Subject: RISKS DIGEST 13.20
REPLY-TO:
[email protected]
RISKS-LIST: RISKS-FORUM Digest Friday 28 February 1992 Volume 13 : Issue 20
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents: [DON'T FORGET TO LEAP TOMORROW.]
Risks of poor design (IRS Teletax phone system) (Andrew Marchant-Shapiro)
Digital RF Link - at 2 Mbps - Wireless Monitoring (Joe Jesson)
Overly curious exhibit at Chicago museum (Karl Swartz)
CallerID for PC's (Jonathan D Arnold)
International Cooperation on Computer Crime and Extradition (Sanford Sherizen)
Re: More on the Airbus A320 (Robert Dorsett)
Re: The long arm of the law fingers old fingerprint (Brinton Cooper, PGN)
Re: Calculators in exams (Robert J Woodhead, Espen Andersen, Mark Jackson,
Joe Morris, Mark Kantrowitz)
*** DIAC-92 *** (Douglas Schuler)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to
[email protected], with relevant, substantive
"Subject:" line. Others may be ignored! Contributions will not be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP domain folks. REQUESTS please to
[email protected].
Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 13, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: 27 Feb 92 19:35:00 EDT
From: "MARCHANT-SHAPIRO, ANDREW" <
[email protected]>
Subject: Risks of poor design (IRS Teletax phone system)
Earlier this evening, I tried to find out the status of my refund from
the IRS. I called up Teletax, the IRS's voice-mail-like system, and
followed the instructions. In general, these seem to be well-done;
the most-requested functions are first on each menu, and things seem
to be done consistently. I say "seem" for a very good reason...
Following the instructions, I entered my SSN, heard it repeat back, and
confirmed that it was correct. I was then told to enter my filing status,
which I was about to do, when I heard "error, error, I cannot process your
request!" repeated several times. Thinking that the system had burped, I hung
up and dialed again. Once more, I gave the machine my SSN. But now, I was
given a message to the effect that the IRS updates the system approximately
every seven days, that my status had not changed since my last call, and that I
should wait seven days before calling again. And, oh yes, thanks for using
Teletax.
Now, I know that I probably shouldn't complain about this, since the whole
thing is a freebie, but it is truly irritating. A well-designed system would
(I think) have told me SOMETHING about the nature of the error, rather than
sounding like it dropped out of Lost in Space (come to think of it, THAT robot
was a good deal more informative than Teletax). What bothers me most about the
system is its assumption that, once the SSN is entered, you have a completed
transaction. I haven't tested this out yet, but I'm willing to bet that
entering a bogus number (which, btw, gets you a 'your return has not yet been
processed') a second time would get you the same message that I got -- call
back in seven days.
Of course, this is a minor risk -- it's really more a case of poor
error-handling. If I were a true paranoid, I guess I could see some legal
claim based on the notion that computer records show me having been apprised of
something when I was not; but for now, it's just an irritation. The only real
RISK is that someone who enters somebody else's SSN by mistake would, while not
getting the other person's information, effectively block the correct person
from their information for approximately seven days. [...]
Andrew Marchant-Shapiro, Depts of Sociology and Political Science, Union
College, Schenectady NY 12308 518-370-6225
[email protected]
------------------------------
Date: 28 Feb 92 03:09:30 GMT
From:
[email protected] (Joe Jesson)
Subject: Digital RF Link - at 2 Mbps - Wireless Monitoring
With all the recent interest in wireless communications, I was somewhat
surprised at a recent NCR meeting. On display was an NCR WaveLAN wireless
network card. No big deal, I thought, since wireless Local Area Network cards
are produced by several companies using different wireless media. Radio
Frequency and infrared seem to be the wireless media of choice with one
limiting aspect - coverage of one room or, at most, a single office floor.
Since the WaveLAN product uses 902 - 928 MHz no-license band, I assumed
the one floor 100 foot limitation.
Here is the surprise; a FIVE MILE distance between transmitter-receiver!!
At 2 Mbps!! Real DX for a 250 Mw Digital System...
I asked the NCR salesman to confirm this unusual claim. He said a "typical"
distance in an enclosed office is 100 - 800 feet but, with an optional antenna
and direct line-of-sight path, five miles IS reasonable. He did not have info
on the optional antenna. I would assume, at 902 Mhz, the size of the antenna
has to be small (even a directional multi-element yagi at 902 Mhz is really
small). Ethernet (CSMA/CA) protocol with a low RF bit error rate of 10 exp -8
(at 5 miles?).
