonel Roche, 31077 Toulouse, France
PHONE = +33 61 336205 (Temporary address, etc., until May 1991)

Re: Red and green clocks (King, RISKS-11.21)

Fri, 8 Mar 1991 07:11:38 PST
<...My parents were hosting an exchange student from the Netherlands one year.
    Naturally, the young lady brought her trusty alarm clock with her.  She
    plugged it in one night, set the alarm, and went to sleep.  My mom woke to
    hear MaryLou in the shower around 4am getting ready for her eight o'clock

Actually, I'm surprised at this, since the USA uses 110V AC mains,
approximately half the voltage provided in most (all?) European countries,
including Holland.  Certainly, my electric razor will not run at all on 110V
(it just hums to itself). Conversely, of course, plugging in your 110V clock in
England will not cause you to get up late. More like immediately in order to
call the Fire Brigade.

Re: Droids (Andrew, RISKS-11.21)

Bill J Biesty <wjb@edsr.UUCP>
Fri, 8 Mar 91 09:20:21 CST
Nick Andrew's comments about the risks of citizens being droids reminded
me of an article about Japan in the most recent _Whole_Earth_Review_
(No. 69, Winter 1990, "Access to Japan", has a yellow cover with an
illustration of a Japanese woman in traditional outfit with a cellular phone).

The article is "E Pluribus Yamato: The Culture of Corporate Beings" by
W. David Kubiak.


"We live in the age of Corporate Organisms. [... They] have wrested the control
of the earth from Homo sapiens and supplanted us as the planet's dominant
species.  It is they — the multinationals, government bureaucracies, relious
hierarchies, military bodies, et. al. — not individual humans, that generate
our era's character, its patterns of wealth and poverty, its technological
prowess and ecological peril, its entertainment and political agenda.  They
have, in short taken over, and nowhere more so than in Japan.  [...]

"Like most other traits and preferences in a naturla population, the taste for
organizational life is randomly distributed.  Some people love hierarchical
group existence — uniforms and rituals, secure routines, superior/inferior
relationships, the sense of merging oneself into a larger whole and greater
destiny.  Others detest it with the majority falling along a normal ditribution
curve somewhere in between.  [...]  "In early Japan as elsewhere the primitive
leftists were fractious, independent types who abhorred hierarchy,
"extablishments", authoritarianism and just wanted to be left alone.  The
rightists were joiner types who flocked to the regimented security of the
military, clergy, and other bureaucratic power centers.  Since even in those
days the big bodies grabbed the lion's share of everything, they occasionally
rankled the "little people" to the point of rebellion.  But because the
antiauthoritarian lefties then as now took orders ungraciously, organized
poorly, and thus were usually decimated in confrontations, their gene pool
slowly began to bleed away.  "Japan's most in ingenious contribution to
corporatist eugenics was...the samurai's [...] open-ended license to kill any
commoner deemed dangerous, disrespectful or offensive [...which lasted over a
period of...] 15 generations.[...]

"The Japanese student is trained to not even to question authority, let alone
challenge it.  The only acceptable behavior is obedience — total, enthusiastic
and if possible brilliant obedience. [...] Most young Japanese can tell you
"what is thought" but have great difficulty expressing, or placing much
importance on, what they themselves think.  This creates an extreme
permeability to prevailing authority [...]

"The kobun [a chronic subordinate to the _oyabun_ or _oyakata_ (parent
role/person) who directed their work and lives] and hanninmae ["half helping of
man": stunted apprentices...trained to serve useful functions but never
permitted to individuate or professionally mature] were cultural antecedants of
the compliant salarymen so much in demand in this century.

---end excerpts---

Someone (sorry I can't remember) recently commented in RISKS about the lack of
education in this country for dealing with the information needs of the current
decade.  What happens in Japanese schools happens in American schools but with
a different method.  I can remember getting a test back in grammar school when
a classmate who "didn't do as well" as I did in general and on this particular
test complained that he got a much lower grade than I on an essay but had the
same content which it did.  The teacher made some weak excuse but couldn't deny
the facts but didn't change his grade.  The almighty curve strikes again.

So if a majority of the students on the hump of the grade curve regularly
reiceve this kind of feedback, is it surprising that when dealing with
institutions (schools, work, etc) and other droids the droidism gets passed on?

The American educational system (and maybe others, anyone?) seems suited to
producing "workers" (accent a la Tom Peters imitation of GM management) and has
yet to kick in for the 1980's much lees the 1990's.  This decades old trend is
made worse by the touchy-feely attitude towards learning that Alan Bloom and
the Objectivists (they're not connected) are fighting against.

