Subject: RISKS DIGEST 13.67

Subject: RISKS DIGEST 13.67
REPLY-TO: [email protected]

RISKS-LIST: RISKS-FORUM Digest Wednesday 22 July 1992 Volume 13 : Issue 67

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
More identical name confusion (plus Scientific American item) (Mark Bergman)
A computer as a criminal tool (Peter D. Junger)
American Airlines software development woes (Randall Neff)
RISKS of Antilock Braking Systems (David Palmer)
RISKS of BBS ownership (David R. Cohen via Scott Bailey)
The role of expertise in technological advances (Bertrand Meyer)
Telephone wiretapping (E. Kristiansen)
Bellcore threatens 2600 with lawsuit over BLV article (Emmanuel Goldstein)
Re: Export of 40-Digit RSA (Dorothy Denning)
Re: Qantas airliner challenged by US Pacific fleet (Leonard Erickson)
Re: Nuclear reactor control (Rusty Teasdale)
Re: Airbus -- Countering Urban Myths (Bjorn Freeman-Benson)
AVIATION restructuring in progress (Robert Dorsett)

The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to [email protected], with relevant, substantive
"Subject:" line. Others may be ignored! Contributions will not be ACKed.
The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP folks. REQUESTS please to [email protected].

Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 13, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.

For information regarding delivery of RISKS by FAX, phone 310-455-9300
(or send FAX to RISKS at 310-455-2364, or EMail to [email protected]).

ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date: Wed, 22 Jul 92 1:03:51 EDT
From: [email protected] (Mark Bergman)
Subject: More identical name confusion (plus Scientific American article)

Here is another story from the AP wires about health service computers and name
collisions. (There is also an article in this month's Scientific American,
"Achieving Electronic Privacy," by David Chaum, about encryption and smart card
transactions to ensure privacy _and_ verify each side to the transaction.) I
don't feel qualified to comment, but I'd like to hear other people's thoughts.
Mark Bergman 718-855-9148 {cmcl2,psi,uunet,apple}!panix!bergman

Computer Confuses Babies With Same Name, Denies Benefits to One

PENSACOLA, Fla. (AP) - A Pensacola woman says her 5-month-old daughter cannot
get state social service benefits because a computer has her child confused
with a St. Petersburg baby with the same name. The children, both named
Samantha Marie Morris, were born only eight days apart but are linked by a maze
of computer glitches haunting the Florida Department of Health and
Rehabilitative Services. The Pensacola baby isn't getting food stamps or
Medicaid benefits, her mother, Tina Morris, said Monday. "If my daughter had
an emergency, got sick or something, some places might take it, but they
wouldn't pay for it," she said. "I've been real lucky. She hasn't been sick."
The HRS' balky new $104.2 million computer thinks she is the St.
Petersburg Samantha, eligible for the same benefits and listed with the same
Social Security number, the Pensacola mother said. HRS District Administrator
Chelly Schembera said she was unfamiliar with the case. She said the computer
problems that have been affecting the agency across the state exceeded normal
start-up glitches for a new system.
Ms. Morris said she spent two days at the local HRS office trying to
clear up her daughter's problem without success and that her case worker has
been trying since April. The computer problems have caused Ms. Morris and
other HRS clients to wait in long lines. She said she waited 20 minutes
outside under a hot sun to get food stamps last week for the rest of her family
and once in the building was told it would take another hour.
Schembera said the agency is considering lemonade stands, extra chairs,
awnings, baby changing tables and play rooms to help clients bear the long
waits.
One man already has capitalized by setting up a snack stand outside an
HRS building in Pensacola, accepting food stamps as payment. "This guy could
be fairly wealthy by the time the crisis is over," Schembera said.

------------------------------

Date: Tue, 21 Jul 1992 22:19:05 GMT
From: [email protected] (Peter D. Junger)
Subject: A computer as a criminal tool

In the Cleveland Plain Dealer for July 21, 1992 a story appears with a
headline nearly worthy of the National Enquirer.

