The RISKS Digest
Volume 9 Issue 97

Wednesday, 30th May 1990

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


The C3 Legacy, Part 6: Feedback
Les Earnest
Re: You Think YOU Have Trouble with Your Telephone Company?
Rodney Hoffman
Right to Privacy, Public Funds, and the 2600
Bob Estell
Re: Steve Jackson Games & A.B. 3280
Chuq Von Rosbach
Re: ATMs robbed with no signs of tampering
Bob Campbell
Re: ATMs robbed in Trump Castle
Avi Belinsky
Re: Secure UNIX Infected?
Mark Gabriele
Info on RISKS (comp.risks)

The C3 Legacy, Part 6: Feedback

Les Earnest <LES@SAIL.Stanford.EDU>
30 May 90 1036 PDT
[My apologies for the gap in this series — I'm running for City Council
currently and don't seem to have enough spare cycles. -Les]

    Was there ever a command and control system that worked?

My opening remark in RISKS 9.80 was:  "Of the dozens of command and
control system development projects that were initiated by the U.S. Air
Force in the early 1960s, none appeared to perform its functions as well
as the manual system that preceded it."  Gene Fucci, who worked on the Air
Force satellite surveillance programs as a project engineer on SAMOS and
later as Field Force Test Director of MIDAS, found my remarks "somewhat
distorted" in that he believes the satellite command and control systems
worked well.

I will plead relative ignorance of those systems, but note that they were
called just "control systems" until "command and control" became a
buzzword in the early 1960s.  I do not wish to take the position that all
systems to which the term "command and control" or "command-control-
communications" was eventually applied were failures — just that all of
the dozens that I knew of were failures.

            SAGE revisited

Some of the earlier C3 Legacy postings on SAGE have found their way via a
circuitous route to an old friend of mine, Phil Bagley, who also helped
design that system.  Phil has now sent me snail-mail that takes a different
view of that program, as follows.

"I think that you have discovered what is behind the curtain.  In case you
haven't, let me tell you my view.  The motivation behind a big military
electronic system such as SAGE or BMEWS is _not_ to have it work.  It is
just to create the _illusion_ that the sponsor is doing his job, and
perhaps peripherally to provide an opportunity to exercise influence.
Lincoln Lab and MITRE had no motivation to point out the obvious — that
the emperor had no clothes.  If you had asked a responsible think tank who
had no stake in the outcome how to deal most effectively with the issues,
you would have recommendations very different from those that guided the
electronic systems developments.

"Now it wasn't all for naught.  Out of SAGE, computer technology got a big
boost.  IBM learned how to build core memories and made a lot of money
building machines with core memories.  Lots of people like you and me got
good systems and programming training (I still write programs).  Ken Olson
learned how to design digital equipment and ultimately gave the world a
few billion dollars worth of Vaxes.

"The moral of all this is:  When things appear not to make sense you very
probably are looking at it from the `wrong' point of view.  Another way
to say it:  It's pretty hard to fool Mother Nature, so if it appears that
she is being fooled, try to find a point of view which doesn't imply that
she's being fooled."

While Phil and others may be comforted by this view, I will argue that it
amounts to nothing more than "Whatever is, is right," which grates on my
rationalist soul.  I believe that if a comparable amount of government
money had been invested in research, or on a more tractable application,
that computer technology would have advanced much more quickly than
actually happened.

I believe that as soon as MIT and MITRE engineers figured out that they
had designed an unworkable system, they had an ethical obligation to point
that out to their sponsors.  Instead they (we) helped perpetuate the myth
that it worked so that we could continue in our beloved technological

Phil's mention of Ken Olson reminds me that we gave a going-away party for
him and Harlan Anderson at the MIT Faculty Club when they left to form
their company to make transistorized digital modules based on experience
in building the TX-0 and TX-2 computers at Lincoln Lab.  We told them that
they could have their old jobs back after their start-up went belly-up, as
we all expected.  In fact, that reportedly came rather close to happening
more than once in the first couple of years, but somehow DEC squeeked
through and grew a bit.

Requiem:  the SAIL computer, which would have reached the grand old age
of 25 next week, is slated to retire tonight and die in the near future.
It has provided an intellectual home for a very productive generation of
researchers and will be remembered fondly.