Using spread spectrum and optional DES encryption, the 2 Mbps could represent a
T-1 data stream with some overhead bits (2 - 1.544 Mbps) potentially as a Local
Loop replacement or a no license repeater system. Since the antennas are
directional and spread spectrum would allow simultaneous transmissions over the
same frequency band (with an increase in noise level). INTERESTING
applications and security aspects for a wireless 2 Mbps, 250 Mw power, Spread
Spectrum , Differential Quadrature Phase Shift Keying Modulation (DQPSK)
system...
Joseph E. Jesson, 21414 W. Honey Lane, Lake Villa, IL, 60046
(day) 312-856-3645 (eve) 708-356-6817;
[email protected]
[email protected]
[FORGET ATTMAIL UNTIL THEY GET THEIR ACT TOGETHER.
THEY HAVE BEEN KILLING ME WITH RAMPANT BARFMAIL.
This is an editorial comment based on a month of agony. PGN]
------------------------------
Date: Thu, 27 Feb 92 2:28:10 PST
From:
[email protected] (Karl Swartz)
Subject: overly curious exhibit at Chicago museum
I was back home in Chicago several weeks ago and visited the Museum of
Science and Industry one afternoon. The Post Office sponsored an area
with exhibits on how our mail gets (mis)delivered. One of these was a
computer which would tell you your 9-digit zip code, based on a normal
address screen:
NAME
APARTMENT NUMBER
STREET AND NUMBER
CITY AND STATE
5-DIGIT ZIP CODE
I recently moved and was mildly interested so I gave it a try with my
old (as a check) and new addresses. But right of the top it occurred
to me ... why do they need my name?! They don't, but I'm sure many
folks just blindly type it in. If this data were actually accumulated
by the exhibit (I have no reason to believe it is) one could envision
all sorts of potential uses and abuses.
(I believe the thing got testy if one left the name blank; I used the
"dummy" name Dan Quayle. :-) )
Karl Swartz, 2144 Sand Hill Rd., Menlo Park CA 94025
1-415/854-3409 UUCP uunet!decwrl!ditka!kls
[GOOD FOR YOU! Now just wait for the mailing lists... PGN]
------------------------------
Date: Fri, 28 Feb 92 3:02:13 PST
From:
[email protected] (Karl Swartz)
Subject: Re: overly curious exhibit at Chicago museum (responding to PGN)
<grin> I thought that might catch someone's attention! But I'm not
sure they could get the mail to me -- I recall something a few years
ago where somebody sent a letter to Ronald Reagan in (wherever), CA.
It came back stamped "moved, forwarding address unknown".
Of course I shouldn't pick on government workers too much since as a SLAC
employee I'm one of 'em.
------------------------------
Date: Wed, 26 Feb 92 17:28:43 -0500
From:
[email protected] (Jonathan D Arnold)
Subject: CallerID for PC's
New for PC: $79 Caller ID Device 02/17/92
ROSWELL, GEORGIA, U.S.A., 1992 FEB 17 -- A start-up company announced a
device which lets your PC access callers' numbers using the Caller ID
service, at a price of $79. Whozz Calling? is a box, a few inches
square, which connects to the phone line using standard RJ-11 jacks and
to an IBM-compatible PC through a 9-pin RS-232C port.
Zeus Phonestuff President Mark Sutherland says the device is designed
for applications like inbound call management, mail list creation, and
modem security. When linked to an online system, for instance, the
device can assure that only calls from designated numbers get through.
Software comes bundled with it.
"We intend to go into mail order to see what markets are interested in
the device, then go to distributors. They need a track record before
they pick it up," he said.
Caller ID is becoming available in increasing numbers of states, usually
with a provision that callers be able to block their numbers from going
out, free, on a per-call basis. The Federal Communications Commission
has suggested per-call blocking might become a national policy but a
number of states, including Georgia, do not allow consumers to block the
sending of the number.
Press Contact: Mark Sutherland, Zeus Phonstuff, 404-587-1541
[This announcement was found on RelayNet, an IBM PC store and forward
network.]
Jonathan Arnold, BBS Phone: (617)335-6842 Home Phone: (617)335-5457
Internet:
[email protected] uucp: uunet!world!jdarnold
------------------------------
Date: Fri, 21 Feb 92 16:51 GMT
From: Sanford Sherizen <
[email protected]>
Subject: International Cooperation on Fighting Computer Crime and
Extradition of Computer Criminals
Re: Police Foil Million Pound Hacking Plot (Bob Frankston, PGN)
Bob Frankston and PGN raise some interesting questions about extradition
problems with the recent UK hacking plot. However, that particular case does
not prove that extradition is impossible. Work on improving international
cooperation in fighting computer crime, including extradition of computer
criminals, is developing on the political agreements and cross-border law
enforcement levels.