The headline is: POLICE PULL PLUG ON COMPUTER IN MORALS STING
The byline is: By DEBORAH A. WINSTON, PLAIN DEALER REPORTER
The venue is: MUNROE FALLS

[I've lived in Cleveland for over twenty years and have never heard of
Munroe Falls--that's how small it is. It turns out that it is in Summit
County, Ohio, near Akron.]

The story suggests that there is an especial risk to having
computers in a very small, Midwestern town.
According to the story, the Munroe Falls police received a
complaint that a local electronic bulletin board "containing sexually
explicit material might be accessible to children."
So the police set up a sting operation, using a local 15
year-old boy as their agent. The story goes on to say: "After the
youth was able to hook into the bulletin board, police arrested Mark
Lehrer, 22, owner and operator of Akron Anomaly, a 1,000 member bulletin
board." And the police also seized all of Lehrer's computer--apparently
on the ground that it was "criminal tools."
[From talking to the reporter and Lehrer's lawyer, I found out
that Lehrer was indicted today "of disseminating matter harmful to juveniles
and possession of criminal tools," with the criminal tools being the
computer.]
It seems that Lehrer's bulletin board included some gif files
containing pictures of James Bond and Captain Kirk and subjects like that,
which could be downloaded by subscribers. There were also some gif files that
were supposed to be accessible only by adults over the age of 18. The article
reports, however, that: "when police seized Lehrer's records they found that
even the `clean' files contained images that were not entirely wholesome."
[Lehrer's attorney told me that these were files that had been uploaded to the
bulletin board and had not yet been seen by Lehrer.]
The article then quotes the Munroe Falls Police Chief as saying
of these "not entirely wholesome files": "One was Bugs Bunny eating a
carrot, one was Bart Simpson riding a skateboard and one was called (a
slang term for oral sex), and that was in the clean file." There were
apparently also some pictures of naked women and of "naked women engaging
in sexual acts" that were not in the adult category.
According to the article, the Police Chief also said that "it's
possible that some of the games and movies are being accessed in
violation of copy right laws."
And then there is a final direct quote from the Police Chief: "I'm not
saying it's obscene because I'm not getting into that battle, but it's
certainly not appropriate for kids, especially without parental permission."

Peter D. Junger, Case Western Reserve University Law School, Cleveland, OH
Internet: [email protected] -- Bitnet: JUNGER@CWRU

------------------------------

Date: Wed, 22 Jul 92 09:22:19 PDT
From: [email protected] (Randall Neff)
Subject: American Airlines software development woes

[San Jose Mercury News, Monday, July 20, 1992 Business Monday section p. 9F]

Software nightmare comes alive for airline
American finds the pieces of new reservation system do not fit together

[Dallas Morning News]
DALLAS -- AMR Corp. for decades sliced up competition with its Sabre computer
system for making airline reservations. Last week, the parent of American
Airlines, Inc. said it fell on its sword trying to develop a state-of-the-art,
industry-wide system that could also handle car and hotel reservations.

AMR cut off development of its new Confirm reservation system only weeks after
it was supposed to start taking care of transactions for partners Budget
Rent-A-Car, Hilton Hotels Corp. and Marriott Corp. Suspension of the $125
million, 4-year-old project translated into a $165 million pre-tax charge
against AMR's earnings in the second quarter and fractured the company's
reputation as a pacesetter in travel technology.

"In an area where we arguably are one of the world's leading companies, it's
particularly disappointing to us when we have to recognize a loss of that
magnitude on that kind of activity," said ARM senior vice president and
treasurer Michael J. Durham. The disappointment comes after a series of
technical and management missteps that surprised not only AMR, but the entire
industry. As far back as January, the leaders of Confirm discovered that the
labors of more than 200 programmers, systems analysts and engineers had
apparently been for naught. The main pieces of the massive project --
requiring 47,000 pages to describe -- had been developed separately, by
different methods. When put together, they did not work with each other.