(Next part: the Foggy Bottom pickle factory)

    -Les Earnest (

You Think YOU Have Trouble with Your Telephone Company?

Rodney Hoffman <>
30 May 90 12:58:31 PDT (Wednesday)
[Admittedly tangential, but fun....]

      [Oh, yes, this is a VERY OLD shaggy dog story, but worth retelling.
      It might even have appeared in RISKS before, but I don't recall it.
      On the other hand, this time I do not feel like grepping my way
      through the archives.  Apologies to those of you to whom it rings
      true.  PGN]

Donald Wechsler's story in RISKS 9.96 (about the Lhasa apso which may have
learned to dial 911) reminded me of one of my favorite stories.  I found it
in "Computers and Society Digest", Number 39, Tuesday, September 9th 1986.
As you can see below, it is said to have originated in 1977.

   .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .

Date: Mon, 8 Sep 86 16:03:35 PDT
From: Dave Taylor
Subject: Interesting Phone Calls


This story was related by Pat Routledge of Winnepeg, ONT about an unusual
telephone service call he handled while living in England.

It is common practice in England to signal a telephone subscriber by signaling
with 90 volts across one side of the two wire circuit and ground (earth in
England). When the subscriber answers the phone, it switches to the two wire
circuit for the conversation. This method allows two parties on the same line
to be signalled without disturbing each other.

This particular subscriber, an elderly lady with several pets called to say
that her telephone failed to ring when her friends called and that on the few
occasions when it did manage to ring her dog always barked first.  Torn between
curiosity to see this psychic dog and a realization that standard service
techniques might not suffice in this case, Pat proceeded to the scene. Climbing
a nearby telephone pole and hooking in his test set, he dialed the subscriber's
house.  The phone didn't ring. He tried again. The dog barked loudly, followed
by a ringing telephone. Climbing down from the pole, Pat found:

    a.   Dog was tied to the telephone system's ground post via an iron
         chain and collar
    b.   Dog was receiving 90 volts of signalling current
    c.   After several jolts, the dog was urinating on ground and barking
    d.   Wet ground now conducted and phone rang.

Which goes to prove that some grounding problems can be passed on.

This anecdote excerpted from Syn-Aud-Con Newsletter, Vol 4, No 3, April 1977.

Right to Privacy, Public Funds, and the 2600 [RISKS-9.95]

30 May 90 08:41:00 PDT
 There is a dual standard of conduct, of ethics, for managing money: One for
private funds, and another, higher standard for "public money."  All of us who
spend public money, collect it, live on it, are called to an ethic described,
by Shakespeare I believe, for Caesar's wife, to be "above suspicion."

 The rule is simple: If you choose to live by your wits, and to be "sharp" in
your professional practices [i.e., bend rules that are flexible, cut corners
that "don't seem to matter"], then do it with private funds.

 The backbone of the InterNet is publicly funded.  Period.  Many of the host
computers on the InterNet are publicly funded.  Thus, I have always assumed
that the traffic was monitored from time to time.  Some of us have taken
advantage of that to bring issues to the attention of the monitors, without
having to find explicit US Mail addresses for them.

 All who benefit from the privilege - "PRIVILEGE," NOT "RIGHT" - of spending
public money must be even more prudent with that public money than with our
private funds.  So many have gotten "the top of the line model" because it was
available; in private life - REAL life - we often choose some lesser model,
because it is prudent to compromise.  [Else we would all be driving Cadillac,
BMW, Mercedes, Mazda, or some other very fine automobiles, instead of the Fords
and Chevrolets and other good, but not excellent, cars we do.]

 I recently wrote a US Senator with an idea for capital gains tax breaks.  In
part, I suggested that the US make intelligent decisions about which industries
to encourage, rather than offering tax benefits for any investment held over
some period of time.  An approximate quotation of my rational summarizes my
belief: " We should probably not give capital gains tax breaks for investments
in Jack Daniels, and Playboy.  I may choose to spend my private dollars that
way, but I don't want my tax dollars spent that way."