And while there seems to be a change with science education going more to get
younger students interested, most of the money winds up in bureaucracies for
political patronage.

New motto: Encourage critical thinking whenever possible!

[I step off my soap box.]                                 Bill

Bill Biesty, Electronic Data Systems Corp, 7223 Forest Lane, Dallas, TX 75230
(214) 661 - 6058!wjb

"droids" (re : but the computer person said...)

Ken Hoover <>
Sat, 9 Mar 1991 16:00:27 GMT (Nick Andrew) writes:
>Droid, n:
>    A person (esp. an employee of a business), exhibiting most of the
>following characteristics:
>  [naive trust, unwillingness to think, follows rules but won't

  Just a comment on this:

  This is what we (as the public) get when a company decides to spend zillions
of $$$ on a neat computer system, and then hires people at minimum wage to use
                        - Ken

(missing) Parity bits (Cyber, Jake Livni, RISKS-11.21)

"DAVID B. HORVATH, CDP 8*747/215-354-2468" <>
Thu, 7 Mar 91 14:05:05 EST
This also applies to many of the IBM PC clones on the market today - no parity
bits!  The Radio Shack Tandy 1000 series is a good example of this - only 8
bits per byte rather than the 9 in the true-blue IBM PC's.
                                                            - David Horvath

Re: Digitized signatures for the masses (Berg, RISKS-11.22)

Fri, 8 Mar 91 08:20:20 -0800
Signature rubber stamps have been around for years.  A scanned signature is
essentially no different.  You don't say what if any proof Orbit requires that
a client is the authentic bearer of the signature.  If Orbit makes that simple
requirement, then potential for abuse is _much_ reduced.

> How do I know that Orbit Enterprises does not have nefarious
>   designs on my signature?

One can ask the same question about your local office supply store that makes
the rubber stamp.

>This has been a potential problem for a long time, but the low cost involved
>($60) opens up a new criminal method to the masses.

The rubber stamp is much cheaper :-)

Laser signatures

"Clifford Johnson" <GA.CJJ@Forsythe.Stanford.EDU>
Fri, 8 Mar 91 09:41:12 PST
> What is the legality of a laser printed signature?

Under the rules of evidence, a document that is signed creates a "rebuttable
presumption" of authenticity.  (In this context, a "sign" can be any mark
attributable in any way to a supposed author; remember, this law *originated*
from stamped seals.)  This puts the burden of proof of authenticity on the
contestor of authenticity.  In a civil trial, proof is by preponderance of
evidence, but in a criminal trial proof must be beyond reasonable doubt.  Thus,
laser signatures would always be sufficient to establish authenticity where
uncontested; and might carry sufficient weight of proof in a civil case; but
could not by itself provide the degree of proof required for a criminal
conviction where authenticity was disputed, though they could contribute in the
accumulated evidence.

A laser-printed signature creates a presumption of the signator's
responsibility for the the document; but not such a strong one as does a
personal signature; and one that is more easily outweighed, in the mind of the
trier of the fact, by denials of authenticity made by the supposed author.  In
other words, common sense prevails in the court of law (at least, it's supposed

Digitized signatures and desktop publishing fraud (Berg, RISKS-11.21)

Sanford Sherizen <>
Fri, 8 Mar 91 20:04 GMT
Since I am preparing a talk on desktop publishing fraud to be given at an
upcoming conference, I find that there are some related issues to Berg's
message.  Here are some of the risks.

There are a number of instances where signatures are scanned, sometimes without
the "owner" knowing that it is happening.  For example, many documents are now
being scanned in offices, either as part of a records retention imaging process
or as part of automating files and forms.  The signature is not the target but
is incidentally picked up as part of a larger process to control paper or
distribute information.

Another example of collecting signatures is found with new business offers.
There is at least one bank-by-mail service that advertises that it will process
all authorized payments and, by the way, include your signature on each of the
payment forms after it is scanned.  (The company notes that the process is
secure since it is protected by passwords!)

Beyond signatures, however, is the larger issue of copying of documents for
illegal purposes.  Documents that have been forged through desktop publishing
have already been used to collect money.  At least one group has been traveling
around the U.S. cashing forged payroll checks from a fictitious company that
they created on their computer.  Fake ID and immigration papers are being sold
for $20 a piece.  Desktop forgery is joining computer crime and viruses as
serious problems of the Information Age.