The system was based on twin IBM mainframes that stored the two main pieces of
the reservation system, according to project leaders. One IBM 3090 computer
stored customer records, pricing information, and other "decision support"
data. The other IBM 3090 kept track of available rooms and cars, managing the
actual transaction. But the two pieces were developed on different operating
systems. When the developers attempted to plug the parts together, they could
not. Different "modules" could not pull the information needed from the other
side of the bridge. Response times were slow on other requests.

Not until April did officials begin to "recognize the magnitude of the
situation" and begin to realize that the problems might not be under control.
Warnings of lengthy delays -- as much as two years -- began to surface.
"Somewhere in there, you've got a management problem," said Donald Tatzin,
director of Arthur D. Little's travel consulting practice.

AMR Information Services fired eight senior project members, including team
leader John Mott, saying it had "determined that information about the true
status of the project appears to have been suppressed by certain management
personnel." In late June, Budget and Hilton said they were dropping out.

For the record, AMR said it was not giving up hope of salvaging Confirm,
although a Coopers & Lybrand market study for AMR is believed to cast doubt
on its viability.

------------------------------

Date: Thu, 16 Jul 1992 15:56:53 GMT
From: [email protected] (David Palmer)
Subject: RISKS of Antilock Braking Systems

The 15 July 1992 Washington Post has an article about one side effect of
Antilock Braking Systems (ABS).

Accident investigators typically estimate how fast the various vehicles
involved in a collision were going by looking at the skid marks left behind.
However, with ABS systems, the skid marks are faint, intermittent, and not as
durable as conventional skidmarks. (ABS works by releasing the brakes whenever
the tires start skidding. Therefore, the tires never get a chance to cook a
strip of rubber into the asphalt.)

The skid marks are visible, if you look carefully and get to the
accident site before they've been worn away by rain and other traffic.

Thus, the new technology makes it harder to reconstruct accidents.

The article did, however, quote one investigator as saying (paraphrased
from memory) that he'd rather see faint skid marks for 45 feet than dark
skid marks for 55 feet ending at a wall.

David Palmer, Goddard Space Flight Center/NASA [email protected]

------------------------------

Date: Wed, 22 Jul 1992 06:28:00 PDT
From: Scott Bailey <[email protected]>
Subject: RISKS of BBS ownership (From David R. Cohen, forwarded)

I found this posted in one of the Star Trek newsgroups (!). Looks like
interesting RISKS material to me.

Scott Bailey Xerox Computer Center
[email protected] Webster, NY

X-NEWS: oasis rec.arts.startrek.misc: 1583
Relay-Version: VMS News - V6.0-1 14/11/90 VAX/VMS V5.5; site oasis.xcc.mc.xerox.com
Path: oasis.xcc.mc.xerox.com!rocksanne!rochester!rutgers!cs.utexas.edu!uunet!
zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!usenet.ins.cwru.edu!
cleveland.Freenet.Edu!bx953
Newsgroups: rec.arts.startrek.misc
Subject: Help, please forward this message
From: [email protected] (David R. Cohen)
Date: 21 Jul 92 14:09:03 GMT

I have no idea where this message should be posted, I only know that it
**should** be posted. I'm posting here only because I know this board is
widely read and someone should be able to get this message to the right place.

In [the 21 July 1992] Cleveland Plain Dealer, it was reported that a 22-year
old male got arrested for distributing pornography, and possibly for
contributing to the delinquency of a minor. His "crime" was running a bulletin
board out of his home ... the cops found out that minors were able to get ahold
of pornographic gif files. The arrestee had apparently set things up so that
"adult" files were supposed to be restricted, but either the files weren't
restricted after all, or someone else had "unrestricted" them. The paper
reports that this type of arrest is one of the first of its kind in the state.
The cops used a "cooperative" 15 year old -- after the kid accessed the adult
files, the cops grabbed the alleged criminal.