Several years ago, I developed a project on how crime control problems have
become an important aspect of foreign policy and international agreements. A
few of the more active areas of this trend are fighting drug smuggling,
anti-terrorist coordination, stock market regulation, and riot control/civil
unrest training.
Slowly, computer crime has become part of this international agenda. Many of
the international efforts that affect computer crime are related more to
financial fraud and money laundering efforts. While these efforts may not
explicitly mention computer crime, some attention has been paid to the fact that
much of financial fraud and money laundering today is computer-aided. In
essence, computer crime is covered by many of these "other" crime control
efforts.
Here are some specific examples of this international cooperation.
The European Commission has developed a number of directives and regulations
that relate to computer crime issues in the Single Market Europe. The most
directly related are the various information protection, privacy, copyright and
computer evidence requirements. Some of these have been adopted from the
Council of Europe while other are derived from various EC actions. Computer
crime-related decisions are also found in EC decisions regarding banking, EDI,
and other important industry/sector areas. If anyone is interested in details
on the security aspects of EC '92, they can contact me for my recent article in
_Computers and Security_, which is adapted from my book published by Lafferty
Publications in Dublin in 1990.
International law experts have also been been attempting harmonization of law.
Extradition has been considered. Recognition has been given to a requirement
that offenses shall be punishable under the laws of both the requesting and the
requested country and that the offense in question must be of sufficient
seriousness. Conventions concerning mutual assistance and extradition have been
discussed at the Council of Europe Select Committee of Experts level and the UN
has created the UNCITRAL, which relates to aspects of the problem. ITSEC may
also create opportunities for classified discussions of these problems.
The BCCI case will probably make this international cooperation even more solid.
Even before this case, significant international cooperation had developed
regarding the fight against money laundering. Banks are increasingly being
forced to give information about depositors to their governments and to act as
"quasi-investigators" in responding to suspicious deposits. Even the Swiss
banking system, known for its secrecy, has changed significantly in recent years
in response to highly publicized money laundering cases and international
crooks/political figures. Once again, although not explicit in the legal
language or the media coverage, computer-aided crime is a major issue in these
situations.
As of last year, the U.S. had a number of bilateral agreements between
regulations in markets around the world. U.S. pacts have been signed with the
EC on regulating world financial marketplace as well as securities industry
reviews. An important regional agreement was signed between the U.S. Securities
and Exchange Commission and the Inter-American Development Bank, which could
affect some of the Asian exchanges that are now becoming active in Latin
America. Again, computer crime is not explicitly discussed in these agreements
but they are inherent in the nature of the regulations.
The EC has created the Unite de Coordination de la Luttee Anti-Fraude (UCLAF),
which seeks to coordinate anti-fraud activites within the EC. I do not know
whether there are extradition aspects to this. I got this information from Gary
Marx from MIT, who is working with European criminologists on research
concerning policing across national borders.
Finally, PGN raises the question of possible data havens, where people will be
free to electronically cross borders but be safe from punishment. Adrian R. D.
Norman raised that issue many years ago in his book, "Computer Insecurity" in
1983 Worth reading even today.
Sanford Sherizen, Data Security Systems, Natick, Massachusetts, USA
------------------------------
Date: Fri, 28 Feb 92 01:59:15 CST
From:
[email protected] (Robert Dorsett)
Subject: Re: More on the Airbus A320 (Marchant-Shapiro, RISKS-13.19)
> According to this report, MOST 320 aircraft have an alarm that informs
> the pilot that s/he is flying too low, but France does not require this ...
You're referring to a Ground Proximity Warning System (GPWS). Air Inter did
not have them, because the A320 was only used within France, and, as you say,
French law doesn't require them. The Habsheim crash involved an Air France
airplane, which was used in continental operations; it did have one. The
Bangalore crash, which involved an Indian Airlines airplane, also had one.
GPWS was mandated in the US following the 1972 crash of an Eastern Airlines
L-1011 in the Florida Everglades. The crew was distracted by a minor systems
problem; in the process, the altitude-hold feature of the autopilot was
disengaged. The airplane then very slowly started a descent, and ended up
flying into the ground. Nobody was minding the shop. Following the US
decision to require them, most other countries followed suit.
The GPWS normally works by comparing radio altitude (actual height above
ground), speed, and vertical speed rates. Because of the radio altitude
component, it's only effective after the airplane has been flying under
approximately 2500' for some length of time.
On the A320, there are five distinct modes which are handled by the system,
with corresponding aural alerts:
Excessive rate of descent "Sink Rate" and "Whoop! Whoop! Pull Up!"