There is also the related problem of modification of documents, particularly if
they are on-line, so that unauthorized changes can be made and distributed on
what appears to be authentic and official documents.  Employees and others can
obtain corporate letterhead and signatures and create "official" documents
containing false statements, illegal offers, and libelous comments that are
almost guaranteed to cause serious problems for organizations.

Inexpensive computers, laser printers, scanning devices, and desktop publishing
technology provide wide opportunities for counterfeiting and creation of
fraudulent documents for other illegal or unethical uses.  Much of our society's
functions are based on a view that documents can be trusted, with the result
that we do not call back the senders of letters to inquire whether they truly
did sent the letters.  We trust that college resumes are authentic if they look
right and come from an authorized source.  We assume that most of our paper
currency is real.

We even trust that photos are true recordings of events with the result that
public opinion is shaped by how wars and political events are brought to us by
the media.  Yet, these and other documents not only can be created by
computer-enhanced technics but copied and changed without indications that there
have been changes.  Think about how Woody Allen appears in historical events in
the movie ZELIG.  Read Fred Ritchin's fascinating IN OUR OWN IMAGE: THE COMING
REVOLUTION IN PHOTOGRAPHY (Aperature, 1990).  See the Office of Technology
some of the difficult copyright issues.

>Is it possible to detect a laser printed signature easily?

The authentication of a photo could be known by looking at the negative.  Now,
not only are there cameras/computers that use disks that do not make negatives
and can be reused but a photo can be scanned into a computer and modified so
that it can appear as the original even when it is an alteration or forgery.  I
have heard that the FBI has had difficulty in determining some of these
alterations, particularly in a way to prove it in a court of law.

>What is the legality of a laser printed signature?

Once again it is a problem  of old law and new technology.  The law accepts that
under certain circumstances, that images can be replacements for storing
original documents.  The Best Evidence Rule, the Federal Business Records Act,
and the Uniform Photographic Copies of Business and Public Records as Evidence
Act are relevant sources.  The law will change as there are more challenges and
problems come to the surface but that is not a quick process.  Yet, if a
signature is used by someone other than its owner and the original document gets
replaced by a stored electronic document, it may be very difficult to prove that
an illegal act has taken place.

So, guard your signatures from scanning and your souls from technology.
Otherwise, as the songtitle say, "From the Gutter to You Ain't Up."
Sanford Sherizen, Data Security Systems, Inc., 5 Keane Terrace, Natick, MA
01760 USA        (508) 655-9888           MCI MAIL:   SSHERIZEN  (396-5782)

Re: Ownership of Thumb Prints (Dinolt, RISKS-11.21)

David G. Wonnacott <davew@cs.UMD.EDU>
Fri, 8 Mar 91 16:07:22 -0500
Has anyone thought of copyrighting their thumb (and finger) prints?  Would this
have any legal significance?  Would the benefits outweigh the problems, namely
(a) that you have sent your finger prints to "Big Brother" already, and (b) you
may have to have a copyright notice tatooed on your fingers to enforce your
                                      David Wonnacott

RE: Thumb print data base

Tue, 26 Feb 91 12:07:54 EST
As described, the CA database is illegal under the ADA (Americans with
Disabilities Act) in that it denies services (Driver's licenses, ID cards,
etc.) to anyone who DOES NOT have a right thumb.

Re: Monopoly Security Policies for Thumb Prints (Baldwin, RISKS-11.16)

Bill White <>
Thu, 28 Feb 91 19:21:13 EST
Actually, the DMV has to treat each of its thumb prints as being as sensitive
as might ever become.  The way this is stated, the DMV might keep separate
databases at different security levels.  Consider, however, an accountant who,
late in life, changes careers slightly and becomes an undercover investigator
for the Federal Reserve Bank, investigating some sort of bank fraud cases by
posing as a crooked bookkeeper.  This is not really terribly likely, but it is
not impossible.  The accountant's thumb print would go from not terribly
sensitive to highly sensitive.
                    Bill White

more on the American Airlines MD-11s

Fri, 08 Mar 91 16:39:54 EST
American Airlines announced today that it is delaying delivery of a second
MD-11 jet until some problems with the cockpit computer are resolved.
Apparently, the problems cause some screens in the cockpit to ``malfunction''.
They did say they feel like they're making progress, though.

Delta Airlines, which has two MD-11s, is happy with them, though they've
repaired some ``computer glitches'' and once had to fly back empty from Tokyo
to repair something.
                                    --Steve Bellovin

Please report problems with the web pages to the maintainer