If any Ohio law enforcement types are reading this, I am an Ohio attorney,
and I think this sucks.

David David R. Cohen or Tracey L. Ridgeway [email protected]

------------------------------

Date: Sun, 19 Jul 92 18:30:08 PDT
From: [email protected] (Bertrand Meyer, Interactive Software Engineering)
Subject: The role of expertise in technological advances

This note is a call for argued opinions about the effect of technological
advances on the value of people's expertise and qualifications. In particular
it would be interesting to hear views about the relative merits of the
following two opposite conjectures:

A. The introduction of a new technology gives the highest advantage to people
who are already the most advanced experts, as they are in the best position
to understand the new developments, and thus will benefit the most from them.
The advances will in face increase the lead that the best people already had
over the others.

B. Introducing a new technology makes it possible for many people to do what
was previously the exclusive specialty of a few experts. So it levels off
the field, putting everyone at the same position.

I can see serious arguments and examples supporting both conjectures. To keep
this note short, I have selected just two widely different examples, one for
each. Only the second is computer-related. (My personal interest in this
discussion is with respect to advances in software engineering, but the problem
is more general.)

A. In his book ``Tristes Tropiques'', the ethnologist Claude Levi-Strauss
recounts how he visited a South American tribe that didn't know writing. He
introduced it to them; writing was immediately put to good use by the tribe's
chief, who could see how the ability to record and retrieve his decisions would
increase his power.

B. It used to be quite hard to get a taxi in Paris. The situation has
considerably improved thanks to the installation by the biggest taxi company of
a computer-based system. This might at first seem to be an argument for A since
this system has (at least temporarily) given the company a big lead over its
competitors, but here is the other side. In a recent stay in Paris in which I
frequently needed taxis to pick me up, I was able almost every time to obtain
one in about five minutes. I once complimented a driver on this efficiency. He
responded by heaping tons of abuse on the system. After a period of
astonishment, I understood the reason for his anger. He has been in the
business for twenty years or so, and knows every street and lane in the city;
he also knows the best itineraries, and where he should and should not be at
each time of day and year to get good business (go to the Gare d'Austerlitz at
certain times, to the airports at certain others and so on). But now the new
system puts every upstart driver, who has just passed his exam and paid for his
license, at the same level as him! You just key in a certain code to indicate
where you are, and get queued for customers' requests in that area. Then when
your turn comes you get the next customer. The computer system apparently also
indicates where the hottest areas are at any time of day. Very little advantage
remains for an experienced professional driver. He was looking with even more
horror to a future (apparently promised) extension of the system, whereby ``the
computer'' would show recommended itineraries!

Please note that the discussion is not about people whose job is simply made
obsolete by the new advances (as craftsmen at the time of the industrial
revolution, or draughtsmen at the time of the introduction of computer-aided
design). Assuming people are experts in a field, and remain in that field, is
new technology a way to increase their lead or should they fear losing their
advantage?

[Please respond directly to Bertrand, who will share the results with us. PGN]

------------------------------

Date: Wed, 22 Jul 92 09:16:03 CET
From: "E. Kristiansen - WMS" <[email protected]>
Subject: Telephone wiretapping [Cross-posted to [email protected]]

NRC Handelsblad, a Dutch newspaper, of 20 July has two articles concerning
telephone wiretapping.

The first article describes several cases of alleged unauthorized wiretaps
performed by PTT Telecon, the Dutch telephone company. The PTT is accused of
establishing wiretaps on telephone lines without the required court order, on
request of the police and legal authorities (district attorney). In one case,
a PTT employee has allegedly passed on information obtained from illegally
bugging a phone line, to a criminal (drug dealer). The employee has been fired.
A PTT spokesperson says that "according to current procedure", the police
cannot request a wiretap directly. The request is to be submitted through the
proper legal channels. From a technical point of view, the article suggests,
without giving much detail, that it is very easy to establish a wiretap, and
that the only control is through procedures, relying on "highly trusted
personnel". Further, it is said that the PTT never performs wiretapping
itself, it only establishes the tap to a line going to the police office. It is
not said that the PTT CANNOT do wiretapping, and I would assume that they can,
e.g. for technical monitoring of line quality.