Excessive terrain closure "Terrain Terrain. Whoop! Whoop! Pull Up!"
Altitude loss after takeoff "Don't Sink!"
Unsafe terrain clearance "Too Low Gear!" and "Too Low Flaps!"
Descent beneath glide slope "Glide Slope!"
The aural messages are normally taped, but knowing Airbus, they're probably
digitized. :-) A master caution (yellow--not a warning light) also appears.
Most airliners have some variation on the above.
The pilot is able to inhibit the various modes, through four smart switches.
Following the introduction of GPWS after the EAL crash, there were numerous
false warnings, and GPWS got a bum rep among many pilots. The system still has
problems, due to its basic design premise, but the number of false alarms has
dropped significantly, overall. Air Inter has stated that it *removed* its
units because of excessive false warnings, i.e., operational considerations.
Which raises the question that, even if the ill-fated A320 HAD the devices, the
crew might very well have ignored the alert.
As with most crashes, the Air Inter crash was likely the result of a complex
number of factors; no single protection could have "saved" the airplane.
As for Habsheim, the GPWS went off once, during the set-up to the flyover, but
after that, the last few seconds of the approach was beneath the threshold
arming altitude of 30'. Which was also beneath the trees. It wouldn't have
made any difference.
At Bangalore, there were two excessive rates of descent warnings, but the crew
either ignored them, didn't hear them (unlikely, since they're quite loud), or
filtered them out.
A very basic lesson here is that if we're going to mandate these systems, we'd
better make sure their warnings are accurate. To do otherwise is to limit the
effect they may have on pilots, who tend to have more confidence in their
airmanship than with a poorly functioning subsystem. Similar arguments can be
applied to the imperfect T/CAS 2 system, which was mandated following a highly
publicised mid-air collision. Too many wrong warnings can be worse than none
at all.
Robert Dorsett UUCP: ...cs.utexas.edu!rascal.ics.utexas.edu!rdd
------------------------------
Date: Thu, 27 Feb 92 20:07:18 EST
From: Brinton Cooper <
[email protected]>
Subject: Re: The long arm of the law fingers old fingerprint
You write of "A fingerprint found in an unsolved 1984 murder" and which
fingerprint ... matched a new one taken in connection with a petty theft
case..." leading to solution of the murder! This isn't the sort of thing we
usually see in Risks Digest. This time, the risk is "good," as it was a risk
to the bad guys!
_Brint
------------------------------
Date: Thu, 27 Feb 92 18:38:22 PST
From: RISKS Forum (Peter G. Neumann) <
[email protected]>
Subject: Re: The long arm of the law fingers old fingerprint
Brint, You are absolutely correct. I could have added a nice note at the end,
soliciting more HAPPY stories. I used to get a lot of grumbles from folks who
say we never run anything but the bad news. But we don't get much good news
submitted. I had to submit that one myself! Peter
------------------------------
Date: Fri, 28 Feb 1992 03:06:06 GMT
From:
[email protected] (Robert J Woodhead)
Subject: Re: Calculators (RISKS-13.19)
>... Then the examination will necessarily have to be a real test of
> problem-solving ability rather than a test of the candidate's
> ability to regurgitate memorized data.
Alas, this would add the requirement that the teachers be capable of asking
good questions. In all but a few cases, this may be too much to ask. ;^)
Robert J. Woodhead, Biar Games / AnimEigo, Incs.
[email protected]
------------------------------
Date: Thu, 27 Feb 1992 22:58 EDT
From: ESPEN ANDERSEN <
[email protected]>
Subject: Re: Calculator Use During Exams
I was involved in setting up rules for calculators etc. at exams a few years
ago. The problems was: we wanted to permit students to use simple calculators
on exams (as part of "regular exam tools", but did not want to make all exams
open book because of students programming text etc. into small (and ever
getting smaller) computers. At the same time we could not make the rules too
technically oriented: the business school (in Norway) I worked for used
retirees as exam proctors, and technical specificities were beyond their
horizon.
Solution: devices allowed as long as they
- did not require AC
- did not make noise or could output to paper
- could not display more than 80 characters of text or numbers
The philosophy being that if the students really wanted to use devices that
filled these specs on exams to cheat, they were welcome to: they would probably
not derive any substantial benefit from it. (In fact, if a student goes
through all the trouble of programming all the formulas into his HP-whatever,
he (or she) will probably have learned them by heart and would not really need
to have them programmed).
------------------------------
Date: Fri, 28 Feb 1992 03:26:08 PST
From:
[email protected] <
[email protected]>
Subject: Re: Proposal for policy on calculator use during exams (Frankston 13.19)
> ... but that would reduce closed book exams to an abstract
> exercise unrelated to actual practice.