 The US Mail (postal service), once part of government, is now said to be a
"private corporation" with some special management by the executive branch,
with Congressional oversight - but different in kind and degree from either the
old or new "AT&T."  In any case, users are said to pay, at the time, for
services rendered, one letter or parcel at a time.  Even so, there are
regulated - forbidden - uses of the mails, aside from and in addition to the
privacy aspects.

 We must appreciate the old maxim that "Your right to swing your fist ends at
the tip of my nose."  The 2600 gang needs to understand the computer corollary
of that; and, as they say, we all need to understand the risk that nontechnical
zealots will over legislate to protect their noses.

Re: Steve Jackson Games & A.B. 3280 (Sherwood, RISKS-9.96)

30 May 90 05:15:22 GMT
A couple of points that aren't in this report. According to reports I've seen
elsewhere, the person working on for Jackson Games was a former Legion of Doom
member, who was also working on a book of interviews of Doom members. If what I
just said actually is true, having a known hacker writing a 'manual' on
hacking, even a fictional one, is something the Secret Service would want to
keep an eye on — imagine, for instance, that the fictional game instructions
are actually true and the supplement was published as a way of passing them
around in a covert way.

Now, everything I've heard indicates this isn't what happened: it really is
fictional material. But it's an interesting concept in theory.

>  The amorphous nature of the raid is what is most frightening to me.  Does
>this raid indicate that those who operate bulletin board systems as individuals
>are at risk for similar raids if someone posts "hacking" information on their

If you're running a BBS that's supporting a group of system crackers, you are,
at least, contributory to felony crimes. Sure you should worry about someone
knocking on your door. A BBS that's on the up-and-up should have no worries,

>Or does it indicate that games which involve "hacking" are subject
>to searches and seizures by the federal government?  Does it indicate that
>writing about "hacking" exposes one to the risk of a raid?  It seems that this
>raid goes over the line of protecting society and has, instead, violated the
>freedom of its citizenry.

Not if the Legion of Doom angle is true. This is not to imply that Steve
Jackson or Jackson games was at all involved with any Doomers, but moire likely
stuck in the middle.

Chuq Von Rospach   <+>   <+>   [This is myself speaking]

Re: ATMs robbed with no signs of tampering

Bob Campbell <>
Wed, 30 May 90 17:04:59 pdt
I recently had a chance to inspect the back of an automated teller while
conducting some business with the human teller that works part-time on site.

It was divided into three sections, the computer, the records and the money.  I
noticed that one section had both combination and key locks and was informed
that it contained the money.  The section housing the computer was defended by
a simple key lock.

I pointed out that Hewlett Packard was filled with people who design and build
computers as well as equipment to monitor and test computers she noted that her
teenage son thought it was a risk, but the bank considered the money quite

Now if the lock manufacturer can make a key from lock number and type . . .

Bob Campbell, Hewlett Packard

ATMs robbed in Trump Castle (Re: RISKS-9.96)

Avi Belinsky <>
Wed, 30 May 90 10:44:02 EDT
>"`It was a legal access.  It was not forced open.  The system was
>compromised,' O'Brien said."

Legal in the syntactic sense perhaps, but surely not in the legal sense.  Yet
another example of when computer jargon crosses the boundary into everyday

Re: Secure UNIX Infected? (Bellovin, RISKS-9.96)

Mark Gabriele <>
Wed, 30 May 90 15:20:14 EDT writes:

>  There's a world of difference between, say, ``B1- certifiable'' — which
>  generally means a feature list — and ``B1 certified.''

I'd like to state for the record that what the NCSC does is NOT product
"certification", but product "evaluation".  Certification refers to a specific
site being approved (usually by an authority referred to as a DAA, or
Designated Accrediting Authority) as "B1 (or whatever digraph) secure".  This
certification may be contingent upon posting armed guards at every door to
identify users instead of including a user authentication mechanism in the
system, or any other restrictions the DAA feels are appropriate.  An NCSC
evaluation, on the other hand, is based upon the TCSEC requirements
exclusively.  A product must meet all of the requirements for a candidate class
in order to receive that rating; there is no bargaining with the requirements
based upon the judgement of a DAA.  Thus, an *evaluation* of a system is
generally more stringent than a certification, because the evaluation process
tends not to allow a procedural correction for a deficiency in the hardware and
software elements of the system.

Mark Gabriele (

Please report problems with the web pages to the maintainer