The other article describes how an on-hook telephone set can be used for
bugging the room in which it is installed. The trick can be performed by
anybody who can gain access, legally or illegally, to any point of the wire
pair connecting the telephone set to the exchange. A high frequency signal is
injected into the line. This signal bypasses the hook switch of the set
(capacitive coupling, I suppose). The microphone modulates the signal
(technical details not given), and the intruder can demodulate, and listen to
the conversation in the room. When this trick was published in the press, PTT
says it will shortly be offering a telephone plug with a built-in capacitor to
short the HF signal. The plug will sell for about Dfl.5 (USD 3). Consumer
organizations urge that the plug should be available free of charge to anybody
asking for it. It is not said whether the trick will work on all current types
of phones, or only on particular brands.
Erling Kristiansen

------------------------------

Date: Wed, 22 Jul 92 09:07:20 -0700
From: Emmanuel Goldstein <[email protected]>
Subject: Bellcore threatens 2600 with lawsuit over Busy Line Verification item

THE FOLLOWING CERTIFIED LETTER HAS BEEN RECEIVED BY 2600 MAGAZINE.
WE WELCOME ANY COMMENTS AND/OR INTERPRETATIONS.

Leonard Charles Suchyta
General Attorney
Intellectual Property Matters

Emanuel [sic] Golstein [sic], Editor
2600 Magazine
P.O. Box 752
Middle Island, New York 11953-0752

Dear Mr. Golstein:

It has come to our attention that you have somehow obtained and published
in the 1991-1992 Winter edition of 2600 Magazine portions of certain
Bellcore proprietary internal documents.

This letter is to formally advise you that, if at any time in the future
you (or your magazine) come into possession of, publish, or otherwise
disclose any Bellcore information or documentation which either (i) you
have any reason to believe is proprietary to Bellcore or has not been
made publicly available by Bellcore or (ii) is marked "proprietary,"
"confidential," "restricted," or with any other legend denoting
Bellcore's proprietary interest therein, Bellcore will vigorously
pursue all legal remedies available to it including, but not limited
to, injunctive relief and monetary damages, against you, your magazine,
and its sources.

We trust that you fully understand Bellcore's position on this matter.

Sincerely,

LCS/sms
[The 2600 article in question will not appear
in RISKS, for the obvious reasons. PGN]

------------------------------

Date: Wed, 22 Jul 92 14:45:34 EDT
From: [email protected] (Dorothy Denning)
Subject: Export of 40-Digit RSA

I talked with Dennis Branstad at NIST and found out that the 40-digit system
approved for export is not the RSA public-key system (PKS) but rather the
systems RC-2 and RC-4 which are single-key systems marketed by RSA Data
Security. These systems can be "married to" a 512-bit RSA PKS used for key
management and the whole package can be exported.
Dorothy Denning

[Dorothy and I had an earlier off-line dialogue on the fact that 40-digit
RSA was child's-play to break. This clarification is very helpful. PGN]

------------------------------

Date: Mon, 20 Jul 1992 04:28:42 GMT
From: [email protected] (Leonard Erickson)
Subject: Re: Qantas airliner challenged by US Pacific fleet (RISKS-13.66)

>The Qantas pilot radioed the Federal Aviation Authority in Los Angeles which
>put him on a frequency to the warship. [Why was this necessary?] The FAA
>resolved the crisis by putting the Qantas flight on a path bypassing the
>Cowpens which was taking part in a military exercise.

It was probably necessary to use such a roundabout means of communication
because the airliner had no idea what frequencies the ship was using, and
likely *couldn't* respond on many of them if it wanted to!