Too late.
------------------------------
Date: Fri, 28 Feb 92 08:45:25 -0500
From: Joe Morris <
[email protected]>
Subject: Re: Calculator Use During Exams
In RISKS 13.19 several postings commented on the issues involved in the
control of hand-held calculators during closed-book exams. The original
posting is Bezenek (RISKS 13.16). Despite the recent interest shown by
the postings, the issue isn't at all new.
My father, who for many years was the head of Tulane University's Physics
department, refused to permit the use of slide rules by students taking exams
for his undergraduate classes. While I don't necessarily agree that such an
absolute ban was necessary, his reasoning was that while the slide rule (if
correctly used...which wasn't a given assumption) could provide the correct
digits in a problem, the user had the responsibility for keeping track of the
decimal point...and since problems in physics involve huge ranges of exponents,
the students would not develop the necessary recognition of "reasonableness"
for the answers if they didn't work out the problems on paper. This is close
to the issues raised by Cooper in RISKS-13.19.
There's been a story floating around so long that it may be urban legend, but
supposedly there was an experiment several years ago in which a class was given
an examination in which hand-held calculators were provided for their use.
Unknown to the students, the calculators were rigged so that some of the
calculations required on the examination would produce answers which were so
far out of line that anyone paying the least attention to the results would
have known that they were wrong. According to the story, only a minuscule
number of the students caught the problem; the others blindly copied down the
impossible results.
(Can anyone provide an authoritative citation for this? It's a good example
even if it can't be verified, but it would be even better if it can be
authenticated.)
Joe Morris
------------------------------
Date: Fri, 28 Feb 92 10:32:11 EST
From:
[email protected]
Subject: Re: Calculator Use During Exams
My mother, a high school mathematics teacher, has a simple solution to the
problem of calculator use during exams -- she maintains lists of the models her
students are and are not allowed to use. At the beginning of the exam, she
walks around the room and erases the memory of the calculators. (Most
calculators have a short sequence of keystrokes which will erase all the
memory.) A calculator which does symbolic integration, of course, is not
allowed on an integration exam. Whenever a manufacturer debuts a new
calculator, she buys or borrows one to evaluate it.
--mark
------------------------------
Date: Mon, 10 Feb 92 14:20:21 PST
From:
[email protected]
Subject: DIAC-92
DIRECTIONS AND IMPLICATIONS OF ADVANCED COMPUTING
DIAC-92 Berkeley, California U.S.A
May 2 - 3, 1992 8:30 AM - 5:30 PM
The DIAC Symposia are biannual explorations of the social implications of
computing. In previous symposia such topics as virtual reality, high tech
weaponry, national priorities, computers and education, affectionate technology,
computing and the disabled, and many others have been highlighted. Our
fourth DIAC Symposium, DIAC-92, will be held this Spring.
The first day will consist of individual presentations and panels on a variety
of issues. The second day will consist of workshops that will be less formal
and more highly interactive. Most of the workshops will be working sessions
where output of some kind will be produced by the participants.
Preliminary topics include:
+ Community and Global Electronic Networks
+ Computing in the 21st Century
+ Social Interactions in the MUD (Multi-User Dimension)
+ Work, Power, and Computers
+ Computing and Education
+ Civil Liberties in an Electronic Age
DIAC-92 will take place in 100 Genetic Plant Biology Building at the University
of California at Berkeley. The GPB Building is in the northwest corner of the
campus.
***************************************************************************
PLEASE NOTE: Workshop Proposals are due March 1, 1992. Please contact Doug
Schuler -
[email protected] for "Call for Workshop Proposals."
***************************************************************************
To attend DIAC-92 send name, address, email address and registration form to:
DIAC-92 Registration, P.O. Box 2648, Sausalito, CA, 94966
Conference Fees:
CPSR Member $40 __
(or AAAI, BCS, ACM SIGCAS, ACM SIGCHI)
Non-member $50 __
New CPSR Membership
(including DIAC Registration) $80 __
Student $25 __
Proceedings Only $20 __
Proceedings Only (foreign) $25 __
Additional Donation __
Contact Doug Schuler, 206-865-3832 (work) or 206-632-1659 (home),
or Internet
[email protected] for additional information.
Sponsored by Computer Professionals for Social Responsibility
P.O. Box 717
Palo Alto, CA 94301
DIAC-92 is co-sponsored by the American Association for Artificial
Intelligence, and the Boston Computer Society Social Impact Group, in
cooperation with ACM SIGCHI and ACM SIGCAS.
------------------------------
End of RISKS-FORUM Digest 13.20
************************