>Elly Brekke, a spokeswoman for the FAA in Los Angeles, confirmed that the
>airliner, following its predetermined flight path, was told it risked risked
>facing hostile action. Ms Brekke said the Qantas flight was "where it should
>have been", and the FAA had not been told that the US Navy was conducting
>manoeuvres that would require any restriction of airspace.

Somebody goofed. My guess is the military *should* have warned the ATC center!

>The Pacific Fleet spokesman said the Cowpens had inadvertently [!] used "an
>international distress frequency" in trying to contact planes taking part in
>the exercise.

The inadvertently part is all too simple. And it has bearing on my comment
above about why the airliner may not have been able to directly contact the
ship.

All those nice agreements about which frequencies are used for what have
a *large* loophole. All governments are allowed to ignore the international
frequency allocations when it comes to *military* use.

Most military gear can tune all sort of civilian (and other) frequencies. And
for peacetime operations, they do have the civilian frequncies set up. Somebody
may have done something as simple as punch the wrong "general frequency"
button!

There are two risks here. First, from the pictures that I've seen of military
radio gear, the "user interface" is lacking in a few areas. Mainly in that the
user has no idea that some of the "channels" are not strictly military.

The second risk is the usual one of what happens when folks that are allowed to
"ignore the standards" get to share the operating environment with folks that
*do* have to follow them...

Leonard Erickson [email protected] [email protected]
CIS: [70465,203] FIDO: 1:105/56 [email protected]

------------------------------

Date: Mon, 20 Jul 92 18:08:28 GMT
From: [email protected] (Rusty)
Subject: Re: Nuclear reactor control (Park, Re: RISKS-13.66)

I suspect that, given the context in which they were mentioned, that
Bill is correct. However, what I first think of when the phrase "magnetic core
systems" comes up in discussions of reactor safety is something rather
different. It is the practice in many PWR reactors to have the cadmium control
rods, which must be withdrawn partly from the reactor core for substantial
fission to take place, lifted vertically up and out of the core by
electromagnets, which are themselves powered by the output of the generators
driven by the reactor. If there is a sudden drop in reactor output for some
reason, the magnets cut out, and the rods drop back into the core. Gravitic
passive safety! However, this does not help at all in cases where the reactor
is running out of control but still producing steam and power, nor will it do
any good if something has happened to prevent the reinsertion of the damper
rods themselves...
Russ Teasdale -- [email protected] -- (Rusty)

------------------------------

Date: Thu, 16 Jul 92 11:00:44 PDT
From: [email protected] (Bjorn Freeman-Benson)
Subject: Countering Urban Myths re: Airbus

In RISKS 13.64, I read these two stories about the A320:
>> #1 A Pan Am Airbus A300 or A310 (I don't remember which) was on final ...
>> #2 Apparently as a safety feature derived from the crash of the ...

And I immediately recalled that the same article was posted to sci.aeronautics
and then immediately countered as a collection of Urban Myths. I'm sorry that
I cannot quote the sci.aeronautics article, but the local news system has
already erased it.

Not a fan of the A320, yet also a crusader against misinformation,
Bjorn N. Freeman-Benson

------------------------------

Date: Tue, 21 Jul 92 18:13:35 CDT
From: [email protected] (Robert Dorsett)
Subject: AVIATION restructuring in progress

Rec.aviation is currently in the request-for-discussion period of a
comprehensive re-organization proposal. A number of proposed sub-groups may
be of interest to RISKS users, including two airliners proposals (in the sci
and rec hierarchies), a safety-group, a generic airplane-group, and others.

The RFD was posted last week; a "survey" of user preferences (which will be
used to shape the final CFV) was posted about the same time. The survey was
re-posted this afternoon.

Copies of both documents are available on rec.aviation, sci.aeronautics, and
rec.travel.air, depending on your news spool. Copies may also be obtained
from me, directly, at [email protected].

Robert Dorsett, Internet: [email protected]
UUCP: ...cs.utexas.edu!rascal.ics.utexas.edu!rdd

------------------------------

End of RISKS-FORUM Digest 13.67
************************